mirror of
https://github.com/kubeshark/kubeshark.git
synced 2025-08-28 13:25:13 +00:00
⚡ Template the AUTH_APPROVED_DOMAINS
and certmanager.k8s.io/cluster-issuer
Also add `networking.k8s.io` to `apiGroups` in `ClusterRole`
This commit is contained in:
parent
42df7aa42f
commit
be5bd6a372
@ -144,6 +144,10 @@ var hubPodMappings = map[string]interface{}{
|
||||
"name": "SCRIPTING_SCRIPTS",
|
||||
"value": "[]",
|
||||
},
|
||||
{
|
||||
"name": "AUTH_APPROVED_DOMAINS",
|
||||
"value": "{{ gt (len .Values.tap.ingress.auth.approvedDomains) 0 | ternary (join \",\" .Values.tap.ingress.auth.approvedDomains) \"\" }}",
|
||||
},
|
||||
},
|
||||
"spec.containers[0].image": "{{ .Values.tap.docker.registry }}/hub:{{ .Values.tap.docker.tag }}",
|
||||
"spec.containers[0].imagePullPolicy": "{{ .Values.tap.docker.imagepullpolicy }}",
|
||||
@ -180,6 +184,7 @@ var workerDaemonSetMappings = map[string]interface{}{
|
||||
var ingressClassMappings = serviceAccountMappings
|
||||
var ingressMappings = map[string]interface{}{
|
||||
"metadata.namespace": "{{ .Values.tap.selfnamespace }}",
|
||||
"metadata.annotations[\"certmanager.k8s.io/cluster-issuer\"]": "{{ .Values.tap.ingress.certManager }}",
|
||||
"spec.rules[0].host": "{{ .Values.tap.ingress.host }}",
|
||||
"spec.tls": "{{ .Values.tap.ingress.tls | toYaml }}",
|
||||
}
|
||||
|
@ -1,5 +1,5 @@
|
||||
apiVersion: v2
|
||||
appVersion: "40.3"
|
||||
appVersion: "40.4"
|
||||
description: The API Traffic Analyzer for Kubernetes
|
||||
home: https://kubeshark.co
|
||||
keywords:
|
||||
@ -22,4 +22,4 @@ name: kubeshark
|
||||
sources:
|
||||
- https://github.com/kubeshark/kubeshark/tree/master/helm-chart
|
||||
type: application
|
||||
version: "40.3"
|
||||
version: "40.4"
|
||||
|
@ -51,3 +51,18 @@ kubectl port-forward -n kubeshark service/kubeshark-front 8899:80
|
||||
```
|
||||
|
||||
Visit [localhost:8899](http://localhost:8899)
|
||||
|
||||
## Installing with Ingress Enabled
|
||||
|
||||
```shell
|
||||
helm install kubeshark kubeshark/kubeshark \
|
||||
--set tap.ingress.enabled=true \
|
||||
--set tap.ingress.host=ks.svc.cluster.local \
|
||||
--set "tap.ingress.auth.approvedDomains={gmail.com}"
|
||||
```
|
||||
|
||||
## Installing with Persistent Storage Enabled
|
||||
|
||||
```shell
|
||||
helm install kubeshark kubeshark/kubeshark --set tap.persistentstorage=true
|
||||
```
|
||||
|
@ -15,6 +15,7 @@ rules:
|
||||
- ""
|
||||
- extensions
|
||||
- apps
|
||||
- networking.k8s.io
|
||||
resources:
|
||||
- pods
|
||||
- services
|
||||
|
@ -25,6 +25,8 @@ spec:
|
||||
value: '{}'
|
||||
- name: SCRIPTING_SCRIPTS
|
||||
value: '[]'
|
||||
- name: AUTH_APPROVED_DOMAINS
|
||||
value: '{{ gt (len .Values.tap.ingress.auth.approvedDomains) 0 | ternary (join "," .Values.tap.ingress.auth.approvedDomains) "" }}'
|
||||
image: '{{ .Values.tap.docker.registry }}/hub:{{ .Values.tap.docker.tag }}'
|
||||
imagePullPolicy: '{{ .Values.tap.docker.imagepullpolicy }}'
|
||||
name: kubeshark-hub
|
||||
|
@ -5,7 +5,7 @@ apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
annotations:
|
||||
certmanager.k8s.io/cluster-issuer: letsencrypt-prod
|
||||
certmanager.k8s.io/cluster-issuer: '{{ .Values.tap.ingress.certManager }}'
|
||||
nginx.ingress.kubernetes.io/rewrite-target: /$2
|
||||
creationTimestamp: null
|
||||
labels:
|
||||
|
@ -667,6 +667,7 @@ func (provider *Provider) BuildClusterRole() *rbac.ClusterRole {
|
||||
"",
|
||||
"extensions",
|
||||
"apps",
|
||||
"networking.k8s.io",
|
||||
},
|
||||
Resources: []string{
|
||||
"pods",
|
||||
|
@ -15,6 +15,7 @@ rules:
|
||||
- ""
|
||||
- extensions
|
||||
- apps
|
||||
- networking.k8s.io
|
||||
resources:
|
||||
- pods
|
||||
- services
|
||||
|
@ -70,17 +70,19 @@ func CreateHubResources(ctx context.Context, kubernetesProvider *kubernetes.Prov
|
||||
}
|
||||
log.Info().Str("service", kubernetes.FrontServiceName).Msg("Successfully created a service.")
|
||||
|
||||
_, err = kubernetesProvider.CreateIngressClass(ctx, kubernetesProvider.BuildIngressClass())
|
||||
if err != nil {
|
||||
return selfServiceAccountExists, err
|
||||
}
|
||||
log.Info().Str("ingress-class", kubernetes.IngressClassName).Msg("Successfully created an ingress class.")
|
||||
if config.Config.Tap.Ingress.Enabled {
|
||||
_, err = kubernetesProvider.CreateIngressClass(ctx, kubernetesProvider.BuildIngressClass())
|
||||
if err != nil {
|
||||
return selfServiceAccountExists, err
|
||||
}
|
||||
log.Info().Str("ingress-class", kubernetes.IngressClassName).Msg("Successfully created an ingress class.")
|
||||
|
||||
_, err = kubernetesProvider.CreateIngress(ctx, selfNamespace, kubernetesProvider.BuildIngress())
|
||||
if err != nil {
|
||||
return selfServiceAccountExists, err
|
||||
_, err = kubernetesProvider.CreateIngress(ctx, selfNamespace, kubernetesProvider.BuildIngress())
|
||||
if err != nil {
|
||||
return selfServiceAccountExists, err
|
||||
}
|
||||
log.Info().Str("ingress", kubernetes.IngressName).Msg("Successfully created an ingress.")
|
||||
}
|
||||
log.Info().Str("ingress", kubernetes.IngressName).Msg("Successfully created an ingress.")
|
||||
|
||||
return selfServiceAccountExists, nil
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user