DevFW-CICD/ingress-nginx-helm
12
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
7533 commits 4 branches 217 tags 166 MiB
Commit graph

148 commits

Author SHA1 Message Date
Carlos Tadeu Panato Junior
12fbe9b163
golangci-lint update, ci cleanup, group dependabot updates (#11071) 
* bump golangci-lint to v1.56.x

Signed-off-by: cpanato <ctadeu@gmail.com>

* cleanup empty lines

Signed-off-by: cpanato <ctadeu@gmail.com>

* group dependabot updates

Signed-off-by: cpanato <ctadeu@gmail.com>

* run on job changes as well

Signed-off-by: cpanato <ctadeu@gmail.com>

* remove deprecated checks

Signed-off-by: cpanato <ctadeu@gmail.com>

* fix lints and format

Signed-off-by: cpanato <ctadeu@gmail.com>

---------

Signed-off-by: cpanato <ctadeu@gmail.com>
 2024-03-07 02:39:53 -08:00
Ricardo Katz
9ed0d7f7af
Separate third party NGINX configuration (#10470) 
* Document container separation

* Separate configurations
 2023-11-03 14:46:32 +01:00
Chen Chen
b3060bfbd0
Fix golangci-lint errors (#10196) 
* Fix golangci-lint errors

Signed-off-by: z1cheng <imchench@gmail.com>

* Fix dupl errors

Signed-off-by: z1cheng <imchench@gmail.com>

* Fix comments

Signed-off-by: z1cheng <imchench@gmail.com>

* Fix errcheck lint errors

Signed-off-by: z1cheng <imchench@gmail.com>

* Fix assert in e2e test

Signed-off-by: z1cheng <imchench@gmail.com>

* Not interrupt the waitForPodsReady

Signed-off-by: z1cheng <imchench@gmail.com>

* Replace string with constant

Signed-off-by: z1cheng <imchench@gmail.com>

* Fix comments

Signed-off-by: z1cheng <imchench@gmail.com>

* Revert write file permision

Signed-off-by: z1cheng <imchench@gmail.com>

---------

Signed-off-by: z1cheng <imchench@gmail.com>
 2023-08-31 00:36:48 -07:00
Ricardo Katz
c5f348ea2e
Implement annotation validation (#9673) 
* Add validation to all annotations

* Add annotation validation for fcgi

* Fix reviews and fcgi e2e

* Add flag to disable cross namespace validation

* Add risk, flag for validation, tests

* Add missing formating

* Enable validation by default on tests

* Test validation flag

* remove ajp from list

* Finalize validation changes

* Add validations to CI

* Update helm docs

* Fix code review

* Use a better name for annotation risk
 2023-07-21 20:32:07 -07:00
Chen Chen
d44a8e0045
Fix golang-ci linter errors (#10128) 
* Fix golang-ci linter errors

Signed-off-by: z1cheng <imchench@gmail.com>

* Fix gofmt errors

Signed-off-by: z1cheng <imchench@gmail.com>

* Add nolint comment to defaults.Backend in Configuration

Signed-off-by: z1cheng <imchench@gmail.com>

* Add #nosec comment to rand.New func

Signed-off-by: z1cheng <imchench@gmail.com>

* Fix errcheck warnings

Signed-off-by: z1cheng <imchench@gmail.com>

* Fix gofmt check

Signed-off-by: z1cheng <imchench@gmail.com>

* Fix unit tests and comments

Signed-off-by: z1cheng <imchench@gmail.com>

---------

Signed-off-by: z1cheng <imchench@gmail.com>
 2023-07-03 05:50:52 -07:00
guangwu
114ae77fb7
chore: pkg imported more than once (#10048) 2023-06-11 11:49:47 -07:00
Hervé
d6bba85351
Rework Ginkgo usage (#9522) 
* Rework Ginkgo usage

Currently Ginkgo is launched multiple times with different options to
accomodate various use-cases. In particular, some specs needs to be run
sequentially because non-namespaced objects are created that conflicts
with concurent Helm deployments.
However Ginkgo is able to handle such cases natively, in particular
specs that needs to be run sequentially are supported (Serial spec).

