kubernetes
/
ingress-nginx
mirror of https://github.com/kubernetes/ingress-nginx.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
4,303 Commits 4 Branches 245 Tags 173 MiB
Commit Graph

405 Commits

Author SHA1 Message Date
Kubernetes Prow Robot adef152db8
Merge pull request #4379 from diazjf/mirror 
Allow Requests to be Mirrored to different backends
 2019-08-13 17:52:24 -07:00
Elvin Efendi d46b4148fa Lua /etc/resolv.conf parser and some refactoring 2019-08-13 18:34:54 -04:00
Manuel Alejandro de Brito Fontes 2ed75b3362
Move listen logic to go 2019-08-13 14:52:25 -04:00
Mathieu Naouache 4d97240d88
Add timezone value into $geoip2_time_zone variable 2019-08-11 14:26:48 +02:00
Pierrick Charron f459515d0d Add quote function in template 
Co-authored-by: Charle Demers <charle.demers@gmail.com>
 2019-08-09 15:47:29 -04:00
Kubernetes Prow Robot 8c472190d1
Merge pull request #4086 from jeroen92/issue-4038 
Resolve #4038, move X-Forwarded-Port variable to the location context
 2019-08-09 08:07:25 -07:00
Manuel Alejandro de Brito Fontes 4a9b02bc03
Remove dynamic TLS records 2019-08-08 15:52:56 -04:00
tals a2e667c082 lua shared dict from cm 
lua shared dict teml test and update func sign

lua shared dict cm test

lua shared dict integration test

lua shared dict add cm parsing

lua shared dict change test header
 2019-08-08 12:44:11 +03:00
Jeroen Schutrup 8dd912114e
Move X-Forwarded-Port variable to the location context 
Resolves issue #4038 where the X-Forwarded-Port header would be set to the value of the https listening port if all of the following settings were satisfied:
- The ingress controller was started with a non-default HTTPS port set with the `--https-port` argument
- An ingress is created having:
  - the `nginx.ingress.kubernetes.io/auth-url` annotation set
  - TLS enabled

This commit solves this issue by moving the setting of the `pass_server_port` variable from the server, one level down to the location context.
 2019-08-06 17:00:58 +02:00
Fernando Diaz 386486e969 Allow Requests to be Mirrored to different backends 
Add a feature which allows traffic to be mirrored to
additional backends. This is useful for testing how
requests will behave on different "test" backends.

See https://nginx.org/en/docs/http/ngx_http_mirror_module.html
 2019-08-01 11:53:58 -05:00
Kubernetes Prow Robot c8a3710fb8
Merge pull request #4344 from Nuglif/fastcgi-backend-support 
Add FastCGI backend support (#2982)
 2019-07-31 11:20:14 -07:00
Charle Demers 72271e9313
FastCGI backend support (#2982) 
Co-authored-by: Pierrick Charron <pierrick@adoy.net>
 2019-07-31 10:39:21 -04:00
Elvin Efendi 8f5fa78e1a regression test 2019-07-26 10:18:31 -04:00
Elvin Efendi 6f7b66fc7d memoize balancer for a request 2019-07-26 09:35:58 -04:00
Kubernetes Prow Robot 589c9a20f9
Merge pull request #4278 from moolen/feat/auth-req-cache 
feat: auth-req caching
 2019-07-17 12:06:12 -07:00
Moritz Johner 23504db770 feat: auth-req caching 
add a way to configure the `proxy_cache_*` [1] directive for external-auth.
The user-defined cache_key may contain sensitive information
(e.g. Authorization header).
We want to store *only* a hash of that key, not the key itself on disk.

