7ff49b25d6
Move opentracing configuration for location to go ( #4965 )
2020-01-25 21:39:20 -03:00
c8015c7734
Update nginx image, use docker buildx and remove qemu ( #4923 )
...
* Update nginx image, use docker buildx and remove qemu
* Update e2e image
2020-01-14 20:52:57 -03:00
5f6c4cff3e
Add help task ( #4891 )
...
* Add help task
* Fix vet errors
2020-01-07 10:53:12 -03:00
965ecd4b15
Default backend protocol only supports http ( #4870 )
2020-01-04 11:09:00 -03:00
a0523c3c8a
Use a named location for authSignURL ( #4859 )
2019-12-24 22:50:25 -03:00
facf841992
Return specific type ( #4840 )
2019-12-17 12:06:17 -03:00
5c8522cdab
apply default certificate again in cases of invalid or incomplete cert config
...
Signed-off-by: Kamil Domański <kamil@domanski.co>
2019-12-06 12:15:52 +01:00
61d902db14
Remove Lua resty waf feature
2019-11-26 10:37:43 -03:00
ea8f7ea8b7
Simplify initialization function of bytes.Buffer
2019-10-12 08:36:54 -07:00
c5a8357f1d
handle hsts header injection in lua
2019-09-24 21:17:22 -04:00
14f9b0d64e
Merge pull request #4596 from Shopify/fix-auth-proxy-header-order
...
sort auth proxy headers from configmap
2019-09-24 13:29:26 -07:00
d124dd5eee
sort auth proxy headers from configmap
2019-09-24 15:19:49 -04:00
8c64b12a96
refactor force ssl redirect logic
2019-09-24 14:57:52 -04:00
786a3b6862
Add support for configmap of headers to be sent to external auth service
2019-09-24 10:53:23 -04:00
1b8f6518cf
Avoid unnecessary reloads generating lua_shared_dict directives
2019-09-22 21:16:00 -03:00
4b4176c830
Fix log format after #4557
2019-09-18 12:52:09 -03:00
c7d2444cf4
Fix nginx variable service_port (nginx) ( #4500 )
2019-08-31 11:24:01 -04:00
8def5ef7ca
Add support for multiple alias and remove duplication of SSL certificates ( #4472 )
2019-08-26 10:58:44 -04:00
fcd3054f13
Lint code using staticcheck ( #4471 )
2019-08-23 12:08:40 -04:00
0b619dc772
make luaSharedDicts test less dependent on default values
2019-08-15 13:13:43 -04:00
30b64df10a
ewma improvements
2019-08-15 13:13:43 -04:00
94052b1bfc
fix test by setting default luashareddicts
2019-08-14 22:10:56 -04:00
6a293c7e11
set /configuration client body size dynamically
2019-08-14 22:10:56 -04:00
b21c721196
lua-shared-dicts improvements, fixes and documentation
2019-08-14 22:10:56 -04:00
0d690fba1a
Merge pull request #4356 from aledbf/only-dynamic-mode
...
Only support SSL dynamic mode
2019-08-14 17:08:35 -07:00
d46b4148fa
Lua /etc/resolv.conf parser and some refactoring
2019-08-13 18:34:54 -04:00
80bd481abb
Only support SSL dynamic mode
2019-08-13 17:33:34 -04:00
2ed75b3362
Move listen logic to go
2019-08-13 14:52:25 -04:00
f459515d0d
Add quote function in template
...
Co-authored-by: Charle Demers <charle.demers@gmail.com>
2019-08-09 15:47:29 -04:00
4a9b02bc03
Remove dynamic TLS records
2019-08-08 15:52:56 -04:00
a2e667c082
lua shared dict from cm
...
lua shared dict teml test and update func sign
lua shared dict cm test
lua shared dict integration test
lua shared dict add cm parsing
lua shared dict change test header
2019-08-08 12:44:11 +03:00
72271e9313
FastCGI backend support ( #2982 )
...
Co-authored-by: Pierrick Charron <pierrick@adoy.net>
2019-07-31 10:39:21 -04:00
23504db770
feat: auth-req caching
...
add a way to configure the `proxy_cache_*` [1] directive for external-auth.
The user-defined cache_key may contain sensitive information
(e.g. Authorization header).
We want to store *only* a hash of that key, not the key itself on disk.
[1] http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cache_key
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
2019-07-17 18:39:04 +02:00
ddffa2a173
Enable arm again
2019-06-26 23:00:58 -04:00
6f1261015b
Merge pull request #4127 from aledbf/migration
...
Migrate to new networking.k8s.io/v1beta1 package
2019-06-13 09:28:19 -07:00
84102eec2b
Migrate to new networking.k8s.io/v1beta1 package
2019-06-13 11:32:39 -04:00
a9a73c6ed6
increase lua_shared_dict config data
2019-06-12 18:42:47 +03:00
c11583dc5f
Only load modsecurity_module when ModSec is active
2019-06-11 16:39:52 +02:00
c4ced9d694
fix source file mods
2019-06-06 10:47:08 -04:00
14a394fc9e
Update nginx ( #4150 )
...
* Update nginx image
* Fix IPV6 test issues in Prow
2019-06-04 12:15:03 -04:00
8cc9afe8ee
Added Global External Authentication settings to configmap parameters incl. addons
2019-05-03 12:08:16 +02:00
1cd17cd12c
Implement a validation webhook
...
In case some ingress have a syntax error in the snippet configuration,
the freshly generated configuration will not be reloaded to prevent tearing down existing rules.
Although, once inserted, this configuration is preventing from any other valid configuration to be inserted as it remains in the ingresses of the cluster.
To solve this problem, implement an optional validation webhook that simulates the addition of the ingress to be added together with the rest of ingresses.
In case the generated configuration is not validated by nginx, deny the insertion of the ingress.
In case certificates are mounted using kubernetes secrets, when those
changes, keys are automatically updated in the container volume, and the
controller reloads it using the filewatcher.
Related changes:
- Update vendors
- Extract useful functions to check configuration with an additional ingress
- Update documentation for validating webhook
- Add validating webhook examples
- Add a metric for each syntax check success and errors
- Add more certificate generation examples
2019-04-18 19:07:04 +02:00
b87cc5a1a6
Merge pull request #3786 from Shopify/rewrite-x-forwarded-prefix
...
Fix x-forwarded-prefix annotation
2019-03-31 16:18:32 -07:00
496ff07bf1
replace some of the Nginx configuration to Lua code
2019-03-31 12:04:52 -04:00
188295550c
Simplify x-forwarded-prefix annotation
2019-03-29 16:25:25 -04:00
eba4a8b87c
Correctly format ipv6 resolver config for lua
...
Fixes #3881
2019-03-14 10:00:24 -07:00
7ea245e6e6
Add test
...
Signed-off-by: Alejandro Pedraza <alejandro.pedraza@gmail.com>
2019-03-07 06:18:06 -05:00
a3c87cf9cb
Properly set ing.Service when there are multiple rules with different hosts using the same path
...
Fixes #3611
Signed-off-by: Alejandro Pedraza <alejandro.pedraza@gmail.com>
2019-03-07 06:06:24 -05:00
3865e30a00
Changes CustomHTTPErrors annotation to use custom default backend
...
Updates e2e test
Removes focus from e2e test
Fixes renamed function
Adds tests for new template funcs
Addresses gofmt
Updates e2e test, fixes custom-default-backend test by creating service
Updates docs
2019-02-24 22:48:56 +01:00
a29c27ed4c
Datadog Opentracing support - part 2
...
This commit is part 2 of 2, adding configuration of the
Datadog Opentracing module to the controller.
Fixes half of #3752
2019-02-15 15:20:10 -05:00
d99390f402
remove old unused lua dicts
2019-02-06 17:33:16 -05:00
7b507095f4
Increase Unit Test Coverage for Templates
...
Increases the Coverage for nginx ingress template
functions. The majority of the added unit tests
are for checking the invalid type handling.
2019-01-29 22:55:44 -06:00
5dee6af957
add params for access log
2019-01-26 21:42:11 +03:00
71cc6df74f
Merge pull request #3174 from Shopify/rewrite-regex
...
Generalize Rewrite Block Creation and Deprecate AddBaseUrl (not backwards compatible)
2019-01-02 12:30:18 -08:00
429110aa13
Add Unit Tests for getIngressInformation
...
Adds a unit test for the getIngressInformation
function.
2018-12-18 11:10:48 -06:00
67654a6fd5
Generalize Rewrite Block Creation
2018-12-13 13:02:05 -05:00
68f344233b
Fix lint issues
2018-12-05 13:28:28 -03:00
2fa55eabf6
Replace glog with klog
2018-12-05 13:27:55 -03:00
06d33c16b5
Allow to disable NGINX metrics
2018-12-05 10:14:35 -03:00
4eabd535f9
be consistent with what Nginx supports
2018-12-02 22:20:56 +04:00
ccd7b890fd
Merge pull request #3492 from aledbf/fix-units
...
Fix data size validations
2018-12-02 09:01:12 -08:00
b80b19902a
Use opentracing_grpc_propagate_context when necessary
2018-12-01 16:31:10 -05:00
6098f6c0e7
Fix data size validations
2018-11-30 10:40:33 -03:00
e93763da6a
delete unused LoadBalanceAlgorithm
2018-11-28 14:49:37 +04:00
60569137ca
delete unused buildLoadBalancingConfig
2018-11-28 11:55:41 +04:00
c99716aadf
Merge pull request #3437 from Shopify/ingress-annotations
...
Use struct to pack Ingress and its annotations
2018-11-21 00:41:58 -08:00
a5341822d5
Increase log level when there is an invalid size value
2018-11-20 15:09:03 -03:00
12766cdfc6
Use struct to pack Ingress and its annotations
2018-11-20 09:38:22 -05:00
0f3e2b9bf0
Convert isValidClientBodyBufferSize to something more generic and use it for client_max_body_size
2018-11-13 10:11:40 -05:00
265f96bf14
Merge pull request #3344 from ecosia/jg-customerrors-per-ingress
...
Adds CustomHTTPErrors ingress annotation and test
2018-11-06 09:21:49 -08:00
0ebf0354cb
Adds CustomHTTPErrors ingress annotation and test
...
Adds per-server/location error-catch functionality to nginx template
Adds documentation
Reduces template duplication with helper function for CUSTOM_ERRORS data
Updates documentation
Adds e2e test for customerrors
Removes AllCustomHTTPErrors, replaces with template function with deduplication and adds e2e test of deduplication
Fixes copy-paste error in test, adds additional test cases
Reverts noop change in controller.go (unused now)
2018-11-06 16:47:52 +01:00
ecf605bf60
Merge pull request #3369 from SataQiu/fix-20181106
...
Fix some typos
2018-11-06 04:02:10 -08:00
a13ea30e6d
Fix typo: whitlelist -> whitelist
2018-11-06 04:59:03 -05:00
76b5a7b45e
fix typos
2018-11-06 15:58:56 +08:00
71ebe1cba5
Code linting
2018-10-30 20:46:48 -03:00
3cbfd63992
Refactor EWMA to not use shared dictionaries
2018-10-25 22:33:42 +04:00
3edf11b85f
Merge pull request #3198 from aledbf/only-dynamic
...
Only support dynamic configuration
2018-10-10 05:07:34 -07:00
74c2f93de6
Only support dynamic configuration
2018-10-09 22:05:45 -03:00
f56ab42cd2
Merge pull request #3194 from bshelton229/literal-dollar-character
...
Make literal $ character work in set $location_path
2018-10-09 15:52:39 -07:00
3686e4f366
Move escapeLocationPathVar to escapeLiteralDollar
2018-10-09 12:58:50 -07:00
859b298d42
Remove annotations grpc-backend and secure-backend already deprecated
2018-10-08 12:26:06 -03:00
3dc131bd57
Make literal $ character work in set $location_path
2018-10-07 12:58:39 -07:00
bd3f56eaa0
allow curly braces to be used in regex paths
2018-10-04 10:58:38 -04:00
f29bdc3e8d
Add 'use regex' annotation to toggle nginx regex location modifier
2018-10-01 13:54:11 -04:00
6393ca6aaf
Merge pull request #2997 from StarOfService/global-block-ip-ua-ref
...
Provide possibility to block IPs, User-Agents and Referers globally
2018-09-25 05:51:56 -07:00
7212d0081b
Provide possibility to block CIDRs, User-Agents and Referers globally
2018-09-25 14:16:20 +03:00
91ae204f6c
Replace standard json encoding with jsoniter
2018-09-22 14:25:01 -03:00
0de19c8062
Fix/add unit tests; Styling changes
2018-09-14 15:07:57 -04:00
0e6f0bb88d
enforce ^~ location modifier when rewrite-target annotation is set
2018-09-13 10:39:52 -04:00
16fce7444f
Check if cgroup cpu limits are defined to get the number of CPUs
2018-08-25 18:34:44 -03:00
e428095e3c
fixed rewrites for paths not ending in /
2018-08-15 21:15:40 +02:00
3f5af6eecf
Merge pull request #2889 from hnrytrn/dynamic-cert-endpoint
...
