DevFW-CICD/ingress-nginx-helm
12
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
4592 commits 4 branches 217 tags 166 MiB
Commit graph

447 commits

Author SHA1 Message Date
Manuel Alejandro de Brito Fontes
6c92c80073 Fix sticky session for ingress without host 2020-01-02 16:52:49 -03:00
Manuel Alejandro de Brito Fontes
a0523c3c8a
Use a named location for authSignURL (#4859) 2019-12-24 22:50:25 -03:00
Elvin Efendi
54918c0ff2 fix duplicate hsts bug 2019-12-12 13:49:13 -05:00
MMeent
75e8d37d71
Fix issue in logic of modsec template 
according to go templates: `(and ((not false) false))` == `true`

the only way to remove the owasp rules from every location is to disable modsec on that location, or to enable owasp globally, both not-so-great choices.

This commit fixes the logic issue by fixing the and-clause in the if-statement. As a result this reduces global resource usages when modsecurity is configured globally, but not on every location.
 2019-11-28 14:56:41 +01:00
Kubernetes Prow Robot
a85d5ed93a
Merge pull request #4779 from aledbf/update-image 
Remove lua-resty-waf feature
 2019-11-27 11:45:05 -08:00
Kubernetes Prow Robot
b286c2a336
Merge pull request #4732 from willthames/enable-opentracing-annotation 
Allow enabling/disabling opentracing for ingresses
 2019-11-26 17:31:21 -08:00
Will Thames
0ae463a5f3 Provide annotation to control opentracing 
By default you might want opentracing off, but on for a particular
ingress.

Similarly, you might want opentracing globally on, but disabled for
a specific endpoint. To achieve this, `opentracing_propagate_context`
cannot be set when combined with `opentracing off`

A new annotation, `enable-opentracing` allows more fine grained control
of opentracing for specific ingresses.
 2019-11-27 11:07:26 +10:00
Manuel Alejandro de Brito Fontes
61d902db14 Remove Lua resty waf feature 2019-11-26 10:37:43 -03:00
Kubernetes Prow Robot
62518b60b4
Merge pull request #4689 from janosi/upstream_ssl 
Server-only authentication of backends and per-location SSL config
 2019-11-18 19:49:43 -08:00
Kubernetes Prow Robot
0d244e1c41
Merge pull request #4730 from stamm/master 
add configuration for http2_max_concurrent_streams
 2019-11-08 07:12:29 -08:00
Rustam Zagirov
d9cfad1894 add configuration for http2_max_concurrent_streams 2019-10-31 15:13:38 +03:00
Laszlo Janosi
cc84bd4ab6 Server level proxy_ssl parameters are applied again, following the comments received. 
Also writing tls.crt and tls.key to disk is according to the original code.
 2019-10-26 20:20:18 +02:00
Laszlo Janosi
31227d61c2 Removing secure-verify-ca-secret support and writing an error log if that annotation is used in an Ingress definition 2019-10-18 10:58:57 +02:00
Laszlo Janosi
37fe9c9876 Enabling per-location proxy-ssl parameters, so locations of the same server but with own unique Ingress definitions can have different SSL configs 2019-10-17 10:15:53 +02:00
Thomas Jackson
7fc442c7f1 update test cases 2019-10-14 08:14:35 -07:00
Thomas Jackson
b698699fdd More helpful DNS failure message 
Previously if dns.lua failed to resolve a name you'd see the following in your logs:
```
2019/10/12 23:39:34 [error] 41#41: *6474 [lua] dns.lua:121: dns_lookup(): failed to query the DNS server:
server returned error code: 3: name error
server returned error code: 3: name error, context: ngx.timer
```

Unfortunately this doesn't tell you what name is failing (so you have to start guessing). To alleviate the pain this simply adds the host name we are attempting to resolve to the log line so users don't have to guess.
 2019-10-14 08:14:35 -07:00
Kubernetes Prow Robot
69880ac9ad
Merge pull request #4650 from DaveAurionix/master 
Expose GeoIP2 Organization as variable $geoip2_org
 2019-10-12 15:34:36 -07:00
Sergei Turchanov
0476715022 Need to quote expansion of $cfg.LogFormatStream in log_stream access log 
format in nginx.tmpl otherwise individual variables are just glued together
without separating spaces so that you would get these in access logs:

[10/Oct/2019:05:03:30 +0000]TCP200000.003
[10/Oct/2019:05:03:30 +0000]TCP200000.000
[10/Oct/2019:05:05:04 +0000]TCP200000.000

which supposed to be someting like these:
[10/Oct/2019:05:03:30 +0000] TCP 200 0 0 0.003
[10/Oct/2019:05:03:30 +0000] TCP 200 0 0 0.000
[10/Oct/2019:05:05:04 +0000] TCP 200 0 0 0.000
 2019-10-10 17:27:15 +10:00
Dave Thompson
8e926b21d1 Expose GeoIP2 Organization as variable $geoip2_org 2019-10-09 09:47:48 +01:00
Kubernetes Prow Robot
8fd17045e6
Merge pull request #4603 from membphis/code-style 
optimize: local cache global variable and reduce string object creation.
 2019-10-08 07:51:15 -07:00
MRoci
72c4ffa8b5
add modsecurity-snippet key 2019-09-28 09:54:07 +02:00
Yuansheng
e4571fdeef optimize: local cache global variable and reduce string object creation. 
and some code style.
 2019-09-25 09:43:11 -04:00
Elvin Efendi
73e659f5fc improve certificate configuration detection per request 2019-09-24 21:17:22 -04:00
Elvin Efendi
c5a8357f1d handle hsts header injection in lua 2019-09-24 21:17:22 -04:00
Elvin Efendi
c93d384fb1 delete redundant config 2019-09-24 18:51:35 -04:00
Elvin Efendi
8c64b12a96 refactor force ssl redirect logic 2019-09-24 14:57:52 -04:00
Elvin Efendi
e392c8a8af cleanup unused certificates 2019-09-24 14:16:03 -04:00
Kubernetes Prow Robot
1dc4d184a0
Merge pull request #4550 from Shopify/upstream-auth-proxy-set-headers 
Add support for configmap of headers for auth-url per ingress
 2019-09-24 09:33:27 -07:00
Kubernetes Prow Robot
0f378154a0
Merge pull request #4591 from membphis/change/lua-code-style 
optimize: local cache global variable and avoid single lines over 80
 2019-09-24 07:55:29 -07:00
A Gardner
786a3b6862 Add support for configmap of headers to be sent to external auth service 2019-09-24 10:53:23 -04:00
Yuansheng
1ce68c8723 optimize: local cache global variable and avoid single lines over 80 
characters.
 2019-09-24 10:08:45 -04:00
Kubernetes Prow Robot
f6c2f5fb97
Merge pull request #4514 from alexmaret/4475-stickyness-mode 
Added new affinity mode for maximum session stickyness.
 2019-09-24 05:09:27 -07:00
Alexander Maret-Huskinson
c26ab315b8 Fixed LUA lint findings. 2019-09-24 10:56:11 +02:00
Alexander Maret-Huskinson
f1839ddb42 Fixed review findings. 2019-09-24 10:46:02 +02:00
Manuel Alejandro de Brito Fontes
4b4176c830
Fix log format after #4557 2019-09-18 12:52:09 -03:00
Manuel Alejandro de Brito Fontes
9af574a234
Remove the_real_ip variable 2019-09-12 20:01:33 -03:00
Elvin Efendi
bbcf3dc625 regression test for the issue fixed in #4543 2019-09-10 10:00:21 -04:00
Manuel Alejandro de Brito Fontes
ce3e3d51c3
WIP Remove nginx unix sockets (#4531) 
* Remove nginx unix sockets
* Use an emptyDir volume for /tmp in PSP e2e tests
 2019-09-08 18:14:54 -03:00
Thomas Jackson
28a42686a5 Correctly format ipv6 resolver config for lua 
It seems that when support was added for parsing resolv_conf directly a regression was introduced which effectively breaks anyone with ipv6 resolvers.

Regression of #3895
 2019-09-06 21:18:07 -07:00
Ricardo Katz
9c51676f17 Add support to CRL (#3164) 
Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@serpro.gov.br>

Add support to CRL

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@serpro.gov.br>
 2019-09-03 16:47:28 -04:00
Manuel Alejandro de Brito Fontes
c2935ca35c
Refactor health checks and wait until NGINX process ends 2019-09-01 15:31:27 -04:00
Manuel Alejandro de Brito Fontes
c7d2444cf4
Fix nginx variable service_port (nginx) (#4500) 2019-08-31 11:24:01 -04:00
Alexander Maret-Huskinson
880b3dc5f1 Fixed test findings. 2019-08-30 19:08:03 +02:00
Alexander Maret-Huskinson
881e352d68 Converted sticky session balancers into separate classes. 2019-08-30 18:07:24 +02:00
Alexander Maret-Huskinson
9170591185 Added new affinity mode for maximum session stickyness. Fixes kubernetes/ingress-nginx#4475 2019-08-30 11:40:29 +02:00
Kubernetes Prow Robot
8740c1b661
Merge pull request #4478 from zikhan/AddWildcardAffinity 
Re-add Support for Wildcard Hosts with Sticky Sessions
 2019-08-27 10:52:07 -07:00
Elvin Efendi
06f03a2af6 point users to kubectl ingress-nginx plugin 2019-08-27 07:42:42 -04:00
Zovin Khanmohammed
76c2063be8
Code Review changes. Remove duplicate tests. 2019-08-26 14:00:59 -05:00
Zovin Khanmohammed
1f8ab60e40
Adds Wilcard check for hostname. Adds wildcard hostname tests. 2019-08-26 14:00:44 -05:00
Elvin Efendi
57db904c92 fix lua certificate handling tests 2019-08-26 13:05:05 -04:00