DevFW-CICD/ingress-nginx-helm
12
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
3994 commits 4 branches 217 tags 166 MiB
Commit graph

229 commits

Author SHA1 Message Date
Elvin Efendi
5cc116fa10 fix bug with balancer.lua configuration 2018-10-24 22:42:40 +04:00
Desmond Ho
bab521e81a UPT: align waf options 2018-10-20 12:46:39 +08:00
Desmond Ho
04a89ce234 UPT: annotation enhancement for resty-lua-waf 2018-10-20 12:09:38 +08:00
Fernando Diaz
12955a4a1b Allow Ability to Configure Upstream Keepalive 
Allows Upstream Keepalive values like keepalive_timeout and
keepalive_requests to be configured via ConfigMap.

Fixes #3099
 2018-10-11 20:46:42 -05:00
k8s-ci-robot
3edf11b85f
Merge pull request #3198 from aledbf/only-dynamic 
Only support dynamic configuration
 2018-10-10 05:07:34 -07:00
Manuel Alejandro de Brito Fontes
74c2f93de6
Only support dynamic configuration 2018-10-09 22:05:45 -03:00
k8s-ci-robot
f56ab42cd2
Merge pull request #3194 from bshelton229/literal-dollar-character 
Make literal $ character work in set $location_path
 2018-10-09 15:52:39 -07:00
Bryan Shelton
3686e4f366 Move escapeLocationPathVar to escapeLiteralDollar 2018-10-09 12:58:50 -07:00
Elvin Efendi
78f12c25c5 delete upstream healthcheck annotation 2018-10-09 09:14:13 -04:00
k8s-ci-robot
3cf00b2fd8
Merge pull request #3197 from aledbf/remove-tcp-udp 
Remove support for TCP and UDP services
 2018-10-08 07:19:39 -07:00
k8s-ci-robot
182767b06b
Merge pull request #3170 from Globegitter/move-mainsnippet 
Move mainSnippet before events to fix load_module issue.
 2018-10-08 06:22:25 -07:00
Bryan Shelton
3dc131bd57 Make literal $ character work in set $location_path 2018-10-07 12:58:39 -07:00
Manuel Alejandro de Brito Fontes
44bdc7eb59 Remove support for TCP and UDP services 2018-10-07 10:53:37 -03:00
k8s-ci-robot
b46523a1f4
Merge pull request #3149 from diazjf/proxy-e2e-tests 
Add e2e Tests for Proxy Annotations
 2018-10-05 05:15:09 -07:00
Globegitter
8848c1864a Move mainSnippet before events. 2018-10-02 15:24:44 +02:00
Fernando Diaz
e5dca9353e Remove Unneeded Quotes from Nginx Directives 
Removes quotes from nginx directives which my cause issues with
their functionality

Fixes #3152
 2018-10-01 16:10:33 -05:00
k8s-ci-robot
d9f58144eb
Merge pull request #3145 from Shopify/regex-modifier 
Add "use-regex" Annotation to Toggle Regular Expression Location Modifier
 2018-10-01 11:31:43 -07:00
Zenara Daley
f29bdc3e8d Add 'use regex' annotation to toggle nginx regex location modifier 2018-10-01 13:54:11 -04:00
Markus Padourek
bf4be49c02 Fix incorrect .DisableLua access. (#3144) 
* Fix incorrect .DisableLua access.

* Address comment.
 2018-09-26 14:05:05 -03:00
Globegitter
a2ccd1f224 Fix usage for $all. 2018-09-26 16:38:16 +02:00
Markus Padourek
fe219db231
Ensure monitoring for custom error pages 
Fixes #3140
 2018-09-26 16:26:38 +02:00
Elvin Efendi
b3a22f7fc0 do not require --default-backend-service 2018-09-25 21:14:28 -04:00
k8s-ci-robot
c4a562dded
Merge pull request #3130 from alanbover/fix/newlines_location_denied 
fix newlines location denied
 2018-09-25 07:04:50 -07:00
Alan Bover
6454608c6c fix newlines location denied 2018-09-25 15:36:23 +02:00
k8s-ci-robot
6393ca6aaf
Merge pull request #2997 from StarOfService/global-block-ip-ua-ref 
Provide possibility to block IPs, User-Agents and Referers globally
 2018-09-25 05:51:56 -07:00
Pavel Sinkevych
7212d0081b Provide possibility to block CIDRs, User-Agents and Referers globally 2018-09-25 14:16:20 +03:00
k8s-ci-robot
6ed5c95562
Merge pull request #3098 from ElvinEfendi/make-keepalive-work 
make upstream keepalive work for http
 2018-09-15 07:36:27 -07:00
Elvin Efendi
6511fa9f58 make upstream keepalive work for http 2018-09-14 19:40:54 -04:00
Zenara Daley
0e6f0bb88d enforce ^~ location modifier when rewrite-target annotation is set 2018-09-13 10:39:52 -04:00
k8s-ci-robot
0a9db37e0f
Merge pull request #3062 from lahsivjar/issue-fix-host-header 
Pass Host header for custom errors
 2018-09-09 09:51:13 -07:00
Vishal Raj
4e14b809df Pass Host header for custom errors 2018-09-09 19:39:10 +08:00
Derek Perkins
9099f3b4db add support for http2-max-requests in configmap 2018-09-02 23:53:30 -06:00
k8s-ci-robot
b0b575db33
Merge pull request #2965 from Shopify/dynamic-certificates-nginx 
Add Lua module to serve SSL Certificates dynamically
 2018-08-23 20:27:55 -07:00
Henry Tran
cbf041fc3e Add Lua module to serve SSL Certificates dynamically 2018-08-23 22:15:54 -04:00
Manuel de Brito Fontes
f6905ae0ff Pass real source IP address to auth request 2018-08-23 10:37:33 -03:00
Elvin Efendi
2207d7694d batch metrics and flush periodically 2018-08-18 13:17:21 -04:00
Dario Nieuwenhuis
b5bcb93a4b
Merge branch 'master' into xff 2018-08-16 18:15:14 +02:00
Elvin Efendi
bc37ba14e8 dont restrict status page to localhost only 2018-08-08 12:46:12 -04:00
Manuel Alejandro de Brito Fontes
a68820808a
Fix documentation (#2902) 2018-08-05 22:30:46 -04:00
k8s-ci-robot
7f7f59df79
Merge pull request #2894 from aledbf/authbind 
Use authbind to bind privileged ports
 2018-08-05 08:43:43 -07:00
Manuel de Brito Fontes
b148f113ae
Use authbind to bind privileged ports 2018-08-05 11:18:50 -04:00
k8s-ci-robot
060704c624
Merge pull request #2682 from aledbf/listen-localhost 
Use localhost to expose status server
 2018-08-04 17:16:56 -07:00
Manuel de Brito Fontes
6b2c7e08db Use localhost to expose status server 2018-08-04 18:57:56 -04:00
Tom Reznik
b7bcf92480 support configuring multi_accept directive via configmap 2018-08-04 19:20:01 +03:00
Tom Reznik
1bacf1655e support custom configuration to main context of nginx config 2018-08-04 00:53:06 +03:00
Elvin Efendi
ed19dc3bc6 fix custom-error-pages functionality in dynamic mode 2018-07-26 13:36:09 -04:00
Elvin Efendi
d4faf68416 add support for ExternalName service type in dynamic mode 2018-07-25 09:05:47 -04:00
takonomura
587c2a8765 Escape $request_uri for external auth 2018-07-19 15:22:05 +09:00
k8s-ci-robot
29ecae5b64
Merge pull request #2752 from dongqi1990/master 
use format "range v := iterative object" and "range k, v := iterative object" when the type of iterative object is slice and map in the file nginx.tmpl
 2018-07-18 04:34:20 -07:00
dongqi1990
50084b1167 use format "range v := iterative object" and "range k, v := iterative 
object" when the type of iterative object is slice and map in the file nginx.tmpl
 2018-07-18 15:02:55 +08:00
Jason Stangroome
8e06afbb45 Allow gzip compress level to be controlled via ConfigMap 2018-07-09 10:30:59 +10:00
Brian Findlay
3b25f3438f Replace more_set_headers directive with more_clear_headers 2018-06-23 10:01:33 -04:00
k8s-ci-robot
700a2275d1
Merge pull request #2678 from hnrytrn/refactor-cert 
Refactor server type to include SSLCert
 2018-06-22 12:34:04 -07:00
Manuel Alejandro de Brito Fontes
df76d4b481
Update opentracing configuration (#2676) 2018-06-21 18:15:18 -04:00
Henry Tran
86def984a3 Merge remote-tracking branch 'origin' into refactor-cert 2018-06-21 11:43:47 -04:00
Henry Tran
2751cbf06d Refactor to add SSLCert as a field in server type 2018-06-21 11:34:29 -04:00
Manuel Alejandro de Brito Fontes
aec40c171f
Improve configuration change detection (#2656) 
* Use information about the configuration configmap to determine changes

* Add hashstructure dependency

* Rename queue functions

* Add test for configmap checksum
 2018-06-21 10:50:57 -04:00
Elvin Efendi
cb4755835e refactor some lua code 2018-06-19 12:46:49 +04:00
Manuel Alejandro de Brito Fontes
fee8704b53
Add support for IPV6 in stream upstream servers (#2649) 2018-06-15 10:26:33 -04:00
k8s-ci-robot
3cbd2d66bf
Merge pull request #2643 from aledbf/remove-vts 
Remove VTS from the ingress controller
 2018-06-14 23:59:29 -07:00
k8s-ci-robot
dfca2a0d8d
Merge pull request #2451 from nusx/set-sticky-path-for-backend 
fix for #1930, make sessions sticky, for ingress with multiple rules …
 2018-06-14 20:47:28 -07:00
Manuel de Brito Fontes
63b38e1c21
Remove VTS from the ingress controller 2018-06-14 11:11:29 -04:00
Francisco Mejia
966e9f5e25 Add monitor lua module 2018-06-13 22:54:31 -04:00
Manuel de Brito Fontes
79199dd84c
Run as user dropping privileges 2018-06-12 10:18:36 -04:00
Stefan Schwärzler
1a320ae289 fix for #1930, make sessions sticky, for ingress with multiple rules and backends 
* for an ingress with session affinity cookie, set the location as path on the cookie when unique
* the previous behaviour ( cookie path=/ ) is preserved for ingresses with multiple rules for the same backend (locations not unique)

added e2e tests for session affinity, setting path on sticky config

added tests:
* it should set the path to /something on the generated cookie
* it should set the path to / on the generated cookie if there's more than one rule referring to the same backend
 2018-06-11 10:43:13 +02:00
Dario Nieuwenhuis
67b253a149 Add use-forwarded-headers configmap option. 2018-06-11 00:06:14 +02:00
Dmitry Stolyarov
02ff8244a2 Add $location_path variable 
When you define rules in ingress resource, you use path. So it would be
very useful to be able to use the same path in logs.
 2018-06-07 13:43:29 +03:00
Dmitry Stolyarov
59aac73785 Add $service_port variable 
According to TCP/IP (and common sense), $service_name is not enough to
uniquely identify service, we need $service_port for that.
 2018-06-07 13:43:20 +03:00
Dmitry Stolyarov
eafb1890d6 Move vars to the very beginning of the location 
To make it more clear, that you could use $namespace, $ingress_name and
$service_name variables anywhere in location (especialy in lua), move
their definition to the very begining of the location.
 2018-06-07 13:43:09 +03:00
Paul DeCarlo
3159384480 Use lua-platform-path symlink for all platforms 2018-06-04 18:15:59 -05:00
Elvin Efendi
d4e6c0dfd8 access_log should be off for internal /configuration endpoint 2018-05-31 16:01:54 -04:00
Elvin Efendi
da3a87646a make sure balancer gets deleted when ther is no backend 2018-05-28 15:51:58 -04:00
k8s-ci-robot
b8b5e5bc51
Merge pull request #2548 from Stono/master 
Implement generate-request-id
 2018-05-21 13:55:12 -07:00
Karl Stoney
206d32a2cd Implement generate-request-id 
Fixes https://github.com/kubernetes/ingress-nginx/issues/2546
 2018-05-21 08:32:50 +01:00
Lorenzo Fontana
d434583b53
InfluxDB configuration string template builder helper 
Signed-off-by: Lorenzo Fontana <lo@linux.com>
 2018-05-19 09:22:49 +02:00
Lorenzo Fontana
93be8db612
Annotations for the InfluxDB Module 
Signed-off-by: Lorenzo Fontana <lo@linux.com>
 2018-05-19 09:22:46 +02:00
Fernando Diaz
e224259e38 Resolves issue with proxy-redirect nginx configuration 
Resolves an issue where the proxy-redirect annotations were not generating the
correct configuration possibly because of user error. This is done by only
setting the proxy_redirect if both proxy-redirect-from and proxy-redirect-to
have valid values. Also adds the e2e tests.

Fixes #2074
 2018-05-17 11:22:31 -05:00
Manuel de Brito Fontes
ff3e182350 Add support for grpc_set_header 2018-05-17 08:35:11 -04:00
Elvin Efendi
51cf184c51 always use x-request-id 2018-04-28 00:31:23 -04:00
JordanP
c995031ffd Add annotation to enable rewrite logs in a location 2018-04-27 17:50:14 +02:00
Adam Netočný
8b6f043fd8 Add buffer configuration to external auth location config 2018-04-26 16:04:12 +02:00
Nick Novitski
8886b8a50e Add vts-sum-key config flag 2018-04-17 11:39:32 -07:00
Giancarlo Rubio
c60ed24f4b Detect if header injected request_id before creating one 2018-04-17 15:49:35 +02:00
Bastian Hofmann
1c17962ba0 Add proxy-add-original-uri-header config flag 
This makes it configurable if a location adds an X-Original-Uri header to the backend request. Default is "true", the current behaviour.
 2018-04-16 12:34:26 +02:00
Zenara Daley
4b11fe4d25 Fix nginx template 2018-04-12 15:43:13 -04:00
Zenara Daley
4b76ad14bb Fix buildupstream name to work with dynamic session affinity 2018-04-12 14:01:46 -04:00
oilbeater
1be1f658b4 disable lua for arch s390x and ppc64le 
LuaJIT is not available for s390x and ppc64le, disable the lua part in nginx.tmpl on these platform.
 2018-04-12 08:30:56 +08:00
Elvin Efendi
d6eb44376d run lua-resty-waf in different modes (#2317) 
* run lua-resty-waf in different modes

* update docs
 2018-04-09 09:19:13 -03:00
Elvin Efendi
bad8295a42 extra waf rules per ingress (#2315) 
* extra waf rules per ingress

* document annotation nginx.ingress.kubernetes.io/lua-resty-waf-extra-rules

* regenerate internal/file/bindata.go
 2018-04-09 07:14:30 -03:00
Elvin Efendi
16faf309ca annotation to ignore given list of WAF rulesets (#2314) 2018-04-08 22:55:23 -03:00
Elvin Efendi
a6fe800a47 lua-resty-waf controller (#2304) 2018-04-08 17:37:13 -03:00
Manuel Alejandro de Brito Fontes
b17ed7b6fd
Configure upload limits for setup of lua load balancer (#2309) 2018-04-08 15:47:49 -03:00
Manuel Alejandro de Brito Fontes
1c65320618
Add verification of lua load balancer to health check (#2308) 2018-04-08 15:24:37 -03:00
Manuel Alejandro de Brito Fontes
dd2bc91018
Fix HSTS without preload (#2294) 2018-04-04 23:17:51 -03:00
Alvaro Aleman
e7aa74b5d4 Add NoAuthLocations and default it to "/.well-known/acme-challenge" (#2243) 
* Add NoAuthLocations and default it to "/.well-known/acme-challenge"

* Add e2e tests for no-auth-location

* Improve wording of no-auth-location tests
 2018-04-01 21:02:34 -03:00
Elvin Efendi
931e541fb7 Fix bug when auth req is enabled(external authentication) (#2280) 
* set proxy_upstream_name correctly when auth_req module is used

* log a more meaningful message when backend is not found
 2018-03-30 14:19:33 -03:00
Manuel Alejandro de Brito Fontes
146db43794
Disable opentracing for nginx internal urls (#2272) 2018-03-29 13:47:13 -03:00
Oilbeater
c6c219a7d1 clean up tmpl (#2263) 
The nginx.conf generated now is too messy remove some section only useful when dynamic configure enabled and headers only useful for https.
 2018-03-29 09:36:00 -03:00
Sylvain Rabot
385368990c Managing a whitelist for _/nginx_status (#2187) 
Signed-off-by: Sylvain Rabot <s.rabot@lectra.com>
 2018-03-28 09:27:34 -03:00
Zenara Daley
6e099c5f57 Add EWMA as configurable load balancing algorithm (#2229) 2018-03-23 12:06:21 -03:00