DevFW-CICD/ingress-nginx-helm
12
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
3277 commits 4 branches 217 tags 166 MiB
Commit graph

165 commits

Author SHA1 Message Date
Stefan Schwärzler
1a320ae289 fix for #1930, make sessions sticky, for ingress with multiple rules and backends 
* for an ingress with session affinity cookie, set the location as path on the cookie when unique
* the previous behaviour ( cookie path=/ ) is preserved for ingresses with multiple rules for the same backend (locations not unique)

added e2e tests for session affinity, setting path on sticky config

added tests:
* it should set the path to /something on the generated cookie
* it should set the path to / on the generated cookie if there's more than one rule referring to the same backend
 2018-06-11 10:43:13 +02:00
Dario Nieuwenhuis
67b253a149 Add use-forwarded-headers configmap option. 2018-06-11 00:06:14 +02:00
Dmitry Stolyarov
02ff8244a2 Add $location_path variable 
When you define rules in ingress resource, you use path. So it would be
very useful to be able to use the same path in logs.
 2018-06-07 13:43:29 +03:00
Dmitry Stolyarov
59aac73785 Add $service_port variable 
According to TCP/IP (and common sense), $service_name is not enough to
uniquely identify service, we need $service_port for that.
 2018-06-07 13:43:20 +03:00
Dmitry Stolyarov
eafb1890d6 Move vars to the very beginning of the location 
To make it more clear, that you could use $namespace, $ingress_name and
$service_name variables anywhere in location (especialy in lua), move
their definition to the very begining of the location.
 2018-06-07 13:43:09 +03:00
Paul DeCarlo
3159384480 Use lua-platform-path symlink for all platforms 2018-06-04 18:15:59 -05:00
Elvin Efendi
d4e6c0dfd8 access_log should be off for internal /configuration endpoint 2018-05-31 16:01:54 -04:00
Elvin Efendi
da3a87646a make sure balancer gets deleted when ther is no backend 2018-05-28 15:51:58 -04:00
k8s-ci-robot
b8b5e5bc51
Merge pull request #2548 from Stono/master 
Implement generate-request-id
 2018-05-21 13:55:12 -07:00
Karl Stoney
206d32a2cd Implement generate-request-id 
Fixes https://github.com/kubernetes/ingress-nginx/issues/2546
 2018-05-21 08:32:50 +01:00
Lorenzo Fontana
d434583b53
InfluxDB configuration string template builder helper 
Signed-off-by: Lorenzo Fontana <lo@linux.com>
 2018-05-19 09:22:49 +02:00
Lorenzo Fontana
93be8db612
Annotations for the InfluxDB Module 
Signed-off-by: Lorenzo Fontana <lo@linux.com>
 2018-05-19 09:22:46 +02:00
Fernando Diaz
e224259e38 Resolves issue with proxy-redirect nginx configuration 
Resolves an issue where the proxy-redirect annotations were not generating the
correct configuration possibly because of user error. This is done by only
setting the proxy_redirect if both proxy-redirect-from and proxy-redirect-to
have valid values. Also adds the e2e tests.

Fixes #2074
 2018-05-17 11:22:31 -05:00
Manuel de Brito Fontes
ff3e182350 Add support for grpc_set_header 2018-05-17 08:35:11 -04:00
Elvin Efendi
51cf184c51 always use x-request-id 2018-04-28 00:31:23 -04:00
JordanP
c995031ffd Add annotation to enable rewrite logs in a location 2018-04-27 17:50:14 +02:00
Adam Netočný
8b6f043fd8 Add buffer configuration to external auth location config 2018-04-26 16:04:12 +02:00
Nick Novitski
8886b8a50e Add vts-sum-key config flag 2018-04-17 11:39:32 -07:00
Giancarlo Rubio
c60ed24f4b Detect if header injected request_id before creating one 2018-04-17 15:49:35 +02:00
Bastian Hofmann
1c17962ba0 Add proxy-add-original-uri-header config flag 
This makes it configurable if a location adds an X-Original-Uri header to the backend request. Default is "true", the current behaviour.
 2018-04-16 12:34:26 +02:00
Zenara Daley
4b11fe4d25 Fix nginx template 2018-04-12 15:43:13 -04:00
Zenara Daley
4b76ad14bb Fix buildupstream name to work with dynamic session affinity 2018-04-12 14:01:46 -04:00
oilbeater
1be1f658b4 disable lua for arch s390x and ppc64le 
LuaJIT is not available for s390x and ppc64le, disable the lua part in nginx.tmpl on these platform.
 2018-04-12 08:30:56 +08:00
Elvin Efendi
d6eb44376d run lua-resty-waf in different modes (#2317) 
* run lua-resty-waf in different modes

