DevFW-CICD/ingress-nginx-helm
12
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
6210 commits 4 branches 217 tags 166 MiB
Commit graph

580 commits

Author SHA1 Message Date
Kubernetes Prow Robot
8d45bb39a4
Merge pull request #5348 from Antiarchitect/stream-log-annotations 
Ability to separately disable access log in http and stream contexts
 2020-09-28 11:02:53 -07:00
Manuel Alejandro de Brito Fontes
493dd6726d
Replace request_uri 2020-09-27 20:26:39 -03:00
shrpne
2948e3e109 better cors 2020-09-27 21:44:24 +03:00
Maxime LUCE
b7b85175f6 Add annotation to configure CORS Access-Control-Expose-Headers 2020-09-23 17:41:52 +02:00
wenzong
87e79da16a Move ocsp_response_cache:delete after certificate_data:set 2020-09-19 23:16:00 +08:00
wenzong
16f970d8bb Use was_not_called without check args match 2020-09-19 00:15:42 +08:00
wenzong
724646bd73 Delete OCSP Response cache when certificate renewed 2020-09-18 14:30:18 +08:00
Elvin Efendi
8e83d4e84a delete redundant NGINX config about X-Forwarded-Proto 2020-09-15 13:22:26 -04:00
Manuel Alejandro de Brito Fontes
e659efbfdb Use dynamic load of modules 2020-09-10 11:39:35 -03:00
agile6v
609e1b5775 feat: support to define trusted addresses for proxy protocol in stream block 2020-08-28 14:37:16 +08:00
Frank Gadban
e9059eef01 fixed some typos 
Signed-off-by: Frank Gadban <frankgad@outlook.de>
 2020-07-21 22:02:23 +02:00
Kubernetes Prow Robot
e825af86e1
Merge pull request #5887 from dschwar/force-use-forwarded-for 
Add force-enable-realip-module
 2020-07-17 07:17:02 -07:00
David Schwartz
d52141c2b9 Add enable-real-ip 2020-07-15 15:25:29 -04:00
Manuel Alejandro de Brito Fontes
dc3876666b Revert "use-regex annotation should be applied to only one Location" 
This reverts commit a8a8b5f6e9.
 2020-07-15 11:20:47 -04:00
Manuel Alejandro de Brito Fontes
a8a8b5f6e9 use-regex annotation should be applied to only one Location 2020-07-06 19:29:39 -04:00
Manuel Alejandro de Brito Fontes
ec4fb05cad Fix proxy ssl e2e test 2020-07-06 18:41:42 -04:00
Zhongcheng Lao
c0629e92c2
Add proxy-ssl-server-name to enable passing SNI 2020-07-03 14:14:32 +08:00
Kubernetes Prow Robot
baa2b2cd33
Merge pull request #5709 from agile6v/master 
fix: remove duplicated X-Forwarded-Proto header.
 2020-07-02 17:50:47 -07:00
agile6v
3402d07ff0
doc: update docs and fixed typos (#5821) 2020-07-01 10:02:52 -04:00
Manuel Alejandro de Brito Fontes
bcc3cfaa65 Dynamic LB sync non-external backends only when necessary 2020-06-29 18:11:51 -04:00
agile6v
e8aaa15ce8 Remove duplicated X-Forwarded-Proto header. 2020-06-25 11:11:00 +08:00
Kubernetes Prow Robot
803a76cf8a
Merge pull request #5749 from Bo0km4n/feat-configurable-max-batch-size 
[Fix/metrics] Be configurable max batch size of metrics
 2020-06-22 22:07:40 -07:00
mengqi.wmq
f232a264ab Add default-type as a configurable for default_type 2020-06-21 11:10:51 +08:00
Bo0km4n
7ab0916c92 Resolve conflicts 2020-06-20 17:13:31 +09:00
Bo0km4n
53a6b0fd3b Configurable metrics max batch size 2020-06-20 15:58:14 +09:00
agile6v
5b0f7d7d6e Improve performance. 2020-06-10 17:36:56 +08:00
Manuel Alejandro de Brito Fontes
1d4c7ec65c Fix lua lint error 2020-06-09 17:19:16 -04:00
Andreas Sommer
f27b404421 Serve correct TLS certificate for requests with uppercase host 2020-06-09 16:47:03 -04:00
Kubernetes Prow Robot
0549d9b132
Merge pull request #5672 from agile6v/master 
feat: enable lj-releng tool to lint lua code.
 2020-06-09 11:15:19 -07:00
agile6v
bafbd4cccf Enable lj-releng tool to lint lua code. 2020-06-09 18:01:35 +08:00
Jeff Hui
7767230e6a fix undefined variable $auth_cookie error when location is denied 
(add) isLocationAllowed check before setting the cookie
 2020-06-08 13:59:52 -04:00
agile6v
fc1c043437 Add http-access-log-path and stream-access-log-path options in configMap 2020-06-05 01:27:26 +08:00
Kubernetes Prow Robot
d061375afa
Merge pull request #5571 from agile6v/dev 
feat: support the combination of Nginx variables for annotation upstream-hash-by.
 2020-06-01 15:10:14 -07:00
agile6v
c035a144f8 Support the combination of nginx variables and text value for annotation upstream-hash-by. 2020-06-01 06:37:41 +08:00
Kubernetes Prow Robot
ee02d897d5
Merge pull request #5534 from agile6v/master 
Add annotation ssl-prefer-server-ciphers.
 2020-05-29 08:35:16 -07:00
adiov
d03266d505
Add MaxMind GeoIP2 Anonymous IP support 2020-05-21 06:50:57 +03:00
Andrey Voronkov
bced1ed8b8 Ability to separately disable access log in http and stream contexts 
Two new configuration options:
`disable-http-access-log`
`disable-stream-access-log`

