DevFW-CICD/ingress-nginx-helm
12
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
7115 commits 4 branches 217 tags 166 MiB
Commit graph

298 commits

Author SHA1 Message Date
Sablu Miah
62ab435958
Fix Formatting/Typo (#7894) 
Quick simple typo/formatting fix to keep consistency with direct sections below
 2021-11-05 13:34:41 -07:00
Christopher Larivière
65b8eeddec
Support cors-allow-origin with multiple origins (#7614) 
* Add Initial support for multiple cors origins in nginx

- bump cluster version for `make dev-env`
- add buildOriginRegex function in nginx.tmpl
- add e2e 4 e2e tests for cors.go
- refers to feature request #5496

* add tests + use search to identify '*' origin

* add tests + use search to identify '*' origin

Signed-off-by: Christopher Larivière <lariviere.c@gmail.com>

* fix "should enable cors test" looking at improper values

* Modify tests and add some logic for origin validation

- add origin validation in cors ingress annotations
- add extra tests to validate regex
- properly escape regex using "QuoteMeta"
- fix some copy/paste errors

* add TrimSpace and length validation before adding a new origin

* modify documentation for cors and remove dangling comment

* add support for optional port mapping on origin

* support single-level wildcard subdomains + tests

* Remove automatic `*` fonctionality from incorrect origins

- use []string instead of basic string to avoid reparsing in template.go
- fix typo in docs
- modify template to properly enable only if the whole block is enabled
- modify cors parsing
- test properly by validating that the value returned is the proper
  origin
- update unit tests and annotation tests

* Re-add `*` when no cors origins are supplied + fix tests

- fix e2e tests to allow for `*`
- re-add `*` to cors parsing if trimmed cors-allow-origin is empty
(supplied but empty) and if it wasn't supplied at all.

* remove unecessary logic for building cors origin + remove comments

- add some edge cases in e2e tests
- rework logic for building cors origin

there was no need for logic in template.go for buildCorsOriginRegex
if there is a `*` it ill be short-circuited by first if.

if it's a wildcard domain or any domain (without a wildcard), it MUST
match the main/cors.go regex format.

if there's a star in a wildcard domain, it must be replaced with
`[A-Za-z0-9]+`

* add missing check in e2e tests
 2021-11-02 12:31:42 -07:00
Rahil Patel
c8ab4dc307
add brotli-min-length configuration option (#7854) 
* add `brotli-min-length` configuration option

* add e2e tests for brotli

* include check for expected content type

* fix header and format
 2021-11-02 04:52:59 -07:00
Matthew Silverman
7d5452d00b
configmap: option to not trust incoming tracing spans (#7045) 
* validate the sender of tracing spans

* add location-specific setting
 2021-10-24 14:36:21 -07:00
Mara Sophie Grosch
21bab108f4
mention CVE-2021-25742 in annotations doc (#7843) 
Referring to CVE-2021-25742 in the annotations doc at the description of `configuration-snippet`.
 2021-10-24 12:08:22 -07:00
Ricardo Katz
4fc57dcc49
Change enable-snippet to allow-snippet-annotation (#7670) 
Signed-off-by: Ricardo Pchevuzinske Katz <rkatz@vmware.com>
 2021-09-20 16:52:23 -07:00
Ricardo Katz
5e6ab651ec
Add option to force enabling snippet directives (#7665) 
Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>
 2021-09-19 12:40:08 -07:00
agile6v
557a765754
fix typos. (#7640) 2021-09-15 11:30:12 -07:00
Renan Gonçalves
48601bcd0e
Allow the usage of Services as Upstream on a global level (#7469) 
It is possible to change this behavior on an ingress level, which works
well when you only have a few of them. When running several dozen
ingress and with a high change rate of running pods it makes it easier
to define this configuration on a global level.

This change is completely backwards compatible, only adding the
possibility of defining a new key in the configmap.
 2021-09-07 12:47:15 -07:00
Ray
cf9ae96d72
Additional AuthTLS assertions and doc change to demonstrate auth-tls-secret enables the other AuthTLS annotations (#7202) 
* Fix indentation of nested list in AuthTLS annotations

Also, put `<annotation>`: <description text>` on a single line in
Markdown markup, which will match what gets rendered eventually.

On the other hand, for the line on auth-tls-secret (This annotation
expects the Secret name in the form "namespace/secretName"), its
Markdown markup suggests that the author wanted the line to start on its
own line, but currently this gets rendered on the same line. It's nice
for this to be on its own line, since it's kind of a "note" about the
annotation syntax. Format/indent the markup appropriately so that it
shows up on its line.

* Fix indentation of nested list in CORS annotations

Also, put `<annotation>`: <description text>` on a single line in
Markdown markup, which will match what gets rendered eventually.

On the other hand, for lines noting the allowed characters (This is a
multi-valued field...), its Markdown markup suggests that the author
wanted the line to start on its own line, but currently this gets
rendered on the same line. It's nice for this to be on its own line,
since it's kind of a "note" about the annotation syntax. Format/indent
the markup appropriately so that it shows up on its line.

* Replace f.HTTPTestClientWithTLSConfig() in AuthTLS E2E, the odd one out for requests without client certs

* Demonstrate and document that auth-tls-secret enables the other AuthTLS annotations like verify client, depth

* Split E2E for auth-tls-error-page and *-pass-certificate-to-upstream
 2021-09-07 10:35:16 -07:00
Fred Thomsen
61c596bea6
Add doc ref for preserve-trailing-slash annotation (#7561) 
Fixes issue #7555
 2021-09-02 09:54:58 -07:00
Pål Kristensen
66c2a716da
Document the keep-alive 0 effect on http/2 requests (#7503) 2021-08-25 17:53:23 -07:00
wasker
3fb312ee2c
End-to-end tests for canary affinity (#7529) 2021-08-24 05:05:14 -07:00
Sandip Bhattacharya
f84006d62f
docs: Clarify default-backend behavior (#7489) 
Clarify default-backend behaviour for services with multiple ports.

Also minor fixes for typos and language consistency.
 2021-08-24 04:59:13 -07:00
Ricardo Katz
90c79689c4
Release v1 (#7470) 
* Drop v1beta1 from ingress nginx (#7156)

* Drop v1beta1 from ingress nginx

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* Fix intorstr logic in controller

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* fixing admission

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* more intorstr fixing

* correct template rendering

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* Fix e2e tests for v1 api

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* Fix gofmt errors

* This is finally working...almost there...

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* Re-add removed validation of AdmissionReview

* Prepare for v1.0.0-alpha.1 release

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* Update changelog and matrix table for v1.0.0-alpha.1 (#7274)

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* add docs for syslog feature (#7219)

* Fix link to e2e-tests.md in developer-guide (#7201)

* Use ENV expansion for namespace in args (#7146)

Update the DaemonSet namespace references to use the `POD_NAMESPACE` environment variable in the same way that the Deployment does.

* chart: using Helm builtin capabilities check (#7190)

Signed-off-by: Jintao Zhang <zhangjintao9020@gmail.com>

* Update proper default value for HTTP2MaxConcurrentStreams in Docs (#6944)

It should be 128 as documented in https://github.com/kubernetes/ingress-nginx/blob/master/internal/ingress/controller/config/config.go#L780

* Fix MaxWorkerOpenFiles calculation on high cores nodes (#7107)

* Fix MaxWorkerOpenFiles calculation on high cores nodes

* Add e2e test for rlimit_nofile

* Fix doc for max-worker-open-files

* ingress/tcp: add additional error logging on failed (#7208)

* Add file containing stable release (#7313)

* Handle named (non-numeric) ports correctly (#7311)

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

* Updated v1beta1 to v1 as its deprecated (#7308)

* remove mercurial from build (#7031)

* Retry to download maxmind DB if it fails (#7242)

* Retry to download maxmind DB if it fails.

Signed-off-by: Sergey Shakuto <sshakuto@infoblox.com>

* Add retries count arg, move retry logic into DownloadGeoLite2DB function

Signed-off-by: Sergey Shakuto <sshakuto@infoblox.com>

* Reorder parameters in DownloadGeoLite2DB

Signed-off-by: Sergey Shakuto <sshakuto@infoblox.com>

* Remove hardcoded value

Signed-off-by: Sergey Shakuto <sshakuto@infoblox.com>

* Release v1.0.0-alpha.1

* Add changelog for v1.0.0-alpha.2

* controller: ignore non-service backends (#7332)

* controller: ignore non-service backends

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

* update per feedback

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

* fix: allow scope/tcp/udp configmap namespace to altered (#7161)

* Lower webhook timeout for digital ocean (#7319)

* Lower webhook timeout for digital ocean

* Set Digital Ocean value controller.admissionWebhooks.timeoutSeconds to 29

* update OWNERS and aliases files (#7365) (#7366)

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

* Downgrade Lua modules for s390x (#7355)

Downgrade Lua modules to last known working version.

* Fix IngressClass logic for newer releases (#7341)

* Fix IngressClass logic for newer releases

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* Change e2e tests for the new IngressClass presence

* Fix chart and admission tests

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* Fix helm chart test

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* Fix reviews

* Remove ingressclass code from admission

* update tag to v1.0.0-beta.1

* update readme and changelog for v1.0.0-beta.1

* Release v1.0.0-beta.1 - helm and manifests (#7422)

* Change the order of annotation just to trigger a new helm release (#7425)

* [cherry-pick] Add dev-v1 branch into helm releaser (#7428)

* Add dev-v1 branch into helm releaser (#7424)

* chore: add link for artifacthub.io/prerelease annotations

Signed-off-by: Jintao Zhang <zhangjintao9020@gmail.com>

Co-authored-by: Ricardo Katz <rikatz@users.noreply.github.com>

* k8s job ci pipeline for dev-v1 br v1.22.0 (#7453)

* k8s job ci pipeline for dev-v1 br v1.22.0

Signed-off-by: Neha Lohia <nehapithadiya444@gmail.com>

* k8s job ci pipeline for dev-v1 br v1.21.2

Signed-off-by: Neha Lohia <nehapithadiya444@gmail.com>

* remove v1.21.1 version

Signed-off-by: Neha Lohia <nehapithadiya444@gmail.com>

* Add controller.watchIngressWithoutClass config option (#7459)

Signed-off-by: Akshit Grover <akshit.grover2016@gmail.com>

* Release new helm chart with certgen fixed (#7478)

* Update go version, modules and remove ioutil

* Release new helm chart with certgen fixed

* changed appversion, chartversion, TAG, image (#7490)

* Fix CI conflict

* Fix CI conflict

* Fix build.sh from rebase process

* Fix controller_test post rebase

Co-authored-by: Tianhao Guo <rggth09@gmail.com>
Co-authored-by: Ray <61553+rctay@users.noreply.github.com>
Co-authored-by: Bill Cassidy <cassid4@gmail.com>
Co-authored-by: Jintao Zhang <tao12345666333@163.com>
Co-authored-by: Sathish Ramani <rsathishx87@gmail.com>
Co-authored-by: Mansur Marvanov <nanorobocop@gmail.com>
Co-authored-by: Matt1360 <568198+Matt1360@users.noreply.github.com>
Co-authored-by: Carlos Tadeu Panato Junior <ctadeu@gmail.com>
Co-authored-by: Kundan Kumar <kundan.kumar@india.nec.com>
Co-authored-by: Tom Hayward <thayward@infoblox.com>
Co-authored-by: Sergey Shakuto <sshakuto@infoblox.com>
Co-authored-by: Tore <tore.lonoy@gmail.com>
Co-authored-by: Bouke Versteegh <info@boukeversteegh.nl>
Co-authored-by: Shahid <shahid@us.ibm.com>
Co-authored-by: James Strong <strong.james.e@gmail.com>
Co-authored-by: Long Wu Yuan <longwuyuan@gmail.com>
Co-authored-by: Jintao Zhang <zhangjintao9020@gmail.com>
Co-authored-by: Neha Lohia <nehapithadiya444@gmail.com>
Co-authored-by: Akshit Grover <akshit.grover2016@gmail.com>
 2021-08-21 13:42:00 -07:00
Matthew Silverman
b591adac48
allow kb granularity for lua shared dicts (#6750) 
Update internal/ingress/controller/template/configmap.go

