Update template for ingress 1.9
The names of a few configuration variables have changed in version 1.9. EnableRealIp to EnableRealIP HttpAccessLogPath to HTTPAccessLogPath whitelist to allowlist Whitelist to Allowlist Additionally, ajp_temp_path is no longer valid. Change-Id: I2ebb658bd237216c43306dab6cd7f7a1ca6388ac
This commit is contained in:
parent
3678f4a9d1
commit
f66bb53509
@ -15,7 +15,7 @@ apiVersion: v1
|
|||||||
appVersion: v10.6.7
|
appVersion: v10.6.7
|
||||||
description: OpenStack-Helm MariaDB
|
description: OpenStack-Helm MariaDB
|
||||||
name: mariadb
|
name: mariadb
|
||||||
version: 0.2.38
|
version: 0.2.39
|
||||||
home: https://mariadb.com/kb/en/
|
home: https://mariadb.com/kb/en/
|
||||||
icon: http://badges.mariadb.org/mariadb-badge-180x60.png
|
icon: http://badges.mariadb.org/mariadb-badge-180x60.png
|
||||||
sources:
|
sources:
|
||||||
|
@ -129,7 +129,7 @@ http {
|
|||||||
|
|
||||||
{{/* Enable the real_ip module only if we use either X-Forwarded headers or Proxy Protocol. */}}
|
{{/* Enable the real_ip module only if we use either X-Forwarded headers or Proxy Protocol. */}}
|
||||||
{{/* we use the value of the real IP for the geo_ip module */}}
|
{{/* we use the value of the real IP for the geo_ip module */}}
|
||||||
{{ if or (or $cfg.UseForwardedHeaders $cfg.UseProxyProtocol) $cfg.EnableRealIp }}
|
{{ if or (or $cfg.UseForwardedHeaders $cfg.UseProxyProtocol) $cfg.EnableRealIP }}
|
||||||
{{ if $cfg.UseProxyProtocol }}
|
{{ if $cfg.UseProxyProtocol }}
|
||||||
real_ip_header proxy_protocol;
|
real_ip_header proxy_protocol;
|
||||||
{{ else }}
|
{{ else }}
|
||||||
@ -272,7 +272,6 @@ http {
|
|||||||
client_body_temp_path /tmp/client-body;
|
client_body_temp_path /tmp/client-body;
|
||||||
fastcgi_temp_path /tmp/fastcgi-temp;
|
fastcgi_temp_path /tmp/fastcgi-temp;
|
||||||
proxy_temp_path /tmp/proxy-temp;
|
proxy_temp_path /tmp/proxy-temp;
|
||||||
ajp_temp_path /tmp/ajp-temp;
|
|
||||||
|
|
||||||
client_header_buffer_size {{ $cfg.ClientHeaderBufferSize }};
|
client_header_buffer_size {{ $cfg.ClientHeaderBufferSize }};
|
||||||
client_header_timeout {{ $cfg.ClientHeaderTimeout }}s;
|
client_header_timeout {{ $cfg.ClientHeaderTimeout }}s;
|
||||||
@ -367,7 +366,7 @@ http {
|
|||||||
{{ if $cfg.EnableSyslog }}
|
{{ if $cfg.EnableSyslog }}
|
||||||
access_log syslog:server={{ $cfg.SyslogHost }}:{{ $cfg.SyslogPort }} upstreaminfo if=$loggable;
|
access_log syslog:server={{ $cfg.SyslogHost }}:{{ $cfg.SyslogPort }} upstreaminfo if=$loggable;
|
||||||
{{ else }}
|
{{ else }}
|
||||||
access_log {{ or $cfg.HttpAccessLogPath $cfg.AccessLogPath }} upstreaminfo {{ $cfg.AccessLogParams }} if=$loggable;
|
access_log {{ or $cfg.HTTPAccessLogPath $cfg.AccessLogPath }} upstreaminfo {{ $cfg.AccessLogParams }} if=$loggable;
|
||||||
{{ end }}
|
{{ end }}
|
||||||
{{ end }}
|
{{ end }}
|
||||||
|
|
||||||
@ -509,14 +508,14 @@ http {
|
|||||||
|
|
||||||
{{ range $rl := (filterRateLimits $servers ) }}
|
{{ range $rl := (filterRateLimits $servers ) }}
|
||||||
# Ratelimit {{ $rl.Name }}
|
# Ratelimit {{ $rl.Name }}
|
||||||
geo $remote_addr $whitelist_{{ $rl.ID }} {
|
geo $remote_addr $allowlist_{{ $rl.ID }} {
|
||||||
default 0;
|
default 0;
|
||||||
{{ range $ip := $rl.Whitelist }}
|
{{ range $ip := $rl.Allowlist }}
|
||||||
{{ $ip }} 1;{{ end }}
|
{{ $ip }} 1;{{ end }}
|
||||||
}
|
}
|
||||||
|
|
||||||
# Ratelimit {{ $rl.Name }}
|
# Ratelimit {{ $rl.Name }}
|
||||||
map $whitelist_{{ $rl.ID }} $limit_{{ $rl.ID }} {
|
map $allowlist_{{ $rl.ID }} $limit_{{ $rl.ID }} {
|
||||||
0 {{ $cfg.LimitConnZoneVariable }};
|
0 {{ $cfg.LimitConnZoneVariable }};
|
||||||
1 "";
|
1 "";
|
||||||
}
|
}
|
||||||
@ -745,7 +744,7 @@ stream {
|
|||||||
|
|
||||||
error_log {{ $cfg.ErrorLogPath }} {{ $cfg.ErrorLogLevel }};
|
error_log {{ $cfg.ErrorLogPath }} {{ $cfg.ErrorLogLevel }};
|
||||||
|
|
||||||
{{ if $cfg.EnableRealIp }}
|
{{ if $cfg.EnableRealIP }}
|
||||||
{{ range $trusted_ip := $cfg.ProxyRealIPCIDR }}
|
{{ range $trusted_ip := $cfg.ProxyRealIPCIDR }}
|
||||||
set_real_ip_from {{ $trusted_ip }};
|
set_real_ip_from {{ $trusted_ip }};
|
||||||
{{ end }}
|
{{ end }}
|
||||||
@ -1184,8 +1183,8 @@ stream {
|
|||||||
{{ buildModSecurityForLocation $all.Cfg $location }}
|
{{ buildModSecurityForLocation $all.Cfg $location }}
|
||||||
|
|
||||||
{{ if isLocationAllowed $location }}
|
{{ if isLocationAllowed $location }}
|
||||||
{{ if gt (len $location.Whitelist.CIDR) 0 }}
|
{{ if gt (len $location.Allowlist.CIDR) 0 }}
|
||||||
{{ range $ip := $location.Whitelist.CIDR }}
|
{{ range $ip := $location.Allowlist.CIDR }}
|
||||||
allow {{ $ip }};{{ end }}
|
allow {{ $ip }};{{ end }}
|
||||||
deny all;
|
deny all;
|
||||||
{{ end }}
|
{{ end }}
|
||||||
|
@ -21,7 +21,7 @@ release_group: null
|
|||||||
images:
|
images:
|
||||||
tags:
|
tags:
|
||||||
mariadb: docker.io/openstackhelm/mariadb:latest-ubuntu_focal
|
mariadb: docker.io/openstackhelm/mariadb:latest-ubuntu_focal
|
||||||
ingress: registry.k8s.io/ingress-nginx/controller:v1.8.2
|
ingress: registry.k8s.io/ingress-nginx/controller:v1.9.4
|
||||||
error_pages: registry.k8s.io/defaultbackend:1.4
|
error_pages: registry.k8s.io/defaultbackend:1.4
|
||||||
prometheus_create_mysql_user: docker.io/library/mariadb:10.5.9-focal
|
prometheus_create_mysql_user: docker.io/library/mariadb:10.5.9-focal
|
||||||
prometheus_mysql_exporter: docker.io/prom/mysqld-exporter:v0.12.1
|
prometheus_mysql_exporter: docker.io/prom/mysqld-exporter:v0.12.1
|
||||||
|
@ -54,4 +54,5 @@ mariadb:
|
|||||||
- 0.2.36 Added staggered backups support
|
- 0.2.36 Added staggered backups support
|
||||||
- 0.2.37 Backups verification improvements
|
- 0.2.37 Backups verification improvements
|
||||||
- 0.2.38 Added throttling remote backups
|
- 0.2.38 Added throttling remote backups
|
||||||
|
- 0.2.39 Template changes for image 1.9 compatibility
|
||||||
...
|
...
|
||||||
|
Loading…
Reference in New Issue
Block a user