Add Lua endpoint to support dynamic certificate serving functionality
2018-08-13 10:49:43 -07:00
7af93e03c7
Add annotation backend-protocol
2018-08-07 08:59:38 -04:00
5200a38bd7
Add lua endpoint to handle certificates in dynamic configuration mode
2018-08-07 08:18:34 -04:00
23ce9b5db1
Merge pull request #2808 from dongqi1990/bugfix-2799
...
fix the bug #2799 , add prefix (?i) in rewrite statement.
2018-08-02 20:58:06 -07:00
72a2aa171a
fix the bug #2799 , add prefix (?i) in rewrite statement and add new e2e
...
test.
2018-07-30 17:34:28 +08:00
8a67ace5c3
enable dynamic backend configuration by default
2018-07-26 15:16:06 -04:00
d4faf68416
add support for ExternalName service type in dynamic mode
2018-07-25 09:05:47 -04:00
237dcd7aa7
Merge pull request #2811 from takonomura/escape-request-uri
...
Escape $request_uri for external auth
2018-07-21 02:23:38 -07:00
496fb9d3b8
Merge pull request #2812 from dongqi1990/bugfix--rewrite-to
...
modified annotation name "rewrite-to" to "rewrite-target" in comments
2018-07-19 02:38:41 -07:00
568512fdb8
modified annotation name "rewrite-to" to "rewrite-target" in comments
2018-07-19 17:14:18 +08:00
587c2a8765
Escape $request_uri for external auth
2018-07-19 15:22:05 +09:00
8e06afbb45
Allow gzip compress level to be controlled via ConfigMap
2018-07-09 10:30:59 +10:00
85d1742283
fix: Use the correct opentracing plugin for Jaeger
...
Part of #2738
2018-07-05 19:09:12 +01:00
56b74d9fac
Typo fix in error message: encounted->encountered
...
encounted->encountered
2018-06-22 13:59:23 +08:00
df76d4b481
Update opentracing configuration ( #2676 )
2018-06-21 18:15:18 -04:00
aec40c171f
Improve configuration change detection ( #2656 )
...
* Use information about the configuration configmap to determine changes
* Add hashstructure dependency
* Rename queue functions
* Add test for configmap checksum
2018-06-21 10:50:57 -04:00
fa9823634c
Merge pull request #2504 from jrthrawny/proxy-protocol-timeout-for-passthrough-pr
...
Add Timeout For TLS Passthrough
2018-06-03 22:54:53 -07:00
d637a9b978
Configurable Proxy Protocol header timeout for TLS passthrough
2018-06-03 20:10:41 -05:00
d434583b53
InfluxDB configuration string template builder helper
...
Signed-off-by: Lorenzo Fontana <lo@linux.com>
2018-05-19 09:22:49 +02:00
ff3e182350
Add support for grpc_set_header
2018-05-17 08:35:11 -04:00
a085808d2d
Add tests for bind-address
2018-05-16 14:53:29 -04:00
6cb28e059c
use roundrobin from lua-resty-balancer library and refactor balancer.lua
2018-05-10 13:47:19 -04:00
9bf553559c
Apply gometalinter suggestions
2018-04-25 18:53:49 -03:00
564ec885fb
Merge pull request #2353 from bashofmann/master
...
Add proxy-add-original-uri-header config flag
2018-04-16 05:46:59 -07:00
1c17962ba0
Add proxy-add-original-uri-header config flag
...
This makes it configurable if a location adds an X-Original-Uri header to the backend request. Default is "true", the current behaviour.
2018-04-16 12:34:26 +02:00
361e53ffa9
Merge pull request #2344 from aledbf/xss-base-tag
...
Escape variables in add-base-url annotation
2018-04-13 10:11:00 -07:00
8855460817
Merge pull request #2341 from Shopify/custom-sticky
...
Add session affinity to custom load balancing
2018-04-12 17:22:59 -07:00
6ed256dde6
Add session affinity to custom load balancing
2018-04-12 14:21:42 -04:00
9198e2c14b
fix make verify-all failures
2018-04-12 14:14:43 -04:00
4b76ad14bb
Fix buildupstream name to work with dynamic session affinity
2018-04-12 14:01:46 -04:00
d6eb44376d
run lua-resty-waf in different modes ( #2317 )
...
* run lua-resty-waf in different modes
* update docs
2018-04-09 09:19:13 -03:00
a6fe800a47
lua-resty-waf controller ( #2304 )
2018-04-08 17:37:13 -03:00
82b6c33c25
Escape variables in add-base-url annotation
2018-04-05 20:45:49 -03:00
385368990c
Managing a whitelist for _/nginx_status ( #2187 )
...
Signed-off-by: Sylvain Rabot <s.rabot@lectra.com>
2018-03-28 09:27:34 -03:00
adf12fced1
Add support for gRPC ( #2223 )
...
* Update nginx to 1.13.10 and enable gRPC
* Add support for grpc
2018-03-22 00:38:47 -03:00
df50487a35
fix wrong config generation when upstream-hash-by is set ( #2215 )
2018-03-19 17:37:51 -03:00
94deb3a01a
Add configoption to exclude routes from tls upgrading ( #2203 )
...
* Add configoption to exclude routes from tls upgrading
* Add tests for IsLocationInLocationList
* Seperate elements in NoTLSRedirectLocations by comma
* Set NoTLSRedirectLocations to "/.well-known/acme-challenge/" by default
* Remove trailing slash from "/.well-known/acme-challenge" default
2018-03-18 17:44:59 -03:00
c90a4e811e
Live Nginx (re)configuration without reloading ( #2174 )
2018-03-18 10:13:41 -03:00
41cefeb178
Add worker-cpu-affinity nginx option ( #2201 )
...
worker_cpu_affinity is a common optimization method for improving nginx performance, adding this as a custom configuration. Also fix some format issues found during editing.
2018-03-16 13:32:45 -03:00
36cce00fdd
configuring load balancing per ingress ( #2167 )
...
* configure load balancing through a ingress annotation
* update docs
2018-03-09 13:09:41 -08:00
a8ce680d43
Fix error loading modules ( #2141 )
2018-02-24 18:09:23 -03:00
33475b7184
Fix opentracing configuration when multiple options are configured ( #2075 )
2018-02-12 16:08:49 -08:00
42076e8ed0
Added configmap option to disable IPv6 in nginx DNS resolver ( #1992 )
2018-02-02 11:53:28 -08:00
d1ae7ff29c
Enable Customization of Auth Request Redirect ( #1993 )
...
Adds the 'nginx.ingress.kubernetes.io/auth-request-redirect'
annotation, which allows the customization of the
'X-Auth-Request-Redirect' Header. Fixes : #1979
2018-01-27 21:32:08 -03:00
9af683b02a
Cleanup
2018-01-19 15:53:25 -03:00
8975800740
Add support to hide headers from upstream servers ( #1928 )
2018-01-18 16:37:22 -02:00
3e7d1f9acf
Random string function should only contains letters ( #1906 )
2018-01-17 10:26:32 -02:00
03a1e20fde
Remove package to generate UUIDs
2018-01-07 12:07:33 -03:00
f5953bbfa1
Add X-Forwarded-Prefix on rewrites
2017-12-06 22:06:37 +01:00
3058e7758d
Add setting to configure proxy responses in the stream section
2017-11-30 17:53:23 -03:00
161b485ae0
Add option to configure the redirect code
2017-11-30 12:08:43 -03:00
363d3c1f4f
Added a unit-test to verify sticky cookie to work with redirection
2017-11-23 22:20:29 +01:00
18d6573981
Add fake filesystem for test to avoid temporal files on the local filesystem
2017-11-22 19:52:30 -03:00
8f1ff15a6e
Add prefix nginx to annotations
2017-11-11 14:53:44 -03:00
97577c07a5
Include a buffer pool to improve memory usage
2017-11-11 14:53:44 -03:00
73fe95722c
Rename package pkg to internal
2017-11-11 14:53:44 -03:00
Manuel Alejandro de Brito Fontes
Kamil Domański
Arthur Axel 'fREW' Schmidt
Elvin Efendi
Kubernetes Prow Robot
A Gardner
Pierrick Charron
tals
Charle Demers
Moritz Johner
Sebastiaan Tammer
okryvoshapka-connyun
Thibault Jamet
Alex Kursell
Thomas Jackson
Alejandro Pedraza
jasongwartz
Alan J Castonguay
Fernando Diaz
Rustam Zagirov
Zenara Daley
Andre Marianiello
Maxime Ginters
xichengliudui
SataQiu
Henry Tran
Bryan Shelton
Pavel Sinkevych
Jeroen van Dongen
dongqi1990
takonomura
Jason Stangroome
Mike Bryant
AdamDang
Jason Roberts
Lorenzo Fontana
Bastian Hofmann
Sylvain Rabot
Alvaro Aleman
Oilbeater
Luke Jolly
Max Laverse
Canh Ngo