DevFW-CICD/ingress-nginx-helm
12
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
1560 commits 4 branches 217 tags 166 MiB
Commit graph

758 commits

Author SHA1 Message Date
Manuel Alejandro de Brito Fontes
865cc78df3 Merge pull request #773 from aknuds1/fix-readme 
Fix README WRT. building nginx-ingress-controller
 2017-05-27 08:06:33 -04:00
Nick Sardo
fa579af218 Merge pull request #779 from nicksardo/recorder-scheme 
Change recorder event scheme for GCE
 2017-05-26 15:39:06 -07:00
Nick Sardo
4a43fe400d Use scheme package 2017-05-26 14:43:35 -07:00
Manuel de Brito Fontes
6563330d2b Release nginx ingress controller 0.9-beta.7 2017-05-26 15:10:07 -04:00
Manuel de Brito Fontes
20e99fa409 Update sniff parser to fix index out of bound error 2017-05-26 14:25:06 -04:00
Manuel de Brito Fontes
40cd78d0b8 Add support for IPv6 in TCP and UDP stream section 2017-05-26 12:19:54 -04:00
Arve Knudsen
c34b78b59c Fix README wrt. building nginx-ingress-controller 2017-05-26 16:20:21 +02:00
Matthew Walter
4ef6073f08 Typo fix ingres -> ingress 2017-05-25 23:13:40 -04:00
Nick Sardo
0018fa5b15 Merge pull request #763 from aledbf/release-beta-6 
Release nginx ingress controller 0.9-beta.6
 2017-05-24 18:02:29 -07:00
Manuel de Brito Fontes
178321b1fe Release nginx ingress controller 0.9-beta.6 2017-05-24 20:14:49 -04:00
Joao Morais
37f8c8bb40 Add ConfigureFlags() on controller interface 2017-05-24 21:03:52 -03:00
Manuel de Brito Fontes
30343c489a Fix bad variable assignment in template nginx 2017-05-24 00:25:42 -04:00
Manuel de Brito Fontes
4d7a280371 Fix server name hash maxSize default value 2017-05-23 20:13:32 -04:00
Nick Sardo
4bed0c8627 Update description if not correct 2017-05-22 16:11:05 -07:00
Manuel de Brito Fontes
07cdee5ca8 Refactoring whitelist source IP verification 2017-05-20 19:32:03 -04:00
Manuel de Brito Fontes
d742dcb55c Specify nginx image arch 2017-05-18 17:57:33 -04:00
Manuel de Brito Fontes
7ceb0a8025 Update nginx image 2017-05-17 14:54:27 -04:00
Manuel Alejandro de Brito Fontes
c831359733 Merge pull request #709 from phekmat/patch-1 
Add config for X-Forwarded-For trust
 2017-05-17 07:45:49 -04:00
Manuel Alejandro de Brito Fontes
49e490e5e5 Merge pull request #704 from ckeyer/fix_nginx_reload 
fix nginx reload flags '-c'
 2017-05-17 07:44:54 -04:00
Manuel Alejandro de Brito Fontes
b4032f0648 Merge pull request #722 from aledbf/remove-go-reaper 
Remove go-reap and use tini as process reaper
 2017-05-17 07:37:23 -04:00
Manuel Alejandro de Brito Fontes
bc6112bbef Merge pull request #724 from davidstack/master 
change the directory of default-backend.yaml
 2017-05-17 07:36:48 -04:00
Chuanjian Wang
9f32b74fea
fix nginx reload flags '-c' 2017-05-17 18:30:19 +08:00
Vlad Gorodetsky
3bd2cb331f Add keepalive_requests and client_boxy_buffer_size options 2017-05-17 09:36:10 +03:00
Damon Wang
7321704399 change the directory of default-backend.yaml 
there is no default-backend.yaml in examples directory.
 2017-05-17 11:12:43 +08:00
Manuel de Brito Fontes
22d63d0ad0 Auto stash before merge of "master" and "master/master" 
Remove go-reap and use tini as process reaper
 2017-05-16 16:06:33 -04:00
Kwok-kuen Cheung
a83f17c716 Set $proxy_upstream_name before location directive 
When nginx performs ssl redirect, $proxy_upstream_name used in log
is not initialized because it is set after nginx matched a location directive,
which is not the case when performing a ssl redirect.

refs #711
 2017-05-14 08:59:30 +08:00
Manuel Alejandro de Brito Fontes
12d2c4f689 Merge pull request #690 from aledbf/avoid-empty-secret 
Fix IP in logs for https traffic
 2017-05-12 10:44:20 -03:00
Payam Hekmat
dd894f0f73 Add config for X-Forwarded-For trust 
Use the same config option for `set_real_ip_from` when not using proxy protocol. The default remains `0.0.0.0/0`, which is insecure if the ingress is publicly accessible. This at least provides a workaround for #200
 2017-05-11 21:55:35 -05:00
Manuel de Brito Fontes
a537d2d0fa Remove secrets from ingress after a Delete event 2017-05-11 22:19:16 -03:00
Manuel de Brito Fontes
4bd4bf3be6 Fix remote address in log when protocol is https 2017-05-11 15:04:19 -03:00
Dan Cech
485098fd69 use nginx vts module version 0.1.14 2017-05-11 13:56:42 -04:00
David Pratt
d56d8b7da1 Use proxy-protocol to pass through source IP to nginx 2017-05-10 16:22:48 -05:00
Manuel Alejandro de Brito Fontes
317f222527 Merge pull request #679 from ckeyer/template_getenv 
add getenv
 2017-05-10 08:50:11 -03:00
Chuanjian Wang
87b05847bf
add template function getenv 
Signed-off-by: Chuanjian Wang <me@ckeyer.net>
 2017-05-10 14:35:42 +08:00
Donald Guy
2d1b6dc9c9 [nginx] pass non-SNI TLS hello to default backend, Fixes #693 2017-05-08 17:44:43 -04:00
Nick Sardo
4601775c18 [GLBC] Set Description field for backend services (#681) 
Set svc namespace/name/port in description field of backend services
 2017-05-05 11:34:40 -07:00
Julian V. Modesto
5614f42f63 Fix affinity doc. 
Should be string `cookie`, not boolean.
 2017-05-05 10:26:28 -04:00
Manuel Alejandro de Brito Fontes
45ba1c7c1d Merge pull request #685 from matjazp/fix-hsts-preload 
Fix error in generated nginx.conf for optional hsts-preload
 2017-05-04 09:03:57 -03:00
Matjaz Pancur
d402e16eb8 Fix error in generated nginx.conf hsts-preload 2017-05-04 11:29:32 +02:00
caiyixiang
f4da971b86 nginx/pkg/config: delete unuseful variable 2017-05-02 17:24:01 +08:00
Manuel Alejandro de Brito Fontes
6bf5d7586c Merge pull request #673 from jeffpearce/jeffpearce/lb 
Override load balancer alg view config map
 2017-04-29 13:13:08 -03:00
Jeff Pearce
a5d58cc521 Override load balancer alg view config map 2017-04-29 08:37:24 -07:00
Manuel Alejandro de Brito Fontes
4555a64572 Merge pull request #664 from aledbf/beta5 
Release nginx 0.9-beta.5
 2017-04-27 22:18:53 -03:00
Nick Sardo
3ac784a7ec Doc changes for version bump 2017-04-27 17:16:09 -07:00
Manuel de Brito Fontes
83cb03b51c Release 0.9-beta.5 2017-04-27 20:28:05 -03:00
Manuel Alejandro de Brito Fontes
e911f20405 Merge pull request #661 from aledbf/update-client-go 
Avoid running nginx if the configuration file is empty
 2017-04-26 23:58:15 -03:00
Manuel de Brito Fontes
f4147e9e6c Avoid running nginx if the configuration file is empty 2017-04-26 23:34:36 -03:00
Nick Sardo
b01dc68e30 [GLBC] Specify balancing mode for backends being added to existing backend service (#652) 
Add backends of proper type to backend service
 2017-04-26 16:02:17 -07:00
Nick Sardo
14054be571 [GLBC] Fix problem surfacing error (#658) 
* use syncError in defer GC

* surface other err as well
 2017-04-26 15:30:33 -07:00
Nick Sardo
cd3e546c80 [GLBC] Better certificate handling (#639) 
* Harden ssl cert logic to handle unknown state

* Do not delete non-controller-created certificates (pre-shared certs)

* Remove unnecessary variable

* Added three tests to check ssl certificate naming

* Address review comments

* Early return instead of large code block
 2017-04-26 11:15:19 -07:00
Manuel Alejandro de Brito Fontes
201a109bb5 Merge pull request #637 from aledbf/0.9.0-beta.4 
[nginx] 0.9.0 beta.4
 2017-04-25 18:10:16 -03:00
Yash Thakkar
09b3a998cf Update README.md 
fixed tcp services example link.

note: udp services link is also broken, I don't know correct link path.
 2017-04-26 01:40:33 +05:30
Eduardo Baitello
f737cdcae5 Fix default value information 
proxy-read-timeout and proxy-send-timeout default value is 60 seconds, not 30.
 2017-04-25 16:27:18 -03:00
Manuel de Brito Fontes
5684c82d6c Release 0.9-beta.4 2017-04-24 22:51:49 -03:00
Manuel de Brito Fontes
ab1f04b9c2 Add support for https in proxy request for external authentication 2017-04-24 22:14:38 -03:00
Arjan Schaaf
1a191846a9 Mentioned in the comments of #180 the annotation for configuration snippets was missing from the configuration documentation 2017-04-24 16:27:56 +02:00
Arjan Schaaf
389e0f527c Nginx sticky annotations #258 made the global enable-sticky-sessions obsolete 2017-04-21 14:57:45 +02:00
Manuel de Brito Fontes
12d4aadf74 Allow configuration of features underscores_in_headers and ignore_invalid_headers 2017-04-20 18:12:16 -03:00
Manuel de Brito Fontes
786d977a90 Fix lint errors 2017-04-20 16:48:14 -03:00
Manuel Alejandro de Brito Fontes
f6af1ca023 Merge pull request #614 from aledbf/refactor-passthrough 
Refactor nginx ssl passthrough
 2017-04-20 16:43:44 -03:00
Nick Sardo
893a828587 Revert "Remove the code which get same resources twice" 2017-04-19 15:00:27 -07:00
Nick Sardo
74aff2eb7e Merge pull request #511 from FengyunPan/fix-backend 
Ignore err when delete a NotFound backends
 2017-04-18 22:17:07 -07:00
Manuel de Brito Fontes
de14e2f4f1 Refactor ssl-passthroug using go to handle TLS hello 2017-04-19 01:39:14 -03:00
FengyunPan
e913c37651 Ignore err when delete a NotFound backend 
1. add() should return nil at last
2. do not return err when delete a notFound backend
 2017-04-19 12:07:51 +08:00
Nick Sardo
d2c7e9008f Merge pull request #510 from FengyunPan/delete_redundant 
Remove the code which get same resources twice
 2017-04-18 20:07:41 -07:00
Justin Santa Barbara
322be61522 Compute server_names_hash_bucket_size correctly 
There were some edge cases where we did not calculate hash_bucket_size
correctly.

Fix #623
 2017-04-18 22:29:51 -04:00
FengyunPan
d42f4942bc Remove the code which get same resources twice 
There is no need to get the same ingress resources from
ingressclient twice.
 2017-04-19 09:46:06 +08:00
Nick Sardo
642cb74cc7 [GLBC] Support backside re-encryption (#519) 
Support backside re-encryption
 2017-04-18 12:44:17 -07:00
Manuel de Brito Fontes
aba45a01ad Process exited cleanly before we hit wait4 2017-04-16 20:04:32 -03:00
Manuel Alejandro de Brito Fontes
cd6a2123c4 Merge pull request #607 from aledbf/master 
Allow custom server_names_hash_max_size & server_names_hash_bucket_size
 2017-04-14 22:20:38 -03:00
Manuel Alejandro de Brito Fontes
4817ddff3a Merge pull request #604 from jonaskint/master 
Fixing wildcard in hostname for the upstream map
 2017-04-14 21:07:41 -03:00
Manuel de Brito Fontes
9994365ae4 Allow custom server_names_hash_max_size and server_names_hash_bucket_size values 2017-04-14 20:59:10 -03:00
Jonas Kint
a7b09e71a1 Fixing wildcard in hostname for the upstream map 2017-04-13 17:27:20 +02:00
Manuel de Brito Fontes
256cd6b1df Replace custom child reap code with go-reap 2017-04-12 20:20:18 -03:00
Manuel Alejandro de Brito Fontes
3810515663 Merge pull request #583 from stibi/patch-1 
fixed lua_package_path in nginx.tmpl
 2017-04-12 17:04:05 -03:00
Manuel de Brito Fontes
6038e17728 Remove Host header from auth_request proxy configuration 2017-04-12 09:37:03 -03:00
Manuel Alejandro de Brito Fontes
9ff3b86315 Merge pull request #588 from aledbf/avoid-multiple-reads 
Read resolv.conf file just once
 2017-04-11 15:35:38 -03:00
Manuel de Brito Fontes
8f3f51367a Remove test because of the refactoring 2017-04-11 14:50:28 -03:00
Nick Sardo
987540f8f6 [GLBC] Update firewall source ranges if outdated (#574) 
check firewall rule source ranges
 2017-04-11 09:01:42 -07:00
Manuel de Brito Fontes
190788848a Read resolv file just oncce 2017-04-11 11:47:49 -03:00
Martin Stiborsky
beb17f39ab fixed lua_package_path in nginx.tmpl 
I did my own build of the nginx-ingress-controller and its docker image, but I had troubles with the `error_page.lua` module, which couldn't be loaded, there was an error in the log, module was not found.

