* Owners: Sort `ingress-nginx-maintainers` & `ingress-nginx-reviewers`.
* Owners: Update URL in aliases.
* Images: Remove owners as it's identical to global owners.
* Images: Remove global owners from `kube-webhook-certgen` owners.
* Owners: Remove members from aliases covered by other aliases.
ingress-nginx-helm-maintainers:
- cpanato: Covered by ingress-nginx-maintainers
- strongjz: Covered by ingress-nginx-maintainers
ingress-nginx-helm-reviewers:
- cpanato: Covered by ingress-nginx-reviewers
- strongjz: Covered by ingress-nginx-reviewers
ingress-nginx-docs-maintainers:
- tao12345666333: Covered by ingress-nginx-maintainers
* Owners: Promote myself to `ingress-nginx-maintainers` & `ingress-nginx-reviewers`.
* feat: add grpc buffer size in the nginx template
* feat: add grpc buffer size in the configmap struct
* feat: add test for GRCP buffer size configuration in the configmap
* chore: add documentation for the grcp buffer size configuration
* fix: fix the copyright year of the test
* fix: fix import order
* fix: fix ignore for the linter - reason was missing
* chore: seems like we don't need to ignore the error handling
* feature(geoip2_autoreload): GeoIP Autoreload
feature(geoip2_autoreload): fix lint
feature(geoip2_autoreload): changing flag interval
feature(geoip2_autoreload): tests - up and running
feature(geoip2_autoreload): tests - up and running
feature(geoip2): testing
feature(geoip2): remove typo
feature(geoip2_autoreload): fixing tests
* feature(geoip2_autoreload): working
* feature(geoip2_autoreload): including tests on geoip2 test file
* [mTLS] Fix acme verfication when mTLS and Client CN verification is enabled
* revert mTLS location excluding acme-challenge since each location will match ultimately resulting in 404 for all request paths
Current implementation of OCSP stapling makes use of the DNS caching machinery[^1],
which results in resty.http not seeing the actual host name of the OCSP responder.
On HTTP level, this is already mitigated via overriding the Host header, but
if a given responder operates on a HTTPS endpoint (a setup which, admittedly, isn't
very popular due to its chicken-and-egg caveats involved but is nonetheless legal[^2])
the connection will fail to be established. A relevant (and a bit redacted) excerpt from logs:
2023/07/02 18:13:23 [info] 112#112: *29039 [lua] dns.lua:32: cache_set(): cache set for 'my.ocsp.responder' with value of [10.1.2.3, 10.4.5.6, 10.7.8.9] and ttl of 30., context: ngx.timer, client: 127.0.0.1, server: 0.0.0.0:442
2023/07/02 18:13:23 [error] 112#112: *29039 lua ssl certificate does not match host "10.1.2.3", context: ngx.timer, client: 127.0.0.1, server: 0.0.0.0:442
2023/07/02 18:13:23 [error] 112#112: *29039 [lua] certificate.lua:143: fetch_and_cache_ocsp_response(): could not get OCSP response: certificate host mismatch, context: ngx.timer, client: 127.0.0.1, server: 0.0.0.0:442
[^1]: https://github.com/kubernetes/ingress-nginx/blob/ebb6314/rootfs/etc/nginx/lua/certificate.lua#L81
[^2]: https://datatracker.ietf.org/doc/html/rfc2560#appendix-A.1.1
* Add OTEL build test
* Simplify otel compilation
* Remove http2 deprecated arg
* Move image build to CI
* Turn image from scratch to optimize usage
* rollback image from scratch
* Final reviews on nginx v1.25 image
* Remove s390x from final image
* added proxy-intercept-errors config option
* fixed error when comparing locations
* fixed missing location config from annotation
added e2e test
* reversed logic for proxy-intercept-errors to disable-proxy-intercept-errors
* reversed logic to disable-proxy-intercept-errors
* reversed logic
* default has to be false
* put comment in same line as return
* run gofmt
* fixing wrong Boilerplate header
* updated code to new IngressAnnotation interface
* fixes to satisfy PR comments
* synced with upstream; fixed typo
* gofumpt disableproxyintercepterrors.go
* gofumpt
* Add a flag to enable or disable aio_write
Signed-off-by: z1cheng <imchench@gmail.com>
* Fix e2e test for aio_write
Signed-off-by: z1cheng <imchench@gmail.com>
* Remove redundant spaces to fix the 2e test
Signed-off-by: z1cheng <imchench@gmail.com>
---------
Signed-off-by: z1cheng <imchench@gmail.com>
* Add validation to all annotations
* Add annotation validation for fcgi
* Fix reviews and fcgi e2e
* Add flag to disable cross namespace validation
* Add risk, flag for validation, tests
* Add missing formating
* Enable validation by default on tests
* Test validation flag
* remove ajp from list
* Finalize validation changes
* Add validations to CI
* Update helm docs
* Fix code review
* Use a better name for annotation risk
* Golang 1.20.6 for test runner
* alpine 3.18.2 as well
Signed-off-by: James Strong <strong.james.e@gmail.com>
---------
Signed-off-by: James Strong <strong.james.e@gmail.com>
Marco Ebert
Marcel
pando85
DM
Neer Friedman
Clément Nussbaumer
Boris Kreitchman
chriss-de
Ricardo Katz
Nathan Baulch
Ali Afsharzadeh
James Strong
Anddd7
Christian Groschupp
Ramon Borges
Matheus Fidelis
bossm8
Artur Juraszek
Sonu Kumar Singh
Nicolas Woerner
Chen Chen
Son Bui
Marcelo Cyreno
Mark Ley
Gabor Lekeny
lijie
Lázár György