DevFW-CICD/ingress-nginx-helm
12
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
6014 commits 4 branches 217 tags 166 MiB
Commit graph

232 commits

Author SHA1 Message Date
Manuel Alejandro de Brito Fontes
90d07d7b69 Fix from-to-www link 2020-04-17 19:41:25 -04:00
Manuel Alejandro de Brito Fontes
d18fa90cfd Add e2e test for OCSP and new configmap setting 2020-04-17 12:53:47 -04:00
Manuel Alejandro de Brito Fontes
0257068b9b Fix plugin README.md link 2020-04-14 11:48:23 -04:00
Elvin Efendi
b60e25f1db ingress-nginx lua plugins documentation 2020-04-14 09:47:58 -04:00
Mark Janssen
049b25e566 Update TLS configuration 
Enable TLSv1.3 by default and update list of ciphers. The new
configuration matches the 'Intermediate' configuration recommended by
the Mozilla SSL Configuration Generator:
https://ssl-config.mozilla.org/#server=nginx&version=1.17.7&config=modern&openssl=1.1.1d&guideline=5.4
 2020-04-13 17:46:33 +02:00
Manuel Alejandro de Brito Fontes
c0db19b0ec Enable configuration of plugins using configmap 2020-04-13 11:38:42 -04:00
Weihang Lo
12dddcca17
docs: fix use-gzip wrong markdown style 2020-04-11 14:28:04 +08:00
Luis Valdés
e001b5a5b7
I found a typo :) 
Change *onyl* to * only*
 2020-02-27 23:05:37 -03:00
schaefec
141ea59b7f Allows overriding the server name used to verify the certificate of the proxied HTTPS server 2020-02-25 13:32:14 +01:00
Kubernetes Prow Robot
35264d6e8f
Merge pull request #5114 from whalecold/match 
Feat: add header-pattern annotation.
 2020-02-24 17:07:36 -08:00
Kubernetes Prow Robot
6cd223558f
Merge pull request #4981 from janosi/proxy-ssl-scope 
Applying proxy-ssl-* directives on locations only
 2020-02-24 15:53:36 -08:00
Lisheng Zheng
0b33650bb8 Feat: canary supports using specific match strategy to match header value. 2020-02-21 10:02:20 +08:00
James Taylor
f97599c189
Use correct spelling of "Original" 
Fix the spelling of "original" in the annotations documentation
 2020-02-20 16:45:26 +11:00
Daniel Arifin
d48d5a61ae Add gzip-min-length as a configurable 2020-02-14 13:29:51 +07:00
Kubernetes Prow Robot
5e54f66ab2
Merge pull request #5040 from BrianKopp/samesite-followup 
Update documentation and remove hack fixed by upstream cookie library
 2020-02-10 10:25:53 -08:00
Manuel Alejandro de Brito Fontes
34b6d083b8
Cleanup docs (#5043) 2020-02-09 20:50:27 -03:00
BrianKopp
34b194c770 Update documentation and remove hack fixed by upstream cookie library 2020-02-08 11:54:52 -07:00
Manuel Alejandro de Brito Fontes
b3146354d4 Refactor mirror feature 2020-02-05 10:39:55 -03:00
Brian Kopp
1b523390bb Add SameSite=None support and conditionally omit SameSite=None for backwards compatibility 2020-01-29 14:30:00 -07:00
Laszlo Janosi
bc79fe1532 Add: documentation for proxy-ssl-location-only 2020-01-29 10:00:55 +01:00
Manuel Alejandro de Brito Fontes
74944b99e9
Enable download of GeoLite2 databases (#4896) 2020-01-08 19:46:43 -03:00
Sungmin Lee
d7be5db7de Support sample rate and global sampling configuration for Datadog in ConfigMap 2020-01-07 16:59:59 -08:00
Manuel Alejandro de Brito Fontes
0dce5be743 Migrate ingress definitions from extensions to networking.k8s.io 2019-12-12 21:25:00 -03:00
Sablu Miah
010ec6f159
Remove extra annotation when Enabling ModSecurity 
Since version 0.25, if you try to use both annotations of:

nginx.ingress.kubernetes.io/modsecurity-snippet: |
Include /etc/nginx/owasp-modsecurity-crs/nginx-modsecurity.conf
Include /etc/nginx/modsecurity/modsecurity.conf

and 

nginx.ingress.kubernetes.io/enable-modsecurity: "true"

it breaks nginx config and you will not catch it unless you have nginx admission controller enabled. 

You do not need the annotation of `Include /etc/nginx/modsecurity/modsecurity.conf` from version 0.25
 2019-11-28 15:16:09 +00:00
Kubernetes Prow Robot
b286c2a336
Merge pull request #4732 from willthames/enable-opentracing-annotation 
Allow enabling/disabling opentracing for ingresses
 2019-11-26 17:31:21 -08:00
Will Thames
0ae463a5f3 Provide annotation to control opentracing 
By default you might want opentracing off, but on for a particular
ingress.

Similarly, you might want opentracing globally on, but disabled for
a specific endpoint. To achieve this, `opentracing_propagate_context`
cannot be set when combined with `opentracing off`

A new annotation, `enable-opentracing` allows more fine grained control
of opentracing for specific ingresses.
 2019-11-27 11:07:26 +10:00
Matt Busche
6b0a6ec8b3 Fix extra word 2019-11-20 19:01:56 -06:00
Syunsuke Komma
73aaf0ff28
Update annotations.md 
Add links to proxy-buffering section
 2019-11-13 12:54:42 +09:00
Syunsuke Komma
0b38a48ac9
Update annotations.md 
Add notes of limit-rate/limit-rate-after
 2019-11-13 12:49:59 +09:00
Kubernetes Prow Robot
0d244e1c41
Merge pull request #4730 from stamm/master 
add configuration for http2_max_concurrent_streams
 2019-11-08 07:12:29 -08:00
Kubernetes Prow Robot
a0dc3a9a51
Merge pull request #4695 from janosi/secure-verify-ca-secret 
Removing secure-verify-ca-secret support
 2019-11-08 07:12:21 -08:00
Rustam Zagirov
d9cfad1894 add configuration for http2_max_concurrent_streams 2019-10-31 15:13:38 +03:00
Carlos Panato
40e0e5bef8
add proxy-max-temp-file-size doc 2019-10-23 09:55:46 +02:00
Peter Pan
ee24bf1bbc Doc: Add remote_addr into default values in configmap for TCP logging format 2019-10-21 10:18:17 +08:00
Laszlo Janosi
31227d61c2 Removing secure-verify-ca-secret support and writing an error log if that annotation is used in an Ingress definition 2019-10-18 10:58:57 +02:00
Kubernetes Prow Robot
fb025ab501
Merge pull request #4087 from MRoci/master 
Define Modsecurity Snippet via ConfigMap
 2019-09-30 15:19:32 -07:00
MRoci
72c4ffa8b5
add modsecurity-snippet key 2019-09-28 09:54:07 +02:00
Manuel Alejandro de Brito Fontes
6715108d8a
Release 0.26.0 2019-09-27 10:23:12 -03:00
Manuel Alejandro de Brito Fontes
2bd8121338
Change default for proxy-add-original-uri-header 2019-09-25 10:57:31 -03:00
A Gardner
786a3b6862 Add support for configmap of headers to be sent to external auth service 2019-09-24 10:53:23 -04:00
Kubernetes Prow Robot
f6c2f5fb97
Merge pull request #4514 from alexmaret/4475-stickyness-mode 
Added new affinity mode for maximum session stickyness.
 2019-09-24 05:09:27 -07:00
Manuel Alejandro de Brito Fontes
4b4176c830
Fix log format after #4557 2019-09-18 12:52:09 -03:00
Kubernetes Prow Robot
87ad033483
Merge pull request #4569 from mkabischev/jaeger-header-configuration 
allow to configure jaeger header names
 2019-09-17 20:29:29 -07:00
Mike Kabischev
d5563a7e47 allow to configure jaeger header names 2019-09-17 12:35:53 +03:00
Kubernetes Prow Robot
846ff00363
Merge pull request #4560 from Shopify/basic-auth-map 
Support configuring basic auth credentials as a map of user/password hashes
 2019-09-16 07:52:39 -07:00
A Gardner
376b862c23 Add annotation to support map of user/pass pairs in basic auth 2019-09-13 11:33:33 -04:00
Manuel Alejandro de Brito Fontes
9af574a234
Remove the_real_ip variable 2019-09-12 20:01:33 -03:00
Tobias Bradtke
d7dc7be276 Fix relative links (#4522) 2019-09-03 09:02:07 -04:00
Alexander Maret-Huskinson
9170591185 Added new affinity mode for maximum session stickyness. Fixes kubernetes/ingress-nginx#4475 2019-08-30 11:40:29 +02:00
Manuel Alejandro de Brito Fontes
8def5ef7ca
Add support for multiple alias and remove duplication of SSL certificates (#4472) 2019-08-26 10:58:44 -04:00
Manuel Alejandro de Brito Fontes
7d6ce5701f
Fix log format markdown (#4489) 2019-08-24 22:48:17 -04:00
Tim Hobbs
2c604e7d38
Add rate limit units and error status 
Signed-off-by: Tim Hobbs <timothy.hobbs@ic-consult.com>
 2019-08-22 16:03:41 +02:00
Gabor Lekeny
65b9e2c574 Merge branch 'master' of https://github.com/kubernetes/ingress-nginx into proxyssl 2019-08-16 06:21:53 +02:00
Kubernetes Prow Robot
0b375989f3
Merge pull request #4412 from Shopify/ssl-early-data 
Add nginx ssl_early_data option support
 2019-08-15 10:08:35 -07:00
Elvin Efendi
b21c721196 lua-shared-dicts improvements, fixes and documentation 2019-08-14 22:10:56 -04:00
Kubernetes Prow Robot
adef152db8
Merge pull request #4379 from diazjf/mirror 
Allow Requests to be Mirrored to different backends
 2019-08-13 17:52:24 -07:00
Pierrick Charron
f459515d0d Add quote function in template 
Co-authored-by: Charle Demers <charle.demers@gmail.com>
 2019-08-09 15:47:29 -04:00
Manuel Alejandro de Brito Fontes
4a9b02bc03
Remove dynamic TLS records 2019-08-08 15:52:56 -04:00
Maxime Ginters
7219130da4 Add nginx ssl_early_data option support 2019-08-07 16:04:09 -04:00
Fernando Diaz
386486e969 Allow Requests to be Mirrored to different backends 
Add a feature which allows traffic to be mirrored to
additional backends. This is useful for testing how
requests will behave on different "test" backends.

See https://nginx.org/en/docs/http/ngx_http_mirror_module.html
 2019-08-01 11:53:58 -05:00
Jude Zhu
5e64b6834c
Add [$proxy_alternative_upstream_name] 
https://github.com/kubernetes/ingress-nginx/pull/4246
 2019-07-19 07:36:13 +08:00
Gabor Lekeny
def13fc06c Add proxy_ssl_* directives 
Add support for backends which require client certificate (eg. NiFi)
authentication. The `proxy-ssl-secret` k8s annotation references a
secret which is used to authenticate to the backend server. All other
directives fine tune the backend communication.

The following annotations are supported:
* proxy-ssl-secret
* proxy-ssl-ciphers
* proxy-ssl-protocol
* proxy-ssl-verify
* proxy-ssl-verify-depth
 2019-07-18 03:21:52 +02:00
Kubernetes Prow Robot
589c9a20f9
Merge pull request #4278 from moolen/feat/auth-req-cache 
feat: auth-req caching
 2019-07-17 12:06:12 -07:00
Moritz Johner
23504db770 feat: auth-req caching 
add a way to configure the `proxy_cache_*` [1] directive for external-auth.
The user-defined cache_key may contain sensitive information
(e.g. Authorization header).
We want to store *only* a hash of that key, not the key itself on disk.

[1] http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cache_key

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
 2019-07-17 18:39:04 +02:00
E. Stuart Hicks
3b0c523e49 added proxy-http-version annotation to override the HTTP/1.1 default connection type to reverse proxy backends 2019-07-08 14:32:00 -04:00
Tristan Matthews
ef4b560499
Update annotations.md 2019-06-20 20:19:11 -04:00
Jorrit Salverda
f77eaaee50 Add opentracing-operation-name and opentracing-location-operation-name config settings 
With these settings custom span names can be used for the server span and location span

Signed-off-by: Jorrit Salverda <jsalverda@travix.com>
 2019-06-07 14:19:34 +02:00
Kubernetes Prow Robot
e76418cd99
Merge pull request #4162 from stramel/patch-1 
Add "text/javascript" to compressible MIME types
 2019-06-06 11:35:34 -07:00
Michael Stramel
686f2310e4 Add "text/javascript" to compressible MIME types 
Based on the HTML Standard, https://html.spec.whatwg.org/multipage/scripting.html#scriptingLanguages, servers _should_ use `text/javascript`.
 2019-06-06 13:11:56 -05:00
Eugene Fedunin
254629cf16 Added support for annotation session-cookie-change-on-failure 
1. Session cookie is updated on previous attempt failure when `session-cookie-change-on-failure = true` (default value is `false`).
2. Added tests to check both cases.
3. Updated docs.

Co-Authored-By: Vladimir Grishin <yadolov@users.noreply.github.com>
 2019-05-27 13:00:07 +03:00
MMeent
73c70e28b4
Clear up some inconsistent / unclear wording 
IPv6 enabled/disabled working was confusing or contradicting itself. This updates the wording to what is expected, based on the default values in the table above, and the behaviour that I could find in code.
 2019-05-21 15:27:58 +02:00
reynaldi.wijaya
d468cd5ec5 UPT: Modify configmap to include jaeger sampler host and jaeger sampler port 2019-05-21 17:54:29 +08:00
Kubernetes Prow Robot
19501b217d
Merge pull request #4089 from alanjcastonguay/docs/use-gzip-configmap-defaults 
Docs: configmap: use-gzip
 2019-05-18 04:09:14 -07:00
Kevin Simper
ddc2ce5c70
Update configmap about adding custom locations 2019-05-17 21:39:40 +02:00
Alan J Castonguay
f5b090518d Docs: configmap: use-gzip 
Move the "gzip-types" value default from the "use-gzip" to the "gzip-types"
heading, and link to it from use-gzip.

Document that the "use-gzip" default is "true", matching the style of other
configmap items.
 2019-05-15 13:09:45 -04:00
okryvoshapka-connyun
4811168d2a Fixed typos 2019-05-06 09:04:12 +02:00
okryvoshapka-connyun
8cc9afe8ee Added Global External Authentication settings to configmap parameters incl. addons 2019-05-03 12:08:16 +02:00
Alex Kursell
ffeb1fe348 Support proxy_next_upstream_timeout 2019-04-15 11:08:57 -04:00
Alex Kursell
4f819b6256 Fix load-balance configmap value 2019-04-01 15:55:36 -04:00
Alex Kursell
d3ac73be79 Remove session-cookie-hash annotation 2019-03-04 10:34:48 -05:00
Mikhail Marchenko
8b3702c829 Enable access log for default backend 
disable log on default_server
 2019-02-26 11:14:31 +03:00
jasongwartz
3865e30a00 Changes CustomHTTPErrors annotation to use custom default backend 
Updates e2e test

Removes focus from e2e test

Fixes renamed function

Adds tests for new template funcs

Addresses gofmt

Updates e2e test, fixes custom-default-backend test by creating service

Updates docs
 2019-02-24 22:48:56 +01:00
Kubernetes Prow Robot
7b2495047f
Merge pull request #3781 from zoumo/proxy-buffer-number 
feat: configurable proxy buffers number
 2019-02-22 12:11:46 -08:00
Jim Zhang
dc63e5d185 fix: rename proxy-buffer-number to proxy-buffers-number 2019-02-22 10:21:17 +08:00
Jim Zhang
81e4440bdb docs: add docs for proxy-buffer-number 2019-02-20 18:07:40 +08:00
Anthony Ho
ec04852526 Create custom annotation for satisfy "value" 2019-02-19 15:58:35 -05:00
Carlos Diaz-Padron
2340738fb9
Add mention of secure-backends to backend-protocol docs 2019-02-11 15:40:36 -08:00
minherz
de2a1ece6d add header-value annotation 
add new annotation (header-value)
parse it and propogate to lua script
alter balancer rule to include it into the canary routing logic
add e2e test to validate fallback for canary-by-header-value
add description of canary-by-header-value to documentation
 2019-01-30 23:23:44 +02:00
Kubernetes Prow Robot
bd248250be
Merge pull request #3702 from stamm/access_logs_params 
Add params for access log
 2019-01-28 07:30:00 -08:00
Tyler Horvath
6824c78c1b
make usage more clear about default-backend annotation 2019-01-26 11:47:19 -07:00
Rustam Zagirov
5dee6af957 add params for access log 2019-01-26 21:42:11 +03:00
Manuel Alejandro de Brito Fontes
b10b60f9ae
Revert max-worker-connections default value (#3660) 2019-01-13 10:53:18 -03:00
Manuel Alejandro de Brito Fontes
0e783b3b82
Add note about SSL Certificate common names 2019-01-10 20:59:50 -03:00
Shai Katz
edd87fbae3 add limit connection status code 
add default conn status code

add missing colon

add limit connection status code
 2019-01-09 19:31:10 +02:00
Diego Woitasen
60b983503b Consistent hashing to a subset of nodes. It works like consistent hash, 
but instead of mapping to a single node, we map to a subset of nodes.
 2019-01-03 01:32:52 -03:00
Kubernetes Prow Robot
71cc6df74f
Merge pull request #3174 from Shopify/rewrite-regex 
Generalize Rewrite Block Creation and Deprecate AddBaseUrl (not backwards compatible)
 2019-01-02 12:30:18 -08:00
ramnes
bf7b5ebd81 Add an option to automatically set worker_connections based on worker_rlimit_nofile 2018-12-27 18:36:19 +01:00
Anish Ramasekar
382049a0bf Adds support for HTTP2 Push Preload annotation 
update test for backendprotocols

Adds support for HTTP2 Push Preload annotation

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@serpro.gov.br>

Adds support for HTTP2 Push Preload annotation

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@serpro.gov.br>

Adds support for HTTP2 Push Preload annotation

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@serpro.gov.br>

Adds support for HTTP2 Push Preload annotation

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@serpro.gov.br>

Adds support for HTTP2 Push Preload annotation

Adds support for HTTP2 Push Preload annotation
 2018-12-24 17:13:25 -02:00
Zenara Daley
67654a6fd5 Generalize Rewrite Block Creation 2018-12-13 13:02:05 -05:00
Roman Gorshunov
f910d96ad1
Annotations doc links: minor fixes and unification 2018-11-28 16:16:15 +01:00