77234fcde0
Fix nginx ingress variables for definitions with Backend
2020-12-05 14:40:22 -03:00
5df2951948
Fix nginx ingress variables for definitions without hosts
2020-12-04 20:30:55 -03:00
d781d99797
Fixes for gosec
2020-12-04 20:29:07 -03:00
e3a3ea8826
Merge pull request #6294 from ianbuss/auth-error-redirect-param
...
Allow customisation of redirect URL parameter in external auth redirects
2020-11-23 01:27:37 -08:00
2ca1f92697
Add PathType details in external auth location
2020-11-12 16:07:21 -03:00
3f153add00
Refactor handling of path Prefix and Exact
2020-11-10 07:21:34 -03:00
a6b6f03b53
Add support for k8s ingress pathtype Prefix
2020-11-02 09:56:49 -05:00
d74ea25df8
Add validation for wildcard server names
2020-10-26 10:51:14 -03:00
cdd6437380
Refactor Exact path matthing
2020-10-26 10:51:03 -03:00
41cf628bdf
Add a configurable URL redirect parameter for error URLs
2020-10-08 12:53:46 +01:00
108637bb1c
Migrate to structured logging (klog)
2020-09-27 18:59:57 -03:00
e659efbfdb
Use dynamic load of modules
2020-09-10 11:39:35 -03:00
0925f20d05
Refactor load of tracer load
2020-09-08 16:20:03 -03:00
cb86c5698c
Migrate to klog v2
2020-08-08 21:01:03 -04:00
f3537204d2
Adding Zipkin collector to the E2E opentracing test as it is required to load at least one tracer to enable opentracing
...
Work on PR comments
Add tests for template builder
Signed-off-by: Bernard Van De Walle <bernard.vandewalle@getcruise.com>
2020-07-23 15:25:50 -07:00
dc3876666b
Revert "use-regex annotation should be applied to only one Location"
...
This reverts commit a8a8b5f6e9
2020-07-15 11:20:47 -04:00
a8a8b5f6e9
use-regex annotation should be applied to only one Location
2020-07-06 19:29:39 -04:00
3d3efaab29
Fix proxy_protocol duplication in listen definition
2020-06-09 15:00:59 -04:00
46cca5ad40
Fix error setting $service_name NGINX variable
2020-05-13 10:01:41 -04:00
a95d850384
Add support for PathTypeExact
2020-04-23 11:12:37 -04:00
dc1adaec6b
Remove TODO that were done
2020-04-17 03:37:37 -04:00
01351a6bf8
remove unused test and function
2020-04-08 19:37:15 +03:00
5390ce4879
Fix definition order of modsecurity directives
2020-04-03 10:53:20 -03:00
380ef3a92c
Fix the ability to disable ModSecurity at location level
...
- Adds 'modsecurity off;' to the nginx config if the
'enable-modsecurity' annotation is set to false.
- Update tests and e2e tests accordingly
Signed-off-by: Bhavin Gandhi <bhavin7392@gmail.com>
2020-03-22 23:51:02 +05:30
96327b12cd
Fix $service_name and $service_port variables values without host ( #5226 )
2020-03-07 23:06:03 -03:00
ed30be05bc
Fix quote function in template to render pointers properly
2020-03-05 16:45:27 +04:00
46a3e0a6fd
Fix X-Forwarded-Proto based on proxy-protocol server port
2020-02-10 18:08:34 +03:00
b3146354d4
Refactor mirror feature
2020-02-05 10:39:55 -03:00
b9e944a8a6
Move mod-security logic from template to go code ( #5009 )
2020-02-04 14:04:11 -03:00
5d05e19cc3
Fix enable opentracing per location ( #4983 )
2020-01-29 12:20:05 -03:00
7ff49b25d6
Move opentracing configuration for location to go ( #4965 )
2020-01-25 21:39:20 -03:00
c8015c7734
Update nginx image, use docker buildx and remove qemu ( #4923 )
...
* Update nginx image, use docker buildx and remove qemu
* Update e2e image
2020-01-14 20:52:57 -03:00
965ecd4b15
Default backend protocol only supports http ( #4870 )
2020-01-04 11:09:00 -03:00
a0523c3c8a
Use a named location for authSignURL ( #4859 )
2019-12-24 22:50:25 -03:00
facf841992
Return specific type ( #4840 )
2019-12-17 12:06:17 -03:00
5c8522cdab
apply default certificate again in cases of invalid or incomplete cert config
...
Signed-off-by: Kamil Domański <kamil@domanski.co>
2019-12-06 12:15:52 +01:00
61d902db14
Remove Lua resty waf feature
2019-11-26 10:37:43 -03:00
c5a8357f1d
handle hsts header injection in lua
2019-09-24 21:17:22 -04:00
14f9b0d64e
Merge pull request #4596 from Shopify/fix-auth-proxy-header-order
...
sort auth proxy headers from configmap
2019-09-24 13:29:26 -07:00
d124dd5eee
sort auth proxy headers from configmap
2019-09-24 15:19:49 -04:00
8c64b12a96
refactor force ssl redirect logic
2019-09-24 14:57:52 -04:00
786a3b6862
Add support for configmap of headers to be sent to external auth service
2019-09-24 10:53:23 -04:00
1b8f6518cf
Avoid unnecessary reloads generating lua_shared_dict directives
2019-09-22 21:16:00 -03:00
4b4176c830
Fix log format after #4557
2019-09-18 12:52:09 -03:00
c7d2444cf4
Fix nginx variable service_port (nginx) ( #4500 )
2019-08-31 11:24:01 -04:00
fcd3054f13
Lint code using staticcheck ( #4471 )
2019-08-23 12:08:40 -04:00
6a293c7e11
set /configuration client body size dynamically
2019-08-14 22:10:56 -04:00
b21c721196
lua-shared-dicts improvements, fixes and documentation
2019-08-14 22:10:56 -04:00
0d690fba1a
Merge pull request #4356 from aledbf/only-dynamic-mode
...
Only support SSL dynamic mode
2019-08-14 17:08:35 -07:00
d46b4148fa
Lua /etc/resolv.conf parser and some refactoring
2019-08-13 18:34:54 -04:00
80bd481abb
Only support SSL dynamic mode
2019-08-13 17:33:34 -04:00
2ed75b3362
Move listen logic to go
2019-08-13 14:52:25 -04:00
f459515d0d
Add quote function in template
...
Co-authored-by: Charle Demers <charle.demers@gmail.com>
2019-08-09 15:47:29 -04:00
a2e667c082
lua shared dict from cm
...
lua shared dict teml test and update func sign
lua shared dict cm test
lua shared dict integration test
lua shared dict add cm parsing
lua shared dict change test header
2019-08-08 12:44:11 +03:00
72271e9313
FastCGI backend support ( #2982 )
...
Co-authored-by: Pierrick Charron <pierrick@adoy.net>
2019-07-31 10:39:21 -04:00
ddffa2a173
Enable arm again
2019-06-26 23:00:58 -04:00
a9a73c6ed6
increase lua_shared_dict config data
2019-06-12 18:42:47 +03:00
c11583dc5f
Only load modsecurity_module when ModSec is active
2019-06-11 16:39:52 +02:00
c4ced9d694
fix source file mods
2019-06-06 10:47:08 -04:00
8cc9afe8ee
Added Global External Authentication settings to configmap parameters incl. addons
2019-05-03 12:08:16 +02:00
1cd17cd12c
Implement a validation webhook
...
In case some ingress have a syntax error in the snippet configuration,
the freshly generated configuration will not be reloaded to prevent tearing down existing rules.
Although, once inserted, this configuration is preventing from any other valid configuration to be inserted as it remains in the ingresses of the cluster.
To solve this problem, implement an optional validation webhook that simulates the addition of the ingress to be added together with the rest of ingresses.
In case the generated configuration is not validated by nginx, deny the insertion of the ingress.
In case certificates are mounted using kubernetes secrets, when those
changes, keys are automatically updated in the container volume, and the
controller reloads it using the filewatcher.
Related changes:
- Update vendors
- Extract useful functions to check configuration with an additional ingress
- Update documentation for validating webhook
- Add validating webhook examples
- Add a metric for each syntax check success and errors
- Add more certificate generation examples
2019-04-18 19:07:04 +02:00
b87cc5a1a6
Merge pull request #3786 from Shopify/rewrite-x-forwarded-prefix
...
Fix x-forwarded-prefix annotation
2019-03-31 16:18:32 -07:00
496ff07bf1
replace some of the Nginx configuration to Lua code
2019-03-31 12:04:52 -04:00
188295550c
Simplify x-forwarded-prefix annotation
2019-03-29 16:25:25 -04:00
eba4a8b87c
Correctly format ipv6 resolver config for lua
...
Fixes #3881
2019-03-14 10:00:24 -07:00
a3c87cf9cb
Properly set ing.Service when there are multiple rules with different hosts using the same path
...
Fixes #3611
Signed-off-by: Alejandro Pedraza <alejandro.pedraza@gmail.com>
2019-03-07 06:06:24 -05:00
3865e30a00
Changes CustomHTTPErrors annotation to use custom default backend
...
Updates e2e test
Removes focus from e2e test
Fixes renamed function
Adds tests for new template funcs
Addresses gofmt
Updates e2e test, fixes custom-default-backend test by creating service
Updates docs
2019-02-24 22:48:56 +01:00
a29c27ed4c
Datadog Opentracing support - part 2
...
This commit is part 2 of 2, adding configuration of the
Datadog Opentracing module to the controller.
Fixes half of #3752
2019-02-15 15:20:10 -05:00
d99390f402
remove old unused lua dicts
2019-02-06 17:33:16 -05:00
7b507095f4
Increase Unit Test Coverage for Templates
...