Should resolve issue with enormous amount of `TCP 200` useless entries in logs

Signed-off-by: Andrey Voronkov <voronkovaa@gmail.com>
 2020-05-13 21:23:37 +03:00
agile6v
41d82005ec Add annotation ssl-prefer-server-ciphers. 2020-05-11 16:31:08 +08:00
Elvin Efendi
3b217cf766 make sure first backend sync happens in timer phase 2020-04-30 19:44:24 -04:00
Manuel Alejandro de Brito Fontes
c8eb914d8a Remove noisy dns log 2020-04-28 18:34:51 -04:00
Elvin Efendi
b569d2357a staple only when OCSP response status is "good" 2020-04-19 13:53:47 -04:00
Manuel Alejandro de Brito Fontes
d18fa90cfd Add e2e test for OCSP and new configmap setting 2020-04-17 12:53:47 -04:00
Elvin Efendi
1dab12fb81 Lua OCSP stapling 2020-04-16 21:29:16 -04:00
Elvin Efendi
b60e25f1db ingress-nginx lua plugins documentation 2020-04-14 09:47:58 -04:00
Manuel Alejandro de Brito Fontes
c0db19b0ec Enable configuration of plugins using configmap 2020-04-13 11:38:42 -04:00
Artem Miroshnychenko
eefb32c667 fix: remove unnecessary if statement when redirect annotation is defined 2020-04-08 19:02:15 +03:00
Manuel Alejandro de Brito Fontes
8527f774f7 Change condition order that produces endless loop 2020-04-03 10:53:40 -03:00
Manuel Alejandro de Brito Fontes
6037883c4a
Forward X-Request-ID to auth service (#5301) 2020-03-29 19:58:36 -03:00
Kubernetes Prow Robot
5cf7018b6d
Merge pull request #5277 from ElvinEfendi/small-refactoring 
refactoring: use more specific var name
 2020-03-23 06:02:51 -07:00
Manuel Alejandro de Brito Fontes
6ea6d47044 Empty directory 2020-03-22 17:16:30 -03:00
Manuel Alejandro de Brito Fontes
1894579455 Remove unnecessary logs 2020-03-22 17:09:39 -03:00
Elvin Efendi
eb112ea06c refactoring: use more specific var name 2020-03-21 21:23:24 -04:00
Manuel Alejandro de Brito Fontes
07b70f68bd
Redirect for app-root should preserve current scheme (#5266) 2020-03-19 15:49:18 -03:00
Maxim Pogozhiy
78576a9bbc Add Maxmind Editions support 2020-03-19 19:36:10 +07:00
Kubernetes Prow Robot
d5d1e9bfbd
Merge pull request #4958 from niedbalski/fix-forwarded-proto 
Add a forwarded protocol map for included x-forwarded-proto.
 2020-03-11 02:35:36 -07:00
Jorge Niedbalski
1d1b857cb7 Add a forwarded protocol map for included x-forwarded-proto. 
This change adds a new map for including the passed x-forwarded-proto
header in case is provided as an extra header.

