DevFW-CICD/ingress-nginx-helm
14
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
7504 commits 4 branches 217 tags 166 MiB
Commit graph

230 commits

Author SHA1 Message Date
Ricardo Katz
90c79689c4
Release v1 (#7470) 
* Drop v1beta1 from ingress nginx (#7156)

* Drop v1beta1 from ingress nginx

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* Fix intorstr logic in controller

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* fixing admission

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* more intorstr fixing

* correct template rendering

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* Fix e2e tests for v1 api

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* Fix gofmt errors

* This is finally working...almost there...

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* Re-add removed validation of AdmissionReview

* Prepare for v1.0.0-alpha.1 release

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* Update changelog and matrix table for v1.0.0-alpha.1 (#7274)

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* add docs for syslog feature (#7219)

* Fix link to e2e-tests.md in developer-guide (#7201)

* Use ENV expansion for namespace in args (#7146)

Update the DaemonSet namespace references to use the `POD_NAMESPACE` environment variable in the same way that the Deployment does.

* chart: using Helm builtin capabilities check (#7190)

Signed-off-by: Jintao Zhang <zhangjintao9020@gmail.com>

* Update proper default value for HTTP2MaxConcurrentStreams in Docs (#6944)

It should be 128 as documented in https://github.com/kubernetes/ingress-nginx/blob/master/internal/ingress/controller/config/config.go#L780

* Fix MaxWorkerOpenFiles calculation on high cores nodes (#7107)

* Fix MaxWorkerOpenFiles calculation on high cores nodes

* Add e2e test for rlimit_nofile

* Fix doc for max-worker-open-files

* ingress/tcp: add additional error logging on failed (#7208)

* Add file containing stable release (#7313)

* Handle named (non-numeric) ports correctly (#7311)

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

* Updated v1beta1 to v1 as its deprecated (#7308)

* remove mercurial from build (#7031)

* Retry to download maxmind DB if it fails (#7242)

* Retry to download maxmind DB if it fails.

Signed-off-by: Sergey Shakuto <sshakuto@infoblox.com>

* Add retries count arg, move retry logic into DownloadGeoLite2DB function

Signed-off-by: Sergey Shakuto <sshakuto@infoblox.com>

* Reorder parameters in DownloadGeoLite2DB

Signed-off-by: Sergey Shakuto <sshakuto@infoblox.com>

* Remove hardcoded value

Signed-off-by: Sergey Shakuto <sshakuto@infoblox.com>

* Release v1.0.0-alpha.1

* Add changelog for v1.0.0-alpha.2

* controller: ignore non-service backends (#7332)

* controller: ignore non-service backends

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

* update per feedback

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

* fix: allow scope/tcp/udp configmap namespace to altered (#7161)

* Lower webhook timeout for digital ocean (#7319)

* Lower webhook timeout for digital ocean

* Set Digital Ocean value controller.admissionWebhooks.timeoutSeconds to 29

* update OWNERS and aliases files (#7365) (#7366)

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

* Downgrade Lua modules for s390x (#7355)

Downgrade Lua modules to last known working version.

* Fix IngressClass logic for newer releases (#7341)

* Fix IngressClass logic for newer releases

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* Change e2e tests for the new IngressClass presence

* Fix chart and admission tests

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* Fix helm chart test

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* Fix reviews

* Remove ingressclass code from admission

* update tag to v1.0.0-beta.1

* update readme and changelog for v1.0.0-beta.1

* Release v1.0.0-beta.1 - helm and manifests (#7422)

* Change the order of annotation just to trigger a new helm release (#7425)

* [cherry-pick] Add dev-v1 branch into helm releaser (#7428)

* Add dev-v1 branch into helm releaser (#7424)

* chore: add link for artifacthub.io/prerelease annotations

Signed-off-by: Jintao Zhang <zhangjintao9020@gmail.com>

Co-authored-by: Ricardo Katz <rikatz@users.noreply.github.com>

* k8s job ci pipeline for dev-v1 br v1.22.0 (#7453)

* k8s job ci pipeline for dev-v1 br v1.22.0

Signed-off-by: Neha Lohia <nehapithadiya444@gmail.com>

* k8s job ci pipeline for dev-v1 br v1.21.2

Signed-off-by: Neha Lohia <nehapithadiya444@gmail.com>

* remove v1.21.1 version

Signed-off-by: Neha Lohia <nehapithadiya444@gmail.com>

* Add controller.watchIngressWithoutClass config option (#7459)

Signed-off-by: Akshit Grover <akshit.grover2016@gmail.com>

* Release new helm chart with certgen fixed (#7478)

* Update go version, modules and remove ioutil

* Release new helm chart with certgen fixed

* changed appversion, chartversion, TAG, image (#7490)

* Fix CI conflict

* Fix CI conflict

* Fix build.sh from rebase process

* Fix controller_test post rebase

Co-authored-by: Tianhao Guo <rggth09@gmail.com>
Co-authored-by: Ray <61553+rctay@users.noreply.github.com>
Co-authored-by: Bill Cassidy <cassid4@gmail.com>
Co-authored-by: Jintao Zhang <tao12345666333@163.com>
Co-authored-by: Sathish Ramani <rsathishx87@gmail.com>
Co-authored-by: Mansur Marvanov <nanorobocop@gmail.com>
Co-authored-by: Matt1360 <568198+Matt1360@users.noreply.github.com>
Co-authored-by: Carlos Tadeu Panato Junior <ctadeu@gmail.com>
Co-authored-by: Kundan Kumar <kundan.kumar@india.nec.com>
Co-authored-by: Tom Hayward <thayward@infoblox.com>
Co-authored-by: Sergey Shakuto <sshakuto@infoblox.com>
Co-authored-by: Tore <tore.lonoy@gmail.com>
Co-authored-by: Bouke Versteegh <info@boukeversteegh.nl>
Co-authored-by: Shahid <shahid@us.ibm.com>
Co-authored-by: James Strong <strong.james.e@gmail.com>
Co-authored-by: Long Wu Yuan <longwuyuan@gmail.com>
Co-authored-by: Jintao Zhang <zhangjintao9020@gmail.com>
Co-authored-by: Neha Lohia <nehapithadiya444@gmail.com>
Co-authored-by: Akshit Grover <akshit.grover2016@gmail.com>
 2021-08-21 13:42:00 -07:00
Ricardo Katz
d226d831bd Update go version, modules and remove ioutil 2021-08-06 14:15:21 -03:00
wasker
f222c752be
Enable session affinity for canaries (#7371) 2021-07-29 14:23:19 -07:00
Dmitry Kuleshov
a327a809d9
auto backend protocol for HTTP/HTTPS (#6985) 
* add auto backend protocol for HTTP/HTTPS

* e2e test for AUTO_HTTP backend protocol

* unit  test for AUTO_HTTP backend protocol

Co-authored-by: Luca Del Monte <luca.delmonte5@gmail.com>
 2021-07-29 12:49:19 -07:00
Ricardo Katz
11d4ddca8e
Revert "feat: multiple-cors-allow-origin support (#7134)" (#7168) 
This reverts commit 8a55801cc0.
 2021-05-27 05:38:24 -07:00
Alex Zhang
8a55801cc0
feat: multiple-cors-allow-origin support (#7134) 2021-05-23 09:13:39 -07:00
Matt Miller
b3dfee6ada
Allow preservation of trailing slashes on TLS redirects via annotation. (#7144) 
* allow retaining a trailing slash in a TLS redirect via annotation.

Signed-off-by: mamiller <mamiller@rosettastone.com>

* requested changes

* gofmt
 2021-05-23 08:51:38 -07:00
cjyyb
49ae85099b Fix log printing error 2021-05-02 11:34:57 +08:00
Elvin Efendi
e0dece48f7 Add Global Rate Limiting support 2021-01-04 17:47:07 -05:00
Elvin Efendi
2cff9fa41d generalize cidr parsing and improve lua tests 2021-01-04 15:01:55 -05:00
Manuel Alejandro de Brito Fontes
d9af197e62
Remove dead code 2020-12-27 22:26:51 -03:00
Josh Soref
a8728f3d2c Spelling 2020-12-15 16:10:48 -05:00
Kubernetes Prow Robot
e3a3ea8826
Merge pull request #6294 from ianbuss/auth-error-redirect-param 
Allow customisation of redirect URL parameter in external auth redirects
 2020-11-23 01:27:37 -08:00
aimuz
e5fa90db9b fix: empty IngressClassName, Error handling 2020-11-09 11:36:00 +08:00
Manuel Alejandro de Brito Fontes
4d65097afa Improve log messages 2020-10-26 17:14:36 -03:00
Manuel Alejandro de Brito Fontes
703c2d6f8e Enable validation of ingress definitions from extensions package 2020-10-26 10:50:44 -03:00
Ian Buss
41cf628bdf Add a configurable URL redirect parameter for error URLs 2020-10-08 12:53:46 +01:00
Manuel Alejandro de Brito Fontes
108637bb1c Migrate to structured logging (klog) 2020-09-27 18:59:57 -03:00
Maxime LUCE
b7b85175f6 Add annotation to configure CORS Access-Control-Expose-Headers 2020-09-23 17:41:52 +02:00
Kubernetes Prow Robot
91c6d1a081
Merge pull request #6150 from timmysilv/master 
Reject ingresses that use the default annotation if a custom one was provided
 2020-09-10 07:11:45 -07:00
Matthew Silverman
9612180f6e reject annotations with default prefix in the case of an override 2020-09-10 09:16:44 -04:00
Gian Ortz
3820aa416b Add annotation to set value for burst multiplier on rate limit 2020-08-30 19:43:08 -03:00
Manuel Alejandro de Brito Fontes
cb86c5698c Migrate to klog v2 2020-08-08 21:01:03 -04:00
Laszlo Janosi
7d82903ce9
Fix panic in ingress class validation 
If an ingress had no class annotation, nor IngressClassName  at all, and an IngressClass resource was created for the ingress-nginx there was a panic when the controller tried to check the IngressClassName of the Ingress.
 2020-08-07 17:09:14 +00:00
Zhongcheng Lao
c0629e92c2
Add proxy-ssl-server-name to enable passing SNI 2020-07-03 14:14:32 +08:00
Yilong Ren
714637bec5 build/dev-env.sh: remove docker version check 
docker experimental feature is unnecessary, so just remove it
 2020-06-23 15:37:41 +08:00
Kubernetes Prow Robot
d061375afa
Merge pull request #5571 from agile6v/dev 
feat: support the combination of Nginx variables for annotation upstream-hash-by.
 2020-06-01 15:10:14 -07:00
agile6v
c035a144f8 Support the combination of nginx variables and text value for annotation upstream-hash-by. 2020-06-01 06:37:41 +08:00
Kubernetes Prow Robot
ee02d897d5
Merge pull request #5534 from agile6v/master 
Add annotation ssl-prefer-server-ciphers.
 2020-05-29 08:35:16 -07:00
agile6v
0e79ad8e4f Update unit & e2e tests. 2020-05-21 02:19:13 +08:00
agile6v
38f99cefb2 Update testcase for sslCipher. 2020-05-13 11:03:15 +08:00
agile6v
38a8556c4f Add comments for sslcipher.Config struct. 2020-05-13 10:40:56 +08:00
agile6v
41d82005ec Add annotation ssl-prefer-server-ciphers. 2020-05-11 16:31:08 +08:00
Kevin Frommelt
e775495a56
Remove duplicate Cookie.ChangeOnFailure assertion 2020-05-08 13:51:14 -05:00
Kevin Frommelt
3c5e3eda7b
Remove duplicate annotation parsing for annotationAffinityCookieChangeOnFailure 2020-05-08 09:14:10 -05:00
Manuel Alejandro de Brito Fontes
efbb3f9fc8 Add support for IngressClass and ingress.class annotation 2020-04-22 09:15:32 -04:00
Manuel Alejandro de Brito Fontes
04ef782c57 Migrate ingress.class annotation to new IngressClassName field 2020-03-31 12:20:01 -03:00
Bhavin Gandhi
380ef3a92c Fix the ability to disable ModSecurity at location level 
- Adds 'modsecurity off;' to the nginx config if the
  'enable-modsecurity' annotation is set to false.
- Update tests and e2e tests accordingly

Signed-off-by: Bhavin Gandhi <bhavin7392@gmail.com>
 2020-03-22 23:51:02 +05:30
Manuel Alejandro de Brito Fontes
07b70f68bd
Redirect for app-root should preserve current scheme (#5266) 2020-03-19 15:49:18 -03:00
schaefec
0ab2e72e95 Doesn't fail if proxy-ssl-name annotation is not specified 2020-02-25 13:32:14 +01:00
schaefec
141ea59b7f Allows overriding the server name used to verify the certificate of the proxied HTTPS server 2020-02-25 13:32:14 +01:00
Lisheng Zheng
0b33650bb8 Feat: canary supports using specific match strategy to match header value. 2020-02-21 10:02:20 +08:00
Manuel Alejandro de Brito Fontes
281139d1a7
Only set mirror source when a target is configured (#5055) 2020-02-11 13:48:42 -03:00
Manuel Alejandro de Brito Fontes
77586dd83b
Validation of header in authreq should be done only in the key (#5053) 2020-02-11 10:30:14 -03:00
Manuel Alejandro de Brito Fontes
b3146354d4 Refactor mirror feature 2020-02-05 10:39:55 -03:00
Brian Kopp
1b523390bb Add SameSite=None support and conditionally omit SameSite=None for backwards compatibility 2020-01-29 14:30:00 -07:00
Manuel Alejandro de Brito Fontes
5d05e19cc3
Fix enable opentracing per location (#4983) 2020-01-29 12:20:05 -03:00
Manuel Alejandro de Brito Fontes
1021051fb3 Avoid overlap of rate limit zones 2020-01-27 00:38:54 -03:00
Manuel Alejandro de Brito Fontes
340bb39384 Avoid overwrite of auth file 2020-01-27 00:38:54 -03:00
Manuel Alejandro de Brito Fontes
7ff49b25d6
Move opentracing configuration for location to go (#4965) 2020-01-25 21:39:20 -03:00
Manuel Alejandro de Brito Fontes
5f6c4cff3e
Add help task (#4891) 
* Add help task
* Fix vet errors
 2020-01-07 10:53:12 -03:00
Kubernetes Prow Robot
a85d5ed93a
Merge pull request #4779 from aledbf/update-image 
Remove lua-resty-waf feature
 2019-11-27 11:45:05 -08:00
Kubernetes Prow Robot
b286c2a336
Merge pull request #4732 from willthames/enable-opentracing-annotation 
Allow enabling/disabling opentracing for ingresses
 2019-11-26 17:31:21 -08:00
Will Thames
6927d9351a Improve safety of AWS-based builds 
Ensure that AWS and Docker credentials don't get
accidentally added
 2019-11-27 11:07:26 +10:00
Will Thames
0ae463a5f3 Provide annotation to control opentracing 
By default you might want opentracing off, but on for a particular
ingress.

Similarly, you might want opentracing globally on, but disabled for
a specific endpoint. To achieve this, `opentracing_propagate_context`
cannot be set when combined with `opentracing off`

A new annotation, `enable-opentracing` allows more fine grained control
of opentracing for specific ingresses.
 2019-11-27 11:07:26 +10:00
Manuel Alejandro de Brito Fontes
61d902db14 Remove Lua resty waf feature 2019-11-26 10:37:43 -03:00
Laszlo Janosi
c76995b81b Fixing comments 2019-10-18 11:36:00 +02:00
Laszlo Janosi
31227d61c2 Removing secure-verify-ca-secret support and writing an error log if that annotation is used in an Ingress definition 2019-10-18 10:58:57 +02:00
A Gardner
786a3b6862 Add support for configmap of headers to be sent to external auth service 2019-09-24 10:53:23 -04:00
Kubernetes Prow Robot
cb2889b87b
Merge pull request #4586 from aledbf/fix-reload 
Fix reload when a configmap changes
 2019-09-24 07:23:28 -07:00
Manuel Alejandro de Brito Fontes
a40a4b0325
Fix reload when a configmap changes 2019-09-24 10:55:59 -03:00
Kubernetes Prow Robot
f6c2f5fb97
Merge pull request #4514 from alexmaret/4475-stickyness-mode 
Added new affinity mode for maximum session stickyness.
 2019-09-24 05:09:27 -07:00
A Gardner
376b862c23 Add annotation to support map of user/pass pairs in basic auth 2019-09-13 11:33:33 -04:00
Alexander Maret-Huskinson
880b3dc5f1 Fixed test findings. 2019-08-30 19:08:03 +02:00
Alexander Maret-Huskinson
9170591185 Added new affinity mode for maximum session stickyness. Fixes kubernetes/ingress-nginx#4475 2019-08-30 11:40:29 +02:00
Manuel Alejandro de Brito Fontes
8def5ef7ca
Add support for multiple alias and remove duplication of SSL certificates (#4472) 2019-08-26 10:58:44 -04:00
Manuel Alejandro de Brito Fontes
fcd3054f13
Lint code using staticcheck (#4471) 2019-08-23 12:08:40 -04:00
Gabor Lekeny
4624b5bc77 Change PemSHA to CASHA 2019-08-16 06:31:15 +02:00
Gabor Lekeny
65b9e2c574 Merge branch 'master' of https://github.com/kubernetes/ingress-nginx into proxyssl 2019-08-16 06:21:53 +02:00
Manuel Alejandro de Brito Fontes
9543aacc76
Fix test description on error 2019-08-15 16:56:20 -04:00
Maxime Ginters
d8bd8c5619 Add nginx proxy_max_temp_file_size configuration option 2019-08-15 13:47:42 -04:00
Kubernetes Prow Robot
0d690fba1a
Merge pull request #4356 from aledbf/only-dynamic-mode 
Only support SSL dynamic mode
 2019-08-14 17:08:35 -07:00
Kubernetes Prow Robot
adef152db8
Merge pull request #4379 from diazjf/mirror 
Allow Requests to be Mirrored to different backends
 2019-08-13 17:52:24 -07:00
Manuel Alejandro de Brito Fontes
80bd481abb
Only support SSL dynamic mode 2019-08-13 17:33:34 -04:00
Manuel Alejandro de Brito Fontes
40533ad989
Code linting 2019-08-09 08:44:14 -04:00
Fernando Diaz
386486e969 Allow Requests to be Mirrored to different backends 
Add a feature which allows traffic to be mirrored to
additional backends. This is useful for testing how
requests will behave on different "test" backends.

See https://nginx.org/en/docs/http/ngx_http_mirror_module.html
 2019-08-01 11:53:58 -05:00
Charle Demers
72271e9313
FastCGI backend support (#2982) 
Co-authored-by: Pierrick Charron <pierrick@adoy.net>
 2019-07-31 10:39:21 -04:00
Gabor Lekeny
def13fc06c Add proxy_ssl_* directives 
Add support for backends which require client certificate (eg. NiFi)
authentication. The `proxy-ssl-secret` k8s annotation references a
secret which is used to authenticate to the backend server. All other
directives fine tune the backend communication.

