DevFW-CICD/ingress-nginx-helm
14
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
7908 commits 4 branches 217 tags 166 MiB
Commit graph

212 commits

Author SHA1 Message Date
Ricardo Katz
4dfb3f2e9a
Fix tls1.0 test (#8632) 
* Fix tls1.0 test

* fix algorithm
 2022-05-25 17:49:22 -07:00
Maksim Nabokikh
2c27e66cc7
feat: always set auth cookie (#8213) 
* feat: always set auth cookie

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>

* feat: Add annotation to always set auth cookie

* Add annotation
* Add global configmap key
* Provide unit tests and e2e tests
* Fix e2e documentation autogen script

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>

* Regenerate e2e tests

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2022-05-19 15:27:53 -07:00
sskserk
d4b9b486e6
Upstream keepalive time (#8319) 
* nginx 1.19.10 keepalive_time parameter

* nginx v1.19.10 base image

* keepalive_time documentation

* base image

* restore base image

* e2e test

* replace default value in test
 2022-04-15 04:09:10 -07:00
Ricardo Katz
3def835a6a
Jail/chroot nginx process inside controller container (#8337) 
* Initial work on chrooting nginx process

* More improvements in chroot

* Fix charts and some file locations

* Fix symlink on non chrooted container

* fix psp test

* Add e2e tests to chroot image

* Fix logger

* Add internal logger in controller

* Fix overlay for chrooted tests

* Fix tests

* fix boilerplates

* Fix unittest to point to the right pid

* Fix PR review
 2022-04-08 21:48:04 -07:00
Damien Mathieu
dcd552ceb5
use functional options to reduce number of methods creating an EchoDeployment (#8199) 2022-02-02 05:12:22 -08:00
Jintao Zhang
53ac0ddd42
Using Go install for misspell (#8191) 
* chore: using go install misspell

Signed-off-by: Jintao Zhang <zhangjintao9020@gmail.com>

* chore: fix typo

Signed-off-by: Jintao Zhang <zhangjintao9020@gmail.com>
 2022-01-26 18:52:50 -08:00
Tobias Salzmann
ce9deaa332
Add stream-snippet as a ConfigMap and Annotation option (#8029) 
* stream snippet

* gofmt -s
 2021-12-23 11:46:30 -08:00
James Strong
d4a6ade65f
update default block list,docs, tests (#7942) 
* update default block list,docs, tests

* fix config for admin test

* gofmt

* remove the err return
 2021-11-23 09:06:17 -08:00
zryfish
7203a0b8bd
support watch namespaces matched namespace selector (#7472) 
skip caching namespaces at cluster scope if only watching single namespace

add --watch-namespace-selector in user guide

add e2e test
 2021-11-12 11:46:28 -08:00
Ricardo Katz
67e13bf692
Add option to sanitize annotation inputs (#7874) 
* Add option to sanitize annotation inputs

* Fix e2e tests after string sanitization

* Add proxy_pass and serviceaccount as denied values
 2021-11-12 11:40:30 -08:00
Rahil Patel
c8ab4dc307
add brotli-min-length configuration option (#7854) 
* add `brotli-min-length` configuration option

* add e2e tests for brotli

* include check for expected content type

* fix header and format
 2021-11-02 04:52:59 -07:00
Matthew Silverman
7d5452d00b
configmap: option to not trust incoming tracing spans (#7045) 
* validate the sender of tracing spans

* add location-specific setting
 2021-10-24 14:36:21 -07:00
Ricardo Katz
97e39e79e2
Add e2e test for non ingressclass enabled ingress (#7785) 2021-10-10 16:18:37 -07:00
Ricardo Katz
4fc57dcc49
Change enable-snippet to allow-snippet-annotation (#7670) 
Signed-off-by: Ricardo Pchevuzinske Katz <rkatz@vmware.com>
 2021-09-20 16:52:23 -07:00
Ricardo Katz
5e6ab651ec
Add option to force enabling snippet directives (#7665) 
Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>
 2021-09-19 12:40:08 -07:00
Ricardo Katz
cda59ccc9c
Add new flag to watch ingressclass by name instead of spec (#7609) 2021-09-10 10:14:01 -07:00
Elvin Efendi
33061b8cdf
put modsecurity e2e tests into their own packages (#7560) 2021-09-07 10:35:22 -07:00
Ricardo Katz
90c79689c4
Release v1 (#7470) 
* Drop v1beta1 from ingress nginx (#7156)

* Drop v1beta1 from ingress nginx

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* Fix intorstr logic in controller

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* fixing admission

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* more intorstr fixing

* correct template rendering

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* Fix e2e tests for v1 api

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* Fix gofmt errors

* This is finally working...almost there...

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* Re-add removed validation of AdmissionReview

* Prepare for v1.0.0-alpha.1 release

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* Update changelog and matrix table for v1.0.0-alpha.1 (#7274)

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* add docs for syslog feature (#7219)

* Fix link to e2e-tests.md in developer-guide (#7201)

* Use ENV expansion for namespace in args (#7146)

Update the DaemonSet namespace references to use the `POD_NAMESPACE` environment variable in the same way that the Deployment does.

* chart: using Helm builtin capabilities check (#7190)

Signed-off-by: Jintao Zhang <zhangjintao9020@gmail.com>

* Update proper default value for HTTP2MaxConcurrentStreams in Docs (#6944)

It should be 128 as documented in https://github.com/kubernetes/ingress-nginx/blob/master/internal/ingress/controller/config/config.go#L780

* Fix MaxWorkerOpenFiles calculation on high cores nodes (#7107)

* Fix MaxWorkerOpenFiles calculation on high cores nodes

* Add e2e test for rlimit_nofile

* Fix doc for max-worker-open-files

* ingress/tcp: add additional error logging on failed (#7208)

* Add file containing stable release (#7313)

* Handle named (non-numeric) ports correctly (#7311)

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

* Updated v1beta1 to v1 as its deprecated (#7308)

* remove mercurial from build (#7031)

* Retry to download maxmind DB if it fails (#7242)

* Retry to download maxmind DB if it fails.

Signed-off-by: Sergey Shakuto <sshakuto@infoblox.com>

* Add retries count arg, move retry logic into DownloadGeoLite2DB function

Signed-off-by: Sergey Shakuto <sshakuto@infoblox.com>

* Reorder parameters in DownloadGeoLite2DB

Signed-off-by: Sergey Shakuto <sshakuto@infoblox.com>

* Remove hardcoded value

Signed-off-by: Sergey Shakuto <sshakuto@infoblox.com>

* Release v1.0.0-alpha.1

* Add changelog for v1.0.0-alpha.2

* controller: ignore non-service backends (#7332)

* controller: ignore non-service backends

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

* update per feedback

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

* fix: allow scope/tcp/udp configmap namespace to altered (#7161)

* Lower webhook timeout for digital ocean (#7319)

* Lower webhook timeout for digital ocean

* Set Digital Ocean value controller.admissionWebhooks.timeoutSeconds to 29

* update OWNERS and aliases files (#7365) (#7366)

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

* Downgrade Lua modules for s390x (#7355)

Downgrade Lua modules to last known working version.

* Fix IngressClass logic for newer releases (#7341)

* Fix IngressClass logic for newer releases

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* Change e2e tests for the new IngressClass presence

* Fix chart and admission tests

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* Fix helm chart test

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* Fix reviews

* Remove ingressclass code from admission

* update tag to v1.0.0-beta.1

* update readme and changelog for v1.0.0-beta.1

* Release v1.0.0-beta.1 - helm and manifests (#7422)

* Change the order of annotation just to trigger a new helm release (#7425)

* [cherry-pick] Add dev-v1 branch into helm releaser (#7428)

* Add dev-v1 branch into helm releaser (#7424)

