-
Notifications
You must be signed in to change notification settings - Fork 828
/
configmap-nginx.yaml
384 lines (335 loc) · 15.8 KB
/
configmap-nginx.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
apiVersion: v1
kind: ConfigMap
metadata:
name: nginx
labels:
app: k8s-io
data:
# Adding new entries here will make them appear as files in the deployment.
# Please update kubernetes/k8s.io/apps/k8s-io/README.md when you update this file
nginx.conf: |
worker_processes 5;
events {
}
http {
# Disable to show the nginx version
server_tokens off;
# This is the main site.
server {
server_name k8s.io;
listen 80 default_server;
location = /_healthz {
add_header Content-Type text/plain;
return 200 'ok';
}
location ~ ^/(?<repo>[^/]*)(?<subpath>/.*)?$ {
# $https is set to 'on' when connecting to nginx via HTTPS directly.
set $https_status $https;
if ($http_x_forwarded_proto = 'https') {
set $https_status 'on';
}
# Upgrade HTTP to HTTPS.
if ($https_status != 'on') {
return 301 https://$host$request_uri;
}
if ($arg_go-get = "1") {
# This is a go-get operation.
return 200 '
<html><head>
<meta name="go-import"
content="k8s.io/$repo
git https://github.com/kubernetes/$repo">
<meta name="go-source"
content="k8s.io/$repo
https://github.com/kubernetes/$repo
https://github.com/kubernetes/$repo/tree/master{/dir}
https://github.com/kubernetes/$repo/blob/master{/dir}/{file}#L{line}">
</head></html>
';
}
# Default to redirecting to the "real" site.
return 301 https://kubernetes.io$request_uri;
}
}
# https://geko.cloud/en/forward-real-ip-to-a-nginx-behind-a-gcp-load-balancer/
set_real_ip_from 2600:1901:0:26f3::; # LB IP
set_real_ip_from 34.107.204.206/32; # LB IP
set_real_ip_from 130.211.0.0/22; # IP SRC range for GCP Load Balancers
set_real_ip_from 35.191.0.0/16; # IP SRC range for GCP Load Balancers
real_ip_header X-Forwarded-For;
real_ip_recursive on;
log_format json_combined escape=json
'{'
'"time":"$msec",'
'"httpRequest":{'
'"requestMethod":"$request_method",'
'"requestUrl":"$scheme://$host$request_uri",'
'"requestSize":$request_length,'
'"status":"$status",'
'"responseSize":$bytes_sent,'
'"userAgent":"$http_user_agent",'
'"remoteIp":"$remote_addr",'
'"serverIp":"$server_addr",'
'"referer":"$http_referer",'
'"latency":"${request_time}s",'
'"protocol":"$server_protocol"'
'}'
'}';
access_log /dev/stdout json_combined;
# Redirect x-k8s.io to main site as proof of domain ownership to allow
# the use of x-k8s.io as a namespace for "SIG sponsored CRD based APIs
# outside of the core"
#
# ref: https://git.k8s.io/community/sig-architecture/api-review-process.md#voluntary
server {
server_name x-k8s.io;
listen 80;
location / {
return 301 https://kubernetes.io;
}
}
# Vanity redirects for the new kubernetes-sigs repos
server {
server_name sigs.k8s.io sigs.kubernetes.io;
listen 80;
# The ?! block is negative-lookahead to prevent `/repo/` from grouping into (`repo`, `/`) while `/repo/path` will still group as (`repo`, `/path`).
location ~ ^/(?<sig_repo>.*?)(?!/+$)(?<repo_subpath>/.*)?$ {
# $https is set to 'on' when connecting to nginx via HTTPS directly.
set $https_status $https;
if ($http_x_forwarded_proto = 'https') {
set $https_status 'on';
}
# Upgrade HTTP to HTTPS.
if ($https_status != 'on') {
return 301 https://$host$request_uri;
}
if ($arg_go-get = "1") {
# This is a go-get operation.
return 200 '
<html><head>
<meta name="go-import"
content="sigs.k8s.io/$sig_repo
git https://github.com/kubernetes-sigs/$sig_repo">
<meta name="go-source"
content="sigs.k8s.io/$sig_repo
https://github.com/kubernetes-sigs/$sig_repo
https://github.com/kubernetes-sigs/$sig_repo/tree/master{/dir}
https://github.com/kubernetes-sigs/$sig_repo/blob/master{/dir}/{file}#L{line}">
</head></html>
';
}
if ($repo_subpath = "") {
# This is a regular request for https://sigs.k8s.io/<repo>
# Redirect to repo landing page.
return 301 https://github.com/kubernetes-sigs/$sig_repo;
}
# Default to redirecting to files in the tree.
return 301 https://github.com/kubernetes-sigs/$sig_repo/blob/master$repo_subpath;
}
}
#
# Vanity redirect rules.
#
server {
server_name apt.kubernetes.io apt.k8s.io;
listen 80;
rewrite ^/$ https://kubernetes.io/blog/2023/08/31/legacy-package-repository-deprecation/ redirect;
rewrite ^/(.*)?$ https://packages.cloud.google.com/apt/$1 redirect;
}
server {
server_name yum.kubernetes.io yum.k8s.io;
listen 80;
rewrite ^/$ https://kubernetes.io/blog/2023/08/31/legacy-package-repository-deprecation/ redirect;
rewrite ^/(.*)?$ https://packages.cloud.google.com/yum/$1 redirect;
}
server {
server_name packages.kubernetes.io pkgs.kubernetes.io packages.k8s.io pkgs.k8s.io;
listen 80;
rewrite ^/$ https://kubernetes.io/blog/2023/08/15/pkgs-k8s-io-introduction/ redirect;
rewrite ^/(.*)?$ https://prod-cdn.packages.k8s.io/repositories/isv:/kubernetes:/$1 redirect;
}
server {
server_name blog.kubernetes.io blog.k8s.io;
listen 80;
rewrite ^/(.*)?$ https://kubernetes.io/blog/$1 redirect;
}
server {
server_name changelog.kubernetes.io changelog.k8s.io;
listen 80;
rewrite ^/$ https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/README.md redirect;
rewrite ^/(.*)?$ https://github.com/kubernetes/kubernetes/releases/tag/$1 redirect;
}
server {
server_name ci-test.kubernetes.io ci-test.k8s.io;
listen 80;
# This is really not ideal, but there's no obvious way to browse GCS that handles directories and files.
rewrite ^/$ https://console.developers.google.com/storage/browser/kubernetes-jenkins/logs redirect;
rewrite ^/(.*)/$ https://console.developers.google.com/storage/browser/kubernetes-jenkins/logs/$1 redirect;
rewrite ^/(.*)$ https://storage.cloud.google.com/kubernetes-jenkins/logs/$1 redirect;
}
server {
server_name code.kubernetes.io code.k8s.io;
listen 80;
rewrite ^/(.*)?$ https://github.com/kubernetes/kubernetes/tree/master/$1 redirect;
}
server {
server_name conduct.kubernetes.io conduct.k8s.io;
listen 80;
rewrite ^/(.*)?$ https://github.com/kubernetes/community/tree/master/committee-code-of-conduct/$1 redirect;
}
server {
server_name dl.k8s.io dl.kubernetes.io;
listen 80;
location / {
rewrite ^/apt/doc/apt-key.gpg https://raw.githubusercontent.com/kubernetes/k8s.io/main/apt/doc/apt-key.gpg redirect;
# Don't require /release/ if you want to get at the Kubernetes release artifacts, the common case.
rewrite ^/(v[0-9]+\.[0-9]+\.[0-9]+(-(alpha|beta|rc)\.[0-9]+)?/.*)$ https://cdn.dl.k8s.io/release/$1 redirect;
# CI (continuous integration) artifacts are hosted in a bucket owned by kubernetes.io (community-managed via sig-k8s-infra)
rewrite ^/ci/?(.*)$ https://storage.googleapis.com/k8s-release-dev/ci/$1 redirect;
# Release artifacts are hosted in a bucket owned by google.com (the google-containers project)
rewrite ^/(.*)$ https://cdn.dl.k8s.io/$1 redirect;
}
}
server {
server_name docs.k8s.io docs.kubernetes.io;
listen 80;
location / {
rewrite ^/v[0-9]+\.[0-9]+(/.*)?$ https://kubernetes.io/docs$1 redirect; # legacy
rewrite ^/(.*)$ https://kubernetes.io/docs/$1 redirect;
}
}
server {
server_name examples.k8s.io examples.kubernetes.io;
listen 80;
location / {
rewrite ^/v([0-9]+\.[0-9]+)(/.*)?$ https://github.com/kubernetes/kubernetes/tree/release-$1/examples$2 redirect;
rewrite ^/(.*)$ https://github.com/kubernetes/examples/tree/master/$1 redirect;
}
}
server {
server_name feature.k8s.io features.k8s.io feature.kubernetes.io features.kubernetes.io;
listen 80;
location / {
rewrite ^/(.*)$ https://github.com/kubernetes/features/issues/$1 redirect;
}
}
server {
server_name get.k8s.io get.kubernetes.io;
listen 80;
location = / {
# $https is set to 'on' when connecting to nginx via HTTPS directly.
set $https_status $https;
if ($http_x_forwarded_proto = 'https') {
set $https_status 'on';
}
# If not connecting securely, explicitly return the insecure script.
if ($https_status != 'on') {
rewrite ^/$ /get-kube-insecure.sh;
}
# Otherwise, proxy through to the real script.
proxy_set_header Host raw.githubusercontent.com;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_next_upstream error timeout http_500 http_502 http_503 http_504;
proxy_pass https://raw.githubusercontent.com/kubernetes/kubernetes/master/cluster/get-kube.sh;
}
location / {
root /www/get;
index get-kube-insecure.sh;
}
}
server {
server_name git.k8s.io git.kubernetes.io;
listen 80;
location / {
rewrite ^/$ https://github.com/kubernetes/ redirect;
rewrite ^/([^/]*)/?$ https://github.com/kubernetes/$1/ redirect;
rewrite ^/([^/]*)/(.*)$ https://github.com/kubernetes/$1/blob/master/$2 redirect;
}
}
server {
server_name go.k8s.io go.kubernetes.io;
listen 80;
# Please update README.md when you update the list below.
location / {
rewrite ^/api-review$ https://github.com/kubernetes/community/blob/master/sig-architecture/api-review-process.md redirect;
rewrite ^/bot-commands$ https://prow.k8s.io/command-help redirect;
rewrite ^/bsky$ https://bsky.app/profile/did:plc:kfztyuziv2i44b5kpecth77y/lists/3lau2wjkn3g2s redirect;
rewrite ^/calendar$ https://www.k8s.dev/calendar redirect;
rewrite ^/github-labels$ https://github.com/kubernetes/test-infra/blob/master/label_sync/labels.md redirect;
rewrite ^/good-first-issue$ https://github.com/issues?q=org%3Akubernetes+org%3Akubernetes-sigs+org%3Akubernetes-csi+org%3Akubernetes-client+is%3Aopen+is%3Aissue+label%3A%22good+first+issue%22+no%3Aassignee redirect;
rewrite ^/help-wanted$ https://github.com/issues?q=org%3Akubernetes+org%3Akubernetes-sigs+org%3Akubernetes-csi+org%3Akubernetes-client+is%3Aopen+is%3Aissue+label%3A%22help+wanted%22+no%3Aassignee redirect;
rewrite ^/needs-ok-to-test$ https://github.com/pulls?q=org%3Akubernetes+org%3Akubernetes-sigs+org%3Akubernetes-csi+org%3Akubernetes-client+is%3Aopen+is%3Apr+label%3Aneeds-ok-to-test+label%3A%22cncf-cla%3A+yes%22+-label%3Aneeds-rebase redirect;
rewrite ^/oncall$ https://storage.googleapis.com/test-infra-oncall/oncall.html redirect;
rewrite ^/oncall-hotlist$ https://github.com/kubernetes/test-infra/search?q=label%3Akind%2Foncall-hotlist+is%3Aopen&type=Issues redirect;
rewrite ^/owners$ https://www.kubernetes.dev/docs/guide/owners/ redirect;
rewrite ^/owners/([^/]*)/?$ https://cs.k8s.io/?q=$1&i=fosho&files=OWNERS&excludeFiles=vendor%2F&repos= redirect;
rewrite ^/partner-request$ https://docs.google.com/forms/d/e/1FAIpQLSdN1KtSKX2VAOPGABFlShkSd6CajQynoL4QCVtY0dj76MNDKg/viewform redirect;
rewrite ^/redirects$ https://github.com/kubernetes/k8s.io/tree/main/apps/k8s-io/README.md#redirections redirect;
rewrite ^/start$ https://kubernetes.io/docs/setup/ redirect;
rewrite ^/stuck-prs$ https://github.com/kubernetes/kubernetes/pulls?utf8=%E2%9C%93&q=is%3Apr%20is%3Aopen%20label%3Algtm%20label%3Aapproved%20-label%3Ado-not-merge%20-label%3Aneeds-rebase%20sort%3Aupdated-asc%20-status%3Asuccess redirect;
rewrite ^/test-history$ https://storage.googleapis.com/kubernetes-test-history/static/index.html redirect;
rewrite ^/triage$ https://storage.googleapis.com/k8s-triage/index.html redirect;
rewrite ^/logo$ https://branding.cncf.io/projects/kubernetes/ redirect;
rewrite ^/contact$ https://github.com/kubernetes/community/tree/master/communication/ redirect;
rewrite ^/contact/([^/]*)/?$ https://github.com/kubernetes/community/tree/master/$1#contact redirect;
}
}
server {
server_name issue.k8s.io issues.k8s.io issue.kubernetes.io issues.kubernetes.io;
listen 80;
location / {
rewrite ^/(.*)$ https://github.com/kubernetes/kubernetes/issues/$1 redirect;
}
}
server {
server_name kep.k8s.io kep.kubernetes.io;
listen 80;
location / {
rewrite ^/(.*)$ https://github.com/kubernetes/enhancements/issues/$1 redirect;
}
}
server {
server_name pr.k8s.io prs.k8s.io pr.kubernetes.io prs.kubernetes.io;
listen 80;
location / {
rewrite ^/$ https://github.com/kubernetes/kubernetes/pulls redirect;
rewrite ^/(.*)$ https://github.com/kubernetes/kubernetes/pull/$1 redirect;
}
}
server {
server_name releases.k8s.io rel.k8s.io releases.kubernetes.io rel.kubernetes.io;
listen 80;
location / {
rewrite ^/$ https://github.com/kubernetes/kubernetes/releases redirect;
rewrite ^/([^/]*)(/.*)?$ https://github.com/kubernetes/kubernetes/tree/$1$2 redirect;
}
}
server {
server_name sbom.k8s.io sbom.kubernetes.io
listen 80;
rewrite ^/(.*)?/release(\.cert|\.sig|\.sha256|\.sha512)?$ https://dl.k8s.io/release/$1/kubernetes-release.spdx$2 redirect;
rewrite ^/(.*)?/source(\.cert|\.sig|\.sha256|\.sha512)?$ https://dl.k8s.io/release/$1/kubernetes-source.spdx$2 redirect;
}
server {
server_name slack.k8s.io slack.kubernetes.io
listen 80;
location / {
rewrite ^/.*$ https://communityinviter.com/apps/kubernetes/community permanent;
}
}
server {
server_name submit-queue.k8s.io submit-queue.kubernetes.io;
listen 80;
location / {
rewrite ^/.*$ https://prow.k8s.io/tide redirect;
}
}
server {
server_name yt.k8s.io youtube.k8s.io youtube.kubernetes.io yt.kubernetes.io;
listen 80;
location / {
rewrite ^/.*$ https://www.youtube.com/c/kubernetescommunity redirect;
}
}
}