Previously, when WP_ADMIN_PASSWORD was empty, the init container would
generate a random password and update the Secret. However, Helm upgrades
would start fresh containers and regenerate a new random password, causing
the Secret to not match WordPress's actual admin password.
Changes:
- Remove random password generation logic
- Require WP_ADMIN_PASSWORD to be explicitly set in values.yaml
- Exit with error if password is not provided during installation
- Only install WordPress once when database tables don't exist
- During upgrades, no installation occurs so password remains unchanged
This ensures:
1. Initial deployment: Admin must set WP_ADMIN_PASSWORD in values.yaml
2. Helm upgrades: No password changes occur (WordPress unchanged)
3. Helm rollbacks: Original password still works
4. Secret consistency: Secret always matches WordPress's actual password
Important for users:
- Initial deployment requires WP_ADMIN_PASSWORD in values.yaml
- If not provided, installation will fail with clear error message
- This prevents the password mismatch issue on upgrades
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
Implement a new nginx.forwardRealIP configuration flag to enable/disable
real client IP extraction from X-Forwarded-For headers on bare-metal clusters.
Changes:
- Added nginx.forwardRealIP.enabled flag (default: false) to values.yaml
- Added nginx.forwardRealIP.trustedProxies list for flexible proxy IP ranges
- Updated Nginx configmap to conditionally apply real IP extraction settings
- Updated FastCGI parameters to use real IP when enabled, direct connection IP otherwise
- Updated WordPress wp-config.php to conditionally extract real IPs from headers
Configuration:
- When enabled: Extracts real client IP from X-Forwarded-For header
- When disabled: Uses direct connection IP (default Nginx behavior)
- Supports custom proxy IP ranges for CloudFlare, AWS ALB, etc.
This allows Helmchart to work seamlessly on both:
1. Bare-metal clusters with iptables load balancing
2. Cloud-managed clusters with proper IP forwarding
Version bumped to 6.9.0-a (WordPress version with implementation suffix)
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
