diff --git a/proxy-scanner/README.md b/proxy-scanner/README.md index b7858af..c239c07 100644 --- a/proxy-scanner/README.md +++ b/proxy-scanner/README.md @@ -75,6 +75,7 @@ Values.yaml with the registry credentials as described above is MANDATORY. | `certs.serverCertificate` | Certificate for TLS authentication with the Admission controller | `N/A` | `NO` | | `certs.serverKey` | Certificate key for TLS authentication with the Admission controller | `N/A` | `NO` | | `config` | Registry credentials as specified in values.yaml | `N/A ` | `YES` | +| `ingress.enabled` | Ingress resource for webhook notification | `false` | `NO` | ## Issues and feedback diff --git a/proxy-scanner/templates/ingress.yaml b/proxy-scanner/templates/ingress.yaml new file mode 100644 index 0000000..675265d --- /dev/null +++ b/proxy-scanner/templates/ingress.yaml @@ -0,0 +1,32 @@ +{{- if .Values.ingress.enabled }} + +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ include "scanner.fullname" . }} + labels: + app: {{ include "scanner.fullname" . }} + chart: {{ include "scanner.fullname" . }} + release: {{ .Release.Name | quote }} + annotations: + {{- if .Values.ingress.certManager }} + kubernetes.io/tls-acme: "true" + {{- end }} + {{- range $key, $value := .Values.ingress.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} +spec: + rules: + {{- range .Values.ingress.hosts }} + - host: {{ .name }} + http: + paths: + - path: {{ default "/" .path }} + pathType: ImplementationSpecific + backend: + service: + name: {{ include "scanner.fullname" $ }} + port: + number: 8080 + {{- end }} +{{- end }} diff --git a/proxy-scanner/values.yaml b/proxy-scanner/values.yaml index 3def323..c533a17 100644 --- a/proxy-scanner/values.yaml +++ b/proxy-scanner/values.yaml @@ -63,4 +63,47 @@ config: certs: skipCert: true serverCertificate: - serverKey: \ No newline at end of file + serverKey: + +ingress: + ## Set to true to enable ingress record generation + enabled: false + + ## Set this to true in order to add the corresponding annotations for cert-manager + certManager: false + + ## Ingress annotations done as key:value pairs + ## For a full list of possible ingress annotations, please see + ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md + ## + ## If tls is set to true, annotation ingress.kubernetes.io/secure-backends: "true" will automatically be set + ## If certManager is set to true, annotation kubernetes.io/tls-acme: "true" will automatically be set + annotations: {} + # kubernetes.io/ingress.class: nginx + ingressClassName: {} + + ## The list of hostnames to be covered with this ingress record. + ## Most likely this will be just one host, but in the event more hosts are needed, this is an array + hosts: + - name: scanner.example.local + path: / + + ## Set this to true in order to enable TLS on the ingress record + tls: false + + ## If TLS is set to true, you must declare what secret will store the key/certificate for TLS + tlsSecret: scanner.tls + + secrets: + ## If you're providing your own certificates, please use this to add the certificates as secrets + ## key and certificate should start with -----BEGIN CERTIFICATE----- or + ## -----BEGIN RSA PRIVATE KEY----- + ## + ## name should line up with a tlsSecret set further up + ## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set + ## + ## It is also possible to create and manage the certificates outside of this helm chart + ## Please see README.md for more information + # - name: ghost.local-tls + # key: + # certificate: