05c889335d
post data to Lua only if it changes
2019-08-15 17:21:34 -04:00
80bd481abb
Only support SSL dynamic mode
2019-08-13 17:33:34 -04:00
171da635ef
Remove invalid log "Failed to executing diff command: exit status 1"
2019-08-08 12:53:23 -04:00
3d7a09347d
Apply fixes suggested by staticcheck
2019-07-08 16:18:52 -04:00
8807db9748
Check and complete intermediate SSL certificates
2019-07-04 19:13:21 -04:00
ccd88f625c
Refactor metric prometheus leader helper
2019-06-29 17:44:53 -04:00
8ca5c1cba9
Do not send empty certificates to nginx
2019-06-25 08:15:28 -04:00
c4ced9d694
fix source file mods
2019-06-06 10:47:08 -04:00
3e3e29b78f
Merge pull request #4102 from aledbf/listingresses
...
Refactor ListIngresses to add filters
2019-05-22 06:48:14 -07:00
bae49a4657
Refactor ListIngresses to add filters
2019-05-22 05:37:44 -04:00
31ffad8fa1
UPT: Add variable to define custom sampler host and port, add commituser
2019-05-21 12:34:38 +08:00
8cc9afe8ee
Added Global External Authentication settings to configmap parameters incl. addons
2019-05-03 12:08:16 +02:00
1cd17cd12c
Implement a validation webhook
...
In case some ingress have a syntax error in the snippet configuration,
the freshly generated configuration will not be reloaded to prevent tearing down existing rules.
Although, once inserted, this configuration is preventing from any other valid configuration to be inserted as it remains in the ingresses of the cluster.
To solve this problem, implement an optional validation webhook that simulates the addition of the ingress to be added together with the rest of ingresses.
In case the generated configuration is not validated by nginx, deny the insertion of the ingress.
In case certificates are mounted using kubernetes secrets, when those
changes, keys are automatically updated in the container volume, and the
controller reloads it using the filewatcher.
Related changes:
- Update vendors
- Extract useful functions to check configuration with an additional ingress
- Update documentation for validating webhook
- Add validating webhook examples
- Add a metric for each syntax check success and errors
- Add more certificate generation examples
2019-04-18 19:07:04 +02:00
f6beef960d
Fix segfault on reference to nonexistent configmap
2019-04-02 16:39:42 -04:00
3ec1028d0b
Fix dynamic SSL certificate for aliases and redirect-from-to-www
2019-03-28 16:29:11 -03:00
f4e4335d8c
Only the leader updates metrics for SSL certificate expiration
2019-03-12 12:08:24 -03:00
20a89480f0
Use full election leader ID
2019-03-11 13:11:27 -03:00
7c717cabcf
Add promehteus metric about leader election status
2019-03-11 13:11:27 -03:00
0a39425e8f
Refactor status update
2019-03-11 13:11:26 -03:00
d898169484
Fix ssl-dh-param issue when secret does not exit
2019-03-05 16:31:33 -03:00
24993f359f
- remove annoations in nginxcontroller struct
2019-02-21 19:14:11 +08:00
784d57ea69
Merge pull request #3695 from yowenter/patch-1
...
> Don't reload nginx when L4 endpoints changed
2019-02-19 11:27:11 -08:00
b03049c0af
> Don't reload nginx when L4 service pods changed
...
Since we use lua upstream for L4 service balancer. We don't need reload nginx when L4 service pod changed.
2019-02-19 14:31:45 +08:00
a29c27ed4c
Datadog Opentracing support - part 2
...
This commit is part 2 of 2, adding configuration of the
Datadog Opentracing module to the controller.
