diff --git a/charts/core/templates/controller-ingress.yaml b/charts/core/templates/controller-ingress.yaml index 8b2d4f69c..b6b03a6e6 100644 --- a/charts/core/templates/controller-ingress.yaml +++ b/charts/core/templates/controller-ingress.yaml @@ -1,5 +1,5 @@ {{- if .Values.controller.enabled }} -{{- if .Values.controller.ingress.enabled }} +{{- if and .Values.controller.ingress.enabled (not (.Values.controller.ingress.traefikIngressRoute)) }} {{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} apiVersion: networking.k8s.io/v1 kind: Ingress @@ -68,7 +68,7 @@ spec: servicePort: {{ .Values.controller.apisvc.ctrlServerPort}} {{- end }} {{- end }} -{{- if .Values.controller.federation.mastersvc.ingress.enabled }} +{{- if and .Values.controller.federation.mastersvc.ingress.enabled (not (.Values.controller.federation.mastersvc.ingress.traefikIngressRoute)) }} {{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} --- apiVersion: networking.k8s.io/v1 @@ -139,7 +139,7 @@ spec: servicePort: 11443 {{- end }} {{- end }} -{{- if .Values.controller.federation.managedsvc.ingress.enabled }} +{{- if and .Values.controller.federation.managedsvc.ingress.enabled (not (.Values.controller.federation.managedsvc.ingress.traefikIngressRoute)) }} {{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} --- apiVersion: networking.k8s.io/v1 diff --git a/charts/core/templates/controller-traefik-ingressroute.yaml b/charts/core/templates/controller-traefik-ingressroute.yaml new file mode 100644 index 000000000..ef2be2829 --- /dev/null +++ b/charts/core/templates/controller-traefik-ingressroute.yaml @@ -0,0 +1,102 @@ +{{- if .Values.controller.enabled }} +--- +{{- if and .Values.controller.ingress.enabled .Values.controller.ingress.traefikIngressRoute }} +apiVersion: traefik.containo.us/v1alpha1 +kind: IngressRoute +metadata: + name: neuvector-restapi-ingress + namespace: {{ .Release.Namespace }} +{{- with .Values.controller.ingress.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} + labels: + chart: {{ template "neuvector.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + entryPoints: + - websecure + routes: + - match: Host(`{{ .Values.controller.ingress.host }}`) && PathPrefix(`{{ .Values.controller.ingress.path }}`) + kind: Rule + services: + - name: neuvector-svc-controller-api + passHostHeader: true + port: 10443 + scheme: https +{{- if .Values.controller.ingress.tls }} + tls: +{{- if .Values.controller.ingress.secretName }} + secretName: {{ .Values.controller.ingress.secretName }} +{{- end }} +{{- end }} +{{- end }} +--- +{{- if and .Values.controller.federation.mastersvc.ingress.enabled .Values.controller.federation.mastersvc.ingress.traefikIngressRoute }} +apiVersion: traefik.containo.us/v1alpha1 +kind: IngressRoute +metadata: + name: neuvector-mastersvc-ingress + namespace: {{ .Release.Namespace }} +{{- with .Values.controller.federation.mastersvc.ingress.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} + labels: + chart: {{ template "neuvector.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + entryPoints: + - websecure + routes: + - match: Host(`{{ .Values.controller.federation.mastersvc.ingress.host }}`) && PathPrefix(`{{ .Values.controller.federation.mastersvc.ingress.path }}`) + kind: Rule + services: + - name: neuvector-svc-controller-fed-master + passHostHeader: true + port: 11443 + scheme: https +{{- if .Values.controller.federation.mastersvc.ingress.tls }} + tls: +{{- if .Values.controller.federation.mastersvc.ingress.secretName }} + secretName: {{ .Values.controller.federation.mastersvc.ingress.secretName }} +{{- end }} +{{- end }} +{{- end }} +--- +{{- if and .Values.controller.federation.managedsvc.ingress.enabled .Values.controller.federation.managedsvc.ingress.traefikIngressRoute }} +apiVersion: traefik.containo.us/v1alpha1 +kind: IngressRoute +metadata: + name: neuvector-managedsvc-ingress + namespace: {{ .Release.Namespace }} +{{- with .Values.controller.federation.managedsvc.ingress.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} + labels: + chart: {{ template "neuvector.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + entryPoints: + - websecure + routes: + - match: Host(`{{ .Values.controller.federation.managedsvc.ingress.host }}`) && PathPrefix(`{{ .Values.controller.federation.managedsvc.ingress.path }}`) + kind: Rule + services: + - name: neuvector-svc-controller-fed-managed + passHostHeader: true + port: 10443 + scheme: https +{{- if .Values.controller.federation.managedsvc.ingress.tls }} + tls: +{{- if .Values.controller.federation.managedsvc.ingress.secretName }} + secretName: {{ .Values.controller.federation.managedsvc.ingress.secretName }} +{{- end }} +{{- end }} +{{- end }} +--- +{{- end -}} diff --git a/charts/core/templates/manager-ingress.yaml b/charts/core/templates/manager-ingress.yaml index 34d1a0b3f..1eb8653a0 100644 --- a/charts/core/templates/manager-ingress.yaml +++ b/charts/core/templates/manager-ingress.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.manager.enabled .Values.manager.ingress.enabled -}} +{{- if and .Values.manager.enabled .Values.manager.ingress.enabled (not (.Values.manager.ingress.traefikIngressRoute)) -}} {{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} apiVersion: networking.k8s.io/v1 kind: Ingress diff --git a/charts/core/templates/manager-traefik-ingressroute.yaml b/charts/core/templates/manager-traefik-ingressroute.yaml new file mode 100644 index 000000000..1cb772910 --- /dev/null +++ b/charts/core/templates/manager-traefik-ingressroute.yaml @@ -0,0 +1,32 @@ +{{- if and .Values.manager.enabled .Values.manager.ingress.enabled .Values.manager.ingress.traefikIngressRoute -}} +apiVersion: traefik.containo.us/v1alpha1 +kind: IngressRoute +metadata: + name: neuvector-webui-ingress + namespace: {{ .Release.Namespace }} +{{- with .Values.manager.ingress.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} + labels: + chart: {{ template "neuvector.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + entryPoints: + - websecure + routes: + - match: Host(`{{ .Values.manager.ingress.host }}`) && PathPrefix(`{{ .Values.manager.ingress.path }}`) + kind: Rule + services: + - name: neuvector-service-webui + passHostHeader: true + port: 8443 + scheme: https +{{- if .Values.manager.ingress.tls }} + tls: +{{- if .Values.manager.ingress.secretName }} + secretName: {{ .Values.manager.ingress.secretName }} +{{- end }} +{{- end }} +{{- end -}} diff --git a/charts/core/templates/registry-adapter-ingress.yaml b/charts/core/templates/registry-adapter-ingress.yaml index ab05054fe..0cd4baded 100644 --- a/charts/core/templates/registry-adapter-ingress.yaml +++ b/charts/core/templates/registry-adapter-ingress.yaml @@ -1,6 +1,6 @@ {{- if .Values.cve.adapter.enabled -}} -{{- if .Values.cve.adapter.ingress.enabled }} +{{- if and .Values.cve.adapter.ingress.enabled (not (.Values.cve.adapter.ingress.traefikIngressRoute)) }} {{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} apiVersion: networking.k8s.io/v1 kind: Ingress diff --git a/charts/core/templates/registry-adapter-traefik-ingressroute.yaml b/charts/core/templates/registry-adapter-traefik-ingressroute.yaml new file mode 100644 index 000000000..916100e77 --- /dev/null +++ b/charts/core/templates/registry-adapter-traefik-ingressroute.yaml @@ -0,0 +1,32 @@ +{{- if and .Values.cve.adapter.ingress.enabled .Values.cve.adapter.ingress.traefikIngressRoute -}} +apiVersion: traefik.containo.us/v1alpha1 +kind: IngressRoute +metadata: + name: neuvector-registry-adapter-ingress + namespace: {{ .Release.Namespace }} +{{- with .Values.cve.adapter.ingress.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} + labels: + chart: {{ template "neuvector.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + entryPoints: + - websecure + routes: + - match: Host(`{{ .Values.cve.adapter.ingress.host }}`) && PathPrefix(`{{ .Values.cve.adapter.ingress.path }}`) + kind: Rule + services: + - name: neuvector-service-registry-adapter + passHostHeader: true + port: 9443 + scheme: https +{{- if .Values.cve.adapter.ingress.tls }} + tls: +{{- if .Values.cve.adapter.ingress.secretName }} + secretName: {{ .Values.cve.adapter.ingress.secretName }} +{{- end }} +{{- end }} +{{- end -}} diff --git a/charts/core/values.yaml b/charts/core/values.yaml index 7710f3125..41d180ebc 100644 --- a/charts/core/values.yaml +++ b/charts/core/values.yaml @@ -175,6 +175,7 @@ controller: # Federation Master Ingress ingress: enabled: false + traefikIngressRoute: false host: # MUST be set, if ingress is enabled ingressClassName: "" path: "/" # or this could be "/api", but might need "rewrite-target" annotation @@ -213,6 +214,7 @@ controller: # Federation Managed Ingress ingress: enabled: false + traefikIngressRoute: false host: # MUST be set, if ingress is enabled ingressClassName: "" path: "/" # or this could be "/api", but might need "rewrite-target" annotation @@ -243,6 +245,7 @@ controller: # -----END PRIVATE KEY----- ingress: enabled: false + traefikIngressRoute: false host: # MUST be set, if ingress is enabled ingressClassName: "" path: "/" # or this could be "/api", but might need "rewrite-target" annotation @@ -424,6 +427,7 @@ manager: # -----END CERTIFICATE----- ingress: enabled: false + traefikIngressRoute: false host: # MUST be set, if ingress is enabled ingressClassName: "" path: "/" @@ -532,6 +536,7 @@ cve: # -----END PRIVATE KEY----- ingress: enabled: false + traefikIngressRoute: false host: # MUST be set, if ingress is enabled ingressClassName: "" path: "/"