09bf431fe7
This PS sets `--enable-ssl-chain-completion=false` for the MariaDB ingress controller. This is the default for current versions of the nginx-ingress-controller, but for 0.9.0 needs to be set. If enableSSLChainCompletion is left on, nginx will attempt to autocomplete SSL certificate chains with missing intermediate CA certificates, causing unnecessary network and errors in pod logs. Change-Id: I088b33fe994281dca6997baa87a6b599c3f10c14 Closes-Bug: #1835364
42 lines
1.2 KiB
Smarty
42 lines
1.2 KiB
Smarty
#!/bin/bash
|
|
|
|
{{/*
|
|
Copyright 2017 The Openstack-Helm Authors.
|
|
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
you may not use this file except in compliance with the License.
|
|
You may obtain a copy of the License at
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
See the License for the specific language governing permissions and
|
|
limitations under the License.
|
|
*/}}
|
|
|
|
set -ex
|
|
COMMAND="${@:-start}"
|
|
|
|
function start () {
|
|
rm -fv /tmp/prometheus-nginx.socket
|
|
exec /usr/bin/dumb-init \
|
|
/nginx-ingress-controller \
|
|
--force-namespace-isolation \
|
|
--watch-namespace ${POD_NAMESPACE} \
|
|
--election-id=${RELEASE_NAME} \
|
|
--ingress-class=${INGRESS_CLASS} \
|
|
--default-backend-service=${POD_NAMESPACE}/${ERROR_PAGE_SERVICE} \
|
|
--configmap=${POD_NAMESPACE}/mariadb-ingress-conf \
|
|
--enable-ssl-chain-completion=false \
|
|
--tcp-services-configmap=${POD_NAMESPACE}/mariadb-services-tcp
|
|
}
|
|
|
|
|
|
function stop () {
|
|
kill -TERM 1
|
|
}
|
|
|
|
$COMMAND
|