DevFW-CICD/ingress-nginx-helm
12
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
6210 commits 4 branches 217 tags 166 MiB
Commit graph

580 commits

Author SHA1 Message Date
Ansil H
a03895d91e
Add ssl_reject_handshake to defaul server (#7977) 
* Add ssl_reject_handshake to defaul server

* Added SSLRejectHandshake to NewDefault

* Added documentation
 2021-11-29 08:33:23 -08:00
Christopher Larivière
65b8eeddec
Support cors-allow-origin with multiple origins (#7614) 
* Add Initial support for multiple cors origins in nginx

- bump cluster version for `make dev-env`
- add buildOriginRegex function in nginx.tmpl
- add e2e 4 e2e tests for cors.go
- refers to feature request #5496

* add tests + use search to identify '*' origin

* add tests + use search to identify '*' origin

Signed-off-by: Christopher Larivière <lariviere.c@gmail.com>

* fix "should enable cors test" looking at improper values

* Modify tests and add some logic for origin validation

- add origin validation in cors ingress annotations
- add extra tests to validate regex
- properly escape regex using "QuoteMeta"
- fix some copy/paste errors

* add TrimSpace and length validation before adding a new origin

* modify documentation for cors and remove dangling comment

* add support for optional port mapping on origin

* support single-level wildcard subdomains + tests

* Remove automatic `*` fonctionality from incorrect origins

- use []string instead of basic string to avoid reparsing in template.go
- fix typo in docs
- modify template to properly enable only if the whole block is enabled
- modify cors parsing
- test properly by validating that the value returned is the proper
  origin
- update unit tests and annotation tests

* Re-add `*` when no cors origins are supplied + fix tests

- fix e2e tests to allow for `*`
- re-add `*` to cors parsing if trimmed cors-allow-origin is empty
(supplied but empty) and if it wasn't supplied at all.

* remove unecessary logic for building cors origin + remove comments

- add some edge cases in e2e tests
- rework logic for building cors origin

there was no need for logic in template.go for buildCorsOriginRegex
if there is a `*` it ill be short-circuited by first if.

if it's a wildcard domain or any domain (without a wildcard), it MUST
match the main/cors.go regex format.

if there's a star in a wildcard domain, it must be replaced with
`[A-Za-z0-9]+`

* add missing check in e2e tests
 2021-11-02 12:31:42 -07:00
Rahil Patel
c8ab4dc307
add brotli-min-length configuration option (#7854) 
* add `brotli-min-length` configuration option

* add e2e tests for brotli

* include check for expected content type

* fix header and format
 2021-11-02 04:52:59 -07:00
Matthew Silverman
7d5452d00b
configmap: option to not trust incoming tracing spans (#7045) 
* validate the sender of tracing spans

* add location-specific setting
 2021-10-24 14:36:21 -07:00
Alex R
9e3c528640
Disable builtin ssl_session_cache (#7777) 
Signed-off-by: Alex R <i@sepa.spb.ru>
 2021-10-08 11:47:23 -07:00
Léopold Jacquot
ddbb0be0a0
add canary backend name for requests metrics (#7696) 2021-09-26 10:54:22 -07:00
agile6v
557a765754
fix typos. (#7640) 2021-09-15 11:30:12 -07:00
Vincent LE GOFF
f2e743f561
feat: add session-cookie-secure annotation (#7399) 2021-09-01 15:23:40 -07:00
Matthew Silverman
b591adac48
allow kb granularity for lua shared dicts (#6750) 
Update internal/ingress/controller/template/configmap.go

Co-authored-by: Ricardo Katz <rikatz@users.noreply.github.com>

Co-authored-by: Ricardo Katz <rikatz@users.noreply.github.com>
 2021-08-12 11:13:50 -07:00
Tom Hayward
9a9ad47857 Fix forwarding of auth-response-headers to gRPC backends (#7331) 
* add e2e test for auth-response-headers annotation

* add e2e test for grpc with auth-response-headers

* fix forwarding of auth header to GRPC backends

* add test case for proxySetHeader(nil)
 2021-08-10 11:24:39 -07:00
Ricardo Katz
2d90ba14f5
Change all master reference to main (#7369) 2021-08-06 17:07:29 -07:00
wasker
f222c752be
Enable session affinity for canaries (#7371) 2021-07-29 14:23:19 -07:00
Ricardo Katz
191b27a8bb
Automatically add area labels to help triaging (#7387) 2021-07-22 17:29:16 -07:00
Kyle Michel
12a2a6d0e0
Fix definition order of modsecurity directives for controller to match PR 5315 (#6940) (#7323) 
* Fix definition order of modsecurity directives for controller to match PR 5315

* Add a test
 2021-07-06 19:24:43 -07:00
zhaogaolong
68ec350388
perf: json encoding share to eatch request (#6955) 
* perf: json encoding share to eatch request

* fix: fix lint lua
 2021-05-23 17:57:38 -07:00
Matt Miller
b3dfee6ada
Allow preservation of trailing slashes on TLS redirects via annotation. (#7144) 
* allow retaining a trailing slash in a TLS redirect via annotation.

Signed-off-by: mamiller <mamiller@rosettastone.com>

* requested changes

* gofmt
 2021-05-23 08:51:38 -07:00
Matthew Silverman
9b00a4912f set x-forwarded-scheme like x-forwarded-proto 2021-05-13 09:26:27 -04:00
Ricardo Pchevuzinske Katz
0dceedfad7 Remove localhost calls from external names 
Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>
 2021-04-30 16:49:35 -03:00
Adam Renberg Tamm
9123820584 Expose Geo IP subdivision 1 as variables 2021-03-22 17:30:16 +00:00
Kubernetes Prow Robot
ff74d0ff33
Merge pull request #6726 from afrouzMashaykhi/add-body-filter-by-lua 
add body_filter_by_lua_block lua plugin to ingress-nginx
 2021-01-06 16:55:45 -08:00
Kubernetes Prow Robot
37ee5d98bf
Merge pull request #6679 from nic-6443/bug-fix 
Bugfix: fix incomplete log
 2021-01-06 15:01:45 -08:00
qianyong
b65ceee1a8 Bugfix: fix incomplete log 2021-01-06 10:51:05 +08:00
Ginger Cookie
8662144511
Update rootfs/etc/nginx/lua/plugins/README.md 
Co-authored-by: Elvin Efendi <elvin.efendiyev@gmail.com>
 2021-01-05 21:14:35 +03:30
afrouz
ed6debb194 add body_filter_by_lua_block lua plugin to ingress-nginx 2021-01-05 20:56:13 +03:30
Elvin Efendi
e0dece48f7 Add Global Rate Limiting support 2021-01-04 17:47:07 -05:00
Elvin Efendi
2cff9fa41d generalize cidr parsing and improve lua tests 2021-01-04 15:01:55 -05:00
Kubernetes Prow Robot
b022ea8c40
Merge pull request #6639 from spacewander/use_last_for_ewma 
Don't pick tried endpoint & count the latest in ewma balancer
 2020-12-23 18:50:27 -08:00
spacewander
06b200fa4b Update for review 2020-12-24 09:07:12 +08:00
Kubernetes Prow Robot
7732aec3c4
Merge pull request #6600 from nic-6443/backend-sync-503-fix 
Bugfix: some requests fail with 503 when nginx reload
 2020-12-23 09:02:26 -08:00
qianyong
8085304cb9 Separate the ExternalName backend from other backends in the process of synchronizing the backend, because the synchronization of the ExternalName backend requires dns resolution, so we should ensure that it does not affect the synchronization of the Non-ExternalName backend. After separation, in the init worker stage, we should immediately synchronize the Non-ExternalName backend, otherwise there will be some requests that fail with 503 because the balancer cannot be obtained in the rewrite stage. 2020-12-22 17:24:41 +08:00
spacewander
e118ebc08a Don't pick tried endpoint & count the latest in ewma balancer 
fixes https://github.com/kubernetes/ingress-nginx/issues/6632
 2020-12-18 19:21:51 +08:00
Josh Soref
a8728f3d2c Spelling 2020-12-15 16:10:48 -05:00
Manuel Alejandro de Brito Fontes
9c0a39636d Refactor ingress nginx variables 2020-12-12 08:52:47 -03:00
Elvin Efendi
cc94a51cba make sure canary attributes are reset on ewma backend sync 2020-12-11 09:38:58 -05:00
Kubernetes Prow Robot
baf2afc5de
Merge pull request #6546 from nic-6443/ewma-cananry-fix 
bugfix: update trafficShapingPolicy not working in ewma load-balance
 2020-12-11 03:29:23 -08:00
Elvin Efendi
1e9650a0f9 fix flaky lua tests 2020-12-10 22:41:41 -05:00
Matthew Tuusberg
1c6a1a0e23
feat: add support for country databases 2020-12-07 21:43:38 +03:00
Kubernetes Prow Robot
2f6f09a106
Merge pull request #6541 from Jangyooseok/Jangyooseok 
fixed misspell
 2020-12-04 15:35:25 -08:00
Jangyooseok
1ad89c8bb2 fixed misspell 
Update rootfs/etc/nginx/lua/plugins/README.md
 2020-12-04 10:13:00 +09:00
agile6v
06f53bcf05 feat: allow user to specify the maxmium number of retries in stream block. 2020-12-02 14:54:14 +08:00
qianyong
8ca5450e22 bugfix: always update trafficShapingPolicy when using ewma as load-balance even if endpoints not change, otherwise update trafficShapingPolicy will not working 2020-12-01 12:10:15 +08:00
m22r
612a604fa4 Fix ErrorLogLevel in stream contexts 2020-11-27 14:29:43 +09:00
Kubernetes Prow Robot
e3a3ea8826
Merge pull request #6294 from ianbuss/auth-error-redirect-param 
Allow customisation of redirect URL parameter in external auth redirects
 2020-11-23 01:27:37 -08:00
Julien Vey
fd8af11392
Fix opentracing propagation on auth-url 
Currently, the opentracing propagation instructions are set only if opentracing is configured globally.
This fix set the propagation instructions if opentracing is disabled globally, but enabled per ingress
 2020-11-20 01:32:20 +01:00
Manuel Alejandro de Brito Fontes
3f153add00 Refactor handling of path Prefix and Exact 2020-11-10 07:21:34 -03:00
Minji Chun
2e7967cc99 Add comment indicating server-snippet section 2020-11-04 18:59:39 +09:00
Manuel Alejandro de Brito Fontes
a6b6f03b53 Add support for k8s ingress pathtype Prefix 2020-11-02 09:56:49 -05:00
Manuel Alejandro de Brito Fontes
d74ea25df8 Add validation for wildcard server names 2020-10-26 10:51:14 -03:00
Kubernetes Prow Robot
524c3a50ea
Merge pull request #6037 from aledbf/redirect 
Do not append a trailing slash on redirects
 2020-10-08 11:51:06 -07:00
Ian Buss
41cf628bdf Add a configurable URL redirect parameter for error URLs 2020-10-08 12:53:46 +01:00