* chore: add link for artifacthub.io/prerelease annotations

Signed-off-by: Jintao Zhang <zhangjintao9020@gmail.com>

Co-authored-by: Ricardo Katz <rikatz@users.noreply.github.com>

* k8s job ci pipeline for dev-v1 br v1.22.0 (#7453)

* k8s job ci pipeline for dev-v1 br v1.22.0

Signed-off-by: Neha Lohia <nehapithadiya444@gmail.com>

* k8s job ci pipeline for dev-v1 br v1.21.2

Signed-off-by: Neha Lohia <nehapithadiya444@gmail.com>

* remove v1.21.1 version

Signed-off-by: Neha Lohia <nehapithadiya444@gmail.com>

* Add controller.watchIngressWithoutClass config option (#7459)

Signed-off-by: Akshit Grover <akshit.grover2016@gmail.com>

* Release new helm chart with certgen fixed (#7478)

* Update go version, modules and remove ioutil

* Release new helm chart with certgen fixed

* changed appversion, chartversion, TAG, image (#7490)

* Fix CI conflict

* Fix CI conflict

* Fix build.sh from rebase process

* Fix controller_test post rebase

Co-authored-by: Tianhao Guo <rggth09@gmail.com>
Co-authored-by: Ray <61553+rctay@users.noreply.github.com>
Co-authored-by: Bill Cassidy <cassid4@gmail.com>
Co-authored-by: Jintao Zhang <tao12345666333@163.com>
Co-authored-by: Sathish Ramani <rsathishx87@gmail.com>
Co-authored-by: Mansur Marvanov <nanorobocop@gmail.com>
Co-authored-by: Matt1360 <568198+Matt1360@users.noreply.github.com>
Co-authored-by: Carlos Tadeu Panato Junior <ctadeu@gmail.com>
Co-authored-by: Kundan Kumar <kundan.kumar@india.nec.com>
Co-authored-by: Tom Hayward <thayward@infoblox.com>
Co-authored-by: Sergey Shakuto <sshakuto@infoblox.com>
Co-authored-by: Tore <tore.lonoy@gmail.com>
Co-authored-by: Bouke Versteegh <info@boukeversteegh.nl>
Co-authored-by: Shahid <shahid@us.ibm.com>
Co-authored-by: James Strong <strong.james.e@gmail.com>
Co-authored-by: Long Wu Yuan <longwuyuan@gmail.com>
Co-authored-by: Jintao Zhang <zhangjintao9020@gmail.com>
Co-authored-by: Neha Lohia <nehapithadiya444@gmail.com>
Co-authored-by: Akshit Grover <akshit.grover2016@gmail.com>
 2021-08-21 13:42:00 -07:00
Tom Hayward
c9d5b21a65 fix: discover mounted geoip db files (#7228) 
* fix: discover mounted geoip db files

* add test

* fix runtime reload of config.MaxmindEditionFiles

* add e2e test

* log missing geoip2 db
 2021-08-10 11:24:39 -07:00
Ricardo Katz
d226d831bd Update go version, modules and remove ioutil 2021-08-06 14:15:21 -03:00
Ricardo Katz
f5c80783bf
[Cherry Pick] - Add configuration to disable external name service feature (#7314) (#7321) 
* Add configuration to disable external name service feature (#7314)

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* Fix CI files
 2021-07-05 21:50:18 -07:00
Matthew Silverman
9b00a4912f set x-forwarded-scheme like x-forwarded-proto 2021-05-13 09:26:27 -04:00
Mahnoor Mehboob
2503b23b09 Alter e2e test for disable_catch_all.go 2021-04-22 12:01:41 -04:00
Matthew Silverman
71c8ef119d add support for the jaeger propagation format 
adding default, testing w3c traceparent is propagated
 2021-03-26 12:33:24 -04:00
Matthew Silverman
a6442fbadb remove test, getaddrinfo fails for tcp in test 2021-02-19 15:04:33 -05:00
Matthew Silverman
28280de175 jaeger-endpoint configmap attribute 2021-02-18 17:29:35 -05:00
Elvin Efendi
e0dece48f7 Add Global Rate Limiting support 2021-01-04 17:47:07 -05:00
Manuel Alejandro de Brito Fontes
d9af197e62
Remove dead code 2020-12-27 22:26:51 -03:00
Manuel Alejandro de Brito Fontes
789021e4f6 Avoid ingress class creation if k8s < 1.18 2020-10-29 19:34:05 -03:00
Manuel Alejandro de Brito Fontes
7f991eef84 Update sqlite cfssl database 2020-10-29 19:34:05 -03:00
Manuel Alejandro de Brito Fontes
703c2d6f8e Enable validation of ingress definitions from extensions package 2020-10-26 10:50:44 -03:00
Kubernetes Prow Robot
524c3a50ea
Merge pull request #6037 from aledbf/redirect 
Do not append a trailing slash on redirects
 2020-10-08 11:51:06 -07:00
Manuel Alejandro de Brito Fontes
104fdab2f6 Refactor TLS e2e tests 2020-09-30 14:42:15 -03:00
Manuel Alejandro de Brito Fontes
4cda9787b8
Cleanup proxy protocol e2e test 2020-09-29 22:39:30 -03:00
Manuel Alejandro de Brito Fontes
493dd6726d
Replace request_uri 2020-09-27 20:26:39 -03:00
Manuel Alejandro de Brito Fontes
29ea30a4e8 Add events for NGINX reloads 2020-09-27 17:16:09 -03:00
Manuel Alejandro de Brito Fontes
87aa96b468 Change server-tokens default value to false 2020-09-17 09:52:07 -03:00
Elvin Efendi
8e83d4e84a delete redundant NGINX config about X-Forwarded-Proto 2020-09-15 13:22:26 -04:00
Manuel Alejandro de Brito Fontes
ccb1eb4925 Add e2e tests to verify opentracing libraries 2020-09-08 16:20:03 -03:00
agile6v
609e1b5775 feat: support to define trusted addresses for proxy protocol in stream block 2020-08-28 14:37:16 +08:00
Manuel Alejandro de Brito Fontes
8102fff242 Switch images to k8s.gcr.io after Vanity Domain Flip 2020-08-26 22:07:22 -04:00
Manuel Alejandro de Brito Fontes
7fe5eccbc6 Rollback to Poll instead of PollImmediate 2020-08-20 20:50:51 -04:00
Manuel Alejandro de Brito Fontes
3d163e585a Fix flaky e2e test 2020-08-20 08:14:19 -04:00
Bernard Van De Walle
f3537204d2 Adding Zipkin collector to the E2E opentracing test as it is required to load at least one tracer to enable opentracing 
Work on PR comments
Add tests for template builder

