DevFW-CICD/ingress-nginx-helm
12
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
4858 commits 4 branches 217 tags 166 MiB
Commit graph

584 commits

Author SHA1 Message Date
Peter Pan
6aa48def3a add remote_addr in layer 4 access log 
original:
[18/Oct/2019:00:47:53 +0000]  TCP 200 4333 81 0.002
new:
[10.6.124.202]  [18/Oct/2019:01:05:15 +0000]  TCP 200 4333  81 0.002
 2019-10-18 09:21:01 +08:00
Laszlo Janosi
37fe9c9876 Enabling per-location proxy-ssl parameters, so locations of the same server but with own unique Ingress definitions can have different SSL configs 2019-10-17 10:15:53 +02:00
Thomas Jackson
500b043f27 Don't use DNS resolution to "validate FQDN" 
As the controller stands today this "validation" is done once per config load, which means if the DNS query fails for any reason the endpoint will remain dead until both (1) a change happens to the ingress and (2) the DNS resolution works. If the user configured the name we should just pass it through, this way the lua dns can attempt to re-query it at its leisure.
 2019-10-13 13:16:47 -07:00
Arthur Axel 'fREW' Schmidt
ea8f7ea8b7 Simplify initialization function of bytes.Buffer 2019-10-12 08:36:54 -07:00
Bryan Hanner
9957d30048 warn when ConfigMap is missing or unparsable instead of erroring 2019-10-11 17:15:38 -07:00
Kubernetes Prow Robot
fb025ab501
Merge pull request #4087 from MRoci/master 
Define Modsecurity Snippet via ConfigMap
 2019-09-30 15:19:32 -07:00
Andrea Spacca
203a3ed455 ISSUE-4244 comply with --health-check-path (#4619) 2019-09-29 14:37:57 -03:00
Manuel Alejandro de Brito Fontes
d5d2b4037c
Fix ports collision when hostNetwork=true (#4617) 2019-09-28 17:30:57 -03:00
MRoci
72c4ffa8b5
add modsecurity-snippet key 2019-09-28 09:54:07 +02:00
Manuel Alejandro de Brito Fontes
6715108d8a
Release 0.26.0 2019-09-27 10:23:12 -03:00
Manuel Alejandro de Brito Fontes
a9f332704a
Fix custom default backend switch to default (#4611) 2019-09-27 10:21:28 -03:00
Manuel Alejandro de Brito Fontes
2bd8121338
Change default for proxy-add-original-uri-header 2019-09-25 10:57:31 -03:00
Elvin Efendi
d8a3d616b4 fix bug with new and running configuration comparison 2019-09-25 06:33:59 -04:00
Elvin Efendi
c5a8357f1d handle hsts header injection in lua 2019-09-24 21:17:22 -04:00
Kubernetes Prow Robot
14f9b0d64e
Merge pull request #4596 from Shopify/fix-auth-proxy-header-order 
sort auth proxy headers from configmap
 2019-09-24 13:29:26 -07:00
Elvin Efendi
d124dd5eee sort auth proxy headers from configmap 2019-09-24 15:19:49 -04:00
Elvin Efendi
8c64b12a96 refactor force ssl redirect logic 2019-09-24 14:57:52 -04:00
Elvin Efendi
e392c8a8af cleanup unused certificates 2019-09-24 14:16:03 -04:00
A Gardner
786a3b6862 Add support for configmap of headers to be sent to external auth service 2019-09-24 10:53:23 -04:00
Kubernetes Prow Robot
cb2889b87b
Merge pull request #4586 from aledbf/fix-reload 
Fix reload when a configmap changes
 2019-09-24 07:23:28 -07:00
Manuel Alejandro de Brito Fontes
a40a4b0325
Fix reload when a configmap changes 2019-09-24 10:55:59 -03:00
Kubernetes Prow Robot
f6c2f5fb97
Merge pull request #4514 from alexmaret/4475-stickyness-mode 
Added new affinity mode for maximum session stickyness.
 2019-09-24 05:09:27 -07:00
Manuel Alejandro de Brito Fontes
1b8f6518cf
Avoid unnecessary reloads generating lua_shared_dict directives 2019-09-22 21:16:00 -03:00
Manuel Alejandro de Brito Fontes
624ce0857a
Remove retries to ExternalName (#4584) 2019-09-22 18:16:25 -03:00
Manuel Alejandro de Brito Fontes
4b4176c830
Fix log format after #4557 2019-09-18 12:52:09 -03:00
Manuel Alejandro de Brito Fontes
9f092a2c81
Increase log level for identical CreationTimestamp warning 2019-09-18 11:59:03 -03:00
Kubernetes Prow Robot
87ad033483
Merge pull request #4569 from mkabischev/jaeger-header-configuration 
allow to configure jaeger header names
 2019-09-17 20:29:29 -07:00
Mike Kabischev
d5563a7e47 allow to configure jaeger header names 2019-09-17 12:35:53 +03:00
Kubernetes Prow Robot
2d8f8128b6
Merge pull request #4557 from aledbf/remove-realipvar 
Remove the_real_ip variable
 2019-09-16 07:30:39 -07:00
Manuel Alejandro de Brito Fontes
55820ef1e8
Allow multiple CA Certificates (#4556) 2019-09-13 09:22:24 -03:00
Manuel Alejandro de Brito Fontes
9af574a234
Remove the_real_ip variable 2019-09-12 20:01:33 -03:00
Manuel Alejandro de Brito Fontes
ce3e3d51c3
WIP Remove nginx unix sockets (#4531) 
* Remove nginx unix sockets
* Use an emptyDir volume for /tmp in PSP e2e tests
 2019-09-08 18:14:54 -03:00
Kubernetes Prow Robot
76e2a5d731
Merge pull request #4506 from ProNic-QY/master 
Fix panic on multiple ingress mess up upstream is primary or not
 2019-09-07 12:15:18 -07:00
Ricardo Katz
9c51676f17 Add support to CRL (#3164) 
Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@serpro.gov.br>

Add support to CRL

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@serpro.gov.br>
 2019-09-03 16:47:28 -04:00
Manuel Alejandro de Brito Fontes
c2935ca35c
Refactor health checks and wait until NGINX process ends 2019-09-01 15:31:27 -04:00
Manuel Alejandro de Brito Fontes
c7d2444cf4
Fix nginx variable service_port (nginx) (#4500) 2019-08-31 11:24:01 -04:00
Manuel Alejandro de Brito Fontes
72cb7f5e14
Move nginx helper (#4501) 2019-08-30 20:18:11 -04:00
Alexander Maret-Huskinson
9170591185 Added new affinity mode for maximum session stickyness. Fixes kubernetes/ingress-nginx#4475 2019-08-30 11:40:29 +02:00
qianyong
435377f47f Fix panic on multiple ingress mess up upstream is primary or not 2019-08-30 07:32:02 +08:00
Manuel Alejandro de Brito Fontes
8def5ef7ca
Add support for multiple alias and remove duplication of SSL certificates (#4472) 2019-08-26 10:58:44 -04:00
Manuel Alejandro de Brito Fontes
fcd3054f13
Lint code using staticcheck (#4471) 2019-08-23 12:08:40 -04:00
Kubernetes Prow Robot
82b241c517
Merge pull request #4476 from antoineco/bug/nil-err-channel 
Initialize nginx process error channel
 2019-08-22 09:46:33 -07:00
Antoine Cotten
d1feb65ff9
Initialize nginx process error channel 
goroutines that write to ngxErrCh remain asleep forever without that
necessary initialization.
 2019-08-22 16:25:47 +02:00
Kubernetes Prow Robot
6697203891
Merge pull request #4409 from ProNic-QY/master 
sort ingress by namespace and name when ingress.CreationTimestamp identical
 2019-08-18 17:30:03 -07:00
Kubernetes Prow Robot
75d65bbd15
Merge pull request #4327 from leki75/proxyssl 
Add proxy_ssl_* directives
 2019-08-18 09:14:04 -07:00
qianyong
70614f4622 sort ingress by namespace and name when ingress.CreationTimestamp identical 2019-08-18 23:11:15 +08:00
Kubernetes Prow Robot
839076e3b0
Merge pull request #4456 from aledbf/psp-mount 
Fix file permissions to support volumes
 2019-08-16 06:24:32 -07:00
Gabor Lekeny
65b9e2c574 Merge branch 'master' of https://github.com/kubernetes/ingress-nginx into proxyssl 2019-08-16 06:21:53 +02:00
Manuel Alejandro de Brito Fontes
23ed3ba4c4
Fix file permissions to support volumes 2019-08-15 20:48:37 -04:00
Kubernetes Prow Robot
4b0aabc0c3
Merge pull request #4451 from ElvinEfendi/avoid-redundant-lua-sync 
post data to Lua only if it changes
 2019-08-15 16:20:34 -07:00
Elvin Efendi
05c889335d post data to Lua only if it changes 2019-08-15 17:21:34 -04:00
Kubernetes Prow Robot
f4da014907
Merge pull request #4449 from aledbf/fix-en 
Fix service type external name using the name
 2019-08-15 13:08:35 -07:00
Kubernetes Prow Robot
b5fecd0dc8
Merge pull request #4450 from Shopify/proxy-max-temp-file-size 
Add nginx proxy_max_temp_file_size configuration option
 2019-08-15 12:40:33 -07:00
Maxime Ginters
d8bd8c5619 Add nginx proxy_max_temp_file_size configuration option 2019-08-15 13:47:42 -04:00
Elvin Efendi
0b619dc772 make luaSharedDicts test less dependent on default values 2019-08-15 13:13:43 -04:00
Elvin Efendi
30b64df10a ewma improvements 2019-08-15 13:13:43 -04:00
Kubernetes Prow Robot
0b375989f3
Merge pull request #4412 from Shopify/ssl-early-data 
Add nginx ssl_early_data option support
 2019-08-15 10:08:35 -07:00
Manuel Alejandro de Brito Fontes
816f4b0824
Fix service type external name using the name 2019-08-15 12:09:42 -04:00
Elvin Efendi
94052b1bfc fix test by setting default luashareddicts 2019-08-14 22:10:56 -04:00
Elvin Efendi
6a293c7e11 set /configuration client body size dynamically 2019-08-14 22:10:56 -04:00
Elvin Efendi
b21c721196 lua-shared-dicts improvements, fixes and documentation 2019-08-14 22:10:56 -04:00
Kubernetes Prow Robot
0d690fba1a
Merge pull request #4356 from aledbf/only-dynamic-mode 
Only support SSL dynamic mode
 2019-08-14 17:08:35 -07:00
Kubernetes Prow Robot
adef152db8
Merge pull request #4379 from diazjf/mirror 
Allow Requests to be Mirrored to different backends
 2019-08-13 17:52:24 -07:00
Elvin Efendi
d46b4148fa Lua /etc/resolv.conf parser and some refactoring 2019-08-13 18:34:54 -04:00
Manuel Alejandro de Brito Fontes
80bd481abb
Only support SSL dynamic mode 2019-08-13 17:33:34 -04:00
Manuel Alejandro de Brito Fontes
2ed75b3362
Move listen logic to go 2019-08-13 14:52:25 -04:00
Pierrick Charron
f459515d0d Add quote function in template 
Co-authored-by: Charle Demers <charle.demers@gmail.com>
 2019-08-09 15:47:29 -04:00
Manuel Alejandro de Brito Fontes
4a9b02bc03
Remove dynamic TLS records 2019-08-08 15:52:56 -04:00
Kubernetes Prow Robot
f4678764f5
Merge pull request #4416 from aledbf/diff 
Remove invalid log "Failed to executing diff command: exit status 1"
 2019-08-08 11:31:20 -07:00
Manuel Alejandro de Brito Fontes
171da635ef
Remove invalid log "Failed to executing diff command: exit status 1" 2019-08-08 12:53:23 -04:00
tals
a2e667c082 lua shared dict from cm 
lua shared dict teml test and update func sign

lua shared dict cm test

lua shared dict integration test

lua shared dict add cm parsing

lua shared dict change test header
 2019-08-08 12:44:11 +03:00
Maxime Ginters
7219130da4 Add nginx ssl_early_data option support 2019-08-07 16:04:09 -04:00
Fernando Diaz
386486e969 Allow Requests to be Mirrored to different backends 
Add a feature which allows traffic to be mirrored to
additional backends. This is useful for testing how
requests will behave on different "test" backends.

See https://nginx.org/en/docs/http/ngx_http_mirror_module.html
 2019-08-01 11:53:58 -05:00
Charle Demers
72271e9313
FastCGI backend support (#2982) 
Co-authored-by: Pierrick Charron <pierrick@adoy.net>
 2019-07-31 10:39:21 -04:00
Gabor Lekeny
def13fc06c Add proxy_ssl_* directives 
Add support for backends which require client certificate (eg. NiFi)
authentication. The `proxy-ssl-secret` k8s annotation references a
secret which is used to authenticate to the backend server. All other
directives fine tune the backend communication.