[1] http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cache_key

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
 2019-07-17 18:39:04 +02:00
Elvin Efendi b424ad2681 avoid warning during lua unit test 2019-07-11 18:24:13 -04:00
Kubernetes Prow Robot fe6c086580
Merge pull request #4288 from eshicks4/proxy-http-version-annotation 
added proxy-http-version annotation to override the HTTP/1.1 default …
 2019-07-11 11:43:07 -07:00
Manuel Alejandro de Brito Fontes 1e07cc6933
Disable access log in stream section for configuration socket 2019-07-10 13:42:13 -04:00
E. Stuart Hicks 3b0c523e49 added proxy-http-version annotation to override the HTTP/1.1 default connection type to reverse proxy backends 2019-07-08 14:32:00 -04:00
Elvin Efendi 97d3a0ddab fix lua lints 2019-07-08 13:51:24 -04:00
Kubernetes Prow Robot 7c297e001a
Merge pull request #4246 from ElvinEfendi/proxy-alternative-upstream-name 
introduce proxy_alternative_upstream_name Nginx var
 2019-07-04 19:20:35 -07:00
Elvin Efendi 8b208cac93 introduce proxy_alternative_upstream_name Nginx var to differentiate canary requests 2019-07-04 19:43:20 -04:00
Kubernetes Prow Robot 930e37a0b5
Merge pull request #4273 from aledbf/ssh-chain-dynamic 
Check and complete intermediate SSL certificates
 2019-07-04 16:32:36 -07:00
Manuel Alejandro de Brito Fontes 8807db9748
Check and complete intermediate SSL certificates 2019-07-04 19:13:21 -04:00
Elvin Efendi 0e5913310d dynamic cert mode should understand domain with trailing dot 2019-07-04 17:30:41 -04:00
Elvin Efendi 27df697dde introduce ngx.var.balancer_ewma_score 2019-07-03 16:50:22 -04:00
Kubernetes Prow Robot c01effb076
Merge pull request #4232 from ElvinEfendi/fix-dynamic-cert-bug 
override least recently used entries when certificate_data dict is full
 2019-07-01 08:03:22 -07:00
Elvin Efendi b66f9e329d override least recently used entries when certificate_data dictionary is full 2019-07-01 10:18:40 -04:00
Manuel Alejandro de Brito Fontes 591887089f
Add e2e test suite to detect memory leaks in lua 2019-06-27 22:05:52 -04:00
Manuel Alejandro de Brito Fontes ddffa2a173
Enable arm again 2019-06-26 23:00:58 -04:00
Elvin Efendi 2b46c3a056 fix monitor test after move to openresty 2019-06-24 14:21:19 -04:00
Kubernetes Prow Robot 5dfc7e211f
Merge pull request #4221 from aledbf/upgrade-nginx-image 
Switch to openresty image
 2019-06-24 09:45:57 -07:00
Manuel Alejandro de Brito Fontes 991f95f6bf
Migrate to openresty 2019-06-23 22:29:11 -04:00
Manuel Alejandro de Brito Fontes d7b213d979
Do not set Host header when backend protocol is grpc 2019-06-18 23:44:10 -04:00
Kubernetes Prow Robot 57a0542fa3
Merge pull request #4187 from s-shirayama/add_unit_test_case_for_balancer_lua_module 
Add unit test cases for balancer lua module
 2019-06-13 09:02:20 -07:00
Sebastiaan Tammer c11583dc5f Only load modsecurity_module when ModSec is active 2019-06-11 16:39:52 +02:00
s-shirayama 6f0d6b38b8 Add unit test case for canary by header 2019-06-11 22:34:33 +09:00
s-shirayama 0ff679baa7 Add unit test case for canary by cookie 2019-06-11 22:34:30 +09:00
s-shirayama e9f4c0bb0e Add unit test case for canary by weight 2019-06-11 22:34:24 +09:00
s-shirayama 7a15f52cf1 Add unit test case for balancer.route_to_alternative_balancer() 2019-06-11 22:34:05 +09:00
Elvin Efendi e2c6202324 bugfix: check all previously failing upstreams, not just the last one 2019-06-07 10:00:31 -04:00
Elvin Efendi b9b1ffb1d5 simplify sticky balancer 2019-06-06 16:32:33 -04:00
Elvin Efendi 83f2acbe38 Session Affinity ChangeOnFailure should be boolean 2019-06-06 11:22:05 -04:00
Kubernetes Prow Robot 286ff13af2
Merge pull request #4048 from fedunineyu/change-upstream-on-error-with-sticky-session 
Change upstream on error when sticky session balancer is used
 2019-06-06 07:22:17 -07:00
Eugene Fedunin 254629cf16 Added support for annotation `session-cookie-change-on-failure` 
1. Session cookie is updated on previous attempt failure when `session-cookie-change-on-failure = true` (default value is `false`).
2. Added tests to check both cases.
3. Updated docs.

Co-Authored-By: Vladimir Grishin <yadolov@users.noreply.github.com>
 2019-05-27 13:00:07 +03:00
Manuel Alejandro de Brito Fontes c4597522bf
Refactor whitelist from map to standard allow directives 2019-05-27 04:55:38 -04:00
Elvin Efendi 0e9e40a60b use nkeys for counting lua table elements 2019-05-26 18:15:15 -04:00
Elvin Efendi dc7fa885a2 log info when endpoints change for a balancer 2019-05-25 23:50:18 -04:00
weltschraet abca32ba8e reduce memory footprint and cpu usage when modsecurity and owasp rules are enabled globally 2019-05-18 19:08:30 +02:00