DevFW-CICD/ingress-nginx-helm
12
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
1000 commits 4 branches 217 tags 166 MiB
Commit graph

564 commits

Author SHA1 Message Date
Manuel Alejandro de Brito Fontes
a5f8af70bf Merge pull request #410 from aledbf/colemickens-signin-url 
Add support for "signin url"
 2017-03-09 11:21:42 -03:00
chentao1596
468815e986 add unit test cases for controllers/gce/healthchecks 2017-03-09 10:16:41 +08:00
Cole Mickens
09e6aabce4 Add auth-signin annotation 2017-03-08 20:24:01 -03:00
Manuel de Brito Fontes
c173985af0 Allow custom http2 header sizes 2017-03-08 20:00:16 -03:00
Giancarlo Rubio
a2edde35fc fix some broken links 
upgrade all nginx examples to latest version
moved some examples from contrib to this repo
 2017-03-08 22:22:31 +01:00
Tony Li
62fcc400b8 add debug info and fix spelling 2017-03-08 12:55:33 -05:00
Gorka Lerchundi Osa
e1c1dfadc7 allow specifying custom dh param 
fixes #162
 2017-03-08 15:32:32 +01:00
Giancarlo Rubio
63b5f2f1c5 add configuration to disable listening on ipv6 2017-03-08 13:29:02 +01:00
Manuel Alejandro de Brito Fontes
f1062e07bc Merge pull request #369 from xialonglee/patch-1 
Minor text fix for "ApiServer"
 2017-03-08 07:09:32 -03:00
Nick Sardo
31eab3880b Merge pull request #384 from timstclair/busybox 
Rebase GLBC on alpine:3.5
 2017-03-07 17:19:17 -08:00
Manuel Alejandro de Brito Fontes
d6620ead2c Merge pull request #397 from aledbf/fix-external-auth 
Fix external auth
 2017-03-07 21:36:53 -03:00
Nick Sardo
61a03033f7 Merge pull request #386 from itamaro/patch-1 
Fix glbc usage string
 2017-03-07 15:08:17 -08:00
Tony Li
7000924dc5 GCE pre-shared cert fixes (#395) 
* pick up changes to the external cert referenced by lb

* less prone way to check if cert should be deleted
 2017-03-07 15:05:21 -08:00
Manuel de Brito Fontes
bebd596b3f Listen customization must be done just in one place 2017-03-07 19:50:24 -03:00
Tim St. Clair
1023056c3b
Rebase GLBC on busybox 2017-03-07 13:49:43 -08:00
Tony Li
e1d1445370 GCE/GKE "pre-shared" TLS cert (#291) 
* add allow-named-tls annotation

* works for setting tls

* fix logs (mostly)

* add ssl cert annotation

* return an error when cert not found

* use annotation if specified, otherwise use spec

* add TODO on naming

* use the annotation key from k8s

* add unit test for HTTPS LB w/ cert annotation

* refactor logic and check for error

* move annotation to controller package

* remove todo for function naming
 2017-03-07 13:42:41 -08:00
craigmonson
6e6aae6c29 Update README.md 
fix broken link to config maps
 2017-03-07 15:09:50 -05:00
Manuel de Brito Fontes
484bd43111 Fix http2 header size 2017-03-07 14:42:59 -03:00
Victor Unegbu
dfdcdfde0b remove tmp nginx-diff files 2017-03-07 09:59:10 -06:00
Itamar Ostricher
6f3139a79e Fix glbc usage string 
1. Typo in `glbc` binary name
2. Typo in `running-in-cluster` flag
3. Remove non-existing flag `--default-backend-node-port`
 2017-03-07 12:09:12 +02:00
chentao1596
1417a3a818 add copyright 2017-03-07 15:34:31 +08:00
Nick Sardo
a6e38221ee Merge pull request #278 from csbell/fw-name 
Extend ConfigMap to store fwrule names
 2017-03-06 10:37:20 -08:00
Manuel de Brito Fontes
f0c758eed2 Fix custom log format 2017-03-06 12:33:51 -03:00
Manuel Alejandro de Brito Fontes
de8b9b8df2 Merge pull request #370 from foxylion/force-ssl-redirect-documentation 
Add documentation for ingress.kubernetes.io/force-ssl-redirect
 2017-03-05 22:11:05 -03:00
Manuel de Brito Fontes
cd924f5522 Avoid duplication of ReadConfig function 2017-03-04 18:35:33 -03:00
Manuel de Brito Fontes
1473f64fb0 Remove SPDY reference 2017-03-04 18:35:33 -03:00
Manuel de Brito Fontes
3c0fb01ba2 Add warning when the ingress controller uses a custom class 2017-03-04 18:35:33 -03:00
Manuel de Brito Fontes
2399be867e Cleanup custom log format configuration 2017-03-04 18:35:33 -03:00
Jakob Jarosch
74d57c9502 Add documentation for ingress.kubernetes.io/force-ssl-redirect 
refs #314 #365
 2017-03-03 20:29:43 +01:00
Peter Lee
0b6f4d2770 Minor text fix for "ApiServer" 
It looks a little weird to apply camel case style for the noun "apiserver", i didn't see somewhere else spelling it in that way.
 2017-03-04 00:40:07 +08:00
Manuel Alejandro de Brito Fontes
75124bc9f1 Merge pull request #356 from gianrubio/patch-1 
Disable listen only on ipv6 and fix proxy_protocol
 2017-03-03 09:50:43 -03:00
Manuel Alejandro de Brito Fontes
6cd21f7dea Merge pull request #362 from gianrubio/fix-ingress-class 
Fix ingress class
 2017-03-03 09:49:59 -03:00
Manuel Alejandro de Brito Fontes
3b2f668f39 Merge pull request #367 from gianrubio/customize-logformat 
BuildLogFormatUpstream was always using the default log-format
 2017-03-03 09:43:48 -03:00
Manuel Alejandro de Brito Fontes
9f39abc019 Merge pull request #365 from pwillie/forcesslredirect 
add ForceSSLRedirect ingress annotation
 2017-03-03 09:05:02 -03:00
Giancarlo Rubio
1e5081baf2 BuildLogFormatUpstream function was always using the default log-format-upstream, 2017-03-03 13:03:49 +01:00
caiyixiang
482293b99d add_judgment 2017-03-03 15:17:32 +08:00
Peter Wilson
1a72b3f775 add ForceSSLRedirect ingress annotation 2017-03-03 16:44:29 +11:00
Aaron Roydhouse
336f3cb108 Fix error caused by increasing proxy_buffer_size (#363) 
This fixes the bug raised in #363, by increasing the size of the proxy_buffers (memory allocation) to match the size of the proxy buffer. This leaves the default values (with no ingress setting) unchanged:
```
proxy_buffer_size      4k
proxy_buffers            4 4k
```
If 'proxy-buffer-size' is set, then now both the buffer size and the memory allocation size is increased:
```
proxy_buffer_size     "{{ $location.Proxy.BufferSize }}";
proxy_buffers           4 "{{ $location.Proxy.BufferSize }}";
```
I have been using this patch with 0.8.3 and 0.9.0-beta.2.
 2017-03-02 16:11:27 -05:00
rsafronov
05526e4a66 Merge remote-tracking branch 'upstream/master' into nginx/extauth_headers 
# Conflicts:
#	controllers/nginx/pkg/template/template.go
 2017-03-02 14:46:18 -05:00
Christian Bell
68097e96dc Better logging and address review comments 2017-03-02 10:54:32 -08:00
Giancarlo Rubio
2ddba72baa Fix ingress class 2017-03-02 16:50:31 +01:00
Giancarlo Rubio
0ca3aef0f5 Add ability to customize upstream and stream log format 2017-03-01 18:47:11 +01:00
Giancarlo Rubio
90fdea751b Disable listen only on ipv6 and fix proxy_protocol 
- Always listen on ipv4 address for port 443
- Rollback previous PR #227 that broke the proxy_protocol when passthroughBackends is disabled
 2017-03-01 15:31:00 +01:00
Christian Bell
b259c9b349 First stab at extending the "uid" configmap to store firewall 
rule information.
 2017-02-28 10:49:31 -08:00
rsafronov
d3b952552a minor: formatting 2017-02-27 16:34:42 -05:00
electroma
c8eda8f17f Merge branch 'master' into nginx/extauth_headers 2017-02-27 16:28:11 -05:00
Manuel de Brito Fontes
02d44ccbaa Fix client source IP address 2017-02-26 19:01:07 -03:00
Manuel Alejandro de Brito Fontes
0aabfba848 Merge pull request #235 from rikatz/ingress-ssl-auth 
Adds correct support for TLS Muthual autentication
 2017-02-25 20:34:28 -03:00
Piotr Szczesniak
fd7990de67 Expose Prometheus metrics in glbc controller 2017-02-25 18:30:00 +01:00
Manuel Alejandro de Brito Fontes
8f23451c24 Merge pull request #221 from tonglil/typos 
Typo: unittesting -> unit testing
 2017-02-25 08:12:53 -03:00
Manuel Alejandro de Brito Fontes
712b60f197 Merge pull request #222 from tonglil/fix-log-message 
Change arg ordering in log message
 2017-02-25 08:12:41 -03:00
Manuel Alejandro de Brito Fontes
3f2592128c Merge pull request #224 from tonglil/check-error 
Check for error getting cert
 2017-02-25 08:12:25 -03:00
Ricardo Pchevuzinske Katz
a342c0bce3 Adds correct support for TLS Muthual autentication and depth verification 
modified:   controllers/nginx/configuration.md
	modified:   controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl
	modified:   core/pkg/ingress/annotations/authtls/main.go
	modified:   core/pkg/ingress/controller/backend_ssl.go
	modified:   core/pkg/ingress/controller/controller.go
	modified:   core/pkg/ingress/controller/util_test.go
	modified:   core/pkg/ingress/resolver/main.go
	modified:   core/pkg/ingress/types.go
	modified:   core/pkg/net/ssl/ssl.go
	modified:   examples/PREREQUISITES.md
	new file:   examples/auth/client-certs/nginx/README.md
	new file:   examples/auth/client-certs/nginx/nginx-tls-auth.yaml
 2017-02-24 22:49:01 -03:00
Manuel de Brito Fontes
84324af140 Refactoring of TCP and UDP services 2017-02-24 20:14:43 -03:00
Manuel Alejandro de Brito Fontes
33ab550290 Merge pull request #332 from aledbf/snippets 
Add annotation to customize nginx configuration
 2017-02-24 18:39:45 -03:00
Giancarlo Rubio
704a18cec9 Add support for proxy cookie path/proxy cookie domain 2017-02-24 16:06:30 +01:00
Marcin Owsiany
192c551abb Fix for formatting error introduced in #304. 
Why don't we fail the travis build when go fmt is unhappy?
 2017-02-24 12:05:31 +01:00
Manuel de Brito Fontes
a20c287614 Add annotation to customize nginx location configuration 2017-02-23 16:48:59 -03:00
Manuel Alejandro de Brito Fontes
964aa0a15a Merge pull request #295 from tangle329/master 
We need check content, when cmd failed.
 2017-02-23 00:28:13 -03:00
Manuel de Brito Fontes
7013a52ee5 Return sorted endpoints 2017-02-22 14:41:44 -03:00
Manuel de Brito Fontes
036892fb96 Release 0.9.0-beta.2 2017-02-22 14:41:43 -03:00
Manuel Alejandro de Brito Fontes
5ab0f284b0 Merge pull request #306 from caiyixiang/modifyNGINXreadme 
modify nginx readme
 2017-02-20 08:01:31 -03:00
Manuel Alejandro de Brito Fontes
463ff2b453 Merge pull request #304 from caiyixiang/changeSStoSSL 
change 'buildSSPassthrouthUpstreams' to 'buildSSLPassthroughUpstreams'
 2017-02-20 08:00:15 -03:00
chentao1596
a74fe3426a Add docs for body-size annotation 2017-02-20 18:01:57 +08:00
caiyixiang
488d89db18 modify nginx readme 2017-02-20 15:58:16 +08:00
Tang Le
c0f0cb2ff7 Check content when cmd failed 
Signed-off-by: Tang Le <at28997146@163.com>
 2017-02-20 10:34:05 +08:00
caiyixiang
e68abf067b change 'buildSSPassthrouthUpstreams' to 'buildSSLPassthroughUpstreams' 2017-02-20 10:30:37 +08:00
Prashanth B
cb60085b17 Merge pull request #299 from bprashanth/owners 
Add more assignees and approvers
 2017-02-18 04:17:39 +05:30
Manuel de Brito Fontes
8fd12b26ba Change nginx variable to use in filter of access_log 2017-02-17 18:21:46 -03:00
bprashanth
7e02e9adaa Add more assignees and approvers 2017-02-17 10:47:56 -08:00
Manuel Alejandro de Brito Fontes
e603066d92 Merge pull request #290 from aledbf/update-nginx 
Update nginx version in ingress controller to 1.11.10
 2017-02-17 15:46:52 -03:00
Manuel Alejandro de Brito Fontes
5fab1e99fe Merge pull request #296 from aledbf/fix-rewrite 
Fix rewrite regex to match the start of the URL and not a substring
 2017-02-17 15:12:18 -03:00
Manuel de Brito Fontes
77221b3555 Fix rewrite regex to match the start of the URL and not a substring 2017-02-17 11:04:57 -03:00
Tang Le
e26efd0b08 We need check content, when cmd failed. 
Signed-off-by: Tang Le <at28997146@163.com>
 2017-02-17 19:11:56 +08:00
Prashanth B
3d9f89be1d Merge pull request #293 from tonglil/gcloud-docker 
Update makefile gcloud docker command
 2017-02-17 07:07:25 +05:30
Tony Li
f32ef32489 do the same for nginx 2017-02-16 17:12:33 -08:00
Prashanth B
698c08402a Merge pull request #258 from rikatz/nginx-sticky-annotations 
Nginx sticky annotations
 2017-02-17 05:27:18 +05:30
Tony Li
5f8a40d392 update makefile docker command 2017-02-16 14:49:35 -08:00
Manuel de Brito Fontes
2d0971d6b0 Update nginx version in ingress controller to 1.11.10 2017-02-16 15:10:14 -03:00
Manuel Alejandro de Brito Fontes
b5819d8f4d Merge pull request #246 from aledbf/set-headers 
