Skip to content

Commit

Permalink
fix CRD and unit tests
Browse files Browse the repository at this point in the history
  • Loading branch information
@salonichf5
salonichf5 committed Aug 22, 2024
1 parent e7f3cca commit 72d840b
Show file tree
Hide file tree
Showing 22 changed files with 349 additions and 82 deletions.
25 changes: 19 additions & 6 deletions apis/v1alpha1/nginxproxy_types.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -124,25 +124,38 @@ type TelemetryExporter struct {
// RewriteClientIP specifies the configuration for rewriting the client's IP address.
type RewriteClientIP struct {
// Mode defines how NGINX will rewrite the client's IP address.
// Possible modes: ProxyProtocol, XForwardedFor.
// There are two possible modes:
// - ProxyProtocol: NGINX will rewrite the client's IP using the PROXY protocol header.
// - XForwardedFor: NGINX will rewrite the client's IP using the X-Forwarded-For header.
// Sets NGINX directive real_ip_header: https://nginx.org/en/docs/http/ngx_http_realip_module.html#real_ip_header
//
// +optional
Mode *RewriteClientIPModeType `json:"mode,omitempty"`

// SetIPRecursively configures whether recursive search is used for selecting client's
// address from the X-Forwarded-For header and used in conjunction with TrustedAddresses.
// If enabled, NGINX will recurse on the values in X-Forwarded-Header from the end of
// array to start of array and select the first untrusted IP.
// SetIPRecursively configures whether recursive search is used when selecting the client's address from.
// the X-Forwarded-For header. It is used in conjunction with TrustedAddresses.
// If enabled, NGINX will recurse on the values in X-Forwarded-Header from the end of array
// to start of array and select the first untrusted IP.
// For example, if X-Forwarded-For is [11.11.11.11, 22.22.22.22, 55.55.55.1],
// and TrustedAddresses is set to 55.55.55.1/0, NGINX will rewrite the client IP to 22.22.22.22.
// If disabled, NGINX will select the IP at the end of the array.
// In the previous example, 55.55.55.1 would be selected.
// Sets NGINX directive real_ip_recursive: https://nginx.org/en/docs/http/ngx_http_realip_module.html#real_ip_recursive
//
// +optional
SetIPRecursively *bool `json:"setIPRecursively,omitempty"`

// TrustedAddresses specifies the addresses that are trusted to send correct client IP information.
// If a request comes from a trusted address, NGINX will rewrite the client IP information,
// and forward it to the backend in the X-Forwarded-For* and X-Real-IP headers.
// If the request does not come from a trusted address, NGINX will not rewrite the client IP information.
// Addresses must be provided as CIDR blocks: 10.0.0.0/32, 192.33.21/0.
// To trust all addresses (not recommended), set to 0.0.0.0/0.
// If no addresses are provided, NGINX will not rewrite the client IP information.
// Sets NGINX directive set_real_ip_from: https://nginx.org/en/docs/http/ngx_http_realip_module.html#set_real_ip_from
// This field is required if mode is set.
// +kubebuilder:validation:MaxItems=16
// +listType=atomic
// +listType=set
//
//
// +optional
Expand Down
8 changes: 4 additions & 4 deletions charts/nginx-gateway-fabric/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -263,8 +263,8 @@ The following table lists the configurable parameters of the NGINX Gateway Fabri
| `nginx.config` | The configuration for the data plane that is contained in the NginxProxy resource. | object | `{}` |
| `nginx.extraVolumeMounts` | extraVolumeMounts are the additional volume mounts for the nginx container. | list | `[]` |
| `nginx.image.pullPolicy` | | string | `"Always"` |
| `nginx.image.repository` | The NGINX image to use. | string | `"gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/nginx-gateway-fabric/nginx"` |
| `nginx.image.tag` | | string | `"sa.choudhary"` |
| `nginx.image.repository` | The NGINX image to use. | string | `"ghcr.io/nginxinc/nginx-gateway-fabric/nginx"` |
| `nginx.image.tag` | | string | `"edge"` |
| `nginx.lifecycle` | The lifecycle of the nginx container. | object | `{}` |
| `nginx.plus` | Is NGINX Plus image being used | bool | `false` |
| `nginx.usage.clusterName` | The display name of the Kubernetes cluster in the NGINX Plus usage reporting server. | string | `""` |
Expand All @@ -279,8 +279,8 @@ The following table lists the configurable parameters of the NGINX Gateway Fabri
| `nginxGateway.gatewayControllerName` | The name of the Gateway controller. The controller name must be of the form: DOMAIN/PATH. The controller's domain is gateway.nginx.org. | string | `"gateway.nginx.org/nginx-gateway-controller"` |
| `nginxGateway.gwAPIExperimentalFeatures.enable` | Enable the experimental features of Gateway API which are supported by NGINX Gateway Fabric. Requires the Gateway APIs installed from the experimental channel. | bool | `false` |
| `nginxGateway.image.pullPolicy` | | string | `"Always"` |
| `nginxGateway.image.repository` | The NGINX Gateway Fabric image to use | string | `"gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/nginx-gateway-fabric"` |
| `nginxGateway.image.tag` | | string | `"sa.choudhary"` |
| `nginxGateway.image.repository` | The NGINX Gateway Fabric image to use | string | `"ghcr.io/nginxinc/nginx-gateway-fabric"` |
| `nginxGateway.image.tag` | | string | `"edge"` |
| `nginxGateway.kind` | The kind of the NGINX Gateway Fabric installation - currently, only deployment is supported. | string | `"deployment"` |
| `nginxGateway.leaderElection.enable` | Enable leader election. Leader election is used to avoid multiple replicas of the NGINX Gateway Fabric reporting the status of the Gateway API resources. If not enabled, all replicas of NGINX Gateway Fabric will update the statuses of the Gateway API resources. | bool | `true` |
| `nginxGateway.leaderElection.lockName` | The name of the leader election lock. A Lease object with this name will be created in the same Namespace as the controller. | string | Autogenerated if not set or set to "". |
Expand Down
11 changes: 6 additions & 5 deletions charts/nginx-gateway-fabric/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,8 +52,8 @@ nginxGateway:

image:
# -- The NGINX Gateway Fabric image to use
repository: gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/nginx-gateway-fabric
tag: sa.choudhary
repository: ghcr.io/nginxinc/nginx-gateway-fabric
tag: edge
pullPolicy: Always

securityContext:
Expand Down Expand Up @@ -81,8 +81,8 @@ nginxGateway:
nginx:
image:
# -- The NGINX image to use.
repository: gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/nginx-gateway-fabric/nginx
tag: sa.choudhary
repository: ghcr.io/nginxinc/nginx-gateway-fabric/nginx
tag: edge
pullPolicy: Always

# -- Is NGINX Plus image being used
Expand All @@ -95,7 +95,8 @@ nginx:
# ipFamily: dual
# rewriteClientIP:
# mode: "ProxyProtocol"
# trustedAddresses: ["0.0.0.0/0"]
# # -- The trusted addresses field needs to be replaced with the load balancer's IP address.
# trustedAddresses: []
# setIPRecursively: true
# telemetry:
# exporter:
Expand Down
25 changes: 19 additions & 6 deletions config/crd/bases/gateway.nginx.org_nginxproxies.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -69,23 +69,36 @@ spec:
mode:
description: |-
Mode defines how NGINX will rewrite the client's IP address.
Possible modes: ProxyProtocol, XForwardedFor.
There are two possible modes:
- ProxyProtocol: NGINX will rewrite the client's IP using the PROXY protocol header.
- XForwardedFor: NGINX will rewrite the client's IP using the X-Forwarded-For header.
Sets NGINX directive real_ip_header: https://nginx.org/en/docs/http/ngx_http_realip_module.html#real_ip_header
enum:
- ProxyProtocol
- XForwardedFor
type: string
setIPRecursively:
description: |-
SetIPRecursively configures whether recursive search is used for selecting client's
address from the X-Forwarded-For header and used in conjunction with TrustedAddresses.
If enabled, NGINX will recurse on the values in X-Forwarded-Header from the end of
array to start of array and select the first untrusted IP.
SetIPRecursively configures whether recursive search is used when selecting the client's address from.
the X-Forwarded-For header. It is used in conjunction with TrustedAddresses.
If enabled, NGINX will recurse on the values in X-Forwarded-Header from the end of array
to start of array and select the first untrusted IP.
For example, if X-Forwarded-For is [11.11.11.11, 22.22.22.22, 55.55.55.1],
and TrustedAddresses is set to 55.55.55.1/0, NGINX will rewrite the client IP to 22.22.22.22.
If disabled, NGINX will select the IP at the end of the array.
In the previous example, 55.55.55.1 would be selected.
Sets NGINX directive real_ip_recursive: https://nginx.org/en/docs/http/ngx_http_realip_module.html#real_ip_recursive
type: boolean
trustedAddresses:
description: |-
TrustedAddresses specifies the addresses that are trusted to send correct client IP information.
If a request comes from a trusted address, NGINX will rewrite the client IP information,
and forward it to the backend in the X-Forwarded-For* and X-Real-IP headers.
If the request does not come from a trusted address, NGINX will not rewrite the client IP information.
Addresses must be provided as CIDR blocks: 10.0.0.0/32, 192.33.21/0.
To trust all addresses (not recommended), set to 0.0.0.0/0.
If no addresses are provided, NGINX will not rewrite the client IP information.
Sets NGINX directive set_real_ip_from: https://nginx.org/en/docs/http/ngx_http_realip_module.html#set_real_ip_from
This field is required if mode is set.
items:
description: |-
Expand All @@ -95,7 +108,7 @@ spec:
type: string
maxItems: 16
type: array
x-kubernetes-list-type: atomic
x-kubernetes-list-type: set
type: object
x-kubernetes-validations:
- message: if mode is set, trustedAddresses is a required field
Expand Down
4 changes: 2 additions & 2 deletions config/tests/static-deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.name
image: gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/nginx-gateway-fabric:sa.choudhary
image: ghcr.io/nginxinc/nginx-gateway-fabric:edge
imagePullPolicy: Always
name: nginx-gateway
ports:
Expand Down Expand Up @@ -82,7 +82,7 @@ spec:
mountPath: /var/run/nginx
- name: nginx-includes
mountPath: /etc/nginx/includes
- image: gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/nginx-gateway-fabric/nginx:sa.choudhary
- image: ghcr.io/nginxinc/nginx-gateway-fabric/nginx:edge
imagePullPolicy: Always
