[mariadb-ingress] Uplift Mariadb-ingress to 0.42.0

- Uplifts the image to nginx 0.42.0 to address CVEs
- Updates nginx.tmpl accordingly for nginx 0.42.0
- Adds CLusterRole and labels needed for nginx 0.42.0
- Updates release notes for mariadb

Change-Id: Ie4e2a66873bc130c547ff8f30d8e1b2ee9a62186
This commit is contained in:
anthony.bellino 2021-01-08 14:15:59 -08:00
parent 87e3a02dd5
commit dcd77ceba3
6 changed files with 1003 additions and 399 deletions

View File

@ -15,7 +15,7 @@ apiVersion: v1
appVersion: v10.2.31 appVersion: v10.2.31
description: OpenStack-Helm MariaDB description: OpenStack-Helm MariaDB
name: mariadb name: mariadb
version: 0.1.8 version: 0.1.9
home: https://mariadb.com/kb/en/ home: https://mariadb.com/kb/en/
icon: http://badges.mariadb.org/mariadb-badge-180x60.png icon: http://badges.mariadb.org/mariadb-badge-180x60.png
sources: sources:

File diff suppressed because it is too large Load Diff

View File

@ -18,10 +18,9 @@ set -ex
COMMAND="${@:-start}" COMMAND="${@:-start}"
function start () { function start () {
find /tmp/ -maxdepth 1 -writable | grep -v "^/tmp/$" | xargs -L1 -r rm -rfv find /tmp -maxdepth 1 \! -path /tmp -perm /222 -exec rm -rfv {} \;
exec /usr/bin/dumb-init \ exec /usr/bin/dumb-init \
/nginx-ingress-controller \ /nginx-ingress-controller \
--force-namespace-isolation \
--watch-namespace ${POD_NAMESPACE} \ --watch-namespace ${POD_NAMESPACE} \
--election-id=${RELEASE_NAME} \ --election-id=${RELEASE_NAME} \
--ingress-class=${INGRESS_CLASS} \ --ingress-class=${INGRESS_CLASS} \

View File

@ -21,6 +21,82 @@ limitations under the License.
{{ tuple $envAll "ingress" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} {{ tuple $envAll "ingress" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
--- ---
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ $serviceAccountName }}
rules:
- apiGroups:
- ""
resources:
- configmaps
- endpoints
- nodes
- pods
- secrets
verbs:
- list
- watch
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- apiGroups:
- ""
resources:
- services
verbs:
- get
- list
- watch
- update
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- "extensions"
- "networking.k8s.io"
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- "extensions"
- "networking.k8s.io"
resources:
- ingresses/status
verbs:
- update
- apiGroups:
- "networking.k8s.io"
resources:
- ingressclasses
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ $serviceAccountName }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ $serviceAccountName }}
subjects:
- kind: ServiceAccount
name: {{ $serviceAccountName }}
namespace: {{ $envAll.Release.Namespace }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role kind: Role
metadata: metadata:
name: {{ $serviceAccountName }} name: {{ $serviceAccountName }}
@ -123,6 +199,13 @@ metadata:
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
labels: labels:
{{ tuple $envAll "mariadb" "ingress" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} {{ tuple $envAll "mariadb" "ingress" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
app.kubernetes.io/instance: {{ $serviceAccountName }}
app.kubernetes.io/name: "mariadb"
app.kubernetes.io/component: "ingress"
app.kubernetes.io/managed-by: {{ $envAll.Release.Service }}
{{- if $envAll.Chart.AppVersion }}
app.kubernetes.io/version: {{ $envAll.Chart.AppVersion | quote }}
{{- end }}
spec: spec:
replicas: {{ .Values.pod.replicas.ingress }} replicas: {{ .Values.pod.replicas.ingress }}
selector: selector:
@ -133,6 +216,13 @@ spec:
metadata: metadata:
labels: labels:
{{ tuple $envAll "mariadb" "ingress" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} {{ tuple $envAll "mariadb" "ingress" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
app.kubernetes.io/instance: {{ $serviceAccountName }}
app.kubernetes.io/name: "mariadb"
app.kubernetes.io/component: "ingress"
app.kubernetes.io/managed-by: {{ $envAll.Release.Service }}
{{- if $envAll.Chart.AppVersion }}
app.kubernetes.io/version: {{ $envAll.Chart.AppVersion | quote }}
{{- end }}
annotations: annotations:
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }} {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }} configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}

View File

@ -21,7 +21,7 @@ release_group: null
images: images:
tags: tags:
mariadb: docker.io/openstackhelm/mariadb:latest-ubuntu_xenial mariadb: docker.io/openstackhelm/mariadb:latest-ubuntu_xenial
ingress: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.9.0 ingress: k8s.gcr.io/ingress-nginx/controller:v0.42.0
error_pages: k8s.gcr.io/defaultbackend:1.4 error_pages: k8s.gcr.io/defaultbackend:1.4
prometheus_create_mysql_user: docker.io/mariadb:10.2.31 prometheus_create_mysql_user: docker.io/mariadb:10.2.31
prometheus_mysql_exporter: docker.io/prom/mysqld-exporter:v0.11.0 prometheus_mysql_exporter: docker.io/prom/mysqld-exporter:v0.11.0

View File

@ -9,4 +9,5 @@ mariadb:
- 0.1.6 Change Issuer to ClusterIssuer - 0.1.6 Change Issuer to ClusterIssuer
- 0.1.7 Revert - Change Issuer to ClusterIssuer - 0.1.7 Revert - Change Issuer to ClusterIssuer
- 0.1.8 Change Issuer to ClusterIssuer with logic in place to support cert-manager versioning - 0.1.8 Change Issuer to ClusterIssuer with logic in place to support cert-manager versioning
- 0.1.9 Uplift Mariadb-ingress to 0.42.0
... ...