I think the lua package path is wrong, here is a fix.
 2017-04-11 09:43:33 +02:00
Manuel Alejandro de Brito Fontes
64d0b08128 Merge pull request #577 from aledbf/avoid-childs 
Avoid zombie child processes
 2017-04-09 15:29:04 -03:00
Manuel de Brito Fontes
25bb7e4311 Set different listeners per protocol version 2017-04-09 15:03:27 -03:00
Manuel de Brito Fontes
1c6c4273c9 Avoid child processes 2017-04-09 13:58:03 -03:00
Nick Sardo
7c635a8c83 Merge pull request #570 from nicksardo/pkg-rename 
Renaming few remaining packages
 2017-04-07 07:21:14 -07:00
Nick Sardo
5b37d2b315 Rename packages from api to api_v1 2017-04-06 22:27:50 -07:00
Manuel Alejandro de Brito Fontes
7ca7652ab2 Merge pull request #563 from aledbf/hsts-preload 
Add option to disable hsts preload
 2017-04-05 23:20:35 -03:00
Manuel Alejandro de Brito Fontes
427c5c747c Merge pull request #556 from aledbf/update-nginx-controller 
Update nginx version and remove dumb-init
 2017-04-05 22:54:43 -03:00
Manuel de Brito Fontes
cbe4029597 Add option to disable hsts preload 2017-04-05 22:48:43 -03:00
Nick Sardo
12a0373d2e Merge pull request #539 from aledbf/migrate-client-go 
Migrate to client-go
 2017-04-05 13:50:21 -07:00
Manuel de Brito Fontes
e492a4b396 Add flag to specify the api server url 2017-04-05 10:10:34 -03:00
Manuel de Brito Fontes
62c13fb7bc Update nginx version and remove dumb-init 2017-04-04 17:59:54 -03:00
Manuel Alejandro de Brito Fontes
0fe0d6f504 Merge pull request #551 from gianrubio/review-prometheus 
Build namespace and ingress class as label
 2017-04-04 11:55:23 -03:00
Manuel de Brito Fontes
e0561ddeb9 Update nginx and generic controller 2017-04-04 11:51:50 -03:00
Manuel de Brito Fontes
c7c2a564a9 Update gce controller 2017-04-04 11:51:50 -03:00
Giancarlo Rubio
197acf0f2b Build namespace and ingress class as label 2017-04-04 16:23:40 +02:00
Manuel Alejandro de Brito Fontes
22c3226377 Merge pull request #550 from gianrubio/fix-args 
Fix args
 2017-04-04 09:16:43 -03:00
Giancarlo Rubio
c21f7ce666 OverrideFlags was called before parsing arguments (arguments was always empty) 
correct args order for newStatsCollector
 2017-04-04 13:15:06 +02:00
Manuel Alejandro de Brito Fontes
79f8019c5b Merge pull request #493 from aledbf/update-nginx 
Update nginx and vts module
 2017-04-03 19:33:05 -03:00
Manuel de Brito Fontes
bc68f9eea3 Update nginx and vts module 2017-04-02 16:07:38 -03:00
Manuel de Brito Fontes
4103537ea1 Fix lint errors 2017-04-02 11:07:07 -03:00
Manuel Alejandro de Brito Fontes
02cd3ce885 Merge pull request #225 from electroma/nginx/extauth_headers 
Support for http header passing from external authentication service
 2017-04-01 20:40:29 -03:00
Manuel Alejandro de Brito Fontes
c14d0d852b Merge pull request #532 from aledbf/ssl_ecdh_curve 
Add setting to configure ecdh curve
 2017-03-31 11:55:44 -03:00
Manuel de Brito Fontes
8e41bdd3d4 Add setting to configure ecdh curve 2017-03-30 23:23:14 -03:00
Manuel de Brito Fontes
3fc79625e6 Fix link to examples 2017-03-30 23:13:43 -03:00
Manuel de Brito Fontes
7e86cfe64b Fix link to custom nginx configuration 2017-03-30 23:01:45 -03:00
Manuel de Brito Fontes
cf82f694de Avoid negative values configuring the max number of open files 2017-03-30 10:10:47 -03:00
Manuel Alejandro de Brito Fontes
39feaf10df Merge pull request #516 from aledbf/workers-auto 
Convert WorkerProcesses setting to string to allow the value auto
 2017-03-28 19:59:22 -03:00
Manuel de Brito Fontes
1278a97dc6 Convert WorkerProcesses setting to string to allow the value auto 2017-03-28 19:58:09 -03:00
Andreas Kohn
9dcac88b3d Fix typos regarding the ssl-passthrough annotation documentation 2017-03-27 10:19:21 +02:00
Manuel de Brito Fontes
40f9064ca3 Add information about SSL Passthrough annotation 2017-03-26 17:25:05 -03:00
Manuel Alejandro de Brito Fontes
f5211458ce Merge pull request #454 from danielqsj/master 
Pass request port to real server
 2017-03-26 08:01:11 -03:00
rsafronov
6d07d32003 Merge branch 'upstream' into nginx/extauth_headers 2017-03-24 20:25:18 -04:00
Canh Ngo
46a42a2905 Adds support for CORS with Authorization header 2017-03-23 16:17:47 +01:00
Canh Ngo
df76382055 Adds support for CORS on error responses 2017-03-23 16:17:37 +01:00
Nick Sardo
116fbe8c33 Merge pull request #477 from nicksardo/glbc-service-watch 
[GLBC] Sync ingress when default backend service is modified.
 2017-03-22 13:08:30 -07:00
Nick Sardo
a94d31e87d glbc: watch backend service 2017-03-22 13:07:37 -07:00
Nick Sardo
0a75f42884 Merge pull request #479 from matthewg/master 
Add 35.191.0.0/16 range to GCE firewalls
 2017-03-22 10:22:46 -07:00
Thomas Peitz
3b55e09e23 Remove unnecessary quote in nginx log format 2017-03-22 15:48:15 +01:00
Matthew Sachs
04b87d5945 Add 35.191.0.0/16 range to GCE firewalls (issue #478) 2017-03-22 00:18:26 -07:00
Nick Sardo
509aaf10c6 Merge pull request #472 from nicksardo/git-ignore-glbc 
[gce] Add .gitignore
 2017-03-21 12:43:19 -07:00
shijunqian
43469a8179 Pass request port to real server 2017-03-21 10:33:11 +08:00
Nick Sardo
3706f32639 git ignore glbc 2017-03-20 16:36:18 -07:00
chentao1596
37bdb3952e fix all go style mistakes about fmt.Errorf 2017-03-17 08:35:55 +08:00
Manuel Alejandro de Brito Fontes
c25936df62 Merge pull request #427 from rikatz/app-root-redirect 
Adds support for root context redirection
 2017-03-16 07:32:30 -03:00
Manuel Alejandro de Brito Fontes
3d681cda78 Merge pull request #430 from ohmystack/fix-baseurl 
Fix add-base-url
 2017-03-15 19:37:44 -03:00
Kirill Levin
23c45340be fix nginx-udp-and-udp on same port 2017-03-15 20:45:21 +03:00
Manuel de Brito Fontes
350c5f2c03 Remove snake oil certificate generation 2017-03-15 08:23:25 -03:00
Jeff Grafton
071ac58564 Fix a few bugs in the nginx-ingress-controller Makefile 
* make 'clean' use the new path to the built binary
* make 'container' depend on 'build'
 2017-03-14 14:50:52 -07:00
Tim Hockin
3dd746136b Merge pull request #434 from aledbf/0.9-beta.3 
Release 0.9-beta.3
 2017-03-14 10:54:45 -07:00
Manuel de Brito Fontes
1aa8223889 Release 0.9-beta.3 2017-03-14 12:19:37 -03:00
caiyixiang
3b152e6aa7 0 2017-03-14 19:19:21 +08:00
Lee Calcote
