Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add override for proxy_intercept_errors when using Custom HTTP Errors #9411

Closed
wants to merge 60 commits into from
Closed

Add override for proxy_intercept_errors when using Custom HTTP Errors #9411

wants to merge 60 commits into from

Conversation

chriss-de
Copy link
Contributor

This PR adds a new flag to the global ConfigMap configurations and Ingress Annotations to disable the proxy_intercept_errors setting in nginx.conf when using CustomHTTPErrors.

What this PR does / why we need it:

The motivation behind this change is to enable the use case outlined in #8376. We would like to be able to override the default nginx error pages (e.g. 503 service unavailable and 404 not found) with a custom error page without intercepting genuine error responses from proxied services.

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • CVE Report (Scanner found CVE and adding report)
  • Breaking change (fix or feature that would cause existing functionality to change)
  • Documentation only

Which issue/s this PR fixes

fixes #8376
solves #9026
solves #8435

How Has This Been Tested?

Added unit tests to cover this change. Tested in our datacenter and confirmed fix by applying annotations for proxy-intercept-errors and custom-http-errors.

Checklist:

  • My change requires a change to the documentation.
  • I have updated the documentation accordingly.
  • I've read the CONTRIBUTION guide
  • I have added unit and/or e2e tests to cover my changes.
  • All new and existing tests passed.
  • Added Release Notes.

Does my pull request need a release note?

Added annotation to control if proxy-intercept-errors are enabled when custom-http-errors are enabled.
Added configmap option to control if proxy-intercept-errors are enabled when custom-http-errors are enabled in configmap.

@linux-foundation-easycla
Copy link

linux-foundation-easycla bot commented Dec 14, 2022
edited
Loading

CLA Signed

The committers listed above are authorized under a signed CLA.

@k8s-ci-robot
Copy link
Contributor

@chriss-de: This issue is currently awaiting triage.

If Ingress contributors determines this is a relevant issue, they will accept it by applying the triage/accepted label and provide further guidance.

The triage/accepted label can be added by org members by writing /triage accepted in a comment.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@k8s-ci-robot k8s-ci-robot added needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. cncf-cla: no Indicates the PR's author has not signed the CNCF CLA. area/docs needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. needs-kind Indicates a PR lacks a `kind/foo` label and requires one. labels Dec 14, 2022
@k8s-ci-robot
Copy link
Contributor

Hi @chriss-de. Thanks for your PR.

I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: chriss-de
Once this PR has been reviewed and has the lgtm label, please assign tao12345666333 for approval by writing /assign @tao12345666333 in a comment. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. and removed cncf-cla: no Indicates the PR's author has not signed the CNCF CLA. labels Dec 14, 2022
@omartin2342 omartin2342 mentioned this pull request Dec 14, 2022
Closed
11 tasks
@chriss-de
Copy link
Contributor Author

Also solves #9211

dependabot bot and others added 11 commits December 17, 2022 02:29
@dependabot
Bump github.com/onsi/ginkgo/v2 from 2.5.1 to 2.6.0 (kubernetes#9398)
651b846 
Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.5.1 to 2.6.0.
- [Release notes](https://github.com/onsi/ginkgo/releases)
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md)
- [Commits](onsi/ginkgo@v2.5.1...v2.6.0)

---
updated-dependencies:
- dependency-name: github.com/onsi/ginkgo/v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@SaumyaBhushan
Bump github.com/onsi/ginkgo/v2 from 2.5.1 to 2.6.0 (kubernetes#9408)
a0dbbd2 
Bump github.com/onsi/ginkgo/v2 from 2.5.1 to 2.6.0

Bump github.com/onsi/ginkgo/v2 from 2.5.1 to 2.6.0
@dependabot
Bump github.com/prometheus/common from 0.37.0 to 0.39.0 (kubernetes#9416
17d8266 
)

Bumps [github.com/prometheus/common](https://github.com/prometheus/common) from 0.37.0 to 0.39.0.
- [Release notes](https://github.com/prometheus/common/releases)
- [Commits](prometheus/common@v0.37.0...v0.39.0)

---
updated-dependencies:
- dependency-name: github.com/prometheus/common
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@strongjz
start upgrade to golang 1.19.4 and alpine 3.17.0 (kubernetes#9417)
e3e0d9c 
* start upgrade to 1.19.4

Signed-off-by: James Strong <[email protected]>

* add matrix to image test-image

Signed-off-by: James Strong <[email protected]>

* update to alpine 3.17

Signed-off-by: James Strong <[email protected]>

* remove need for curl

Signed-off-by: James Strong <[email protected]>

Signed-off-by: James Strong <[email protected]>
patch otel docker file
690969b 
Signed-off-by: James Strong <[email protected]>
gcloud build is timing out
58948ac 
Signed-off-by: James Strong <[email protected]>
@strongjz
Merge pull request kubernetes#9429 from strongjz/update-timeouts
1889131 
Increase build time out for fastcgi gcloud image build
@strongjz
Merge pull request kubernetes#9428 from strongjz/patch-otel
81d40b7 
patch otel docker file
@dependabot
Bump ossf/scorecard-action from 2.0.6 to 2.1.0 (kubernetes#9422)
6070c8b 
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.0.6 to 2.1.0.
- [Release notes](https://github.com/ossf/scorecard-action/releases)
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md)
- [Commits](ossf/scorecard-action@99c5375...937ffa9)

---
updated-dependencies:
- dependency-name: ossf/scorecard-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
Bump actions/dependency-review-action from 3.0.1 to 3.0.2 (kubernetes…
07db499 
…#9424)

Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 3.0.1 to 3.0.2.
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](actions/dependency-review-action@1131052...0ff3da6)

---
updated-dependencies:
- dependency-name: actions/dependency-review-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
Bump goreleaser/goreleaser-action from 3.2.0 to 4.1.0 (kubernetes#9426)
bd283b6 
Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) from 3.2.0 to 4.1.0.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases)
- [Commits](goreleaser/goreleaser-action@b508e2e...8f67e59)

---
updated-dependencies:
- dependency-name: goreleaser/goreleaser-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
strongjz and others added 11 commits December 29, 2022 21:11
@strongjz
Merge pull request kubernetes#9469 from strongjz/rollback-1.5.2
2ea0109 
Rollback 1.5.2
@kirs
Optional podman support (kubernetes#9294)
5bfd3e2
@esigo
bump OpenTelemetry (kubernetes#9489)
96b3d21
@esigo
update OpenTelemetry image (kubernetes#9491)
490e872 
* update OpenTelemetry image

* helm-doc
@Gacko
Admission Webhooks/Job: Add NetworkPolicy. (kubernetes#9218)
5b04033
@cpanato
add github actions stale bot (kubernetes#9439)
f82e29a 
Signed-off-by: cpanato <[email protected]>

Signed-off-by: cpanato <[email protected]>
@naseemkullah
Update monitoring.md (kubernetes#9269)
0b34a03
@jp
Fix indentation on serviceAccount annotation (kubernetes#9129)
9926f1d
@yutachaos
Add update updateStrategy and minReadySeconds for defaultBackend (kub…
bbf7c79 
…ernetes#8506)

* Add update updateStrategy and minReadySeconds for defaultBackend

* Bump chart

* Fixed docs helm-docs version
@philnichol
Adding ipdenylist annotation (kubernetes#8795)
8ed3a27 
* feat: Add support for IP Deny List

* fixed gomod

* Update package

* go mod tidy

* Revert "go mod tidy"

This reverts commit e6a837e.

* update ginko version

* Updates e2e tests

* fix test typo
@johanneswuerbach
fix: disable auth access logs (kubernetes#9049)
424cc86
@k8s-ci-robot k8s-ci-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Jan 9, 2023
jackivanov and others added 8 commits January 9, 2023 03:01
@jackivanov
Add buildResolvers to the stream module (kubernetes#9184)
275d5e1
@dependabot
Bump golang.org/x/crypto from 0.4.0 to 0.5.0 (kubernetes#9494)
54dd88a 
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.4.0 to 0.5.0.
- [Release notes](https://github.com/golang/crypto/releases)
- [Commits](golang/crypto@v0.4.0...v0.5.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@AverageMarcus
added option to disable sync event creation (kubernetes#8528)
e7bee53 
* added option to disable event creation

Signed-off-by: Marcus Noble <[email protected]>

* Re-trigger github workflows

Signed-off-by: Marcus Noble <[email protected]>

Signed-off-by: Marcus Noble <[email protected]>
@chriss-de
added proxy-intercept-errors config option
b8e9b55
@chriss-de
Merge branch 'pie' of https://github.com/chriss-de/ingress-nginx into…
f12540f 
… pie
@chriss-de
added proxy-intercept-errors config option
e470148
@chriss-de
added proxy-intercept-errors config option
bfe7474
@chriss-de
Merge remote-tracking branch 'origin/pie' into pie
d024ae5 
# Conflicts:
#	internal/ingress/controller/config/config.go
@k8s-ci-robot k8s-ci-robot added the do-not-merge/invalid-commit-message Indicates that a PR should not merge because it has an invalid commit message. label Jan 10, 2023
@k8s-ci-robot
Copy link
Contributor

Keywords which can automatically close issues and at(@) or hashtag(#) mentions are not allowed in commit messages.

The list of commits with invalid commit messages:

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

@k8s-ci-robot k8s-ci-robot added size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. area/helm Issues or PRs related to helm charts and removed needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Jan 10, 2023
@chriss-de
Copy link
Contributor Author

I screwed it up by doing a merge instead of rebase. my bad.

I'll open up a new PR because I don't know how to fix it otherwise.

@chriss-de chriss-de closed this Jan 10, 2023
@chriss-de chriss-de deleted the pie branch January 10, 2023 15:07
@chriss-de chriss-de mentioned this pull request Jan 10, 2023
Merged
11 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@strongjz strongjz Awaiting requested review from strongjz

@tao12345666333 tao12345666333 Awaiting requested review from tao12345666333

Assignees
No one assigned
Labels
area/docs area/helm Issues or PRs related to helm charts cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. do-not-merge/invalid-commit-message Indicates that a PR should not merge because it has an invalid commit message. needs-kind Indicates a PR lacks a `kind/foo` label and requires one. needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. needs-priority needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Allow custom-http-errors without proxy_intercept_errors