You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/crd/k8s.nginx.org_policies.md
+2Lines changed: 2 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -47,6 +47,8 @@ The `.spec` object supports the following fields:
47
47
|`jwt.keyCache`|`string`| Enables in-memory caching of JWKS (JSON Web Key Sets) that are obtained from the jwksURI and sets a valid time for expiration. |
48
48
|`jwt.realm`|`string`| The realm of the JWT. |
49
49
|`jwt.secret`|`string`| The name of the Kubernetes secret that stores the Htpasswd configuration. It must be in the same namespace as the Policy resource. The secret must be of the type nginx.org/htpasswd, and the config must be stored in the secret under the key htpasswd, otherwise the secret will be rejected as invalid. |
50
+
|`jwt.sniEnabled`|`boolean`| Enables SNI (Server Name Indication) for the JWT policy. This is useful when the remote server requires SNI to serve the correct certificate. |
51
+
|`jwt.sniName`|`string`| The SNI name to use when connecting to the remote server. If not set, the hostname from the ``jwksURI`` will be used. |
50
52
|`jwt.token`|`string`| The token specifies a variable that contains the JSON Web Token. By default the JWT is passed in the Authorization header as a Bearer Token. JWT may be also passed as a cookie or a part of a query string, for example: $cookie_auth_token. Accepted variables are $http_, $arg_, $cookie_. |
51
53
|`oidc`|`object`| The OpenID Connect policy configures NGINX to authenticate client requests by validating a JWT token against an OAuth2/OIDC token provider, such as Auth0 or Keycloak. |
52
54
|`oidc.accessTokenEnable`|`boolean`| Option of whether Bearer token is used to authorize NGINX to access protected backend. |
Copy file name to clipboardExpand all lines: docs/crd/k8s.nginx.org_transportservers.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -38,7 +38,7 @@ The `.spec` object supports the following fields:
38
38
|`upstreams`|`array`| A list of upstreams. |
39
39
|`upstreams[].backup`|`string`| The name of the backup service of type ExternalName. This will be used when the primary servers are unavailable. Note: The parameter cannot be used along with the random, hash or ip_hash load balancing methods. |
40
40
|`upstreams[].backupPort`|`integer`| The port of the backup service. The backup port is required if the backup service name is provided. The port must fall into the range 1..65535. |
41
-
|`upstreams[].failTimeout`|`string`| Sets the number of unsuccessful attempts to communicate with the server that should happen in the duration set by the failTimeout parameter to consider the server unavailable. The default 1. |
41
+
|`upstreams[].failTimeout`|`string`| Sets the number of unsuccessful attempts to communicate with the server that should happen in the duration set by the failTimeout parameter to consider the server unavailable. The default is 1. |
42
42
|`upstreams[].healthCheck`|`object`| The health check configuration for the Upstream. Note: this feature is supported only in NGINX Plus. |
43
43
|`upstreams[].healthCheck.enable`|`boolean`| Enables a health check for an upstream server. The default is false. |
44
44
|`upstreams[].healthCheck.fails`|`integer`| The number of consecutive failed health checks of a particular upstream server after which this server will be considered unhealthy. The default is 1. |
Copy file name to clipboardExpand all lines: docs/crd/k8s.nginx.org_virtualserverroutes.md
+2-2Lines changed: 2 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -161,7 +161,7 @@ The `.spec` object supports the following fields:
161
161
|`subroutes[].splits[].action.return.type`|`string`| The MIME type of the response. The default is text/plain. |
162
162
|`subroutes[].splits[].weight`|`integer`| The weight of an action. Must fall into the range 0..100. The sum of the weights of all splits must be equal to 100. |
163
163
|`upstreams`|`array`| A list of upstreams. |
164
-
|`upstreams[].backup`|`string`| The name of the backup service of type ExternalName. This will be used when the primary servers are unavailable. Note: The parameter cannot be used along with the random, hash or ip_hash load balancing methods. |
164
+
|`upstreams[].backup`|`string`| The name of the backup service of type ExternalName. This will be used when the primary servers are unavailable. Note: The parameter cannot be used along with the random, hash or ip_hash load balancing methods. |
165
165
|`upstreams[].backupPort`|`integer`| The port of the backup service. The backup port is required if the backup service name is provided. The port must fall into the range 1..65535. |
166
166
|`upstreams[].buffer-size`|`string`| Sets the size of the buffer used for reading the first part of a response received from the upstream server. The default is set in the proxy-buffer-size ConfigMap key. |
167
167
|`upstreams[].buffering`|`boolean`| Enables buffering of responses from the upstream server. The default is set in the proxy-buffering ConfigMap key. |
@@ -218,7 +218,7 @@ The `.spec` object supports the following fields:
218
218
|`upstreams[].sessionCookie.path`|`string`| The path for which the cookie is set. |
219
219
|`upstreams[].sessionCookie.samesite`|`string`| Adds the SameSite attribute to the cookie. The allowed values are: strict, lax, none |
220
220
|`upstreams[].sessionCookie.secure`|`boolean`| Adds the Secure attribute to the cookie. |
221
-
|`upstreams[].slow-start`|`string`| The slow start allows an upstream server to gradually recover its weight from 0 to its nominal value after it has been recovered or became available or when the server becomes available after a period of time it was considered unavailable. By default, the slow start is disabled. Note: The parameter cannot be used along with the random, hash or ip_hash load balancing methods and will be ignored. |
221
+
|`upstreams[].slow-start`|`string`| The slow start allows an upstream server to gradually recover its weight from 0 to its nominal value after it has been recovered or became available or when the server becomes available after a period of time it was considered unavailable. By default, the slow start is disabled. Note: The parameter cannot be used along with the random, hash or ip_hash load balancing methods and will be ignored. |
222
222
|`upstreams[].subselector`|`object`| Selects the pods within the service using label keys and values. By default, all pods of the service are selected. Note: the specified labels are expected to be present in the pods when they are created. If the pod labels are updated, NGINX Ingress Controller will not see that change until the number of the pods is changed. |
223
223
|`upstreams[].tls`|`object`| The TLS configuration for the Upstream. |
224
224
|`upstreams[].tls.enable`|`boolean`| Enables HTTPS for requests to upstream servers. The default is False , meaning that HTTP will be used. Note: by default, NGINX will not verify the upstream server certificate. To enable the verification, configure an EgressMTLS Policy. |
Copy file name to clipboardExpand all lines: docs/crd/k8s.nginx.org_virtualservers.md
+3-3Lines changed: 3 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -192,11 +192,11 @@ The `.spec` object supports the following fields:
192
192
|`tls.cert-manager.usages`|`string`| This field allows you to configure spec.usages field for the Certificate to be generated. Pass a string with comma-separated values i.e. key agreement,digital signature, server auth. An exhaustive list of supported key usages can be found in the the cert-manager api documentation. |
193
193
|`tls.redirect`|`object`| The redirect configuration of the TLS for a VirtualServer. |
194
194
|`tls.redirect.basedOn`|`string`| The attribute of a request that NGINX will evaluate to send a redirect. The allowed values are scheme (the scheme of the request) or x-forwarded-proto (the X-Forwarded-Proto header of the request). The default is scheme. |
195
-
|`tls.redirect.code`|`integer`| The status code of a redirect. The allowed values are: 301, 302, 307 , 308. The default is 301. |
195
+
|`tls.redirect.code`|`integer`| The status code of a redirect. The allowed values are: 301, 302, 307 or 308. The default is 301. |
196
196
|`tls.redirect.enable`|`boolean`| Enables a TLS redirect for a VirtualServer. The default is False. |
197
197
|`tls.secret`|`string`| The name of a secret with a TLS certificate and key. The secret must belong to the same namespace as the VirtualServer. The secret must be of the type kubernetes.io/tls and contain keys named tls.crt and tls.key that contain the certificate and private key as described here. If the secret doesn’t exist or is invalid, NGINX will break any attempt to establish a TLS connection to the host of the VirtualServer. If the secret is not specified but wildcard TLS secret is configured, NGINX will use the wildcard secret for TLS termination. |
198
198
|`upstreams`|`array`| A list of upstreams. |
199
-
|`upstreams[].backup`|`string`| The name of the backup service of type ExternalName. This will be used when the primary servers are unavailable. Note: The parameter cannot be used along with the random, hash or ip_hash load balancing methods. |
199
+
|`upstreams[].backup`|`string`| The name of the backup service of type ExternalName. This will be used when the primary servers are unavailable. Note: The parameter cannot be used along with the random, hash or ip_hash load balancing methods. |
200
200
|`upstreams[].backupPort`|`integer`| The port of the backup service. The backup port is required if the backup service name is provided. The port must fall into the range 1..65535. |
201
201
|`upstreams[].buffer-size`|`string`| Sets the size of the buffer used for reading the first part of a response received from the upstream server. The default is set in the proxy-buffer-size ConfigMap key. |
202
202
|`upstreams[].buffering`|`boolean`| Enables buffering of responses from the upstream server. The default is set in the proxy-buffering ConfigMap key. |
@@ -253,7 +253,7 @@ The `.spec` object supports the following fields:
253
253
|`upstreams[].sessionCookie.path`|`string`| The path for which the cookie is set. |
254
254
|`upstreams[].sessionCookie.samesite`|`string`| Adds the SameSite attribute to the cookie. The allowed values are: strict, lax, none |
255
255
|`upstreams[].sessionCookie.secure`|`boolean`| Adds the Secure attribute to the cookie. |
256
-
|`upstreams[].slow-start`|`string`| The slow start allows an upstream server to gradually recover its weight from 0 to its nominal value after it has been recovered or became available or when the server becomes available after a period of time it was considered unavailable. By default, the slow start is disabled. Note: The parameter cannot be used along with the random, hash or ip_hash load balancing methods and will be ignored. |
256
+
|`upstreams[].slow-start`|`string`| The slow start allows an upstream server to gradually recover its weight from 0 to its nominal value after it has been recovered or became available or when the server becomes available after a period of time it was considered unavailable. By default, the slow start is disabled. Note: The parameter cannot be used along with the random, hash or ip_hash load balancing methods and will be ignored. |
257
257
|`upstreams[].subselector`|`object`| Selects the pods within the service using label keys and values. By default, all pods of the service are selected. Note: the specified labels are expected to be present in the pods when they are created. If the pod labels are updated, NGINX Ingress Controller will not see that change until the number of the pods is changed. |
258
258
|`upstreams[].tls`|`object`| The TLS configuration for the Upstream. |
259
259
|`upstreams[].tls.enable`|`boolean`| Enables HTTPS for requests to upstream servers. The default is False , meaning that HTTP will be used. Note: by default, NGINX will not verify the upstream server certificate. To enable the verification, configure an EgressMTLS Policy. |
0 commit comments