Miguel Martínez
64efad8415
Fixed typo ( #8817 )
2022-07-12 17:41:37 -07:00
Maksim Nabokikh
2c27e66cc7
feat: always set auth cookie ( #8213 )
...
* feat: always set auth cookie
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
* feat: Add annotation to always set auth cookie
* Add annotation
* Add global configmap key
* Provide unit tests and e2e tests
* Fix e2e documentation autogen script
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
* Regenerate e2e tests
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
2022-05-19 15:27:53 -07:00
serge-r
730b7408ca
Add header Host into mirror annotations ( #8178 )
2022-05-07 17:39:17 -07:00
kszafran
3230638160
Update default allowed CORS headers ( #8459 )
...
X-CustomHeader looks more like an example than a header we would want to
accept in production. Added Range as a useful header that enables
operations on resources that can be fetched in chunks.
2022-05-04 05:11:51 -07:00
Chris Shino
f9372aa495
added new auth-tls-match-cn annotation ( #8434 )
...
* added new auth-tls-match-cn annotation
* added few more tests
2022-04-15 12:59:10 -07:00
Gabor Lekeny
83ce21b4dd
Add keepalive support for auth requests ( #8219 )
...
* Add keepalive support for auth requests
* Fix typo
* Address PR comments
* Log warning when auth-url contains variable in its host:port
* Generate upstream name without replacing dots to underscores in server name
* Add comment in the nginx template when the keepalive upstream block is referenced
* Workaround for auth_request module ignores keepalive in upstream block
* The `auth_request` module does not support HTTP keepalives in upstream block:
https://trac.nginx.org/nginx/ticket/1579
* As a workaround we use ngx.location.capture but unfortunately it does not
support HTTP/2 so `use-http2` configuration parameter is needed.
* Handle PR comments
* Address PR comments
* Handle invalid values for int parameters
* Handle PR comments
* Fix e2e test
2022-04-08 20:22:04 -07:00
Josh Soref
c6a8ad9a65
Darwin arm64 ( #8399 )
...
* Use sed instead of gnu find flags
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* Support building linux/amd64 on darin/arm64
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* Upgrade awesome_bot to dkhamsing/awesome_bot:1.20.0
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* Favor find -prune for vendor
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* Skip golang modcache folder
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* Favor find -prune for changelog
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* Ignore Changelogs of any case
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* Fix service-l7 link
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* Fix route53-mapper link
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* Update rootfs contents description
The auxiliary scripts were removed after:
ab8349008a/rootfs/ingress-controller
2022-04-06 13:46:26 -07:00
hongkunyoo
5a9fe30a5d
Missing annotations ( #8288 )
...
Not quite sure but It seems that `nginx.ingress.kubernetes.io/canary-by-header` is missing.
2022-03-09 06:54:13 -08:00
Jintao Zhang
53ac0ddd42
Using Go install for misspell ( #8191 )
...
* chore: using go install misspell
Signed-off-by: Jintao Zhang <zhangjintao9020@gmail.com>
* chore: fix typo
Signed-off-by: Jintao Zhang <zhangjintao9020@gmail.com>
2022-01-26 18:52:50 -08:00
agile6v
452515ca2f
doc: improvement ( #7996 )
2021-12-23 13:54:30 -08:00
Tobias Salzmann
ce9deaa332
Add stream-snippet as a ConfigMap and Annotation option ( #8029 )
...
* stream snippet
* gofmt -s
2021-12-23 11:46:30 -08:00
Yecheng Fu
5cff197bc5
add canary-weight-total annotation ( #6338 )
2021-12-07 08:40:00 -08:00
Jedidiah Park
2b499d9c86
Fix spelling in documentation and top-level files ( #8009 )
...
* fix typos in docs
* fix typos in top-level files
2021-12-06 05:46:33 -08:00
TJ Saunders
b615a6808d
Fix a couple of misspellings in the annotations documentation. ( #7983 )
2021-11-27 16:31:21 -08:00
Kundan Kumar
77a63c6855
updated service upstream definition ( #7972 )
2021-11-24 10:20:21 -08:00
Christopher Larivière
65b8eeddec
Support cors-allow-origin with multiple origins ( #7614 )
...
* Add Initial support for multiple cors origins in nginx
- bump cluster version for `make dev-env`
- add buildOriginRegex function in nginx.tmpl
- add e2e 4 e2e tests for cors.go
- refers to feature request #5496
* add tests + use search to identify '*' origin
* add tests + use search to identify '*' origin
Signed-off-by: Christopher Larivière <lariviere.c@gmail.com>
* fix "should enable cors test" looking at improper values
* Modify tests and add some logic for origin validation
- add origin validation in cors ingress annotations
- add extra tests to validate regex
- properly escape regex using "QuoteMeta"
- fix some copy/paste errors
* add TrimSpace and length validation before adding a new origin
* modify documentation for cors and remove dangling comment
* add support for optional port mapping on origin
* support single-level wildcard subdomains + tests
* Remove automatic `*` fonctionality from incorrect origins
- use []string instead of basic string to avoid reparsing in template.go
- fix typo in docs
- modify template to properly enable only if the whole block is enabled
- modify cors parsing
- test properly by validating that the value returned is the proper
origin
- update unit tests and annotation tests
* Re-add `*` when no cors origins are supplied + fix tests
- fix e2e tests to allow for `*`
- re-add `*` to cors parsing if trimmed cors-allow-origin is empty
(supplied but empty) and if it wasn't supplied at all.
* remove unecessary logic for building cors origin + remove comments
- add some edge cases in e2e tests
- rework logic for building cors origin
there was no need for logic in template.go for buildCorsOriginRegex
if there is a `*` it ill be short-circuited by first if.
if it's a wildcard domain or any domain (without a wildcard), it MUST
match the main/cors.go regex format.
if there's a star in a wildcard domain, it must be replaced with
`[A-Za-z0-9]+`
* add missing check in e2e tests
2021-11-02 12:31:42 -07:00
Matthew Silverman
7d5452d00b
configmap: option to not trust incoming tracing spans ( #7045 )
...
* validate the sender of tracing spans
* add location-specific setting
2021-10-24 14:36:21 -07:00
Mara Sophie Grosch
21bab108f4
mention CVE-2021-25742 in annotations doc ( #7843 )
...
Referring to CVE-2021-25742 in the annotations doc at the description of `configuration-snippet`.
2021-10-24 12:08:22 -07:00
agile6v
557a765754
fix typos. ( #7640 )
2021-09-15 11:30:12 -07:00
Ray
cf9ae96d72
Additional AuthTLS assertions and doc change to demonstrate auth-tls-secret enables the other AuthTLS annotations ( #7202 )
...
* Fix indentation of nested list in AuthTLS annotations
Also, put `<annotation>`: <description text>` on a single line in
Markdown markup, which will match what gets rendered eventually.
On the other hand, for the line on auth-tls-secret (This annotation
expects the Secret name in the form "namespace/secretName"), its
Markdown markup suggests that the author wanted the line to start on its
own line, but currently this gets rendered on the same line. It's nice
for this to be on its own line, since it's kind of a "note" about the
annotation syntax. Format/indent the markup appropriately so that it
shows up on its line.
* Fix indentation of nested list in CORS annotations
Also, put `<annotation>`: <description text>` on a single line in
Markdown markup, which will match what gets rendered eventually.
On the other hand, for lines noting the allowed characters (This is a
multi-valued field...), its Markdown markup suggests that the author
wanted the line to start on its own line, but currently this gets
rendered on the same line. It's nice for this to be on its own line,
since it's kind of a "note" about the annotation syntax. Format/indent
the markup appropriately so that it shows up on its line.