name: nginx
ports:
Expand Down
4 changes: 2 additions & 2 deletions deploy/aws-nlb/deploy.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -217,7 +217,7 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.name
image: gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/nginx-gateway-fabric:sa.choudhary
image: ghcr.io/nginxinc/nginx-gateway-fabric:edge
imagePullPolicy: Always
name: nginx-gateway
ports:
Expand Down Expand Up @@ -256,7 +256,7 @@ spec:
name: nginx-run
- mountPath: /etc/nginx/includes
name: nginx-includes
- image: gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/nginx-gateway-fabric/nginx:sa.choudhary
- image: ghcr.io/nginxinc/nginx-gateway-fabric/nginx:edge
imagePullPolicy: Always
name: nginx
ports:
Expand Down
4 changes: 2 additions & 2 deletions deploy/azure/deploy.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -214,7 +214,7 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.name
image: gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/nginx-gateway-fabric:sa.choudhary
image: ghcr.io/nginxinc/nginx-gateway-fabric:edge
imagePullPolicy: Always
name: nginx-gateway
ports:
Expand Down Expand Up @@ -253,7 +253,7 @@ spec:
name: nginx-run
- mountPath: /etc/nginx/includes
name: nginx-includes
- image: gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/nginx-gateway-fabric/nginx:sa.choudhary
- image: ghcr.io/nginxinc/nginx-gateway-fabric/nginx:edge
imagePullPolicy: Always
name: nginx
ports:
Expand Down
25 changes: 19 additions & 6 deletions deploy/crds.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -654,23 +654,36 @@ spec:
mode:
description: |-
Mode defines how NGINX will rewrite the client's IP address.
Possible modes: ProxyProtocol, XForwardedFor.
There are two possible modes:
- ProxyProtocol: NGINX will rewrite the client's IP using the PROXY protocol header.
- XForwardedFor: NGINX will rewrite the client's IP using the X-Forwarded-For header.
Sets NGINX directive real_ip_header: https://nginx.org/en/docs/http/ngx_http_realip_module.html#real_ip_header
enum:
- ProxyProtocol
- XForwardedFor
type: string
setIPRecursively:
description: |-
SetIPRecursively configures whether recursive search is used for selecting client's
address from the X-Forwarded-For header and used in conjunction with TrustedAddresses.
If enabled, NGINX will recurse on the values in X-Forwarded-Header from the end of
array to start of array and select the first untrusted IP.
SetIPRecursively configures whether recursive search is used when selecting the client's address from.
the X-Forwarded-For header. It is used in conjunction with TrustedAddresses.
If enabled, NGINX will recurse on the values in X-Forwarded-Header from the end of array
to start of array and select the first untrusted IP.
For example, if X-Forwarded-For is [11.11.11.11, 22.22.22.22, 55.55.55.1],
and TrustedAddresses is set to 55.55.55.1/0, NGINX will rewrite the client IP to 22.22.22.22.
If disabled, NGINX will select the IP at the end of the array.
In the previous example, 55.55.55.1 would be selected.
Sets NGINX directive real_ip_recursive: https://nginx.org/en/docs/http/ngx_http_realip_module.html#real_ip_recursive
type: boolean
trustedAddresses:
description: |-
TrustedAddresses specifies the addresses that are trusted to send correct client IP information.
If a request comes from a trusted address, NGINX will rewrite the client IP information,
and forward it to the backend in the X-Forwarded-For* and X-Real-IP headers.
If the request does not come from a trusted address, NGINX will not rewrite the client IP information.
Addresses must be provided as CIDR blocks: 10.0.0.0/32, 192.33.21/0.
To trust all addresses (not recommended), set to 0.0.0.0/0.
If no addresses are provided, NGINX will not rewrite the client IP information.
Sets NGINX directive set_real_ip_from: https://nginx.org/en/docs/http/ngx_http_realip_module.html#set_real_ip_from
This field is required if mode is set.
items:
description: |-
Expand All @@ -680,7 +693,7 @@ spec:
type: string
maxItems: 16
type: array
x-kubernetes-list-type: atomic
x-kubernetes-list-type: set
type: object
x-kubernetes-validations:
- message: if mode is set, trustedAddresses is a required field
Expand Down
