From 250a87840749b471d5a8bfe0d684305b1dc83b97 Mon Sep 17 00:00:00 2001
From: Adrian Wyssmann <papanito@wyssmann.com>
Date: Sat, 5 Aug 2023 17:43:13 +0200
Subject: [PATCH] =?UTF-8?q?=E2=9C=A8=20Allow=20to=20disable=20IPv6=20for?=
 =?UTF-8?q?=20nginx=20ingress=20(#1392)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-authored-by: M. Mert Yildiran <me@mertyildiran.com>
---
 helm-chart/README.md                      | 11 +++++++++
 helm-chart/templates/06-front-pod.yaml    |  9 ++++++++
 helm-chart/templates/12-nginx-config.yaml | 27 +++++++++++++++++++++++
 helm-chart/values.yaml                    |  1 +
 4 files changed, 48 insertions(+)
 create mode 100644 helm-chart/templates/12-nginx-config.yaml

diff --git a/helm-chart/README.md b/helm-chart/README.md
index 79a657849..ed1dc3c98 100644
--- a/helm-chart/README.md
+++ b/helm-chart/README.md
@@ -61,6 +61,7 @@ helm install kubeshark kubeshark/kubeshark \
   --set "tap.ingress.auth.approveddomains={gmail.com}" \
   --set license=LICENSE_GOES_HERE
 ```
+
 You can get your license [here](https://console.kubeshark.co/).
 
 ## Installing with Persistent Storage Enabled
@@ -70,4 +71,14 @@ helm install kubeshark kubeshark/kubeshark \
   --set tap.persistentstorage=true \
   --set license=LICENSE_GOES_HERE
 ```
+
 You can get your license [here](https://console.kubeshark.co/).
+
+## Disabling IPV6
+
+Not all have IPV6 enabled, hence this has to be disabled as follows:
+
+```shell
+helm install kubeshark kubeshark/kubeshark \
+  --set tap.ipv6=false
+```
diff --git a/helm-chart/templates/06-front-pod.yaml b/helm-chart/templates/06-front-pod.yaml
index 7083dddb4..d5192e375 100644
--- a/helm-chart/templates/06-front-pod.yaml
+++ b/helm-chart/templates/06-front-pod.yaml
@@ -41,6 +41,15 @@ spec:
         requests:
           cpu: 50m
           memory: 50Mi
+      volumeMounts:
+        - name: nginx-config
+          mountPath: /etc/nginx/conf.d/default.conf
+          subPath: default.conf
+          readOnly: true
+  volumes:
+    - name: nginx-config
+      configMap:
+        name:  kubeshark-nginx-config
   dnsPolicy: ClusterFirstWithHostNet
   serviceAccountName: kubeshark-service-account
   terminationGracePeriodSeconds: 0
diff --git a/helm-chart/templates/12-nginx-config.yaml b/helm-chart/templates/12-nginx-config.yaml
new file mode 100644
index 000000000..e102a23cf
--- /dev/null
+++ b/helm-chart/templates/12-nginx-config.yaml
@@ -0,0 +1,27 @@
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: kubeshark-nginx-config
+  namespace: {{ .Release.Namespace }}
+  apiVersion: v1
+data:
+  default.conf: |
+    server {
+      listen 80;
+{{- if .Values.tap.ipv6 }}
+      listen [::]:80;
+{{- end }}
+      add_header Cache-Control no-cache;
+      location / {
+        root   /usr/share/nginx/html;
+        index  index.html index.htm;
+        try_files $uri $uri/ /index.html;
+        expires -1;
+      }
+      error_page   500 502 503 504  /50x.html;
+      location = /50x.html {
+        root   /usr/share/nginx/html;
+      }
+    }
+
diff --git a/helm-chart/values.yaml b/helm-chart/values.yaml
index d6b2dfa03..018d360f9 100644
--- a/helm-chart/values.yaml
+++ b/helm-chart/values.yaml
@@ -56,6 +56,7 @@ tap:
       approveddomains: []
     certmanager: letsencrypt-prod
   debug: false
+  ipv6: true
 logs:
   file: ""
 kube: