From 09bf431fe736c0bf78ad13e1e50f700c0f581c17 Mon Sep 17 00:00:00 2001
From: "Sphicas, Phil (ps3910)" <ps3910@att.com>
Date: Wed, 3 Jul 2019 22:47:40 -0700
Subject: [PATCH] MariaDB: Disable SSL chain completion on ingress controller

This PS sets `--enable-ssl-chain-completion=false` for the MariaDB
ingress controller. This is the default for current versions of
the nginx-ingress-controller, but for 0.9.0 needs to be set.

If enableSSLChainCompletion is left on, nginx will attempt to
autocomplete SSL certificate chains with missing intermediate CA
certificates, causing unnecessary network and errors in pod logs.

Change-Id: I088b33fe994281dca6997baa87a6b599c3f10c14
Closes-Bug: #1835364
---
 mariadb/templates/bin/_mariadb-ingress-controller.sh.tpl | 1 +
 1 file changed, 1 insertion(+)

diff --git a/mariadb/templates/bin/_mariadb-ingress-controller.sh.tpl b/mariadb/templates/bin/_mariadb-ingress-controller.sh.tpl
index 3e560c6b1b..903c947fa5 100644
--- a/mariadb/templates/bin/_mariadb-ingress-controller.sh.tpl
+++ b/mariadb/templates/bin/_mariadb-ingress-controller.sh.tpl
@@ -29,6 +29,7 @@ function start () {
       --ingress-class=${INGRESS_CLASS} \
       --default-backend-service=${POD_NAMESPACE}/${ERROR_PAGE_SERVICE} \
       --configmap=${POD_NAMESPACE}/mariadb-ingress-conf \
+      --enable-ssl-chain-completion=false \
       --tcp-services-configmap=${POD_NAMESPACE}/mariadb-services-tcp
 }