ce3e3d51c3
WIP Remove nginx unix sockets ( #4531 )
...
* Remove nginx unix sockets
* Use an emptyDir volume for /tmp in PSP e2e tests
2019-09-08 18:14:54 -03:00
c2935ca35c
Refactor health checks and wait until NGINX process ends
2019-09-01 15:31:27 -04:00
72cb7f5e14
Move nginx helper ( #4501 )
2019-08-30 20:18:11 -04:00
8def5ef7ca
Add support for multiple alias and remove duplication of SSL certificates ( #4472 )
2019-08-26 10:58:44 -04:00
82b241c517
Merge pull request #4476 from antoineco/bug/nil-err-channel
...
Initialize nginx process error channel
2019-08-22 09:46:33 -07:00
d1feb65ff9
Initialize nginx process error channel
...
goroutines that write to ngxErrCh remain asleep forever without that
necessary initialization.
2019-08-22 16:25:47 +02:00
05c889335d
post data to Lua only if it changes
2019-08-15 17:21:34 -04:00
80bd481abb
Only support SSL dynamic mode
2019-08-13 17:33:34 -04:00
171da635ef
Remove invalid log "Failed to executing diff command: exit status 1"
2019-08-08 12:53:23 -04:00
3d7a09347d
Apply fixes suggested by staticcheck
2019-07-08 16:18:52 -04:00
8807db9748
Check and complete intermediate SSL certificates
2019-07-04 19:13:21 -04:00
ccd88f625c
Refactor metric prometheus leader helper
2019-06-29 17:44:53 -04:00
8ca5c1cba9
Do not send empty certificates to nginx
2019-06-25 08:15:28 -04:00
c4ced9d694
fix source file mods
2019-06-06 10:47:08 -04:00
3e3e29b78f
Merge pull request #4102 from aledbf/listingresses
...
Refactor ListIngresses to add filters
2019-05-22 06:48:14 -07:00
bae49a4657
Refactor ListIngresses to add filters
2019-05-22 05:37:44 -04:00
31ffad8fa1
UPT: Add variable to define custom sampler host and port, add commituser
2019-05-21 12:34:38 +08:00
8cc9afe8ee
Added Global External Authentication settings to configmap parameters incl. addons
2019-05-03 12:08:16 +02:00
1cd17cd12c
Implement a validation webhook
...
In case some ingress have a syntax error in the snippet configuration,
the freshly generated configuration will not be reloaded to prevent tearing down existing rules.
Although, once inserted, this configuration is preventing from any other valid configuration to be inserted as it remains in the ingresses of the cluster.
To solve this problem, implement an optional validation webhook that simulates the addition of the ingress to be added together with the rest of ingresses.
In case the generated configuration is not validated by nginx, deny the insertion of the ingress.
In case certificates are mounted using kubernetes secrets, when those
changes, keys are automatically updated in the container volume, and the
controller reloads it using the filewatcher.
Related changes:
- Update vendors
- Extract useful functions to check configuration with an additional ingress
- Update documentation for validating webhook
- Add validating webhook examples
- Add a metric for each syntax check success and errors
- Add more certificate generation examples
2019-04-18 19:07:04 +02:00
f6beef960d
Fix segfault on reference to nonexistent configmap
2019-04-02 16:39:42 -04:00
3ec1028d0b
Fix dynamic SSL certificate for aliases and redirect-from-to-www
2019-03-28 16:29:11 -03:00
f4e4335d8c
Only the leader updates metrics for SSL certificate expiration
2019-03-12 12:08:24 -03:00
20a89480f0
Use full election leader ID
2019-03-11 13:11:27 -03:00
7c717cabcf
Add promehteus metric about leader election status
2019-03-11 13:11:27 -03:00
0a39425e8f
Refactor status update
2019-03-11 13:11:26 -03:00
d898169484
Fix ssl-dh-param issue when secret does not exit
2019-03-05 16:31:33 -03:00
24993f359f
- remove annoations in nginxcontroller struct
2019-02-21 19:14:11 +08:00
784d57ea69
Merge pull request #3695 from yowenter/patch-1
...