The following annotations are supported:
* proxy-ssl-secret
* proxy-ssl-ciphers
* proxy-ssl-protocol
* proxy-ssl-verify
* proxy-ssl-verify-depth
 2019-07-18 03:21:52 +02:00
Kubernetes Prow Robot
589c9a20f9
Merge pull request #4278 from moolen/feat/auth-req-cache 
feat: auth-req caching
 2019-07-17 12:06:12 -07:00
Moritz Johner
23504db770 feat: auth-req caching 
add a way to configure the `proxy_cache_*` [1] directive for external-auth.
The user-defined cache_key may contain sensitive information
(e.g. Authorization header).
We want to store *only* a hash of that key, not the key itself on disk.

[1] http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cache_key

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
 2019-07-17 18:39:04 +02:00
Kubernetes Prow Robot
fe6c086580
Merge pull request #4288 from eshicks4/proxy-http-version-annotation 
added proxy-http-version annotation to override the HTTP/1.1 default …
 2019-07-11 11:43:07 -07:00
Manuel Alejandro de Brito Fontes
3d7a09347d
Apply fixes suggested by staticcheck 2019-07-08 16:18:52 -04:00
E. Stuart Hicks
3b0c523e49 added proxy-http-version annotation to override the HTTP/1.1 default connection type to reverse proxy backends 2019-07-08 14:32:00 -04:00
Fernando Diaz
e616f6d4ad Get AuthTLS annotation unit tests to 100% 
Adds more unit tests for the authtls annotation. Increases the
coverage.
 2019-06-21 12:46:07 -05:00
Manuel Alejandro de Brito Fontes
84102eec2b
Migrate to new networking.k8s.io/v1beta1 package 2019-06-13 11:32:39 -04:00
Elvin Efendi
83f2acbe38 Session Affinity ChangeOnFailure should be boolean 2019-06-06 11:22:05 -04:00
Elvin Efendi
c4ced9d694 fix source file mods 2019-06-06 10:47:08 -04:00
Eugene Fedunin
254629cf16 Added support for annotation session-cookie-change-on-failure 
1. Session cookie is updated on previous attempt failure when `session-cookie-change-on-failure = true` (default value is `false`).
2. Added tests to check both cases.
3. Updated docs.

Co-Authored-By: Vladimir Grishin <yadolov@users.noreply.github.com>
 2019-05-27 13:00:07 +03:00
Kubernetes Prow Robot
fafa0a6e13
Merge pull request #4067 from aledbf/normalize 
Trim spaces from annotations that can contain multiple lines
 2019-05-09 07:18:51 -07:00
Manuel Alejandro de Brito Fontes
23e7423477
Trim spaces from annotations that can contain multiple lines 2019-05-07 14:25:52 -04:00
okryvoshapka-connyun
8cc9afe8ee Added Global External Authentication settings to configmap parameters incl. addons 2019-05-03 12:08:16 +02:00
Alex Kursell
ffeb1fe348 Support proxy_next_upstream_timeout 2019-04-15 11:08:57 -04:00
Manuel Alejandro de Brito Fontes
951f7d7c1b
Refactor equals 2019-04-03 22:39:32 -03:00
Alex Kursell
188295550c Simplify x-forwarded-prefix annotation 2019-03-29 16:25:25 -04:00
Manuel Alejandro de Brito Fontes
d403b3ef86
Allow the use of a secret located in a different namespace 2019-03-11 11:16:10 -03:00
Alex Kursell
d3ac73be79 Remove session-cookie-hash annotation 2019-03-04 10:34:48 -05:00
Alex Kursell
28d99c6d7d Set default for satisfy annotation to nothing 2019-02-26 15:05:45 -05:00
Kubernetes Prow Robot
7b2495047f
Merge pull request #3781 from zoumo/proxy-buffer-number 
feat: configurable proxy buffers number
 2019-02-22 12:11:46 -08:00
Kubernetes Prow Robot
debe933f43
Merge pull request #3793 from Shopify/update-mergo 
Update mergo dependency
 2019-02-22 12:07:39 -08:00
Alex Kursell
53538acbaf Change Denied to *string 2019-02-22 11:48:13 -05:00