DevFW-CICD/ingress-nginx-helm
12
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
6802 commits 4 branches 217 tags 166 MiB
Commit graph

166 commits

Author SHA1 Message Date
Laszlo Janosi
ced67e53a1 New logic: proxy-ssl parameters can be applied on locations only 
Add: new parameter in the ConfigMap to control whether the proxy-ssl parameters of an Ingress should be applied on server and location levels, or only on location level
Add: logic in the config handling to work according to the new ConfigMap parameter
Add: unit test case
 2020-01-29 10:00:55 +01:00
Sungmin Lee
d7be5db7de Support sample rate and global sampling configuration for Datadog in ConfigMap 2020-01-07 16:59:59 -08:00
Manuel Alejandro de Brito Fontes
cfccc2acc0 Update default SSL ciphers 2019-12-05 19:34:53 -03:00
Manuel Alejandro de Brito Fontes
61d902db14 Remove Lua resty waf feature 2019-11-26 10:37:43 -03:00
Rustam Zagirov
d9cfad1894 add configuration for http2_max_concurrent_streams 2019-10-31 15:13:38 +03:00
Peter Pan
6aa48def3a add remote_addr in layer 4 access log 
original:
[18/Oct/2019:00:47:53 +0000]  TCP 200 4333 81 0.002
new:
[10.6.124.202]  [18/Oct/2019:01:05:15 +0000]  TCP 200 4333  81 0.002
 2019-10-18 09:21:01 +08:00
Kubernetes Prow Robot
fb025ab501
Merge pull request #4087 from MRoci/master 
Define Modsecurity Snippet via ConfigMap
 2019-09-30 15:19:32 -07:00
MRoci
72c4ffa8b5
add modsecurity-snippet key 2019-09-28 09:54:07 +02:00
Manuel Alejandro de Brito Fontes
6715108d8a
Release 0.26.0 2019-09-27 10:23:12 -03:00
Manuel Alejandro de Brito Fontes
2bd8121338
Change default for proxy-add-original-uri-header 2019-09-25 10:57:31 -03:00
A Gardner
786a3b6862 Add support for configmap of headers to be sent to external auth service 2019-09-24 10:53:23 -04:00
Manuel Alejandro de Brito Fontes
4b4176c830
Fix log format after #4557 2019-09-18 12:52:09 -03:00
Kubernetes Prow Robot
87ad033483
Merge pull request #4569 from mkabischev/jaeger-header-configuration 
allow to configure jaeger header names
 2019-09-17 20:29:29 -07:00
Mike Kabischev
d5563a7e47 allow to configure jaeger header names 2019-09-17 12:35:53 +03:00
Manuel Alejandro de Brito Fontes
9af574a234
Remove the_real_ip variable 2019-09-12 20:01:33 -03:00
Manuel Alejandro de Brito Fontes
ce3e3d51c3
WIP Remove nginx unix sockets (#4531) 
* Remove nginx unix sockets
* Use an emptyDir volume for /tmp in PSP e2e tests
 2019-09-08 18:14:54 -03:00
Manuel Alejandro de Brito Fontes
c2935ca35c
Refactor health checks and wait until NGINX process ends 2019-09-01 15:31:27 -04:00
Maxime Ginters
d8bd8c5619 Add nginx proxy_max_temp_file_size configuration option 2019-08-15 13:47:42 -04:00
Kubernetes Prow Robot
0b375989f3
Merge pull request #4412 from Shopify/ssl-early-data 
Add nginx ssl_early_data option support
 2019-08-15 10:08:35 -07:00
Manuel Alejandro de Brito Fontes
80bd481abb
Only support SSL dynamic mode 2019-08-13 17:33:34 -04:00
Manuel Alejandro de Brito Fontes
4a9b02bc03
Remove dynamic TLS records 2019-08-08 15:52:56 -04:00
tals
a2e667c082 lua shared dict from cm 
lua shared dict teml test and update func sign

lua shared dict cm test

lua shared dict integration test

lua shared dict add cm parsing

lua shared dict change test header
 2019-08-08 12:44:11 +03:00
Maxime Ginters
7219130da4 Add nginx ssl_early_data option support 2019-08-07 16:04:09 -04:00
Kubernetes Prow Robot
589c9a20f9
Merge pull request #4278 from moolen/feat/auth-req-cache 
feat: auth-req caching
 2019-07-17 12:06:12 -07:00
Moritz Johner
23504db770 feat: auth-req caching 
add a way to configure the `proxy_cache_*` [1] directive for external-auth.
The user-defined cache_key may contain sensitive information
(e.g. Authorization header).
We want to store *only* a hash of that key, not the key itself on disk.

[1] http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cache_key

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
 2019-07-17 18:39:04 +02:00
E. Stuart Hicks
3b0c523e49 added proxy-http-version annotation to override the HTTP/1.1 default connection type to reverse proxy backends 2019-07-08 14:32:00 -04:00
Kubernetes Prow Robot
7c297e001a
Merge pull request #4246 from ElvinEfendi/proxy-alternative-upstream-name 
introduce proxy_alternative_upstream_name Nginx var
 2019-07-04 19:20:35 -07:00
Elvin Efendi
8b208cac93 introduce proxy_alternative_upstream_name Nginx var to differentiate canary requests 2019-07-04 19:43:20 -04:00
Manuel Alejandro de Brito Fontes
8807db9748
Check and complete intermediate SSL certificates 2019-07-04 19:13:21 -04:00
Jorrit Salverda
f77eaaee50 Add opentracing-operation-name and opentracing-location-operation-name config settings 
With these settings custom span names can be used for the server span and location span

Signed-off-by: Jorrit Salverda <jsalverda@travix.com>
 2019-06-07 14:19:34 +02:00
Kubernetes Prow Robot
e76418cd99
Merge pull request #4162 from stramel/patch-1 
Add "text/javascript" to compressible MIME types
 2019-06-06 11:35:34 -07:00
Michael Stramel
686f2310e4 Add "text/javascript" to compressible MIME types 
Based on the HTML Standard, https://html.spec.whatwg.org/multipage/scripting.html#scriptingLanguages, servers _should_ use `text/javascript`.
 2019-06-06 13:11:56 -05:00
Elvin Efendi
c4ced9d694 fix source file mods 2019-06-06 10:47:08 -04:00
reynaldi.wijaya
31ffad8fa1 UPT: Add variable to define custom sampler host and port, add commituser 2019-05-21 12:34:38 +08:00
okryvoshapka-connyun
4811168d2a Fixed typos 2019-05-06 09:04:12 +02:00
okryvoshapka-connyun
8cc9afe8ee Added Global External Authentication settings to configmap parameters incl. addons 2019-05-03 12:08:16 +02:00
Alex Kursell
ffeb1fe348 Support proxy_next_upstream_timeout 2019-04-15 11:08:57 -04:00
Mikhail Marchenko
8b3702c829 Enable access log for default backend 
disable log on default_server
 2019-02-26 11:14:31 +03:00
Jim Zhang
6305e1d152 fix: run gofmt 2019-02-22 15:04:19 +08:00
Jim Zhang
dc63e5d185 fix: rename proxy-buffer-number to proxy-buffers-number 2019-02-22 10:21:17 +08:00
Jim Zhang
c92d29d462 feat: configurable proxy buffer number 2019-02-20 18:05:09 +08:00
Alan J Castonguay
a29c27ed4c Datadog Opentracing support - part 2 
This commit is part 2 of 2, adding configuration of the
Datadog Opentracing module to the controller.

Fixes half of #3752
 2019-02-15 15:20:10 -05:00
Elvin Efendi
adc128711b delete confusing CustomErrors attribute to make things more explicit 2019-02-13 22:41:02 -05:00
Kubernetes Prow Robot
17e788b8e1
Merge pull request #3684 from aledbf/health 
Replace Status port using a socket
 2019-02-06 13:49:08 -08:00
Manuel Alejandro de Brito Fontes
34b0580225
Replace Status port using a socket 2019-02-06 18:00:10 -03:00
Rustam Zagirov
5dee6af957 add params for access log 2019-01-26 21:42:11 +03:00
Manuel Alejandro de Brito Fontes
b10b60f9ae
Revert max-worker-connections default value (#3660) 2019-01-13 10:53:18 -03:00
Manuel Alejandro de Brito Fontes
a3bcbeb3d2
Add support for redirect https to https when from-to-www-redirect is defined 2019-01-10 20:59:49 -03:00
Shai Katz
edd87fbae3 add limit connection status code 
add default conn status code

add missing colon

add limit connection status code
 2019-01-09 19:31:10 +02:00
ramnes
bf7b5ebd81 Add an option to automatically set worker_connections based on worker_rlimit_nofile 2018-12-27 18:36:19 +01:00
Manuel Alejandro de Brito Fontes
2fa55eabf6 Replace glog with klog 2018-12-05 13:27:55 -03:00
Manuel Alejandro de Brito Fontes
06d33c16b5
Allow to disable NGINX metrics 2018-12-05 10:14:35 -03:00
Elvin Efendi
e93763da6a delete unused LoadBalanceAlgorithm 2018-11-28 14:49:37 +04:00
k8s-ci-robot
710ea8c76f
Merge pull request #3333 from Shopify/dont-trust-by-default 
breaking change: by default do not trust any client
 2018-11-27 05:12:48 -08:00
Manuel Alejandro de Brito Fontes
168f30d1ec Revert removal of support for TCP and UDP services 2018-11-16 13:48:47 -03:00
Elvin Efendi
5f3b48e16d breaking change: do not trust x-forwarded-* headers by default 2018-11-13 10:35:59 +04:00
xichengliudui
d2b1d37ee3 Modify the wrong function name 2018-11-08 15:17:40 -05:00
Manuel Alejandro de Brito Fontes
71ebe1cba5 Code linting 2018-10-30 20:46:48 -03:00
Maximilian Bode
c27c57dc8b Add configuration for geoip2 module 
Based on closed PRs #2551, #2755
 2018-10-29 21:25:23 +01:00
Fernando Diaz
12955a4a1b Allow Ability to Configure Upstream Keepalive 
Allows Upstream Keepalive values like keepalive_timeout and
keepalive_requests to be configured via ConfigMap.

Fixes #3099
 2018-10-11 20:46:42 -05:00
k8s-ci-robot
3038da8719
Merge pull request #3215 from hchenxa/hchenxa 
align opentracing user-guide with nginx configmap configuration
 2018-10-10 06:56:15 -07:00
Hui Chen
f8052385f9 aline opentracing user-guide with nginx configmap configuration 2018-10-10 11:25:53 +08:00
Manuel Alejandro de Brito Fontes
74c2f93de6
Only support dynamic configuration 2018-10-09 22:05:45 -03:00
Manuel Alejandro de Brito Fontes
44bdc7eb59 Remove support for TCP and UDP services 2018-10-07 10:53:37 -03:00
Pavel Sinkevych
7212d0081b Provide possibility to block CIDRs, User-Agents and Referers globally 2018-09-25 14:16:20 +03:00
Derek Perkins
9099f3b4db add support for http2-max-requests in configmap 2018-09-02 23:53:30 -06:00
Manuel de Brito Fontes
16fce7444f
Check if cgroup cpu limits are defined to get the number of CPUs 2018-08-25 18:34:44 -03:00
Henry Tran
7faf089082 Add dynamic certificate feature to controller 2018-08-16 20:19:33 -04:00
Dario Nieuwenhuis
b5bcb93a4b
Merge branch 'master' into xff 2018-08-16 18:15:14 +02:00
k8s-ci-robot
9b3207d4c6
Merge pull request #2897 from aledbf/enable-reuseport 
Enable reuse-port by default
 2018-08-04 19:43:43 -07:00
Manuel de Brito Fontes
1d00a5c2bc Enable reuse-port by default 2018-08-04 17:43:34 -04:00
Tom Reznik
b7bcf92480 support configuring multi_accept directive via configmap 2018-08-04 19:20:01 +03:00
Tom Reznik
1bacf1655e support custom configuration to main context of nginx config 2018-08-04 00:53:06 +03:00
Elvin Efendi
8a67ace5c3 enable dynamic backend configuration by default 2018-07-26 15:16:06 -04:00
Fernando Diaz
52ecdf0b46 Add Better Error Handling for SSLSessionTicketKey 
Adds more error handling when writing an SSLSessionTicketKey to
the config map. Also adds tests and makes the function for modular.

Fixes #2756
 2018-07-15 19:53:39 -05:00
Jason Stangroome
8e06afbb45 Allow gzip compress level to be controlled via ConfigMap 2018-07-09 10:30:59 +10:00
Andrii Kostenko
bc53d1eb74
Sample rate configmap option for zipkin in nginx-opentracing 2018-06-28 18:13:31 +03:00
Manuel Alejandro de Brito Fontes
aec40c171f
Improve configuration change detection (#2656) 
* Use information about the configuration configmap to determine changes

* Add hashstructure dependency

* Rename queue functions

* Add test for configmap checksum
 2018-06-21 10:50:57 -04:00
Manuel de Brito Fontes
63b38e1c21
Remove VTS from the ingress controller 2018-06-14 11:11:29 -04:00
Dario Nieuwenhuis
35a6d508fb Set use-forwarded-headers to true by default. 2018-06-12 21:33:34 +02:00
Dario Nieuwenhuis
67b253a149 Add use-forwarded-headers configmap option. 2018-06-11 00:06:14 +02:00
k8s-ci-robot
fa9823634c
Merge pull request #2504 from jrthrawny/proxy-protocol-timeout-for-passthrough-pr 
Add Timeout For TLS Passthrough
 2018-06-03 22:54:53 -07:00
Jason Roberts
d637a9b978 Configurable Proxy Protocol header timeout for TLS passthrough 2018-06-03 20:10:41 -05:00
Elvin Efendi
7d8a0130a5 use better defaults for proxy-next-upstream(-tries) 2018-05-23 21:37:56 -04:00
k8s-ci-robot
b8b5e5bc51
Merge pull request #2548 from Stono/master 
Implement generate-request-id
 2018-05-21 13:55:12 -07:00
Karl Stoney
206d32a2cd Implement generate-request-id 
Fixes https://github.com/kubernetes/ingress-nginx/issues/2546
 2018-05-21 08:32:50 +01:00
Lorenzo Fontana
93be8db612
Annotations for the InfluxDB Module 
Signed-off-by: Lorenzo Fontana <lo@linux.com>
 2018-05-19 09:22:46 +02:00
Fernando Diaz
e224259e38 Resolves issue with proxy-redirect nginx configuration 
Resolves an issue where the proxy-redirect annotations were not generating the
correct configuration possibly because of user error. This is done by only
setting the proxy_redirect if both proxy-redirect-from and proxy-redirect-to
have valid values. Also adds the e2e tests.

Fixes #2074
 2018-05-17 11:22:31 -05:00
Elvin Efendi
51cf184c51 always use x-request-id 2018-04-28 00:31:23 -04:00
Manuel de Brito Fontes
4ddedd41a6
Fix broken links in the docs 2018-04-26 22:24:50 -03:00
Nick Novitski
8886b8a50e Add vts-sum-key config flag 2018-04-17 11:39:32 -07:00
Bastian Hofmann
1c17962ba0 Add proxy-add-original-uri-header config flag 
This makes it configurable if a location adds an X-Original-Uri header to the backend request. Default is "true", the current behaviour.
 2018-04-16 12:34:26 +02:00
oilbeater
1be1f658b4 disable lua for arch s390x and ppc64le 
LuaJIT is not available for s390x and ppc64le, disable the lua part in nginx.tmpl on these platform.
 2018-04-12 08:30:56 +08:00
Elvin Efendi
a6fe800a47 lua-resty-waf controller (#2304) 2018-04-08 17:37:13 -03:00
Alvaro Aleman
e7aa74b5d4 Add NoAuthLocations and default it to "/.well-known/acme-challenge" (#2243) 
* Add NoAuthLocations and default it to "/.well-known/acme-challenge"

* Add e2e tests for no-auth-location

* Improve wording of no-auth-location tests
 2018-04-01 21:02:34 -03:00
Sylvain Rabot
385368990c Managing a whitelist for _/nginx_status (#2187) 
Signed-off-by: Sylvain Rabot <s.rabot@lectra.com>
 2018-03-28 09:27:34 -03:00
Manuel Alejandro de Brito Fontes
b0a63fe3ff
Fix grpc json tag name (#2246) 2018-03-23 09:12:26 -03:00
maxlaverse
8575769781 Make proxy_next_upstream_tries configurable (#2232) 
* Make proxy_next_upstream_tries configurable

* Code generation
 2018-03-22 08:12:36 -03:00
Alvaro Aleman
94deb3a01a Add configoption to exclude routes from tls upgrading (#2203) 
* Add configoption to exclude routes from tls upgrading

* Add tests for IsLocationInLocationList

* Seperate elements in NoTLSRedirectLocations by comma

* Set NoTLSRedirectLocations to "/.well-known/acme-challenge/" by default

* Remove trailing slash from "/.well-known/acme-challenge" default
 2018-03-18 17:44:59 -03:00
Oilbeater
5c02d700cb Allow config to disable geoip (#2202) 
For a offline or private cloud environment, geoip is not needed.
Implementing https://github.com/kubernetes/ingress-nginx/issues/2179
 2018-03-18 13:30:05 -03:00