c035a144f8
Support the combination of nginx variables and text value for annotation upstream-hash-by.
2020-06-01 06:37:41 +08:00
ee02d897d5
Merge pull request #5534 from agile6v/master
...
Add annotation ssl-prefer-server-ciphers.
2020-05-29 08:35:16 -07:00
0e79ad8e4f
Update unit & e2e tests.
2020-05-21 02:19:13 +08:00
38f99cefb2
Update testcase for sslCipher.
2020-05-13 11:03:15 +08:00
38a8556c4f
Add comments for sslcipher.Config struct.
2020-05-13 10:40:56 +08:00
41d82005ec
Add annotation ssl-prefer-server-ciphers.
2020-05-11 16:31:08 +08:00
e775495a56
Remove duplicate Cookie.ChangeOnFailure assertion
2020-05-08 13:51:14 -05:00
3c5e3eda7b
Remove duplicate annotation parsing for annotationAffinityCookieChangeOnFailure
2020-05-08 09:14:10 -05:00
efbb3f9fc8
Add support for IngressClass and ingress.class annotation
2020-04-22 09:15:32 -04:00
04ef782c57
Migrate ingress.class annotation to new IngressClassName field
2020-03-31 12:20:01 -03:00
380ef3a92c
Fix the ability to disable ModSecurity at location level
...
- Adds 'modsecurity off;' to the nginx config if the
'enable-modsecurity' annotation is set to false.
- Update tests and e2e tests accordingly
Signed-off-by: Bhavin Gandhi <bhavin7392@gmail.com>
2020-03-22 23:51:02 +05:30
07b70f68bd
Redirect for app-root should preserve current scheme ( #5266 )
2020-03-19 15:49:18 -03:00
0ab2e72e95
Doesn't fail if proxy-ssl-name annotation is not specified
2020-02-25 13:32:14 +01:00
141ea59b7f
Allows overriding the server name used to verify the certificate of the proxied HTTPS server
2020-02-25 13:32:14 +01:00
0b33650bb8
Feat: canary supports using specific match strategy to match header value.
2020-02-21 10:02:20 +08:00
281139d1a7
Only set mirror source when a target is configured ( #5055 )
2020-02-11 13:48:42 -03:00
77586dd83b
Validation of header in authreq should be done only in the key ( #5053 )
2020-02-11 10:30:14 -03:00
b3146354d4
Refactor mirror feature
2020-02-05 10:39:55 -03:00
1b523390bb
Add SameSite=None support and conditionally omit SameSite=None for backwards compatibility
2020-01-29 14:30:00 -07:00
5d05e19cc3
Fix enable opentracing per location ( #4983 )
2020-01-29 12:20:05 -03:00
1021051fb3
Avoid overlap of rate limit zones
2020-01-27 00:38:54 -03:00
340bb39384
Avoid overwrite of auth file
2020-01-27 00:38:54 -03:00
7ff49b25d6
Move opentracing configuration for location to go ( #4965 )
2020-01-25 21:39:20 -03:00
5f6c4cff3e
Add help task ( #4891 )
...
* Add help task
* Fix vet errors
2020-01-07 10:53:12 -03:00
a85d5ed93a
Merge pull request #4779 from aledbf/update-image
...
Remove lua-resty-waf feature
2019-11-27 11:45:05 -08:00
b286c2a336
Merge pull request #4732 from willthames/enable-opentracing-annotation
...
Allow enabling/disabling opentracing for ingresses
2019-11-26 17:31:21 -08:00
6927d9351a
Improve safety of AWS-based builds
...
Ensure that AWS and Docker credentials don't get
accidentally added
2019-11-27 11:07:26 +10:00
0ae463a5f3
Provide annotation to control opentracing
...
By default you might want opentracing off, but on for a particular
ingress.
Similarly, you might want opentracing globally on, but disabled for
a specific endpoint. To achieve this, `opentracing_propagate_context`
cannot be set when combined with `opentracing off`
A new annotation, `enable-opentracing` allows more fine grained control
of opentracing for specific ingresses.
2019-11-27 11:07:26 +10:00
61d902db14
Remove Lua resty waf feature
2019-11-26 10:37:43 -03:00
c76995b81b
Fixing comments
2019-10-18 11:36:00 +02:00
31227d61c2
Removing secure-verify-ca-secret support and writing an error log if that annotation is used in an Ingress definition
2019-10-18 10:58:57 +02:00
786a3b6862
Add support for configmap of headers to be sent to external auth service
2019-09-24 10:53:23 -04:00
cb2889b87b
Merge pull request #4586 from aledbf/fix-reload
...
Fix reload when a configmap changes
2019-09-24 07:23:28 -07:00
a40a4b0325
Fix reload when a configmap changes
2019-09-24 10:55:59 -03:00
f6c2f5fb97
Merge pull request #4514 from alexmaret/4475-stickyness-mode
...
Added new affinity mode for maximum session stickyness.
2019-09-24 05:09:27 -07:00
376b862c23
Add annotation to support map of user/pass pairs in basic auth
2019-09-13 11:33:33 -04:00
880b3dc5f1
Fixed test findings.
2019-08-30 19:08:03 +02:00
9170591185
Added new affinity mode for maximum session stickyness. Fixes kubernetes/ingress-nginx#4475
2019-08-30 11:40:29 +02:00
8def5ef7ca
Add support for multiple alias and remove duplication of SSL certificates ( #4472 )
2019-08-26 10:58:44 -04:00
fcd3054f13
Lint code using staticcheck ( #4471 )
2019-08-23 12:08:40 -04:00
4624b5bc77
Change PemSHA to CASHA
2019-08-16 06:31:15 +02:00
65b9e2c574
Merge branch 'master' of https://github.com/kubernetes/ingress-nginx into proxyssl
2019-08-16 06:21:53 +02:00
9543aacc76
Fix test description on error
2019-08-15 16:56:20 -04:00
d8bd8c5619
Add nginx proxy_max_temp_file_size configuration option
2019-08-15 13:47:42 -04:00
0d690fba1a
Merge pull request #4356 from aledbf/only-dynamic-mode
...
Only support SSL dynamic mode
2019-08-14 17:08:35 -07:00
adef152db8
Merge pull request #4379 from diazjf/mirror
...
Allow Requests to be Mirrored to different backends
2019-08-13 17:52:24 -07:00
80bd481abb
Only support SSL dynamic mode
2019-08-13 17:33:34 -04:00
40533ad989
Code linting
2019-08-09 08:44:14 -04:00
386486e969
Allow Requests to be Mirrored to different backends
...
Add a feature which allows traffic to be mirrored to
additional backends. This is useful for testing how
requests will behave on different "test" backends.
See https://nginx.org/en/docs/http/ngx_http_mirror_module.html
2019-08-01 11:53:58 -05:00
72271e9313
FastCGI backend support ( #2982 )
...
Co-authored-by: Pierrick Charron <pierrick@adoy.net>
2019-07-31 10:39:21 -04:00
def13fc06c
Add proxy_ssl_* directives
...
Add support for backends which require client certificate (eg. NiFi)
authentication. The `proxy-ssl-secret` k8s annotation references a
secret which is used to authenticate to the backend server. All other
directives fine tune the backend communication.
The following annotations are supported:
* proxy-ssl-secret
* proxy-ssl-ciphers
* proxy-ssl-protocol
* proxy-ssl-verify
* proxy-ssl-verify-depth
2019-07-18 03:21:52 +02:00
589c9a20f9
Merge pull request #4278 from moolen/feat/auth-req-cache
...
feat: auth-req caching
2019-07-17 12:06:12 -07:00
23504db770
feat: auth-req caching
...
add a way to configure the `proxy_cache_*` [1] directive for external-auth.
The user-defined cache_key may contain sensitive information
(e.g. Authorization header).
We want to store *only* a hash of that key, not the key itself on disk.
[1] http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cache_key
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
2019-07-17 18:39:04 +02:00
fe6c086580
Merge pull request #4288 from eshicks4/proxy-http-version-annotation
...
added proxy-http-version annotation to override the HTTP/1.1 default …
2019-07-11 11:43:07 -07:00
3d7a09347d
Apply fixes suggested by staticcheck
2019-07-08 16:18:52 -04:00
3b0c523e49
added proxy-http-version annotation to override the HTTP/1.1 default connection type to reverse proxy backends
2019-07-08 14:32:00 -04:00
e616f6d4ad
Get AuthTLS annotation unit tests to 100%
...
Adds more unit tests for the authtls annotation. Increases the
coverage.
2019-06-21 12:46:07 -05:00
84102eec2b
Migrate to new networking.k8s.io/v1beta1 package
2019-06-13 11:32:39 -04:00
83f2acbe38
Session Affinity ChangeOnFailure should be boolean
2019-06-06 11:22:05 -04:00
c4ced9d694
fix source file mods
2019-06-06 10:47:08 -04:00
254629cf16
Added support for annotation `session-cookie-change-on-failure`
...
1. Session cookie is updated on previous attempt failure when `session-cookie-change-on-failure = true` (default value is `false`).
2. Added tests to check both cases.
3. Updated docs.
Co-Authored-By: Vladimir Grishin <yadolov@users.noreply.github.com>
2019-05-27 13:00:07 +03:00
fafa0a6e13
Merge pull request #4067 from aledbf/normalize
...
Trim spaces from annotations that can contain multiple lines
2019-05-09 07:18:51 -07:00
23e7423477
Trim spaces from annotations that can contain multiple lines
2019-05-07 14:25:52 -04:00
8cc9afe8ee
Added Global External Authentication settings to configmap parameters incl. addons
2019-05-03 12:08:16 +02:00
ffeb1fe348
Support proxy_next_upstream_timeout
2019-04-15 11:08:57 -04:00
951f7d7c1b
Refactor equals
2019-04-03 22:39:32 -03:00
188295550c
Simplify x-forwarded-prefix annotation
2019-03-29 16:25:25 -04:00
d403b3ef86
Allow the use of a secret located in a different namespace
2019-03-11 11:16:10 -03:00
d3ac73be79
Remove session-cookie-hash annotation
2019-03-04 10:34:48 -05:00
28d99c6d7d
Set default for satisfy annotation to nothing
2019-02-26 15:05:45 -05:00
7b2495047f
Merge pull request #3781 from zoumo/proxy-buffer-number
...
feat: configurable proxy buffers number
2019-02-22 12:11:46 -08:00
debe933f43
Merge pull request #3793 from Shopify/update-mergo
...
Update mergo dependency
2019-02-22 12:07:39 -08:00
53538acbaf
Change Denied to *string
2019-02-22 11:48:13 -05:00
6b6e7f5464
go fmt
2019-02-22 10:19:40 -05:00
521be9b258
Remove interface type from annotations.Ingress struct
2019-02-22 10:14:09 -05:00
6305e1d152
fix: run gofmt
2019-02-22 15:04:19 +08:00
dc63e5d185
fix: rename proxy-buffer-number to proxy-buffers-number
2019-02-22 10:21:17 +08:00
420d804cce
increase log verbosity for auth annotations
2019-02-21 16:19:10 -05:00
c92d29d462
feat: configurable proxy buffer number
2019-02-20 18:05:09 +08:00
ec04852526
Create custom annotation for satisfy "value"
2019-02-19 15:58:35 -05:00
1da2900b9b
Enhance Unit Tests for Annotations
...
Adds unit tests for a variety of different annotations.
2019-02-10 14:44:11 -06:00
de2a1ece6d
add header-value annotation
...
add new annotation (header-value)
parse it and propogate to lua script
alter balancer rule to include it into the canary routing logic
add e2e test to validate fallback for canary-by-header-value
add description of canary-by-header-value to documentation
2019-01-30 23:23:44 +02:00
60b983503b
Consistent hashing to a subset of nodes. It works like consistent hash,
...
but instead of mapping to a single node, we map to a subset of nodes.
2019-01-03 01:32:52 -03:00
71cc6df74f
Merge pull request #3174 from Shopify/rewrite-regex
...
Generalize Rewrite Block Creation and Deprecate AddBaseUrl (not backwards compatible)
2019-01-02 12:30:18 -08:00
382049a0bf
Adds support for HTTP2 Push Preload annotation
...
update test for backendprotocols
Adds support for HTTP2 Push Preload annotation
Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@serpro.gov.br>
Adds support for HTTP2 Push Preload annotation
Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@serpro.gov.br>
Adds support for HTTP2 Push Preload annotation
Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@serpro.gov.br>
Adds support for HTTP2 Push Preload annotation
Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@serpro.gov.br>
Adds support for HTTP2 Push Preload annotation
Adds support for HTTP2 Push Preload annotation
2018-12-24 17:13:25 -02:00
67654a6fd5
Generalize Rewrite Block Creation
2018-12-13 13:02:05 -05:00
68f344233b
Fix lint issues
2018-12-05 13:28:28 -03:00
2fa55eabf6
Replace glog with klog
2018-12-05 13:27:55 -03:00
497246f8ba
Annotations cannot being empty
2018-12-02 16:07:46 -03:00
67808c0ed8
Improve parsing of annotations and use of Ingress wrapper
2018-12-02 15:35:36 -03:00
82721e575d
Merge pull request #3372 from Shopify/session-cookie-path
...
Add annotation for session affinity path
2018-11-19 07:25:32 -08:00
50b29feb4a
Add annotation for session affinity path
2018-11-19 09:15:24 -05:00
95b3042b6e
Add a Snippet for ModSecurity
...
Allows for the configuration of Mod Security rules via
a Snippet.
2018-11-14 23:31:27 -06:00
b3d789edca
Fix typos: reqrite -> rewrite
...
Signed-off-by: mooncake <xcoder@tenxcloud.com>
2018-11-09 00:54:51 +08:00
5195600841
Allows ModSecurity to be configured per location
...
The following annotations will be added:
- enable-modsecurity
- enable-owasp-core-rules
- modsecurity-transaction-id
Fixes #3167
2018-11-06 22:24:31 -06:00
17cad51e47
Merge pull request #3341 from Shopify/canary_upstream
...
Add canary annotation and alternative backends for traffic shaping
2018-11-06 12:22:16 -08:00
412cd70d3a
implement canary annotation and alternative backends
...
Adds the ability to create alternative backends. Alternative backends enable
traffic shaping by sharing a single location but routing to different
backends depending on the TrafficShapingPolicy defined by AlternativeBackends.
When the list of upstreams and servers are retrieved, we then call
mergeAlternativeBackends which iterates through the paths of every ingress
and checks if the backend supporting the path is a AlternativeBackend. If
so, we then iterate through the map of servers and find the real backend
that the AlternativeBackend should fall under. Once found, the
AlternativeBackend is embedded in the list of VirtualBackends for the real
backend.
If no matching real backend for a AlternativeBackend is found, then the
AlternativeBackend is deleted as it cannot be backed by any server.
2018-11-06 13:13:14 -05:00
265f96bf14
Merge pull request #3344 from ecosia/jg-customerrors-per-ingress
...
Adds CustomHTTPErrors ingress annotation and test
2018-11-06 09:21:49 -08:00
0ebf0354cb
Adds CustomHTTPErrors ingress annotation and test
...
Adds per-server/location error-catch functionality to nginx template
Adds documentation
Reduces template duplication with helper function for CUSTOM_ERRORS data
Updates documentation
Adds e2e test for customerrors
Removes AllCustomHTTPErrors, replaces with template function with deduplication and adds e2e test of deduplication
Fixes copy-paste error in test, adds additional test cases
Reverts noop change in controller.go (unused now)
2018-11-06 16:47:52 +01:00
b511333130
add support for auth-snippet annotation
...
add test for new auth-snippet annotation
document auth-snippet annotation
add e2e test for auth-snippet annotation
add log warning and update documentation
2018-11-05 16:02:29 -06:00
agile6v