Increases the Coverage for nginx ingress template
functions. The majority of the added unit tests
are for checking the invalid type handling.
2019-01-29 22:55:44 -06:00
71cc6df74f
Merge pull request #3174 from Shopify/rewrite-regex
...
Generalize Rewrite Block Creation and Deprecate AddBaseUrl (not backwards compatible)
2019-01-02 12:30:18 -08:00
429110aa13
Add Unit Tests for getIngressInformation
...
Adds a unit test for the getIngressInformation
function.
2018-12-18 11:10:48 -06:00
67654a6fd5
Generalize Rewrite Block Creation
2018-12-13 13:02:05 -05:00
68f344233b
Fix lint issues
2018-12-05 13:28:28 -03:00
2fa55eabf6
Replace glog with klog
2018-12-05 13:27:55 -03:00
06d33c16b5
Allow to disable NGINX metrics
2018-12-05 10:14:35 -03:00
4eabd535f9
be consistent with what Nginx supports
2018-12-02 22:20:56 +04:00
ccd7b890fd
Merge pull request #3492 from aledbf/fix-units
...
Fix data size validations
2018-12-02 09:01:12 -08:00
b80b19902a
Use opentracing_grpc_propagate_context when necessary
2018-12-01 16:31:10 -05:00
6098f6c0e7
Fix data size validations
2018-11-30 10:40:33 -03:00
60569137ca
delete unused buildLoadBalancingConfig
2018-11-28 11:55:41 +04:00
c99716aadf
Merge pull request #3437 from Shopify/ingress-annotations
...
Use struct to pack Ingress and its annotations
2018-11-21 00:41:58 -08:00
a5341822d5
Increase log level when there is an invalid size value
2018-11-20 15:09:03 -03:00
12766cdfc6
Use struct to pack Ingress and its annotations
2018-11-20 09:38:22 -05:00
0f3e2b9bf0
Convert isValidClientBodyBufferSize to something more generic and use it for client_max_body_size
2018-11-13 10:11:40 -05:00
0ebf0354cb
Adds CustomHTTPErrors ingress annotation and test
...
Adds per-server/location error-catch functionality to nginx template
Adds documentation
Reduces template duplication with helper function for CUSTOM_ERRORS data
Updates documentation
Adds e2e test for customerrors
Removes AllCustomHTTPErrors, replaces with template function with deduplication and adds e2e test of deduplication
Fixes copy-paste error in test, adds additional test cases
Reverts noop change in controller.go (unused now)
2018-11-06 16:47:52 +01:00
71ebe1cba5
Code linting
2018-10-30 20:46:48 -03:00
3cbfd63992
Refactor EWMA to not use shared dictionaries
2018-10-25 22:33:42 +04:00
3edf11b85f
Merge pull request #3198 from aledbf/only-dynamic
...
Only support dynamic configuration
2018-10-10 05:07:34 -07:00
74c2f93de6
Only support dynamic configuration
2018-10-09 22:05:45 -03:00
f56ab42cd2
Merge pull request #3194 from bshelton229/literal-dollar-character
...
Make literal $ character work in set $location_path
2018-10-09 15:52:39 -07:00
3686e4f366
Move escapeLocationPathVar to escapeLiteralDollar
2018-10-09 12:58:50 -07:00
859b298d42
Remove annotations grpc-backend and secure-backend already deprecated
2018-10-08 12:26:06 -03:00
3dc131bd57
Make literal $ character work in set $location_path
2018-10-07 12:58:39 -07:00
bd3f56eaa0
allow curly braces to be used in regex paths
2018-10-04 10:58:38 -04:00
f29bdc3e8d
Add 'use regex' annotation to toggle nginx regex location modifier
2018-10-01 13:54:11 -04:00
6393ca6aaf
Merge pull request #2997 from StarOfService/global-block-ip-ua-ref
...
Provide possibility to block IPs, User-Agents and Referers globally
2018-09-25 05:51:56 -07:00
7212d0081b
Provide possibility to block CIDRs, User-Agents and Referers globally
2018-09-25 14:16:20 +03:00
0de19c8062
Fix/add unit tests; Styling changes
2018-09-14 15:07:57 -04:00
0e6f0bb88d
enforce ^~ location modifier when rewrite-target annotation is set
2018-09-13 10:39:52 -04:00
Manuel Alejandro de Brito Fontes
Kubernetes Prow Robot
Ian Buss
Bernard Van De Walle
Rodrigo Villablanca
Artem Miroshnychenko
Bhavin Gandhi
m.nabokikh
Ilya Nemakov
Kamil Domański
Elvin Efendi
A Gardner
Pierrick Charron
tals
Charle Demers
Sebastiaan Tammer
okryvoshapka-connyun
Thibault Jamet
Alex Kursell
Thomas Jackson
Alejandro Pedraza
jasongwartz
Alan J Castonguay
Fernando Diaz
Zenara Daley
Andre Marianiello
Maxime Ginters
Henry Tran
Bryan Shelton
Pavel Sinkevych