The following annotations are supported:
* proxy-ssl-secret
* proxy-ssl-ciphers
* proxy-ssl-protocol
* proxy-ssl-verify
* proxy-ssl-verify-depth
 2019-07-18 03:21:52 +02:00
Kubernetes Prow Robot
589c9a20f9
Merge pull request #4278 from moolen/feat/auth-req-cache 
feat: auth-req caching
 2019-07-17 12:06:12 -07:00
Moritz Johner
23504db770 feat: auth-req caching 
add a way to configure the `proxy_cache_*` [1] directive for external-auth.
The user-defined cache_key may contain sensitive information
(e.g. Authorization header).
We want to store *only* a hash of that key, not the key itself on disk.

[1] http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cache_key

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
 2019-07-17 18:39:04 +02:00
Manuel Alejandro de Brito Fontes
d5c7fa8cfb
Fix scripts to be able to run tests in docker 2019-07-17 11:06:53 -04:00
Kubernetes Prow Robot
fe6c086580
Merge pull request #4288 from eshicks4/proxy-http-version-annotation 
added proxy-http-version annotation to override the HTTP/1.1 default …
 2019-07-11 11:43:07 -07:00
Manuel Alejandro de Brito Fontes
3d7a09347d
Apply fixes suggested by staticcheck 2019-07-08 16:18:52 -04:00
E. Stuart Hicks
3b0c523e49 added proxy-http-version annotation to override the HTTP/1.1 default connection type to reverse proxy backends 2019-07-08 14:32:00 -04:00
Kubernetes Prow Robot
7c297e001a
Merge pull request #4246 from ElvinEfendi/proxy-alternative-upstream-name 
introduce proxy_alternative_upstream_name Nginx var
 2019-07-04 19:20:35 -07:00
Elvin Efendi
8b208cac93 introduce proxy_alternative_upstream_name Nginx var to differentiate canary requests 2019-07-04 19:43:20 -04:00
Manuel Alejandro de Brito Fontes
8807db9748
Check and complete intermediate SSL certificates 2019-07-04 19:13:21 -04:00
Manuel Alejandro de Brito Fontes
ccd88f625c
Refactor metric prometheus leader helper 2019-06-29 17:44:53 -04:00
Manuel Alejandro de Brito Fontes
ddffa2a173
Enable arm again 2019-06-26 23:00:58 -04:00
Kubernetes Prow Robot
ecce3fd7b1
Merge pull request #4180 from aledbf/externalname 
Service type=ExternalName can be defined with ports
 2019-06-25 13:47:15 -07:00
Manuel Alejandro de Brito Fontes
8ca5c1cba9
Do not send empty certificates to nginx 2019-06-25 08:15:28 -04:00
Manuel Alejandro de Brito Fontes
85a848faaf
Fix misspelled and e2e check 2019-06-24 23:47:22 -04:00
Manuel Alejandro de Brito Fontes
991f95f6bf
Migrate to openresty 2019-06-23 22:29:11 -04:00
Manuel Alejandro de Brito Fontes
0ac850cba4
Service type=ExternalName can be defined with ports 2019-06-18 17:17:43 -04:00
Kubernetes Prow Robot
6f1261015b
Merge pull request #4127 from aledbf/migration 
Migrate to new networking.k8s.io/v1beta1 package
 2019-06-13 09:28:19 -07:00
Kubernetes Prow Robot
ec674aa22d
Merge pull request #4185 from Colstuwjx/fix/missing-healthcheck-timeout 
Fix: fillout missing health check timeout on health check.
 2019-06-13 08:38:20 -07:00
Manuel Alejandro de Brito Fontes
84102eec2b
Migrate to new networking.k8s.io/v1beta1 package 2019-06-13 11:32:39 -04:00
Colstuwjx
b28577a4bf Fix: fillout missing health check timeout on health check. 2019-06-13 21:15:50 +08:00
tals
a9a73c6ed6 increase lua_shared_dict config data 2019-06-12 18:42:47 +03:00
Sebastiaan Tammer
c11583dc5f Only load modsecurity_module when ModSec is active 2019-06-11 16:39:52 +02:00
Kubernetes Prow Robot
e76418cd99
Merge pull request #4162 from stramel/patch-1 
Add "text/javascript" to compressible MIME types
 2019-06-06 11:35:34 -07:00
Michael Stramel
686f2310e4 Add "text/javascript" to compressible MIME types 
Based on the HTML Standard, https://html.spec.whatwg.org/multipage/scripting.html#scriptingLanguages, servers _should_ use `text/javascript`.
 2019-06-06 13:11:56 -05:00
Elvin Efendi
c4ced9d694 fix source file mods 2019-06-06 10:47:08 -04:00