7de718f359
pass code static-check
2018-10-29 15:39:43 +08:00
ad57c76b73
Support cookie expires
2018-10-29 15:21:10 +08:00
3cbfd63992
Refactor EWMA to not use shared dictionaries
2018-10-25 22:33:42 +04:00
063f652711
Merge pull request #3187 from DesmondHoLLM/feature/annotations-resty-lua
...
UPT: annotation enhancement for resty-lua-waf
2018-10-25 00:06:03 -07:00
bf03046a80
UPT: updated e2e test and default true for process-multipart-body annotation
2018-10-25 14:17:38 +08:00
5cc116fa10
fix bug with balancer.lua configuration
2018-10-24 22:42:40 +04:00
bab521e81a
UPT: align waf options
2018-10-20 12:46:39 +08:00
04a89ce234
UPT: annotation enhancement for resty-lua-waf
2018-10-20 12:09:38 +08:00
12955a4a1b
Allow Ability to Configure Upstream Keepalive
...
Allows Upstream Keepalive values like keepalive_timeout and
keepalive_requests to be configured via ConfigMap.
Fixes #3099
2018-10-11 20:46:42 -05:00
3edf11b85f
Merge pull request #3198 from aledbf/only-dynamic
...
Only support dynamic configuration
2018-10-10 05:07:34 -07:00
74c2f93de6
Only support dynamic configuration
2018-10-09 22:05:45 -03:00
f56ab42cd2
Merge pull request #3194 from bshelton229/literal-dollar-character
...
Make literal $ character work in set $location_path
2018-10-09 15:52:39 -07:00
3686e4f366
Move escapeLocationPathVar to escapeLiteralDollar
2018-10-09 12:58:50 -07:00
78f12c25c5
delete upstream healthcheck annotation
2018-10-09 09:14:13 -04:00
3cf00b2fd8
Merge pull request #3197 from aledbf/remove-tcp-udp
...
Remove support for TCP and UDP services
2018-10-08 07:19:39 -07:00
182767b06b
Merge pull request #3170 from Globegitter/move-mainsnippet
...
Move mainSnippet before events to fix load_module issue.
2018-10-08 06:22:25 -07:00
3dc131bd57
Make literal $ character work in set $location_path
2018-10-07 12:58:39 -07:00
44bdc7eb59
Remove support for TCP and UDP services
2018-10-07 10:53:37 -03:00
b46523a1f4
Merge pull request #3149 from diazjf/proxy-e2e-tests
...
Add e2e Tests for Proxy Annotations
2018-10-05 05:15:09 -07:00
8848c1864a
Move mainSnippet before events.
2018-10-02 15:24:44 +02:00
e5dca9353e
Remove Unneeded Quotes from Nginx Directives
...
Removes quotes from nginx directives which my cause issues with
their functionality
Fixes #3152
2018-10-01 16:10:33 -05:00
d9f58144eb
Merge pull request #3145 from Shopify/regex-modifier
...
Add "use-regex" Annotation to Toggle Regular Expression Location Modifier
2018-10-01 11:31:43 -07:00
f29bdc3e8d
Add 'use regex' annotation to toggle nginx regex location modifier
2018-10-01 13:54:11 -04:00
bf4be49c02
Fix incorrect .DisableLua access. ( #3144 )
...
* Fix incorrect .DisableLua access.
* Address comment.
2018-09-26 14:05:05 -03:00
a2ccd1f224
Fix usage for $all.
2018-09-26 16:38:16 +02:00
fe219db231
Ensure monitoring for custom error pages
...
Fixes #3140
2018-09-26 16:26:38 +02:00
b3a22f7fc0
do not require --default-backend-service
2018-09-25 21:14:28 -04:00
1e72774609
Docker run as user
2018-09-25 20:42:26 -03:00
3f29e436f3
Update nginx image
2018-09-25 18:35:01 -03:00
c4a562dded
Merge pull request #3130 from alanbover/fix/newlines_location_denied
...
fix newlines location denied
2018-09-25 07:04:50 -07:00
6454608c6c
fix newlines location denied
2018-09-25 15:36:23 +02:00
6393ca6aaf
Merge pull request #2997 from StarOfService/global-block-ip-ua-ref
...
Provide possibility to block IPs, User-Agents and Referers globally
2018-09-25 05:51:56 -07:00
7212d0081b
Provide possibility to block CIDRs, User-Agents and Referers globally
2018-09-25 14:16:20 +03:00
8d8cdb044d
Merge pull request #3073 from hchenxa/hchenxa_fix3071
...
do not hardcode the path
2018-09-16 20:20:15 -07:00
3dc21ead49
do not hardcode the path
2018-09-17 10:52:21 +08:00
6ed5c95562
Merge pull request #3098 from ElvinEfendi/make-keepalive-work
...
make upstream keepalive work for http
2018-09-15 07:36:27 -07:00
6511fa9f58
make upstream keepalive work for http
2018-09-14 19:40:54 -04:00
0e6f0bb88d
enforce ^~ location modifier when rewrite-target annotation is set
2018-09-13 10:39:52 -04:00
0a9db37e0f
Merge pull request #3062 from lahsivjar/issue-fix-host-header
...
Pass Host header for custom errors
2018-09-09 09:51:13 -07:00
4e14b809df
Pass Host header for custom errors
2018-09-09 19:39:10 +08:00
e73510d818
fix some typos
...
Signed-off-by: Lei Gong <lgong@alauda.io>
2018-09-08 21:49:04 +08:00
9099f3b4db
add support for http2-max-requests in configmap
2018-09-02 23:53:30 -06:00
b0e242fe73
Add support for valgrind
2018-08-30 21:32:06 -03:00
72112fe9d0
Merge pull request #2966 from Shopify/add-sticky-unit-tests
...
Add unit tests for sticky lua module
2018-08-23 20:32:16 -07:00
b0b575db33
Merge pull request #2965 from Shopify/dynamic-certificates-nginx
...
Add Lua module to serve SSL Certificates dynamically
2018-08-23 20:27:55 -07:00
cbf041fc3e
Add Lua module to serve SSL Certificates dynamically
2018-08-23 22:15:54 -04:00
32426b95e6
Add reset_ngx method to sticky_test.lua
2018-08-23 14:09:08 -04:00
c7b75970ca
Refactor ngx mock and indent using 2 spaces
2018-08-23 14:02:42 -04:00
f6905ae0ff
Pass real source IP address to auth request
2018-08-23 10:37:33 -03:00
14145b3129
Update tests to account for balance() return value
2018-08-21 15:07:32 -04:00
86c1b1211c
Add unit tests for sticky lua module
2018-08-21 14:22:44 -04:00
27cd1af4a7
fix variable parsing when key is number
2018-08-21 13:42:21 -04:00
2207d7694d
batch metrics and flush periodically
2018-08-18 13:17:21 -04:00
b4942ccd03
Merge pull request #2616 from Dirbaio/xff
...
Add use-forwarded-headers configmap option.
2018-08-16 16:30:08 -07:00
7a3c8f2536
suppress stdout during lua test run
2018-08-16 14:12:33 -04:00
589069d566
wrap IPv6 addresses into square brackets
2018-08-16 14:12:10 -04:00
4b07e73e5d
refactor lua balancer and fix ipv6 issue
2018-08-16 13:03:41 -04:00
b5bcb93a4b
Merge branch 'master' into xff
2018-08-16 18:15:14 +02:00
9d26a68b17
Add Backends unit tests to configuration_test.lua
2018-08-15 15:59:26 -04:00
3f5af6eecf
Merge pull request #2889 from hnrytrn/dynamic-cert-endpoint
...
Add Lua endpoint to support dynamic certificate serving functionality
2018-08-13 10:49:43 -07:00
bc37ba14e8
dont restrict status page to localhost only
2018-08-08 12:46:12 -04:00
5200a38bd7
Add lua endpoint to handle certificates in dynamic configuration mode
2018-08-07 08:18:34 -04:00
a68820808a
Fix documentation ( #2902 )
2018-08-05 22:30:46 -04:00
7f7f59df79
Merge pull request #2894 from aledbf/authbind
...
Use authbind to bind privileged ports
2018-08-05 08:43:43 -07:00
b148f113ae
Use authbind to bind privileged ports
2018-08-05 11:18:50 -04:00
060704c624
Merge pull request #2682 from aledbf/listen-localhost
...
Use localhost to expose status server
2018-08-04 17:16:56 -07:00
6b2c7e08db
Use localhost to expose status server
2018-08-04 18:57:56 -04:00
b7bcf92480
support configuring multi_accept directive via configmap
2018-08-04 19:20:01 +03:00
1bacf1655e
support custom configuration to main context of nginx config
2018-08-04 00:53:06 +03:00
69a2a27170
Refactor entrypoint to avoid issues with volumes
2018-07-30 16:10:40 -04:00
a2692ce946
fix issues introduced in #2804
2018-07-26 14:23:51 -04:00
ed19dc3bc6
fix custom-error-pages functionality in dynamic mode
2018-07-26 13:36:09 -04:00
d4faf68416
add support for ExternalName service type in dynamic mode
2018-07-25 09:05:47 -04:00
43aabfc813
Merge pull request #2825 from aledbf/update-image
...
Refactoring of how we run as user
2018-07-22 07:11:17 -07:00
fcaf337b30
cleanup lua tests
2018-07-21 22:36:05 -04:00
7210518f80
Remove setcap and use authbind instead
2018-07-21 18:56:28 -04:00
587c2a8765
Escape $request_uri for external auth
2018-07-19 15:22:05 +09:00
29ecae5b64
Merge pull request #2752 from dongqi1990/master
...
use format "range v := iterative object" and "range k, v := iterative object" when the type of iterative object is slice and map in the file nginx.tmpl
2018-07-18 04:34:20 -07:00
50084b1167
use format "range v := iterative object" and "range k, v := iterative
...
object" when the type of iterative object is slice and map in the file nginx.tmpl
2018-07-18 15:02:55 +08:00
1542a12764
Refactor controller metrics interface
2018-07-12 12:46:34 -04:00
8e06afbb45
Allow gzip compress level to be controlled via ConfigMap
2018-07-09 10:30:59 +10:00
479a519630
Use docker to build go binaries
2018-07-06 23:48:40 -04:00
6c8647a27d
Remove prometheus labels with high cardinality
2018-06-25 09:43:56 -04:00
3b25f3438f
Replace more_set_headers directive with more_clear_headers
2018-06-23 10:01:33 -04:00
700a2275d1
Merge pull request #2678 from hnrytrn/refactor-cert
...
Refactor server type to include SSLCert
2018-06-22 12:34:04 -07:00
df76d4b481
Update opentracing configuration ( #2676 )
2018-06-21 18:15:18 -04:00
86def984a3
Merge remote-tracking branch 'origin' into refactor-cert
2018-06-21 11:43:47 -04:00
2751cbf06d
Refactor to add SSLCert as a field in server type
2018-06-21 11:34:29 -04:00
aec40c171f
Improve configuration change detection ( #2656 )
...
* Use information about the configuration configmap to determine changes
* Add hashstructure dependency
* Rename queue functions
* Add test for configmap checksum
2018-06-21 10:50:57 -04:00
fe9a5aec44
Merge pull request #2660 from aledbf/fix-modesecurity
...
Change modsecurity directories
2018-06-20 11:15:05 -07:00
8107e0f659
Change modsecurity directories
2018-06-20 12:04:30 -04:00
cb4755835e
refactor some lua code
2018-06-19 12:46:49 +04:00
c4ec773966
Use a unix socket instead udp for reception of metrics ( #2652 )
2018-06-17 11:04:03 -04:00
fee8704b53
Add support for IPV6 in stream upstream servers ( #2649 )
2018-06-15 10:26:33 -04:00
3cbd2d66bf
Merge pull request #2643 from aledbf/remove-vts
...
Remove VTS from the ingress controller
2018-06-14 23:59:29 -07:00
dfca2a0d8d
Merge pull request #2451 from nusx/set-sticky-path-for-backend
...
fix for #1930 , make sessions sticky, for ingress with multiple rules …
2018-06-14 20:47:28 -07:00
63b38e1c21
Remove VTS from the ingress controller
2018-06-14 11:11:29 -04:00
966e9f5e25
Add monitor lua module
2018-06-13 22:54:31 -04:00
79199dd84c
Run as user dropping privileges
2018-06-12 10:18:36 -04:00
1a320ae289
fix for #1930 , make sessions sticky, for ingress with multiple rules and backends
...
* for an ingress with session affinity cookie, set the location as path on the cookie when unique
* the previous behaviour ( cookie path=/ ) is preserved for ingresses with multiple rules for the same backend (locations not unique)
added e2e tests for session affinity, setting path on sticky config
added tests:
* it should set the path to /something on the generated cookie
* it should set the path to / on the generated cookie if there's more than one rule referring to the same backend
2018-06-11 10:43:13 +02:00
67b253a149
Add use-forwarded-headers configmap option.
2018-06-11 00:06:14 +02:00
02ff8244a2
Add $location_path variable
...
When you define rules in ingress resource, you use path. So it would be
very useful to be able to use the same path in logs.
2018-06-07 13:43:29 +03:00
59aac73785
Add $service_port variable
...
According to TCP/IP (and common sense), $service_name is not enough to
uniquely identify service, we need $service_port for that.
2018-06-07 13:43:20 +03:00
eafb1890d6
Move vars to the very beginning of the location
...
To make it more clear, that you could use $namespace, $ingress_name and
$service_name variables anywhere in location (especialy in lua), move
their definition to the very begining of the location.
2018-06-07 13:43:09 +03:00
3159384480
Use lua-platform-path symlink for all platforms
2018-06-04 18:15:59 -05:00
d4e6c0dfd8
access_log should be off for internal /configuration endpoint
2018-05-31 16:01:54 -04:00
b4e6513fc8
make sure `after_balance` is actually otional
...
add inline comment to make LB algorithm change detection logic clearer
also require port in addition to host
2018-05-28 16:08:53 -04:00
04b7356190
fix ewma.balance and add unit tests for it
2018-05-28 15:51:58 -04:00
da3a87646a
make sure balancer gets deleted when ther is no backend
2018-05-28 15:51:58 -04:00
e9dc275b81
refactor balancer into more testable and extensible interface
2018-05-28 15:51:58 -04:00
b8b5e5bc51
Merge pull request #2548 from Stono/master
...
Implement generate-request-id
2018-05-21 13:55:12 -07:00
206d32a2cd
Implement generate-request-id
...
Fixes https://github.com/kubernetes/ingress-nginx/issues/2546
2018-05-21 08:32:50 +01:00
d434583b53
InfluxDB configuration string template builder helper
...
Signed-off-by: Lorenzo Fontana <lo@linux.com>
2018-05-19 09:22:49 +02:00
93be8db612
Annotations for the InfluxDB Module
...
Signed-off-by: Lorenzo Fontana <lo@linux.com>
2018-05-19 09:22:46 +02:00
e224259e38
Resolves issue with proxy-redirect nginx configuration
...
Resolves an issue where the proxy-redirect annotations were not generating the
correct configuration possibly because of user error. This is done by only
setting the proxy_redirect if both proxy-redirect-from and proxy-redirect-to
have valid values. Also adds the e2e tests.
Fixes #2074
2018-05-17 11:22:31 -05:00
ff3e182350
Add support for grpc_set_header
2018-05-17 08:35:11 -04:00
692ab5e53c
Remove go-bindata
2018-05-17 07:58:50 -04:00
7ac4e1db30
fix bug with lua sticky session implementation and refactor balancer
2018-05-16 21:00:39 -04:00
44ddd8abba
force backend sync when worker starts
2018-05-14 17:08:23 -04:00
992a68de23
upstream-hash-by should override load-balance annotation
2018-05-10 13:47:19 -04:00
6cb28e059c
use roundrobin from lua-resty-balancer library and refactor balancer.lua
2018-05-10 13:47:19 -04:00
51cf184c51
always use x-request-id
2018-04-28 00:31:23 -04:00
2ce9196ecf
upstream-hash-by annotation support for dynamic configuraton mode
2018-04-27 14:28:43 -04:00
c995031ffd
Add annotation to enable rewrite logs in a location
2018-04-27 17:50:14 +02:00
8b6f043fd8
Add buffer configuration to external auth location config
2018-04-26 16:04:12 +02:00
9533aa45cc
Merge pull request #2408 from Shopify/updated-buffered-backends
...
Read backends data even if buffered to temp file
2018-04-24 14:09:02 -07:00
d3d383d1cc
Endpoint Awareness: Read backends data from tmp file as well
...
Actually read from the file
Logs probably shouldn't assume knowledge of implementation detail
Typos
Added integration test, and dynamic update config refactor
Don't force the 8k default
Minimal test case to make the configuration/backends request body write to temp file
Leverage new safe config updating methods, and use 2 replicas instead of 4
Small refactor
Better integration test, addresses other feedback
Update bindata
2018-04-24 15:07:59 -04:00
0d0d33aec9
add balancer unit tests
2018-04-24 12:10:57 -04:00
4f9865529a
Add busted unit testing framework for lua code
2018-04-23 10:46:28 -04:00
8886b8a50e
Add vts-sum-key config flag
2018-04-17 11:39:32 -07:00
c60ed24f4b
Detect if header injected request_id before creating one
2018-04-17 15:49:35 +02:00
1c17962ba0
Add proxy-add-original-uri-header config flag
...
This makes it configurable if a location adds an X-Original-Uri header to the backend request. Default is "true", the current behaviour.
2018-04-16 12:34:26 +02:00
8855460817
Merge pull request #2341 from Shopify/custom-sticky
...
Add session affinity to custom load balancing
2018-04-12 17:22:59 -07:00
4b11fe4d25
Fix nginx template
2018-04-12 15:43:13 -04:00
6ed256dde6
Add session affinity to custom load balancing
2018-04-12 14:21:42 -04:00
4b76ad14bb
Fix buildupstream name to work with dynamic session affinity
2018-04-12 14:01:46 -04:00
1be1f658b4
disable lua for arch s390x and ppc64le
...
LuaJIT is not available for s390x and ppc64le, disable the lua part in nginx.tmpl on these platform.
2018-04-12 08:30:56 +08:00
d6eb44376d
run lua-resty-waf in different modes ( #2317 )
...
* run lua-resty-waf in different modes
* update docs
2018-04-09 09:19:13 -03:00
bad8295a42
extra waf rules per ingress ( #2315 )
...
* extra waf rules per ingress
* document annotation nginx.ingress.kubernetes.io/lua-resty-waf-extra-rules
* regenerate internal/file/bindata.go
2018-04-09 07:14:30 -03:00
16faf309ca
annotation to ignore given list of WAF rulesets ( #2314 )
2018-04-08 22:55:23 -03:00
a6fe800a47
lua-resty-waf controller ( #2304 )
2018-04-08 17:37:13 -03:00
b17ed7b6fd
Configure upload limits for setup of lua load balancer ( #2309 )
2018-04-08 15:47:49 -03:00
1c65320618
Add verification of lua load balancer to health check ( #2308 )
2018-04-08 15:24:37 -03:00
ab8349008a
Improve indentation of generated nginx.conf ( #2296 )
2018-04-05 18:19:30 -03:00
dd2bc91018
Fix HSTS without preload ( #2294 )
2018-04-04 23:17:51 -03:00
e7aa74b5d4
Add NoAuthLocations and default it to "/.well-known/acme-challenge" ( #2243 )
...
* Add NoAuthLocations and default it to "/.well-known/acme-challenge"
* Add e2e tests for no-auth-location
* Improve wording of no-auth-location tests
2018-04-01 21:02:34 -03:00
931e541fb7
Fix bug when auth req is enabled(external authentication) ( #2280 )
...
* set proxy_upstream_name correctly when auth_req module is used
* log a more meaningful message when backend is not found
2018-03-30 14:19:33 -03:00
146db43794
Disable opentracing for nginx internal urls ( #2272 )
2018-03-29 13:47:13 -03:00
c6c219a7d1
clean up tmpl ( #2263 )
...
The nginx.conf generated now is too messy remove some section only useful when dynamic configure enabled and headers only useful for https.
2018-03-29 09:36:00 -03:00
385368990c
Managing a whitelist for _/nginx_status ( #2187 )
...
Signed-off-by: Sylvain Rabot <s.rabot@lectra.com>
2018-03-28 09:27:34 -03:00
liuwei
Henry Tran
k8s-ci-robot
Desmond Ho
Elvin Efendi
Fernando Diaz
Manuel Alejandro de Brito Fontes
Bryan Shelton
Globegitter
Zenara Daley
Markus Padourek
Alan Bover
Pavel Sinkevych
Hui Chen
Vishal Raj
Lei Gong
Derek Perkins
Francisco Mejia
Dario Nieuwenhuis
Tom Reznik
takonomura
dongqi1990
Jason Stangroome
Brian Findlay
Stefan Schwärzler
Dmitry Stolyarov
Paul DeCarlo
Karl Stoney
Lorenzo Fontana
JordanP
Adam Netočný
Andrew Louis
Nick Novitski
Giancarlo Rubio
Bastian Hofmann
oilbeater
Alvaro Aleman
Sylvain Rabot