54b13bd216
Add flag to allow setting a shutdown grace period
2021-01-27 14:09:04 +01:00
d9f613e52a
Merge pull request #6796 from aledbf/default
...
Updates to the custom default SSL certificate must trigger a reload
2021-01-22 07:41:27 -08:00
04e2603ecc
Update PemSHA field for default SSL certificate
2021-01-21 19:15:03 -03:00
56b252e9b7
🐛 return error if tempconfig missing
...
Fmt: gofmt
2021-01-21 22:01:45 +08:00
e0dece48f7
Add Global Rate Limiting support
2021-01-04 17:47:07 -05:00
06cb6696a5
Merge pull request #6692 from andyxning/add_string_split_function_to_template_funcMap
...
add string split function to template funcMap
2020-12-29 05:32:28 -08:00
bbf831afae
add string split function to template funcMap
2020-12-29 13:57:30 +08:00
d9af197e62
Remove dead code
2020-12-27 22:26:51 -03:00
a8728f3d2c
Spelling
2020-12-15 16:10:48 -05:00
fe65e9d22f
Merge pull request #6620 from nic-6443/sticky-session-fix
...
Fix sticky session not set for host in server-alias annotation (#6448 )
2020-12-15 03:47:48 -08:00
44aaa2e367
Fix sticky session not set for host in server-alias annotation ( #6448 )
2020-12-15 11:01:19 +08:00
f9ffa93588
Allow FQDN for ExternalName Service
2020-12-14 20:32:08 +08:00
9c0a39636d
Refactor ingress nginx variables
2020-12-12 08:52:47 -03:00
77234fcde0
Fix nginx ingress variables for definitions with Backend
2020-12-05 14:40:22 -03:00
5df2951948
Fix nginx ingress variables for definitions without hosts
2020-12-04 20:30:55 -03:00
81bf8056da
Disable HTTP/2 in the webhook server
2020-12-04 20:29:36 -03:00
d781d99797
Fixes for gosec
2020-12-04 20:29:07 -03:00
06f53bcf05
feat: allow user to specify the maxmium number of retries in stream block.
2020-12-02 14:54:14 +08:00
e3a3ea8826
Merge pull request #6294 from ianbuss/auth-error-redirect-param
...
Allow customisation of redirect URL parameter in external auth redirects
2020-11-23 01:27:37 -08:00
1389cc0e80
Refactor extraction of ingress pod details
2020-11-19 17:31:28 -03:00
e7d6c3fedc
Update tests
2020-11-12 16:07:21 -03:00
2ca1f92697
Add PathType details in external auth location
2020-11-12 16:07:21 -03:00
3f153add00
Refactor handling of path Prefix and Exact
2020-11-10 07:21:34 -03:00
f49d2fdb3b
Improve class.IsValid logs
2020-11-09 11:01:03 -03:00
a6b6f03b53
Add support for k8s ingress pathtype Prefix
2020-11-02 09:56:49 -05:00
4d65097afa
Improve log messages
2020-10-26 17:14:36 -03:00
a85e53f4cb
Remove k8s.io/kubernetes dependency
2020-10-26 13:04:00 -03:00
d74ea25df8
Add validation for wildcard server names
2020-10-26 10:51:14 -03:00
cdd6437380
Refactor Exact path matthing
2020-10-26 10:51:03 -03:00
703c2d6f8e
Enable validation of ingress definitions from extensions package
2020-10-26 10:50:44 -03:00
a6d603566b
Merge pull request #6325 from sylr/filter-helm-secrets
...
Filter out secrets that belong to Helm v3
2020-10-13 11:46:27 -07:00
ca7db0e330
Filter out secrets that belong to Helm
...
Signed-off-by: Sylvain Rabot <sylvain@abstraction.fr>
2020-10-13 17:45:26 +02:00
57b10f5693
Add datadog environment as a configuration option
...
(cherry picked from commit 4306558baa595606cd6befff08c8c815d6fe2bd4)
2020-10-12 13:52:15 -07:00
41cf628bdf
Add a configurable URL redirect parameter for error URLs
2020-10-08 12:53:46 +01:00
8d45bb39a4
Merge pull request #5348 from Antiarchitect/stream-log-annotations
...
Ability to separately disable access log in http and stream contexts
2020-09-28 11:02:53 -07:00
108637bb1c
Migrate to structured logging (klog)
2020-09-27 18:59:57 -03:00
a767b1d906
Cleanup
2020-09-27 17:16:09 -03:00
29ea30a4e8
Add events for NGINX reloads
2020-09-27 17:16:09 -03:00
7722fa38aa
Add admission controller e2e test
2020-09-26 16:06:58 -03:00
a990ac3910
Change defaults
2020-09-24 21:33:56 -03:00
e050ff1b9f
disable session tickets by default
2020-09-18 00:08:00 -04:00
87aa96b468
Change server-tokens default value to false
2020-09-17 09:52:07 -03:00
e659efbfdb
Use dynamic load of modules
2020-09-10 11:39:35 -03:00
9612180f6e
reject annotations with default prefix in the case of an override
2020-09-10 09:16:44 -04:00
b26ebb0050
Update default gzip level
2020-09-08 17:23:47 -03:00
d13fdf01f6
Update zipkin library location
2020-09-08 16:20:03 -03:00
0925f20d05
Refactor load of tracer load
2020-09-08 16:20:03 -03:00
8abe794178
Use net.JoinHostPort to avoid IPV6 issues
2020-09-02 22:58:51 -04:00
b1f0d28634
Require Kubernetes v1.14 or higher and deprecate extensions
2020-09-02 10:00:16 -04:00
a981862ff2
Fix nginx command env variable reference
2020-08-09 12:06:11 -04:00
cb86c5698c
Migrate to klog v2
2020-08-08 21:01:03 -04:00
f3537204d2
Adding Zipkin collector to the E2E opentracing test as it is required to load at least one tracer to enable opentracing
...
Work on PR comments
Add tests for template builder
Signed-off-by: Bernard Van De Walle <bernard.vandewalle@getcruise.com>
2020-07-23 15:25:50 -07:00
2baca9e32a
Merge branch 'add-opentracing-operation-name-settings' of https://github.com/JorritSalverda/ingress-nginx into add-opentracing-operation-name-settings
2020-07-23 11:42:44 -07:00
e825af86e1
Merge pull request #5887 from dschwar/force-use-forwarded-for
...
Add force-enable-realip-module
2020-07-17 07:17:02 -07:00
d52141c2b9
Add enable-real-ip
2020-07-15 15:25:29 -04:00
dc3876666b
Revert "use-regex annotation should be applied to only one Location"
...
This reverts commit a8a8b5f6e9
2020-07-15 11:20:47 -04:00
e4c4edd626
Custom default backend service must have ports
2020-07-07 08:49:13 -04:00
a8a8b5f6e9
use-regex annotation should be applied to only one Location
2020-07-06 19:29:39 -04:00
38447408e1
Remove redundant health check to avoid liveness or readiness timeout
2020-07-01 10:53:31 +08:00
14acc186f0
Update comment about restart of pod
2020-06-24 11:35:37 -04:00
d3832915e1
Merge pull request #5743 from kulong0105/master
...
build/dev-env.sh: remove docker version check
2020-06-23 14:39:17 -07:00
714637bec5
build/dev-env.sh: remove docker version check
...
docker experimental feature is unnecessary, so just remove it
2020-06-23 15:37:41 +08:00
803a76cf8a
Merge pull request #5749 from Bo0km4n/feat-configurable-max-batch-size
...
[Fix/metrics] Be configurable max batch size of metrics
2020-06-22 22:07:40 -07:00
f232a264ab
Add default-type as a configurable for default_type
2020-06-21 11:10:51 +08:00
7ab0916c92
Resolve conflicts
2020-06-20 17:13:31 +09:00
53a6b0fd3b
Configurable metrics max batch size
2020-06-20 15:58:14 +09:00
c9cb3dd626
Filter out objects that belong to Helm
...
Signed-off-by: Sylvain Rabot <sylvain@abstraction.fr>
2020-06-11 19:18:56 +02:00
3d3efaab29
Fix proxy_protocol duplication in listen definition
2020-06-09 15:00:59 -04:00
fc1c043437
Add http-access-log-path and stream-access-log-path options in configMap
2020-06-05 01:27:26 +08:00
ea85404acd
Do not reload NGINX if master process dies
2020-06-01 16:00:29 -04:00
ee02d897d5
Merge pull request #5534 from agile6v/master
...
