DevFW-CICD/ingress-nginx-helm
12
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
1560 commits 4 branches 217 tags 166 MiB
Commit graph

261 commits

Author SHA1 Message Date
Manuel de Brito Fontes
6a4679b028 Add support for proxy protocol in TCP services 2017-07-02 17:09:09 -04:00
Manuel Alejandro de Brito Fontes
9af4fb573e Merge pull request #906 from aledbf/fix-race-condition 
Fix race condition with closed channels
 2017-06-28 14:47:57 -04:00
Gorka Lerchundi Osa
5503e8d0e9 nginx/proxy: allow specifying next upstream behaviour 2017-06-27 23:30:43 +02:00
Manuel de Brito Fontes
8e8277f1a4 Fix race condition with closed channels 2017-06-26 13:16:53 -04:00
Manuel de Brito Fontes
67e0e0b920 Fix nginx sticky sessions 2017-06-25 21:30:30 -04:00
Manuel de Brito Fontes
3b903c5913 Always reload after a change in the configuration 2017-06-25 18:12:07 -04:00
Manuel Alejandro de Brito Fontes
312c9ec7e2 Merge pull request #871 from aledbf/fix-sticky 
Add feature to allow sticky sessions per location
 2017-06-23 13:22:12 -04:00
Manuel de Brito Fontes
83d03a19a6 Add feature to allow sticky sessions per location 2017-06-22 14:12:57 -04:00
Manuel de Brito Fontes
4ee2bdc302 Add support for SubjectAltName in SSL certificates 2017-06-20 19:47:06 -04:00
Manuel de Brito Fontes
05a976f9e5 Add flag to skip the update of Ingress status on shutdown 2017-06-20 09:47:18 -04:00
Manuel de Brito Fontes
92eeb7828b Implement Equaler 2017-06-15 00:17:54 -04:00
Manuel de Brito Fontes
75a4a61254 WIP: Avoid reloads implementing Equals in structs 2017-06-14 23:58:31 -04:00
Manuel de Brito Fontes
45c77a951d Code linting 2017-06-14 19:49:35 -04:00
Manuel de Brito Fontes
aa8c66ec01 Remove dead code 2017-06-14 19:42:13 -04:00
Manuel Alejandro de Brito Fontes
bd1429ddac Merge pull request #855 from aledbf/lint 
Lint code
 2017-06-13 11:31:32 -04:00
Giancarlo Rubio
b4c8a66b1f Don't expose certificate metrics for default server 
The default server has a self signed certificate so it's not important to monitor
 2017-06-13 16:01:05 +02:00
Fabian Ruff
8304feb497 ensure private key and certificate match 
Adding an ingress tls secret with a non matching certificate and private key break at least the nginx-controller permanently until the offending secret is deleted.

In that case nginx refuses to start/reload with an error like this:
```
Error: exit status 1
2017/06/13 12:16:53 [emerg] 51#51: SSL_CTX_use_PrivateKey_file("/ingress-controller/ssl/monsoon3-tls-baremetal-3-eu-de-1-cloud-sap.pem") failed (SSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch)
nginx: [emerg] SSL_CTX_use_PrivateKey_file("/ingress-controller/ssl/tls-baremetal-3-example-com.pem") failed (SSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch)
nginx: configuration file /tmp/nginx-cfg728491545 test failed
```
 2017-06-13 15:16:24 +02:00
Manuel de Brito Fontes
aacb7a5abb Lint 2017-06-13 09:07:14 -04:00
Giancarlo Rubio
d9cf043552 Instrument nginx to expose metric "ssl certficate expiration time " 
Add a console warning message 10 days before the certificate expire
 2017-06-13 13:44:00 +02:00
Justin Santa Barbara
cacc7bc21e Match ServicePort to Endpoints by Name 
We can never match on the EndpointPort.Port; that is the container port.
 2017-06-12 23:02:28 -04:00
Manuel de Brito Fontes
dca6de883c Simplify controller interface 2017-06-11 15:56:30 -04:00
Joao Morais
6b54ae58ac Create or delete ingress based on class annotation 2017-06-07 13:16:34 -03:00
Manuel Alejandro de Brito Fontes
3f0307a96e Merge pull request #792 from aledbf/refactor-has-synced 
Avoid checking if the controllers are synced
 2017-05-29 20:38:30 -04:00
Manuel Alejandro de Brito Fontes
5f71bde601 Merge pull request #753 from jcmoraisjr/jm-secret-tracker 
Move secretTracker updating to GetAuthCertificate()
 2017-05-29 17:01:40 -04:00
Manuel de Brito Fontes
5472555186 Avoid checking if the controllers are synced 2017-05-29 12:22:30 -04:00
Joao Morais
37f8c8bb40 Add ConfigureFlags() on controller interface 2017-05-24 21:03:52 -03:00
Manuel de Brito Fontes
797560ab8c Change recorder event scheme 2017-05-24 14:02:51 -04:00
Manuel de Brito Fontes
e347413649 Replace use of endpoint as locks with configmap 2017-05-24 01:55:13 -04:00
Joao Morais
c4d8011fa4 Move secretTracker updating to GetAuthCertificate() 2017-05-23 14:20:31 -03:00
Manuel Alejandro de Brito Fontes
42e40557b9 Merge pull request #749 from aledbf/remove-service-annotation 
Remove service annotation for namedPorts
 2017-05-22 23:34:42 -04:00
Manuel de Brito Fontes
d98a052972 Remove service annotation for namedPorts 2017-05-22 22:55:39 -04:00
Manuel de Brito Fontes
b1d6468d5d Replace NodeLegacyHostIP with NodeInternalIP 2017-05-20 20:11:58 -04:00
Manuel Alejandro de Brito Fontes
3dc7717a68 Merge pull request #716 from jcmoraisjr/jm-secure-ca 
Add secure-verify-ca-secret annotation
 2017-05-17 07:41:13 -04:00
Manuel Alejandro de Brito Fontes
8ca5fbeece Merge pull request #717 from caiyixiang/del_unuseful_var 
delete unuseful variable
 2017-05-15 22:19:18 -04:00
zouyee
bb72a03bc2 nodeController sync 2017-05-15 14:34:08 +08:00
caiyixiang
c05b7a0094 \core\pkg\ingress\errors:delete unuseful variable 2017-05-15 10:22:58 +08:00
Joao Morais
8b5a6e7661 Add secure-verify-ca-secret annotation 2017-05-14 19:14:27 -03:00
Manuel de Brito Fontes
a537d2d0fa Remove secrets from ingress after a Delete event 2017-05-11 22:19:16 -03:00
Manuel de Brito Fontes
5c9c5a301a Avoid periodic check for secret changes 2017-05-10 21:54:30 -03:00
Manuel de Brito Fontes
5d9728b16e Convert CN SSL Certificate to lowercase before comparison 2017-05-01 20:01:05 -03:00
Manuel de Brito Fontes
87b484eb47 Allow more frequent reload events 2017-04-27 14:29:31 -03:00
Manuel Alejandro de Brito Fontes
a1b6fa7d5b Merge pull request #663 from aledbf/remove-todo 
Remove helper required in go < 1.8
 2017-04-27 00:14:29 -03:00
Manuel Alejandro de Brito Fontes
192d832458 Merge pull request #662 from aledbf/fix-647 
Add debug information about ingress class
 2017-04-27 00:08:04 -03:00
Manuel de Brito Fontes
d1e77f132f Remove helper required in go < 1.8 2017-04-26 23:52:03 -03:00
Manuel de Brito Fontes
8fc09d521f Add debug information about ingress class 2017-04-26 23:43:52 -03:00
Manuel de Brito Fontes
7eee34f473 Rollback queue refactoring 2017-04-26 22:52:04 -03:00
Manuel de Brito Fontes
ab1f04b9c2 Add support for https in proxy request for external authentication 2017-04-24 22:14:38 -03:00
Manuel de Brito Fontes
786d977a90 Fix lint errors 2017-04-20 16:48:14 -03:00