c10c0fb196 Update README.md 
Missing 'e' in achieve
 2017-03-13 22:10:29 -05:00
rsafronov
7034e1de69 Merge remote-tracking branch 'upstream/master' into nginx/extauth_headers 
# Conflicts:
#	core/pkg/ingress/annotations/authreq/main.go
 2017-03-13 15:04:37 -04:00
ohmystack
bbeb9a766c Fix add-base-url 
The "base" tag is used for completing a relative link in current page
by browser, so it should stay the same with the base url of current
page.
 2017-03-14 01:04:35 +08:00
Ricardo Pchevuzinske Katz
0e5d3ca9e9 Adds support for root redirection, and improves rewrite documentation 2017-03-13 12:03:47 -03:00
Ricardo Katz
c41e6bd82f Merge 04af55af3c into 0cb8f59f70 2017-03-12 22:09:42 +00:00
Ricardo Pchevuzinske Katz
04af55af3c Adds support for root context redirection 2017-03-12 19:06:10 -03:00
Manuel de Brito Fontes
e702c55820 Fix build 2017-03-12 18:11:03 -03:00
Manuel de Brito Fontes
7ba389c1d0 Cleanup collection of prometheus metrics 2017-03-10 16:47:08 -03:00
Giancarlo Rubio
1d38e3a384 Scrap json metrics from nginx vts 
upgrade vts to the latest version
 2017-03-10 09:25:56 -03:00
Manuel Alejandro de Brito Fontes
dd7f8b4a97 Merge pull request #408 from gianrubio/fix-links 
Review docs
 2017-03-10 07:26:24 -03:00
Nick Sardo
db96c9d574 Merge pull request #406 from tonglil/static-ip-debug 
Add debug info and fix spelling
 2017-03-09 09:41:48 -08:00
Nick Sardo
0a21901687 Merge pull request #401 from chentao1596/gc-healthcheckers-unittest 
add unit test cases for controllers/gce/healthchecks
 2017-03-09 09:39:55 -08:00
Manuel Alejandro de Brito Fontes
a5f8af70bf Merge pull request #410 from aledbf/colemickens-signin-url 
Add support for "signin url"
 2017-03-09 11:21:42 -03:00
chentao1596
468815e986 add unit test cases for controllers/gce/healthchecks 2017-03-09 10:16:41 +08:00
Cole Mickens
09e6aabce4 Add auth-signin annotation 2017-03-08 20:24:01 -03:00
Manuel de Brito Fontes
c173985af0 Allow custom http2 header sizes 2017-03-08 20:00:16 -03:00
Giancarlo Rubio
a2edde35fc fix some broken links 
upgrade all nginx examples to latest version
moved some examples from contrib to this repo
 2017-03-08 22:22:31 +01:00
Tony Li
62fcc400b8 add debug info and fix spelling 2017-03-08 12:55:33 -05:00
Gorka Lerchundi Osa
e1c1dfadc7 allow specifying custom dh param 
fixes #162
 2017-03-08 15:32:32 +01:00
Giancarlo Rubio
63b5f2f1c5 add configuration to disable listening on ipv6 2017-03-08 13:29:02 +01:00
Manuel Alejandro de Brito Fontes
f1062e07bc Merge pull request #369 from xialonglee/patch-1 
Minor text fix for "ApiServer"
 2017-03-08 07:09:32 -03:00
Nick Sardo
31eab3880b Merge pull request #384 from timstclair/busybox 
Rebase GLBC on alpine:3.5
 2017-03-07 17:19:17 -08:00
Manuel Alejandro de Brito Fontes
d6620ead2c Merge pull request #397 from aledbf/fix-external-auth 
Fix external auth
 2017-03-07 21:36:53 -03:00
Nick Sardo
61a03033f7 Merge pull request #386 from itamaro/patch-1 
Fix glbc usage string
 2017-03-07 15:08:17 -08:00
Tony Li
7000924dc5 GCE pre-shared cert fixes (#395) 
* pick up changes to the external cert referenced by lb

* less prone way to check if cert should be deleted
 2017-03-07 15:05:21 -08:00
Manuel de Brito Fontes
bebd596b3f Listen customization must be done just in one place 2017-03-07 19:50:24 -03:00
Tim St. Clair
1023056c3b
Rebase GLBC on busybox 2017-03-07 13:49:43 -08:00
Tony Li
e1d1445370 GCE/GKE "pre-shared" TLS cert (#291) 
* add allow-named-tls annotation

* works for setting tls

* fix logs (mostly)

* add ssl cert annotation

* return an error when cert not found

* use annotation if specified, otherwise use spec

* add TODO on naming

* use the annotation key from k8s

* add unit test for HTTPS LB w/ cert annotation

* refactor logic and check for error

* move annotation to controller package

* remove todo for function naming
 2017-03-07 13:42:41 -08:00
craigmonson
6e6aae6c29 Update README.md 
fix broken link to config maps
 2017-03-07 15:09:50 -05:00
Manuel de Brito Fontes
484bd43111 Fix http2 header size 2017-03-07 14:42:59 -03:00
Victor Unegbu
dfdcdfde0b remove tmp nginx-diff files 2017-03-07 09:59:10 -06:00
Itamar Ostricher
6f3139a79e Fix glbc usage string 
1. Typo in `glbc` binary name
2. Typo in `running-in-cluster` flag
3. Remove non-existing flag `--default-backend-node-port`
 2017-03-07 12:09:12 +02:00
chentao1596
1417a3a818 add copyright 2017-03-07 15:34:31 +08:00
Nick Sardo
a6e38221ee Merge pull request #278 from csbell/fw-name 
Extend ConfigMap to store fwrule names
 2017-03-06 10:37:20 -08:00
Manuel de Brito Fontes
f0c758eed2 Fix custom log format 2017-03-06 12:33:51 -03:00
Manuel Alejandro de Brito Fontes
de8b9b8df2 Merge pull request #370 from foxylion/force-ssl-redirect-documentation 
Add documentation for ingress.kubernetes.io/force-ssl-redirect
 2017-03-05 22:11:05 -03:00
Manuel de Brito Fontes
cd924f5522 Avoid duplication of ReadConfig function 2017-03-04 18:35:33 -03:00
Manuel de Brito Fontes
1473f64fb0 Remove SPDY reference 2017-03-04 18:35:33 -03:00
Manuel de Brito Fontes
3c0fb01ba2 Add warning when the ingress controller uses a custom class 2017-03-04 18:35:33 -03:00
Manuel de Brito Fontes
2399be867e Cleanup custom log format configuration 2017-03-04 18:35:33 -03:00
Jakob Jarosch
74d57c9502 Add documentation for ingress.kubernetes.io/force-ssl-redirect 
refs #314 #365
 2017-03-03 20:29:43 +01:00
Peter Lee
0b6f4d2770 Minor text fix for "ApiServer" 
It looks a little weird to apply camel case style for the noun "apiserver", i didn't see somewhere else spelling it in that way.
 2017-03-04 00:40:07 +08:00
Manuel Alejandro de Brito Fontes
75124bc9f1 Merge pull request #356 from gianrubio/patch-1 
Disable listen only on ipv6 and fix proxy_protocol
 2017-03-03 09:50:43 -03:00
Manuel Alejandro de Brito Fontes
6cd21f7dea Merge pull request #362 from gianrubio/fix-ingress-class 
Fix ingress class
 2017-03-03 09:49:59 -03:00
Manuel Alejandro de Brito Fontes
3b2f668f39 Merge pull request #367 from gianrubio/customize-logformat 
BuildLogFormatUpstream was always using the default log-format
 2017-03-03 09:43:48 -03:00
Manuel Alejandro de Brito Fontes
9f39abc019 Merge pull request #365 from pwillie/forcesslredirect 
add ForceSSLRedirect ingress annotation
 2017-03-03 09:05:02 -03:00
Giancarlo Rubio
1e5081baf2 BuildLogFormatUpstream function was always using the default log-format-upstream, 2017-03-03 13:03:49 +01:00
caiyixiang
482293b99d add_judgment 2017-03-03 15:17:32 +08:00
Peter Wilson
1a72b3f775 add ForceSSLRedirect ingress annotation 2017-03-03 16:44:29 +11:00
Aaron Roydhouse
336f3cb108 Fix error caused by increasing proxy_buffer_size (#363) 
