Updates the TLS and CA certificate sections to use algorithms
better than md5. Using md5 as a digest causes nginx to fail
to load because it is not accepted by open ssl.
Closes#3571
Adds the ability to create alternative backends. Alternative backends enable
traffic shaping by sharing a single location but routing to different
backends depending on the TrafficShapingPolicy defined by AlternativeBackends.
When the list of upstreams and servers are retrieved, we then call
mergeAlternativeBackends which iterates through the paths of every ingress
and checks if the backend supporting the path is a AlternativeBackend. If
so, we then iterate through the map of servers and find the real backend
that the AlternativeBackend should fall under. Once found, the
AlternativeBackend is embedded in the list of VirtualBackends for the real
backend.
If no matching real backend for a AlternativeBackend is found, then the
AlternativeBackend is deleted as it cannot be backed by any server.
Adds per-server/location error-catch functionality to nginx template
Adds documentation
Reduces template duplication with helper function for CUSTOM_ERRORS data
Updates documentation
Adds e2e test for customerrors
Removes AllCustomHTTPErrors, replaces with template function with deduplication and adds e2e test of deduplication
Fixes copy-paste error in test, adds additional test cases
Reverts noop change in controller.go (unused now)
add test for new auth-snippet annotation
document auth-snippet annotation
add e2e test for auth-snippet annotation
add log warning and update documentation
The warnings should probably be above the script, not below, especially in the ever popular GKE, where they are prerequisites. Generic Deployment sounds like it's a deployment that should work on all vanilla Kubernetes installations. It sounds like an OR logic operator, when it should be an AND.
Multiple people within my work organisation were caught out by the fact
that the trusted client cert issuers must be given in a file named
`ca.crt` and that other filenames will fail to work.
This change makes it more clear to those who stumble across the
documentation that this is a potential gotcha.