Add annotation ssl-prefer-server-ciphers.
2020-05-29 08:35:16 -07:00
bced1ed8b8
Ability to separately disable access log in http and stream contexts
...
Two new configuration options:
`disable-http-access-log`
`disable-stream-access-log`
Should resolve issue with enormous amount of `TCP 200` useless entries in logs
Signed-off-by: Andrey Voronkov <voronkovaa@gmail.com>
2020-05-13 21:23:37 +03:00
46cca5ad40
Fix error setting $service_name NGINX variable
2020-05-13 10:01:41 -04:00
41d82005ec
Add annotation ssl-prefer-server-ciphers.
2020-05-11 16:31:08 +08:00
639a8c7871
Enable TLSv1.3 by default
...
Fix for 049b25e566
2020-05-08 12:40:11 +02:00
a8c7ec6cfb
Changes on services must trigger a sync event
2020-04-29 13:37:39 -04:00
af910a16d4
Refactor ingress validation in webhook
2020-04-28 18:35:03 -04:00
c775b439dc
Case-insensitive TLS host matching
2020-04-28 11:07:43 +02:00
dbaefc8ee9
Ensure webhook validation ingress has a PathTypePrefix
2020-04-27 10:37:26 -04:00
a95d850384
Add support for PathTypeExact
2020-04-23 11:12:37 -04:00
efbb3f9fc8
Add support for IngressClass and ingress.class annotation
2020-04-22 09:15:32 -04:00
ecc20461aa
Removed wrong code
2020-04-20 12:30:18 -04:00
5b8d4baf5c
Merge pull request #5388 from rvillablanca/rm-todos
...
Remove TODO that were done
2020-04-17 19:59:35 -07:00
d18fa90cfd
Add e2e test for OCSP and new configmap setting
2020-04-17 12:53:47 -04:00
dc1adaec6b
Remove TODO that were done
2020-04-17 03:37:37 -04:00
1dab12fb81
Lua OCSP stapling
2020-04-16 21:29:16 -04:00
ad04fbe8b5
Cleanup parsing of annotations with lists
2020-04-13 17:02:31 -04:00
c0db19b0ec
Enable configuration of plugins using configmap
2020-04-13 11:38:42 -04:00
ae88a7d2a8
remove unused test and function
2020-04-08 19:37:23 +03:00
01351a6bf8
remove unused test and function
2020-04-08 19:37:15 +03:00
5390ce4879
Fix definition order of modsecurity directives
2020-04-03 10:53:20 -03:00
51f0ef052b
Set new default PathType to prefix
2020-04-01 10:05:48 -03:00
1216ed03f7
Fix condition in server-alias annotation
2020-04-01 08:37:14 -03:00
04ef782c57
Migrate ingress.class annotation to new IngressClassName field
2020-03-31 12:20:01 -03:00
a46126a034
Update client-go methods to support context and and new create and delete options
2020-03-27 19:52:51 -03:00
380ef3a92c
Fix the ability to disable ModSecurity at location level
...
- Adds 'modsecurity off;' to the nginx config if the
'enable-modsecurity' annotation is set to false.
- Update tests and e2e tests accordingly
Signed-off-by: Bhavin Gandhi <bhavin7392@gmail.com>
2020-03-22 23:51:02 +05:30
78576a9bbc
Add Maxmind Editions support
2020-03-19 19:36:10 +07:00
96327b12cd
Fix $service_name and $service_port variables values without host ( #5226 )
2020-03-07 23:06:03 -03:00
ad460e16ce
Avoid secret without tls.crt and tls.key but a valid ca.crt ( #5225 )
2020-03-07 21:15:24 -03:00
ed30be05bc
Fix quote function in template to render pointers properly
2020-03-05 16:45:27 +04:00
35264d6e8f
Merge pull request #5114 from whalecold/match
...
Feat: add header-pattern annotation.
2020-02-24 17:07:36 -08:00
6cd223558f
Merge pull request #4981 from janosi/proxy-ssl-scope
...
