From d30bbfbfe76b6801eb1f2155abdbce6a2fcf707c Mon Sep 17 00:00:00 2001
From: "Anselme, Schubert (sa246v)" <sa246v@att.com>
Date: Tue, 13 Dec 2022 09:18:01 -0500
Subject: [PATCH] Uplift nginx ingress controller to v1.5.1

Signed-off-by: Anselme, Schubert (sa246v) <sa246v@att.com>
Change-Id: I8e3eb2ebd52c0dae1d0cc0ebaa23885b8c0cf83f
---
 ingress/Chart.yaml                        |  2 +-
 ingress/templates/deployment-ingress.yaml | 44 +++++++++++++++--------
 ingress/values.yaml                       |  2 +-
 mariadb/Chart.yaml                        |  2 +-
 mariadb/files/nginx.tmpl                  |  4 +--
 mariadb/templates/deployment-ingress.yaml | 16 +++++++++
 mariadb/values.yaml                       |  2 +-
 releasenotes/notes/ingress.yaml           |  1 +
 releasenotes/notes/mariadb.yaml           |  1 +
 tox.ini                                   |  6 ++--
 10 files changed, 57 insertions(+), 23 deletions(-)

diff --git a/ingress/Chart.yaml b/ingress/Chart.yaml
index b5372e63d..a3beeb58d 100644
--- a/ingress/Chart.yaml
+++ b/ingress/Chart.yaml
@@ -15,7 +15,7 @@ apiVersion: v1
 appVersion: v0.42.0
 description: OpenStack-Helm Ingress Controller
 name: ingress
-version: 0.2.11
+version: 0.2.12
 home: https://github.com/kubernetes/ingress
 sources:
   - https://github.com/kubernetes/ingress
diff --git a/ingress/templates/deployment-ingress.yaml b/ingress/templates/deployment-ingress.yaml
index 021300194..56f169d5f 100644
--- a/ingress/templates/deployment-ingress.yaml
+++ b/ingress/templates/deployment-ingress.yaml
@@ -79,6 +79,14 @@ rules:
       - ingresses/status
     verbs:
       - update
+  - apiGroups:
+      - discovery.k8s.io
+    resources:
+      - endpointslices
+    verbs:
+      - get
+      - list
+      - watch
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
@@ -131,6 +139,14 @@ rules:
       - get
       - create
       - update
+  - apiGroups:
+      - coordination.k8s.io
+    resources:
+      - leases
+    verbs:
+      - get
+      - create
+      - update
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
@@ -223,13 +239,13 @@ spec:
 {{ tuple $envAll "ingress_module_init" | include "helm-toolkit.snippets.image" | indent 10 }}
 {{ dict "envAll" $envAll "application" "server" "container" "ingress_vip_kernel_modules" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
           command:
-            - /tmp/ingress-vip.sh
+            - /tmp/nginx/ingress-vip.sh
             - kernel_modules
           volumeMounts:
             - name: pod-tmp
-              mountPath: /tmp
+              mountPath: /tmp/nginx
             - name: ingress-bin
-              mountPath: /tmp/ingress-vip.sh
+              mountPath: /tmp/nginx/ingress-vip.sh
               subPath: ingress-vip.sh
               readOnly: true
             - name: host-rootfs
@@ -242,13 +258,13 @@ spec:
           env:
 {{ include "helm-toolkit.utils.to_k8s_env_vars" .Values.network.vip | indent 12 }}
           command:
-            - /tmp/ingress-vip.sh
+            - /tmp/nginx/ingress-vip.sh
             - start
           volumeMounts:
             - name: pod-tmp
-              mountPath: /tmp
+              mountPath: /tmp/nginx
             - name: ingress-bin
-              mountPath: /tmp/ingress-vip.sh
+              mountPath: /tmp/nginx/ingress-vip.sh
               subPath: ingress-vip.sh
               readOnly: true
 {{- end }}
@@ -319,19 +335,19 @@ spec:
               hostPort: {{ tuple "ingress" "internal" "server" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
             {{- end }}
           command:
-            - /tmp/ingress-controller.sh
+            - /tmp/nginx/ingress-controller.sh
             - start
           lifecycle:
             preStop:
               exec:
                 command:
-                  - /tmp/ingress-controller.sh
+                  - /tmp/nginx/ingress-controller.sh
                   - stop
           volumeMounts:
             - name: pod-tmp
-              mountPath: /tmp
+              mountPath: /tmp/nginx
             - name: ingress-bin
-              mountPath: /tmp/ingress-controller.sh
+              mountPath: /tmp/nginx/ingress-controller.sh
               subPath: ingress-controller.sh
               readOnly: true
 {{- if and .Values.network.host_namespace .Values.network.vip.manage }}
@@ -342,19 +358,19 @@ spec:
           env:
 {{ include "helm-toolkit.utils.to_k8s_env_vars" .Values.network.vip | indent 12 }}
           command:
-            - /tmp/ingress-vip.sh
+            - /tmp/nginx/ingress-vip.sh
             - sleep
           lifecycle:
             preStop:
               exec:
                 command:
-                  - /tmp/ingress-vip.sh
+                  - /tmp/nginx/ingress-vip.sh
                   - stop
           volumeMounts:
             - name: pod-tmp
-              mountPath: /tmp
+              mountPath: /tmp/nginx
             - name: ingress-bin
-              mountPath: /tmp/ingress-vip.sh
+              mountPath: /tmp/nginx/ingress-vip.sh
               subPath: ingress-vip.sh
               readOnly: true
 {{- else if eq .Values.network.vip.mode "keepalived" }}
diff --git a/ingress/values.yaml b/ingress/values.yaml
index 380645974..2026f980b 100644
--- a/ingress/values.yaml
+++ b/ingress/values.yaml
@@ -25,7 +25,7 @@ deployment:
 images:
   tags:
     entrypoint: quay.io/airshipit/kubernetes-entrypoint:v1.0.0
-    ingress: k8s.gcr.io/ingress-nginx/controller:v1.1.3
+    ingress: k8s.gcr.io/ingress-nginx/controller:v1.5.1
     ingress_module_init: docker.io/openstackhelm/neutron:xena-ubuntu_focal
     ingress_routed_vip: docker.io/openstackhelm/neutron:xena-ubuntu_focal
     error_pages: k8s.gcr.io/defaultbackend:1.4
diff --git a/mariadb/Chart.yaml b/mariadb/Chart.yaml
index 432abca0a..71b4cee4b 100644
--- a/mariadb/Chart.yaml
+++ b/mariadb/Chart.yaml
@@ -15,7 +15,7 @@ apiVersion: v1
 appVersion: v10.6.7
 description: OpenStack-Helm MariaDB
 name: mariadb
-version: 0.2.28
+version: 0.2.29
 home: https://mariadb.com/kb/en/
 icon: http://badges.mariadb.org/mariadb-badge-180x60.png
 sources:
diff --git a/mariadb/files/nginx.tmpl b/mariadb/files/nginx.tmpl
index ac916470c..bc99c913c 100644
--- a/mariadb/files/nginx.tmpl
+++ b/mariadb/files/nginx.tmpl
@@ -623,7 +623,7 @@ http {
         {{ $cfg.ServerSnippet }}
         {{ end }}
 
-        {{ template "CUSTOM_ERRORS" (buildCustomErrorDeps "upstream-default-backend" $cfg.CustomHTTPErrors $all.EnableMetrics) }}
+        {{ template "CUSTOM_ERRORS" (buildCustomErrorDeps "upstream-default-backend" $cfg.CustomHTTPErrors $all.EnableMetrics $all.Cfg.EnableModsecurity) }}
     }
     ## end server {{ $server.Hostname }}
 
@@ -971,7 +971,7 @@ stream {
         {{ end }}
 
         {{ range $errorLocation := (buildCustomErrorLocationsPerServer $server) }}
-        {{ template "CUSTOM_ERRORS" (buildCustomErrorDeps $errorLocation.UpstreamName $errorLocation.Codes $all.EnableMetrics) }}
+        {{ template "CUSTOM_ERRORS" (buildCustomErrorDeps $errorLocation.UpstreamName $errorLocation.Codes $all.EnableMetrics $all.Cfg.EnableModsecurity) }}
         {{ end }}
 
         {{ buildMirrorLocations $server.Locations }}
diff --git a/mariadb/templates/deployment-ingress.yaml b/mariadb/templates/deployment-ingress.yaml
index ada7f83c9..6fbf33895 100644
--- a/mariadb/templates/deployment-ingress.yaml
+++ b/mariadb/templates/deployment-ingress.yaml
@@ -89,6 +89,14 @@ rules:
       - get
       - list
       - watch
+  - apiGroups:
+      - discovery.k8s.io
+    resources:
+      - endpointslices
+    verbs:
+      - get
+      - list
+      - watch
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
@@ -183,6 +191,14 @@ rules:
       - get
       - create
       - update
+  - apiGroups:
+      - coordination.k8s.io
+    resources:
+      - leases
+    verbs:
+      - get
+      - create
+      - update
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
diff --git a/mariadb/values.yaml b/mariadb/values.yaml
index f67e54855..cc80e35d6 100644
--- a/mariadb/values.yaml
+++ b/mariadb/values.yaml
@@ -21,7 +21,7 @@ release_group: null
 images:
   tags:
     mariadb: docker.io/openstackhelm/mariadb:latest-ubuntu_focal
-    ingress: k8s.gcr.io/ingress-nginx/controller:v1.1.3
+    ingress: k8s.gcr.io/ingress-nginx/controller:v1.5.1
     error_pages: k8s.gcr.io/defaultbackend:1.4
     prometheus_create_mysql_user: docker.io/library/mariadb:10.5.9-focal
     prometheus_mysql_exporter: docker.io/prom/mysqld-exporter:v0.12.1
diff --git a/releasenotes/notes/ingress.yaml b/releasenotes/notes/ingress.yaml
index 06d44368d..8c9a28b34 100644
--- a/releasenotes/notes/ingress.yaml
+++ b/releasenotes/notes/ingress.yaml
@@ -15,4 +15,5 @@ ingress:
   - 0.2.9 Added OCI registry authentication
   - 0.2.10 Update neutron images to xena release
   - 0.2.11 Fix resource name in the role
+  - 0.2.12 Uplift ingress to 1.5.1
 ...
diff --git a/releasenotes/notes/mariadb.yaml b/releasenotes/notes/mariadb.yaml
index fd1ed9928..cab2b3500 100644
--- a/releasenotes/notes/mariadb.yaml
+++ b/releasenotes/notes/mariadb.yaml
@@ -44,4 +44,5 @@ mariadb:
   - 0.2.26 Added OCI registry authentication
   - 0.2.27 Fix broken helmrelease for helmv3
   - 0.2.28 Added verify_databases_backup_in_directory function implementation
+  - 0.2.29 Uplift Mariadb-ingress to 1.5.1
 ...
diff --git a/tox.ini b/tox.ini
index 57e80d46b..4d5f7423d 100644
--- a/tox.ini
+++ b/tox.ini
@@ -8,7 +8,7 @@ ignore_basepython_conflict = True
 basepython = python3
 setenv = VIRTUAL_ENV={envdir}
 deps = -c{env:TOX_CONSTRAINTS_FILE:https://releases.openstack.org/constraints/upper/master}
-passenv = *_proxy *_PROXY
+passenv = *_proxy,*_PROXY
 
 [testenv:venv]
 commands = {posargs}
@@ -18,7 +18,7 @@ deps = -r{toxinidir}/doc/requirements.txt
 commands =
   rm -rf doc/build
   sphinx-build -W -b html doc/source doc/build/html
-whitelist_externals =
+allowlist_externals =
   rm
 
 [testenv:lint]
@@ -28,7 +28,7 @@ deps =
 commands =
   rm -rf .yamllint
   bash ../openstack-helm-infra/tools/gate/lint.sh
-whitelist_externals =
+allowlist_externals =
   rm
   bash