This commit marks the specs that needs to be run sequentially as Serial
specs and runs the whole test suite from a single Ginkgo invocation. As
a result, a single JUnit report is now generated.

Signed-off-by: Hervé Werner <dud225@hotmail.com>

* Fix controller error in test

Error getting ConfigMap "$NAMESPACE/tcp-services": no object matching key "$NAMESPACE/tcp-services" in local store

Signed-off-by: Hervé Werner <dud225@hotmail.com>

* Replace "go get" invocations by "go install"

Executing "go get" changes the go.mod & go.sum files which is not the
case of "go install".

Signed-off-by: Hervé Werner <dud225@hotmail.com>

* Always clean out the Helm deployment

Signed-off-by: Hervé Werner <dud225@hotmail.com>

* Add E2E test to verify that changes to one or more configmap trigger an update

Signed-off-by: Hervé Werner <dud225@hotmail.com>

---------

Signed-off-by: Hervé Werner <dud225@hotmail.com>
 2023-02-16 06:15:39 -08:00
Fish-pro
ac8dd3dd53
sets.String is deprecated: use generic Set instead. new ways: s1 := Set[string]{} s2 := New[string]() (#9589) 
Signed-off-by: Fish-pro <zechun.chen@daocloud.io>
 2023-02-16 06:05:48 -08:00
James Strong
5e85747db7
remove tests and regex path checks (#9626) 
Signed-off-by: James Strong <strong.james.e@gmail.com>
 2023-02-14 12:33:52 -08:00
James Strong
01c9a2bf25
Revert Implement pathType validation (#9511) (#9607) 
Signed-off-by: James Strong <strong.james.e@gmail.com>
 2023-02-12 22:57:29 -08:00
James Strong
7d1c47ab54
Switch logic on path type validation and setting it to false (#9543) 
* update path type validation to be false and update e2e test scripts

Signed-off-by: James Strong <strong.james.e@gmail.com>

* update to make tests clear

Signed-off-by: James Strong <strong.james.e@gmail.com>

* update test params

Signed-off-by: James Strong <strong.james.e@gmail.com>

* Adding else per pr comments

Signed-off-by: James Strong <james.strong@chainguard.dev>

---------

Signed-off-by: James Strong <strong.james.e@gmail.com>
Signed-off-by: James Strong <james.strong@chainguard.dev>
 2023-01-31 17:09:06 -08:00
Ricardo Katz
da98c744b9
Implement pathType validation (#9511) 2023-01-16 23:51:23 -03:00
Marcus Noble
e7bee5308e
added option to disable sync event creation (#8528) 
* added option to disable event creation

Signed-off-by: Marcus Noble <github@marcusnoble.co.uk>

* Re-trigger github workflows

Signed-off-by: Marcus Noble <github@marcusnoble.co.uk>

Signed-off-by: Marcus Noble <github@marcusnoble.co.uk>
 2023-01-09 06:37:31 -08:00
Ricardo Katz
c1413e6079
Validate ingress path fields (#9309) 
* Validate characters in path fields

* Add e2e tests for path validation

* Fix review comments
 2022-11-17 04:24:40 -08:00
Tomas Hulata
490ecffc52
fix svc long name (#9245) 
Signed-off-by: tombokombo <tombo@sysart.tech>

Signed-off-by: tombokombo <tombo@sysart.tech>
 2022-11-05 14:22:15 -07:00
Tomas Hulata
3579ed0487
feat: switch from endpoints to endpointslices (#8890) 
* endpointslices

Signed-off-by: tombokombo <tombo@sysart.tech>

* cleanup

Signed-off-by: tombokombo <tombo@sysart.tech>

* fix rbac

Signed-off-by: tombokombo <tombo@sysart.tech>

* fix comments

Signed-off-by: tombokombo <tombo@sysart.tech>

* cleanup store, add store tests

Signed-off-by: tombokombo <tombo@sysart.tech>

* fix copyright date

Signed-off-by: tombokombo <tombo@sysart.tech>

Signed-off-by: tombokombo <tombo@sysart.tech>
 2022-09-23 12:38:04 -07:00
Ricardo Katz
c86d50ecef
Move APIs to be used by both controller and configurer (#8854) 2022-07-21 17:32:48 -07:00
Ricardo Katz
4c6a7ee158
Decouple shared functions between controllers (#8829) 
* Decouple shared functions between controllers

* Apply suggestions from code review

Co-authored-by: Jintao Zhang <tao12345666333@163.com>

* Fix package names and fmt

Co-authored-by: Jintao Zhang <tao12345666333@163.com>
 2022-07-20 11:53:44 -07:00
Ricardo Katz
89ed571d2a
Implement object deep inspector (#8456) 2022-04-11 07:06:07 -07:00
Elvin Efendi
04035cc1c2
Do not validate ingresses with unknown ingress class in admission webhook endpoint. (#8221) 2022-02-06 12:28:51 -08:00
Ricardo Katz
38c73233f3
Remove deprecated libraries, update other libs, add ci v1.23 (#8118) 2022-01-09 16:29:12 -08:00
gi mbu
a13305185a
generating SHA for CA only certs in backend_ssl.go + comparision of ProxySSL structures in types_equals.go (#8098) 2022-01-09 14:06:00 -03:00
Ricardo Katz
c0814c6f78
Change sanitization message from error to warning (#7963) 
Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>
 2021-11-23 18:25:20 -03:00
James Strong
d4a6ade65f
update default block list,docs, tests (#7942) 
* update default block list,docs, tests

* fix config for admin test

* gofmt

* remove the err return
 2021-11-23 09:06:17 -08:00
zryfish
7203a0b8bd
support watch namespaces matched namespace selector (#7472) 
skip caching namespaces at cluster scope if only watching single namespace

add --watch-namespace-selector in user guide

add e2e test
 2021-11-12 11:46:28 -08:00
Ricardo Katz
67e13bf692
Add option to sanitize annotation inputs (#7874) 
* Add option to sanitize annotation inputs

* Fix e2e tests after string sanitization

* Add proxy_pass and serviceaccount as denied values
 2021-11-12 11:40:30 -08:00
emerson
6499393772
Print warning only instead of error if no permission on ingressclass (#7578) 
* skip ingressclass check if ingressclass is not enabled

* reformat with gofmt
 2021-10-10 12:48:37 -07:00
Ricardo Katz
cda59ccc9c
Add new flag to watch ingressclass by name instead of spec (#7609) 2021-09-10 10:14:01 -07:00
Maxim
af5f40a0eb
Trigger syncIngress on Service addition/deletion #7346 (#7374) 
Normally Ingress sinchronization for Services is triggered when
corresponding Service's Endpoints are added, deleted or modified.
Services of type ExternalName, however, do not have any endpoints
and hence do not trigger Ingress synchronization as only Update
events are being watched. This commit makes sure that Update and
Delete Service events also enqueue a syncIngress task.
 2021-09-07 10:47:16 -07:00
Ricardo Katz
90c79689c4
Release v1 (#7470) 
* Drop v1beta1 from ingress nginx (#7156)

* Drop v1beta1 from ingress nginx

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* Fix intorstr logic in controller

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* fixing admission

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* more intorstr fixing

* correct template rendering

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* Fix e2e tests for v1 api

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* Fix gofmt errors

* This is finally working...almost there...

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* Re-add removed validation of AdmissionReview

* Prepare for v1.0.0-alpha.1 release

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* Update changelog and matrix table for v1.0.0-alpha.1 (#7274)

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* add docs for syslog feature (#7219)

* Fix link to e2e-tests.md in developer-guide (#7201)

* Use ENV expansion for namespace in args (#7146)

Update the DaemonSet namespace references to use the `POD_NAMESPACE` environment variable in the same way that the Deployment does.

* chart: using Helm builtin capabilities check (#7190)

Signed-off-by: Jintao Zhang <zhangjintao9020@gmail.com>

* Update proper default value for HTTP2MaxConcurrentStreams in Docs (#6944)

It should be 128 as documented in https://github.com/kubernetes/ingress-nginx/blob/master/internal/ingress/controller/config/config.go#L780

* Fix MaxWorkerOpenFiles calculation on high cores nodes (#7107)

* Fix MaxWorkerOpenFiles calculation on high cores nodes

* Add e2e test for rlimit_nofile

* Fix doc for max-worker-open-files

* ingress/tcp: add additional error logging on failed (#7208)

* Add file containing stable release (#7313)

* Handle named (non-numeric) ports correctly (#7311)

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

* Updated v1beta1 to v1 as its deprecated (#7308)

* remove mercurial from build (#7031)

* Retry to download maxmind DB if it fails (#7242)

* Retry to download maxmind DB if it fails.

Signed-off-by: Sergey Shakuto <sshakuto@infoblox.com>

* Add retries count arg, move retry logic into DownloadGeoLite2DB function

Signed-off-by: Sergey Shakuto <sshakuto@infoblox.com>

* Reorder parameters in DownloadGeoLite2DB

Signed-off-by: Sergey Shakuto <sshakuto@infoblox.com>

* Remove hardcoded value

Signed-off-by: Sergey Shakuto <sshakuto@infoblox.com>

* Release v1.0.0-alpha.1

* Add changelog for v1.0.0-alpha.2

* controller: ignore non-service backends (#7332)

* controller: ignore non-service backends

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

* update per feedback

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

* fix: allow scope/tcp/udp configmap namespace to altered (#7161)

* Lower webhook timeout for digital ocean (#7319)

* Lower webhook timeout for digital ocean

* Set Digital Ocean value controller.admissionWebhooks.timeoutSeconds to 29

* update OWNERS and aliases files (#7365) (#7366)

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

* Downgrade Lua modules for s390x (#7355)

Downgrade Lua modules to last known working version.

* Fix IngressClass logic for newer releases (#7341)

* Fix IngressClass logic for newer releases

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* Change e2e tests for the new IngressClass presence

* Fix chart and admission tests

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* Fix helm chart test

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* Fix reviews

* Remove ingressclass code from admission

* update tag to v1.0.0-beta.1

* update readme and changelog for v1.0.0-beta.1

* Release v1.0.0-beta.1 - helm and manifests (#7422)

* Change the order of annotation just to trigger a new helm release (#7425)

* [cherry-pick] Add dev-v1 branch into helm releaser (#7428)

* Add dev-v1 branch into helm releaser (#7424)

* chore: add link for artifacthub.io/prerelease annotations

Signed-off-by: Jintao Zhang <zhangjintao9020@gmail.com>

Co-authored-by: Ricardo Katz <rikatz@users.noreply.github.com>

* k8s job ci pipeline for dev-v1 br v1.22.0 (#7453)

* k8s job ci pipeline for dev-v1 br v1.22.0

Signed-off-by: Neha Lohia <nehapithadiya444@gmail.com>

* k8s job ci pipeline for dev-v1 br v1.21.2

Signed-off-by: Neha Lohia <nehapithadiya444@gmail.com>

* remove v1.21.1 version

Signed-off-by: Neha Lohia <nehapithadiya444@gmail.com>

* Add controller.watchIngressWithoutClass config option (#7459)

Signed-off-by: Akshit Grover <akshit.grover2016@gmail.com>

* Release new helm chart with certgen fixed (#7478)

* Update go version, modules and remove ioutil

* Release new helm chart with certgen fixed

* changed appversion, chartversion, TAG, image (#7490)

* Fix CI conflict

* Fix CI conflict

* Fix build.sh from rebase process

* Fix controller_test post rebase

Co-authored-by: Tianhao Guo <rggth09@gmail.com>
Co-authored-by: Ray <61553+rctay@users.noreply.github.com>
Co-authored-by: Bill Cassidy <cassid4@gmail.com>
Co-authored-by: Jintao Zhang <tao12345666333@163.com>
Co-authored-by: Sathish Ramani <rsathishx87@gmail.com>
Co-authored-by: Mansur Marvanov <nanorobocop@gmail.com>
Co-authored-by: Matt1360 <568198+Matt1360@users.noreply.github.com>
Co-authored-by: Carlos Tadeu Panato Junior <ctadeu@gmail.com>
Co-authored-by: Kundan Kumar <kundan.kumar@india.nec.com>
Co-authored-by: Tom Hayward <thayward@infoblox.com>
Co-authored-by: Sergey Shakuto <sshakuto@infoblox.com>
Co-authored-by: Tore <tore.lonoy@gmail.com>
Co-authored-by: Bouke Versteegh <info@boukeversteegh.nl>
Co-authored-by: Shahid <shahid@us.ibm.com>
Co-authored-by: James Strong <strong.james.e@gmail.com>
Co-authored-by: Long Wu Yuan <longwuyuan@gmail.com>
Co-authored-by: Jintao Zhang <zhangjintao9020@gmail.com>
Co-authored-by: Neha Lohia <nehapithadiya444@gmail.com>
Co-authored-by: Akshit Grover <akshit.grover2016@gmail.com>
 2021-08-21 13:42:00 -07:00
Ricardo Katz
d226d831bd Update go version, modules and remove ioutil 2021-08-06 14:15:21 -03:00
Shuhei Kitagawa
a20f27ff7d
Add missing tests for store/endpoint (#7039) 2021-07-16 06:06:09 -07:00
Mahnoor Mehboob
2503b23b09 Alter e2e test for disable_catch_all.go 2021-04-22 12:01:41 -04:00
Mahnoor Mehboob
cc4d5f2283 update catch-all ingress requirement logic 2021-04-21 17:49:58 -04:00
anthonyho007
4ddb0c724a fix crl not reload when crl got updated in the ca secret 2021-03-31 16:13:07 -04:00
Manuel Alejandro de Brito Fontes
d9af197e62
Remove dead code 2020-12-27 22:26:51 -03:00
Manuel Alejandro de Brito Fontes
f49d2fdb3b Improve class.IsValid logs 2020-11-09 11:01:03 -03:00
Manuel Alejandro de Brito Fontes
4d65097afa Improve log messages 2020-10-26 17:14:36 -03:00
Manuel Alejandro de Brito Fontes
703c2d6f8e Enable validation of ingress definitions from extensions package 2020-10-26 10:50:44 -03:00
Sylvain Rabot
ca7db0e330
Filter out secrets that belong to Helm 
Signed-off-by: Sylvain Rabot <sylvain@abstraction.fr>
 2020-10-13 17:45:26 +02:00
Manuel Alejandro de Brito Fontes
108637bb1c Migrate to structured logging (klog) 2020-09-27 18:59:57 -03:00
Manuel Alejandro de Brito Fontes
a767b1d906 Cleanup 2020-09-27 17:16:09 -03:00
Manuel Alejandro de Brito Fontes
29ea30a4e8 Add events for NGINX reloads 2020-09-27 17:16:09 -03:00
Manuel Alejandro de Brito Fontes
7722fa38aa Add admission controller e2e test 2020-09-26 16:06:58 -03:00
Manuel Alejandro de Brito Fontes
b1f0d28634 Require Kubernetes v1.14 or higher and deprecate extensions 2020-09-02 10:00:16 -04:00
Manuel Alejandro de Brito Fontes
cb86c5698c Migrate to klog v2 2020-08-08 21:01:03 -04:00
Sylvain Rabot
c9cb3dd626
Filter out objects that belong to Helm 
Signed-off-by: Sylvain Rabot <sylvain@abstraction.fr>
 2020-06-11 19:18:56 +02:00
Manuel Alejandro de Brito Fontes
a8c7ec6cfb Changes on services must trigger a sync event 2020-04-29 13:37:39 -04:00
Manuel Alejandro de Brito Fontes
af910a16d4 Refactor ingress validation in webhook 2020-04-28 18:35:03 -04:00
Manuel Alejandro de Brito Fontes
dbaefc8ee9 Ensure webhook validation ingress has a PathTypePrefix 2020-04-27 10:37:26 -04:00