k8s-infra-cherrypick-robot
8d859f95e9
Auth TLS: Add _ to redirect RegEx. ( #12328 )
...
Co-authored-by: Marco Ebert <marco_ebert@icloud.com>
2024-11-08 06:26:44 +00:00
k8s-infra-cherrypick-robot
2ed891b4b2
Auth TLS: Improve redirect RegEx. ( #12321 )
...
Co-authored-by: James Strong <strong.james.e@gmail.com>
2024-11-07 07:05:30 +00:00
Marco Ebert
d06029e3c5
Fix minor typos ( #11940 )
...
Co-authored-by: Nathan Baulch <nathan.baulch@gmail.com>
2024-09-06 23:19:46 +02:00
k8s-infra-cherrypick-robot
fc00ca8cfa
Annotations: Allow commas in URLs. ( #11886 )
...
Signed-off-by: James Strong <strong.james.e@gmail.com>
Co-authored-by: James Strong <strong.james.e@gmail.com>
2024-08-27 00:01:36 +01:00
Marco Ebert
0486f013fe
Auto-generate annotation docs ( #11835 )
...
Co-authored-by: Ricardo Katz <rikatz@users.noreply.github.com>
2024-08-21 09:38:34 +02:00
k8s-infra-cherrypick-robot
a0ca791929
Missing anchors in regular expression. ( #11718 )
...
Co-authored-by: André Storfjord Kristiansen <33384479+dev-bio@users.noreply.github.com>
2024-08-02 01:36:46 -07:00
k8s-infra-cherrypick-robot
9ed5485745
Docs: Clarify from-to-www redirect direction. ( #11692 )
...
* docs: Clarify from-to-www redirect direction.
This was not clear to me when reading the docs whether the ingress will
redirect from non-www to with-www or the reverse. It's also not very
clear from just grepping around the codebase. I found the answer by
reading from this reddit link:
https://www.reddit.com/r/kubernetes/comments/pbl033/k8s_ingress_redirecting_www_to_nonwww_domains/
So, to save time for other people doing the same, which I assumes is a
lot of people since it's a common scenario, this little revision in the
docs is warranted.
* Docs: Implement suggestion.
---------
Co-authored-by: Chakrit Wichian <service@chakrit.net>
Co-authored-by: Marco Ebert <marco_ebert@icloud.com>
2024-07-29 02:55:09 -07:00
k8s-infra-cherrypick-robot
88494aa11d
fix: Ensure changes in MatchCN annotation are detected ( #11528 )
...
Co-authored-by: Wouter Dullaert <wouter.dullaert@exoscale.ch>
2024-07-02 01:03:58 -07:00
k8s-infra-cherrypick-robot
b7f6f93334
removed tlsv1 & tlsv1.1 ( #11408 )
...
Co-authored-by: longwuyuan <longwuyuan@gmail.com>
2024-06-02 11:52:07 -07:00
cuiyourong
a4e5daebec
Fix function name in comment
...
Signed-off-by: cuiyourong <cuiyourong@gmail.com>
2024-04-23 11:28:01 +00:00
Marco Ebert
8d3d4a33bf
Chores: Pick patches from main. ( #11103 )
...
* Release version v1.10.0
* set deploy url to v1-10-0 in docs
* quotes around numbers fort ports definitions
* Bump dorny/paths-filter from 3.0.1 to 3.0.2
Bumps [dorny/paths-filter](https://github.com/dorny/paths-filter ) from 3.0.1 to 3.0.2.
- [Release notes](https://github.com/dorny/paths-filter/releases )
- [Changelog](https://github.com/dorny/paths-filter/blob/master/CHANGELOG.md )
- [Commits](ebc4d7e9eb...de90cc6fb3https://github.com/aquasecurity/trivy-action ) from 0.17.0 to 0.18.0.
- [Release notes](https://github.com/aquasecurity/trivy-action/releases )
- [Commits](84384bd6e7...062f259268https://github.com/github/codeql-action ) from 3.24.5 to 3.24.6.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](47b3d888fe...8a470fddafhttps://github.com/prometheus/common ) from 0.48.0 to 0.49.0.
