github/kubeshark
1
0
Fork 0
mirror of https://github.com/kubeshark/kubeshark.git synced 2025-05-07 16:18:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

🔨 Add ApprovedTenants field to AuthConfig and enable auth by default

Browse Source
This commit is contained in:
M. Mert Yildiran 2023-10-26 20:27:34 +03:00
parent 2757b7419f
commit 62d4c3a86e
No known key found for this signature in database
GPG Key ID: DA5D6DCBB758A461
7 changed files with 10 additions and 3 deletions
cmd
tapRunner.go
config/configStructs
tapConfig.go
helm-chart
README.md
templates
12-config-map.yaml
values.yaml
kubernetes
config.go
manifests
complete.yaml

1
cmd/tapRunner.go
View File

@ -457,4 +457,5 @@ func updateConfig(kubernetesProvider *kubernetes.Provider) {
_, _ = kubernetes.SetConfig(kubernetesProvider, kubernetes.CONFIG_AUTH_ENABLED, authEnabled)
_, _ = kubernetes.SetConfig(kubernetesProvider, kubernetes.CONFIG_AUTH_APPROVED_EMAILS, strings.Join(config.Config.Tap.Auth.ApprovedEmails, ","))
_, _ = kubernetes.SetConfig(kubernetesProvider, kubernetes.CONFIG_AUTH_APPROVED_DOMAINS, strings.Join(config.Config.Tap.Auth.ApprovedDomains, ","))
_, _ = kubernetes.SetConfig(kubernetesProvider, kubernetes.CONFIG_AUTH_TENANT_IDS, strings.Join(config.Config.Tap.Auth.ApprovedTenants, ","))
}

3
config/configStructs/tapConfig.go
View File

@ -81,9 +81,10 @@ type ResourcesConfig struct {
}
type AuthConfig struct {
Enabled bool `yaml:"enabled" json:"enabled" default:"false"`
Enabled bool `yaml:"enabled" json:"enabled" default:"true"`
ApprovedEmails []string `yaml:"approvedEmails" json:"approvedEmails" default:"[]"`
ApprovedDomains []string `yaml:"approvedDomains" json:"approvedDomains" default:"[]"`
ApprovedTenants []string `yaml:"approvedTenants" json:"approvedTenants" default:"[]"`
}
type IngressConfig struct {

1
helm-chart/README.md
View File

@ -65,6 +65,7 @@ tap:
approvedEmails:
- john.doe@example.com
approvedDomains: []
approvedTenants: []
ingress:
enabled: true
className: "alb"

1
helm-chart/templates/12-config-map.yaml
View File

@ -14,4 +14,5 @@ data:
AUTH_ENABLED: '{{ .Values.tap.auth.enabled | ternary "true" "" }}'
AUTH_APPROVED_EMAILS: '{{ gt (len .Values.tap.auth.approvedEmails) 0 | ternary (join "," .Values.tap.auth.approvedEmails) "" }}'
AUTH_APPROVED_DOMAINS: '{{ gt (len .Values.tap.auth.approvedDomains) 0 | ternary (join "," .Values.tap.auth.approvedDomains) "" }}'
AUTH_APPROVED_TENANTS: '{{ gt (len .Values.tap.auth.approvedTenants) 0 | ternary (join "," .Values.tap.auth.approvedTenants) "" }}'
TELEMETRY_DISABLED: '{{ not .Values.tap.telemetry.enabled | ternary "true" "" }}'

3
helm-chart/values.yaml
View File

@ -51,9 +51,10 @@ tap:
values:
- linux
auth:
enabled: false
enabled: true
approvedEmails: []
approvedDomains: []
approvedTenants: []
ingress:
enabled: false
className: ""

1
kubernetes/config.go
View File

@ -19,6 +19,7 @@ const (
CONFIG_AUTH_ENABLED = "AUTH_ENABLED"
CONFIG_AUTH_APPROVED_EMAILS = "AUTH_APPROVED_EMAILS"
CONFIG_AUTH_APPROVED_DOMAINS = "AUTH_APPROVED_DOMAINS"
CONFIG_AUTH_TENANT_IDS = "AUTH_TENANT_IDS"
)
func SetSecret(provider *Provider, key string, value string) (updated bool, err error) {

3
manifests/complete.yaml
View File

@ -95,9 +95,10 @@ data:
NAMESPACES: ''
SCRIPTING_ENV: '{}'
SCRIPTING_SCRIPTS: '{}'
AUTH_ENABLED: ''
AUTH_ENABLED: 'true'
AUTH_APPROVED_EMAILS: ''
AUTH_APPROVED_DOMAINS: ''
AUTH_APPROVED_TENANTS: ''
TELEMETRY_DISABLED: ''
---
# Source: kubeshark/templates/02-cluster-role.yaml