DevFW-CICD/ingress-nginx-helm
12
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
2699 commits 4 branches 217 tags 166 MiB
Commit graph

112 commits

Author SHA1 Message Date
Elvin Efendi
44ddd8abba force backend sync when worker starts 2018-05-14 17:08:23 -04:00
Elvin Efendi
992a68de23 upstream-hash-by should override load-balance annotation 2018-05-10 13:47:19 -04:00
Elvin Efendi
6cb28e059c use roundrobin from lua-resty-balancer library and refactor balancer.lua 2018-05-10 13:47:19 -04:00
Elvin Efendi
51cf184c51 always use x-request-id 2018-04-28 00:31:23 -04:00
Elvin Efendi
2ce9196ecf upstream-hash-by annotation support for dynamic configuraton mode 2018-04-27 14:28:43 -04:00
JordanP
c995031ffd Add annotation to enable rewrite logs in a location 2018-04-27 17:50:14 +02:00
Adam Netočný
8b6f043fd8 Add buffer configuration to external auth location config 2018-04-26 16:04:12 +02:00
k8s-ci-robot
9533aa45cc
Merge pull request #2408 from Shopify/updated-buffered-backends 
Read backends data even if buffered to temp file
 2018-04-24 14:09:02 -07:00
Andrew Louis
d3d383d1cc Endpoint Awareness: Read backends data from tmp file as well 
Actually read from the file

Logs probably shouldn't assume knowledge of implementation detail

Typos

Added integration test, and dynamic update config refactor

Don't force the 8k default

Minimal test case to make the configuration/backends request body write to temp file

Leverage new safe config updating methods, and use 2 replicas instead of 4

Small refactor

Better integration test, addresses other feedback

Update bindata
 2018-04-24 15:07:59 -04:00
Zenara Daley
0d0d33aec9 add balancer unit tests 2018-04-24 12:10:57 -04:00
Zenara Daley
4f9865529a Add busted unit testing framework for lua code 2018-04-23 10:46:28 -04:00
Nick Novitski
8886b8a50e Add vts-sum-key config flag 2018-04-17 11:39:32 -07:00
Giancarlo Rubio
c60ed24f4b Detect if header injected request_id before creating one 2018-04-17 15:49:35 +02:00
Bastian Hofmann
1c17962ba0 Add proxy-add-original-uri-header config flag 
This makes it configurable if a location adds an X-Original-Uri header to the backend request. Default is "true", the current behaviour.
 2018-04-16 12:34:26 +02:00
k8s-ci-robot
8855460817
Merge pull request #2341 from Shopify/custom-sticky 
Add session affinity to custom load balancing
 2018-04-12 17:22:59 -07:00
Zenara Daley
4b11fe4d25 Fix nginx template 2018-04-12 15:43:13 -04:00
Zenara Daley
6ed256dde6 Add session affinity to custom load balancing 2018-04-12 14:21:42 -04:00
Zenara Daley
4b76ad14bb Fix buildupstream name to work with dynamic session affinity 2018-04-12 14:01:46 -04:00
oilbeater
1be1f658b4 disable lua for arch s390x and ppc64le 
LuaJIT is not available for s390x and ppc64le, disable the lua part in nginx.tmpl on these platform.
 2018-04-12 08:30:56 +08:00
Elvin Efendi
d6eb44376d run lua-resty-waf in different modes (#2317) 
* run lua-resty-waf in different modes

* update docs
 2018-04-09 09:19:13 -03:00
Elvin Efendi
bad8295a42 extra waf rules per ingress (#2315) 
* extra waf rules per ingress

* document annotation nginx.ingress.kubernetes.io/lua-resty-waf-extra-rules

* regenerate internal/file/bindata.go
 2018-04-09 07:14:30 -03:00
Elvin Efendi
16faf309ca annotation to ignore given list of WAF rulesets (#2314) 2018-04-08 22:55:23 -03:00
Elvin Efendi
a6fe800a47 lua-resty-waf controller (#2304) 2018-04-08 17:37:13 -03:00
Manuel Alejandro de Brito Fontes
b17ed7b6fd
Configure upload limits for setup of lua load balancer (#2309) 2018-04-08 15:47:49 -03:00
Manuel Alejandro de Brito Fontes
1c65320618
Add verification of lua load balancer to health check (#2308) 2018-04-08 15:24:37 -03:00
Manuel Alejandro de Brito Fontes
dd2bc91018
Fix HSTS without preload (#2294) 2018-04-04 23:17:51 -03:00
Alvaro Aleman
e7aa74b5d4 Add NoAuthLocations and default it to "/.well-known/acme-challenge" (#2243) 
* Add NoAuthLocations and default it to "/.well-known/acme-challenge"

* Add e2e tests for no-auth-location

* Improve wording of no-auth-location tests
 2018-04-01 21:02:34 -03:00
Elvin Efendi
931e541fb7 Fix bug when auth req is enabled(external authentication) (#2280) 
* set proxy_upstream_name correctly when auth_req module is used

* log a more meaningful message when backend is not found
 2018-03-30 14:19:33 -03:00
Manuel Alejandro de Brito Fontes
146db43794
Disable opentracing for nginx internal urls (#2272) 2018-03-29 13:47:13 -03:00
Oilbeater
c6c219a7d1 clean up tmpl (#2263) 
The nginx.conf generated now is too messy remove some section only useful when dynamic configure enabled and headers only useful for https.
 2018-03-29 09:36:00 -03:00
Sylvain Rabot
385368990c Managing a whitelist for _/nginx_status (#2187) 
Signed-off-by: Sylvain Rabot <s.rabot@lectra.com>
 2018-03-28 09:27:34 -03:00
Zenara Daley
6e099c5f57 Add EWMA as configurable load balancing algorithm (#2229) 2018-03-23 12:06:21 -03:00
Oilbeater
0b0a274a9a fix: cannot set $service_name if use rewrite (#2220) 
$path here is the regular expression formatted nginx location not the origin path in ingress rules. Fix https://github.com/kubernetes/ingress-nginx/issues/2131
 2018-03-22 09:43:45 -03:00
halfcrazy
b45ee8d85f Add missing configuration in #2235 (#2236) 2018-03-22 08:53:29 -03:00
maxlaverse
8575769781 Make proxy_next_upstream_tries configurable (#2232) 
* Make proxy_next_upstream_tries configurable

* Code generation
 2018-03-22 08:12:36 -03:00
halfcrazy
4f5fa47d27 add proxy header ssl-client-issuer-dn, fix #2178 (#2235) 2018-03-22 01:38:47 -03:00
Elvin Efendi
634959fd79 do not hardcode keepalive for upstream_balancer (#2227) 2018-03-21 00:42:22 -03:00
Elvin Efendi
08252e2eef allow ipv6 localhost when enabled (#2210) 2018-03-19 13:32:55 -03:00
Manuel Alejandro de Brito Fontes
6b7491f432
Fix dynamic configuration when custom errors are enabled (#2212) 2018-03-19 12:55:17 -03:00
turettn
de30e53d62 Expose SSL client cert data to external auth provider. (#2078) 2018-03-19 09:30:36 -03:00
Alvaro Aleman
94deb3a01a Add configoption to exclude routes from tls upgrading (#2203) 
* Add configoption to exclude routes from tls upgrading

* Add tests for IsLocationInLocationList

* Seperate elements in NoTLSRedirectLocations by comma

* Set NoTLSRedirectLocations to "/.well-known/acme-challenge/" by default

* Remove trailing slash from "/.well-known/acme-challenge" default
 2018-03-18 17:44:59 -03:00
halfcrazy
977cfcb4c7 add luacheck to lint lua files (#2205) 2018-03-18 13:31:49 -03:00
Oilbeater
5c02d700cb Allow config to disable geoip (#2202) 
For a offline or private cloud environment, geoip is not needed.
Implementing https://github.com/kubernetes/ingress-nginx/issues/2179
 2018-03-18 13:30:05 -03:00
Elvin Efendi
c90a4e811e Live Nginx (re)configuration without reloading (#2174) 2018-03-18 10:13:41 -03:00
Oilbeater
41cefeb178 Add worker-cpu-affinity nginx option (#2201) 
worker_cpu_affinity is a common optimization method for improving nginx performance, adding this as a custom configuration. Also fix some format issues found during editing.
 2018-03-16 13:32:45 -03:00
Elvin Efendi
36cce00fdd configuring load balancing per ingress (#2167) 
* configure load balancing through a ingress annotation

* update docs
 2018-03-09 13:09:41 -08:00
Manuel Alejandro de Brito Fontes
3c67976969
In case of TLS errors do not allow traffic (#2146) 2018-02-25 17:20:14 -03:00
Manuel Alejandro de Brito Fontes
216fe01a07
Add option in the configuration configmap to enable remote logging (syslog) (#2145) 2018-02-25 12:47:14 -03:00
Manuel Alejandro de Brito Fontes
0dee303ac2
Add annotation to disable logs in a location (#2144) 2018-02-25 11:38:54 -03:00
Manuel Alejandro de Brito Fontes
edb3be64ea
Only add HSTS headers in HTTPS (#2143) 2018-02-25 11:18:42 -03:00