DevFW-CICD/ingress-nginx-helm
12
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
7177 commits 4 branches 217 tags 166 MiB
Commit graph

815 commits

Author SHA1 Message Date
Marcos Nery
638a93835a
Improving e2e tests for non-service backends #7544 (#7545) 
* Adding test cases for backend with nil service

Signed-off-by: Marcos <marcosnery.comp@gmail.com>
Co-authored-by: Renato Araujo <renatobritto@protonmail.com>
Co-authored-by: André Goretti <andremotta96@gmail.com>
Co-authored-by: Kalebe Lopes <calbkalebe@gmail.com>

* Add e2e test for backend nil service and add nil safeguard (#7344)

Co-authored-by: Renato Araujo <renatobritto@protonmail.com>
Co-authored-by: André Goretti <andremotta96@gmail.com>
Co-authored-by: Kalebe Lopes <calbkalebe@gmail.com>

* changing portuguese names to english in order to maintain the pattern

* updating boilerplate header

* adding second test case to also test valid path

Co-authored-by: Ricardo Katz <rikatz@users.noreply.github.com>

* Updating boilerplate

* fixing boilerplate

Signed-off-by: MarcosN <marcosnery.comp@gmail.com>
Co-authored-by: André Goretti <andremotta96@gmail.com>
Co-authored-by: Gabriel Albino <enggabrielalbino@gmail.com>

* Improving template test for cases where a nil backend service is included

Signed-off-by: MarcosN <marcosnery.comp@gmail.com>
Co-authored-by: André Goretti <andremotta96@gmail.com>
Co-authored-by: Gabriel Albino <enggabrielalbino@gmail.com>

Co-authored-by: Renato Araujo <renatobritto@protonmail.com>
Co-authored-by: André Goretti <andremotta96@gmail.com>
Co-authored-by: Kalebe Lopes <calbkalebe@gmail.com>
Co-authored-by: Ricardo Katz <rikatz@users.noreply.github.com>
Co-authored-by: Gabriel Albino <enggabrielalbino@gmail.com>
 2021-08-25 17:45:23 -07:00
wenhuwang
6593cb244b
fix ingress-nginx panic when the certificate format is wrong. (#7443) 
* fix ingress-nginx panic when the certificate format is wrong.

Signed-off-by: wang_wenhu <976400757@qq.com>

* Add unit test.

Signed-off-by: wang_wenhu <976400757@qq.com>

* Update controller_test.go
 2021-08-23 18:58:14 -07:00
Ricardo Katz
90c79689c4
Release v1 (#7470) 
* Drop v1beta1 from ingress nginx (#7156)

* Drop v1beta1 from ingress nginx

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* Fix intorstr logic in controller

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* fixing admission

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* more intorstr fixing

* correct template rendering

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* Fix e2e tests for v1 api

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* Fix gofmt errors

* This is finally working...almost there...

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* Re-add removed validation of AdmissionReview

* Prepare for v1.0.0-alpha.1 release

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* Update changelog and matrix table for v1.0.0-alpha.1 (#7274)

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* add docs for syslog feature (#7219)

* Fix link to e2e-tests.md in developer-guide (#7201)

* Use ENV expansion for namespace in args (#7146)

Update the DaemonSet namespace references to use the `POD_NAMESPACE` environment variable in the same way that the Deployment does.

* chart: using Helm builtin capabilities check (#7190)

Signed-off-by: Jintao Zhang <zhangjintao9020@gmail.com>

* Update proper default value for HTTP2MaxConcurrentStreams in Docs (#6944)

It should be 128 as documented in https://github.com/kubernetes/ingress-nginx/blob/master/internal/ingress/controller/config/config.go#L780

* Fix MaxWorkerOpenFiles calculation on high cores nodes (#7107)

* Fix MaxWorkerOpenFiles calculation on high cores nodes

* Add e2e test for rlimit_nofile

* Fix doc for max-worker-open-files

* ingress/tcp: add additional error logging on failed (#7208)

* Add file containing stable release (#7313)

* Handle named (non-numeric) ports correctly (#7311)

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

* Updated v1beta1 to v1 as its deprecated (#7308)

* remove mercurial from build (#7031)

* Retry to download maxmind DB if it fails (#7242)

* Retry to download maxmind DB if it fails.

Signed-off-by: Sergey Shakuto <sshakuto@infoblox.com>

* Add retries count arg, move retry logic into DownloadGeoLite2DB function

Signed-off-by: Sergey Shakuto <sshakuto@infoblox.com>

* Reorder parameters in DownloadGeoLite2DB

Signed-off-by: Sergey Shakuto <sshakuto@infoblox.com>

* Remove hardcoded value

Signed-off-by: Sergey Shakuto <sshakuto@infoblox.com>

* Release v1.0.0-alpha.1

* Add changelog for v1.0.0-alpha.2

* controller: ignore non-service backends (#7332)

* controller: ignore non-service backends

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

* update per feedback

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

* fix: allow scope/tcp/udp configmap namespace to altered (#7161)

* Lower webhook timeout for digital ocean (#7319)

* Lower webhook timeout for digital ocean

* Set Digital Ocean value controller.admissionWebhooks.timeoutSeconds to 29

* update OWNERS and aliases files (#7365) (#7366)

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

* Downgrade Lua modules for s390x (#7355)

Downgrade Lua modules to last known working version.

* Fix IngressClass logic for newer releases (#7341)

* Fix IngressClass logic for newer releases

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* Change e2e tests for the new IngressClass presence

* Fix chart and admission tests

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* Fix helm chart test

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* Fix reviews

* Remove ingressclass code from admission

* update tag to v1.0.0-beta.1

* update readme and changelog for v1.0.0-beta.1

* Release v1.0.0-beta.1 - helm and manifests (#7422)

* Change the order of annotation just to trigger a new helm release (#7425)

* [cherry-pick] Add dev-v1 branch into helm releaser (#7428)

* Add dev-v1 branch into helm releaser (#7424)

* chore: add link for artifacthub.io/prerelease annotations

Signed-off-by: Jintao Zhang <zhangjintao9020@gmail.com>

Co-authored-by: Ricardo Katz <rikatz@users.noreply.github.com>

* k8s job ci pipeline for dev-v1 br v1.22.0 (#7453)

* k8s job ci pipeline for dev-v1 br v1.22.0

Signed-off-by: Neha Lohia <nehapithadiya444@gmail.com>

* k8s job ci pipeline for dev-v1 br v1.21.2

Signed-off-by: Neha Lohia <nehapithadiya444@gmail.com>

* remove v1.21.1 version

Signed-off-by: Neha Lohia <nehapithadiya444@gmail.com>

* Add controller.watchIngressWithoutClass config option (#7459)

Signed-off-by: Akshit Grover <akshit.grover2016@gmail.com>

* Release new helm chart with certgen fixed (#7478)

* Update go version, modules and remove ioutil

* Release new helm chart with certgen fixed

* changed appversion, chartversion, TAG, image (#7490)

* Fix CI conflict

* Fix CI conflict

* Fix build.sh from rebase process

* Fix controller_test post rebase

Co-authored-by: Tianhao Guo <rggth09@gmail.com>
Co-authored-by: Ray <61553+rctay@users.noreply.github.com>
Co-authored-by: Bill Cassidy <cassid4@gmail.com>
Co-authored-by: Jintao Zhang <tao12345666333@163.com>
Co-authored-by: Sathish Ramani <rsathishx87@gmail.com>
Co-authored-by: Mansur Marvanov <nanorobocop@gmail.com>
Co-authored-by: Matt1360 <568198+Matt1360@users.noreply.github.com>
Co-authored-by: Carlos Tadeu Panato Junior <ctadeu@gmail.com>
Co-authored-by: Kundan Kumar <kundan.kumar@india.nec.com>
Co-authored-by: Tom Hayward <thayward@infoblox.com>
Co-authored-by: Sergey Shakuto <sshakuto@infoblox.com>
Co-authored-by: Tore <tore.lonoy@gmail.com>
Co-authored-by: Bouke Versteegh <info@boukeversteegh.nl>
Co-authored-by: Shahid <shahid@us.ibm.com>
Co-authored-by: James Strong <strong.james.e@gmail.com>
Co-authored-by: Long Wu Yuan <longwuyuan@gmail.com>
Co-authored-by: Jintao Zhang <zhangjintao9020@gmail.com>
Co-authored-by: Neha Lohia <nehapithadiya444@gmail.com>
Co-authored-by: Akshit Grover <akshit.grover2016@gmail.com>
 2021-08-21 13:42:00 -07:00
Ricardo Katz
e9f0ad3485
Merge pull request #7479 from equinix-ms/main 
Make custom-default-backend upstream name more unique.
 2021-08-12 17:09:55 -03:00
Matthew Silverman
b591adac48
allow kb granularity for lua shared dicts (#6750) 
Update internal/ingress/controller/template/configmap.go

Co-authored-by: Ricardo Katz <rikatz@users.noreply.github.com>

Co-authored-by: Ricardo Katz <rikatz@users.noreply.github.com>
 2021-08-12 11:13:50 -07:00
Robin Elfrink
8ee98e9422 Make custom-default-backend upstream name more unique. 
Signed-off-by: Robin Elfrink <robin.elfrink@eu.equinix.com>
 2021-08-11 09:06:16 +02:00
Tom Hayward
9a9ad47857 Fix forwarding of auth-response-headers to gRPC backends (#7331) 
* add e2e test for auth-response-headers annotation

* add e2e test for grpc with auth-response-headers

* fix forwarding of auth header to GRPC backends

* add test case for proxySetHeader(nil)
 2021-08-10 11:24:39 -07:00
Tom Hayward
c9d5b21a65 fix: discover mounted geoip db files (#7228) 
* fix: discover mounted geoip db files

* add test

* fix runtime reload of config.MaxmindEditionFiles

* add e2e test

* log missing geoip2 db
 2021-08-10 11:24:39 -07:00
Ricardo Katz
d226d831bd Update go version, modules and remove ioutil 2021-08-06 14:15:21 -03:00
wasker
f222c752be
Enable session affinity for canaries (#7371) 2021-07-29 14:23:19 -07:00
Dmitry Kuleshov
a327a809d9
auto backend protocol for HTTP/HTTPS (#6985) 
* add auto backend protocol for HTTP/HTTPS

* e2e test for AUTO_HTTP backend protocol

* unit  test for AUTO_HTTP backend protocol

Co-authored-by: Luca Del Monte <luca.delmonte5@gmail.com>
 2021-07-29 12:49:19 -07:00
Shuhei Kitagawa
a20f27ff7d
Add missing tests for store/endpoint (#7039) 2021-07-16 06:06:09 -07:00
Ricardo Katz
0e606ddcb2
Speed up admission hook by eliminating deep copy of Ingresses in CheckIngress (#7298) (#7333) 
Co-authored-by: Kirill Trofimenkov <cgorbit@joom.com>
 2021-07-09 13:38:54 -07:00
Kirill Trofimenkov
a064337621
Rewrite clean-nginx-conf.sh in Go to speed up admission webhook (#7076) (#7322) 
* Rewrite clean-nginx-conf.sh to speed up admission webhook

* Less diff with original clean-nginx-conf.sh

* Add error handling, add documentation, add unit test

* indent code

* Don't ignore Getwd() error
 2021-07-06 10:50:19 -07:00
Ricardo Katz
f5c80783bf
[Cherry Pick] - Add configuration to disable external name service feature (#7314) (#7321) 
* Add configuration to disable external name service feature (#7314)

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* Fix CI files
 2021-07-05 21:50:18 -07:00
Ricardo Katz
39ace3176b
Fix nilpointer in admission and remove failing test (#7255) 
* Fix nilpointer in admission when it was unable to validate default backend ingress

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* Remove temporarily the slow shutdown tests

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>
 2021-06-21 12:32:51 -07:00
Aditya Sharma
475bcde64c
Skip validation checks if an ingress is marked as deleted (#7216) 
Signed-off-by: Aditya Sharma <git@adi.run>
 2021-06-08 09:27:34 -07:00
Matt Miller
b3dfee6ada
Allow preservation of trailing slashes on TLS redirects via annotation. (#7144) 
* allow retaining a trailing slash in a TLS redirect via annotation.

Signed-off-by: mamiller <mamiller@rosettastone.com>

* requested changes

* gofmt
 2021-05-23 08:51:38 -07:00
qianyong
b6dc384afb Bugfix: non-host canary ingress use default server name as host to merge 2021-05-14 10:25:12 +08:00
tokers
a08887040b fix: use exponential backoff mechanism to listen on nginx.StatusPort 2021-05-13 15:02:11 +08:00
Ricardo Pchevuzinske Katz
0dceedfad7 Remove localhost calls from external names 
Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>
 2021-04-30 16:49:35 -03:00
Kubernetes Prow Robot
cfbe30c232
Merge pull request #6889 from alanjcastonguay/server-tokens-default-false 
NIT: Correct comment re default of server-tokens=false
 2021-04-29 07:16:51 -07:00
Mahnoor Mehboob
bc8a731e28 reset backend and disableCatchAll to og value 2021-04-26 17:32:50 -04:00
Mahnoor Mehboob
8f7fecab17 Deny catch-all ingress when DisableCatchAll is set 2021-04-24 11:49:45 -04:00
Mahnoor Mehboob
2503b23b09 Alter e2e test for disable_catch_all.go 2021-04-22 12:01:41 -04:00
Mahnoor Mehboob
cc4d5f2283 update catch-all ingress requirement logic 2021-04-21 17:49:58 -04:00
Kubernetes Prow Robot
559690f579
Merge pull request #6971 from anthonyho007/fix-crl-no-reload 
Fix crl not reload when crl got updated in the ca secret
 2021-04-05 07:43:12 -07:00
anthonyho007
4ddb0c724a fix crl not reload when crl got updated in the ca secret 2021-03-31 16:13:07 -04:00
Matthew Silverman
71c8ef119d add support for the jaeger propagation format 
adding default, testing w3c traceparent is propagated
 2021-03-26 12:33:24 -04:00
Alan J Castonguay
aecc5bac21 NIT: Correct comment re default of server-tokens=false 
The default value of ShowServerTokens aka server-tokens in the
global configmap was changed in commit
87aa96b468 in 2020-09-17 (release v0.40.0)
but one reference was overlooked in this comment.

Other documentation, implementation and testcases are all in agreement.
Correct the comment to align with others: server-tokens=false.
 2021-02-19 13:38:50 -05:00
Matthew Silverman
28280de175 jaeger-endpoint configmap attribute 2021-02-18 17:29:35 -05:00
Michael Nikitochkin
9a261d6339
Remove extra comma from Jaeger config json 
It is not a valid Json generated for Jaeger.
There is extra comma.
 2021-02-01 16:52:02 +01:00
Björn Carlsson
54b13bd216 Add flag to allow setting a shutdown grace period 2021-01-27 14:09:04 +01:00
Kubernetes Prow Robot
d9f613e52a
Merge pull request #6796 from aledbf/default 
Updates to the custom default SSL certificate must trigger a reload
 2021-01-22 07:41:27 -08:00
Manuel Alejandro de Brito Fontes
04e2603ecc
Update PemSHA field for default SSL certificate 2021-01-21 19:15:03 -03:00
cormick
56b252e9b7 🐛 return error if tempconfig missing 
Fmt: gofmt
 2021-01-21 22:01:45 +08:00
Elvin Efendi
e0dece48f7 Add Global Rate Limiting support 2021-01-04 17:47:07 -05:00
Kubernetes Prow Robot
06cb6696a5
Merge pull request #6692 from andyxning/add_string_split_function_to_template_funcMap 
add string split function to template funcMap
 2020-12-29 05:32:28 -08:00
andyxning
bbf831afae add string split function to template funcMap 2020-12-29 13:57:30 +08:00
Manuel Alejandro de Brito Fontes
d9af197e62
Remove dead code 2020-12-27 22:26:51 -03:00
Josh Soref
a8728f3d2c Spelling 2020-12-15 16:10:48 -05:00
Kubernetes Prow Robot
fe65e9d22f
Merge pull request #6620 from nic-6443/sticky-session-fix 
Fix sticky session not set for host in server-alias annotation (#6448)
 2020-12-15 03:47:48 -08:00
qianyong
44aaa2e367 Fix sticky session not set for host in server-alias annotation (#6448) 2020-12-15 11:01:19 +08:00
qianyong
f9ffa93588 Allow FQDN for ExternalName Service 2020-12-14 20:32:08 +08:00
Manuel Alejandro de Brito Fontes
9c0a39636d Refactor ingress nginx variables 2020-12-12 08:52:47 -03:00
Manuel Alejandro de Brito Fontes
77234fcde0 Fix nginx ingress variables for definitions with Backend 2020-12-05 14:40:22 -03:00
Manuel Alejandro de Brito Fontes
5df2951948 Fix nginx ingress variables for definitions without hosts 2020-12-04 20:30:55 -03:00
Manuel Alejandro de Brito Fontes
81bf8056da Disable HTTP/2 in the webhook server 2020-12-04 20:29:36 -03:00
Manuel Alejandro de Brito Fontes
d781d99797 Fixes for gosec 2020-12-04 20:29:07 -03:00
agile6v
06f53bcf05 feat: allow user to specify the maxmium number of retries in stream block. 2020-12-02 14:54:14 +08:00
Kubernetes Prow Robot
e3a3ea8826
Merge pull request #6294 from ianbuss/auth-error-redirect-param 
Allow customisation of redirect URL parameter in external auth redirects
 2020-11-23 01:27:37 -08:00
Manuel Alejandro de Brito Fontes
1389cc0e80 Refactor extraction of ingress pod details 2020-11-19 17:31:28 -03:00
Manuel Alejandro de Brito Fontes
e7d6c3fedc Update tests 2020-11-12 16:07:21 -03:00
Manuel Alejandro de Brito Fontes
2ca1f92697 Add PathType details in external auth location 2020-11-12 16:07:21 -03:00
Manuel Alejandro de Brito Fontes
3f153add00 Refactor handling of path Prefix and Exact 2020-11-10 07:21:34 -03:00
Manuel Alejandro de Brito Fontes
f49d2fdb3b Improve class.IsValid logs 2020-11-09 11:01:03 -03:00
Manuel Alejandro de Brito Fontes
a6b6f03b53 Add support for k8s ingress pathtype Prefix 2020-11-02 09:56:49 -05:00
Manuel Alejandro de Brito Fontes
4d65097afa Improve log messages 2020-10-26 17:14:36 -03:00
Manuel Alejandro de Brito Fontes
a85e53f4cb Remove k8s.io/kubernetes dependency 2020-10-26 13:04:00 -03:00
Manuel Alejandro de Brito Fontes
d74ea25df8 Add validation for wildcard server names 2020-10-26 10:51:14 -03:00
Manuel Alejandro de Brito Fontes
cdd6437380 Refactor Exact path matthing 2020-10-26 10:51:03 -03:00
Manuel Alejandro de Brito Fontes
703c2d6f8e Enable validation of ingress definitions from extensions package 2020-10-26 10:50:44 -03:00
Kubernetes Prow Robot
a6d603566b
Merge pull request #6325 from sylr/filter-helm-secrets 
Filter out secrets that belong to Helm v3
 2020-10-13 11:46:27 -07:00
Sylvain Rabot
ca7db0e330
Filter out secrets that belong to Helm 
Signed-off-by: Sylvain Rabot <sylvain@abstraction.fr>
 2020-10-13 17:45:26 +02:00
Aditya Purandare
57b10f5693
Add datadog environment as a configuration option 
(cherry picked from commit 4306558baa595606cd6befff08c8c815d6fe2bd4)
 2020-10-12 13:52:15 -07:00
Ian Buss
41cf628bdf Add a configurable URL redirect parameter for error URLs 2020-10-08 12:53:46 +01:00
Kubernetes Prow Robot
8d45bb39a4
Merge pull request #5348 from Antiarchitect/stream-log-annotations 
Ability to separately disable access log in http and stream contexts
 2020-09-28 11:02:53 -07:00
Manuel Alejandro de Brito Fontes
108637bb1c Migrate to structured logging (klog) 2020-09-27 18:59:57 -03:00
Manuel Alejandro de Brito Fontes
a767b1d906 Cleanup 2020-09-27 17:16:09 -03:00
Manuel Alejandro de Brito Fontes
29ea30a4e8 Add events for NGINX reloads 2020-09-27 17:16:09 -03:00
Manuel Alejandro de Brito Fontes
7722fa38aa Add admission controller e2e test 2020-09-26 16:06:58 -03:00
Manuel Alejandro de Brito Fontes
a990ac3910
Change defaults 2020-09-24 21:33:56 -03:00
Elvin Efendi
e050ff1b9f disable session tickets by default 2020-09-18 00:08:00 -04:00
Manuel Alejandro de Brito Fontes
87aa96b468 Change server-tokens default value to false 2020-09-17 09:52:07 -03:00
Manuel Alejandro de Brito Fontes
e659efbfdb Use dynamic load of modules 2020-09-10 11:39:35 -03:00
Matthew Silverman
9612180f6e reject annotations with default prefix in the case of an override 2020-09-10 09:16:44 -04:00
Manuel Alejandro de Brito Fontes
b26ebb0050 Update default gzip level 2020-09-08 17:23:47 -03:00
Manuel Alejandro de Brito Fontes
d13fdf01f6 Update zipkin library location 2020-09-08 16:20:03 -03:00
Manuel Alejandro de Brito Fontes
0925f20d05 Refactor load of tracer load 2020-09-08 16:20:03 -03:00
Manuel Alejandro de Brito Fontes
8abe794178 Use net.JoinHostPort to avoid IPV6 issues 2020-09-02 22:58:51 -04:00
Manuel Alejandro de Brito Fontes
b1f0d28634 Require Kubernetes v1.14 or higher and deprecate extensions 2020-09-02 10:00:16 -04:00
Manuel Alejandro de Brito Fontes
a981862ff2 Fix nginx command env variable reference 2020-08-09 12:06:11 -04:00
Manuel Alejandro de Brito Fontes
cb86c5698c Migrate to klog v2 2020-08-08 21:01:03 -04:00
Bernard Van De Walle
f3537204d2 Adding Zipkin collector to the E2E opentracing test as it is required to load at least one tracer to enable opentracing 
Work on PR comments
Add tests for template builder

Signed-off-by: Bernard Van De Walle <bernard.vandewalle@getcruise.com>
 2020-07-23 15:25:50 -07:00
Bernard Van De Walle
2baca9e32a Merge branch 'add-opentracing-operation-name-settings' of https://github.com/JorritSalverda/ingress-nginx into add-opentracing-operation-name-settings 2020-07-23 11:42:44 -07:00
Kubernetes Prow Robot
e825af86e1
Merge pull request #5887 from dschwar/force-use-forwarded-for 
Add force-enable-realip-module
 2020-07-17 07:17:02 -07:00
David Schwartz
d52141c2b9 Add enable-real-ip 2020-07-15 15:25:29 -04:00
Manuel Alejandro de Brito Fontes
dc3876666b Revert "use-regex annotation should be applied to only one Location" 
This reverts commit a8a8b5f6e9.
 2020-07-15 11:20:47 -04:00
Manuel Alejandro de Brito Fontes
e4c4edd626 Custom default backend service must have ports 2020-07-07 08:49:13 -04:00
Manuel Alejandro de Brito Fontes
a8a8b5f6e9 use-regex annotation should be applied to only one Location 2020-07-06 19:29:39 -04:00
agile6v
38447408e1 Remove redundant health check to avoid liveness or readiness timeout 2020-07-01 10:53:31 +08:00
Manuel Alejandro de Brito Fontes
14acc186f0 Update comment about restart of pod 2020-06-24 11:35:37 -04:00
Kubernetes Prow Robot
d3832915e1
Merge pull request #5743 from kulong0105/master 
build/dev-env.sh: remove docker version check
 2020-06-23 14:39:17 -07:00
Yilong Ren
714637bec5 build/dev-env.sh: remove docker version check 
docker experimental feature is unnecessary, so just remove it
 2020-06-23 15:37:41 +08:00
Kubernetes Prow Robot
803a76cf8a
Merge pull request #5749 from Bo0km4n/feat-configurable-max-batch-size 
[Fix/metrics] Be configurable max batch size of metrics
 2020-06-22 22:07:40 -07:00
mengqi.wmq
f232a264ab Add default-type as a configurable for default_type 2020-06-21 11:10:51 +08:00
Bo0km4n
7ab0916c92 Resolve conflicts 2020-06-20 17:13:31 +09:00
Bo0km4n
53a6b0fd3b Configurable metrics max batch size 2020-06-20 15:58:14 +09:00
Sylvain Rabot
c9cb3dd626
Filter out objects that belong to Helm 
Signed-off-by: Sylvain Rabot <sylvain@abstraction.fr>
 2020-06-11 19:18:56 +02:00
Manuel Alejandro de Brito Fontes
3d3efaab29 Fix proxy_protocol duplication in listen definition 2020-06-09 15:00:59 -04:00
agile6v
fc1c043437 Add http-access-log-path and stream-access-log-path options in configMap 2020-06-05 01:27:26 +08:00
Manuel Alejandro de Brito Fontes
ea85404acd Do not reload NGINX if master process dies 2020-06-01 16:00:29 -04:00
Kubernetes Prow Robot
ee02d897d5
Merge pull request #5534 from agile6v/master 
Add annotation ssl-prefer-server-ciphers.
 2020-05-29 08:35:16 -07:00
Andrey Voronkov
bced1ed8b8 Ability to separately disable access log in http and stream contexts 
Two new configuration options:
`disable-http-access-log`
`disable-stream-access-log`

Should resolve issue with enormous amount of `TCP 200` useless entries in logs

Signed-off-by: Andrey Voronkov <voronkovaa@gmail.com>
 2020-05-13 21:23:37 +03:00
Manuel Alejandro de Brito Fontes
46cca5ad40 Fix error setting $service_name NGINX variable 2020-05-13 10:01:41 -04:00
agile6v
41d82005ec Add annotation ssl-prefer-server-ciphers. 2020-05-11 16:31:08 +08:00
Mark Janssen
639a8c7871 Enable TLSv1.3 by default 
Fix for 049b25e566 which mistakenly only
updated documentation.
 2020-05-08 12:40:11 +02:00
Manuel Alejandro de Brito Fontes
a8c7ec6cfb Changes on services must trigger a sync event 2020-04-29 13:37:39 -04:00
Manuel Alejandro de Brito Fontes
af910a16d4 Refactor ingress validation in webhook 2020-04-28 18:35:03 -04:00
Andreas Sommer
c775b439dc Case-insensitive TLS host matching 2020-04-28 11:07:43 +02:00
Manuel Alejandro de Brito Fontes
dbaefc8ee9 Ensure webhook validation ingress has a PathTypePrefix 2020-04-27 10:37:26 -04:00
Manuel Alejandro de Brito Fontes
a95d850384 Add support for PathTypeExact 2020-04-23 11:12:37 -04:00
Manuel Alejandro de Brito Fontes
efbb3f9fc8 Add support for IngressClass and ingress.class annotation 2020-04-22 09:15:32 -04:00
Rodrigo Villablanca
ecc20461aa Removed wrong code 2020-04-20 12:30:18 -04:00
Kubernetes Prow Robot
5b8d4baf5c
Merge pull request #5388 from rvillablanca/rm-todos 
Remove TODO that were done
 2020-04-17 19:59:35 -07:00
Manuel Alejandro de Brito Fontes
d18fa90cfd Add e2e test for OCSP and new configmap setting 2020-04-17 12:53:47 -04:00
Rodrigo Villablanca
dc1adaec6b Remove TODO that were done 2020-04-17 03:37:37 -04:00
Elvin Efendi
1dab12fb81 Lua OCSP stapling 2020-04-16 21:29:16 -04:00
Manuel Alejandro de Brito Fontes
ad04fbe8b5 Cleanup parsing of annotations with lists 2020-04-13 17:02:31 -04:00
Manuel Alejandro de Brito Fontes
c0db19b0ec Enable configuration of plugins using configmap 2020-04-13 11:38:42 -04:00
Artem Miroshnychenko
ae88a7d2a8 remove unused test and function 2020-04-08 19:37:23 +03:00
Artem Miroshnychenko
01351a6bf8 remove unused test and function 2020-04-08 19:37:15 +03:00
Manuel Alejandro de Brito Fontes
5390ce4879 Fix definition order of modsecurity directives 2020-04-03 10:53:20 -03:00
Manuel Alejandro de Brito Fontes
51f0ef052b Set new default PathType to prefix 2020-04-01 10:05:48 -03:00
Manuel Alejandro de Brito Fontes
1216ed03f7 Fix condition in server-alias annotation 2020-04-01 08:37:14 -03:00
Manuel Alejandro de Brito Fontes
04ef782c57 Migrate ingress.class annotation to new IngressClassName field 2020-03-31 12:20:01 -03:00
Manuel Alejandro de Brito Fontes
a46126a034 Update client-go methods to support context and and new create and delete options 2020-03-27 19:52:51 -03:00
Bhavin Gandhi
380ef3a92c Fix the ability to disable ModSecurity at location level 
- Adds 'modsecurity off;' to the nginx config if the
  'enable-modsecurity' annotation is set to false.
- Update tests and e2e tests accordingly

