Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ingress for webhook notification - event base scan #36

Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions proxy-scanner/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -75,6 +75,7 @@ Values.yaml with the registry credentials as described above is MANDATORY.
| `certs.serverCertificate` | Certificate for TLS authentication with the Admission controller | `N/A` | `NO` |
| `certs.serverKey` | Certificate key for TLS authentication with the Admission controller | `N/A` | `NO` |
| `config` | Registry credentials as specified in values.yaml | `N/A ` | `YES` |
| `ingress.enabled` | Ingress resource for webhook notification | `false` | `NO` |

## Issues and feedback

Expand Down
32 changes: 32 additions & 0 deletions proxy-scanner/templates/ingress.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
{{- if .Values.ingress.enabled }}

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ include "scanner.fullname" . }}
labels:
app: {{ include "scanner.fullname" . }}
chart: {{ include "scanner.fullname" . }}
release: {{ .Release.Name | quote }}
annotations:
{{- if .Values.ingress.certManager }}
kubernetes.io/tls-acme: "true"
{{- end }}
{{- range $key, $value := .Values.ingress.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
spec:
rules:
{{- range .Values.ingress.hosts }}
- host: {{ .name }}
http:
paths:
- path: {{ default "/" .path }}
pathType: ImplementationSpecific
backend:
service:
name: {{ include "scanner.fullname" $ }}
port:
number: 8080
{{- end }}
{{- end }}
45 changes: 44 additions & 1 deletion proxy-scanner/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -63,4 +63,47 @@ config:
certs:
skipCert: true
serverCertificate:
serverKey:
serverKey:

ingress:
## Set to true to enable ingress record generation
enabled: false

## Set this to true in order to add the corresponding annotations for cert-manager
certManager: false

## Ingress annotations done as key:value pairs
## For a full list of possible ingress annotations, please see
## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md
##
## If tls is set to true, annotation ingress.kubernetes.io/secure-backends: "true" will automatically be set
## If certManager is set to true, annotation kubernetes.io/tls-acme: "true" will automatically be set
annotations: {}
# kubernetes.io/ingress.class: nginx

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This annotation is deprecated on K8s 1.22 use ingressClassName instead

ingressClassName: {}

## The list of hostnames to be covered with this ingress record.
## Most likely this will be just one host, but in the event more hosts are needed, this is an array
hosts:
- name: scanner.example.local
path: /

## Set this to true in order to enable TLS on the ingress record
tls: false

## If TLS is set to true, you must declare what secret will store the key/certificate for TLS
tlsSecret: scanner.tls

secrets:
## If you're providing your own certificates, please use this to add the certificates as secrets
## key and certificate should start with -----BEGIN CERTIFICATE----- or
## -----BEGIN RSA PRIVATE KEY-----
##
## name should line up with a tlsSecret set further up
## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set
##
## It is also possible to create and manage the certificates outside of this helm chart
## Please see README.md for more information
# - name: ghost.local-tls
# key:
# certificate: