From 5f68916f786078a6f95ae6cef40425144d6b63b2 Mon Sep 17 00:00:00 2001 From: bbk Date: Sun, 17 Dec 2023 11:30:22 +0100 Subject: [PATCH 1/7] fix django cache timeout value --- charts/wger/Chart.yaml | 2 +- charts/wger/templates/_helpers.tpl | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/wger/Chart.yaml b/charts/wger/Chart.yaml index dd3605b..13eb72d 100644 --- a/charts/wger/Chart.yaml +++ b/charts/wger/Chart.yaml @@ -1,6 +1,6 @@ --- apiVersion: v2 -version: 0.1.10 +version: 0.1.11-rc.1 appVersion: latest name: wger description: A Helm chart for Wger installation on Kubernetes diff --git a/charts/wger/templates/_helpers.tpl b/charts/wger/templates/_helpers.tpl index 1894ffc..e919e92 100644 --- a/charts/wger/templates/_helpers.tpl +++ b/charts/wger/templates/_helpers.tpl @@ -41,7 +41,7 @@ environment: - name: DJANGO_CACHE_CLIENT_CLASS value: "django_redis.client.DefaultClient" - name: DJANGO_CACHE_TIMEOUT - value: {{ .Values.app.django.secret.name | default "1296000" | quote }} + value: {{ .Values.app.django.cache.timeout | default "1296000" | quote }} # django general {{- if .Values.ingress.enabled }} - name: SITE_URL From d175b4f6f1437ab9afa84763ebf57f35dac2f592 Mon Sep 17 00:00:00 2001 From: bbk Date: Sun, 17 Dec 2023 11:48:10 +0100 Subject: [PATCH 2/7] start fixing int in env --- charts/wger/Chart.yaml | 2 +- charts/wger/templates/_helpers.tpl | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/wger/Chart.yaml b/charts/wger/Chart.yaml index 13eb72d..99d3119 100644 --- a/charts/wger/Chart.yaml +++ b/charts/wger/Chart.yaml @@ -1,6 +1,6 @@ --- apiVersion: v2 -version: 0.1.11-rc.1 +version: 0.1.11-rc.2 appVersion: latest name: wger description: A Helm chart for Wger installation on Kubernetes diff --git a/charts/wger/templates/_helpers.tpl b/charts/wger/templates/_helpers.tpl index e919e92..2d0d42b 100644 --- a/charts/wger/templates/_helpers.tpl +++ b/charts/wger/templates/_helpers.tpl @@ -41,7 +41,7 @@ environment: - name: DJANGO_CACHE_CLIENT_CLASS value: "django_redis.client.DefaultClient" - name: DJANGO_CACHE_TIMEOUT - value: {{ .Values.app.django.cache.timeout | default "1296000" | quote }} + value: {{ .Values.app.django.cache.timeout | default 1296000 }} # django general {{- if .Values.ingress.enabled }} - name: SITE_URL From 94200ccf2f8512462da058e40f2facebff414f5f Mon Sep 17 00:00:00 2001 From: bbk Date: Sun, 17 Dec 2023 13:05:27 +0100 Subject: [PATCH 3/7] prevent scientific notation for integer --- charts/wger/Chart.yaml | 2 +- charts/wger/templates/_helpers.tpl | 20 ++++++++++---------- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/charts/wger/Chart.yaml b/charts/wger/Chart.yaml index 99d3119..22518aa 100644 --- a/charts/wger/Chart.yaml +++ b/charts/wger/Chart.yaml @@ -1,6 +1,6 @@ --- apiVersion: v2 -version: 0.1.11-rc.2 +version: 0.1.11-rc.3 appVersion: latest name: wger description: A Helm chart for Wger installation on Kubernetes diff --git a/charts/wger/templates/_helpers.tpl b/charts/wger/templates/_helpers.tpl index 2d0d42b..0988fe5 100644 --- a/charts/wger/templates/_helpers.tpl +++ b/charts/wger/templates/_helpers.tpl @@ -32,16 +32,16 @@ environment: - name: DJANGO_DB_HOST value: "{{ .Release.Name }}-postgres" - name: DJANGO_DB_PORT - value: {{ .Values.postgres.service.port | quote }} + value: {{ int .Values.postgres.service.port | quote }} # django cache - name: DJANGO_CACHE_BACKEND value: "django_redis.cache.RedisCache" - name: DJANGO_CACHE_LOCATION - value: "redis://{{ .Release.Name }}-redis:{{ .Values.redis.service.serverPort }}/1" + value: "redis://{{ .Release.Name }}-redis:{{ int .Values.redis.service.serverPort }}/1" - name: DJANGO_CACHE_CLIENT_CLASS value: "django_redis.client.DefaultClient" - name: DJANGO_CACHE_TIMEOUT - value: {{ .Values.app.django.cache.timeout | default 1296000 }} + value: {{ int ".Values.app.django.cache.timeout" | default "1296000" | quote }} # django general {{- if .Values.ingress.enabled }} - name: SITE_URL @@ -75,11 +75,11 @@ environment: - name: AXES_LOCKOUT_PARAMETERS value: {{ .Values.app.axes.lockoutParameters | default "ip_address" | quote }} - name: AXES_FAILURE_LIMIT - value: {{ .Values.app.axes.failureLimit | default "10" | quote }} + value: {{ int .Values.app.axes.failureLimit | default "10" | quote }} - name: AXES_COOLOFF_TIME - value: {{ .Values.app.axes.cooloffTime | default "30" | quote }} + value: {{ int .Values.app.axes.cooloffTime | default "30" | quote }} - name: AXES_IPWARE_PROXY_COUNT - value: {{ .Values.app.axes.ipwareProxyCount | default "0" }} + value: {{ int .Values.app.axes.ipwareProxyCount | default "0" | quote }} # @todo bad default, use the default from axes REMOTE_ADDR only - name: AXES_IPWARE_META_PRECEDENCE_ORDER value: {{ .Values.app.axes.ipwareMetaPrecedenceOrder | default "X_FORWARDED_FOR,REMOTE_ADDR" | quote }} @@ -87,9 +87,9 @@ environment: value: "axes.handlers.cache.AxesCacheHandler" # jwt auth - name: ACCESS_TOKEN_LIFETIME - value: {{ .Values.app.jwt.accessTokenLifetime | default "10" | quote }} + value: {{ int .Values.app.jwt.accessTokenLifetime | default "10" | quote }} - name: REFRESH_TOKEN_LIFETIME - value: {{ .Values.app.jwt.refreshTokenLifetime | default "24" | quote }} + value: {{ int .Values.app.jwt.refreshTokenLifetime | default "24" | quote }} # others {{- if .Values.app.nginx.enabled }} - name: WGER_USE_GUNICORN @@ -133,9 +133,9 @@ environment: - name: DOWNLOAD_INGREDIENTS_FROM value: {{ .Values.celery.ingredientsFrom | default "WGER" | quote }} - name: CELERY_BROKER - value: "redis://{{ .Release.Name }}-redis:{{ .Values.redis.service.serverPort }}/2" + value: "redis://{{ .Release.Name }}-redis:{{ int .Values.redis.service.serverPort }}/2" - name: CELERY_BACKEND - value: "redis://{{ .Release.Name }}-redis:{{ .Values.redis.service.serverPort }}/2" + value: "redis://{{ .Release.Name }}-redis:{{ int .Values.redis.service.serverPort }}/2" {{- end }} {{- end }} From f98b21954512776686bc7ca02e67d7d508c0ee59 Mon Sep 17 00:00:00 2001 From: bbk Date: Sun, 17 Dec 2023 13:23:21 +0100 Subject: [PATCH 4/7] django cache fixed --- charts/wger/Chart.yaml | 2 +- charts/wger/templates/_helpers.tpl | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/wger/Chart.yaml b/charts/wger/Chart.yaml index 22518aa..cc41c2d 100644 --- a/charts/wger/Chart.yaml +++ b/charts/wger/Chart.yaml @@ -1,6 +1,6 @@ --- apiVersion: v2 -version: 0.1.11-rc.3 +version: 0.1.11-rc.4 appVersion: latest name: wger description: A Helm chart for Wger installation on Kubernetes diff --git a/charts/wger/templates/_helpers.tpl b/charts/wger/templates/_helpers.tpl index 0988fe5..32a84d9 100644 --- a/charts/wger/templates/_helpers.tpl +++ b/charts/wger/templates/_helpers.tpl @@ -41,7 +41,7 @@ environment: - name: DJANGO_CACHE_CLIENT_CLASS value: "django_redis.client.DefaultClient" - name: DJANGO_CACHE_TIMEOUT - value: {{ int ".Values.app.django.cache.timeout" | default "1296000" | quote }} + value: {{ int .Values.app.django.cache.timeout | default "1296000" | quote }} # django general {{- if .Values.ingress.enabled }} - name: SITE_URL From 6b230f76305905cb1bb3029379f7c4ad8d4463ec Mon Sep 17 00:00:00 2001 From: bbk Date: Sun, 17 Dec 2023 14:56:28 +0100 Subject: [PATCH 5/7] use correct django http header name --- charts/wger/templates/_helpers.tpl | 2 +- charts/wger/values.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/wger/templates/_helpers.tpl b/charts/wger/templates/_helpers.tpl index 32a84d9..c3f2112 100644 --- a/charts/wger/templates/_helpers.tpl +++ b/charts/wger/templates/_helpers.tpl @@ -82,7 +82,7 @@ environment: value: {{ int .Values.app.axes.ipwareProxyCount | default "0" | quote }} # @todo bad default, use the default from axes REMOTE_ADDR only - name: AXES_IPWARE_META_PRECEDENCE_ORDER - value: {{ .Values.app.axes.ipwareMetaPrecedenceOrder | default "X_FORWARDED_FOR,REMOTE_ADDR" | quote }} + value: {{ .Values.app.axes.ipwareMetaPrecedenceOrder | default "HTTP_X_FORWARDED_FOR,REMOTE_ADDR" | quote }} - name: AXES_HANDLER value: "axes.handlers.cache.AxesCacheHandler" # jwt auth diff --git a/charts/wger/values.yaml b/charts/wger/values.yaml index 4f002a2..8ad274c 100644 --- a/charts/wger/values.yaml +++ b/charts/wger/values.yaml @@ -74,7 +74,7 @@ app: # number of reverse proxies involved ipwareProxyCount: 0 # order of magnitude from last proxy for the real ip - ipwareMetaPrecedenceOrder: "X_FORWARDED_FOR,REMOTE_ADDR" + ipwareMetaPrecedenceOrder: "HTTP_X_FORWARDED_FOR,REMOTE_ADDR" # # celery synchronisation From 5aec7bff4ede8cdef67617563ae9ae7f3c7b640f Mon Sep 17 00:00:00 2001 From: bbk Date: Fri, 5 Jan 2024 08:17:33 +0100 Subject: [PATCH 6/7] update doc --- README.md | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 5ab3318..2de4d58 100644 --- a/README.md +++ b/README.md @@ -124,7 +124,7 @@ Celery requires persistent volumes. | `app.axes.failureLimit` | Limit of failed auth | String | `10` | | `app.axes.cooloffTime` | in Minutes | String | `30` | | `app.axes.ipwareProxyCount` | Count of proxies | String | `0` | -| `app.axes.ipwareMetaPrecedenceOrder` | Proxy header magnitude | List (comma separated string) | `"X_FORWARDED_FOR,REMOTE_ADDR"` | +| `app.axes.ipwareMetaPrecedenceOrder` | Proxy header magnitude | List (comma separated string) | `"HTTP_X_FORWARDED_FOR,REMOTE_ADDR"` | ### Nginx @@ -185,7 +185,7 @@ Celery requires persistent volumes. | Name | Description | Type | Default Value | |------|-------------|------|---------------| -| `app.environment` | Array of objects, representing additional environment variables to set for the deployment. | Array | see [_helpers.yaml](charts/wger/templates/_helpers.yaml) and [values.yaml](charts/wger/values.yaml) | +| `app.environment` | Array of objects, representing additional environment variables to set for the deployment. | Array | see [_helpers.yaml](charts/wger/templates/_helpers.tpl) and [values.yaml](charts/wger/values.yaml) | There are more possible ENV variables, than the ones used in the deployment. Please check [prod.env](https://github.com/wger-project/docker/blob/master/config/prod.env). @@ -282,6 +282,12 @@ python3 manage.py axes_reset_ip [IP] python3 manage.py axes_reset_username [USERNAME] ``` +To temporary disable privacy mode to see the blocked ip in the log you can login to the container and add the following setting: + +```bas +echo "AXES_SENSITIVE_PARAMETERS = []" >>settings.py +``` + ## Upgrading @@ -289,7 +295,7 @@ wger is developped in a rolling release manner, so the docker image of the relea This means we cannot upgrade with changing the image tag. -As a consequence the default `values.yaml` has set `imagePullPolicy` to `Always`, this means on every restart of the pod the image will be downloaded. +As a consequence the default `values.yaml` has set `imagePullPolicy` to `Always`, this means if the kubelet has a container image with that exact digest cached locally, the kubelet uses its cached image; otherwise, the kubelet pulls the image with the resolved digest, and uses that image to launch the container. To upgrade you can restart the deployment (k8s v1.15): @@ -297,7 +303,7 @@ To upgrade you can restart the deployment (k8s v1.15): kubectl -n wger rollout restart deploy wger-app wger-celery wger-celery-worker ``` -For PostgreSQL and Redis upgrades, please check the Groundhog2k documentation, linked at the end of the README. +For PostgreSQL and Redis upgrades, please check the Groundhog2k documentation, linked at the end. ### Postgres Upgrade Notes From ac9b9b102a8647e07e00ab6371a5f2155a204a98 Mon Sep 17 00:00:00 2001 From: bbk Date: Fri, 5 Jan 2024 08:20:29 +0100 Subject: [PATCH 7/7] bugfix release --- charts/wger/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/wger/Chart.yaml b/charts/wger/Chart.yaml index cc41c2d..241265a 100644 --- a/charts/wger/Chart.yaml +++ b/charts/wger/Chart.yaml @@ -1,6 +1,6 @@ --- apiVersion: v2 -version: 0.1.11-rc.4 +version: 0.1.11 appVersion: latest name: wger description: A Helm chart for Wger installation on Kubernetes