Manuel Alejandro de Brito Fontes
b18f8e86ad Merge pull request #629 from aledbf/externalname-feature 
Add support for services of type ExternalName
 2017-04-20 16:44:03 -03:00
Manuel de Brito Fontes
c71fe9f73f Add support for services of type ExternalName 2017-04-19 23:30:51 -03:00
Manuel de Brito Fontes
de14e2f4f1 Refactor ssl-passthroug using go to handle TLS hello 2017-04-19 01:39:14 -03:00
Manuel de Brito Fontes
c4ef98240d Status leader election must consired the ingress class 2017-04-16 15:48:12 -03:00
Manuel Alejandro de Brito Fontes
0f9f082959 Merge pull request #599 from aledbf/force-isolation 
Add flag to force namespace isolation
 2017-04-15 11:42:46 -03:00
caiyixiang
25a5b92e94 add a judgment 2017-04-13 16:38:07 +08:00
Manuel de Brito Fontes
77c9f4e5fc Add flag to force namespace isolation 2017-04-12 22:50:54 -03:00
chentao1596
f5baeb2f4a add unit test cases for core/pkg/ingress/controller/backend_ssl 2017-04-11 15:27:22 +08:00
chentao1596
2ec3bb810e remove reduntants alias 2017-04-11 11:13:09 +08:00
Manuel de Brito Fontes
5bd729a1b6 Detect if the ingress controller is running with multiple replicas 2017-04-09 16:14:20 -03:00
Manuel de Brito Fontes
f28142ae8e Replace secret workqueue 2017-04-09 13:52:10 -03:00
Joao Morais
239166b4b7 Revert merge annotations to the implicit root context 2017-04-06 22:18:51 -03:00
Joao Morais
4558ef6a52 Fix intermittent misconfiguration of backend.secure and sticky 2017-04-05 22:21:34 -03:00
Manuel Alejandro de Brito Fontes
ed6987e716 Merge pull request #540 from jcmoraisjr/jm-ssl-passthrough 
Add Backends.SSLPassthrough attribute
 2017-04-05 17:53:29 -03:00
Nick Sardo
12a0373d2e Merge pull request #539 from aledbf/migrate-client-go 
Migrate to client-go
 2017-04-05 13:50:21 -07:00
Manuel de Brito Fontes
e0561ddeb9 Update nginx and generic controller 2017-04-04 11:51:50 -03:00
Giancarlo Rubio
c21f7ce666 OverrideFlags was called before parsing arguments (arguments was always empty) 
correct args order for newStatsCollector
 2017-04-04 13:15:06 +02:00
Andreas Kohn
049790918c
Fix a couple of 'does not contains' typos 2017-04-03 12:22:08 +02:00
Manuel de Brito Fontes
4103537ea1 Fix lint errors 2017-04-02 11:07:07 -03:00
Joao Morais
b59d49a4a7 Add Backends.SSLPassthrough attribute 2017-04-01 23:32:22 -03:00
Manuel Alejandro de Brito Fontes
02cd3ce885 Merge pull request #225 from electroma/nginx/extauth_headers 
Support for http header passing from external authentication service
 2017-04-01 20:40:29 -03:00
Manuel Alejandro de Brito Fontes
638ea2b51e Merge pull request #527 from jcmoraisjr/jm-ann-root-context 
Add annotations to location of default backend (root context)
 2017-04-01 11:21:06 -03:00
Manuel de Brito Fontes
00ce4f46f3 Add test for ingress status update 2017-03-31 09:46:51 -03:00
Joao Morais
8552351af0 Add annotations to location of default backend (root context) 2017-03-30 22:30:39 -03:00
Andreas Kohn
33715a9c8e Fix a typo in an error message 2017-03-30 13:00:31 +02:00
Ash Berlin
6ac7a12a60 Use whitelist-source-range from configmap when no annotation on ingress. 
Even though we were returning a SourceRange it was being ignored because
we were also returning an error. Detect the case (and add tests) when
the annotation is not present and use the BackendConfig in that case.