- [Release notes](https://github.com/prometheus/common/releases )
- [Commits](https://github.com/prometheus/common/compare/v0.48.0...v0.49.0 )
---
updated-dependencies:
- dependency-name: github.com/prometheus/common
dependency-type: direct:production
update-type: version-update:semver-minor
...
* Bump docker/setup-buildx-action from 3.0.0 to 3.1.0
Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action ) from 3.0.0 to 3.1.0.
- [Release notes](https://github.com/docker/setup-buildx-action/releases )
- [Commits](f95db51fdd...0d103c3126https://github.com/stretchr/testify ) from 1.8.4 to 1.9.0.
- [Release notes](https://github.com/stretchr/testify/releases )
- [Commits](https://github.com/stretchr/testify/compare/v1.8.4...v1.9.0 )
---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
dependency-type: direct:production
update-type: version-update:semver-minor
...
* Bump actions/download-artifact from 4.1.2 to 4.1.4
Bumps [actions/download-artifact](https://github.com/actions/download-artifact ) from 4.1.2 to 4.1.4.
- [Release notes](https://github.com/actions/download-artifact/releases )
- [Commits](eaceaf801f...c850b930e6https://github.com/prometheus/common ) from 0.49.0 to 0.50.0.
- [Release notes](https://github.com/prometheus/common/releases )
- [Commits](https://github.com/prometheus/common/compare/v0.49.0...v0.50.0 )
---
updated-dependencies:
- dependency-name: github.com/prometheus/common
dependency-type: direct:production
update-type: version-update:semver-minor
...
* Bump the all group with 1 update
Bumps the all group with 1 update: [google.golang.org/grpc](https://github.com/grpc/grpc-go ).
Updates `google.golang.org/grpc` from 1.62.0 to 1.62.1
- [Release notes](https://github.com/grpc/grpc-go/releases )
- [Commits](https://github.com/grpc/grpc-go/compare/v1.62.0...v1.62.1 )
---
updated-dependencies:
- dependency-name: google.golang.org/grpc
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: all
...
* Bump the all group with 1 update
Bumps the all group with 1 update: [actions/add-to-project](https://github.com/actions/add-to-project ).
Updates `actions/add-to-project` from 0.5.0 to 0.6.0
- [Release notes](https://github.com/actions/add-to-project/releases )
- [Commits](31b3f3ccdc...0609a2702ehttps://github.com/onsi/ginkgo ) from 2.15.0 to 2.16.0.
- [Release notes](https://github.com/onsi/ginkgo/releases )
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md )
- [Commits](https://github.com/onsi/ginkgo/compare/v2.15.0...v2.16.0 )
---
updated-dependencies:
- dependency-name: github.com/onsi/ginkgo/v2
dependency-type: direct:production
update-type: version-update:semver-minor
...
---------
Co-authored-by: Ricardo Katz <rikatz@users.noreply.github.com>
Co-authored-by: longwuyuan <longwuyuan@gmail.com>
Co-authored-by: Bartosz Fenski <fenio@debian.org>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: James Strong <strong.james.e@gmail.com>
Co-authored-by: Grinish <grinish@gmail.com>
Co-authored-by: Carlos Tadeu Panato Junior <ctadeu@gmail.com>
2024-03-11 14:30:46 -07:00
Ricardo Katz
fa0bf81984
Bump go libraries ( #11023 )
...
* Bump go libraries
* Fix update codegen execution
* Fix errors on klog
* Fix gzip test
* Bump libraries on webhook certgen
* Fix webhook-certgen compilation
2024-02-27 09:52:42 -08:00
kbweave
1bc745619d
Include SECLEVEL and STRENGTH as part of ssl-cipher list validation ( #10754 )
2024-01-05 15:50:34 +01:00
Philipp Sauter
05d68a1512
annotation validation: validate regex in common name annotation ( #10657 )
...
