DevFW-CICD/ingress-nginx-helm
16
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
4686 commits 4 branches 217 tags 166 MiB
Commit graph

4686 commits

This branch
This branch
All branches
Author SHA1 Message Date
Kubernetes Prow Robot
134c3af2dc Merge pull request #4849 from dene14/fcgi-docs-fix 
Fixed documentation for FCGI annotation.
 2019-12-18 18:57:56 -08:00
Denis Boulas
bb2014a641 Fixed documentation for FCGI annotation. 2019-12-19 03:48:55 +03:00
Manuel Alejandro de Brito Fontes
1a8d023b0e Update nginx image (#4848) 2019-12-18 09:32:20 -03:00
Kubernetes Prow Robot
8409bbf7e4 Merge pull request #4842 from theoretick/patch-1 
Update Modsecurity-nginx to latest (v1.0.1)
 2019-12-17 11:05:58 -08:00
Lucas Charles
57817d9f17 Update Modsecurity-nginx to latest 
Updates Modsecurity-nginx connector to release v1.0.1
 2019-12-17 10:05:27 -08:00
Manuel Alejandro de Brito Fontes
a4fd8fd287 Return specific type (#4840) 2019-12-17 12:06:17 -03:00
Kubernetes Prow Robot
42a2c89c23 Merge pull request #4829 from aledbf/modseccrs 
Update modsecurity crs to v3.2.0
 2019-12-13 11:41:08 -08:00
Manuel Alejandro de Brito Fontes
87f36b2895 Update modsecurity crs to v3.2.0 2019-12-13 11:13:14 -03:00
Kubernetes Prow Robot
1bf93a9c52 Merge pull request #4827 from aledbf/update-versions 
Migrate ingress definitions from extensions to networking.k8s.io
 2019-12-13 06:00:55 -08:00
Manuel Alejandro de Brito Fontes
7fd12e7b7d Remove hard-coded annotation and don't use map pointers 2019-12-13 03:05:20 -03:00
Manuel Alejandro de Brito Fontes
8632b27fc2 Fix e2e test flakes 2019-12-13 01:34:52 -03:00
Manuel Alejandro de Brito Fontes
ba97045fea Fix code-generator task 2019-12-12 22:38:01 -03:00
Manuel Alejandro de Brito Fontes
1119a1738a Add parallel to e2e-prow image 2019-12-12 22:07:03 -03:00
Manuel Alejandro de Brito Fontes
1416f403ec Update kind to v0.6.1 2019-12-12 21:44:19 -03:00
Manuel Alejandro de Brito Fontes
359341e808 Use deployments only from apps/v1 group 2019-12-12 21:25:01 -03:00
Manuel Alejandro de Brito Fontes
37413d7794 Migrate ingress definitions from extensions to networking.k8s.io 2019-12-12 21:25:00 -03:00
Kubernetes Prow Robot
ae5d1f470f Merge pull request #4823 from aledbf/go-modules 
Update go dependencies to v1.17.0
 2019-12-12 11:40:32 -08:00
Kubernetes Prow Robot
12c570c577 Merge pull request #4826 from ElvinEfendi/fix-duplicate-hsts 
regression test and fix for duplicate hsts bug
 2019-12-12 11:10:32 -08:00
Elvin Efendi
41112332b5 misc: improve build scripts 2019-12-12 13:49:28 -05:00
Elvin Efendi
ca3e934cba fix duplicate hsts bug 2019-12-12 13:49:13 -05:00
Elvin Efendi
1bfd79c11c regression test for duplicate hsts 2019-12-12 13:45:43 -05:00
Manuel Alejandro de Brito Fontes
686a01dbb4 Cleanup test 2019-12-10 22:45:11 -03:00
Manuel Alejandro de Brito Fontes
7c3c282d7e Check the configmap is valid 2019-12-10 22:45:02 -03:00
Kubernetes Prow Robot
39d6cc4c97 Merge pull request #4816 from kdomanski/fix-ssl-redirect 
apply default certificate again in cases of invalid or incomplete cert config
 2019-12-10 17:40:05 -08:00
Manuel Alejandro de Brito Fontes
7c6850a92c Update go dependencies to v1.17.0 2019-12-10 21:55:54 -03:00
Kamil Domański
666688ee0a add e2e test for HTTP->HTTPS redirection 2019-12-09 15:56:21 +01:00
Kubernetes Prow Robot
a50f5d0d9a Merge pull request #4813 from aledbf/ssl-ciphers 
Update default SSL ciphers
 2019-12-06 15:05:53 -08:00
Kamil Domański
9b708258d1 apply default certificate again in cases of invalid or incomplete cert config 
Signed-off-by: Kamil Domański <kamil@domanski.co>
 2019-12-06 12:15:52 +01:00
Manuel Alejandro de Brito Fontes
ed99f04a30 Update default SSL ciphers 2019-12-05 19:34:53 -03:00
Manuel Alejandro de Brito Fontes
248ddeadae Allow custom CA certificate when flag --api-server is specified (#4807) 2019-12-05 19:12:54 -03:00
Kubernetes Prow Robot
1fb54a737c Merge pull request #4806 from aledbf/build 
Add log to parallel command to dump logs in case of errors
 2019-12-02 18:08:57 -08:00
Manuel Alejandro de Brito Fontes
176678ce8e Update nginx and e2e images (#4805) 2019-12-02 14:36:49 -03:00
Kubernetes Prow Robot
4c14edfaf7 Merge pull request #4797 from pauvos/dashboard-datasource 
Add a datasource variable $DS_PROMETHEUS
 2019-12-02 07:55:05 -08:00
Manuel Alejandro de Brito Fontes
4b96ce3609 Update nginx image to fix regression in jaeger tracing (#4803) 2019-12-02 12:17:26 -03:00
Manuel Alejandro de Brito Fontes
25212b1647 Fix markdown list (#4801) 2019-12-01 21:57:09 -03:00
Manuel Alejandro de Brito Fontes
9deed184f6 Update sysctl example (#4800) 2019-12-01 21:48:00 -03:00
Paul Voss
faaf7a5958 Add a datasource variable $DS_PROMETHEUS 2019-11-30 14:04:39 +01:00
Manuel Alejandro de Brito Fontes
3d5165bca3 Update nginx image and Go to 1.13.4 (#4785) 2019-11-29 15:20:18 -03:00
Kubernetes Prow Robot
820ffc51b5 Merge pull request #4793 from MMeent/patch-2 
Fix issue in logic of modsec template
 2019-11-28 10:57:04 -08:00
Kubernetes Prow Robot
31d594cff0 Merge pull request #4794 from sablumiah/patch-1 
Remove extra annotation when Enabling ModSecurity
 2019-11-28 10:13:04 -08:00
Sablu Miah
871033d0ae Remove extra annotation when Enabling ModSecurity 
Since version 0.25, if you try to use both annotations of:

nginx.ingress.kubernetes.io/modsecurity-snippet: |
Include /etc/nginx/owasp-modsecurity-crs/nginx-modsecurity.conf
Include /etc/nginx/modsecurity/modsecurity.conf

and 

nginx.ingress.kubernetes.io/enable-modsecurity: "true"

it breaks nginx config and you will not catch it unless you have nginx admission controller enabled. 

You do not need the annotation of `Include /etc/nginx/modsecurity/modsecurity.conf` from version 0.25
 2019-11-28 15:16:09 +00:00
MMeent
4a4025e578 Fix issue in logic of modsec template 
according to go templates: `(and ((not false) false))` == `true`

the only way to remove the owasp rules from every location is to disable modsec on that location, or to enable owasp globally, both not-so-great choices.

This commit fixes the logic issue by fixing the and-clause in the if-statement. As a result this reduces global resource usages when modsecurity is configured globally, but not on every location.
 2019-11-28 14:56:41 +01:00
Kubernetes Prow Robot
f9dfff9063 Merge pull request #4791 from bouk/manifest-add-staticport 
deploy: add protocol to all Container/ServicePorts
 2019-11-28 05:05:04 -08:00
Bouke van der Bijl
3dff92a9f3 deploy: add protocol to all Container/ServicePorts 
kubectl apply --server-side currently doesn't work with Port specs that
are missing protocol:
https://github.com/kubernetes-sigs/structured-merge-diff/issues/130 so
we should always specify it.
 2019-11-28 12:41:48 +00:00
Manuel Alejandro de Brito Fontes
449af8e4a3 Add log to parallel command to dump logs in case of errors 2019-11-27 22:01:50 -03:00
Kubernetes Prow Robot
d67126d305 Merge pull request #4780 from aledbf/openresty-master 
Update nginx image to use openresty master
 2019-11-27 12:33:03 -08:00
Kubernetes Prow Robot
4235e3e779 Merge pull request #4779 from aledbf/update-image 
Remove lua-resty-waf feature
 2019-11-27 11:45:05 -08:00
Kubernetes Prow Robot
ffa84b1284 Merge pull request #4732 from willthames/enable-opentracing-annotation 
Allow enabling/disabling opentracing for ingresses
 2019-11-26 17:31:21 -08:00
Will Thames
fcccd63002 Improve safety of AWS-based builds 
Ensure that AWS and Docker credentials don't get
accidentally added
 2019-11-27 11:07:26 +10:00
Will Thames
3716655525 Provide annotation to control opentracing 
By default you might want opentracing off, but on for a particular
ingress.

Similarly, you might want opentracing globally on, but disabled for
a specific endpoint. To achieve this, `opentracing_propagate_context`
cannot be set when combined with `opentracing off`

A new annotation, `enable-opentracing` allows more fine grained control
of opentracing for specific ingresses.
 2019-11-27 11:07:26 +10:00