Update template for ingress 1.9

The names of a few configuration variables have changed in version 1.9.

EnableRealIp to EnableRealIP
HttpAccessLogPath to HTTPAccessLogPath
whitelist to allowlist
Whitelist to Allowlist

Additionally,

ajp_temp_path

is no longer valid.

Change-Id: I2ebb658bd237216c43306dab6cd7f7a1ca6388ac
This commit is contained in:
Ritchie, Frank (fr801x) 2024-01-04 13:15:06 -05:00
parent 3678f4a9d1
commit f66bb53509
4 changed files with 11 additions and 11 deletions

View File

@ -15,7 +15,7 @@ apiVersion: v1
appVersion: v10.6.7 appVersion: v10.6.7
description: OpenStack-Helm MariaDB description: OpenStack-Helm MariaDB
name: mariadb name: mariadb
version: 0.2.38 version: 0.2.39
home: https://mariadb.com/kb/en/ home: https://mariadb.com/kb/en/
icon: http://badges.mariadb.org/mariadb-badge-180x60.png icon: http://badges.mariadb.org/mariadb-badge-180x60.png
sources: sources:

View File

@ -129,7 +129,7 @@ http {
{{/* Enable the real_ip module only if we use either X-Forwarded headers or Proxy Protocol. */}} {{/* Enable the real_ip module only if we use either X-Forwarded headers or Proxy Protocol. */}}
{{/* we use the value of the real IP for the geo_ip module */}} {{/* we use the value of the real IP for the geo_ip module */}}
{{ if or (or $cfg.UseForwardedHeaders $cfg.UseProxyProtocol) $cfg.EnableRealIp }} {{ if or (or $cfg.UseForwardedHeaders $cfg.UseProxyProtocol) $cfg.EnableRealIP }}
{{ if $cfg.UseProxyProtocol }} {{ if $cfg.UseProxyProtocol }}
real_ip_header proxy_protocol; real_ip_header proxy_protocol;
{{ else }} {{ else }}
@ -272,7 +272,6 @@ http {
client_body_temp_path /tmp/client-body; client_body_temp_path /tmp/client-body;
fastcgi_temp_path /tmp/fastcgi-temp; fastcgi_temp_path /tmp/fastcgi-temp;
proxy_temp_path /tmp/proxy-temp; proxy_temp_path /tmp/proxy-temp;
ajp_temp_path /tmp/ajp-temp;
client_header_buffer_size {{ $cfg.ClientHeaderBufferSize }}; client_header_buffer_size {{ $cfg.ClientHeaderBufferSize }};
client_header_timeout {{ $cfg.ClientHeaderTimeout }}s; client_header_timeout {{ $cfg.ClientHeaderTimeout }}s;
@ -367,7 +366,7 @@ http {
{{ if $cfg.EnableSyslog }} {{ if $cfg.EnableSyslog }}
access_log syslog:server={{ $cfg.SyslogHost }}:{{ $cfg.SyslogPort }} upstreaminfo if=$loggable; access_log syslog:server={{ $cfg.SyslogHost }}:{{ $cfg.SyslogPort }} upstreaminfo if=$loggable;
{{ else }} {{ else }}
access_log {{ or $cfg.HttpAccessLogPath $cfg.AccessLogPath }} upstreaminfo {{ $cfg.AccessLogParams }} if=$loggable; access_log {{ or $cfg.HTTPAccessLogPath $cfg.AccessLogPath }} upstreaminfo {{ $cfg.AccessLogParams }} if=$loggable;
{{ end }} {{ end }}
{{ end }} {{ end }}
@ -509,14 +508,14 @@ http {
{{ range $rl := (filterRateLimits $servers ) }} {{ range $rl := (filterRateLimits $servers ) }}
# Ratelimit {{ $rl.Name }} # Ratelimit {{ $rl.Name }}
geo $remote_addr $whitelist_{{ $rl.ID }} { geo $remote_addr $allowlist_{{ $rl.ID }} {
default 0; default 0;
{{ range $ip := $rl.Whitelist }} {{ range $ip := $rl.Allowlist }}
{{ $ip }} 1;{{ end }} {{ $ip }} 1;{{ end }}
} }
# Ratelimit {{ $rl.Name }} # Ratelimit {{ $rl.Name }}
map $whitelist_{{ $rl.ID }} $limit_{{ $rl.ID }} { map $allowlist_{{ $rl.ID }} $limit_{{ $rl.ID }} {
0 {{ $cfg.LimitConnZoneVariable }}; 0 {{ $cfg.LimitConnZoneVariable }};
1 ""; 1 "";
} }
@ -745,7 +744,7 @@ stream {
error_log {{ $cfg.ErrorLogPath }} {{ $cfg.ErrorLogLevel }}; error_log {{ $cfg.ErrorLogPath }} {{ $cfg.ErrorLogLevel }};
{{ if $cfg.EnableRealIp }} {{ if $cfg.EnableRealIP }}
{{ range $trusted_ip := $cfg.ProxyRealIPCIDR }} {{ range $trusted_ip := $cfg.ProxyRealIPCIDR }}
set_real_ip_from {{ $trusted_ip }}; set_real_ip_from {{ $trusted_ip }};
{{ end }} {{ end }}
@ -1184,8 +1183,8 @@ stream {
{{ buildModSecurityForLocation $all.Cfg $location }} {{ buildModSecurityForLocation $all.Cfg $location }}
{{ if isLocationAllowed $location }} {{ if isLocationAllowed $location }}
{{ if gt (len $location.Whitelist.CIDR) 0 }} {{ if gt (len $location.Allowlist.CIDR) 0 }}
{{ range $ip := $location.Whitelist.CIDR }} {{ range $ip := $location.Allowlist.CIDR }}
allow {{ $ip }};{{ end }} allow {{ $ip }};{{ end }}
deny all; deny all;
{{ end }} {{ end }}

View File

@ -21,7 +21,7 @@ release_group: null
images: images:
tags: tags:
mariadb: docker.io/openstackhelm/mariadb:latest-ubuntu_focal mariadb: docker.io/openstackhelm/mariadb:latest-ubuntu_focal
ingress: registry.k8s.io/ingress-nginx/controller:v1.8.2 ingress: registry.k8s.io/ingress-nginx/controller:v1.9.4
error_pages: registry.k8s.io/defaultbackend:1.4 error_pages: registry.k8s.io/defaultbackend:1.4
prometheus_create_mysql_user: docker.io/library/mariadb:10.5.9-focal prometheus_create_mysql_user: docker.io/library/mariadb:10.5.9-focal
prometheus_mysql_exporter: docker.io/prom/mysqld-exporter:v0.12.1 prometheus_mysql_exporter: docker.io/prom/mysqld-exporter:v0.12.1

View File

@ -54,4 +54,5 @@ mariadb:
- 0.2.36 Added staggered backups support - 0.2.36 Added staggered backups support
- 0.2.37 Backups verification improvements - 0.2.37 Backups verification improvements
- 0.2.38 Added throttling remote backups - 0.2.38 Added throttling remote backups
- 0.2.39 Template changes for image 1.9 compatibility
... ...