46953ccb4d
Update nginx image and Go to 1.13.4 ( #4785 )
2019-11-29 15:20:18 -03:00
61d902db14
Remove Lua resty waf feature
2019-11-26 10:37:43 -03:00
500b043f27
Don't use DNS resolution to "validate FQDN"
...
As the controller stands today this "validation" is done once per config load, which means if the DNS query fails for any reason the endpoint will remain dead until both (1) a change happens to the ingress and (2) the DNS resolution works. If the user configured the name we should just pass it through, this way the lua dns can attempt to re-query it at its leisure.
2019-10-13 13:16:47 -07:00
fb025ab501
Merge pull request #4087 from MRoci/master
...
Define Modsecurity Snippet via ConfigMap
2019-09-30 15:19:32 -07:00
e84c8cd705
ISSUE-4244 e2e test
2019-09-29 23:28:44 +02:00
1ee081ccc8
test modsecurity-snippet
2019-09-28 09:54:10 +02:00
2bd8121338
Change default for proxy-add-original-uri-header
2019-09-25 10:57:31 -03:00
fe2ea692a6
adjust tests to the new no-reload on cert update world
2019-09-25 06:59:47 -04:00
799f0ae76d
more meaningful assertion for tls hsts test
2019-09-24 15:39:20 -04:00
786a3b6862
Add support for configmap of headers to be sent to external auth service
2019-09-24 10:53:23 -04:00
f6c2f5fb97
Merge pull request #4514 from alexmaret/4475-stickyness-mode
...
Added new affinity mode for maximum session stickyness.
2019-09-24 05:09:27 -07:00
846ff00363
Merge pull request #4560 from Shopify/basic-auth-map
...
Support configuring basic auth credentials as a map of user/password hashes
2019-09-16 07:52:39 -07:00
376b862c23
Add annotation to support map of user/pass pairs in basic auth
2019-09-13 11:33:33 -04:00
9af574a234
Remove the_real_ip variable
2019-09-12 20:01:33 -03:00
ce3e3d51c3
WIP Remove nginx unix sockets ( #4531 )
...
* Remove nginx unix sockets
* Use an emptyDir volume for /tmp in PSP e2e tests
2019-09-08 18:14:54 -03:00
1433cde9e6
Improve the time to run e2e tests
2019-09-05 11:46:53 -04:00
1304cb194f
Update nginx image to 0.92
2019-09-04 10:34:54 -04:00
74031cc8b8
Merge pull request #4528 from aledbf/clean-docker
...
Cleanup of docker images
2019-09-03 18:04:58 -07:00
dc20551288
Cleanup of docker images
2019-09-03 19:10:40 -04:00
48c89cbe3c
Switch to official kind images ( #4527 )
2019-09-03 16:46:43 -04:00
c2935ca35c
Refactor health checks and wait until NGINX process ends
2019-09-01 15:31:27 -04:00
c85450c1e7
Remove hard-coded names from e2e test and use local docker dependencies ( #4502 )
2019-09-01 14:16:52 -04:00
9170591185
Added new affinity mode for maximum session stickyness. Fixes kubernetes/ingress-nginx#4475
2019-08-30 11:40:29 +02:00
fcd3054f13
Lint code using staticcheck ( #4471 )
2019-08-23 12:08:40 -04:00
75d65bbd15
Merge pull request #4327 from leki75/proxyssl
...
Add proxy_ssl_* directives
2019-08-18 09:14:04 -07:00
3c05cc4225
cleanup: fix typos in framework.go
...
Signed-off-by: Guangming Wang <guangming.wang@daocloud.io>
2019-08-17 23:16:15 +08:00
8cf384b212
cleanup logging message typos in rewrite.go
...
Signed-off-by: Guangming Wang <guangming.wang@daocloud.io>
2019-08-16 23:36:24 +08:00
65b9e2c574
Merge branch 'master' of https://github.com/kubernetes/ingress-nginx into proxyssl
2019-08-16 06:21:53 +02:00
23ed3ba4c4
Fix file permissions to support volumes
2019-08-15 20:48:37 -04:00
816f4b0824
Fix service type external name using the name
2019-08-15 12:09:42 -04:00
b21c721196
lua-shared-dicts improvements, fixes and documentation
2019-08-14 22:10:56 -04:00
dd0fe4b458
Merge pull request #4422 from ElvinEfendi/lua-resolv-conf-search
...
teach lua about search and ndots settings in resolv.conf
2019-08-14 17:36:33 -07:00
0d690fba1a
Merge pull request #4356 from aledbf/only-dynamic-mode
...
Only support SSL dynamic mode
2019-08-14 17:08:35 -07:00
1be52afa8d
e2e test for service with incomplete external name
2019-08-14 18:03:30 -04:00
8a2a0e915a
Add e2e tests for proxyssl
2019-08-14 11:49:28 +02:00
adef152db8
Merge pull request #4379 from diazjf/mirror
...
Allow Requests to be Mirrored to different backends
2019-08-13 17:52:24 -07:00
d46b4148fa
Lua /etc/resolv.conf parser and some refactoring
2019-08-13 18:34:54 -04:00
80bd481abb
Only support SSL dynamic mode
2019-08-13 17:33:34 -04:00
8a9298ae27
Add helper to extract prometheus metrics in e2e tests
2019-08-13 12:53:40 -04:00
8c472190d1
Merge pull request #4086 from jeroen92/issue-4038
...
Resolve #4038 , move X-Forwarded-Port variable to the location context
2019-08-09 08:07:25 -07:00
4a9b02bc03
Remove dynamic TLS records
2019-08-08 15:52:56 -04:00
a2e667c082
lua shared dict from cm
...
lua shared dict teml test and update func sign
lua shared dict cm test
lua shared dict integration test
lua shared dict add cm parsing
lua shared dict change test header
2019-08-08 12:44:11 +03:00
8dd912114e
Move X-Forwarded-Port variable to the location context
...
Resolves issue #4038 where the X-Forwarded-Port header would be set to the value of the https listening port if all of the following settings were satisfied:
- The ingress controller was started with a non-default HTTPS port set with the `--https-port` argument
- An ingress is created having:
- the `nginx.ingress.kubernetes.io/auth-url` annotation set
- TLS enabled
This commit solves this issue by moving the setting of the `pass_server_port` variable from the server, one level down to the location context.
2019-08-06 17:00:58 +02:00
386486e969
Allow Requests to be Mirrored to different backends
...
Add a feature which allows traffic to be mirrored to
additional backends. This is useful for testing how
requests will behave on different "test" backends.
See https://nginx.org/en/docs/http/ngx_http_mirror_module.html
2019-08-01 11:53:58 -05:00
72271e9313
FastCGI backend support ( #2982 )
...
Co-authored-by: Pierrick Charron <pierrick@adoy.net>
2019-07-31 10:39:21 -04:00
589c9a20f9
Merge pull request #4278 from moolen/feat/auth-req-cache
...
feat: auth-req caching
2019-07-17 12:06:12 -07:00
23504db770
feat: auth-req caching
...
add a way to configure the `proxy_cache_*` [1] directive for external-auth.
The user-defined cache_key may contain sensitive information
(e.g. Authorization header).
We want to store *only* a hash of that key, not the key itself on disk.
[1] http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cache_key
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
2019-07-17 18:39:04 +02:00
d5c7fa8cfb
Fix scripts to be able to run tests in docker
2019-07-17 11:06:53 -04:00
3b0c523e49
added proxy-http-version annotation to override the HTTP/1.1 default connection type to reverse proxy backends
2019-07-08 14:32:00 -04:00
08906ef8f2
add comment to the test
2019-07-04 18:39:29 -04:00
e988217fdf
e2e test for ewma
2019-07-03 16:25:53 -04:00
964a484b2f
GetLbAlgorithm helper func for e2e
2019-07-03 08:15:41 -04:00
004d0c8214
Fix go imports
2019-06-30 18:58:18 -04:00
a2009484f7
Merge pull request #4249 from ElvinEfendi/trailing-dot
...
test to make sure dynamic cert works trailing dot in domains
2019-06-29 16:43:22 -07:00
975a63516d
Update kind to 0.4.0
2019-06-29 18:32:02 -04:00
f771e7247a
test to make sure dynamic cert works trailing dot in domains
2019-06-28 16:21:59 -04:00
591887089f
Add e2e test suite to detect memory leaks in lua
2019-06-27 22:05:52 -04:00
3268d79610
Update nginx image to 0.90
2019-06-26 18:46:56 -04:00
225f881ed0
Add e2e test for invalid secrets
2019-06-25 09:28:52 -04:00
c8cbf0db29
Merge pull request #4227 from aledbf/lint
...
Fix misspelled and e2e check
2019-06-24 21:30:34 -07:00
85a848faaf
Fix misspelled and e2e check
2019-06-24 23:47:22 -04:00
d769c8a4d8
Update nginx image
2019-06-24 23:36:23 -04:00
5dfc7e211f
Merge pull request #4221 from aledbf/upgrade-nginx-image
...
Switch to openresty image
2019-06-24 09:45:57 -07:00
dca5557c50
In case of errors running e2e tests, print the generated nginx.conf file
2019-06-23 22:51:39 -04:00
ca6b61f639
Update e2e tests for openresty
2019-06-23 22:51:39 -04:00
73be06960e
Update test image and binaries
2019-06-23 22:51:38 -04:00
5670e3d9de
Add e2e tests for grpc using https://grpcb.in
2019-06-18 23:44:10 -04:00
1ed6d89c7b
Add e2e test for service type=ExternalName
2019-06-17 23:12:24 -04:00
84102eec2b
Migrate to new networking.k8s.io/v1beta1 package
2019-06-13 11:32:39 -04:00
686f2310e4
Add "text/javascript" to compressible MIME types
...
Based on the HTML Standard, https://html.spec.whatwg.org/multipage/scripting.html#scriptingLanguages , servers _should_ use `text/javascript`.
2019-06-06 13:11:56 -05:00
14a394fc9e
Update nginx ( #4150 )
...
* Update nginx image
* Fix IPV6 test issues in Prow
2019-06-04 12:15:03 -04:00
251f48b120
Merge pull request #4135 from nicknovitski/deployment-api-appsv1
...
Use apps/v1 api group in e2e tests
2019-05-29 16:50:18 -07:00
e1958b8272
Run PodSecurityPolicy E2E test in parallel
...
Previously, this test modified a ClusterRole used by _every_ test. It had to be run serially, with a special teardown function that restored the state of the ClusterRole for any other serial tests.
Now every test gets its own cluster role, which means this test can be safely run in parallel with all the others, without any special teardown.
2019-05-29 14:13:04 -07:00
d617e5abdc
Use apps/v1 api group in e2e tests
2019-05-29 12:12:45 -07:00
c2227a058d
Refactor e2e test
2019-05-27 06:31:01 -04:00
c4597522bf
Refactor whitelist from map to standard allow directives
2019-05-27 04:55:38 -04:00
77f5e4decb
Update nginx image to 0.86
2019-05-26 11:28:35 -04:00
dfa7f10fc9
Merge pull request #4055 from nicknovitski/kustomize
...
Rearrange deployment files into kustomizations
2019-05-25 14:43:50 -07:00
f63f0457be
Update e2e images ( #4110 )
2019-05-24 02:47:14 +02:00
51ad0bc54b
Rearrange deployment files into kustomizations
2019-05-19 12:35:54 -07:00
d32079e69c
Allow to use a custom k8s version in e2e tests
2019-05-15 20:58:58 -04:00
87b730d5fe
Add binaries required by kubernetes-sigs/testing_frameworks
2019-05-15 17:17:32 -04:00
3dd1699637
Add dependencies for code generator
2019-05-14 20:15:49 -04:00
be2792c5f9
Refactor scripts to run e2e tests
2019-05-14 20:15:43 -04:00
7be1dccea7
Add option to run scripts in debug mode
2019-05-13 22:31:06 -04:00
16540a1dba
Run tests with only one worker
2019-05-13 22:30:21 -04:00
ebc50b5c68
Add image for prow jobs
2019-05-13 22:29:44 -04:00
5c26a72256
Don't try to create e2e runner rbac resources twice
2019-05-07 18:07:18 -07:00
8ea40bbcb9
fix typo: deployement->deployment
2019-05-07 16:16:06 -07:00
b06e114177
Merge pull request #3506 from KoerberDigitalDevTeam/feature/extrenal-auth-security-opt-out
...
Improve the external authorization concept from opt-in to secure-by-default
2019-05-07 09:15:53 -07:00
b8fb09d7b3
Update go to 1.12.5, kubectl to 1.14.1 and kind to 0.2.1 ( #4064 )
2019-05-06 23:28:15 -04:00
8cc9afe8ee
Added Global External Authentication settings to configmap parameters incl. addons
2019-05-03 12:08:16 +02:00
bd694bf3de
add e2e coverage for multi auth
2019-04-18 10:32:15 -04:00
7283a01b9f
Update nginx image and Go to 1.12.4 ( #4010 )
2019-04-17 22:45:51 -04:00
34734edc6e
Merge pull request #4005 from Shopify/proxy-next-upstream-timeout
...
Support proxy_next_upstream_timeout
2019-04-15 09:10:09 -07:00
ffeb1fe348
Support proxy_next_upstream_timeout
2019-04-15 11:08:57 -04:00
b13432dbe0
adjust default ssl cert e2e test
2019-04-13 15:00:44 -04:00
1ddf5d2752
regression test for dynamic cert related default-certificate issue
2019-04-09 22:11:21 -04:00
107bec676a
fix custom default backend test title
2019-04-09 20:24:45 -04:00
c9d069e64d
Update nginx image to 0.84 ( #3969 )
2019-04-06 12:30:35 -03:00
Manuel Alejandro de Brito Fontes
Thomas Jackson
Kubernetes Prow Robot
Andrea Spacca
MRoci
Elvin Efendi
A Gardner
Alexander Maret-Huskinson
Guangming Wang
Gabor Lekeny
tals
Jeroen Schutrup
Fernando Diaz
Charle Demers
Moritz Johner
E. Stuart Hicks
Michael Stramel
Nick Novitski
okryvoshapka-connyun
Anthony Ho
Alex Kursell