This fixes the bug raised in #363, by increasing the size of the proxy_buffers (memory allocation) to match the size of the proxy buffer. This leaves the default values (with no ingress setting) unchanged:
```
proxy_buffer_size      4k
proxy_buffers            4 4k
```
If 'proxy-buffer-size' is set, then now both the buffer size and the memory allocation size is increased:
```
proxy_buffer_size     "{{ $location.Proxy.BufferSize }}";
proxy_buffers           4 "{{ $location.Proxy.BufferSize }}";
```
I have been using this patch with 0.8.3 and 0.9.0-beta.2.
 2017-03-02 16:11:27 -05:00
rsafronov
05526e4a66 Merge remote-tracking branch 'upstream/master' into nginx/extauth_headers 
# Conflicts:
#	controllers/nginx/pkg/template/template.go
 2017-03-02 14:46:18 -05:00
Christian Bell
68097e96dc Better logging and address review comments 2017-03-02 10:54:32 -08:00
Giancarlo Rubio
2ddba72baa Fix ingress class 2017-03-02 16:50:31 +01:00
Giancarlo Rubio
0ca3aef0f5 Add ability to customize upstream and stream log format 2017-03-01 18:47:11 +01:00
Giancarlo Rubio
90fdea751b Disable listen only on ipv6 and fix proxy_protocol 
- Always listen on ipv4 address for port 443
- Rollback previous PR #227 that broke the proxy_protocol when passthroughBackends is disabled
 2017-03-01 15:31:00 +01:00
Christian Bell
b259c9b349 First stab at extending the "uid" configmap to store firewall 
rule information.
 2017-02-28 10:49:31 -08:00
rsafronov
d3b952552a minor: formatting 2017-02-27 16:34:42 -05:00
electroma
c8eda8f17f Merge branch 'master' into nginx/extauth_headers 2017-02-27 16:28:11 -05:00
Manuel de Brito Fontes
02d44ccbaa Fix client source IP address 2017-02-26 19:01:07 -03:00
Manuel Alejandro de Brito Fontes
0aabfba848 Merge pull request #235 from rikatz/ingress-ssl-auth 
Adds correct support for TLS Muthual autentication
 2017-02-25 20:34:28 -03:00
Piotr Szczesniak
fd7990de67 Expose Prometheus metrics in glbc controller 2017-02-25 18:30:00 +01:00
Manuel Alejandro de Brito Fontes
8f23451c24 Merge pull request #221 from tonglil/typos 
Typo: unittesting -> unit testing
 2017-02-25 08:12:53 -03:00
Manuel Alejandro de Brito Fontes
712b60f197 Merge pull request #222 from tonglil/fix-log-message 
Change arg ordering in log message
 2017-02-25 08:12:41 -03:00
Manuel Alejandro de Brito Fontes
3f2592128c Merge pull request #224 from tonglil/check-error 
Check for error getting cert
 2017-02-25 08:12:25 -03:00
Ricardo Pchevuzinske Katz
a342c0bce3 Adds correct support for TLS Muthual autentication and depth verification 
modified:   controllers/nginx/configuration.md
	modified:   controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl
	modified:   core/pkg/ingress/annotations/authtls/main.go
	modified:   core/pkg/ingress/controller/backend_ssl.go
	modified:   core/pkg/ingress/controller/controller.go
	modified:   core/pkg/ingress/controller/util_test.go
	modified:   core/pkg/ingress/resolver/main.go
	modified:   core/pkg/ingress/types.go
	modified:   core/pkg/net/ssl/ssl.go
	modified:   examples/PREREQUISITES.md
	new file:   examples/auth/client-certs/nginx/README.md
	new file:   examples/auth/client-certs/nginx/nginx-tls-auth.yaml
 2017-02-24 22:49:01 -03:00
Manuel de Brito Fontes
84324af140 Refactoring of TCP and UDP services 2017-02-24 20:14:43 -03:00
Manuel Alejandro de Brito Fontes
33ab550290 Merge pull request #332 from aledbf/snippets 
Add annotation to customize nginx configuration
 2017-02-24 18:39:45 -03:00
Giancarlo Rubio
704a18cec9 Add support for proxy cookie path/proxy cookie domain 2017-02-24 16:06:30 +01:00