Skip to content

Commit

Permalink
⚡ Template the AUTH_APPROVED_DOMAINS and `certmanager.k8s.io/cluste…
Browse files Browse the repository at this point in the history 
…r-issuer`

Also add `networking.k8s.io` to `apiGroups` in `ClusterRole`
  • Loading branch information
@mertyildiran
mertyildiran committed May 25, 2023
1 parent 42df7aa commit be5bd6a
Show file tree
Hide file tree
Showing 9 changed files with 39 additions and 12 deletions.
5 changes: 5 additions & 0 deletions cmd/helmChart.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -144,6 +144,10 @@ var hubPodMappings = map[string]interface{}{
"name": "SCRIPTING_SCRIPTS",
"value": "[]",
},
{
"name": "AUTH_APPROVED_DOMAINS",
"value": "{{ gt (len .Values.tap.ingress.auth.approvedDomains) 0 | ternary (join \",\" .Values.tap.ingress.auth.approvedDomains) \"\" }}",
},
},
"spec.containers[0].image": "{{ .Values.tap.docker.registry }}/hub:{{ .Values.tap.docker.tag }}",
"spec.containers[0].imagePullPolicy": "{{ .Values.tap.docker.imagepullpolicy }}",
Expand Down Expand Up @@ -180,6 +184,7 @@ var workerDaemonSetMappings = map[string]interface{}{
var ingressClassMappings = serviceAccountMappings
var ingressMappings = map[string]interface{}{
"metadata.namespace": "{{ .Values.tap.selfnamespace }}",
"metadata.annotations[\"certmanager.k8s.io/cluster-issuer\"]": "{{ .Values.tap.ingress.certManager }}",
"spec.rules[0].host": "{{ .Values.tap.ingress.host }}",
"spec.tls": "{{ .Values.tap.ingress.tls | toYaml }}",
}
Expand Down
4 changes: 2 additions & 2 deletions helm-chart/Chart.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
apiVersion: v2
appVersion: "40.3"
appVersion: "40.4"
description: The API Traffic Analyzer for Kubernetes
home: https://kubeshark.co
keywords:
Expand All @@ -22,4 +22,4 @@ name: kubeshark
sources:
- https://github.com/kubeshark/kubeshark/tree/master/helm-chart
type: application
version: "40.3"
version: "40.4"
15 changes: 15 additions & 0 deletions helm-chart/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,3 +51,18 @@ kubectl port-forward -n kubeshark service/kubeshark-front 8899:80
```

Visit [localhost:8899](http://localhost:8899)

## Installing with Ingress Enabled

```shell
helm install kubeshark kubeshark/kubeshark \
--set tap.ingress.enabled=true \
--set tap.ingress.host=ks.svc.cluster.local \
--set "tap.ingress.auth.approvedDomains={gmail.com}"
```

## Installing with Persistent Storage Enabled

```shell
helm install kubeshark kubeshark/kubeshark --set tap.persistentstorage=true
```
1 change: 1 addition & 0 deletions helm-chart/templates/02-cluster-role.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ rules:
- ""
- extensions
- apps
- networking.k8s.io
resources:
- pods
- services
Expand Down
2 changes: 2 additions & 0 deletions helm-chart/templates/04-hub-pod.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,8 @@ spec:
value: '{}'
- name: SCRIPTING_SCRIPTS
value: '[]'
- name: AUTH_APPROVED_DOMAINS
value: '{{ gt (len .Values.tap.ingress.auth.approvedDomains) 0 | ternary (join "," .Values.tap.ingress.auth.approvedDomains) "" }}'
image: '{{ .Values.tap.docker.registry }}/hub:{{ .Values.tap.docker.tag }}'
imagePullPolicy: '{{ .Values.tap.docker.imagepullpolicy }}'
name: kubeshark-hub
Expand Down
2 changes: 1 addition & 1 deletion helm-chart/templates/11-ingress.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
certmanager.k8s.io/cluster-issuer: letsencrypt-prod
certmanager.k8s.io/cluster-issuer: '{{ .Values.tap.ingress.certManager }}'
nginx.ingress.kubernetes.io/rewrite-target: /$2
creationTimestamp: null
labels:
Expand Down
1 change: 1 addition & 0 deletions kubernetes/provider.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -667,6 +667,7 @@ func (provider *Provider) BuildClusterRole() *rbac.ClusterRole {
"",
"extensions",
"apps",
"networking.k8s.io",
},
Resources: []string{
"pods",
Expand Down
1 change: 1 addition & 0 deletions manifests/02-cluster-role.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ rules:
- ""
- extensions
- apps
- networking.k8s.io
resources:
- pods
- services
Expand Down
20 changes: 11 additions & 9 deletions resources/createResources.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -70,17 +70,19 @@ func CreateHubResources(ctx context.Context, kubernetesProvider *kubernetes.Prov
}
log.Info().Str("service", kubernetes.FrontServiceName).Msg("Successfully created a service.")

_, err = kubernetesProvider.CreateIngressClass(ctx, kubernetesProvider.BuildIngressClass())
if err != nil {
return selfServiceAccountExists, err
}
log.Info().Str("ingress-class", kubernetes.IngressClassName).Msg("Successfully created an ingress class.")
if config.Config.Tap.Ingress.Enabled {
_, err = kubernetesProvider.CreateIngressClass(ctx, kubernetesProvider.BuildIngressClass())
if err != nil {
return selfServiceAccountExists, err
}
log.Info().Str("ingress-class", kubernetes.IngressClassName).Msg("Successfully created an ingress class.")

_, err = kubernetesProvider.CreateIngress(ctx, selfNamespace, kubernetesProvider.BuildIngress())
if err != nil {
return selfServiceAccountExists, err
_, err = kubernetesProvider.CreateIngress(ctx, selfNamespace, kubernetesProvider.BuildIngress())
if err != nil {
return selfServiceAccountExists, err
}
log.Info().Str("ingress", kubernetes.IngressName).Msg("Successfully created an ingress.")
}
log.Info().Str("ingress", kubernetes.IngressName).Msg("Successfully created an ingress.")

return selfServiceAccountExists, nil
}
Expand Down

0 comments on commit be5bd6a

Please sign in to comment.