From c533bcd38cedb3a28bd6763a8e54c2e454bf38a2 Mon Sep 17 00:00:00 2001 From: "M. Mert Yildiran" Date: Wed, 9 Aug 2023 01:22:10 +0300 Subject: [PATCH] :sparkles: Add `AUTH_ENABLED` and `AUTH_APPROVED_EMAILS` environment variables to Hub's template --- config/configStructs/tapConfig.go | 4 +++- helm-chart/README.md | 2 +- helm-chart/templates/04-hub-pod.yaml | 6 +++++- helm-chart/values.yaml | 6 ++++-- manifests/complete.yaml | 5 ++++- 5 files changed, 17 insertions(+), 6 deletions(-) diff --git a/config/configStructs/tapConfig.go b/config/configStructs/tapConfig.go index 75cb8fd11..f40a19318 100644 --- a/config/configStructs/tapConfig.go +++ b/config/configStructs/tapConfig.go @@ -80,6 +80,8 @@ type ResourcesConfig struct { } type AuthConfig struct { + Enabled bool `yaml:"enabled" json:"enabled" default:"false"` + ApprovedEmails []string `yaml:"approvedemails" json:"approvedemails" default:"[]"` ApprovedDomains []string `yaml:"approveddomains" json:"approveddomains" default:"[]"` } @@ -89,7 +91,6 @@ type IngressConfig struct { Controller string `yaml:"controller" json:"controller" default:"k8s.io/ingress-nginx"` Host string `yaml:"host" json:"host" default:"ks.svc.cluster.local"` TLS []networking.IngressTLS `yaml:"tls" json:"tls"` - Auth AuthConfig `yaml:"auth" json:"auth"` CertManager string `yaml:"certmanager" json:"certmanager" default:"letsencrypt-prod"` } @@ -118,6 +119,7 @@ type TapConfig struct { Labels map[string]string `yaml:"labels" json:"labels" default:"{}"` Annotations map[string]string `yaml:"annotations" json:"annotations" default:"{}"` NodeSelectorTerms []v1.NodeSelectorTerm `yaml:"nodeselectorterms" json:"nodeselectorterms" default:"[]"` + Auth AuthConfig `yaml:"auth" json:"auth"` Ingress IngressConfig `yaml:"ingress" json:"ingress"` Debug bool `yaml:"debug" json:"debug" default:"false"` } diff --git a/helm-chart/README.md b/helm-chart/README.md index ed1dc3c98..c0f4e8530 100644 --- a/helm-chart/README.md +++ b/helm-chart/README.md @@ -58,7 +58,7 @@ Visit [localhost:8899](http://localhost:8899) helm install kubeshark kubeshark/kubeshark \ --set tap.ingress.enabled=true \ --set tap.ingress.host=ks.svc.cluster.local \ - --set "tap.ingress.auth.approveddomains={gmail.com}" \ + --set "tap.ingress.approveddomains={gmail.com}" \ --set license=LICENSE_GOES_HERE ``` diff --git a/helm-chart/templates/04-hub-pod.yaml b/helm-chart/templates/04-hub-pod.yaml index f33a0838c..d1f7740b5 100644 --- a/helm-chart/templates/04-hub-pod.yaml +++ b/helm-chart/templates/04-hub-pod.yaml @@ -31,8 +31,12 @@ spec: value: '{{ .Values.scripting.env | toJson }}' - name: SCRIPTING_SCRIPTS value: '[]' + - name: AUTH_ENABLED + value: '{{ .Values.tap.auth.enabled | ternary "true" "" }}' + - name: AUTH_APPROVED_EMAILS + value: '{{ gt (len .Values.tap.auth.approvedemails) 0 | ternary (join "," .Values.tap.auth.approvedemails) "" }}' - name: AUTH_APPROVED_DOMAINS - value: '{{ gt (len .Values.tap.ingress.auth.approveddomains) 0 | ternary (join "," .Values.tap.ingress.auth.approveddomains) "" }}' + value: '{{ gt (len .Values.tap.auth.approveddomains) 0 | ternary (join "," .Values.tap.auth.approveddomains) "" }}' image: '{{ .Values.tap.docker.registry }}/hub:{{ .Values.tap.docker.tag }}' imagePullPolicy: {{ .Values.tap.docker.imagepullpolicy }} name: kubeshark-hub diff --git a/helm-chart/values.yaml b/helm-chart/values.yaml index 018d360f9..38f095761 100644 --- a/helm-chart/values.yaml +++ b/helm-chart/values.yaml @@ -46,14 +46,16 @@ tap: labels: {} annotations: {} nodeselectorterms: [] + auth: + enabled: false + approvedemails: [] + approveddomains: [] ingress: enabled: false classname: kubeshark-ingress-class controller: k8s.io/ingress-nginx host: ks.svc.cluster.local tls: [] - auth: - approveddomains: [] certmanager: letsencrypt-prod debug: false ipv6: true diff --git a/manifests/complete.yaml b/manifests/complete.yaml index 1a7bac45a..38383076d 100644 --- a/manifests/complete.yaml +++ b/manifests/complete.yaml @@ -15,7 +15,6 @@ kind: ConfigMap metadata: name: kubeshark-nginx-config namespace: default - apiVersion: v1 data: default.conf: | server { @@ -225,6 +224,10 @@ spec: value: '{}' - name: SCRIPTING_SCRIPTS value: '[]' + - name: AUTH_ENABLED + value: '' + - name: AUTH_APPROVED_EMAILS + value: '' - name: AUTH_APPROVED_DOMAINS value: '' image: 'docker.io/kubeshark/hub:latest'