diff --git a/.github/workflows/lint-unitest.yaml b/.github/workflows/lint-unitest.yaml index 6a251185..49fe94a0 100644 --- a/.github/workflows/lint-unitest.yaml +++ b/.github/workflows/lint-unitest.yaml @@ -15,7 +15,7 @@ jobs: go-version: '1.23' - name: Run chart-testing (lint) id: lint - uses: helm/chart-testing-action@main + uses: helm/chart-testing-action@b0c06062b7b8cb6f3bf1473a0c117ba2a86f3442 with: command: lint config: ct.yaml diff --git a/charts/core/README.md b/charts/core/README.md index 9381c73b..71c1c220 100644 --- a/charts/core/README.md +++ b/charts/core/README.md @@ -90,6 +90,7 @@ Parameter | Description | Default | Notes `controller.azureFileShare.enabled` | If true, enable the usage of an existing or statically provisioned Azure File Share | `false` | `controller.azureFileShare.secretName` | The name of the secret containing the Azure file share storage account name and key | `nil` | `controller.azureFileShare.shareName` | The name of the Azure file share to use | `nil` | +`controller.apisvc.ctrlServerPort` | Controller REST API service port | `10443` | `controller.apisvc.type` | Controller REST API service type | `nil` | `controller.apisvc.nodePort` | Controller REST API service NodePort number | `nil` | `controller.apisvc.annotations` | Add annotations to controller REST API service | `{}` | @@ -199,6 +200,7 @@ Parameter | Description | Default | Notes ` CUSTOM_PAGE_HEADER_COLOR` | use color name (yellow) or value (#ffff00) | ` CUSTOM_PAGE_FOOTER_CONTENT` | max. 120 characters, base64 encoded. | ` CUSTOM_PAGE_FOOTER_COLOR` | use color name (yellow) or value (#ffff00) | +`manager.svc.mgrServerPort` | set manager service port number | `8443` | `manager.svc.type` | set manager service type for native Kubernetes | `NodePort`;
if it is OpenShift platform or ingress is enabled, then default is `ClusterIP` | set to LoadBalancer if using cloud providers, such as Azure, Amazon, Google `manager.svc.nodePort` | set manager service NodePort number | `nil` | `manager.svc.loadBalancerIP` | if manager service type is LoadBalancer, this is used to specify the load balancer's IP | `nil` | diff --git a/charts/core/templates/NOTES.txt b/charts/core/templates/NOTES.txt index f2492a0f..2c8f0eeb 100644 --- a/charts/core/templates/NOTES.txt +++ b/charts/core/templates/NOTES.txt @@ -12,13 +12,15 @@ Get the NeuVector URL by running these commands: echo https://$NODE_IP:$NODE_PORT {{- else if contains "ClusterIP" .Values.manager.svc.type }} CLUSTER_IP=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.clusterIP}" services neuvector-service-webui) - echo https://$CLUSTER_IP:8443 + TARGET_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].targetPort}" services neuvector-service-webui) + echo https://$CLUSTER_IP:$TARGET_PORT {{- else if contains "LoadBalancer" .Values.manager.svc.type }} NOTE: It may take a few minutes for the LoadBalancer IP to be available. Watch the status by running 'kubectl get svc --namespace {{ .Release.Namespace }} -w neuvector-service-webui' SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} neuvector-service-webui -o jsonpath="{.status.loadBalancer.ingress[0].ip}") - echo https://$SERVICE_IP:8443 + TARGET_PORT=$(kubectl get svc --namespace {{ .Release.Namespace }} neuvector-service-webui -o jsonpath="{.spec.ports[0].targetPort}") + echo https://$SERVICE_IP:$TARGET_PORT {{- end }} {{- end }} diff --git a/charts/core/templates/controller-deployment.yaml b/charts/core/templates/controller-deployment.yaml index 80004751..6d49d333 100644 --- a/charts/core/templates/controller-deployment.yaml +++ b/charts/core/templates/controller-deployment.yaml @@ -142,6 +142,8 @@ spec: initialDelaySeconds: 5 periodSeconds: 5 env: + - name: CTRL_SERVER_PORT + value: "{{ .Values.controller.apisvc.ctrlServerPort}}" - name: CLUSTER_JOIN_ADDR value: neuvector-svc-controller.{{ .Release.Namespace }} - name: CLUSTER_ADVERTISED_ADDR diff --git a/charts/core/templates/controller-ingress.yaml b/charts/core/templates/controller-ingress.yaml index d8bcb32a..8b2d4f69 100644 --- a/charts/core/templates/controller-ingress.yaml +++ b/charts/core/templates/controller-ingress.yaml @@ -35,7 +35,7 @@ spec: service: name: neuvector-svc-controller-api port: - number: 10443 + number: {{ .Values.controller.apisvc.ctrlServerPort}} {{- else }} apiVersion: extensions/v1beta1 kind: Ingress @@ -65,7 +65,7 @@ spec: - path: {{ .Values.controller.ingress.path }} backend: serviceName: neuvector-svc-controller-api - servicePort: 10443 + servicePort: {{ .Values.controller.apisvc.ctrlServerPort}} {{- end }} {{- end }} {{- if .Values.controller.federation.mastersvc.ingress.enabled }} @@ -176,7 +176,7 @@ spec: service: name: neuvector-svc-controller-fed-managed port: - number: 10443 + number: {{ .Values.controller.apisvc.ctrlServerPort}} {{- else }} --- apiVersion: extensions/v1beta1 @@ -207,7 +207,7 @@ spec: - path: {{ .Values.controller.federation.managedsvc.ingress.path }} backend: serviceName: neuvector-svc-controller-fed-managed - servicePort: 10443 + servicePort: {{ .Values.controller.apisvc.ctrlServerPort}} {{- end }} {{- end }} {{- end -}} diff --git a/charts/core/templates/controller-service.yaml b/charts/core/templates/controller-service.yaml index 0dc6ab91..19509cf5 100644 --- a/charts/core/templates/controller-service.yaml +++ b/charts/core/templates/controller-service.yaml @@ -38,7 +38,7 @@ metadata: spec: type: {{ .Values.controller.apisvc.type }} ports: - - port: 10443 + - port: {{ .Values.controller.apisvc.ctrlServerPort}} protocol: "TCP" {{- if .Values.controller.apisvc.nodePort }} nodePort: {{ .Values.controller.apisvc.nodePort }} @@ -116,7 +116,7 @@ spec: internalTrafficPolicy: {{ .Values.controller.federation.managedsvc.internalTrafficPolicy }} {{- end }} ports: - - port: 10443 + - port: {{ .Values.controller.apisvc.ctrlServerPort}} name: fed protocol: TCP appProtocol: HTTPS diff --git a/charts/core/templates/manager-deployment.yaml b/charts/core/templates/manager-deployment.yaml index 2f1b1bf0..34b70cb7 100644 --- a/charts/core/templates/manager-deployment.yaml +++ b/charts/core/templates/manager-deployment.yaml @@ -88,9 +88,13 @@ spec: imagePullPolicy: {{ .Values.manager.image.imagePullPolicy }} ports: - name: http - containerPort: 8443 + containerPort: {{ .Values.manager.svc.mgrServerPort}} protocol: TCP env: + - name: CTRL_SERVER_PORT + value: "{{ .Values.controller.apisvc.ctrlServerPort}}" + - name: MANAGER_SERVER_PORT + value: "{{ .Values.manager.svc.mgrServerPort}}" - name: CTRL_SERVER_IP value: neuvector-svc-controller.{{ .Release.Namespace }} {{- if not .Values.manager.env.ssl }} @@ -124,7 +128,7 @@ spec: startupProbe: httpGet: path: / - port: 8443 + port: {{ .Values.manager.svc.mgrServerPort}} {{- if .Values.manager.env.ssl }} scheme: HTTPS {{- else }} @@ -137,7 +141,7 @@ spec: livenessProbe: httpGet: path: / - port: 8443 + port: {{ .Values.manager.svc.mgrServerPort}} {{- if .Values.manager.env.ssl }} scheme: HTTPS {{- else }} @@ -150,7 +154,7 @@ spec: readinessProbe: httpGet: path: / - port: 8443 + port: {{ .Values.manager.svc.mgrServerPort}} {{- if .Values.manager.env.ssl }} scheme: HTTPS {{- else }} diff --git a/charts/core/templates/manager-ingress.yaml b/charts/core/templates/manager-ingress.yaml index 9dc4bb53..27a8e1b0 100644 --- a/charts/core/templates/manager-ingress.yaml +++ b/charts/core/templates/manager-ingress.yaml @@ -34,7 +34,7 @@ spec: service: name: neuvector-service-webui port: - number: 8443 + number: {{ .Values.manager.svc.mgrServerPort}} {{- else }} apiVersion: extensions/v1beta1 kind: Ingress @@ -64,6 +64,6 @@ spec: - path: {{ .Values.manager.ingress.path }} backend: serviceName: neuvector-service-webui - servicePort: 8443 + servicePort: {{ .Values.manager.svc.mgrServerPort}} {{- end }} -{{- end -}} \ No newline at end of file +{{- end -}} diff --git a/charts/core/templates/manager-service.yaml b/charts/core/templates/manager-service.yaml index b9476748..49eaa6dd 100644 --- a/charts/core/templates/manager-service.yaml +++ b/charts/core/templates/manager-service.yaml @@ -17,7 +17,7 @@ spec: loadBalancerIP: {{ .Values.manager.svc.loadBalancerIP }} {{- end }} ports: - - port: 8443 + - port: {{ .Values.manager.svc.mgrServerPort}} name: manager protocol: TCP {{- if .Values.manager.svc.nodePort }} diff --git a/charts/core/values.yaml b/charts/core/values.yaml index 699a2f8d..c4ec154d 100644 --- a/charts/core/values.yaml +++ b/charts/core/values.yaml @@ -111,6 +111,7 @@ controller: # key1: value1 # key2: value2 apisvc: + ctrlServerPort: 10443 type: annotations: {} nodePort: @@ -382,6 +383,7 @@ manager: # - name: CUSTOM_PAGE_FOOTER_COLOR # value: "#FFFFFF" svc: + mgrServerPort: 8443 type: ClusterIP nodePort: loadBalancerIP: