Template the AUTH_APPROVED_DOMAINS and certmanager.k8s.io/cluster-issuer

Also add `networking.k8s.io` to `apiGroups` in `ClusterRole`
This commit is contained in:
M. Mert Yildiran 2023-05-25 05:07:42 +03:00
parent 42df7aa42f
commit be5bd6a372
No known key found for this signature in database
GPG Key ID: DA5D6DCBB758A461
9 changed files with 39 additions and 12 deletions

View File

@ -144,6 +144,10 @@ var hubPodMappings = map[string]interface{}{
"name": "SCRIPTING_SCRIPTS",
"value": "[]",
},
{
"name": "AUTH_APPROVED_DOMAINS",
"value": "{{ gt (len .Values.tap.ingress.auth.approvedDomains) 0 | ternary (join \",\" .Values.tap.ingress.auth.approvedDomains) \"\" }}",
},
},
"spec.containers[0].image": "{{ .Values.tap.docker.registry }}/hub:{{ .Values.tap.docker.tag }}",
"spec.containers[0].imagePullPolicy": "{{ .Values.tap.docker.imagepullpolicy }}",
@ -180,6 +184,7 @@ var workerDaemonSetMappings = map[string]interface{}{
var ingressClassMappings = serviceAccountMappings
var ingressMappings = map[string]interface{}{
"metadata.namespace": "{{ .Values.tap.selfnamespace }}",
"metadata.annotations[\"certmanager.k8s.io/cluster-issuer\"]": "{{ .Values.tap.ingress.certManager }}",
"spec.rules[0].host": "{{ .Values.tap.ingress.host }}",
"spec.tls": "{{ .Values.tap.ingress.tls | toYaml }}",
}

View File

@ -1,5 +1,5 @@
apiVersion: v2
appVersion: "40.3"
appVersion: "40.4"
description: The API Traffic Analyzer for Kubernetes
home: https://kubeshark.co
keywords:
@ -22,4 +22,4 @@ name: kubeshark
sources:
- https://github.com/kubeshark/kubeshark/tree/master/helm-chart
type: application
version: "40.3"
version: "40.4"

View File

@ -51,3 +51,18 @@ kubectl port-forward -n kubeshark service/kubeshark-front 8899:80
```
Visit [localhost:8899](http://localhost:8899)
## Installing with Ingress Enabled
```shell
helm install kubeshark kubeshark/kubeshark \
--set tap.ingress.enabled=true \
--set tap.ingress.host=ks.svc.cluster.local \
--set "tap.ingress.auth.approvedDomains={gmail.com}"
```
## Installing with Persistent Storage Enabled
```shell
helm install kubeshark kubeshark/kubeshark --set tap.persistentstorage=true
```

View File

@ -15,6 +15,7 @@ rules:
- ""
- extensions
- apps
- networking.k8s.io
resources:
- pods
- services

View File

@ -25,6 +25,8 @@ spec:
value: '{}'
- name: SCRIPTING_SCRIPTS
value: '[]'
- name: AUTH_APPROVED_DOMAINS
value: '{{ gt (len .Values.tap.ingress.auth.approvedDomains) 0 | ternary (join "," .Values.tap.ingress.auth.approvedDomains) "" }}'
image: '{{ .Values.tap.docker.registry }}/hub:{{ .Values.tap.docker.tag }}'
imagePullPolicy: '{{ .Values.tap.docker.imagepullpolicy }}'
name: kubeshark-hub

View File

@ -5,7 +5,7 @@ apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
certmanager.k8s.io/cluster-issuer: letsencrypt-prod
certmanager.k8s.io/cluster-issuer: '{{ .Values.tap.ingress.certManager }}'
nginx.ingress.kubernetes.io/rewrite-target: /$2
creationTimestamp: null
labels:

View File

@ -667,6 +667,7 @@ func (provider *Provider) BuildClusterRole() *rbac.ClusterRole {
"",
"extensions",
"apps",
"networking.k8s.io",
},
Resources: []string{
"pods",

View File

@ -15,6 +15,7 @@ rules:
- ""
- extensions
- apps
- networking.k8s.io
resources:
- pods
- services

View File

@ -70,17 +70,19 @@ func CreateHubResources(ctx context.Context, kubernetesProvider *kubernetes.Prov
}
log.Info().Str("service", kubernetes.FrontServiceName).Msg("Successfully created a service.")
_, err = kubernetesProvider.CreateIngressClass(ctx, kubernetesProvider.BuildIngressClass())
if err != nil {
return selfServiceAccountExists, err
}
log.Info().Str("ingress-class", kubernetes.IngressClassName).Msg("Successfully created an ingress class.")
if config.Config.Tap.Ingress.Enabled {
_, err = kubernetesProvider.CreateIngressClass(ctx, kubernetesProvider.BuildIngressClass())
if err != nil {
return selfServiceAccountExists, err
}
log.Info().Str("ingress-class", kubernetes.IngressClassName).Msg("Successfully created an ingress class.")
_, err = kubernetesProvider.CreateIngress(ctx, selfNamespace, kubernetesProvider.BuildIngress())
if err != nil {
return selfServiceAccountExists, err
_, err = kubernetesProvider.CreateIngress(ctx, selfNamespace, kubernetesProvider.BuildIngress())
if err != nil {
return selfServiceAccountExists, err
}
log.Info().Str("ingress", kubernetes.IngressName).Msg("Successfully created an ingress.")
}
log.Info().Str("ingress", kubernetes.IngressName).Msg("Successfully created an ingress.")
return selfServiceAccountExists, nil
}