diff --git a/cmd/helmChart.go b/cmd/helmChart.go index 60232f3bf..05ce50676 100644 --- a/cmd/helmChart.go +++ b/cmd/helmChart.go @@ -144,6 +144,10 @@ var hubPodMappings = map[string]interface{}{ "name": "SCRIPTING_SCRIPTS", "value": "[]", }, + { + "name": "AUTH_APPROVED_DOMAINS", + "value": "{{ gt (len .Values.tap.ingress.auth.approvedDomains) 0 | ternary (join \",\" .Values.tap.ingress.auth.approvedDomains) \"\" }}", + }, }, "spec.containers[0].image": "{{ .Values.tap.docker.registry }}/hub:{{ .Values.tap.docker.tag }}", "spec.containers[0].imagePullPolicy": "{{ .Values.tap.docker.imagepullpolicy }}", @@ -180,6 +184,7 @@ var workerDaemonSetMappings = map[string]interface{}{ var ingressClassMappings = serviceAccountMappings var ingressMappings = map[string]interface{}{ "metadata.namespace": "{{ .Values.tap.selfnamespace }}", + "metadata.annotations[\"certmanager.k8s.io/cluster-issuer\"]": "{{ .Values.tap.ingress.certManager }}", "spec.rules[0].host": "{{ .Values.tap.ingress.host }}", "spec.tls": "{{ .Values.tap.ingress.tls | toYaml }}", } diff --git a/helm-chart/Chart.yaml b/helm-chart/Chart.yaml index 46920efd8..19f90b094 100644 --- a/helm-chart/Chart.yaml +++ b/helm-chart/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: "40.3" +appVersion: "40.4" description: The API Traffic Analyzer for Kubernetes home: https://kubeshark.co keywords: @@ -22,4 +22,4 @@ name: kubeshark sources: - https://github.com/kubeshark/kubeshark/tree/master/helm-chart type: application -version: "40.3" +version: "40.4" diff --git a/helm-chart/README.md b/helm-chart/README.md index 5bec29aff..72ac1a37a 100644 --- a/helm-chart/README.md +++ b/helm-chart/README.md @@ -51,3 +51,18 @@ kubectl port-forward -n kubeshark service/kubeshark-front 8899:80 ``` Visit [localhost:8899](http://localhost:8899) + +## Installing with Ingress Enabled + +```shell +helm install kubeshark kubeshark/kubeshark \ + --set tap.ingress.enabled=true \ + --set tap.ingress.host=ks.svc.cluster.local \ + --set "tap.ingress.auth.approvedDomains={gmail.com}" +``` + +## Installing with Persistent Storage Enabled + +```shell +helm install kubeshark kubeshark/kubeshark --set tap.persistentstorage=true +``` diff --git a/helm-chart/templates/02-cluster-role.yaml b/helm-chart/templates/02-cluster-role.yaml index 1c8399d6b..aa535472f 100644 --- a/helm-chart/templates/02-cluster-role.yaml +++ b/helm-chart/templates/02-cluster-role.yaml @@ -15,6 +15,7 @@ rules: - "" - extensions - apps + - networking.k8s.io resources: - pods - services diff --git a/helm-chart/templates/04-hub-pod.yaml b/helm-chart/templates/04-hub-pod.yaml index 5f796751a..1b223475b 100644 --- a/helm-chart/templates/04-hub-pod.yaml +++ b/helm-chart/templates/04-hub-pod.yaml @@ -25,6 +25,8 @@ spec: value: '{}' - name: SCRIPTING_SCRIPTS value: '[]' + - name: AUTH_APPROVED_DOMAINS + value: '{{ gt (len .Values.tap.ingress.auth.approvedDomains) 0 | ternary (join "," .Values.tap.ingress.auth.approvedDomains) "" }}' image: '{{ .Values.tap.docker.registry }}/hub:{{ .Values.tap.docker.tag }}' imagePullPolicy: '{{ .Values.tap.docker.imagepullpolicy }}' name: kubeshark-hub diff --git a/helm-chart/templates/11-ingress.yaml b/helm-chart/templates/11-ingress.yaml index bbab56dc2..fd817339e 100644 --- a/helm-chart/templates/11-ingress.yaml +++ b/helm-chart/templates/11-ingress.yaml @@ -5,7 +5,7 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: annotations: - certmanager.k8s.io/cluster-issuer: letsencrypt-prod + certmanager.k8s.io/cluster-issuer: '{{ .Values.tap.ingress.certManager }}' nginx.ingress.kubernetes.io/rewrite-target: /$2 creationTimestamp: null labels: diff --git a/kubernetes/provider.go b/kubernetes/provider.go index f2ec5db4e..c307bb82b 100644 --- a/kubernetes/provider.go +++ b/kubernetes/provider.go @@ -667,6 +667,7 @@ func (provider *Provider) BuildClusterRole() *rbac.ClusterRole { "", "extensions", "apps", + "networking.k8s.io", }, Resources: []string{ "pods", diff --git a/manifests/02-cluster-role.yaml b/manifests/02-cluster-role.yaml index 5826702a7..77c3c87ad 100644 --- a/manifests/02-cluster-role.yaml +++ b/manifests/02-cluster-role.yaml @@ -15,6 +15,7 @@ rules: - "" - extensions - apps + - networking.k8s.io resources: - pods - services diff --git a/resources/createResources.go b/resources/createResources.go index 0fa607547..cc3e65327 100644 --- a/resources/createResources.go +++ b/resources/createResources.go @@ -70,17 +70,19 @@ func CreateHubResources(ctx context.Context, kubernetesProvider *kubernetes.Prov } log.Info().Str("service", kubernetes.FrontServiceName).Msg("Successfully created a service.") - _, err = kubernetesProvider.CreateIngressClass(ctx, kubernetesProvider.BuildIngressClass()) - if err != nil { - return selfServiceAccountExists, err - } - log.Info().Str("ingress-class", kubernetes.IngressClassName).Msg("Successfully created an ingress class.") + if config.Config.Tap.Ingress.Enabled { + _, err = kubernetesProvider.CreateIngressClass(ctx, kubernetesProvider.BuildIngressClass()) + if err != nil { + return selfServiceAccountExists, err + } + log.Info().Str("ingress-class", kubernetes.IngressClassName).Msg("Successfully created an ingress class.") - _, err = kubernetesProvider.CreateIngress(ctx, selfNamespace, kubernetesProvider.BuildIngress()) - if err != nil { - return selfServiceAccountExists, err + _, err = kubernetesProvider.CreateIngress(ctx, selfNamespace, kubernetesProvider.BuildIngress()) + if err != nil { + return selfServiceAccountExists, err + } + log.Info().Str("ingress", kubernetes.IngressName).Msg("Successfully created an ingress.") } - log.Info().Str("ingress", kubernetes.IngressName).Msg("Successfully created an ingress.") return selfServiceAccountExists, nil }