Applying proxy-ssl-* directives on locations only
2020-02-24 15:53:36 -08:00
07686f894a
Check there is a difference in the template besides the checksum ( #5151 )
2020-02-21 16:41:03 -03:00
c5db20ace4
Update default VariablesHashBucketSize value to 256 ( #5150 )
2020-02-21 16:01:33 -03:00
cd94ac7f84
Allow service type ExternalName with different port and targetPort ( #5141 )
2020-02-20 23:06:05 -03:00
0b33650bb8
Feat: canary supports using specific match strategy to match header value.
2020-02-21 10:02:20 +08:00
37c24b0df5
Migration e2e installation to helm ( #5086 )
2020-02-16 11:58:37 -03:00
d48d5a61ae
Add gzip-min-length as a configurable
2020-02-14 13:29:51 +07:00
42ec2cc0ed
Change the handling of ConfigMap creation
...
When a new CM is created Ingress definitions are checked for reference to the new CM an Ingress sync is triggered if such reference is found.
2020-02-11 11:00:48 +01:00
46a3e0a6fd
Fix X-Forwarded-Proto based on proxy-protocol server port
2020-02-10 18:08:34 +03:00
d0423c6d4f
Update code to use pault.ag/go/sniff package ( #5038 )
...
* Update code to use pault.ag/go/sniff package
* Update go dependencies
2020-02-07 12:27:43 -03:00
b3146354d4
Refactor mirror feature
2020-02-05 10:39:55 -03:00
b9e944a8a6
Move mod-security logic from template to go code ( #5009 )
2020-02-04 14:04:11 -03:00
54c30b91c9
Fix server aliases ( #5003 )
2020-02-02 19:08:55 -03:00
5d6f09fbcd
Calculation algorithm for server_names_hash_bucket_size should consider annotations ( #4993 )
2020-01-31 13:01:28 -03:00
1b523390bb
Add SameSite=None support and conditionally omit SameSite=None for backwards compatibility
2020-01-29 14:30:00 -07:00
5d05e19cc3
Fix enable opentracing per location ( #4983 )
2020-01-29 12:20:05 -03:00
ced67e53a1
New logic: proxy-ssl parameters can be applied on locations only
...
Add: new parameter in the ConfigMap to control whether the proxy-ssl parameters of an Ingress should be applied on server and location levels, or only on location level
Add: logic in the config handling to work according to the new ConfigMap parameter
Add: unit test case
2020-01-29 10:00:55 +01:00
d9983cb387
Fix spell errors
2020-01-27 00:01:13 -03:00
7ff49b25d6
Move opentracing configuration for location to go ( #4965 )
2020-01-25 21:39:20 -03:00
66ef05849f
Refactor how to handle sigterm and nginx process goroutine ( #4959 )
2020-01-25 14:52:31 -03:00
c8015c7734
Update nginx image, use docker buildx and remove qemu ( #4923 )
...
* Update nginx image, use docker buildx and remove qemu
* Update e2e image
2020-01-14 20:52:57 -03:00
74944b99e9
Enable download of GeoLite2 databases ( #4896 )
2020-01-08 19:46:43 -03:00
d7be5db7de
Support sample rate and global sampling configuration for Datadog in ConfigMap
2020-01-07 16:59:59 -08:00
5f6c4cff3e
Add help task ( #4891 )
...
* Add help task
* Fix vet errors
2020-01-07 10:53:12 -03:00
b30115aba7
Merge pull request #4862 from aledbf/update-nginx-image
...
Update nginx image
2020-01-04 15:51:23 -03:00
fbdd924a45
Update nginx image
2020-01-04 13:23:16 -03:00
965ecd4b15
Default backend protocol only supports http ( #4870 )
2020-01-04 11:09:00 -03:00
a0523c3c8a
Use a named location for authSignURL ( #4859 )
2019-12-24 22:50:25 -03:00
facf841992
Return specific type ( #4840 )
2019-12-17 12:06:17 -03:00
5c30820d1f
Remove hard-coded annotation and don't use map pointers
2019-12-13 03:05:20 -03:00
be1907142b
Merge pull request #4823 from aledbf/go-modules
...
Update go dependencies to v1.17.0
2019-12-12 11:40:32 -08:00
fe2ae8a1ec
Check the configmap is valid
2019-12-10 22:45:02 -03:00
d5e197c3e2
Merge pull request #4816 from kdomanski/fix-ssl-redirect
...
apply default certificate again in cases of invalid or incomplete cert config
2019-12-10 17:40:05 -08:00
5c8522cdab
apply default certificate again in cases of invalid or incomplete cert config
...
Signed-off-by: Kamil Domański <kamil@domanski.co>
2019-12-06 12:15:52 +01:00
cfccc2acc0
Update default SSL ciphers
2019-12-05 19:34:53 -03:00
19d596b72b
Allow custom CA certificate when flag --api-server is specified ( #4807 )
2019-12-05 19:12:54 -03:00
a85d5ed93a
Merge pull request #4779 from aledbf/update-image
...
Remove lua-resty-waf feature
2019-11-27 11:45:05 -08:00
b286c2a336
Merge pull request #4732 from willthames/enable-opentracing-annotation
...
Allow enabling/disabling opentracing for ingresses
2019-11-26 17:31:21 -08:00
0ae463a5f3
Provide annotation to control opentracing
...
By default you might want opentracing off, but on for a particular
ingress.
Similarly, you might want opentracing globally on, but disabled for
a specific endpoint. To achieve this, `opentracing_propagate_context`
cannot be set when combined with `opentracing off`
A new annotation, `enable-opentracing` allows more fine grained control
of opentracing for specific ingresses.
2019-11-27 11:07:26 +10:00
61d902db14
Remove Lua resty waf feature
2019-11-26 10:37:43 -03:00
62518b60b4
Merge pull request #4689 from janosi/upstream_ssl
...
Server-only authentication of backends and per-location SSL config
2019-11-18 19:49:43 -08:00
0d244e1c41
Merge pull request #4730 from stamm/master
...
add configuration for http2_max_concurrent_streams
2019-11-08 07:12:29 -08:00
a0dc3a9a51
Merge pull request #4695 from janosi/secure-verify-ca-secret
...
Removing secure-verify-ca-secret support
2019-11-08 07:12:21 -08:00
f808f955ee
Merge pull request #4664 from bryanhanner/master
...
warn when ConfigMap is missing or not parsable instead of erroring
2019-11-08 07:12:14 -08:00
d9cfad1894
add configuration for http2_max_concurrent_streams
2019-10-31 15:13:38 +03:00
cc84bd4ab6
Server level proxy_ssl parameters are applied again, following the comments received.
...
Also writing tls.crt and tls.key to disk is according to the original code.
2019-10-26 20:20:18 +02:00
31227d61c2
Removing secure-verify-ca-secret support and writing an error log if that annotation is used in an Ingress definition
2019-10-18 10:58:57 +02:00
6aa48def3a
add remote_addr in layer 4 access log
...
original:
[18/Oct/2019:00:47:53 +0000] TCP 200 4333 81 0.002
new:
[10.6.124.202] [18/Oct/2019:01:05:15 +0000] TCP 200 4333 81 0.002
2019-10-18 09:21:01 +08:00
37fe9c9876
Enabling per-location proxy-ssl parameters, so locations of the same server but with own unique Ingress definitions can have different SSL configs
2019-10-17 10:15:53 +02:00
Björn Carlsson
Kubernetes Prow Robot
Manuel Alejandro de Brito Fontes
cormick
Elvin Efendi
andyxning
Josh Soref
qianyong
agile6v
Sylvain Rabot
Aditya Purandare
Ian Buss
Matthew Silverman
Bernard Van De Walle
David Schwartz
Yilong Ren
mengqi.wmq
Bo0km4n
Andrey Voronkov
Mark Janssen
Andreas Sommer
Rodrigo Villablanca
Artem Miroshnychenko
Bhavin Gandhi
Maxim Pogozhiy
m.nabokikh
Lisheng Zheng
Daniel Arifin
Laszlo Janosi
Ilya Nemakov
Brian Kopp
Sungmin Lee
Kamil Domański
Will Thames
Rustam Zagirov
Peter Pan