From f040278349c5eb95f5026882530087f47bd0555a Mon Sep 17 00:00:00 2001 From: Jobin James Date: Thu, 10 Feb 2022 19:13:50 +0530 Subject: [PATCH 1/3] ingress for webhook notification - event base scan --- proxy-scanner/templates/ingress.yaml | 32 +++++++++++++++++++ proxy-scanner/values.yaml | 46 ++++++++++++++++++++++++++-- 2 files changed, 76 insertions(+), 2 deletions(-) create mode 100644 proxy-scanner/templates/ingress.yaml diff --git a/proxy-scanner/templates/ingress.yaml b/proxy-scanner/templates/ingress.yaml new file mode 100644 index 0000000..675265d --- /dev/null +++ b/proxy-scanner/templates/ingress.yaml @@ -0,0 +1,32 @@ +{{- if .Values.ingress.enabled }} + +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ include "scanner.fullname" . }} + labels: + app: {{ include "scanner.fullname" . }} + chart: {{ include "scanner.fullname" . }} + release: {{ .Release.Name | quote }} + annotations: + {{- if .Values.ingress.certManager }} + kubernetes.io/tls-acme: "true" + {{- end }} + {{- range $key, $value := .Values.ingress.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} +spec: + rules: + {{- range .Values.ingress.hosts }} + - host: {{ .name }} + http: + paths: + - path: {{ default "/" .path }} + pathType: ImplementationSpecific + backend: + service: + name: {{ include "scanner.fullname" $ }} + port: + number: 8080 + {{- end }} +{{- end }} diff --git a/proxy-scanner/values.yaml b/proxy-scanner/values.yaml index d19021c..ad070b3 100644 --- a/proxy-scanner/values.yaml +++ b/proxy-scanner/values.yaml @@ -38,8 +38,50 @@ config: user_name: password: poll_frequency_minutes: 20 - +fullnameOverride: {} certs: skipCert: true serverCertificate: - serverKey: \ No newline at end of file + serverKey: + +ingress: + ## Set to true to enable ingress record generation + enabled: true + + ## Set this to true in order to add the corresponding annotations for cert-manager + certManager: false + + ## Ingress annotations done as key:value pairs + ## For a full list of possible ingress annotations, please see + ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md + ## + ## If tls is set to true, annotation ingress.kubernetes.io/secure-backends: "true" will automatically be set + ## If certManager is set to true, annotation kubernetes.io/tls-acme: "true" will automatically be set + annotations: + # kubernetes.io/ingress.class: nginx + + ## The list of hostnames to be covered with this ingress record. + ## Most likely this will be just one host, but in the event more hosts are needed, this is an array + hosts: + - name: scanner.example.local + path: / + + ## Set this to true in order to enable TLS on the ingress record + tls: false + + ## If TLS is set to true, you must declare what secret will store the key/certificate for TLS + tlsSecret: scanner.tls + + secrets: + ## If you're providing your own certificates, please use this to add the certificates as secrets + ## key and certificate should start with -----BEGIN CERTIFICATE----- or + ## -----BEGIN RSA PRIVATE KEY----- + ## + ## name should line up with a tlsSecret set further up + ## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set + ## + ## It is also possible to create and manage the certificates outside of this helm chart + ## Please see README.md for more information + # - name: ghost.local-tls + # key: + # certificate: \ No newline at end of file From 184f19780f154938de203dac5d30966173ba2c98 Mon Sep 17 00:00:00 2001 From: Jobin James Date: Thu, 10 Feb 2022 19:27:47 +0530 Subject: [PATCH 2/3] ingress for webhook notification - update readme --- proxy-scanner/README.md | 1 + proxy-scanner/values.yaml | 1 - 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/proxy-scanner/README.md b/proxy-scanner/README.md index 673763a..d2cb755 100644 --- a/proxy-scanner/README.md +++ b/proxy-scanner/README.md @@ -66,6 +66,7 @@ Values.yaml with the registry credentials as described above is MANDATORY. | `certs.serverCertificate` | Certificate for TLS authentication with the Admission controller | `N/A` | `NO` | | `certs.serverKey` | Certificate key for TLS authentication with the Admission controller | `N/A` | `NO` | | `config` | Registry credentials as specified in values.yaml | `N/A ` | `YES` | +| `ingress.enabled` | Ingress resource for webhook notification | `false` | `NO` | ## Issues and feedback diff --git a/proxy-scanner/values.yaml b/proxy-scanner/values.yaml index ad070b3..76996dc 100644 --- a/proxy-scanner/values.yaml +++ b/proxy-scanner/values.yaml @@ -38,7 +38,6 @@ config: user_name: password: poll_frequency_minutes: 20 -fullnameOverride: {} certs: skipCert: true serverCertificate: From 941b760241f2c6a35bb6033c581ceba4f1c3da24 Mon Sep 17 00:00:00 2001 From: Jobin James <20480111+jobin-james@users.noreply.github.com> Date: Fri, 10 Jun 2022 18:46:14 +0200 Subject: [PATCH 3/3] Update values.yaml --- proxy-scanner/values.yaml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/proxy-scanner/values.yaml b/proxy-scanner/values.yaml index 76996dc..91163ec 100644 --- a/proxy-scanner/values.yaml +++ b/proxy-scanner/values.yaml @@ -45,7 +45,7 @@ certs: ingress: ## Set to true to enable ingress record generation - enabled: true + enabled: false ## Set this to true in order to add the corresponding annotations for cert-manager certManager: false @@ -56,8 +56,9 @@ ingress: ## ## If tls is set to true, annotation ingress.kubernetes.io/secure-backends: "true" will automatically be set ## If certManager is set to true, annotation kubernetes.io/tls-acme: "true" will automatically be set - annotations: + annotations: {} # kubernetes.io/ingress.class: nginx + ingressClassName: {} ## The list of hostnames to be covered with this ingress record. ## Most likely this will be just one host, but in the event more hosts are needed, this is an array @@ -83,4 +84,4 @@ ingress: ## Please see README.md for more information # - name: ghost.local-tls # key: - # certificate: \ No newline at end of file + # certificate: