41700044ad
Replace dockerfile entrypoint
2018-12-07 14:00:55 -03:00
da32401c66
Merge pull request #3509 from fabiant7t/master
...
[1759] Ingress affinity session cookie with Secure flag for HTTPS
2018-12-06 01:18:24 -08:00
f03c8a8544
testing that a secure cookie gets set when being in ssl mode
...
Signed-off-by: Fabian Topfstedt <topfstedt@schneevonmorgen.com>
2018-12-06 09:08:25 +01:00
6c46adf2b7
reverted changing $https globally in the unit tests
...
Signed-off-by: Fabian Topfstedt <topfstedt@schneevonmorgen.com>
2018-12-06 09:01:08 +01:00
06d33c16b5
Allow to disable NGINX metrics
2018-12-05 10:14:35 -03:00
1e31767b51
[1759] Ingress affinity session cookie with Secure flag for HTTPS
...
Signed-off-by: Fabian Topfstedt <topfstedt@schneevonmorgen.com>
2018-12-04 10:51:52 +01:00
a4bad90f1f
fix an ewma unit test
2018-12-03 15:56:58 +04:00
4eabd535f9
be consistent with what Nginx supports
2018-12-02 22:20:56 +04:00
b80b19902a
Use opentracing_grpc_propagate_context when necessary
2018-12-01 16:31:10 -05:00
7ae2583ff9
dynamic certificate mode should support widlcard hosts
2018-11-29 15:41:34 +04:00
c4d6e8f55d
Fix nginx directory permissions
2018-11-27 23:05:18 -03:00
c03ac375ef
test for ewma:after_balance function
2018-11-26 17:20:26 +04:00
f81f06151d
store ewma stats per backend
2018-11-26 16:59:26 +04:00
8aac340203
Merge pull request #3453 from Shopify/monitor-fixes
...
Monitor fixes
2018-11-21 09:28:24 -08:00
d8b928f501
remove already unused endpoint metric
2018-11-21 20:05:44 +04:00
068d633e81
fix Status key conflic, fixes https://github.com/kubernetes/ingress-nginx/issues/3451
2018-11-21 20:03:15 +04:00
35b8023dc8
Match body buffer to max upload size
2018-11-20 15:06:03 -03:00
2b109b360b
Only set cookies on paths that enable session affinity
2018-11-19 11:42:12 -05:00
82721e575d
Merge pull request #3372 from Shopify/session-cookie-path
...
Add annotation for session affinity path
2018-11-19 07:25:32 -08:00
50b29feb4a
Add annotation for session affinity path
2018-11-19 09:15:24 -05:00
bf7ad0daca
Merge pull request #3374 from aledbf/restore-tcp-udp
...
Revert removal of support for TCP and UDP services
2018-11-18 08:33:29 -08:00
af2dce901d
Fix tests
2018-11-18 08:17:18 -03:00
34598e71e0
Merge pull request #3428 from aledbf/set-variables
...
Set proxy_host variable to avoid using default value from proxy_pass
2018-11-18 02:17:49 -08:00
442b01e5e8
Merge pull request #3400 from diazjf/more-modsecurity
...
Add Snippet for ModSecurity
2018-11-17 03:35:53 -08:00
654eceda46
Add tcp e2e test
2018-11-16 21:07:52 -03:00
a2d50c2cd6
Set proxy_host variable to avoid using default value from proxy_pass
2018-11-16 14:55:53 -03:00
168f30d1ec
Revert removal of support for TCP and UDP services
2018-11-16 13:48:47 -03:00
95b3042b6e
Add a Snippet for ModSecurity
...
Allows for the configuration of Mod Security rules via
a Snippet.
2018-11-14 23:31:27 -06:00
20b095f444
Fix X-Forwarded-Proto typo
2018-11-14 10:19:31 -05:00
a22c656f30
Merge pull request #3409 from Shopify/client-max-body-size
...
Convert isValidClientBodyBufferSize to something more generic
2018-11-13 08:36:06 -08:00
0f3e2b9bf0
Convert isValidClientBodyBufferSize to something more generic and use it for client_max_body_size
2018-11-13 10:11:40 -05:00
764740a09a
be more defensive when deciding alternative balancer
2018-11-13 16:03:26 +04:00
41c925f390
bugfix: set canary attributes when initializing balancer
2018-11-13 15:44:57 +04:00
e1720d62f4
Prevent X-Forwarded-Proto forward during external auth subrequest
2018-11-12 09:13:48 -05:00
5195600841
Allows ModSecurity to be configured per location
...
The following annotations will be added:
- enable-modsecurity
- enable-owasp-core-rules
- modsecurity-transaction-id
Fixes #3167
2018-11-06 22:24:31 -06:00
17cad51e47
Merge pull request #3341 from Shopify/canary_upstream
...
Add canary annotation and alternative backends for traffic shaping
2018-11-06 12:22:16 -08:00
412cd70d3a
implement canary annotation and alternative backends
...
Adds the ability to create alternative backends. Alternative backends enable
traffic shaping by sharing a single location but routing to different
backends depending on the TrafficShapingPolicy defined by AlternativeBackends.
When the list of upstreams and servers are retrieved, we then call
mergeAlternativeBackends which iterates through the paths of every ingress
and checks if the backend supporting the path is a AlternativeBackend. If
so, we then iterate through the map of servers and find the real backend
that the AlternativeBackend should fall under. Once found, the
AlternativeBackend is embedded in the list of VirtualBackends for the real
backend.
If no matching real backend for a AlternativeBackend is found, then the
AlternativeBackend is deleted as it cannot be backed by any server.
2018-11-06 13:13:14 -05:00
265f96bf14
Merge pull request #3344 from ecosia/jg-customerrors-per-ingress
...
Adds CustomHTTPErrors ingress annotation and test
2018-11-06 09:21:49 -08:00
0ebf0354cb
Adds CustomHTTPErrors ingress annotation and test
...
Adds per-server/location error-catch functionality to nginx template
Adds documentation
Reduces template duplication with helper function for CUSTOM_ERRORS data
Updates documentation
Adds e2e test for customerrors
Removes AllCustomHTTPErrors, replaces with template function with deduplication and adds e2e test of deduplication
Fixes copy-paste error in test, adds additional test cases
Reverts noop change in controller.go (unused now)
2018-11-06 16:47:52 +01:00
08d5ffabbf
Merge pull request #3367 from aledbf/503-restart
...
Remove reloads when there is no endpoints
2018-11-06 06:39:04 -08:00
3838145a8c
Remove reloads when there is no endpoints
2018-11-06 09:26:04 -03:00
b511333130
add support for auth-snippet annotation
...
add test for new auth-snippet annotation
document auth-snippet annotation
add e2e test for auth-snippet annotation
add log warning and update documentation
2018-11-05 16:02:29 -06:00
3477df4c12
pass static-check
2018-11-02 17:17:29 +08:00
c74e59fa4c
Use second as cookie expires unit
2018-11-02 17:05:38 +08:00
ce6e564f82
merge from master
2018-11-02 13:13:24 +08:00
36aceded32
Avoid reloads when endpoints are not available
2018-11-01 10:00:49 -03:00
71ebe1cba5
Code linting
2018-10-30 20:46:48 -03:00
9e639f9788
fix sticky session implementation
2018-10-30 16:23:08 +04:00
38279366a5
add e2e test for cookie annotations
2018-10-30 19:27:21 +08:00
c27c57dc8b
Add configuration for geoip2 module
...
Based on closed PRs #2551 , #2755
2018-10-29 21:25:23 +01:00
7de718f359
pass code static-check
2018-10-29 15:39:43 +08:00
ad57c76b73
Support cookie expires
2018-10-29 15:21:10 +08:00
3cbfd63992
Refactor EWMA to not use shared dictionaries
2018-10-25 22:33:42 +04:00
063f652711
Merge pull request #3187 from DesmondHoLLM/feature/annotations-resty-lua
...
UPT: annotation enhancement for resty-lua-waf
2018-10-25 00:06:03 -07:00
bf03046a80
UPT: updated e2e test and default true for process-multipart-body annotation
2018-10-25 14:17:38 +08:00
5cc116fa10
fix bug with balancer.lua configuration
2018-10-24 22:42:40 +04:00
bab521e81a
UPT: align waf options
2018-10-20 12:46:39 +08:00
04a89ce234
UPT: annotation enhancement for resty-lua-waf
2018-10-20 12:09:38 +08:00
12955a4a1b
Allow Ability to Configure Upstream Keepalive
...
Allows Upstream Keepalive values like keepalive_timeout and
keepalive_requests to be configured via ConfigMap.
Fixes #3099
2018-10-11 20:46:42 -05:00
3edf11b85f
Merge pull request #3198 from aledbf/only-dynamic
...
Only support dynamic configuration
2018-10-10 05:07:34 -07:00
74c2f93de6
Only support dynamic configuration
2018-10-09 22:05:45 -03:00
f56ab42cd2
Merge pull request #3194 from bshelton229/literal-dollar-character
...
Make literal $ character work in set $location_path
2018-10-09 15:52:39 -07:00
3686e4f366
Move escapeLocationPathVar to escapeLiteralDollar
2018-10-09 12:58:50 -07:00
78f12c25c5
delete upstream healthcheck annotation
2018-10-09 09:14:13 -04:00
3cf00b2fd8
Merge pull request #3197 from aledbf/remove-tcp-udp
...
Remove support for TCP and UDP services
2018-10-08 07:19:39 -07:00
182767b06b
Merge pull request #3170 from Globegitter/move-mainsnippet
...
Move mainSnippet before events to fix load_module issue.