Signed-off-by: Jorge Niedbalski <jnr@metaklass.org>
 2020-03-10 18:26:28 -03:00
Lisheng Zheng
f2e5d6f8a5 Migrate the backends handler logic to function 2020-02-27 09:31:04 +08:00
Laszlo Janosi
2de30bf451 Add proxy-ssl-name to location level 2020-02-25 13:52:34 +01:00
schaefec
141ea59b7f Allows overriding the server name used to verify the certificate of the proxied HTTPS server 2020-02-25 13:32:14 +01:00
Kubernetes Prow Robot
35264d6e8f
Merge pull request #5114 from whalecold/match 
Feat: add header-pattern annotation.
 2020-02-24 17:07:36 -08:00
Manuel Alejandro de Brito Fontes
351307280e Clean template 2020-02-21 16:14:49 -03:00
Lisheng Zheng
0b33650bb8 Feat: canary supports using specific match strategy to match header value. 2020-02-21 10:02:20 +08:00
Karl Stoney
5c64c52a60 Ensured that opentracing on auth request is only enabled for people that have opentracing 2020-02-20 14:12:54 +00:00
Karl Stoney
08471b527b Fixes https://github.com/kubernetes/ingress-nginx/issues/5120 2020-02-20 14:03:09 +00:00
Elvin Efendi
ad78425852 also expose pem cert uid in certificate.call function 2020-02-19 13:41:50 -05:00
Elvin Efendi
4bb9106be2 refactor ssl handling in preperation of OCSP stapling 2020-02-19 13:14:35 -05:00
briankopp
b2beeeab25 Add case for when user agent is nil 
Add test for nil user agent
 2020-02-16 21:07:45 -06:00
Daniel Arifin
d48d5a61ae Add gzip-min-length as a configurable 2020-02-14 13:29:51 +07:00
Manuel Alejandro de Brito Fontes
71e35c9100
Make sure set-cookie is retained from external auth endpoint (#5067) 2020-02-14 01:41:11 -03:00
Kubernetes Prow Robot
5e54f66ab2
Merge pull request #5040 from BrianKopp/samesite-followup 
Update documentation and remove hack fixed by upstream cookie library
 2020-02-10 10:25:53 -08:00
Ilya Nemakov
46a3e0a6fd Fix X-Forwarded-Proto based on proxy-protocol server port 2020-02-10 18:08:34 +03:00
BrianKopp
7c7a1b9c8b Update samesite tests 2020-02-08 12:58:52 -07:00
BrianKopp
34b194c770 Update documentation and remove hack fixed by upstream cookie library 2020-02-08 11:54:52 -07:00
Manuel Alejandro de Brito Fontes
b3146354d4 Refactor mirror feature 2020-02-05 10:39:55 -03:00
Manuel Alejandro de Brito Fontes
b9e944a8a6
Move mod-security logic from template to go code (#5009) 2020-02-04 14:04:11 -03:00
Brian Kopp
1b523390bb Add SameSite=None support and conditionally omit SameSite=None for backwards compatibility 2020-01-29 14:30:00 -07:00
Manuel Alejandro de Brito Fontes
5d05e19cc3
Fix enable opentracing per location (#4983) 2020-01-29 12:20:05 -03:00
Kubernetes Prow Robot
2f8cbeb8fa
Merge pull request #4956 from djboris9/proxy-protocol-port 
Fix proxy protocol support for X-Forwarded-Port
 2020-01-26 12:27:02 -08:00
Manuel Alejandro de Brito Fontes
7ff49b25d6
Move opentracing configuration for location to go (#4965) 2020-01-25 21:39:20 -03:00
Boris Djurdjevic
665f924e9e Add proxy protocol support for X-Forwarded-Port 
Fixes https://github.com/kubernetes/ingress-nginx/issues/4951
 2020-01-24 13:50:35 +01:00
Manuel Alejandro de Brito Fontes
a8c2c9c6bc
Remove todo from lua test (#4894) 2020-01-08 19:46:52 -03:00
Manuel Alejandro de Brito Fontes
5ce93d98c2 Fix lua test 2020-01-05 16:00:54 -03:00
Manuel Alejandro de Brito Fontes
fbdd924a45 Update nginx image 2020-01-04 13:23:16 -03:00
Manuel Alejandro de Brito Fontes
6c92c80073 Fix sticky session for ingress without host 2020-01-02 16:52:49 -03:00
Manuel Alejandro de Brito Fontes
a0523c3c8a
Use a named location for authSignURL (#4859) 2019-12-24 22:50:25 -03:00
Elvin Efendi
54918c0ff2 fix duplicate hsts bug 2019-12-12 13:49:13 -05:00
MMeent
75e8d37d71
Fix issue in logic of modsec template 
according to go templates: `(and ((not false) false))` == `true`

the only way to remove the owasp rules from every location is to disable modsec on that location, or to enable owasp globally, both not-so-great choices.

This commit fixes the logic issue by fixing the and-clause in the if-statement. As a result this reduces global resource usages when modsecurity is configured globally, but not on every location.
 2019-11-28 14:56:41 +01:00
Kubernetes Prow Robot
a85d5ed93a
Merge pull request #4779 from aledbf/update-image 
Remove lua-resty-waf feature
 2019-11-27 11:45:05 -08:00
Kubernetes Prow Robot
b286c2a336
Merge pull request #4732 from willthames/enable-opentracing-annotation 
Allow enabling/disabling opentracing for ingresses
 2019-11-26 17:31:21 -08:00
Will Thames
0ae463a5f3 Provide annotation to control opentracing 
By default you might want opentracing off, but on for a particular
ingress.

Similarly, you might want opentracing globally on, but disabled for
a specific endpoint. To achieve this, `opentracing_propagate_context`
cannot be set when combined with `opentracing off`

A new annotation, `enable-opentracing` allows more fine grained control
of opentracing for specific ingresses.
 2019-11-27 11:07:26 +10:00
Manuel Alejandro de Brito Fontes
61d902db14 Remove Lua resty waf feature 2019-11-26 10:37:43 -03:00
Kubernetes Prow Robot
62518b60b4
Merge pull request #4689 from janosi/upstream_ssl 
Server-only authentication of backends and per-location SSL config
 2019-11-18 19:49:43 -08:00
Kubernetes Prow Robot
0d244e1c41
Merge pull request #4730 from stamm/master 
add configuration for http2_max_concurrent_streams
 2019-11-08 07:12:29 -08:00
Rustam Zagirov
d9cfad1894 add configuration for http2_max_concurrent_streams 2019-10-31 15:13:38 +03:00
Laszlo Janosi
cc84bd4ab6 Server level proxy_ssl parameters are applied again, following the comments received. 
Also writing tls.crt and tls.key to disk is according to the original code.
 2019-10-26 20:20:18 +02:00
Laszlo Janosi
31227d61c2 Removing secure-verify-ca-secret support and writing an error log if that annotation is used in an Ingress definition 2019-10-18 10:58:57 +02:00
Laszlo Janosi
37fe9c9876 Enabling per-location proxy-ssl parameters, so locations of the same server but with own unique Ingress definitions can have different SSL configs 2019-10-17 10:15:53 +02:00
Thomas Jackson
7fc442c7f1 update test cases 2019-10-14 08:14:35 -07:00
Thomas Jackson
b698699fdd More helpful DNS failure message 
Previously if dns.lua failed to resolve a name you'd see the following in your logs:
```
2019/10/12 23:39:34 [error] 41#41: *6474 [lua] dns.lua:121: dns_lookup(): failed to query the DNS server:
server returned error code: 3: name error
server returned error code: 3: name error, context: ngx.timer
```

Unfortunately this doesn't tell you what name is failing (so you have to start guessing). To alleviate the pain this simply adds the host name we are attempting to resolve to the log line so users don't have to guess.
 2019-10-14 08:14:35 -07:00
Kubernetes Prow Robot
69880ac9ad
Merge pull request #4650 from DaveAurionix/master 
Expose GeoIP2 Organization as variable $geoip2_org
 2019-10-12 15:34:36 -07:00