* fix common name validation
* add tests
2024-01-04 15:56:57 +01:00
James Strong
6807537a70
upgrade go 1.21.5 ( #10732 )
...
* upgrade go 1.21.5
Signed-off-by: James Strong <strong.james.e@gmail.com>
* update golang gha
Signed-off-by: James Strong <strong.james.e@gmail.com>
* supgrade golang lint ci to v1.55.2
* sfix all golang lint ci errors
* sget a nginx build as well
* srevert some e2e changes
* srevert some e2e changes
---------
Signed-off-by: James Strong <strong.james.e@gmail.com>
2023-12-08 01:52:14 +01:00
chriss-de
ad406b64d8
Add override for proxy_intercept_errors when using Custom HTTP Errors ( #9497 )
...
* added proxy-intercept-errors config option
* fixed error when comparing locations
* fixed missing location config from annotation
added e2e test
* reversed logic for proxy-intercept-errors to disable-proxy-intercept-errors
* reversed logic to disable-proxy-intercept-errors
* reversed logic
* default has to be false
* put comment in same line as return
* run gofmt
* fixing wrong Boilerplate header
* updated code to new IngressAnnotation interface
* fixes to satisfy PR comments
* synced with upstream; fixed typo
* gofumpt disableproxyintercepterrors.go
* gofumpt
2023-11-17 05:43:54 +01:00
Filip Havlíček
e0446d7554
annotation validation - extended URLWithNginxVariableRegex from alphaNumericChars to extendedAlphaNumeric ( #10652 )
2023-11-15 17:40:00 +01:00
Ardika Bagus S
da51393cac
fix(cors): ensure trailing comma treated as empty value to be ignored ( #10616 )
...
* fix(cors): ensure trailing comma treated as empty value to be ignored
Signed-off-by: Ardika Bagus <me@ardikabs.com>
* test(cors): add e2e test
Signed-off-by: Ardika Bagus <me@ardikabs.com>
---------
Signed-off-by: Ardika Bagus <me@ardikabs.com>
2023-11-07 19:02:48 +01:00
Ricardo Katz
30820a5acc
Deprecate opentracing ( #10615 )
2023-11-05 01:58:35 +01:00
Simon Wessel
13d95d026a
fix: adjust unfulfillable validation check for session-cookie-samesite annotation ( #10600 )
2023-11-01 23:09:00 +01:00
Matt Dainty
9cdd51d5dc
fix: Validate x-forwarded-prefix annotation with RegexPathWithCapture ( #10598 )
2023-11-01 23:08:51 +01:00
Ricardo Katz
a879829408
Fix fcgi configmap value parsing ( #10528 )
2023-10-17 01:10:16 +02:00
Ricardo Katz
8b53cabe03
Bump curl and Go version ( #10503 )
...
* Bump curl and Go version
* Add NGINX BAse image scanning
* Try again
2023-10-11 16:16:11 +02:00
Ricardo Katz
cf889c6c47
Disable user snippets per default ( #10393 )
...
* Disable user snippets per default
* Enable snippet on tests
2023-09-10 20:02:10 -07:00
Chen Chen
b3060bfbd0
Fix golangci-lint errors ( #10196 )
...
* Fix golangci-lint errors
Signed-off-by: z1cheng <imchench@gmail.com>
* Fix dupl errors
Signed-off-by: z1cheng <imchench@gmail.com>
* Fix comments
Signed-off-by: z1cheng <imchench@gmail.com>
* Fix errcheck lint errors
Signed-off-by: z1cheng <imchench@gmail.com>
* Fix assert in e2e test
Signed-off-by: z1cheng <imchench@gmail.com>
* Not interrupt the waitForPodsReady
Signed-off-by: z1cheng <imchench@gmail.com>
* Replace string with constant
Signed-off-by: z1cheng <imchench@gmail.com>
* Fix comments
Signed-off-by: z1cheng <imchench@gmail.com>
* Revert write file permision
Signed-off-by: z1cheng <imchench@gmail.com>
---------
Signed-off-by: z1cheng <imchench@gmail.com>
2023-08-31 00:36:48 -07:00
Gabor Lekeny
5d8185c9d7
Handle request_id variable correctly in auth requests ( #9219 )
...