2018-10-08 06:22:25 -07:00
3dc131bd57
Make literal $ character work in set $location_path
2018-10-07 12:58:39 -07:00
44bdc7eb59
Remove support for TCP and UDP services
2018-10-07 10:53:37 -03:00
b46523a1f4
Merge pull request #3149 from diazjf/proxy-e2e-tests
...
Add e2e Tests for Proxy Annotations
2018-10-05 05:15:09 -07:00
8848c1864a
Move mainSnippet before events.
2018-10-02 15:24:44 +02:00
e5dca9353e
Remove Unneeded Quotes from Nginx Directives
...
Removes quotes from nginx directives which my cause issues with
their functionality
Fixes #3152
2018-10-01 16:10:33 -05:00
d9f58144eb
Merge pull request #3145 from Shopify/regex-modifier
...
Add "use-regex" Annotation to Toggle Regular Expression Location Modifier
2018-10-01 11:31:43 -07:00
f29bdc3e8d
Add 'use regex' annotation to toggle nginx regex location modifier
2018-10-01 13:54:11 -04:00
bf4be49c02
Fix incorrect .DisableLua access. ( #3144 )
...
* Fix incorrect .DisableLua access.
* Address comment.
2018-09-26 14:05:05 -03:00
a2ccd1f224
Fix usage for $all.
2018-09-26 16:38:16 +02:00
fe219db231
Ensure monitoring for custom error pages
...
Fixes #3140
2018-09-26 16:26:38 +02:00
b3a22f7fc0
do not require --default-backend-service
2018-09-25 21:14:28 -04:00
1e72774609
Docker run as user
2018-09-25 20:42:26 -03:00
3f29e436f3
Update nginx image
2018-09-25 18:35:01 -03:00
c4a562dded
Merge pull request #3130 from alanbover/fix/newlines_location_denied
...
fix newlines location denied
2018-09-25 07:04:50 -07:00
6454608c6c
fix newlines location denied
2018-09-25 15:36:23 +02:00
6393ca6aaf
Merge pull request #2997 from StarOfService/global-block-ip-ua-ref
...
Provide possibility to block IPs, User-Agents and Referers globally
2018-09-25 05:51:56 -07:00
7212d0081b
Provide possibility to block CIDRs, User-Agents and Referers globally
2018-09-25 14:16:20 +03:00
8d8cdb044d
Merge pull request #3073 from hchenxa/hchenxa_fix3071
...
do not hardcode the path
2018-09-16 20:20:15 -07:00
3dc21ead49
do not hardcode the path
2018-09-17 10:52:21 +08:00
6ed5c95562
Merge pull request #3098 from ElvinEfendi/make-keepalive-work
...
make upstream keepalive work for http
2018-09-15 07:36:27 -07:00
6511fa9f58
make upstream keepalive work for http
2018-09-14 19:40:54 -04:00
0e6f0bb88d
enforce ^~ location modifier when rewrite-target annotation is set
2018-09-13 10:39:52 -04:00
0a9db37e0f
Merge pull request #3062 from lahsivjar/issue-fix-host-header
...
Pass Host header for custom errors
2018-09-09 09:51:13 -07:00
4e14b809df
Pass Host header for custom errors
2018-09-09 19:39:10 +08:00
e73510d818
fix some typos
...
Signed-off-by: Lei Gong <lgong@alauda.io>
2018-09-08 21:49:04 +08:00
9099f3b4db
add support for http2-max-requests in configmap
2018-09-02 23:53:30 -06:00
b0e242fe73
Add support for valgrind
2018-08-30 21:32:06 -03:00
72112fe9d0
Merge pull request #2966 from Shopify/add-sticky-unit-tests
...
Add unit tests for sticky lua module
2018-08-23 20:32:16 -07:00
b0b575db33
Merge pull request #2965 from Shopify/dynamic-certificates-nginx
...
Add Lua module to serve SSL Certificates dynamically
2018-08-23 20:27:55 -07:00
cbf041fc3e
Add Lua module to serve SSL Certificates dynamically
2018-08-23 22:15:54 -04:00
32426b95e6
Add reset_ngx method to sticky_test.lua
2018-08-23 14:09:08 -04:00
c7b75970ca
Refactor ngx mock and indent using 2 spaces
2018-08-23 14:02:42 -04:00
f6905ae0ff
Pass real source IP address to auth request
2018-08-23 10:37:33 -03:00
14145b3129
Update tests to account for balance() return value
2018-08-21 15:07:32 -04:00
Manuel Alejandro de Brito Fontes
Kubernetes Prow Robot
Fabian Topfstedt
Elvin Efendi
Andre Marianiello
Zenara Daley
Fernando Diaz
Maxime Ginters
Conor Landry
jasongwartz
Adnan Baruni
liuwei
Maximilian Bode
Henry Tran
Desmond Ho
Bryan Shelton
Globegitter
Markus Padourek
Alan Bover
Pavel Sinkevych
Hui Chen
Vishal Raj
Lei Gong
Derek Perkins
Francisco Mejia