Fixes #473.
 2017-03-29 13:09:03 +01:00
chentao1596
767591fa18 remove unused constants 2017-03-27 10:11:40 +08:00
chentao1596
6ab3a21971 add unit test cases for core/pkg/ingress/controller/annotations 2017-03-27 10:06:07 +08:00
Joao Morais
567041ea0d Improve TLS secret configuration 2017-03-26 09:28:59 -03:00
Joao Morais
f945624e9c Proper enqueue a secret on the secret queue 2017-03-25 21:10:20 -03:00
rsafronov
6d07d32003 Merge branch 'upstream' into nginx/extauth_headers 2017-03-24 20:25:18 -04:00
chentao1596
740f7caeb8 add unit test case for named_port 2017-03-24 14:18:17 +08:00
chentao1596
9f5ed978b9 use interface instead of implementation 2017-03-24 10:20:44 +08:00
Nick Sardo
62070a15e2 Merge pull request #111 from chentao1596/fix-go-style-mistake-errorf 
fix some go style mistakes about fmt.Errorf
 2017-03-17 11:08:03 -07:00
chentao1596
37bdb3952e fix all go style mistakes about fmt.Errorf 2017-03-17 08:35:55 +08:00
Manuel de Brito Fontes
18492c1384 Add information about SSL certificates in the default log level. 2017-03-16 16:02:15 -03:00
Manuel de Brito Fontes
d82544fe80 Avoid upstreams with multiple servers with the same port 2017-03-16 08:20:52 -03:00
Manuel Alejandro de Brito Fontes
c25936df62 Merge pull request #427 from rikatz/app-root-redirect 
Adds support for root context redirection
 2017-03-16 07:32:30 -03:00
Giancarlo Rubio
3570d44370 remove configmap validations . rollback #441, fix #443 2017-03-15 12:39:39 +01:00
Manuel Alejandro de Brito Fontes
2f01845964 Merge pull request #441 from gianrubio/skip-validation 
skip validation when configmap is empty
 2017-03-14 11:25:23 -03:00
Giancarlo Rubio
1e1e4dca94 skip validation on empty configmap 2017-03-14 14:45:47 +01:00
Manuel Alejandro de Brito Fontes
153fdf516e Merge pull request #439 from Collaborne/pr/nil-reference-temp-file 
Avoid a nil-reference when the temporary file cannot be created
 2017-03-14 10:29:07 -03:00
Andreas Kohn
3dece0ab70
Avoid a nil-reference when the temporary file cannot be created 2017-03-14 13:52:38 +01:00
Andreas Kohn
dbeead3615
Fix typo in error message 2017-03-14 13:51:29 +01:00
Andreas Kohn
6e017269db
Fix grammar in error messages 2017-03-14 13:51:23 +01:00
Manuel Alejandro de Brito Fontes
03c43b611c Merge pull request #432 from gianrubio/validate-configmap 
Validations
 2017-03-14 09:22:02 -03:00
Giancarlo Rubio
c6195c44f3 Validate if configmap exist and is in the namespace/name format 
Verifiy if watch-namespace option exist
 2017-03-14 09:45:01 +01:00
Ian Quick
0fa2a32b6f pass the ingress in or the 2nd invocation will be used 2017-03-13 18:39:35 -04:00
rsafronov
7034e1de69 Merge remote-tracking branch 'upstream/master' into nginx/extauth_headers 
# Conflicts:
#	core/pkg/ingress/annotations/authreq/main.go
 2017-03-13 15:04:37 -04:00
Ricardo Pchevuzinske Katz
0e5d3ca9e9 Adds support for root redirection, and improves rewrite documentation 2017-03-13 12:03:47 -03:00
Ricardo Pchevuzinske Katz
04af55af3c Adds support for root context redirection 2017-03-12 19:06:10 -03:00
Manuel de Brito Fontes
1cc0a95966 Manually sync secrets from certificate authentication annotations 2017-03-10 12:34:13 -03:00