DevFW-CICD/ingress-nginx-helm
12
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
366 commits 4 branches 217 tags 166 MiB
Commit graph

292 commits

Author SHA1 Message Date
Manuel de Brito Fontes
25bf00a1fc Add docs about the log format 2016-09-29 22:16:32 -03:00
Jeremy Whitlock
0373ce6f31 ingress/controllers/nginx: WebSocket documentation 
For those that do not understand the default way in which nginx proxies
requests not containing a "Connection" header, the approach for enabling
WebSocket support might not make sense.  This commit adds documentation
that explains why things are done this way.
 2016-09-29 15:42:46 -06:00
Kubernetes Submit Queue
90d8402293 Merge pull request #1802 from aledbf/fix-vars 
Automatic merge from submit-queue

[nginx-ingress-controller] Initialize proxy_upstream_name variable

fixes #1801
 2016-09-29 11:28:25 -07:00
Manuel de Brito Fontes
75dd1d3c6a Initialize proxy_upstream_name variable 2016-09-29 14:53:54 -03:00
Kubernetes Submit Queue
e9b160c519 Merge pull request #1772 from aledbf/check-new-error 
Automatic merge from submit-queue

[nginx-ingress-controller] Avoid replacing nginx.conf file with invalid content
 2016-09-28 18:08:20 -07:00
Manuel de Brito Fontes
db3388e777 Avoid replacing nginx.conf file if the new configuration is invalid 2016-09-28 21:35:20 -03:00
George G
963081375b ingress/controllers/README.md: Fix a link 2016-09-28 16:32:20 +01:00
Kubernetes Submit Queue
d6e8d89108 Merge pull request #1771 from bprashanth/ing_0.8.0 
Automatic merge from submit-queue

Bump glbc to 0.8.0

Don't think this hits the bar for 1.4.0, but hopefully it can make 1.4.1. The version bump is for the godep update that fixes an issue with the throttling workqueue (https://github.com/kubernetes/kubernetes/pull/31396). I should've done this sooner, dropped it.

Also fixes https://github.com/kubernetes/contrib/issues/1776 and https://github.com/kubernetes/contrib/issues/1783
 2016-09-27 14:39:04 -07:00
Manuel de Brito Fontes
e74b8039a5 Add annotation to add CORS support 2016-09-27 13:35:57 -03:00
Kubernetes Submit Queue
b49a91965c Merge pull request #1786 from aledbf/custom-funcs-docs 
Automatic merge from submit-queue

[nginx-ingress-controller] Add docs about go template

Address https://github.com/kubernetes/contrib/pull/1711#issuecomment-249474385
 2016-09-26 15:44:20 -07:00
Kubernetes Submit Queue
741ac710cd Merge pull request #1749 from aledbf/cloud-health-check 
Automatic merge from submit-queue

[nginx-ingress-controller] Readiness probe that works behind a CP lb

fixes #1507
 2016-09-26 15:44:12 -07:00
Manuel de Brito Fontes
428d8e3a85 Add docs about go template 2016-09-26 11:41:29 -03:00
Kubernetes Submit Queue
d90ceb7f3c Merge pull request #1711 from aledbf/add-helper-to-funcmap 
Automatic merge from submit-queue

[nginx-ingress-controller]: Add function helpers to nginx template

fixes #1695
 2016-09-25 21:03:32 -07:00
bprashanth
e30bbdfe2c Don't reconcile health checks after first create. 2016-09-23 14:22:22 -07:00
bprashanth
d99efea804 Don't consider pods cross namespace for health checks 2016-09-22 14:56:50 -07:00
Brad Bowman
c33d05a467 Fix link to auth example 2016-09-22 14:33:22 -06:00
bprashanth
3c703356ee Fix log level so we log debug output by default. 2016-09-21 18:37:52 -07:00
bprashanth
8c770ba384 Bump glbc version to 0.8.0 2016-09-21 17:33:14 -07:00
Manuel de Brito Fontes
a965f44f84 Clarify the controller uses endpoints and not services 2016-09-21 17:53:39 -03:00
Manuel de Brito Fontes
4e722f9d6d Add the name of the upstream in the log 2016-09-18 11:50:42 -03:00
Manuel de Brito Fontes
9d4dfe7609 Change readiness probe for nginx ingress that works behind a CP lb 2016-09-16 19:09:29 -03:00
Kubernetes Submit Queue
77afc22875 Merge pull request #1743 from vyshane/nginx-ingress-controller-proxy-buffer-size-2 
Automatic merge from submit-queue

Allow customisation of the nginx proxy_buffer_size directive via ConfigMap

I'm opening a new PR with the same changes as #1693 because I pushed the latter with an email address that can't be used to sign the CLA. Description from the previous PR:

When using nginx as a proxy we can run into the following error:

```
upstream sent too big header while reading response header from upstream
```

In order to fix this, we need to be able to configure the proxy_buffer_size nginx directive to increase its value. This PR updates the nginx-ingress-controller to allow that.
 2016-09-15 09:49:58 -07:00
Vy-Shane Xie
ae1c4503b3 Allow customisation of the nginx proxy_buffer_size directive via ConfigMap 2016-09-15 23:14:16 +08:00
oilbeater
baf5c07446 Fix typo 2016-09-12 19:00:12 +08:00
bprashanth
5d653fc10c Clarify ingress limitation around large clusters. 2016-09-09 13:28:32 -07:00
Jan Chaloupka
8053699360 Remove "All rights reserved" from all the headers 2016-09-08 13:02:39 +02:00
Manuel de Brito Fontes
15cc763b2d Add function helpers to nginx template 2016-09-07 13:21:28 -07:00
Kubernetes Submit Queue
fbff29d1ec Merge pull request #1672 from pdoreau/patch-1 
Automatic merge from submit-queue

Add firewall rules and ing class clarifications
 2016-09-02 14:39:33 -07:00
Pierrick
aad635636b Update README.md 2016-09-02 23:11:22 +02:00
Pierrick
dc14774bac Update README.md 2016-09-02 10:20:06 +02:00
Pierrick
1cc40b45da Update README.md 2016-09-02 10:18:28 +02:00
Kubernetes Submit Queue
42e3a61d3c Merge pull request #1596 from aledbf/improve-defaults 
Automatic merge from submit-queue

[nginx-ingress-controller]: Adapt nginx hash sizes to the number of ingress

This change allows the tuning of 2 important NGINX variables:
- server_names_hash_max_size
- server_names_hash_bucket_size

The default values should be enough for most of the users but after +300 Ingress rules or long hostnames as FQDN NGINX requires tuning of this values or it will not start.

The introduced change allows the self-tuning using the Ingress information
Using `--v=3` it's possible to see the changes:
```
...
I0822 21:42:10.517778       1 template.go:84] adjusting ServerNameHashMaxSize variable from 4096 to 16384
...
```

fixes #1487
 2016-09-01 14:11:47 -07:00
Pierrick
f4854b60c9 Add firewall rules and ing class clarifications 2016-09-01 11:19:26 +02:00
Manuel de Brito Fontes
05add360d2 Update image version 2016-08-29 15:47:20 -03:00
Kubernetes Submit Queue
c6a1b820f0 Merge pull request #1571 from marketlogicsoftware/kayrus/fix_default_namespace 
Automatic merge from submit-queue

ingress: use POD_NAMESPACE as a namespace in cli parameters

When you deploy ingress not into `default` namespace, ingress RC fails with the `no service with name default/default-http-backend found: services "default-http-backend" not found` error message.

This fix uses `POD_NAMESPACE` which we already pass into the pod ENV.
 2016-08-26 16:11:52 -07:00
Manuel de Brito Fontes
b06fcbb8c3 Adapt nginx hash sizes to the number of ingress 2016-08-26 19:32:28 -03:00
Manuel de Brito Fontes
3c3880d28f Update sysctl method 2016-08-26 18:52:56 -03:00
Manuel de Brito Fontes
d43021b3f1 Update gce node return types 2016-08-25 14:08:29 -03:00
Manuel de Brito Fontes
e91c23ff2d Refactoring of templates 2016-08-25 14:08:29 -03:00
kayrus
d8fbe2f582 ingress: removed unnecessary whitespaces 2016-08-23 10:37:10 +02:00
Kubernetes Submit Queue
e4236ad0f2 Merge pull request #1577 from aledbf/update-nginx-controller 
Automatic merge from submit-queue

WIP: [nginx-ingress-controller] Release 0.8.3

fixes #1572
 2016-08-22 11:33:31 -07:00
Manuel de Brito Fontes
4f92eb9da2 Always listen on port 443, even without ingress rules 2016-08-22 10:51:11 -03:00
Manuel de Brito Fontes
9d07120eb1 Release 0.8.3 2016-08-19 11:44:22 -03:00
kayrus
e4de1e62b8 ingress: use POD_NAMESPACE as a namespace in cli parameters 2016-08-19 10:25:38 +02:00
Kubernetes Submit Queue
727a62421e Merge pull request #1467 from aledbf/change-client 
Automatic merge from submit-queue

[nginx-ingress-controller]: Use ClientConfig to configure connection

fixes #1459

Running with `docker run`:
```
core@localhost ~ $ docker run -it aledbf/nginx-third-party:0.31 bash
root@f6a96f46eab0:/# export KUBERNETES_MASTER=http://172.17.4.99:8080
root@f6a96f46eab0:/# /nginx-ingress-controller --default-backend-service=default/nginx-errors
I0802 14:44:58.604384       7 main.go:94] Using build: https://github.com/aledbf/contrib - git-5b9146a
W0802 14:44:58.605282       7 main.go:118] unexpected error getting runtime information: unable to get POD information (missing POD_NAME or POD_NAMESPACE environment variable)
I0802 14:44:58.607270       7 main.go:123] Validated default/nginx-errors as the default backend
W0802 14:44:58.611322       7 ssl.go:132] no file dhparam.pem found in secrets
I0802 14:44:58.615637       7 controller.go:1128] starting NGINX loadbalancer controller
I0802 14:44:58.615902       7 command.go:35] Starting NGINX process...
```

Running inside in a cluster:
```
I0802 14:47:50.254736       1 main.go:94] Using build: https://github.com/aledbf/contrib - git-5b9146a
I0802 14:47:50.254920       1 merged_client_builder.go:103] No kubeconfig could be created, falling back to service account.
I0802 14:47:50.343440       1 main.go:123] Validated default/nginx-errors as the default backend
W0802 14:47:50.343677       1 ssl.go:132] no file dhparam.pem found in secrets
I0802 14:47:50.347322       1 controller.go:1128] starting NGINX loadbalancer controller
I0802 14:47:50.347870       1 command.go:35] Starting NGINX process...
```

<!-- Reviewable:start -->
---
This change is [<img src="https://reviewable.kubernetes.io/review_button.svg" height="34" align="absmiddle" alt="Reviewable"/>](https://reviewable.kubernetes.io/reviews/kubernetes/contrib/1467)
<!-- Reviewable:end -->
 2016-08-17 13:40:11 -07:00
Kubernetes Submit Queue
01cf346b6f Merge pull request #1435 from mml/k8s-ig-dead-code 
Automatic merge from submit-queue

Delete dead code in cluster_manager.



<!-- Reviewable:start -->
This change is [<img src="https://reviewable.kubernetes.io/review_button.svg" height="34" align="absmiddle" alt="Reviewable"/>](https://reviewable.kubernetes.io/reviews/kubernetes/contrib/1435)
<!-- Reviewable:end -->
 2016-08-12 14:13:33 -07:00
Kubernetes Submit Queue
34a469fa1b Merge pull request #1363 from bprashanth/ing_uid 
Automatic merge from submit-queue

Use existing uid if one is found

Without this if we create some ingresses we will get eg: a forwarding rule like "foo-uid". Now if we restart 
the ingress controller, and while it's down delete the configmap where it stores its uid, it will come back, see an existing ingress, but wrongly record the uid as "empty string". This will cause the ingress to ignore the old forwarding rule, backends etc.

<!-- Reviewable:start -->
---
This change is [<img src="https://reviewable.kubernetes.io/review_button.svg" height="34" align="absmiddle" alt="Reviewable"/>](https://reviewable.kubernetes.io/reviews/kubernetes/contrib/1363)
<!-- Reviewable:end -->
 2016-08-12 11:03:58 -07:00
bprashanth
fc50762257 Poll and notice changes to cluster UID 2016-08-11 18:03:00 -07:00
Kubernetes Submit Queue
dfc322c2a2 Merge pull request #1503 from bprashanth/backends 
Automatic merge from submit-queue

Don't clobber backends.