4 changes: 2 additions & 2 deletions deploy/default/deploy.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -214,7 +214,7 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.name
image: gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/nginx-gateway-fabric:sa.choudhary
image: ghcr.io/nginxinc/nginx-gateway-fabric:edge
imagePullPolicy: Always
name: nginx-gateway
ports:
Expand Down Expand Up @@ -253,7 +253,7 @@ spec:
name: nginx-run
- mountPath: /etc/nginx/includes
name: nginx-includes
- image: gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/nginx-gateway-fabric/nginx:sa.choudhary
- image: ghcr.io/nginxinc/nginx-gateway-fabric/nginx:edge
imagePullPolicy: Always
name: nginx
ports:
Expand Down
4 changes: 2 additions & 2 deletions deploy/experimental-nginx-plus/deploy.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -229,7 +229,7 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.name
image: gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/nginx-gateway-fabric:sa.choudhary
image: ghcr.io/nginxinc/nginx-gateway-fabric:edge
imagePullPolicy: Always
name: nginx-gateway
ports:
Expand Down Expand Up @@ -268,7 +268,7 @@ spec:
name: nginx-run
- mountPath: /etc/nginx/includes
name: nginx-includes
- image: private-registry.nginx.com/nginx-gateway-fabric/nginx-plus:sa.choudhary
- image: private-registry.nginx.com/nginx-gateway-fabric/nginx-plus:edge
imagePullPolicy: Always
name: nginx
ports:
Expand Down
4 changes: 2 additions & 2 deletions deploy/experimental/deploy.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -220,7 +220,7 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.name
image: gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/nginx-gateway-fabric:sa.choudhary
image: ghcr.io/nginxinc/nginx-gateway-fabric:edge
imagePullPolicy: Always
name: nginx-gateway
ports:
Expand Down Expand Up @@ -259,7 +259,7 @@ spec:
name: nginx-run
- mountPath: /etc/nginx/includes
name: nginx-includes
- image: gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/nginx-gateway-fabric/nginx:sa.choudhary
- image: ghcr.io/nginxinc/nginx-gateway-fabric/nginx:edge
imagePullPolicy: Always
name: nginx
ports:
Expand Down
4 changes: 2 additions & 2 deletions deploy/nginx-plus/deploy.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -225,7 +225,7 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.name
image: gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/nginx-gateway-fabric:sa.choudhary
image: ghcr.io/nginxinc/nginx-gateway-fabric:edge
imagePullPolicy: Always
name: nginx-gateway
ports:
Expand Down Expand Up @@ -264,7 +264,7 @@ spec:
name: nginx-run
- mountPath: /etc/nginx/includes
name: nginx-includes
- image: private-registry.nginx.com/nginx-gateway-fabric/nginx-plus:sa.choudhary
- image: private-registry.nginx.com/nginx-gateway-fabric/nginx-plus:edge
imagePullPolicy: Always
name: nginx
ports:
Expand Down
4 changes: 2 additions & 2 deletions deploy/nodeport/deploy.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -214,7 +214,7 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.name
image: gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/nginx-gateway-fabric:sa.choudhary
image: ghcr.io/nginxinc/nginx-gateway-fabric:edge
imagePullPolicy: Always
name: nginx-gateway
ports:
Expand Down Expand Up @@ -253,7 +253,7 @@ spec:
name: nginx-run
- mountPath: /etc/nginx/includes
name: nginx-includes
- image: gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/nginx-gateway-fabric/nginx:sa.choudhary
- image: ghcr.io/nginxinc/nginx-gateway-fabric/nginx:edge
imagePullPolicy: Always
name: nginx
ports:
Expand Down
4 changes: 2 additions & 2 deletions deploy/openshift/deploy.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -222,7 +222,7 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.name
image: gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/nginx-gateway-fabric:sa.choudhary
image: ghcr.io/nginxinc/nginx-gateway-fabric:edge
imagePullPolicy: Always
name: nginx-gateway
ports:
Expand Down Expand Up @@ -261,7 +261,7 @@ spec:
name: nginx-run
- mountPath: /etc/nginx/includes
name: nginx-includes
- image: gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/nginx-gateway-fabric/nginx:sa.choudhary
- image: ghcr.io/nginxinc/nginx-gateway-fabric/nginx:edge
imagePullPolicy: Always
name: nginx
ports:
Expand Down
Loading

0 comments on commit 72d840b

Please sign in to comment.