> Don't reload nginx when L4 endpoints changed
2019-02-19 11:27:11 -08:00
b03049c0af
> Don't reload nginx when L4 service pods changed
...
Since we use lua upstream for L4 service balancer. We don't need reload nginx when L4 service pod changed.
2019-02-19 14:31:45 +08:00
a29c27ed4c
Datadog Opentracing support - part 2
...
This commit is part 2 of 2, adding configuration of the
Datadog Opentracing module to the controller.
Fixes half of #3752
2019-02-15 15:20:10 -05:00
adc128711b
delete confusing CustomErrors attribute to make things more explicit
2019-02-13 22:41:02 -05:00
fc5e99a151
Parse environment variables in OpenTracing configuration
2019-02-10 16:59:05 +01:00
ef7d7cf7d1
Merge pull request #3667 from Shopify/fix-worker-connection-calculation
...
worker_connections should be less (3/4th) than worker_rlimit_nofile
2019-02-06 15:11:20 -08:00
34b0580225
Replace Status port using a socket
2019-02-06 18:00:10 -03:00
638f965a8f
worker_connections should be less than worker_rlimit_nofile
2019-02-02 22:30:36 -05:00
bdf6e47004
rename sysctlFSFileMax to rlimitMaxNumFiles to reflect what it actually does
2019-01-15 15:34:17 -05:00
a3bcbeb3d2
Add support for redirect https to https when from-to-www-redirect is defined
2019-01-10 20:59:49 -03:00
8f57f9578d
Merge pull request #3586 from Shopify/disable-catch-all
...
Add --disable-catch-all option to disable catch-all server
2019-01-07 07:16:26 -08:00
c830a73255
Remove temporal configuration file after a while
2019-01-04 16:11:38 -03:00
f005d4c3ec
L4 config - Only send `Service.Spec` instead of entire `Service`.
2019-01-02 09:32:57 -08:00
f0173f0822
Pass k8s `Service` data through to the TCP balancer script.
...
Fixes broken L4 ExternalName services.
Details
---------
The `tcp_udp_balancer.lua` script checks if the property
`backend.service.spec["type"]` equals "ExternalName". If so,
the script does a DNS lookup on the name in order to configure
the backend configuration.
However, before this commit, the k8s `Service` data was
_not_ set on the `Backend` struct passed into the `tcp_udp_balancer.lua`
script and therefore the ExternalName check always returned false.
This commit fixes the issue by setting the `Service` field on
the `Backend` struct. This also requires adding a new field to the
`L4Backend` struct first, so that it's available to set on the `Backend`.
2019-01-01 20:50:41 -08:00
bf7b5ebd81
Add an option to automatically set worker_connections based on worker_rlimit_nofile
2018-12-27 18:36:19 +01:00
1678d99a03
Add --disable-catch-all option to disable catch-all server
2018-12-21 13:22:26 -05:00
ee3a8fe581
Merge pull request #3505 from Shopify/watch-pod-lua
...
Update lua configuration_data when number of controller pod change
2018-12-17 00:10:30 -08:00
f90881b367
Update lua configuration_data when number of controller pod change
2018-12-14 13:34:54 -05:00
d22146f3b0
handle_error_when_executing_diff
...
Signed-off-by: Guihua Zhu <zhuguihua@cmss.chinamobile.com>
2018-12-12 13:49:17 +08:00
2fa55eabf6
Replace glog with klog
2018-12-05 13:27:55 -03:00
06d33c16b5
Allow to disable NGINX metrics
2018-12-05 10:14:35 -03:00
b6b221aebb
Watch controller Pods list
2018-11-26 15:35:31 -05:00
af2dce901d
Fix tests
2018-11-18 08:17:18 -03:00
Manuel Alejandro de Brito Fontes
Kubernetes Prow Robot
Antoine Cotten
Elvin Efendi
reynaldi.wijaya
okryvoshapka-connyun
Thibault Jamet
Alex Kursell
Taoge
TaoGe
Alan J Castonguay
Sebastiaan Tammer
Kevin Pullin
ramnes
Maxime Ginters
Guihua Zhu