* Replace f.HTTPTestClientWithTLSConfig() in AuthTLS E2E, the odd one out for requests without client certs
* Demonstrate and document that auth-tls-secret enables the other AuthTLS annotations like verify client, depth
* Split E2E for auth-tls-error-page and *-pass-certificate-to-upstream
2021-09-07 10:35:16 -07:00
Fred Thomsen
61c596bea6
Add doc ref for preserve-trailing-slash annotation ( #7561 )
...
Fixes issue #7555
2021-09-02 09:54:58 -07:00
wasker
3fb312ee2c
End-to-end tests for canary affinity ( #7529 )
2021-08-24 05:05:14 -07:00
Sandip Bhattacharya
f84006d62f
docs: Clarify default-backend behavior ( #7489 )
...
Clarify default-backend behaviour for services with multiple ports.
Also minor fixes for typos and language consistency.
2021-08-24 04:59:13 -07:00
Ricardo Katz
90c79689c4
Release v1 ( #7470 )
...
* Drop v1beta1 from ingress nginx (#7156 )
* Drop v1beta1 from ingress nginx
Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>
* Fix intorstr logic in controller
Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>
* fixing admission
Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>
* more intorstr fixing
* correct template rendering
Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>
* Fix e2e tests for v1 api
Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>
* Fix gofmt errors
* This is finally working...almost there...
Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>
* Re-add removed validation of AdmissionReview
* Prepare for v1.0.0-alpha.1 release
Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>
* Update changelog and matrix table for v1.0.0-alpha.1 (#7274 )
Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>
* add docs for syslog feature (#7219 )
* Fix link to e2e-tests.md in developer-guide (#7201 )
* Use ENV expansion for namespace in args (#7146 )
Update the DaemonSet namespace references to use the `POD_NAMESPACE` environment variable in the same way that the Deployment does.
* chart: using Helm builtin capabilities check (#7190 )
Signed-off-by: Jintao Zhang <zhangjintao9020@gmail.com>
* Update proper default value for HTTP2MaxConcurrentStreams in Docs (#6944 )
It should be 128 as documented in https://github.com/kubernetes/ingress-nginx/blob/master/internal/ingress/controller/config/config.go#L780
* Fix MaxWorkerOpenFiles calculation on high cores nodes (#7107 )
* Fix MaxWorkerOpenFiles calculation on high cores nodes
* Add e2e test for rlimit_nofile
* Fix doc for max-worker-open-files
* ingress/tcp: add additional error logging on failed (#7208 )
* Add file containing stable release (#7313 )
* Handle named (non-numeric) ports correctly (#7311 )
Signed-off-by: Carlos Panato <ctadeu@gmail.com>
* Updated v1beta1 to v1 as its deprecated (#7308 )
* remove mercurial from build (#7031 )
* Retry to download maxmind DB if it fails (#7242 )
* Retry to download maxmind DB if it fails.
Signed-off-by: Sergey Shakuto <sshakuto@infoblox.com>
* Add retries count arg, move retry logic into DownloadGeoLite2DB function
Signed-off-by: Sergey Shakuto <sshakuto@infoblox.com>
* Reorder parameters in DownloadGeoLite2DB
Signed-off-by: Sergey Shakuto <sshakuto@infoblox.com>
* Remove hardcoded value
Signed-off-by: Sergey Shakuto <sshakuto@infoblox.com>
* Release v1.0.0-alpha.1
* Add changelog for v1.0.0-alpha.2
* controller: ignore non-service backends (#7332 )
* controller: ignore non-service backends
Signed-off-by: Carlos Panato <ctadeu@gmail.com>
* update per feedback
Signed-off-by: Carlos Panato <ctadeu@gmail.com>
* fix: allow scope/tcp/udp configmap namespace to altered (#7161 )
* Lower webhook timeout for digital ocean (#7319 )
* Lower webhook timeout for digital ocean
* Set Digital Ocean value controller.admissionWebhooks.timeoutSeconds to 29
* update OWNERS and aliases files (#7365 ) (#7366 )
Signed-off-by: Carlos Panato <ctadeu@gmail.com>
* Downgrade Lua modules for s390x (#7355 )
Downgrade Lua modules to last known working version.
* Fix IngressClass logic for newer releases (#7341 )
* Fix IngressClass logic for newer releases
Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>
* Change e2e tests for the new IngressClass presence
* Fix chart and admission tests
Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>
* Fix helm chart test
Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>
* Fix reviews
* Remove ingressclass code from admission
* update tag to v1.0.0-beta.1
* update readme and changelog for v1.0.0-beta.1
* Release v1.0.0-beta.1 - helm and manifests (#7422 )
* Change the order of annotation just to trigger a new helm release (#7425 )
* [cherry-pick] Add dev-v1 branch into helm releaser (#7428 )
* Add dev-v1 branch into helm releaser (#7424 )
* chore: add link for artifacthub.io/prerelease annotations
Signed-off-by: Jintao Zhang <zhangjintao9020@gmail.com>
Co-authored-by: Ricardo Katz <rikatz@users.noreply.github.com>
* k8s job ci pipeline for dev-v1 br v1.22.0 (#7453 )
* k8s job ci pipeline for dev-v1 br v1.22.0
Signed-off-by: Neha Lohia <nehapithadiya444@gmail.com>
* k8s job ci pipeline for dev-v1 br v1.21.2
Signed-off-by: Neha Lohia <nehapithadiya444@gmail.com>
* remove v1.21.1 version
Signed-off-by: Neha Lohia <nehapithadiya444@gmail.com>
* Add controller.watchIngressWithoutClass config option (#7459 )
Signed-off-by: Akshit Grover <akshit.grover2016@gmail.com>
* Release new helm chart with certgen fixed (#7478 )
* Update go version, modules and remove ioutil
* Release new helm chart with certgen fixed
* changed appversion, chartversion, TAG, image (#7490 )
* Fix CI conflict
* Fix CI conflict
* Fix build.sh from rebase process
* Fix controller_test post rebase
Co-authored-by: Tianhao Guo <rggth09@gmail.com>
Co-authored-by: Ray <61553+rctay@users.noreply.github.com>
Co-authored-by: Bill Cassidy <cassid4@gmail.com>
Co-authored-by: Jintao Zhang <tao12345666333@163.com>
Co-authored-by: Sathish Ramani <rsathishx87@gmail.com>
Co-authored-by: Mansur Marvanov <nanorobocop@gmail.com>
Co-authored-by: Matt1360 <568198+Matt1360@users.noreply.github.com>
Co-authored-by: Carlos Tadeu Panato Junior <ctadeu@gmail.com>
Co-authored-by: Kundan Kumar <kundan.kumar@india.nec.com>
Co-authored-by: Tom Hayward <thayward@infoblox.com>
Co-authored-by: Sergey Shakuto <sshakuto@infoblox.com>
Co-authored-by: Tore <tore.lonoy@gmail.com>
Co-authored-by: Bouke Versteegh <info@boukeversteegh.nl>
Co-authored-by: Shahid <shahid@us.ibm.com>
Co-authored-by: James Strong <strong.james.e@gmail.com>
Co-authored-by: Long Wu Yuan <longwuyuan@gmail.com>
Co-authored-by: Jintao Zhang <zhangjintao9020@gmail.com>
Co-authored-by: Neha Lohia <nehapithadiya444@gmail.com>
Co-authored-by: Akshit Grover <akshit.grover2016@gmail.com>
2021-08-21 13:42:00 -07:00
wasker
f222c752be
Enable session affinity for canaries ( #7371 )
2021-07-29 14:23:19 -07:00
Ricardo Katz
11d4ddca8e
Revert "feat: multiple-cors-allow-origin support ( #7134 )" ( #7168 )
...
This reverts commit 8a55801cc0
2021-05-27 05:38:24 -07:00
Alex Zhang
8a55801cc0
feat: multiple-cors-allow-origin support ( #7134 )
2021-05-23 09:13:39 -07:00
Kubernetes Prow Robot
d08b742453
Merge pull request #6838 from peter-miroshnikov/annotations_custom_timeout_docs
...
Adding note to Custom Timeouts in Annotation Docs.
2021-05-03 03:40:02 -07:00
shuheiktgw
01b30a2fa0
Update the link on ketama
2021-04-03 17:23:53 +09:00
peter-miroshnikov
4787a51ad5
Adding note to Custom Timeouts in Annotation Docs.
...
It wasnt clear that the timeout values come unitless and in seconds from firsts glance.
Adding a simple note i belive will help.
2021-02-04 11:05:11 +01:00
Laszlo Janosi
15eff8220a
fix the documentation for the proxy-ssl-secret and the auth-tls-secret annotations
2021-01-06 09:41:01 +00:00
Elvin Efendi
8c193a2297
fix link in annotation docs
2021-01-05 09:24:23 -05:00
Elvin Efendi
e0dece48f7
Add Global Rate Limiting support
2021-01-04 17:47:07 -05:00
Josh Soref
a8728f3d2c
Spelling
2020-12-15 16:10:48 -05:00
Kubernetes Prow Robot
e3a3ea8826
Merge pull request #6294 from ianbuss/auth-error-redirect-param
...
Allow customisation of redirect URL parameter in external auth redirects
2020-11-23 01:27:37 -08:00
Julien Bouquillon
f6a430775c
docs(annotations): explicit redirect status code
2020-11-15 00:31:04 +01:00
Ian Buss
41cf628bdf
Add a configurable URL redirect parameter for error URLs
2020-10-08 12:53:46 +01:00
Maxime LUCE
b7b85175f6
Add annotation to configure CORS Access-Control-Expose-Headers
2020-09-23 17:41:52 +02:00
Daniel Albuschat
d4a817325c
Update annotations.md
...
Improvements to the documentation of Client Certificate Authentication. (auth-tls-* annotations).
- Mention that these rules are applied per host and not per Ingress/path
- Include more possible and default values
- Describe the headers that are sent to the upstream services
2020-09-23 09:51:08 +02:00
Gian Ortz
3820aa416b
Add annotation to set value for burst multiplier on rate limit
2020-08-30 19:43:08 -03:00
Goran
743439e75b
Added missing backend protocol.
...
As per https://kubernetes.github.io/ingress-nginx/user-guide/fcgi-services/
2020-08-14 11:16:53 +02:00
Zhongcheng Lao
c0629e92c2
Add proxy-ssl-server-name to enable passing SNI
2020-07-03 14:14:32 +08:00
chamilad
ee84603d06
Add minor doc fixes to user guide and chart readme
2020-06-03 17:54:41 +12:00
Kubernetes Prow Robot
d061375afa
Merge pull request #5571 from agile6v/dev
...
feat: support the combination of Nginx variables for annotation upstream-hash-by.
2020-06-01 15:10:14 -07:00
agile6v
c035a144f8
Support the combination of nginx variables and text value for annotation upstream-hash-by.
2020-06-01 06:37:41 +08:00
agile6v
41d82005ec
Add annotation ssl-prefer-server-ciphers.
2020-05-11 16:31:08 +08:00
Manuel Alejandro de Brito Fontes
f9ae784541
Remove lua-resty-waf docs
2020-04-22 17:42:18 -04:00
Manuel Alejandro de Brito Fontes
90d07d7b69
Fix from-to-www link
2020-04-17 19:41:25 -04:00
schaefec
141ea59b7f
Allows overriding the server name used to verify the certificate of the proxied HTTPS server
2020-02-25 13:32:14 +01:00
Lisheng Zheng
0b33650bb8
Feat: canary supports using specific match strategy to match header value.
2020-02-21 10:02:20 +08:00