* update docs
 2018-04-09 09:19:13 -03:00
Elvin Efendi
bad8295a42 extra waf rules per ingress (#2315) 
* extra waf rules per ingress

* document annotation nginx.ingress.kubernetes.io/lua-resty-waf-extra-rules

* regenerate internal/file/bindata.go
 2018-04-09 07:14:30 -03:00
Elvin Efendi
16faf309ca annotation to ignore given list of WAF rulesets (#2314) 2018-04-08 22:55:23 -03:00
Elvin Efendi
a6fe800a47 lua-resty-waf controller (#2304) 2018-04-08 17:37:13 -03:00
Manuel Alejandro de Brito Fontes
b17ed7b6fd
Configure upload limits for setup of lua load balancer (#2309) 2018-04-08 15:47:49 -03:00
Manuel Alejandro de Brito Fontes
1c65320618
Add verification of lua load balancer to health check (#2308) 2018-04-08 15:24:37 -03:00
Manuel Alejandro de Brito Fontes
dd2bc91018
Fix HSTS without preload (#2294) 2018-04-04 23:17:51 -03:00
Alvaro Aleman
e7aa74b5d4 Add NoAuthLocations and default it to "/.well-known/acme-challenge" (#2243) 
* Add NoAuthLocations and default it to "/.well-known/acme-challenge"

* Add e2e tests for no-auth-location

* Improve wording of no-auth-location tests
 2018-04-01 21:02:34 -03:00
Elvin Efendi
931e541fb7 Fix bug when auth req is enabled(external authentication) (#2280) 
* set proxy_upstream_name correctly when auth_req module is used

* log a more meaningful message when backend is not found
 2018-03-30 14:19:33 -03:00
Manuel Alejandro de Brito Fontes
146db43794
Disable opentracing for nginx internal urls (#2272) 2018-03-29 13:47:13 -03:00
Oilbeater
c6c219a7d1 clean up tmpl (#2263) 
The nginx.conf generated now is too messy remove some section only useful when dynamic configure enabled and headers only useful for https.
 2018-03-29 09:36:00 -03:00
Sylvain Rabot
385368990c Managing a whitelist for _/nginx_status (#2187) 
Signed-off-by: Sylvain Rabot <s.rabot@lectra.com>
 2018-03-28 09:27:34 -03:00
Zenara Daley
6e099c5f57 Add EWMA as configurable load balancing algorithm (#2229) 2018-03-23 12:06:21 -03:00
Oilbeater
0b0a274a9a fix: cannot set $service_name if use rewrite (#2220) 
$path here is the regular expression formatted nginx location not the origin path in ingress rules. Fix https://github.com/kubernetes/ingress-nginx/issues/2131
 2018-03-22 09:43:45 -03:00
halfcrazy
b45ee8d85f Add missing configuration in #2235 (#2236) 2018-03-22 08:53:29 -03:00
maxlaverse
8575769781 Make proxy_next_upstream_tries configurable (#2232) 
* Make proxy_next_upstream_tries configurable

* Code generation
 2018-03-22 08:12:36 -03:00
halfcrazy
4f5fa47d27 add proxy header ssl-client-issuer-dn, fix #2178 (#2235) 2018-03-22 01:38:47 -03:00
Elvin Efendi
634959fd79 do not hardcode keepalive for upstream_balancer (#2227) 2018-03-21 00:42:22 -03:00
Elvin Efendi
08252e2eef allow ipv6 localhost when enabled (#2210) 2018-03-19 13:32:55 -03:00
Manuel Alejandro de Brito Fontes
6b7491f432
Fix dynamic configuration when custom errors are enabled (#2212) 2018-03-19 12:55:17 -03:00
turettn
de30e53d62 Expose SSL client cert data to external auth provider. (#2078) 2018-03-19 09:30:36 -03:00
Alvaro Aleman
94deb3a01a Add configoption to exclude routes from tls upgrading (#2203) 
* Add configoption to exclude routes from tls upgrading

* Add tests for IsLocationInLocationList

* Seperate elements in NoTLSRedirectLocations by comma

* Set NoTLSRedirectLocations to "/.well-known/acme-challenge/" by default

* Remove trailing slash from "/.well-known/acme-challenge" default
 2018-03-18 17:44:59 -03:00
Oilbeater
5c02d700cb Allow config to disable geoip (#2202) 
For a offline or private cloud environment, geoip is not needed.
Implementing https://github.com/kubernetes/ingress-nginx/issues/2179
 2018-03-18 13:30:05 -03:00
Elvin Efendi
c90a4e811e Live Nginx (re)configuration without reloading (#2174) 2018-03-18 10:13:41 -03:00
Oilbeater
41cefeb178 Add worker-cpu-affinity nginx option (#2201) 
worker_cpu_affinity is a common optimization method for improving nginx performance, adding this as a custom configuration. Also fix some format issues found during editing.
 2018-03-16 13:32:45 -03:00
Elvin Efendi
36cce00fdd configuring load balancing per ingress (#2167) 
* configure load balancing through a ingress annotation

* update docs
 2018-03-09 13:09:41 -08:00
Manuel Alejandro de Brito Fontes
3c67976969
In case of TLS errors do not allow traffic (#2146) 2018-02-25 17:20:14 -03:00
Manuel Alejandro de Brito Fontes
216fe01a07
Add option in the configuration configmap to enable remote logging (syslog) (#2145) 2018-02-25 12:47:14 -03:00
Manuel Alejandro de Brito Fontes
0dee303ac2
Add annotation to disable logs in a location (#2144) 2018-02-25 11:38:54 -03:00
Manuel Alejandro de Brito Fontes
edb3be64ea
Only add HSTS headers in HTTPS (#2143) 2018-02-25 11:18:42 -03:00
Manuel Alejandro de Brito Fontes
94a85c99f7
Cors header should always be returned (#2140) 2018-02-24 17:52:23 -03:00
Karl Stoney
d1b6f32981 Enabled the dynamic reload of GeoIP data (#2107) 
* Moved geoip data into its own folder so it can be volume mounted

* Added FS watches for the geoip data

* Fixed single quotes issue (interpolation)

* Fixed gofmt errors

* Updated to directory crawl
 2018-02-17 12:24:50 -08:00
Karl Stoney
769f11df60 Added GeoIP Organisational data (#2099) 2018-02-15 14:10:20 -08:00
Manuel Alejandro de Brito Fontes
33475b7184
Fix opentracing configuration when multiple options are configured (#2075) 2018-02-12 16:08:49 -08:00
Elvin Efendi
a30bf2154e do not ignore $http_host and $http_x_forwarded_host (#2030) 2018-02-06 10:59:59 -08:00
Luke Jolly
42076e8ed0 Added configmap option to disable IPv6 in nginx DNS resolver (#1992) 2018-02-02 11:53:28 -08:00
Anish Ramasekar
d7ef6b3fc7 Add support for enabling ssl_ciphers per host (#2006) 
* Add support for adding ssl_ciphers

* Add documentation
 2018-01-31 08:53:07 -08:00
Anish Ramasekar
2f700a9ad5 Add limit-request-status-code option (#2001) 
* Add support for limit_req_status

* Add documentation

* Fix comment
 2018-01-30 07:24:44 -06:00
Qiu Jian
951a704cec Add connection-proxy-header annotation (#1999) 
This is the override the default connection header
 2018-01-29 22:29:03 -06:00
Anish Ramasekar
b020686599 Add support to enable/disable proxy buffering (#1998) 
* Enable proxy buffering using configmap and annotation

* add documentation
 2018-01-29 08:43:55 -06:00
Fernando Diaz
d1ae7ff29c Enable Customization of Auth Request Redirect (#1993) 
Adds the 'nginx.ingress.kubernetes.io/auth-request-redirect'
annotation, which allows the customization of the
'X-Auth-Request-Redirect' Header. Fixes: #1979
 2018-01-27 21:32:08 -03:00
Manuel Alejandro de Brito Fontes
fb3a317f4d
Rollback #1854 (#1969) 2018-01-24 14:28:34 -03:00
Manuel Alejandro de Brito Fontes
8975800740
Add support to hide headers from upstream servers (#1928) 2018-01-18 16:37:22 -02:00
Manuel Alejandro de Brito Fontes
858f3398f8
Remove sendfile configuration (#1927) 2018-01-18 15:22:59 -02:00
Manuel Alejandro de Brito Fontes
52794ae22d
Do not use port from host header (#1926) 2018-01-18 14:51:58 -02:00
Manuel Alejandro de Brito Fontes
b50cdc0256
Add option for reuseport in nginx listen section (#1919) 2018-01-17 21:12:46 -02:00
Manuel Alejandro de Brito Fontes
28058f0edc
Add support for jaeger backend (#1916) 2018-01-17 19:28:59 -02:00
Manuel Alejandro de Brito Fontes
807932259e
If server_tokens is disabled remove the Server header (#1903) 
* If server_tokens is disabled remove the Server header

* Add server-tokens tests

* Fix tests
 2018-01-17 10:26:53 -02:00
Manuel Alejandro de Brito Fontes
b0e0712984
Fix custom port in redirects (#1907) 2018-01-17 10:20:41 -02:00
Márk Sági-Kazár
313fdd2d1a Add CORS max age annotation (#1888) 
Add cors-max-age annotation
 2018-01-09 09:19:42 -02:00
Manuel Alejandro de Brito Fontes
da829748ec
Fix SSL Passthrough template issue and custom ports in redirect to HTTPS (#1870) 2018-01-02 14:48:42 -03:00
Tang Le
d22038b3af "proxy_redirect default" should be placed after the "proxy_pass" (#1869) 
When use nginx.ingress.kubernetes.io/proxy-redirect-from: default
annotation. ingress controller will report:
"""
Error: exit status 1
2018/01/02 07:03:11 [emerg] 181#181: "proxy_redirect default" should be placed after the "proxy_pass" directive in /tmp/nginx-cfg632387194:366
nginx: [emerg] "proxy_redirect default" should be placed after the "proxy_pass" directive in /tmp/nginx-cfg632387194:366
nginx: configuration file /tmp/nginx-cfg632387194 test failed
"""

Signed-off-by: Tang <at28997146@163.com>
 2018-01-02 08:34:20 -03:00
Manuel Alejandro de Brito Fontes
54cfad0a07
When upstream-hash-by annotation is used do not configure a lb algorithm (#1858) 2017-12-27 07:48:06 -03:00
Manuel Alejandro de Brito Fontes
6a34e9c261
Fix redirect to ssl (#1854) 2017-12-26 22:53:43 -03:00
Manuel Alejandro de Brito Fontes
fead9087ac
Validate x-forwarded-proto and connection scheme before redirecting to https (#1844) 2017-12-21 12:44:08 -03:00
Gabi Davar
8325ca9934
force external_auth requests to http/1.1 2017-12-02 17:05:13 +02:00
Manuel de Brito Fontes
3058e7758d Add setting to configure proxy responses in the stream section 2017-11-30 17:53:23 -03:00
Manuel de Brito Fontes
161b485ae0 Add option to configure the redirect code 2017-11-30 12:08:43 -03:00
Manuel de Brito Fontes
be185b9743 Use custom https port in redirects 2017-11-29 17:16:45 -03:00
Ricardo Katz
e93c75f46e
Changes ssl-client-cert header 2017-11-20 15:15:31 -02:00
Manuel de Brito Fontes
2223ea9600 Add annotation to enable passing the certificate to the upstream server 2017-11-17 21:28:45 -03:00
Manuel de Brito Fontes
c5b0c8ab0d Add annotation for setting proxy_redirect 2017-11-13 20:19:41 -03:00
Manuel de Brito Fontes
a858c549d9 Add e2e tests for auth annotation 2017-11-12 20:08:32 -03:00
Manuel de Brito Fontes
fdd231816c Disable features not availables in some platforms 2017-11-12 11:12:58 -03:00
Manuel de Brito Fontes
e7d412c3e8 Always add cors headers when enabled 2017-11-12 01:58:52 -03:00
chrisblu
2dfaaa7b9d Add the original http request method to the auth request 2017-11-08 12:14:04 +01:00
Manuel de Brito Fontes
5115adef82 Update nginx to 0.28 and enable brotli 2017-11-01 22:54:22 -03:00
Manuel de Brito Fontes
ff87480070 Disable brotli temporarily [ci skip] 2017-11-01 20:49:53 -03:00
Manuel Alejandro de Brito Fontes
dc3225e5ee
Merge pull request #1627 from estaleiro/brotli 
Add brotli support
 2017-11-01 17:49:11 -03:00
Ricardo Pchevuzinske Katz
fddcfd0340 Adds Brotli support 2017-11-01 17:53:18 -02:00
Joao Morais
29d90a6f18 Add client-dn header 2017-10-31 13:50:06 -02:00
acoshift
589b358311 Add gzip_vary 2017-10-29 20:54:25 +07:00
Max Laverse
b85055a976 Fix full XFF with PROXY 2017-10-28 17:43:16 +02:00
Max Laverse
bfe20306a0 Make X-Forwarded-For computation configurable 2017-10-26 17:44:17 +02:00
Max Laverse
a43833c621 Compute a real X-Forwarded-For 2017-10-26 17:42:13 +02:00
rnburn
888375acef Upgrade nginx-opentracing. 2017-10-24 13:49:30 -07:00
Ricardo Pchevuzinske Katz
c9fbfa34e7
Certiifcate Auth Bugfix 2017-10-22 20:52:54 -02:00