Add support for custom proxy headers using a ConfigMap
 2017-02-16 07:35:57 -03:00
Manuel Alejandro de Brito Fontes
111f338fa3 Merge pull request #272 from aledbf/refactor-annotation-parsers 
Fix error getting class information from Ingress annotations
 2017-02-16 07:35:34 -03:00
Ricardo Pchevuzinske Katz
e5c9c788a5 Correct the configuration.md reference to annotations 2017-02-16 08:31:01 -02:00
Manuel Alejandro de Brito Fontes
a8b89677d6 Merge pull request #275 from aledbf/pass-headers 
Pass headers to custom error backend
 2017-02-14 18:05:22 -03:00
Manuel de Brito Fontes
0cdc4bd8ba Pass headers to custom error backend 2017-02-14 17:43:31 -03:00
Manuel de Brito Fontes
5c9bf12648 Fix error getting class information from Ingress annotations 2017-02-14 11:02:23 -03:00
Arnd Hannemann
f46aedd7a2 Fix typo in nginx README 2017-02-14 10:06:44 +01:00
Manuel Alejandro de Brito Fontes
aa02b7e085 Merge pull request #244 from aledbf/annotations-docs 
Add information about cors annotation
 2017-02-13 17:59:47 -03:00
Ricardo Pchevuzinske Katz
a158e5fc5a Improve the session affinity feature 2017-02-12 21:13:39 -02:00
bprashanth
8ea814264d Add nginx README and configuration docs back 2017-02-10 10:59:40 -08:00
Ricardo Pchevuzinske Katz
6809319318 Adds support for configuring stickness per Ingress 2017-02-10 12:24:16 -02:00
Ricardo Pchevuzinske Katz
79e186cb77 New sticky session configuration 2017-02-10 01:33:23 -02:00
Ricardo Pchevuzinske Katz
d0c4e0d713 Adds support for disabling the entire access_log 2017-02-09 21:20:12 -02:00
Prashanth B
2119b23cb8 Merge pull request #251 from bprashanth/balancing_mode 
Balancing mode UTILIZATION -> RATE
 2017-02-10 00:23:23 +05:30
bprashanth
9b305f1954 Flip version to 0.9.1 2017-02-08 19:31:59 -08:00
bprashanth
3f618d7dca Add unittest 2017-02-08 19:31:55 -08:00
bprashanth
bc8b658a5c Be more specific about the type of error to retry on 2017-02-08 17:27:53 -08:00
bprashanth
24d9aada11 Set balancing mode 2017-02-08 15:15:48 -08:00
rsafronov
4c2b2512f5 Merge branch 'upstream' into nginx/extauth_headers 2017-02-08 16:57:03 -05:00
Manuel de Brito Fontes
5cc5669938 Add support for custom proxy headers using a ConfigMap 2017-02-07 17:00:23 -03:00
Leszek Charkiewicz
ee484aa19f Fix wrong URL in nginx ingress configuration 2017-02-07 20:26:11 +01:00
Manuel de Brito Fontes
c83d46ef86 Add information about cors annotation 2017-02-07 11:17:25 -03:00
Manuel Alejandro de Brito Fontes
4eb527d4a9 Merge pull request #228 from tangle329/master 
Fix worker check issue
 2017-02-07 09:36:55 -03:00
caiyixiang
229250f419 changeUDP 2017-02-07 14:35:39 +08:00
Manuel de Brito Fontes
36f842c011 Add information about proxy_protocol in port 442 2017-02-04 21:29:35 -03:00
Manuel Alejandro de Brito Fontes
e35e5bfce5 Merge pull request #227 from justinsb/use_proxy_protocol 
proxy_protocol on ssl_passthrough listener
 2017-02-04 21:22:47 -03:00
Justin Santa Barbara
8d71557b13 Remove proxy_protocol from 442 listener 
The proxy_protocol processing should only happen once, on the
"external-facing" listeners.
 2017-02-04 19:02:24 -05:00
Justin Santa Barbara
6fa461c2a7 proxy_protocol on ssl_passthrough listener 
Move proxy_protocol to listener.

Fix #207
 2017-02-04 02:38:36 -05:00
Tang Le
008c47c2d3 Fix worker check issue 
Signed-off-by: Tang Le <at28997146@163.com>
 2017-02-04 15:37:06 +08:00
rsafronov
302fa5f4bb Added: support for http header passing from external authentication service response 2017-02-03 19:43:15 -05:00
Tony Li
fbdacb2a67 comment on skipping the error check 2017-02-03 18:23:07 -05:00
Tony Li
404e0712db check for error getting cert 2017-02-03 17:24:24 -05:00
Tony Li
881ddba90d change arg ordering in log message 2017-02-03 15:13:08 -05:00
Jeff Grafton
bc020f1370 Always docker --pull when building to fetch latest base images 2017-02-01 19:04:23 -08:00
bprashanth
3a37607138 Change nginx controller image to 0.9.0-beta.1 2017-01-30 12:13:06 -08:00
Prashanth B
910b706f8f Merge pull request #181 from aledbf/0.9 
WIP: Release 0.9.0
 2017-01-30 10:55:59 -08:00
Tim Hockin
df6f1ab5c6 Merge pull request #185 from bprashanth/named_port 
Match named port between container and probe
 2017-01-27 17:25:39 -08:00
bprashanth
7d709d5e93 Match named port between container and probe 
We were previous matching the target port with the readiness probe, and
hence dropping the case where the container port and the probe had the
same name, but the target port did not.
 2017-01-27 14:22:44 -08:00
Manuel de Brito Fontes
2887daaf78 Release 0.9.0 2017-01-27 18:23:15 -03:00
Manuel de Brito Fontes
c3ac562429 Fix template error 2017-01-27 17:52:09 -03:00
Tony Li
0278034bcf unittesting -> unit testing 2017-01-26 15:17:12 -05:00
Manuel Alejandro de Brito Fontes
87d4145c76 Merge pull request #178 from aledbf/proxy-name 
Add initialization of proxy variable
 2017-01-26 16:50:20 -03:00
Ricardo Pchevuzinske Katz
cc1413261f Allows the usage of Default SSL Cert 2017-01-26 16:51:55 -02:00
Manuel de Brito Fontes
2baa1def46 Add initialization of proxy variable 2017-01-26 11:52:48 -03:00
Manuel de Brito Fontes
ec67f83305 Refactoring sysctlFSFileMax helper 2017-01-26 00:10:33 -03:00
Prashanth B
0f7102a356 Merge pull request #174 from aledbf/update-nginx-1119 
Update nginx to 1.11.9
 2017-01-25 13:58:24 -08:00
Manuel de Brito Fontes
08eda50ebb Update nginx to 1.11.9 2017-01-25 15:16:31 -03:00
Justin Ryan
96df5b3d55 Clarify usage of Ingress backend.servicePort 2017-01-25 09:52:50 -05:00
Manuel Alejandro de Brito Fontes
099fba21c8 Merge pull request #165 from tangle329/master 
Fix rate limit issue when more than 2 servers enabled in ingress
 2017-01-25 07:35:25 -03:00
Tang Le
c0aca1833a Fix rate limit issue when more than 2 servers enabled in ingress 
Signed-off-by: Tang Le <at28997146@163.com>
 2017-01-24 16:19:28 +08:00
Peter Sutherland
8fae080cce Remove SPDY documentation as it is broken 2017-01-23 14:50:52 +00:00
Peter Sutherland
e665072eaa Document more parameters and list defaults 2017-01-23 14:20:21 +00:00
Peter Sutherland
6c8792d80a Add whitelist-source-range to config map docs 2017-01-23 13:34:15 +00:00
Tang Le
50297c8f47 Fix issue for ratelimit 
Signed-off-by: Tang Le <tangle3@wanda.cn>
 2017-01-23 10:01:51 +08:00
Manuel de Brito Fontes
3df139cb56 Add configuration and annotation for port_in_redirect 2017-01-21 23:01:21 -03:00
Manuel de Brito Fontes
87322b84ba Add support for custom header sizes 2017-01-21 12:46:20 -03:00
Manuel de Brito Fontes
b0c2619594 Add annotation to allow custom body sizes 2017-01-21 11:50:05 -03:00
chentao1596
7bcdef0505 adjust some improper punctuations 2017-01-20 10:55:18 +08:00
chentao1596
08149a7a21 fix wrong link(change titile) 2017-01-20 10:38:31 +08:00
Manuel Alejandro de Brito Fontes
fbcedc02dc Merge pull request #132 from pedrosland/docs/nginx-controller-config-1 
Document nginx controller configuration tweaks
 2017-01-19 15:07:40 -03:00
Peter Sutherland
292375e8b4 Incorporate more feedback 2017-01-19 18:03:44 +00:00
Manuel Alejandro de Brito Fontes
7553ab361a Merge pull request #136 from chentao1596/add-info-about-MapHashBucketSize 
Add content and descriptions about nginx's configuration
 2017-01-19 09:10:20 -03:00
Manuel Alejandro de Brito Fontes
0ed8260704 Merge pull request #133 from aledbf/fix-tcp-stream 
Add TCP and UDP services removed in migration
 2017-01-19 09:06:03 -03:00
Justin Santa Barbara
f1520a1232 Merge pull request #142 from aledbf/file-max 
Use system fs.max-files as limits instead of hard-coded value
 2017-01-19 01:46:49 -05:00
Manuel de Brito Fontes
9ce52c51f1 Use system fs.max-files as limits instead of hard-coded value 2017-01-19 00:29:31 -03:00
Manuel de Brito Fontes
ba98383c2d Add TCP and UDP services removed in migration 2017-01-18 23:46:03 -03:00
Manuel de Brito Fontes
7fa5aecd71 Add reuse port and backlog to port 80 and 443 2017-01-18 23:04:00 -03:00
caiyixiang
5131b76fe5 const-reference 2017-01-18 11:29:59 +08:00
chentao1596
af8f2881f1 add content: Server-side HTTPS enforcement through redirect 2017-01-18 10:21:29 +08:00
chentao1596
4fbe1ed422 add description for 'map-hash-bucket-size' 2017-01-18 09:58:22 +08:00
Peter Sutherland
9e94863db2 Incorporate feedback 2017-01-17 14:47:54 +00:00