DevFW-CICD/ingress-nginx-helm
14
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
4589 commits 4 branches 217 tags 166 MiB
Commit graph

4589 commits

This branch
This branch
All branches
Author SHA1 Message Date
Manuel Alejandro de Brito Fontes
aba58d67f2
Release 0.26.2 (#4860) 2019-12-24 23:36:00 -03:00
Manuel Alejandro de Brito Fontes
a0523c3c8a
Use a named location for authSignURL (#4859) 2019-12-24 22:50:25 -03:00
Manuel Alejandro de Brito Fontes
d83b83bc0d
Define minimum limits to run the ingress controller (#4843) 2019-12-23 13:19:16 -03:00
Kubernetes Prow Robot
9f229e934d
Merge pull request #4849 from dene14/fcgi-docs-fix 
Fixed documentation for FCGI annotation.
 2019-12-18 18:57:56 -08:00
Denis Boulas
8bf155d0d7
Fixed documentation for FCGI annotation. 2019-12-19 03:48:55 +03:00
Manuel Alejandro de Brito Fontes
0ae5892935
Update nginx image (#4848) 2019-12-18 09:32:20 -03:00
Kubernetes Prow Robot
870be3bcd8
Merge pull request #4842 from theoretick/patch-1 
Update Modsecurity-nginx to latest (v1.0.1)
 2019-12-17 11:05:58 -08:00
Lucas Charles
85836ac1bb
Update Modsecurity-nginx to latest 
Updates Modsecurity-nginx connector to release v1.0.1
 2019-12-17 10:05:27 -08:00
Manuel Alejandro de Brito Fontes
facf841992
Return specific type (#4840) 2019-12-17 12:06:17 -03:00
Kubernetes Prow Robot
0976d3307f
Merge pull request #4829 from aledbf/modseccrs 
Update modsecurity crs to v3.2.0
 2019-12-13 11:41:08 -08:00
Manuel Alejandro de Brito Fontes
750f067e4c Update modsecurity crs to v3.2.0 2019-12-13 11:13:14 -03:00
Kubernetes Prow Robot
351ce5394a
Merge pull request #4827 from aledbf/update-versions 
Migrate ingress definitions from extensions to networking.k8s.io
 2019-12-13 06:00:55 -08:00
Manuel Alejandro de Brito Fontes
5c30820d1f Remove hard-coded annotation and don't use map pointers 2019-12-13 03:05:20 -03:00
Manuel Alejandro de Brito Fontes
c2550930b1 Fix e2e test flakes 2019-12-13 01:34:52 -03:00
Manuel Alejandro de Brito Fontes
bcdd975025 Fix code-generator task 2019-12-12 22:38:01 -03:00
Manuel Alejandro de Brito Fontes
ba2bef7a72 Add parallel to e2e-prow image 2019-12-12 22:07:03 -03:00
Manuel Alejandro de Brito Fontes
508d8db015 Update kind to v0.6.1 2019-12-12 21:44:19 -03:00
Manuel Alejandro de Brito Fontes
1800ffa30d Use deployments only from apps/v1 group 2019-12-12 21:25:01 -03:00
Manuel Alejandro de Brito Fontes
0dce5be743 Migrate ingress definitions from extensions to networking.k8s.io 2019-12-12 21:25:00 -03:00
Kubernetes Prow Robot
be1907142b
Merge pull request #4823 from aledbf/go-modules 
Update go dependencies to v1.17.0
 2019-12-12 11:40:32 -08:00
Kubernetes Prow Robot
cf03ae39c2
Merge pull request #4826 from ElvinEfendi/fix-duplicate-hsts 
regression test and fix for duplicate hsts bug
 2019-12-12 11:10:32 -08:00
Elvin Efendi
162ecb97e9 misc: improve build scripts 2019-12-12 13:49:28 -05:00
Elvin Efendi
54918c0ff2 fix duplicate hsts bug 2019-12-12 13:49:13 -05:00
Elvin Efendi
49ba53b7b6 regression test for duplicate hsts 2019-12-12 13:45:43 -05:00
Manuel Alejandro de Brito Fontes
1d46ec2eb2 Cleanup test 2019-12-10 22:45:11 -03:00
Manuel Alejandro de Brito Fontes
fe2ae8a1ec Check the configmap is valid 2019-12-10 22:45:02 -03:00
Kubernetes Prow Robot
d5e197c3e2
Merge pull request #4816 from kdomanski/fix-ssl-redirect 
apply default certificate again in cases of invalid or incomplete cert config
 2019-12-10 17:40:05 -08:00
Manuel Alejandro de Brito Fontes
75c3c47f81 Update go dependencies to v1.17.0 2019-12-10 21:55:54 -03:00
Kamil Domański
16b5ad3c09 add e2e test for HTTP->HTTPS redirection 2019-12-09 15:56:21 +01:00
Kubernetes Prow Robot
67dce30ba6
Merge pull request #4813 from aledbf/ssl-ciphers 
Update default SSL ciphers
 2019-12-06 15:05:53 -08:00
Kamil Domański
5c8522cdab apply default certificate again in cases of invalid or incomplete cert config 
Signed-off-by: Kamil Domański <kamil@domanski.co>
 2019-12-06 12:15:52 +01:00
Manuel Alejandro de Brito Fontes
cfccc2acc0 Update default SSL ciphers 2019-12-05 19:34:53 -03:00
Manuel Alejandro de Brito Fontes
19d596b72b
Allow custom CA certificate when flag --api-server is specified (#4807) 2019-12-05 19:12:54 -03:00
Kubernetes Prow Robot
833d0e98a3
Merge pull request #4806 from aledbf/build 
Add log to parallel command to dump logs in case of errors
 2019-12-02 18:08:57 -08:00
Manuel Alejandro de Brito Fontes
fd9e2b2214
Update nginx and e2e images (#4805) 2019-12-02 14:36:49 -03:00
Kubernetes Prow Robot
6429c0157d
Merge pull request #4797 from pauvos/dashboard-datasource 
Add a datasource variable $DS_PROMETHEUS
 2019-12-02 07:55:05 -08:00
Manuel Alejandro de Brito Fontes
97c59728dc
Update nginx image to fix regression in jaeger tracing (#4803) 2019-12-02 12:17:26 -03:00
Manuel Alejandro de Brito Fontes
d890303a3f
Fix markdown list (#4801) 2019-12-01 21:57:09 -03:00
Manuel Alejandro de Brito Fontes
e864fc7198
Update sysctl example (#4800) 2019-12-01 21:48:00 -03:00
Paul Voss
f5a02c1452
Add a datasource variable $DS_PROMETHEUS 2019-11-30 14:04:39 +01:00
Manuel Alejandro de Brito Fontes
46953ccb4d
Update nginx image and Go to 1.13.4 (#4785) 2019-11-29 15:20:18 -03:00
Kubernetes Prow Robot
60fc37d0e2
Merge pull request #4793 from MMeent/patch-2 
Fix issue in logic of modsec template
 2019-11-28 10:57:04 -08:00
Kubernetes Prow Robot
504c0aacd5
Merge pull request #4794 from sablumiah/patch-1 
Remove extra annotation when Enabling ModSecurity
 2019-11-28 10:13:04 -08:00
Sablu Miah
010ec6f159
Remove extra annotation when Enabling ModSecurity 
Since version 0.25, if you try to use both annotations of:

nginx.ingress.kubernetes.io/modsecurity-snippet: |
Include /etc/nginx/owasp-modsecurity-crs/nginx-modsecurity.conf
Include /etc/nginx/modsecurity/modsecurity.conf

and 

nginx.ingress.kubernetes.io/enable-modsecurity: "true"

it breaks nginx config and you will not catch it unless you have nginx admission controller enabled. 

You do not need the annotation of `Include /etc/nginx/modsecurity/modsecurity.conf` from version 0.25
 2019-11-28 15:16:09 +00:00
MMeent
75e8d37d71
Fix issue in logic of modsec template 
according to go templates: `(and ((not false) false))` == `true`

the only way to remove the owasp rules from every location is to disable modsec on that location, or to enable owasp globally, both not-so-great choices.

This commit fixes the logic issue by fixing the and-clause in the if-statement. As a result this reduces global resource usages when modsecurity is configured globally, but not on every location.
 2019-11-28 14:56:41 +01:00
Kubernetes Prow Robot
de12fc16f0
Merge pull request #4791 from bouk/manifest-add-staticport 
deploy: add protocol to all Container/ServicePorts
 2019-11-28 05:05:04 -08:00
Bouke van der Bijl
5b918e2d95 deploy: add protocol to all Container/ServicePorts 
kubectl apply --server-side currently doesn't work with Port specs that
are missing protocol:
https://github.com/kubernetes-sigs/structured-merge-diff/issues/130 so
we should always specify it.
 2019-11-28 12:41:48 +00:00
Manuel Alejandro de Brito Fontes
e7f63b450a Add log to parallel command to dump logs in case of errors 2019-11-27 22:01:50 -03:00
Kubernetes Prow Robot
d523b4a96e
Merge pull request #4780 from aledbf/openresty-master 
Update nginx image to use openresty master
 2019-11-27 12:33:03 -08:00
Kubernetes Prow Robot
a85d5ed93a
Merge pull request #4779 from aledbf/update-image 
Remove lua-resty-waf feature
 2019-11-27 11:45:05 -08:00