Mac Chaffee

@besha100 If you add a new configmap to the pod, the whole pod will restart. Do you mean make an edit to a configmap mounted in extraVolumes? I tried that,...

That's what I tried. I actually use that technique to get around the [4096 character limit](https://github.com/nginx/nginx/blob/master/src/core/ngx_conf_file.c#L11) for `modsecurity-snippet`: ``` controller: extraVolumeMounts: - name: renci-modsecurity-rules mountPath: /etc/nginx/owasp-modsecurity-crs/custom/ extraVolumes: - name: renci-modsecurity-rules...

That's what I do, and it works every time for me. Although I'm not running the latest version of ingress-nginx. A newer version changes how the custom rules are loaded...

The extra_settings get inserted literally into a settings.py file, but in this case the AUTH_LDAP_GROUP_TYPE is not expected to be a string, it should be a Python class: https://django-auth-ldap.readthedocs.io/en/latest/reference.html#auth-ldap-group-type But...

Sometimes the message about waiting for migrations can be misleading. The script `/usr/local/bin/wait-for-migrations` just runs `awx-manage check` and `awx-manage showmigrations`. Those can error for other reasons, like malformed LDAP config...

It is possible to workaround this, but it's pretty gnarly: ``` extra_settings: - setting: AUTH_LDAP_SERVER_URI value: '"ldaps://example.com"; from django_auth_ldap.config import GroupOfNamesType' ... - setting: AUTH_LDAP_GROUP_TYPE value: "GroupOfNamesType(name_attr='cn')" ```

'modsecurity_rules' and 'modsecurity_rules_file' have precedence of their own outside of just the order in which they're listed in nginx.conf? Just skimming the code, it looks like those directives both just...

Oh I do see they are changing `mmcf->rules_inline` vs. `mmcf->rules_file`, so maybe there is a difference, hmm EDIT: oh that's just a counter, nvm I should stop guessing haha

Yes, sounds like we haven't identified exactly what should take precedence over what. It would be good to document this somewhere because the prevailing wisdom is incorrect: that last writer...

If mixing `modsecurity_rules/modsecurity_rules_file` is supported, then my question is still unanswered. But if you're saying mixing `modsecurity_rules/modsecurity_rules_file` isn't supported, I'd think we should definitely document that. I'd be happy to...