DevFW-CICD/ingress-nginx-helm
14
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
7908 commits 4 branches 217 tags 166 MiB
Commit graph

212 commits

Author SHA1 Message Date
Elvin Efendi
b21c721196 lua-shared-dicts improvements, fixes and documentation 2019-08-14 22:10:56 -04:00
Manuel Alejandro de Brito Fontes
80bd481abb
Only support SSL dynamic mode 2019-08-13 17:33:34 -04:00
Kubernetes Prow Robot
8c472190d1
Merge pull request #4086 from jeroen92/issue-4038 
Resolve #4038, move X-Forwarded-Port variable to the location context
 2019-08-09 08:07:25 -07:00
tals
a2e667c082 lua shared dict from cm 
lua shared dict teml test and update func sign

lua shared dict cm test

lua shared dict integration test

lua shared dict add cm parsing

lua shared dict change test header
 2019-08-08 12:44:11 +03:00
Jeroen Schutrup
8dd912114e
Move X-Forwarded-Port variable to the location context 
Resolves issue #4038 where the X-Forwarded-Port header would be set to the value of the https listening port if all of the following settings were satisfied:
- The ingress controller was started with a non-default HTTPS port set with the `--https-port` argument
- An ingress is created having:
  - the `nginx.ingress.kubernetes.io/auth-url` annotation set
  - TLS enabled

This commit solves this issue by moving the setting of the `pass_server_port` variable from the server, one level down to the location context.
 2019-08-06 17:00:58 +02:00
Moritz Johner
23504db770 feat: auth-req caching 
add a way to configure the `proxy_cache_*` [1] directive for external-auth.
The user-defined cache_key may contain sensitive information
(e.g. Authorization header).
We want to store *only* a hash of that key, not the key itself on disk.

[1] http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cache_key

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
 2019-07-17 18:39:04 +02:00
Manuel Alejandro de Brito Fontes
84102eec2b
Migrate to new networking.k8s.io/v1beta1 package 2019-06-13 11:32:39 -04:00
Jorrit Salverda
f77eaaee50 Add opentracing-operation-name and opentracing-location-operation-name config settings 
With these settings custom span names can be used for the server span and location span

Signed-off-by: Jorrit Salverda <jsalverda@travix.com>
 2019-06-07 14:19:34 +02:00
Kubernetes Prow Robot
251f48b120
Merge pull request #4135 from nicknovitski/deployment-api-appsv1 
Use apps/v1 api group in e2e tests
 2019-05-29 16:50:18 -07:00
Nick Novitski
e1958b8272 Run PodSecurityPolicy E2E test in parallel 
Previously, this test modified a ClusterRole used by _every_ test.  It had to be run serially, with a special teardown function that restored the state of the ClusterRole for any other serial tests.

Now every test gets its own cluster role, which means this test can be safely run in parallel with all the others, without any special teardown.
 2019-05-29 14:13:04 -07:00
Nick Novitski
d617e5abdc Use apps/v1 api group in e2e tests 2019-05-29 12:12:45 -07:00
Manuel Alejandro de Brito Fontes
c2227a058d
Refactor e2e test 2019-05-27 06:31:01 -04:00
Nick Novitski
51ad0bc54b Rearrange deployment files into kustomizations 2019-05-19 12:35:54 -07:00
okryvoshapka-connyun
8cc9afe8ee Added Global External Authentication settings to configmap parameters incl. addons 2019-05-03 12:08:16 +02:00
Elvin Efendi
b13432dbe0 adjust default ssl cert e2e test 2019-04-13 15:00:44 -04:00
Elvin Efendi
1ddf5d2752 regression test for dynamic cert related default-certificate issue 2019-04-09 22:11:21 -04:00
Elvin Efendi
87e962682f properly parse x-forwarded-host 2019-03-31 15:10:45 -04:00
Elvin Efendi
496ff07bf1 replace some of the Nginx configuration to Lua code 2019-03-31 12:04:52 -04:00
Manuel Alejandro de Brito Fontes
14a9e9f3fa
Update dependencies client-go to release-11.0 and kubernetes-1.14.0 2019-03-28 20:43:18 -03:00
Manuel Alejandro de Brito Fontes
5e249d3366
Refactor e2e tests to use the service ClusterIP 2019-02-24 20:04:07 -03:00
Manuel Alejandro de Brito Fontes
8b6e4d4697
Use UsePortInRedirects only if enabled 2019-02-21 17:48:45 -03:00
Alex Kursell
ca74960905 Fix --disable-catch-all 2019-01-25 14:53:55 -05:00
Manuel Alejandro de Brito Fontes
0db09f425d
Refactor e2e tls helper 2019-01-10 20:59:49 -03:00
Maxime Ginters
3fa8395f7f Fix a bug in Ingress update handler 2019-01-08 09:28:42 -05:00
Kubernetes Prow Robot
8f57f9578d
Merge pull request #3586 from Shopify/disable-catch-all 
Add --disable-catch-all option to disable catch-all server
 2019-01-07 07:16:26 -08:00
Kubernetes Prow Robot
29118750be
Merge pull request #3342 from aledbf/allowPrivilegeEscalation 
Allow privilege escalation
 2019-01-02 17:49:39 -08:00
Manuel Alejandro de Brito Fontes
09e2466671
Add support to run e2e tests serially 2019-01-02 15:47:26 -03:00
Manuel Alejandro de Brito Fontes
a73dac2c0b
Fix proxy_host variable configuration 2019-01-02 15:31:27 -03:00
Manuel Alejandro de Brito Fontes
1109db2d09 Add e2e test 2018-12-21 19:30:34 -03:00
Manuel Alejandro de Brito Fontes
9be174738d Add allowPrivilegeEscalation 2018-12-21 19:30:19 -03:00
Maxime Ginters
1678d99a03 Add --disable-catch-all option to disable catch-all server 2018-12-21 13:22:26 -05:00
k8s-ci-robot
710ea8c76f
Merge pull request #3333 from Shopify/dont-trust-by-default 
breaking change: by default do not trust any client
 2018-11-27 05:12:48 -08:00
Manuel Alejandro de Brito Fontes
a51136b863 Refactor assertions 2018-11-18 10:53:05 -03:00
Elvin Efendi
5f3b48e16d breaking change: do not trust x-forwarded-* headers by default 2018-11-13 10:35:59 +04:00
Zenara Daley
8b32c4c326 Restructure load balance e2e tests and update round robin test 2018-11-12 10:19:52 -05:00
Zenara Daley
95db733c12 add e2e test for round robin load balancing 2018-11-09 13:20:33 -05:00
Manuel Alejandro de Brito Fontes
c9668dd40b
Fix e2e tests 2018-10-30 13:35:31 -03:00
k8s-ci-robot
5671c1718f
Merge pull request #3322 from aledbf/tests-cleanup 
Remove e2e boilerplate
 2018-10-30 08:40:23 -07:00
Manuel Alejandro de Brito Fontes
83dc4607c5
Remove e2e boilerplate 2018-10-29 22:38:15 -03:00
Maximilian Bode
c27c57dc8b Add configuration for geoip2 module 
Based on closed PRs #2551, #2755
 2018-10-29 21:25:23 +01:00
k8s-ci-robot
6393ca6aaf
Merge pull request #2997 from StarOfService/global-block-ip-ua-ref 
Provide possibility to block IPs, User-Agents and Referers globally
 2018-09-25 05:51:56 -07:00
Pavel Sinkevych
7212d0081b Provide possibility to block CIDRs, User-Agents and Referers globally 2018-09-25 14:16:20 +03:00
Manuel de Brito Fontes
361f06b791 Join host/port with go helper (supports ipv6) 2018-09-09 16:34:18 -03:00
Elvin Efendi
702fb9bf81 adjust tls settings test 2018-08-22 21:28:03 -04:00
Dario Nieuwenhuis
b5bcb93a4b
Merge branch 'master' into xff 2018-08-16 18:15:14 +02:00
Tom Reznik
b7bcf92480 support configuring multi_accept directive via configmap 2018-08-04 19:20:01 +03:00
Tom Reznik
1bacf1655e support custom configuration to main context of nginx config 2018-08-04 00:53:06 +03:00
Brian Findlay
d59e3ee9dd Update server-tokens tests 2018-06-23 10:08:39 -04:00
Manuel de Brito Fontes
1d6e2dfd5c Add e2e test for configmap change and reload 2018-06-21 10:52:56 -04:00
Dario Nieuwenhuis
04d24e1ff7 Switch forwarded-headers e2e to use gorequest. 2018-06-13 21:10:33 +02:00
Dario Nieuwenhuis
fa626a605f Add use-forwarded-headers e2e test. 2018-06-12 21:33:53 +02:00
Manuel de Brito Fontes
ff3e182350 Add support for grpc_set_header 2018-05-17 08:35:11 -04:00
Antoine Cotten
ca423e1567
Add tests for global TLS settings 2018-04-27 23:24:23 +02:00
Antoine Cotten
553df8a0cc
Refactor e2e framework for TLS tests 2018-04-27 23:24:22 +02:00
Manuel de Brito Fontes
62a80a39ad
Remove most of the time.Sleep from the e2e tests 2018-04-19 17:48:50 -03:00
Andrew Louis
444914b764 Move the resetting logic into framework 
Stylistic fixes based on feedback
 2018-04-18 11:48:22 -04:00
Andrew Louis
19337f05fb Introduce ConfigMap updating helpers into e2e/framework and retain default nginx-configuration state between tests 
Group sublogic
 2018-04-17 15:08:26 -04:00
AdamDang
e519edc76f
Correct some returned messages in server_tokens.go 
should not exists->should not exist
should exists->should exist
 2018-04-15 23:42:38 +08:00
Alvaro Aleman
e7aa74b5d4 Add NoAuthLocations and default it to "/.well-known/acme-challenge" (#2243) 
* Add NoAuthLocations and default it to "/.well-known/acme-challenge"

* Add e2e tests for no-auth-location

* Improve wording of no-auth-location tests
 2018-04-01 21:02:34 -03:00
Manuel de Brito Fontes
62622f6516 Clenup tests 2018-01-23 21:11:56 -03:00
Manuel Alejandro de Brito Fontes
807932259e
If server_tokens is disabled remove the Server header (#1903) 
* If server_tokens is disabled remove the Server header

* Add server-tokens tests

* Fix tests
 2018-01-17 10:26:53 -02:00
Manuel de Brito Fontes
57f43989fd Add e2e tests to verify the correct source IP address 2017-11-13 17:26:13 -03:00