diff --git a/charts/core/templates/controller-ingress.yaml b/charts/core/templates/controller-ingress.yaml index 1ea0cdce..8cb4aec5 100644 --- a/charts/core/templates/controller-ingress.yaml +++ b/charts/core/templates/controller-ingress.yaml @@ -1,5 +1,5 @@ {{- if .Values.controller.enabled }} -{{- if .Values.controller.ingress.enabled }} +{{- if and .Values.controller.ingress.enabled (not (.Values.controller.ingress.traefikIngressRoute)) }} {{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} apiVersion: networking.k8s.io/v1 kind: Ingress @@ -70,7 +70,7 @@ spec: servicePort: 10443 {{- end }} {{- end }} -{{- if .Values.controller.federation.mastersvc.ingress.enabled }} +{{- if and .Values.controller.federation.mastersvc.ingress.enabled (not (.Values.controller.federation.mastersvc.ingress.traefikIngressRoute)) }} {{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} --- apiVersion: networking.k8s.io/v1 @@ -143,7 +143,7 @@ spec: servicePort: 11443 {{- end }} {{- end }} -{{- if .Values.controller.federation.managedsvc.ingress.enabled }} +{{- if and .Values.controller.federation.managedsvc.ingress.enabled (not (.Values.controller.federation.managedsvc.ingress.traefikIngressRoute)) }} {{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} --- apiVersion: networking.k8s.io/v1 diff --git a/charts/core/templates/controller-traefik-ingressroute.yaml b/charts/core/templates/controller-traefik-ingressroute.yaml new file mode 100644 index 00000000..ef2be282 --- /dev/null +++ b/charts/core/templates/controller-traefik-ingressroute.yaml @@ -0,0 +1,102 @@ +{{- if .Values.controller.enabled }} +--- +{{- if and .Values.controller.ingress.enabled .Values.controller.ingress.traefikIngressRoute }} +apiVersion: traefik.containo.us/v1alpha1 +kind: IngressRoute +metadata: + name: neuvector-restapi-ingress + namespace: {{ .Release.Namespace }} +{{- with .Values.controller.ingress.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} + labels: + chart: {{ template "neuvector.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + entryPoints: + - websecure + routes: + - match: Host(`{{ .Values.controller.ingress.host }}`) && PathPrefix(`{{ .Values.controller.ingress.path }}`) + kind: Rule + services: + - name: neuvector-svc-controller-api + passHostHeader: true + port: 10443 + scheme: https +{{- if .Values.controller.ingress.tls }} + tls: +{{- if .Values.controller.ingress.secretName }} + secretName: {{ .Values.controller.ingress.secretName }} +{{- end }} +{{- end }} +{{- end }} +--- +{{- if and .Values.controller.federation.mastersvc.ingress.enabled .Values.controller.federation.mastersvc.ingress.traefikIngressRoute }} +apiVersion: traefik.containo.us/v1alpha1 +kind: IngressRoute +metadata: + name: neuvector-mastersvc-ingress + namespace: {{ .Release.Namespace }} +{{- with .Values.controller.federation.mastersvc.ingress.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} + labels: + chart: {{ template "neuvector.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + entryPoints: + - websecure + routes: + - match: Host(`{{ .Values.controller.federation.mastersvc.ingress.host }}`) && PathPrefix(`{{ .Values.controller.federation.mastersvc.ingress.path }}`) + kind: Rule + services: + - name: neuvector-svc-controller-fed-master + passHostHeader: true + port: 11443 + scheme: https +{{- if .Values.controller.federation.mastersvc.ingress.tls }} + tls: +{{- if .Values.controller.federation.mastersvc.ingress.secretName }} + secretName: {{ .Values.controller.federation.mastersvc.ingress.secretName }} +{{- end }} +{{- end }} +{{- end }} +--- +{{- if and .Values.controller.federation.managedsvc.ingress.enabled .Values.controller.federation.managedsvc.ingress.traefikIngressRoute }} +apiVersion: traefik.containo.us/v1alpha1 +kind: IngressRoute +metadata: + name: neuvector-managedsvc-ingress + namespace: {{ .Release.Namespace }} +{{- with .Values.controller.federation.managedsvc.ingress.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} + labels: + chart: {{ template "neuvector.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + entryPoints: + - websecure + routes: + - match: Host(`{{ .Values.controller.federation.managedsvc.ingress.host }}`) && PathPrefix(`{{ .Values.controller.federation.managedsvc.ingress.path }}`) + kind: Rule + services: + - name: neuvector-svc-controller-fed-managed + passHostHeader: true + port: 10443 + scheme: https +{{- if .Values.controller.federation.managedsvc.ingress.tls }} + tls: +{{- if .Values.controller.federation.managedsvc.ingress.secretName }} + secretName: {{ .Values.controller.federation.managedsvc.ingress.secretName }} +{{- end }} +{{- end }} +{{- end }} +--- +{{- end -}} diff --git a/charts/core/templates/manager-ingress.yaml b/charts/core/templates/manager-ingress.yaml index 52826fc5..c7753152 100644 --- a/charts/core/templates/manager-ingress.yaml +++ b/charts/core/templates/manager-ingress.