✨ Add AUTH_ENABLED and AUTH_APPROVED_EMAILS environment variables to Hub's template

2025-06-21 22:08:59 +00:00 · 2023-08-09 01:22:10 +03:00 · 2023-08-09 01:22:10 +03:00 · c533bcd38c
commit c533bcd38c
parent 1d17f83931
5 changed files with 17 additions and 6 deletions
--- a/config/configStructs/tapConfig.go
+++ b/config/configStructs/tapConfig.go
@ -80,6 +80,8 @@ type ResourcesConfig struct {
 }

 type AuthConfig struct {
+	Enabled         bool     `yaml:"enabled" json:"enabled" default:"false"`
+	ApprovedEmails  []string `yaml:"approvedemails" json:"approvedemails"  default:"[]"`
 	ApprovedDomains []string `yaml:"approveddomains" json:"approveddomains"  default:"[]"`
 }

@ -89,7 +91,6 @@ type IngressConfig struct {
 	Controller  string                  `yaml:"controller" json:"controller" default:"k8s.io/ingress-nginx"`
 	Host        string                  `yaml:"host" json:"host" default:"ks.svc.cluster.local"`
 	TLS         []networking.IngressTLS `yaml:"tls" json:"tls"`
-	Auth        AuthConfig              `yaml:"auth" json:"auth"`
 	CertManager string                  `yaml:"certmanager" json:"certmanager" default:"letsencrypt-prod"`
 }

@ -118,6 +119,7 @@ type TapConfig struct {
 	Labels            map[string]string     `yaml:"labels" json:"labels" default:"{}"`
 	Annotations       map[string]string     `yaml:"annotations" json:"annotations" default:"{}"`
 	NodeSelectorTerms []v1.NodeSelectorTerm `yaml:"nodeselectorterms" json:"nodeselectorterms" default:"[]"`
+	Auth              AuthConfig            `yaml:"auth" json:"auth"`
 	Ingress           IngressConfig         `yaml:"ingress" json:"ingress"`
 	Debug             bool                  `yaml:"debug" json:"debug" default:"false"`
 }
--- a/helm-chart/README.md
+++ b/helm-chart/README.md
@ -58,7 +58,7 @@ Visit [localhost:8899](http://localhost:8899)
 helm install kubeshark kubeshark/kubeshark \
  --set tap.ingress.enabled=true \
  --set tap.ingress.host=ks.svc.cluster.local \
-  --set "tap.ingress.auth.approveddomains={gmail.com}" \
+  --set "tap.ingress.approveddomains={gmail.com}" \
  --set license=LICENSE_GOES_HERE
 ```

--- a/helm-chart/templates/04-hub-pod.yaml
+++ b/helm-chart/templates/04-hub-pod.yaml
@ -31,8 +31,12 @@ spec:
          value: '{{ .Values.scripting.env | toJson }}'
        - name: SCRIPTING_SCRIPTS
          value: '[]'
+        - name: AUTH_ENABLED
+          value: '{{ .Values.tap.auth.enabled | ternary "true" "" }}'
+        - name: AUTH_APPROVED_EMAILS
+          value: '{{ gt (len .Values.tap.auth.approvedemails) 0 | ternary (join "," .Values.tap.auth.approvedemails) "" }}'
        - name: AUTH_APPROVED_DOMAINS
-          value: '{{ gt (len .Values.tap.ingress.auth.approveddomains) 0 | ternary (join "," .Values.tap.ingress.auth.approveddomains) "" }}'
+          value: '{{ gt (len .Values.tap.auth.approveddomains) 0 | ternary (join "," .Values.tap.auth.approveddomains) "" }}'
      image: '{{ .Values.tap.docker.registry }}/hub:{{ .Values.tap.docker.tag }}'
      imagePullPolicy: {{ .Values.tap.docker.imagepullpolicy }}
      name: kubeshark-hub
--- a/helm-chart/values.yaml
+++ b/helm-chart/values.yaml
@ -46,14 +46,16 @@ tap:
  labels: {}
  annotations: {}
  nodeselectorterms: []
+  auth:
+    enabled: false
+    approvedemails: []
+    approveddomains: []
  ingress:
    enabled: false
    classname: kubeshark-ingress-class
    controller: k8s.io/ingress-nginx
    host: ks.svc.cluster.local
    tls: []
-    auth:
-      approveddomains: []
    certmanager: letsencrypt-prod
  debug: false
  ipv6: true
--- a/manifests/complete.yaml
+++ b/manifests/complete.yaml
@ -15,7 +15,6 @@ kind: ConfigMap
 metadata:
  name: kubeshark-nginx-config
  namespace: default
-  apiVersion: v1
 data:
  default.conf: |
    server {
@ -225,6 +224,10 @@ spec:
          value: '{}'
        - name: SCRIPTING_SCRIPTS
          value: '[]'
+        - name: AUTH_ENABLED
+          value: ''
+        - name: AUTH_APPROVED_EMAILS
+          value: ''
        - name: AUTH_APPROVED_DOMAINS
          value: ''
      image: 'docker.io/kubeshark/hub:latest'