Co-authored-by: Ricardo Katz <rikatz@users.noreply.github.com>

Co-authored-by: Ricardo Katz <rikatz@users.noreply.github.com>
 2021-08-12 11:13:50 -07:00
Sergey Lanzman
8b2db80433
Update configmap.md (#7462) 2021-08-08 05:19:30 -07:00
Ricardo Katz
2d90ba14f5
Change all master reference to main (#7369) 2021-08-06 17:07:29 -07:00
wasker
f222c752be
Enable session affinity for canaries (#7371) 2021-07-29 14:23:19 -07:00
Ricardo Katz
11d4ddca8e
Revert "feat: multiple-cors-allow-origin support (#7134)" (#7168) 
This reverts commit 8a55801cc0.
 2021-05-27 05:38:24 -07:00
Alex Zhang
8a55801cc0
feat: multiple-cors-allow-origin support (#7134) 2021-05-23 09:13:39 -07:00
Kubernetes Prow Robot
d08b742453
Merge pull request #6838 from peter-miroshnikov/annotations_custom_timeout_docs 
Adding note to Custom Timeouts in Annotation Docs.
 2021-05-03 03:40:02 -07:00
Kubernetes Prow Robot
afe10c862b
Merge pull request #6942 from rwaweber/proxyrealipcidr_docs 
[docs]: proxy-real-ip-cidr, mention default and comma-separated behavior
 2021-04-29 07:58:51 -07:00
shuheiktgw
01b30a2fa0 Update the link on ketama 2021-04-03 17:23:53 +09:00
Matthew Silverman
08250deedc updating test-runner/echo in code, docs fixup 2021-03-29 12:29:48 -04:00
Matthew Silverman
71c8ef119d add support for the jaeger propagation format 
adding default, testing w3c traceparent is propagated
 2021-03-26 12:33:24 -04:00
rwaweber
cdaf1bdd84 docs: proxy-real-ip-cidr 
Mention default setting and comma-separated list behavior.
 2021-03-08 22:03:39 -05:00
Matthew Silverman
28280de175 jaeger-endpoint configmap attribute 2021-02-18 17:29:35 -05:00
peter-miroshnikov
4787a51ad5 Adding note to Custom Timeouts in Annotation Docs. 
It wasnt clear that the timeout values come unitless and in seconds from firsts glance.
Adding a simple note i belive will help.
 2021-02-04 11:05:11 +01:00
Laszlo Janosi
15eff8220a
fix the documentation for the proxy-ssl-secret and the auth-tls-secret annotations 2021-01-06 09:41:01 +00:00
Elvin Efendi
8c193a2297 fix link in annotation docs 2021-01-05 09:24:23 -05:00
Elvin Efendi
e0dece48f7 Add Global Rate Limiting support 2021-01-04 17:47:07 -05:00
andyxning
bbf831afae add string split function to template funcMap 2020-12-29 13:57:30 +08:00
Josh Soref
a8728f3d2c Spelling 2020-12-15 16:10:48 -05:00
inosato
11825698ff
fix log-format-upstream sample 
- Align column names to snake case.
- Align the space.
 2020-12-03 23:14:06 +09:00
Kubernetes Prow Robot
35338c4193
Merge pull request #6553 from agile6v/stream 
fixes: allow user to specify the maxmium number of retries in stream block
 2020-12-02 03:08:51 -08:00
agile6v
06f53bcf05 feat: allow user to specify the maxmium number of retries in stream block. 2020-12-02 14:54:14 +08:00
Matthieu Paret
948265f2e8
indicate configuration for DHE based ciphers 2020-12-01 16:43:11 +01:00
Kubernetes Prow Robot
e3a3ea8826
Merge pull request #6294 from ianbuss/auth-error-redirect-param 
Allow customisation of redirect URL parameter in external auth redirects
 2020-11-23 01:27:37 -08:00
Julien Bouquillon
f6a430775c
docs(annotations): explicit redirect status code 2020-11-15 00:31:04 +01:00
Aditya Purandare
57b10f5693
Add datadog environment as a configuration option 
(cherry picked from commit 4306558baa595606cd6befff08c8c815d6fe2bd4)
 2020-10-12 13:52:15 -07:00
Ian Buss
41cf628bdf Add a configurable URL redirect parameter for error URLs 2020-10-08 12:53:46 +01:00
Stevo Slavić
d4152c74fc Sync user guide with config defaults changes 
PRs #6226 and #6143 changed the configuration defaults but didn't update
all the configuration defaults docs in the user guide.

This PR updates the user guide to be in sync with the defaults.

Signed-off-by: Stevo Slavić <sslavic@gmail.com>
 2020-10-05 10:15:06 +02:00
Kubernetes Prow Robot
6fd891f3df
Merge pull request #6217 from touchifyapp/@feature/cors-expose-headers 
Add annotation to configure CORS Access-Control-Expose-Headers
 2020-09-26 16:52:48 -07:00
Manuel Alejandro de Brito Fontes
a990ac3910
Change defaults 2020-09-24 21:33:56 -03:00
Maxime LUCE
b7b85175f6 Add annotation to configure CORS Access-Control-Expose-Headers 2020-09-23 17:41:52 +02:00
Daniel Albuschat
d4a817325c
Update annotations.md 
Improvements to the documentation of Client Certificate Authentication. (auth-tls-* annotations).
- Mention that these rules are applied per host and not per Ingress/path
- Include more possible and default values
- Describe the headers that are sent to the upstream services
 2020-09-23 09:51:08 +02:00
Elvin Efendi
e050ff1b9f disable session tickets by default 2020-09-18 00:08:00 -04:00
Manuel Alejandro de Brito Fontes
87aa96b468 Change server-tokens default value to false 2020-09-17 09:52:07 -03:00
Gian Ortz
3820aa416b Add annotation to set value for burst multiplier on rate limit 2020-08-30 19:43:08 -03:00
Goran
743439e75b
Added missing backend protocol. 
As per https://kubernetes.github.io/ingress-nginx/user-guide/fcgi-services/
 2020-08-14 11:16:53 +02:00
Bernard Van De Walle
2baca9e32a Merge branch 'add-opentracing-operation-name-settings' of https://github.com/JorritSalverda/ingress-nginx into add-opentracing-operation-name-settings 2020-07-23 11:42:44 -07:00
David Schwartz
d52141c2b9 Add enable-real-ip 2020-07-15 15:25:29 -04:00
Zhongcheng Lao
c0629e92c2
Add proxy-ssl-server-name to enable passing SNI 2020-07-03 14:14:32 +08:00
agile6v
3402d07ff0
doc: update docs and fixed typos (#5821) 2020-07-01 10:02:52 -04:00
mengqi.wmq
f232a264ab Add default-type as a configurable for default_type 2020-06-21 11:10:51 +08:00
Kubernetes Prow Robot
99aad291a5
Merge pull request #5656 from agile6v/dev 
feat: add http-access-log-path and stream-access-log-path options in configMap
 2020-06-08 06:27:46 -07:00
agile6v
fc1c043437 Add http-access-log-path and stream-access-log-path options in configMap 2020-06-05 01:27:26 +08:00
chamilad
ee84603d06 Add minor doc fixes to user guide and chart readme 2020-06-03 17:54:41 +12:00
Kubernetes Prow Robot
d061375afa
Merge pull request #5571 from agile6v/dev 
feat: support the combination of Nginx variables for annotation upstream-hash-by.
 2020-06-01 15:10:14 -07:00
agile6v
c035a144f8 Support the combination of nginx variables and text value for annotation upstream-hash-by. 2020-06-01 06:37:41 +08:00
Kubernetes Prow Robot
ee02d897d5
Merge pull request #5534 from agile6v/master 
Add annotation ssl-prefer-server-ciphers.
 2020-05-29 08:35:16 -07:00
agile6v
41d82005ec Add annotation ssl-prefer-server-ciphers. 2020-05-11 16:31:08 +08:00
Mark Janssen
4a36c804e6 Add 0-RTT warning 2020-05-08 12:40:11 +02:00
Kubernetes Prow Robot
0d2c6db75e
Merge pull request #5358 from praseodym/update-tls-configuration 
Update TLS configuration
 2020-04-28 07:46:08 -07:00
Manuel Alejandro de Brito Fontes
f9ae784541 Remove lua-resty-waf docs 2020-04-22 17:42:18 -04:00
Manuel Alejandro de Brito Fontes
90d07d7b69 Fix from-to-www link 2020-04-17 19:41:25 -04:00
Manuel Alejandro de Brito Fontes
d18fa90cfd Add e2e test for OCSP and new configmap setting 2020-04-17 12:53:47 -04:00
Manuel Alejandro de Brito Fontes
0257068b9b Fix plugin README.md link 2020-04-14 11:48:23 -04:00
Elvin Efendi
b60e25f1db ingress-nginx lua plugins documentation 2020-04-14 09:47:58 -04:00
Mark Janssen
049b25e566 Update TLS configuration 
Enable TLSv1.3 by default and update list of ciphers. The new
configuration matches the 'Intermediate' configuration recommended by
the Mozilla SSL Configuration Generator:
https://ssl-config.mozilla.org/#server=nginx&version=1.17.7&config=modern&openssl=1.1.1d&guideline=5.4
 2020-04-13 17:46:33 +02:00
Manuel Alejandro de Brito Fontes
c0db19b0ec Enable configuration of plugins using configmap 2020-04-13 11:38:42 -04:00
Weihang Lo
12dddcca17
docs: fix use-gzip wrong markdown style 2020-04-11 14:28:04 +08:00
Luis Valdés
e001b5a5b7
I found a typo :) 
Change *onyl* to * only*
 2020-02-27 23:05:37 -03:00
schaefec
141ea59b7f Allows overriding the server name used to verify the certificate of the proxied HTTPS server 2020-02-25 13:32:14 +01:00
Kubernetes Prow Robot
35264d6e8f
Merge pull request #5114 from whalecold/match 
Feat: add header-pattern annotation.
 2020-02-24 17:07:36 -08:00
Kubernetes Prow Robot
6cd223558f
Merge pull request #4981 from janosi/proxy-ssl-scope 
Applying proxy-ssl-* directives on locations only
 2020-02-24 15:53:36 -08:00
Lisheng Zheng
0b33650bb8 Feat: canary supports using specific match strategy to match header value. 2020-02-21 10:02:20 +08:00
James Taylor
f97599c189
Use correct spelling of "Original" 
Fix the spelling of "original" in the annotations documentation
 2020-02-20 16:45:26 +11:00
Daniel Arifin
d48d5a61ae Add gzip-min-length as a configurable 2020-02-14 13:29:51 +07:00
Kubernetes Prow Robot
5e54f66ab2
Merge pull request #5040 from BrianKopp/samesite-followup 
Update documentation and remove hack fixed by upstream cookie library
 2020-02-10 10:25:53 -08:00
Manuel Alejandro de Brito Fontes
34b6d083b8
Cleanup docs (#5043) 2020-02-09 20:50:27 -03:00
BrianKopp
34b194c770 Update documentation and remove hack fixed by upstream cookie library 2020-02-08 11:54:52 -07:00
Manuel Alejandro de Brito Fontes
b3146354d4 Refactor mirror feature 2020-02-05 10:39:55 -03:00
Brian Kopp
1b523390bb Add SameSite=None support and conditionally omit SameSite=None for backwards compatibility 2020-01-29 14:30:00 -07:00
Laszlo Janosi
bc79fe1532 Add: documentation for proxy-ssl-location-only 2020-01-29 10:00:55 +01:00
Manuel Alejandro de Brito Fontes
74944b99e9
Enable download of GeoLite2 databases (#4896) 2020-01-08 19:46:43 -03:00
Sungmin Lee
d7be5db7de Support sample rate and global sampling configuration for Datadog in ConfigMap 2020-01-07 16:59:59 -08:00
Manuel Alejandro de Brito Fontes
0dce5be743 Migrate ingress definitions from extensions to networking.k8s.io 2019-12-12 21:25:00 -03:00
Sablu Miah
010ec6f159
Remove extra annotation when Enabling ModSecurity 
Since version 0.25, if you try to use both annotations of:

nginx.ingress.kubernetes.io/modsecurity-snippet: |
Include /etc/nginx/owasp-modsecurity-crs/nginx-modsecurity.conf
Include /etc/nginx/modsecurity/modsecurity.conf

and 

nginx.ingress.kubernetes.io/enable-modsecurity: "true"

it breaks nginx config and you will not catch it unless you have nginx admission controller enabled. 

You do not need the annotation of `Include /etc/nginx/modsecurity/modsecurity.conf` from version 0.25
 2019-11-28 15:16:09 +00:00
Kubernetes Prow Robot
b286c2a336
Merge pull request #4732 from willthames/enable-opentracing-annotation 
Allow enabling/disabling opentracing for ingresses
 2019-11-26 17:31:21 -08:00
Will Thames
0ae463a5f3 Provide annotation to control opentracing 
By default you might want opentracing off, but on for a particular
ingress.

Similarly, you might want opentracing globally on, but disabled for
a specific endpoint. To achieve this, `opentracing_propagate_context`
cannot be set when combined with `opentracing off`

A new annotation, `enable-opentracing` allows more fine grained control
of opentracing for specific ingresses.
 2019-11-27 11:07:26 +10:00
Matt Busche
6b0a6ec8b3 Fix extra word 2019-11-20 19:01:56 -06:00
Syunsuke Komma
73aaf0ff28
Update annotations.md 
Add links to proxy-buffering section
 2019-11-13 12:54:42 +09:00
Syunsuke Komma
0b38a48ac9
Update annotations.md 
Add notes of limit-rate/limit-rate-after
 2019-11-13 12:49:59 +09:00
Kubernetes Prow Robot
0d244e1c41
Merge pull request #4730 from stamm/master 
add configuration for http2_max_concurrent_streams
 2019-11-08 07:12:29 -08:00
Kubernetes Prow Robot
a0dc3a9a51
Merge pull request #4695 from janosi/secure-verify-ca-secret 
Removing secure-verify-ca-secret support
 2019-11-08 07:12:21 -08:00
Rustam Zagirov
d9cfad1894 add configuration for http2_max_concurrent_streams 2019-10-31 15:13:38 +03:00
Carlos Panato
40e0e5bef8
add proxy-max-temp-file-size doc 2019-10-23 09:55:46 +02:00
Peter Pan
ee24bf1bbc Doc: Add remote_addr into default values in configmap for TCP logging format 2019-10-21 10:18:17 +08:00