Signed-off-by: Bhavin Gandhi <bhavin7392@gmail.com>
 2020-03-22 23:51:02 +05:30
Maxim Pogozhiy
78576a9bbc Add Maxmind Editions support 2020-03-19 19:36:10 +07:00
Manuel Alejandro de Brito Fontes
96327b12cd
Fix $service_name and $service_port variables values without host (#5226) 2020-03-07 23:06:03 -03:00
Manuel Alejandro de Brito Fontes
ad460e16ce
Avoid secret without tls.crt and tls.key but a valid ca.crt (#5225) 2020-03-07 21:15:24 -03:00
m.nabokikh
ed30be05bc Fix quote function in template to render pointers properly 2020-03-05 16:45:27 +04:00
Kubernetes Prow Robot
35264d6e8f
Merge pull request #5114 from whalecold/match 
Feat: add header-pattern annotation.
 2020-02-24 17:07:36 -08:00
Kubernetes Prow Robot
6cd223558f
Merge pull request #4981 from janosi/proxy-ssl-scope 
Applying proxy-ssl-* directives on locations only
 2020-02-24 15:53:36 -08:00
Manuel Alejandro de Brito Fontes
07686f894a
Check there is a difference in the template besides the checksum (#5151) 2020-02-21 16:41:03 -03:00
Manuel Alejandro de Brito Fontes
c5db20ace4
Update default VariablesHashBucketSize value to 256 (#5150) 2020-02-21 16:01:33 -03:00
Manuel Alejandro de Brito Fontes
cd94ac7f84
Allow service type ExternalName with different port and targetPort (#5141) 2020-02-20 23:06:05 -03:00
Lisheng Zheng
0b33650bb8 Feat: canary supports using specific match strategy to match header value. 2020-02-21 10:02:20 +08:00
Manuel Alejandro de Brito Fontes
37c24b0df5
Migration e2e installation to helm (#5086) 2020-02-16 11:58:37 -03:00
Daniel Arifin
d48d5a61ae Add gzip-min-length as a configurable 2020-02-14 13:29:51 +07:00
Laszlo Janosi
42ec2cc0ed Change the handling of ConfigMap creation 
When a new CM is created Ingress definitions are checked for reference to the new CM an Ingress sync is triggered if such reference is found.
 2020-02-11 11:00:48 +01:00
Ilya Nemakov
46a3e0a6fd Fix X-Forwarded-Proto based on proxy-protocol server port 2020-02-10 18:08:34 +03:00
Manuel Alejandro de Brito Fontes
d0423c6d4f
Update code to use pault.ag/go/sniff package (#5038) 
* Update code to use pault.ag/go/sniff package

* Update go dependencies
 2020-02-07 12:27:43 -03:00
Manuel Alejandro de Brito Fontes
b3146354d4 Refactor mirror feature 2020-02-05 10:39:55 -03:00
Manuel Alejandro de Brito Fontes
b9e944a8a6
Move mod-security logic from template to go code (#5009) 2020-02-04 14:04:11 -03:00
Manuel Alejandro de Brito Fontes
54c30b91c9
Fix server aliases (#5003) 2020-02-02 19:08:55 -03:00
Manuel Alejandro de Brito Fontes
5d6f09fbcd
Calculation algorithm for server_names_hash_bucket_size should consider annotations (#4993) 2020-01-31 13:01:28 -03:00
Brian Kopp
1b523390bb Add SameSite=None support and conditionally omit SameSite=None for backwards compatibility 2020-01-29 14:30:00 -07:00
Manuel Alejandro de Brito Fontes
5d05e19cc3
Fix enable opentracing per location (#4983) 2020-01-29 12:20:05 -03:00
Laszlo Janosi
ced67e53a1 New logic: proxy-ssl parameters can be applied on locations only 
Add: new parameter in the ConfigMap to control whether the proxy-ssl parameters of an Ingress should be applied on server and location levels, or only on location level
Add: logic in the config handling to work according to the new ConfigMap parameter
Add: unit test case
 2020-01-29 10:00:55 +01:00