Skip to content

Ability to use Traefik using its CRDs #302

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
glovecchi0 wants to merge 8 commits into
base: master
Choose a base branch
from
Open

Ability to use Traefik using its CRDs #302

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
b12dcfb
Added Traefik IngressRoute for the Manager component
Aug 25, 2023
69413c5
Merge pull request #1 from glovecchi0/feature/manager-traefik-ingress…
glovecchi0 Aug 25, 2023
bc491a3
Added Traefik IngressRoute for the Controller and Registry Adapter co…
Aug 25, 2023
70ca06c
Fixed templates/manager-traefik-ingressroute.yaml PathPrefix
Aug 25, 2023
4c104f7
Fixed templates/controller-traefik-ingressroute.yaml secretName
Aug 25, 2023
3741169
Merge pull request #2 from glovecchi0/feature/controller-and-registry…
glovecchi0 Aug 25, 2023
46be914
Merge branch 'master' into master
glovecchi0 Aug 23, 2024
c9266da
Merge branch 'neuvector:master' into master
glovecchi0 May 13, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions charts/core/templates/controller-ingress.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
{{- if .Values.controller.enabled }}
{{- if .Values.controller.ingress.enabled }}
{{- if and .Values.controller.ingress.enabled (not (.Values.controller.ingress.traefikIngressRoute)) }}
{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
apiVersion: networking.k8s.io/v1
kind: Ingress
Expand Down Expand Up @@ -68,7 +68,7 @@ spec:
servicePort: {{ .Values.controller.apisvc.ctrlServerPort}}
{{- end }}
{{- end }}
{{- if .Values.controller.federation.mastersvc.ingress.enabled }}
{{- if and .Values.controller.federation.mastersvc.ingress.enabled (not (.Values.controller.federation.mastersvc.ingress.traefikIngressRoute)) }}
{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
---
apiVersion: networking.k8s.io/v1
Expand Down Expand Up @@ -139,7 +139,7 @@ spec:
servicePort: 11443
{{- end }}
{{- end }}
{{- if .Values.controller.federation.managedsvc.ingress.enabled }}
{{- if and .Values.controller.federation.managedsvc.ingress.enabled (not (.Values.controller.federation.managedsvc.ingress.traefikIngressRoute)) }}
{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
---
apiVersion: networking.k8s.io/v1
Expand Down
102 changes: 102 additions & 0 deletions charts/core/templates/controller-traefik-ingressroute.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,102 @@
{{- if .Values.controller.enabled }}
---
{{- if and .Values.controller.ingress.enabled .Values.controller.ingress.traefikIngressRoute }}
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: neuvector-restapi-ingress
namespace: {{ .Release.Namespace }}
{{- with .Values.controller.ingress.annotations }}
annotations:
{{ toYaml . | indent 4 }}
{{- end }}
labels:
chart: {{ template "neuvector.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
spec:
entryPoints:
- websecure
routes:
- match: Host(`{{ .Values.controller.ingress.host }}`) && PathPrefix(`{{ .Values.controller.ingress.path }}`)
kind: Rule
services:
- name: neuvector-svc-controller-api
passHostHeader: true
port: 10443
scheme: https
{{- if .Values.controller.ingress.tls }}
tls:
{{- if .Values.controller.ingress.secretName }}
secretName: {{ .Values.controller.ingress.secretName }}
{{- end }}
{{- end }}
{{- end }}
---
{{- if and .Values.controller.federation.mastersvc.ingress.enabled .Values.controller.federation.mastersvc.ingress.traefikIngressRoute }}
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: neuvector-mastersvc-ingress
namespace: {{ .Release.Namespace }}
{{- with .Values.controller.federation.mastersvc.ingress.annotations }}
annotations:
{{ toYaml . | indent 4 }}
{{- end }}
labels:
chart: {{ template "neuvector.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
spec:
entryPoints:
- websecure
routes:
- match: Host(`{{ .Values.controller.federation.mastersvc.ingress.host }}`) && PathPrefix(`{{ .Values.controller.federation.mastersvc.ingress.path }}`)
kind: Rule
services:
- name: neuvector-svc-controller-fed-master
passHostHeader: true
port: 11443
scheme: https
{{- if .Values.controller.federation.mastersvc.ingress.tls }}
tls:
{{- if .Values.controller.federation.mastersvc.ingress.secretName }}
secretName: {{ .Values.controller.federation.mastersvc.ingress.secretName }}
{{- end }}
{{- end }}
{{- end }}
---
{{- if and .Values.controller.federation.managedsvc.ingress.enabled .Values.controller.federation.managedsvc.ingress.traefikIngressRoute }}
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: neuvector-managedsvc-ingress
namespace: {{ .Release.Namespace }}
{{- with .Values.controller.federation.managedsvc.ingress.annotations }}
annotations:
{{ toYaml . | indent 4 }}
{{- end }}
labels:
chart: {{ template "neuvector.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
spec:
entryPoints:
- websecure
routes:
- match: Host(`{{ .Values.controller.federation.managedsvc.ingress.host }}`) && PathPrefix(`{{ .Values.controller.federation.managedsvc.ingress.path }}`)
kind: Rule
services:
- name: neuvector-svc-controller-fed-managed
passHostHeader: true
port: 10443
scheme: https
{{- if .Values.controller.federation.managedsvc.ingress.tls }}
tls:
{{- if .Values.controller.federation.managedsvc.ingress.secretName }}
secretName: {{ .Values.controller.federation.managedsvc.ingress.secretName }}
{{- end }}
{{- end }}
{{- end }}
---
{{- end -}}
2 changes: 1 addition & 1 deletion charts/core/templates/manager-ingress.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
{{- if and .Values.manager.enabled .Values.manager.ingress.enabled -}}
{{- if and .Values.manager.enabled .Values.manager.ingress.enabled (not (.Values.manager.ingress.traefikIngressRoute)) -}}
{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
apiVersion: networking.k8s.io/v1
kind: Ingress
Expand Down
32 changes: 32 additions & 0 deletions charts/core/templates/manager-traefik-ingressroute.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
{{- if and .Values.manager.enabled .Values.manager.ingress.enabled .Values.manager.ingress.traefikIngressRoute -}}
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: neuvector-webui-ingress
namespace: {{ .Release.Namespace }}
{{- with .Values.manager.ingress.annotations }}
annotations:
{{ toYaml . | indent 4 }}
{{- end }}
labels:
chart: {{ template "neuvector.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
spec:
entryPoints:
- websecure
routes:
- match: Host(`{{ .Values.manager.ingress.host }}`) && PathPrefix(`{{ .Values.manager.ingress.path }}`)
kind: Rule
services:
- name: neuvector-service-webui
passHostHeader: true
port: 8443
scheme: https
{{- if .Values.manager.ingress.tls }}
tls:
{{- if .Values.manager.ingress.secretName }}
secretName: {{ .Values.manager.ingress.secretName }}
{{- end }}
{{- end }}
{{- end -}}
2 changes: 1 addition & 1 deletion charts/core/templates/registry-adapter-ingress.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{{- if .Values.cve.adapter.enabled -}}