* Handle $request_id variable correctly in auth requests
* Make share_all_vars configurable
* Fix test name
2023-08-07 06:16:32 -07:00
Ricardo Katz
c5f348ea2e
Implement annotation validation ( #9673 )
...
* Add validation to all annotations
* Add annotation validation for fcgi
* Fix reviews and fcgi e2e
* Add flag to disable cross namespace validation
* Add risk, flag for validation, tests
* Add missing formating
* Enable validation by default on tests
* Test validation flag
* remove ajp from list
* Finalize validation changes
* Add validations to CI
* Update helm docs
* Fix code review
* Use a better name for annotation risk
2023-07-21 20:32:07 -07:00
Ricardo Katz
ebb6314494
Deprecate and remove AJP support ( #10158 )
2023-07-02 02:26:49 -07:00
Jintao Zhang
cccba35005
Revert "Remove fastcgi feature" ( #10081 )
...
* Revert "Remove fastcgi feature (#9864 )"
This reverts commit 90ed0ccdbe
2023-06-13 12:55:59 -07:00
Ricardo Katz
90ed0ccdbe
Remove fastcgi feature ( #9864 )
2023-06-11 13:33:47 -07:00
Gerald Pape
db49b9da6f
Fix mirror-target values without path separator and port ( #9889 )
...
* Remove variables with $ before feeding into url.Parse
Signed-off-by: Gerald Pape <gerald@giantswarm.io>
* Do not render invalid request mirroring config
Signed-off-by: Gerald Pape <gerald@giantswarm.io>
* Remove additional note from docs again
Signed-off-by: Gerald Pape <gerald@giantswarm.io>
* Include quotes in e2e test for mirror proxy_pass
---------
Signed-off-by: Gerald Pape <gerald@giantswarm.io>
2023-06-11 11:59:47 -07:00
Eng Zer Jun
d02ba28b96
perf: avoid unnecessary byte/string conversion ( #10012 )
...
We can use alternative functions to avoid unnecessary byte/string
conversion calls and reduce allocations.
Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
2023-06-01 07:29:47 -07:00
Ricardo Katz
11419a6837
Fastcgi configmap should be on the same namespace of ingress ( #9863 )
2023-04-16 17:32:43 -07:00
Ricardo Katz
297036e169
Deprecate and remove influxdb feature ( #9861 )
2023-04-16 17:26:43 -07:00
Ricardo Katz
6778c3ec44
Remove deprecated annotation secure-upstream ( #9862 )
2023-04-16 17:22:43 -07:00
Ehsan Saei
c8cb9167d3
feat: OpenTelemetry module integration ( #9062 )
...
* OpenTelemetry module integration
* e2e test
* e2e test fix
* default OpentelemetryConfig
* e2e values
* mount otel module for otel test only
* propagate IS_CHROOT
* propagate IS_CHROOT e2e test
* code doc
* comments
* golint
* opentelemetry doc
* zipkin
* zipkin
* typo
* update e2e test OpenTelemetry value
* use opentelemetry value
* revert merge conflict
* fix
* format
* review comments
* clean
2023-03-22 11:58:22 -07:00
Phil Nichol
8ed3a27e25
Adding ipdenylist annotation ( #8795 )
...
* feat: Add support for IP Deny List
* fixed gomod
* Update package
* go mod tidy
* Revert "go mod tidy"
This reverts commit e6a837e1e7
2023-01-08 14:43:28 -08:00
Ricardo Katz
3916f7b8b7
move tests to gh actions ( #9461 )
2022-12-29 14:09:29 -08:00
Kir Shatrov
84614b99c3
Implement parseFloat for annotations ( #9195 )
2022-10-20 12:57:25 -07:00
Matthias Neugebauer
26fe69cb47
Add annotation for setting sticky cookie domain ( #9088 )
...
This adds the new annotation `nginx.ingress.kubernetes.io/session-cookie-domain`
for setting the cookie `Domain` attribute of the sticky cookie.
Signed-off-by: Matthias Neugebauer <mtneug@mailbox.org>
Signed-off-by: Matthias Neugebauer <mtneug@mailbox.org>
2022-09-28 07:28:37 -07:00
Ricardo Pchevuzinske Katz
7304086202
Move util to specific package location
2022-07-21 18:06:55 -03:00
Ricardo Katz
4c6a7ee158
Decouple shared functions between controllers ( #8829 )
...
* Decouple shared functions between controllers
* Apply suggestions from code review
Co-authored-by: Jintao Zhang <tao12345666333@163.com>
* Fix package names and fmt
Co-authored-by: Jintao Zhang <tao12345666333@163.com>
2022-07-20 11:53:44 -07:00
Renan Gonçalves
869e18b264
Avoid race conditions by copying the list before sorting ( #8573 )
...
When creating several ingresses at the same time a race condition can
happen by modifying a variable deep in another object. When this race
condition is triggered the generated nginx configuration is broken:
```
nginx: [emerg] invalid parameter "8.8.8.8/32,8" in /tmp/nginx-cfg4027854160:671
nginx: configuration file /tmp/nginx-cfg4027854160 test failed
```
Once it happens, the controller won't ever be able to generate the
configuration again. Thus the only option is to restart the process.
There is not really a good way to reproduce this issue. It happens quite
sporadically every 2 or 3 days. However, after this fix has been
applied, we haven't seen it happen after about 4 weeks.
Co-authored-by: Ruud van der Weijde <ruudvanderweijde@gmail.com>
2022-05-23 05:50:03 -07:00
Maksim Nabokikh
2c27e66cc7
feat: always set auth cookie ( #8213 )
...
* feat: always set auth cookie
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
* feat: Add annotation to always set auth cookie
* Add annotation
* Add global configmap key
* Provide unit tests and e2e tests
* Fix e2e documentation autogen script
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
* Regenerate e2e tests
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
2022-05-19 15:27:53 -07:00
serge-r
730b7408ca
Add header Host into mirror annotations ( #8178 )
2022-05-07 17:39:17 -07:00
kszafran
3230638160
Update default allowed CORS headers ( #8459 )
...
X-CustomHeader looks more like an example than a header we would want to
accept in production. Added Range as a useful header that enables
operations on resources that can be fetched in chunks.
2022-05-04 05:11:51 -07:00
Chris Shino
f9372aa495
added new auth-tls-match-cn annotation ( #8434 )
...
* added new auth-tls-match-cn annotation
* added few more tests
2022-04-15 12:59:10 -07:00
Gabor Lekeny
83ce21b4dd
Add keepalive support for auth requests ( #8219 )
...
* Add keepalive support for auth requests
* Fix typo
* Address PR comments
* Log warning when auth-url contains variable in its host:port
* Generate upstream name without replacing dots to underscores in server name
* Add comment in the nginx template when the keepalive upstream block is referenced
* Workaround for auth_request module ignores keepalive in upstream block
* The `auth_request` module does not support HTTP keepalives in upstream block:
https://trac.nginx.org/nginx/ticket/1579
* As a workaround we use ngx.location.capture but unfortunately it does not
support HTTP/2 so `use-http2` configuration parameter is needed.
* Handle PR comments
* Address PR comments
* Handle invalid values for int parameters
* Handle PR comments
* Fix e2e test
2022-04-08 20:22:04 -07:00
Maksim Nabokikh
1e2ce80846
fix: deny locations with invalid auth-url annotation ( #8256 )
...
* fix: deny locations with invalid auth-url annotation
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
* Delete duplicate test
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
2022-03-01 02:13:51 -08:00
Aibek
5754eb60f4
Append elements on match, instead of removing for cors-annotations ( #8185 )
...
* fixes https://github.com/kubernetes/ingress-nginx/issues/8168 by appending elements on match, instead of removing
* refactor the corsOriginRegex comparison, and initialize CorsAllowOrigin
2022-02-13 10:39:47 -08:00
