github/kubeshark
1
0
Fork 0
mirror of https://github.com/kubeshark/kubeshark.git synced 2025-08-29 13:54:52 +00:00
Code Issues Packages Projects Releases Wiki Activity

Template the AUTH_APPROVED_DOMAINS and certmanager.k8s.io/cluster-issuer

Browse Source 
Also add `networking.k8s.io` to `apiGroups` in `ClusterRole`
This commit is contained in:
M. Mert Yildiran 2023-05-25 05:07:42 +03:00
parent 42df7aa42f
commit be5bd6a372
No known key found for this signature in database
GPG Key ID: DA5D6DCBB758A461
9 changed files with 39 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
cmd/helmChart.go
View File

@ -144,6 +144,10 @@ var hubPodMappings = map[string]interface{}{
"name": "SCRIPTING_SCRIPTS", "name": "SCRIPTING_SCRIPTS",
"value": "[]", "value": "[]",
}, },
{
"name": "AUTH_APPROVED_DOMAINS",
"value": "{{ gt (len .Values.tap.ingress.auth.approvedDomains) 0 | ternary (join \",\" .Values.tap.ingress.auth.approvedDomains) \"\" }}",
},
}, },
"spec.containers[0].image": "{{ .Values.tap.docker.registry }}/hub:{{ .Values.tap.docker.tag }}", "spec.containers[0].image": "{{ .Values.tap.docker.registry }}/hub:{{ .Values.tap.docker.tag }}",
"spec.containers[0].imagePullPolicy": "{{ .Values.tap.docker.imagepullpolicy }}", "spec.containers[0].imagePullPolicy": "{{ .Values.tap.docker.imagepullpolicy }}",
@ -180,6 +184,7 @@ var workerDaemonSetMappings = map[string]interface{}{
var ingressClassMappings = serviceAccountMappings var ingressClassMappings = serviceAccountMappings
var ingressMappings = map[string]interface{}{ var ingressMappings = map[string]interface{}{
"metadata.namespace": "{{ .Values.tap.selfnamespace }}", "metadata.namespace": "{{ .Values.tap.selfnamespace }}",
"metadata.annotations[\"certmanager.k8s.io/cluster-issuer\"]": "{{ .Values.tap.ingress.certManager }}",
"spec.rules[0].host": "{{ .Values.tap.ingress.host }}", "spec.rules[0].host": "{{ .Values.tap.ingress.host }}",
"spec.tls": "{{ .Values.tap.ingress.tls | toYaml }}", "spec.tls": "{{ .Values.tap.ingress.tls | toYaml }}",
} }

4
helm-chart/Chart.yaml
View File

@ -1,5 +1,5 @@
apiVersion: v2 apiVersion: v2
appVersion: "40.3" appVersion: "40.4"
description: The API Traffic Analyzer for Kubernetes description: The API Traffic Analyzer for Kubernetes
home: https://kubeshark.co home: https://kubeshark.co
keywords: keywords:
@ -22,4 +22,4 @@ name: kubeshark
sources: sources:
- https://github.com/kubeshark/kubeshark/tree/master/helm-chart - https://github.com/kubeshark/kubeshark/tree/master/helm-chart
type: application type: application
version: "40.3" version: "40.4"

15
helm-chart/README.md
View File

@ -51,3 +51,18 @@ kubectl port-forward -n kubeshark service/kubeshark-front 8899:80
``` ```
Visit [localhost:8899](http://localhost:8899) Visit [localhost:8899](http://localhost:8899)
## Installing with Ingress Enabled
```shell
helm install kubeshark kubeshark/kubeshark \
--set tap.ingress.enabled=true \
--set tap.ingress.host=ks.svc.cluster.local \
--set "tap.ingress.auth.approvedDomains={gmail.com}"
```
## Installing with Persistent Storage Enabled
```shell
helm install kubeshark kubeshark/kubeshark --set tap.persistentstorage=true
```

1
helm-chart/templates/02-cluster-role.yaml
View File

@ -15,6 +15,7 @@ rules:
- "" - ""
- extensions - extensions
- apps - apps
- networking.k8s.io
resources: resources:
- pods - pods
- services - services

2
helm-chart/templates/04-hub-pod.yaml
View File

@ -25,6 +25,8 @@ spec:
value: '{}' value: '{}'
- name: SCRIPTING_SCRIPTS - name: SCRIPTING_SCRIPTS
value: '[]' value: '[]'
- name: AUTH_APPROVED_DOMAINS
value: '{{ gt (len .Values.tap.ingress.auth.approvedDomains) 0 | ternary (join "," .Values.tap.ingress.auth.approvedDomains) "" }}'
image: '{{ .Values.tap.docker.registry }}/hub:{{ .Values.tap.docker.tag }}' image: '{{ .Values.tap.docker.registry }}/hub:{{ .Values.tap.docker.tag }}'
imagePullPolicy: '{{ .Values.tap.docker.imagepullpolicy }}' imagePullPolicy: '{{ .Values.tap.docker.imagepullpolicy }}'
name: kubeshark-hub name: kubeshark-hub

2
helm-chart/templates/11-ingress.yaml
View File

@ -5,7 +5,7 @@ apiVersion: networking.k8s.io/v1
kind: Ingress kind: Ingress
metadata: metadata:
annotations: annotations:
certmanager.k8s.io/cluster-issuer: letsencrypt-prod certmanager.k8s.io/cluster-issuer: '{{ .Values.tap.ingress.certManager }}'
nginx.ingress.kubernetes.io/rewrite-target: /$2 nginx.ingress.kubernetes.io/rewrite-target: /$2
creationTimestamp: null creationTimestamp: null
labels: labels:

1
kubernetes/provider.go
View File

@ -667,6 +667,7 @@ func (provider *Provider) BuildClusterRole() *rbac.ClusterRole {
"", "",
"extensions", "extensions",
"apps", "apps",
"networking.k8s.io",
}, },
Resources: []string{ Resources: []string{
"pods", "pods",

1
manifests/02-cluster-role.yaml
View File

@ -15,6 +15,7 @@ rules:
- "" - ""
- extensions - extensions
- apps - apps
- networking.k8s.io
resources: resources:
- pods - pods
- services - services

2
resources/createResources.go
View File

@ -70,6 +70,7 @@ func CreateHubResources(ctx context.Context, kubernetesProvider *kubernetes.Prov
} }
log.Info().Str("service", kubernetes.FrontServiceName).Msg("Successfully created a service.") log.Info().Str("service", kubernetes.FrontServiceName).Msg("Successfully created a service.")
if config.Config.Tap.Ingress.Enabled {
_, err = kubernetesProvider.CreateIngressClass(ctx, kubernetesProvider.BuildIngressClass()) _, err = kubernetesProvider.CreateIngressClass(ctx, kubernetesProvider.BuildIngressClass())
if err != nil { if err != nil {
return selfServiceAccountExists, err return selfServiceAccountExists, err
@ -81,6 +82,7 @@ func CreateHubResources(ctx context.Context, kubernetesProvider *kubernetes.Prov
return selfServiceAccountExists, err return selfServiceAccountExists, err
} }
log.Info().Str("ingress", kubernetes.IngressName).Msg("Successfully created an ingress.") log.Info().Str("ingress", kubernetes.IngressName).Msg("Successfully created an ingress.")
}
return selfServiceAccountExists, nil return selfServiceAccountExists, nil
} }