Fixes half of #3752
2019-02-15 15:20:10 -05:00
adc128711b
delete confusing CustomErrors attribute to make things more explicit
2019-02-13 22:41:02 -05:00
fc5e99a151
Parse environment variables in OpenTracing configuration
2019-02-10 16:59:05 +01:00
ef7d7cf7d1
Merge pull request #3667 from Shopify/fix-worker-connection-calculation
...
worker_connections should be less (3/4th) than worker_rlimit_nofile
2019-02-06 15:11:20 -08:00
34b0580225
Replace Status port using a socket
2019-02-06 18:00:10 -03:00
638f965a8f
worker_connections should be less than worker_rlimit_nofile
2019-02-02 22:30:36 -05:00
bdf6e47004
rename sysctlFSFileMax to rlimitMaxNumFiles to reflect what it actually does
2019-01-15 15:34:17 -05:00
a3bcbeb3d2
Add support for redirect https to https when from-to-www-redirect is defined
2019-01-10 20:59:49 -03:00
8f57f9578d
Merge pull request #3586 from Shopify/disable-catch-all
...
Add --disable-catch-all option to disable catch-all server
2019-01-07 07:16:26 -08:00
c830a73255
Remove temporal configuration file after a while
2019-01-04 16:11:38 -03:00
f005d4c3ec
L4 config - Only send `Service.Spec` instead of entire `Service`.
2019-01-02 09:32:57 -08:00
f0173f0822
Pass k8s `Service` data through to the TCP balancer script.
...
Fixes broken L4 ExternalName services.
Details
---------
The `tcp_udp_balancer.lua` script checks if the property
`backend.service.spec["type"]` equals "ExternalName". If so,
the script does a DNS lookup on the name in order to configure
the backend configuration.
However, before this commit, the k8s `Service` data was
_not_ set on the `Backend` struct passed into the `tcp_udp_balancer.lua`
script and therefore the ExternalName check always returned false.
This commit fixes the issue by setting the `Service` field on
the `Backend` struct. This also requires adding a new field to the
`L4Backend` struct first, so that it's available to set on the `Backend`.
2019-01-01 20:50:41 -08:00
bf7b5ebd81
Add an option to automatically set worker_connections based on worker_rlimit_nofile
2018-12-27 18:36:19 +01:00
1678d99a03
Add --disable-catch-all option to disable catch-all server
2018-12-21 13:22:26 -05:00
ee3a8fe581
Merge pull request #3505 from Shopify/watch-pod-lua
...
Update lua configuration_data when number of controller pod change
2018-12-17 00:10:30 -08:00
f90881b367
Update lua configuration_data when number of controller pod change
2018-12-14 13:34:54 -05:00
d22146f3b0
handle_error_when_executing_diff
...
Signed-off-by: Guihua Zhu <zhuguihua@cmss.chinamobile.com>
2018-12-12 13:49:17 +08:00
2fa55eabf6
Replace glog with klog
2018-12-05 13:27:55 -03:00
06d33c16b5
Allow to disable NGINX metrics
2018-12-05 10:14:35 -03:00
b6b221aebb
Watch controller Pods list
2018-11-26 15:35:31 -05:00
af2dce901d
Fix tests
2018-11-18 08:17:18 -03:00
654eceda46
Add tcp e2e test
2018-11-16 21:07:52 -03:00
168f30d1ec
Revert removal of support for TCP and UDP services
2018-11-16 13:48:47 -03:00
2850fb538a
fix logging calls
2018-11-13 16:02:27 +08:00
17cad51e47
Merge pull request #3341 from Shopify/canary_upstream
...
Add canary annotation and alternative backends for traffic shaping
2018-11-06 12:22:16 -08:00
412cd70d3a
implement canary annotation and alternative backends
...
Adds the ability to create alternative backends. Alternative backends enable
traffic shaping by sharing a single location but routing to different
backends depending on the TrafficShapingPolicy defined by AlternativeBackends.
When the list of upstreams and servers are retrieved, we then call
mergeAlternativeBackends which iterates through the paths of every ingress
and checks if the backend supporting the path is a AlternativeBackend. If
so, we then iterate through the map of servers and find the real backend
that the AlternativeBackend should fall under. Once found, the
AlternativeBackend is embedded in the list of VirtualBackends for the real
backend.
If no matching real backend for a AlternativeBackend is found, then the
AlternativeBackend is deleted as it cannot be backed by any server.
2018-11-06 13:13:14 -05:00
71ebe1cba5
Code linting
2018-10-30 20:46:48 -03:00
fed013ab6f
Fix status update in case of connection errors
2018-10-29 13:01:41 -03:00
4a71111d4c
Fix usages of %q formatting for numbers (%d)
...
This caused logs like "Adjusting ServerNameHashBucketSize variable to '@'"
2018-10-23 18:21:16 +03:00
4c46ee95c9
Update leader election methods
2018-10-10 21:46:45 -03:00
74c2f93de6
Only support dynamic configuration
2018-10-09 22:05:45 -03:00
78f12c25c5
delete upstream healthcheck annotation
2018-10-09 09:14:13 -04:00
859b298d42
Remove annotations grpc-backend and secure-backend already deprecated
2018-10-08 12:26:06 -03:00
44bdc7eb59
Remove support for TCP and UDP services
2018-10-07 10:53:37 -03:00
a7c2633e4e
remove payload from log ( #3135 )
2018-09-26 12:09:14 -03:00
10de8cac56
Log Errors Missing in Internal
...
Adds a few missing errors and fix formatting for others.
Fixes #3013
2018-08-30 15:02:42 -05:00
db947e344e
Fix formatting args
2018-08-25 12:18:28 -03:00
cbf041fc3e
Add Lua module to serve SSL Certificates dynamically
2018-08-23 22:15:54 -04:00
7faf089082
Add dynamic certificate feature to controller
2018-08-16 20:19:33 -04:00
b148f113ae
Use authbind to bind privileged ports
2018-08-05 11:18:50 -04:00
d4faf68416
add support for ExternalName service type in dynamic mode
2018-07-25 09:05:47 -04:00
1542a12764
Refactor controller metrics interface
2018-07-12 12:46:34 -04:00
bc53d1eb74
Sample rate configmap option for zipkin in nginx-opentracing
2018-06-28 18:13:31 +03:00
130866b51c
Proofreading
2018-06-25 00:04:43 +02:00
df76d4b481
Update opentracing configuration ( #2676 )
2018-06-21 18:15:18 -04:00
aec40c171f
Improve configuration change detection ( #2656 )
...
* Use information about the configuration configmap to determine changes
* Add hashstructure dependency
* Rename queue functions
* Add test for configmap checksum
2018-06-21 10:50:57 -04:00
f782929eb5
Remove dummy file watcher
2018-06-16 18:49:08 -04:00
2cd2da7c3f
Create UDP collector that listens to UDP messages from monitor.lua and exposes them on /metrics endpoint
2018-06-13 21:31:51 -04:00
47bea35492
Clarify log messages in controller pkg
2018-06-13 21:27:43 +02:00
7ded31d7a8
Create file permission constants
2018-06-12 11:06:14 -04:00
d637a9b978
Configurable Proxy Protocol header timeout for TLS passthrough
2018-06-03 20:10:41 -05:00
cfc7cbc824
Change TrimLeft for TrimPrefix on the from-to-www redirect
2018-05-07 13:29:04 +02:00
c6728aa8fa
Clean JSON before post request to update configuration
2018-04-26 15:27:27 -03:00
9bf553559c
Apply gometalinter suggestions
2018-04-25 18:53:49 -03:00
1be1f658b4
disable lua for arch s390x and ppc64le
...
LuaJIT is not available for s390x and ppc64le, disable the lua part in nginx.tmpl on these platform.
2018-04-12 08:30:56 +08:00
ee46f486c7
e2e tests for dynamic configuration and Lua features and a bug fix ( #2254 )
...
* e2e tests for dynamic configuration and Lua features
* do not rely on force reload to dynamically configure when reload is needed
* fix misspelling
* skip dynamic configuration in the first template rendering
* dont error on first sync
2018-04-01 17:09:27 -03:00
385368990c
Managing a whitelist for _/nginx_status ( #2187 )
...
Signed-off-by: Sylvain Rabot <s.rabot@lectra.com>
2018-03-28 09:27:34 -03:00
4b9cb90f30
Correct typo ( #2238 )
...
* correct spelling
* correct typo
2018-03-22 08:14:06 -03:00
2b5d4d7928
clean backends data before sending to Lua endpoint ( #2233 )
2018-03-21 23:47:39 -03:00
c90a4e811e
Live Nginx (re)configuration without reloading ( #2174 )
2018-03-18 10:13:41 -03:00
f6b8506b17
change nginx process pgid ( #2181 )
...
put restarted nginx process in another process group, just like the normal nginx start did in https://github.com/kubernetes/ingress-nginx/blob/master/internal/ingress/controller/nginx.go#L289
2018-03-08 06:58:54 -08:00
38b35c292e
use the correct error channel ( #2164 )
2018-03-03 09:23:06 -03:00
56036ddc57
Add publish-status-address flag ( #2148 )
...
* Add publish-status-address flag
If this flag is set, status of ingress resources will be updated
with this address.
* Address aledbf's comment
2018-02-27 00:02:19 -03:00
f26c881e3f
Updated log level to v2 for sysctlFSFileMax. ( #2137 )
...
This is very importatnt log for trouble-shooting, we should update
it to v2 by default.
2018-02-23 13:11:54 -03:00
0990c5b6ad
Migrate to codecov.io ( #2120 )
...
* Migrate to codecov.io
* Fix data race
* Update nginx to 1.13.9
2018-02-20 08:27:02 -08:00
d1b6f32981
Enabled the dynamic reload of GeoIP data ( #2107 )
...
* Moved geoip data into its own folder so it can be volume mounted
* Added FS watches for the geoip data
* Fixed single quotes issue (interpolation)
* Fixed gofmt errors
* Updated to directory crawl
2018-02-17 12:24:50 -08:00
9bcb5b08ea
Use a ring channel to avoid blocking write of events ( #2082 )
...
* Use a ring channel to avoid blocking write of events
* Add eapache/channels dependency
2018-02-13 17:46:18 -08:00
e34afc0fa4
The maximum number of open file descriptors should be maxOpenFiles. ( #2031 )
2018-02-02 21:05:01 -08:00
444a56c001
Fix chain completion and default certificate flag issues ( #1978 )
2018-01-25 10:46:20 -03:00
12ec0475c0
Fix SSL passthrough
2018-01-23 19:34:33 -03:00
0287024598
Add event for configmap update
2018-01-18 20:04:40 -03:00
e9a00ff916
Refactoring of kubernetes informers and local caches
2018-01-18 16:14:54 -03:00
a09527cf6d
Fix data race updating ingress status ( #1872 )
2018-01-02 17:43:25 -03:00
da829748ec
Fix SSL Passthrough template issue and custom ports in redirect to HTTPS ( #1870 )
2018-01-02 14:48:42 -03:00
0561ea8b87
Add control of the configuration refresh interval
2017-12-05 22:17:38 +01:00
f7e910e960
Fix ingress.class annotation
2017-11-28 19:27:38 -03:00
3526785b96
Fix reference to removed lister
2017-11-27 19:22:59 -03:00
Elvin Efendi
Manuel Alejandro de Brito Fontes
Kubernetes Prow Robot
reynaldi.wijaya
okryvoshapka-connyun
Thibault Jamet
Alex Kursell
Taoge
TaoGe
Alan J Castonguay
Sebastiaan Tammer
Kevin Pullin
ramnes
Maxime Ginters
Guihua Zhu
mikeweiwei
Conor Landry
Aarni Koskela
Zenara Daley
Fernando Diaz
Henry Tran
Andrii Kostenko
Antoine Cotten
Francisco Mejia
Jason Roberts
Niels Lensink
oilbeater
Sylvain Rabot
fqsghostcloud
Qiu Jian
Guang Ya Liu
Karl Stoney
Max Laverse