From f66bb53509683afecfd23f27dcc513d7027b18b8 Mon Sep 17 00:00:00 2001 From: "Ritchie, Frank (fr801x)" Date: Thu, 4 Jan 2024 13:15:06 -0500 Subject: [PATCH] Update template for ingress 1.9 The names of a few configuration variables have changed in version 1.9. EnableRealIp to EnableRealIP HttpAccessLogPath to HTTPAccessLogPath whitelist to allowlist Whitelist to Allowlist Additionally, ajp_temp_path is no longer valid. Change-Id: I2ebb658bd237216c43306dab6cd7f7a1ca6388ac --- mariadb/Chart.yaml | 2 +- mariadb/files/nginx.tmpl | 17 ++++++++--------- mariadb/values.yaml | 2 +- releasenotes/notes/mariadb.yaml | 1 + 4 files changed, 11 insertions(+), 11 deletions(-) diff --git a/mariadb/Chart.yaml b/mariadb/Chart.yaml index 095d326f0..56ca9c2aa 100644 --- a/mariadb/Chart.yaml +++ b/mariadb/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 appVersion: v10.6.7 description: OpenStack-Helm MariaDB name: mariadb -version: 0.2.38 +version: 0.2.39 home: https://mariadb.com/kb/en/ icon: http://badges.mariadb.org/mariadb-badge-180x60.png sources: diff --git a/mariadb/files/nginx.tmpl b/mariadb/files/nginx.tmpl index c9b25478d..0b6a6e5ed 100644 --- a/mariadb/files/nginx.tmpl +++ b/mariadb/files/nginx.tmpl @@ -129,7 +129,7 @@ http { {{/* Enable the real_ip module only if we use either X-Forwarded headers or Proxy Protocol. */}} {{/* we use the value of the real IP for the geo_ip module */}} - {{ if or (or $cfg.UseForwardedHeaders $cfg.UseProxyProtocol) $cfg.EnableRealIp }} + {{ if or (or $cfg.UseForwardedHeaders $cfg.UseProxyProtocol) $cfg.EnableRealIP }} {{ if $cfg.UseProxyProtocol }} real_ip_header proxy_protocol; {{ else }} @@ -272,7 +272,6 @@ http { client_body_temp_path /tmp/client-body; fastcgi_temp_path /tmp/fastcgi-temp; proxy_temp_path /tmp/proxy-temp; - ajp_temp_path /tmp/ajp-temp; client_header_buffer_size {{ $cfg.ClientHeaderBufferSize }}; client_header_timeout {{ $cfg.ClientHeaderTimeout }}s; @@ -367,7 +366,7 @@ http { {{ if $cfg.EnableSyslog }} access_log syslog:server={{ $cfg.SyslogHost }}:{{ $cfg.SyslogPort }} upstreaminfo if=$loggable; {{ else }} - access_log {{ or $cfg.HttpAccessLogPath $cfg.AccessLogPath }} upstreaminfo {{ $cfg.AccessLogParams }} if=$loggable; + access_log {{ or $cfg.HTTPAccessLogPath $cfg.AccessLogPath }} upstreaminfo {{ $cfg.AccessLogParams }} if=$loggable; {{ end }} {{ end }} @@ -509,14 +508,14 @@ http { {{ range $rl := (filterRateLimits $servers ) }} # Ratelimit {{ $rl.Name }} - geo $remote_addr $whitelist_{{ $rl.ID }} { + geo $remote_addr $allowlist_{{ $rl.ID }} { default 0; - {{ range $ip := $rl.Whitelist }} + {{ range $ip := $rl.Allowlist }} {{ $ip }} 1;{{ end }} } # Ratelimit {{ $rl.Name }} - map $whitelist_{{ $rl.ID }} $limit_{{ $rl.ID }} { + map $allowlist_{{ $rl.ID }} $limit_{{ $rl.ID }} { 0 {{ $cfg.LimitConnZoneVariable }}; 1 ""; } @@ -745,7 +744,7 @@ stream { error_log {{ $cfg.ErrorLogPath }} {{ $cfg.ErrorLogLevel }}; - {{ if $cfg.EnableRealIp }} + {{ if $cfg.EnableRealIP }} {{ range $trusted_ip := $cfg.ProxyRealIPCIDR }} set_real_ip_from {{ $trusted_ip }}; {{ end }} @@ -1184,8 +1183,8 @@ stream { {{ buildModSecurityForLocation $all.Cfg $location }} {{ if isLocationAllowed $location }} - {{ if gt (len $location.Whitelist.CIDR) 0 }} - {{ range $ip := $location.Whitelist.CIDR }} + {{ if gt (len $location.Allowlist.CIDR) 0 }} + {{ range $ip := $location.Allowlist.CIDR }} allow {{ $ip }};{{ end }} deny all; {{ end }} diff --git a/mariadb/values.yaml b/mariadb/values.yaml index e592c5620..d3bc4fb57 100644 --- a/mariadb/values.yaml +++ b/mariadb/values.yaml @@ -21,7 +21,7 @@ release_group: null images: tags: mariadb: docker.io/openstackhelm/mariadb:latest-ubuntu_focal - ingress: registry.k8s.io/ingress-nginx/controller:v1.8.2 + ingress: registry.k8s.io/ingress-nginx/controller:v1.9.4 error_pages: registry.k8s.io/defaultbackend:1.4 prometheus_create_mysql_user: docker.io/library/mariadb:10.5.9-focal prometheus_mysql_exporter: docker.io/prom/mysqld-exporter:v0.12.1 diff --git a/releasenotes/notes/mariadb.yaml b/releasenotes/notes/mariadb.yaml index 33a091826..a045fafc6 100644 --- a/releasenotes/notes/mariadb.yaml +++ b/releasenotes/notes/mariadb.yaml @@ -54,4 +54,5 @@ mariadb: - 0.2.36 Added staggered backups support - 0.2.37 Backups verification improvements - 0.2.38 Added throttling remote backups + - 0.2.39 Template changes for image 1.9 compatibility ...