If a parallel ingress controller updates the backend service with another instance group, don't clobber it, just make sure the instance group you put in is there.
 2016-08-11 17:13:50 -07:00
Kubernetes Submit Queue
3032ff166f Merge pull request #1501 from bprashanth/ing_docs_listing 
Automatic merge from submit-queue

Correctly handle ingress.class in GCE controller 

This bug would only get activated when a user has both `ingess.class=gce` and `ingress.class=nginx` ingresses active in the same GCE/GKE cluster, and would manifest as a set of cloud resources created wastefully for the `ingress.class=nginx` ingress as well.

We were previously only ignoring ingress.class (documented here: https://github.com/kubernetes/contrib/blob/master/ingress/controllers/gce/BETA_LIMITATIONS.md#disabling-glbc) when the ingress was created/deleted/modified. There's a chance another ingress with the correct class results in us entering the `sync` routine and listing all ingresses. The listing routine was not smart enough to ignore `ingress.class=nginx`, so we ended up creating resources for the nginx ingress anyway. 

The second commit fixes some of the nginx examples to include a `readiness` probe that is == liveness probe. 

Minhan or Girish, whichever one has spare cycles first.
 2016-08-11 13:43:47 -07:00
bprashanth
114dbd3575 Don't clobber backends inserted by other controllers. 2016-08-10 19:23:31 -07:00
Matt Liggett
1b5d8fe011 Delete dead code in cluster_manager. 2016-08-10 15:50:25 -07:00
bprashanth
7e674d5f24 Bump glbc image. 2016-08-10 14:09:08 -07:00
Prashanth Balasubramanian
c479d3e261 Bump glbc version 2016-08-08 19:10:09 -07:00
bprashanth
1a890fe7db Continue to ingore non-gce ingress in lister. 2016-08-08 12:47:37 -07:00
Prashanth B
139c5f2b4b Merge pull request #1450 from aledbf/improve-template-errors 
[nginx-ingress-controller]: Check for errors in nginx template
 2016-08-05 13:57:45 -07:00
Manuel de Brito Fontes
4fe3462a82 Change healthz port to avoid conflicts when running using hostNetwork 2016-08-02 23:10:47 -04:00
Manuel de Brito Fontes
0f70b80745 Use ClientConfig to configure connection 2016-08-02 10:46:35 -04:00
Siva Manivannan
c2d56dc685 GCE ingress http-only annotation naming fix 2016-08-02 00:10:24 -05:00
Prashanth Balasubramanian
632d4ae45c Fix health check link 2016-07-29 14:54:01 -07:00
Manuel de Brito Fontes
0886c7e58a Check for errors in nginx template 2016-07-28 17:41:12 -04:00
Manuel de Brito Fontes
9f64273b9c Use system self signed certificate as default SSL certificate 2016-07-22 19:30:00 -04:00
Manuel de Brito Fontes
2c7d921d76 Update changelog 2016-07-20 16:39:46 -04:00
Manuel de Brito Fontes
3ef038c557 Change nginx status port to 18080 to avoid conflicts with port 8080 2016-07-20 16:39:46 -04:00
Manuel de Brito Fontes
0d1dd32567 Release 0.8.2 2016-07-20 16:39:46 -04:00
Prashanth B
bff40d7c14 Merge pull request #1351 from aledbf/check-certificate 
[nginx-ingress-controller]: Avoid generation of invalid ssl certificates
 2016-07-20 13:36:23 -07:00
Manuel de Brito Fontes
de6b00daa3 Change container /proc values to improve nginx performance 2016-07-20 15:00:30 -04:00
Manuel de Brito Fontes
bf5113d91c Avoid generation of invalid ssl certificates 2016-07-20 14:36:15 -04:00
Prashanth B
1a04fa4881 Merge pull request #1398 from aledbf/nginx-httpoxy 
Mitigate HTTPoxy Vulnerability
 2016-07-20 10:56:17 -07:00
Prashanth B
5306ca4eb9 Merge pull request #1384 from atombender/issue_1883 
Unset Authorization header when proxying
 2016-07-20 10:54:57 -07:00
Prashanth B
eabad1c990 Merge pull request #1338 from aledbf/ssl-default-backend 
[nginx-ingress-controller]: Add HTTPS default backend
 2016-07-20 10:35:15 -07:00
Prashanth B
fe59e29f5e Merge pull request #1336 from aledbf/skip-ingress-rules 
[nginx-ingress-controller]: Add annotation to skip ingress rule
 2016-07-20 10:33:17 -07:00
Manuel de Brito Fontes
a38f2b21a1 Mitigate HTTPoxy Vulnerability 2016-07-20 09:55:46 -04:00
Manuel de Brito Fontes
d3d6c879d5 Refactor nginx certificate creation. 2016-07-18 17:08:00 -04:00
Alexander Staubo
5effb7b4e3 Unset Authorization header when proxying. 2016-07-17 22:02:02 -04:00
Prashanth B
ce7085d277 Merge pull request #1289 from simonswine/docs-kube-lego 
ingress: nginx suggest kube-lego for automated cert management
 2016-07-15 17:51:03 -07:00
Prashanth B
1aaa63e0be Merge pull request #1350 from aledbf/nginx-backlog 
[nginx-ingress-controller]: Improve performance (listen backlog=net.core.somaxconn)
 2016-07-12 08:18:53 -07:00
Manuel de Brito Fontes
b4f1b7c0f5 Show warning in case of low number of connections 2016-07-12 00:40:45 -04:00
Manuel de Brito Fontes
a34124be9d Update gce NodeCondition parameter 2016-07-11 23:43:36 -04:00
Manuel de Brito Fontes
8b25cc67a5 Improve nginx performance to match listen backlog with net.core.somaxconn 2016-07-11 23:04:21 -04:00
Prashanth B
cce520a950 Merge pull request #1324 from bprashanth/docs 
GCE Ingress docs update
 2016-07-08 20:07:27 -07:00
Manuel de Brito Fontes
8f4efb4e3d Add HTTPS default backend 2016-07-08 17:20:14 -04:00
Manuel de Brito Fontes
89bbb8d4ee Add annotation to skip ingress rule 2016-07-08 17:01:40 -04:00
Prashanth Balasubramanian
94ea4ab247 GCE Ingress docs update 2016-07-08 11:15:27 -07:00
Prashanth B
ba964cdcda Merge pull request #1299 from Nalum/patch-2 
Formatting fix
 2016-07-06 13:47:26 -07:00
Manuel de Brito Fontes
9b762b7d54 Release 0.8.1 2016-07-06 12:22:07 -04:00
Prashanth B
a7570a8b37 Merge pull request #1315 from fcvarela/master 
Addresses #1314 [nginx-ingress-controller ssl nginx reload abort]
 2016-07-06 09:10:53 -07:00
Filipe Varela
9285335ce3 Fixes #1314 
Removed comment to be consistent w/ rest of code

Fixes typo and string concat
 2016-07-06 12:35:08 +01:00
Manuel de Brito Fontes
a2d9c6e48b Fix duplicated real_ip_header 2016-07-05 12:37:54 -04:00
Prashanth B
15f199c84a Merge pull request #1259 from aledbf/release-0.8 
[nginx-ingress-controller] Release 0.8
 2016-07-01 20:12:21 -07:00
Manuel de Brito Fontes
6d03a101be Add mime aplication/x-javascript to the gzip list and show the defaults in configuration.md 2016-07-01 21:15:54 -04:00
Prashanth B
0d5917e6a4 Merge pull request #1296 from Nalum/patch-1 
Fix formatting
 2016-07-01 17:23:50 -07:00
Manuel de Brito Fontes
0bcfcef8f8 Release 0.8 2016-07-01 19:18:45 -04:00
Manuel de Brito Fontes
09d7b756db Add support for dynamic TLS records and spdy 2016-07-01 14:07:48 -04:00
Luke Mallon
cd2e2b0717 Formatting fix 2016-06-30 15:12:34 +01:00
Luke Mallon
c398b66aa9 Fix formatting 
Fix the formatting of this README
 2016-06-30 09:53:28 +01:00
Prashanth Balasubramanian
8bbf869030 Add an annotation to ignore non-gce ingresses 2016-06-29 15:49:02 -07:00
Prashanth Balasubramanian
cb05e7b18e Don't adopt complex http probes for health checks 2016-06-29 15:02:27 -07:00
Prashanth Balasubramanian
58d5638888 Firewall updates only on port change 2016-06-29 15:02:27 -07:00
Prashanth Balasubramanian
5db8389fb3 Rate limit requeues on error 2016-06-29 15:02:27 -07:00