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.manager.enabled .Values.manager.ingress.enabled -}} +{{- if and .Values.manager.enabled .Values.manager.ingress.enabled (not (.Values.manager.ingress.traefikIngressRoute)) -}} {{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} apiVersion: networking.k8s.io/v1 kind: Ingress @@ -68,4 +68,4 @@ spec: serviceName: neuvector-service-webui servicePort: 8443 {{- end }} -{{- end -}} \ No newline at end of file +{{- end -}} diff --git a/charts/core/templates/manager-traefik-ingressroute.yaml b/charts/core/templates/manager-traefik-ingressroute.yaml new file mode 100644 index 00000000..1cb77291 --- /dev/null +++ b/charts/core/templates/manager-traefik-ingressroute.yaml @@ -0,0 +1,32 @@ +{{- if and .Values.manager.enabled .Values.manager.ingress.enabled .Values.manager.ingress.traefikIngressRoute -}} +apiVersion: traefik.containo.us/v1alpha1 +kind: IngressRoute +metadata: + name: neuvector-webui-ingress + namespace: {{ .Release.Namespace }} +{{- with .Values.manager.ingress.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} + labels: + chart: {{ template "neuvector.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + entryPoints: + - websecure + routes: + - match: Host(`{{ .Values.manager.ingress.host }}`) && PathPrefix(`{{ .Values.manager.ingress.path }}`) + kind: Rule + services: + - name: neuvector-service-webui + passHostHeader: true + port: 8443 + scheme: https +{{- if .Values.manager.ingress.tls }} + tls: +{{- if .Values.manager.ingress.secretName }} + secretName: {{ .Values.manager.ingress.secretName }} +{{- end }} +{{- end }} +{{- end -}} diff --git a/charts/core/templates/registry-adapter-ingress.yaml b/charts/core/templates/registry-adapter-ingress.yaml index aec7161c..c50e29ec 100644 --- a/charts/core/templates/registry-adapter-ingress.yaml +++ b/charts/core/templates/registry-adapter-ingress.yaml @@ -1,6 +1,6 @@ {{- if .Values.cve.adapter.enabled -}} -{{- if .Values.cve.adapter.ingress.enabled }} +{{- if and .Values.cve.adapter.ingress.enabled (not (.Values.cve.adapter.ingress.traefikIngressRoute)) }} {{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} apiVersion: networking.k8s.io/v1 kind: Ingress diff --git a/charts/core/templates/registry-adapter-traefik-ingressroute.yaml b/charts/core/templates/registry-adapter-traefik-ingressroute.yaml new file mode 100644 index 00000000..916100e7 --- /dev/null +++ b/charts/core/templates/registry-adapter-traefik-ingressroute.yaml @@ -0,0 +1,32 @@ +{{- if and .Values.cve.adapter.ingress.enabled .Values.cve.adapter.ingress.traefikIngressRoute -}} +apiVersion: traefik.containo.us/v1alpha1 +kind: IngressRoute +metadata: + name: neuvector-registry-adapter-ingress + namespace: {{ .Release.Namespace }} +{{- with .Values.cve.adapter.ingress.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} + labels: + chart: {{ template "neuvector.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + entryPoints: + - websecure + routes: + - match: Host(`{{ .Values.cve.adapter.ingress.host }}`) && PathPrefix(`{{ .Values.cve.adapter.ingress.path }}`) + kind: Rule + services: + - name: neuvector-service-registry-adapter + passHostHeader: true + port: 9443 + scheme: https +{{- if .Values.cve.adapter.ingress.tls }} + tls: +{{- if .Values.cve.adapter.ingress.secretName }} + secretName: {{ .Values.cve.adapter.ingress.secretName }} +{{- end }} +{{- end }} +{{- end -}} diff --git a/charts/core/values.yaml b/charts/core/values.yaml index 549bdda8..0e92d4db 100644 --- a/charts/core/values.yaml +++ b/charts/core/values.yaml @@ -159,6 +159,7 @@ controller: # Federation Master Ingress ingress: enabled: false + traefikIngressRoute: false host: # MUST be set, if ingress is enabled ingressClassName: "" path: "/" # or this could be "/api", but might need "rewrite-target" annotation @@ -197,6 +198,7 @@ controller: # Federation Managed Ingress ingress: enabled: false + traefikIngressRoute: false host: # MUST be set, if ingress is enabled ingressClassName: "" path: "/" # or this could be "/api", but might need "rewrite-target" annotation @@ -227,6 +229,7 @@ controller: # -----END PRIVATE KEY----- ingress: enabled: false + traefikIngressRoute: false host: # MUST be set, if ingress is enabled ingressClassName: "" path: "/" # or this could be "/api", but might need "rewrite-target" annotation @@ -365,6 +368,7 @@ manager: pemFile: tls.pem ingress: enabled: false + traefikIngressRoute: false host: # MUST be set, if ingress is enabled ingressClassName: "" path: "/" @@ -465,6 +469,7 @@ cve: # -----END PRIVATE KEY----- ingress: enabled: false + traefikIngressRoute: false host: # MUST be set, if ingress is enabled ingressClassName: "" path: "/"