Signed-off-by: Bernard Van De Walle <bernard.vandewalle@getcruise.com>
 2020-07-23 15:25:50 -07:00
Bernard Van De Walle
2baca9e32a Merge branch 'add-opentracing-operation-name-settings' of https://github.com/JorritSalverda/ingress-nginx into add-opentracing-operation-name-settings 2020-07-23 11:42:44 -07:00
David Schwartz
d52141c2b9 Add enable-real-ip 2020-07-15 15:25:29 -04:00
Kubernetes Prow Robot
baa2b2cd33
Merge pull request #5709 from agile6v/master 
fix: remove duplicated X-Forwarded-Proto header.
 2020-07-02 17:50:47 -07:00
Manuel Alejandro de Brito Fontes
b392fed580 Test pull requests using github actions 2020-07-02 20:12:05 -04:00
Manuel Alejandro de Brito Fontes
ff60aa9e2b Switch to promoted e2e images in gcr 2020-06-30 19:43:21 -04:00
Manuel Alejandro de Brito Fontes
10dcf0db15 Remove unused variables and verbose e2e logs 2020-06-29 18:11:01 -04:00
Manuel Alejandro de Brito Fontes
1539a24c7b Start using e2e test images from gcr.io 2020-06-27 11:36:17 -04:00
agile6v
e8aaa15ce8 Remove duplicated X-Forwarded-Proto header. 2020-06-25 11:11:00 +08:00
Manuel Alejandro de Brito Fontes
3d3efaab29 Fix proxy_protocol duplication in listen definition 2020-06-09 15:00:59 -04:00
agile6v
fc1c043437 Add http-access-log-path and stream-access-log-path options in configMap 2020-06-05 01:27:26 +08:00
Mark Janssen
639a8c7871 Enable TLSv1.3 by default 
Fix for 049b25e566 which mistakenly only
updated documentation.
 2020-05-08 12:40:11 +02:00
Manuel Alejandro de Brito Fontes
efbb3f9fc8 Add support for IngressClass and ingress.class annotation 2020-04-22 09:15:32 -04:00
Manuel Alejandro de Brito Fontes
e9bd1d8b1f Add new cfssl image and update e2e tests to use it 2020-04-17 16:41:50 -04:00
Manuel Alejandro de Brito Fontes
d18fa90cfd Add e2e test for OCSP and new configmap setting 2020-04-17 12:53:47 -04:00
Elvin Efendi
129df3892c adjust e2e test 2020-04-14 10:27:38 -04:00
Manuel Alejandro de Brito Fontes
c0db19b0ec Enable configuration of plugins using configmap 2020-04-13 11:38:42 -04:00
Manuel Alejandro de Brito Fontes
a46126a034 Update client-go methods to support context and and new create and delete options 2020-03-27 19:52:51 -03:00
Manuel Alejandro de Brito Fontes
7627757081
Cleanup of chart labels (#5258) 2020-03-18 08:35:29 -03:00
Balazs Szekeres
12fe318fdb Added test case for proxy connect, read, and send timeout from setting them via Nginx configmap. 2020-03-02 09:36:52 +01:00
Balazs Szekeres
6757224996 Refactored test/e2e/annotations/proxy.go 2020-02-27 16:03:28 +01:00
Kubernetes Prow Robot
380840f27e
Merge pull request #5145 from szombi/e2e-hsts-fix 
Refactor the HSTS related test file and add config check to the HSTS tests
 2020-02-21 07:08:35 -08:00
Sandor Szombat
1906832bc5 Rework the hsts related test file 2020-02-21 14:25:18 +01:00
Balazs Szekeres
0986ea8f18 Added configmap test ssl-ciphers. 2020-02-20 20:43:43 +01:00
Kubernetes Prow Robot
f4454612cb
Merge pull request #5109 from SzekeresB/dev/limit-rate-tc 
Added basic limit-rate configmap test.
 2020-02-20 06:55:04 -08:00
Kubernetes Prow Robot
b6516344bf
Merge pull request #5103 from SzekeresB/dev/no-tls-redirect-location 
Added configmap test for no-tls-redirect-locations
 2020-02-20 06:23:02 -08:00
Balazs Szekeres
122bf02489 Added configmap test for no-tls-redirect-locations 2020-02-20 14:54:41 +01:00
Balazs Szekeres
c47aa3cac7 Added basic limit-rate configmap test. 2020-02-20 14:22:26 +01:00
Sandor Szombat
d149382743 Add upstream keep alive tests 2020-02-20 09:59:36 +01:00
Manuel Alejandro de Brito Fontes
57fcbdfb73
Lint go code (#5132) 2020-02-19 21:43:14 -03:00
Kubernetes Prow Robot
f6cbf3e735
Merge pull request #5117 from szombi/e2e-hash-size 
Hash size e2e check test case
 2020-02-19 15:44:30 -08:00
Manuel Alejandro de Brito Fontes
f9624cbe46 Refactor e2e tests to use testify y httpexpect 2020-02-19 19:42:50 -03:00
Sandor Szombat
bd23b815bd Add hash size check tc 2020-02-19 09:27:53 +01:00
Sandor Szombat
0b1efdb549 Add reuse-port config check tc 2020-02-18 10:09:34 +01:00
Kubernetes Prow Robot
9a52f12b19
Merge pull request #5101 from szombi/e2e-keep-alive 
Add keep-alive config check test
 2020-02-17 11:27:29 -08:00
Sandor Szombat
2400febc48 Add keep-alive config check test 2020-02-17 15:04:43 +01:00
Sandor Szombat
8470a06174 Add log-format related tests 2020-02-17 14:52:35 +01:00
Manuel Alejandro de Brito Fontes
cc318cdec1
Cleanup and standardization of e2e test definitions (#5090) 2020-02-16 15:27:58 -03:00
Manuel Alejandro de Brito Fontes
37c24b0df5
Migration e2e installation to helm (#5086) 2020-02-16 11:58:37 -03:00
Balazs Szekeres
6206adf188 Added 'Add headers' configmap parameter testcase. 2020-02-14 19:56:43 +01:00
Manuel Alejandro de Brito Fontes
0197ea0dc4 Remove empty BeforeEach and AfterEach from e2e tests 2020-02-13 15:33:14 -03:00
Ilya Nemakov
46a3e0a6fd Fix X-Forwarded-Proto based on proxy-protocol server port 2020-02-10 18:08:34 +03:00
Boris Djurdjevic
665f924e9e Add proxy protocol support for X-Forwarded-Port 
Fixes https://github.com/kubernetes/ingress-nginx/issues/4951
 2020-01-24 13:50:35 +01:00
Manuel Alejandro de Brito Fontes
2af6305a4f Fix flaking e2e tests 2020-01-05 14:08:56 -03:00
Manuel Alejandro de Brito Fontes
1f2820a343 GeoIP test are temporarily disabled 2020-01-04 15:17:24 -03:00
Manuel Alejandro de Brito Fontes
5c30820d1f Remove hard-coded annotation and don't use map pointers 2019-12-13 03:05:20 -03:00
Manuel Alejandro de Brito Fontes
c2550930b1 Fix e2e test flakes 2019-12-13 01:34:52 -03:00
Manuel Alejandro de Brito Fontes
0dce5be743 Migrate ingress definitions from extensions to networking.k8s.io 2019-12-12 21:25:00 -03:00
Elvin Efendi
49ba53b7b6 regression test for duplicate hsts 2019-12-12 13:45:43 -05:00
Kubernetes Prow Robot
fb025ab501
Merge pull request #4087 from MRoci/master 
Define Modsecurity Snippet via ConfigMap
 2019-09-30 15:19:32 -07:00
Andrea Spacca
e84c8cd705 ISSUE-4244 e2e test 2019-09-29 23:28:44 +02:00
MRoci
1ee081ccc8
test modsecurity-snippet 2019-09-28 09:54:10 +02:00
Elvin Efendi
799f0ae76d more meaningful assertion for tls hsts test 2019-09-24 15:39:20 -04:00
Manuel Alejandro de Brito Fontes
ce3e3d51c3
WIP Remove nginx unix sockets (#4531) 
* Remove nginx unix sockets
* Use an emptyDir volume for /tmp in PSP e2e tests
 2019-09-08 18:14:54 -03:00
Manuel Alejandro de Brito Fontes
c85450c1e7
Remove hard-coded names from e2e test and use local docker dependencies (#4502) 2019-09-01 14:16:52 -04:00
Manuel Alejandro de Brito Fontes
fcd3054f13
Lint code using staticcheck (#4471) 2019-08-23 12:08:40 -04:00
Manuel Alejandro de Brito Fontes
23ed3ba4c4
Fix file permissions to support volumes 2019-08-15 20:48:37 -04:00