{{- if .Values.cve.adapter.ingress.enabled }}
{{- if and .Values.cve.adapter.ingress.enabled (not (.Values.cve.adapter.ingress.traefikIngressRoute)) }}
{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
apiVersion: networking.k8s.io/v1
kind: Ingress
Expand Down
32 changes: 32 additions & 0 deletions charts/core/templates/registry-adapter-traefik-ingressroute.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
{{- if and .Values.cve.adapter.ingress.enabled .Values.cve.adapter.ingress.traefikIngressRoute -}}
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: neuvector-registry-adapter-ingress
namespace: {{ .Release.Namespace }}
{{- with .Values.cve.adapter.ingress.annotations }}
annotations:
{{ toYaml . | indent 4 }}
{{- end }}
labels:
chart: {{ template "neuvector.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
spec:
entryPoints:
- websecure
routes:
- match: Host(`{{ .Values.cve.adapter.ingress.host }}`) && PathPrefix(`{{ .Values.cve.adapter.ingress.path }}`)
kind: Rule
services:
- name: neuvector-service-registry-adapter
passHostHeader: true
port: 9443
scheme: https
{{- if .Values.cve.adapter.ingress.tls }}
tls:
{{- if .Values.cve.adapter.ingress.secretName }}
secretName: {{ .Values.cve.adapter.ingress.secretName }}
{{- end }}
{{- end }}
{{- end -}}
5 changes: 5 additions & 0 deletions charts/core/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -175,6 +175,7 @@ controller:
# Federation Master Ingress
ingress:
enabled: false
traefikIngressRoute: false
host: # MUST be set, if ingress is enabled
ingressClassName: ""
path: "/" # or this could be "/api", but might need "rewrite-target" annotation
Expand Down Expand Up @@ -213,6 +214,7 @@ controller:
# Federation Managed Ingress
ingress:
enabled: false
traefikIngressRoute: false
host: # MUST be set, if ingress is enabled
ingressClassName: ""
path: "/" # or this could be "/api", but might need "rewrite-target" annotation
Expand Down Expand Up @@ -243,6 +245,7 @@ controller:
# -----END PRIVATE KEY-----
ingress:
enabled: false
traefikIngressRoute: false
host: # MUST be set, if ingress is enabled
ingressClassName: ""
path: "/" # or this could be "/api", but might need "rewrite-target" annotation
Expand Down Expand Up @@ -424,6 +427,7 @@ manager:
# -----END CERTIFICATE-----
ingress:
enabled: false
traefikIngressRoute: false
host: # MUST be set, if ingress is enabled
ingressClassName: ""
path: "/"
Expand Down Expand Up @@ -532,6 +536,7 @@ cve:
# -----END PRIVATE KEY-----
ingress:
enabled: false
traefikIngressRoute: false
host: # MUST be set, if ingress is enabled
ingressClassName: ""
path: "/"
Expand Down