Option to configure additional no_procy env variable in console helm …

…chart (#2143)
deepfence · May 13, 2024 · 22604a8 · 22604a8
1 parent eaaf989
commit 22604a8
Show file tree

Hide file tree

Showing 13 changed files with 29 additions and 26 deletions.
diff --git a/deepfence_kafka/kafka_update_run.sh b/deepfence_kafka/kafka_update_run.sh
@@ -16,12 +16,12 @@ then
     KAFKA_NODE_ID=$((POD_NUMBER+1))
     KAFKA_BROKER_ID=$((POD_NUMBER+1))
     KAFKA_LISTENERS="PLAINTEXT://:9092,CONTROLLER://:9093"
-    KAFKA_ADVERTISED_LISTENERS="PLAINTEXT://$POD_NAME_WITHOUT_INDEX-$POD_NUMBER.$SERVICE.$NAMESPACE.svc:9092"
+    KAFKA_ADVERTISED_LISTENERS="PLAINTEXT://$POD_NAME_WITHOUT_INDEX-$POD_NUMBER.$SERVICE.$NAMESPACE.svc.$CLUSTER_DOMAIN:9092"
 
     KAFKA_CONTROLLER_QUORUM_VOTERS=""
     for i in $( seq 0 $REPLICAS); do
         if [[ $i != $REPLICAS ]]; then
-            KAFKA_CONTROLLER_QUORUM_VOTERS="$KAFKA_CONTROLLER_QUORUM_VOTERS$((i+1))@$POD_NAME_WITHOUT_INDEX-$i.$SERVICE.$NAMESPACE.svc:9093,"
+            KAFKA_CONTROLLER_QUORUM_VOTERS="$KAFKA_CONTROLLER_QUORUM_VOTERS$((i+1))@$POD_NAME_WITHOUT_INDEX-$i.$SERVICE.$NAMESPACE.svc.$CLUSTER_DOMAIN:9093,"
         else
             KAFKA_CONTROLLER_QUORUM_VOTERS=${KAFKA_CONTROLLER_QUORUM_VOTERS::-1}
         fi

diff --git a/deployment-scripts/helm-charts/deepfence-console/templates/database/kafka/kafka.yaml b/deployment-scripts/helm-charts/deepfence-console/templates/database/kafka/kafka.yaml
@@ -71,7 +71,9 @@ spec:
             - name: REPLICAS
               value: "{{ .Values.kafka.replicaCount }}"
             - name: SERVICE
-              value: {{ include "deepfence-console.fullname" . }}-kafka-broker.{{ .Release.Namespace  }}.svc.{{ .Values.router.cluster_domain }}
+              value: {{ include "deepfence-console.fullname" . }}-kafka-broker
+            - name: CLUSTER_DOMAIN
+              value: {{ .Values.global.cluster_domain }}
             - name: KAFKA_LOG_DIRS
               value: /data/kafka
           envFrom:

diff --git a/deployment-scripts/helm-charts/deepfence-console/templates/deepfence-agent.yaml b/deployment-scripts/helm-charts/deepfence-console/templates/deepfence-agent.yaml
@@ -89,11 +89,11 @@ spec:
               memory: {{ .Values.console_agents.agent.resources.limits.memory }}
           env:
             - name: MGMT_CONSOLE_URL_INTERNAL
-              value: {{ include "deepfence-console.fullname" . }}-server.{{ .Release.Namespace  }}.svc.{{ .Values.router.cluster_domain }}
+              value: {{ include "deepfence-console.fullname" . }}-server.{{ .Release.Namespace  }}.svc.{{ .Values.global.cluster_domain }}
             - name: MGMT_CONSOLE_PORT_INTERNAL
               value: "8081"
             - name: MGMT_CONSOLE_URL
-              value: {{ include "deepfence-console.fullname" . }}-router.{{ .Release.Namespace  }}.svc.{{ .Values.router.cluster_domain }}
+              value: {{ include "deepfence-console.fullname" . }}-router.{{ .Release.Namespace  }}.svc.{{ .Values.global.cluster_domain }}
             - name: MGMT_CONSOLE_PORT
               value: "443"
             - name: "DEEPFENCE_KEY"

diff --git a/deployment-scripts/helm-charts/deepfence-console/templates/deepfence-cluster-agent.yaml b/deployment-scripts/helm-charts/deepfence-console/templates/deepfence-cluster-agent.yaml
@@ -32,11 +32,11 @@ spec:
           imagePullPolicy: {{ .Values.console_agents.cluster_agent.image.pullPolicy }}
           env:
             - name: MGMT_CONSOLE_URL_INTERNAL
-              value: {{ include "deepfence-console.fullname" . }}-server.{{ .Release.Namespace  }}.svc.{{ .Values.router.cluster_domain }}
+              value: {{ include "deepfence-console.fullname" . }}-server.{{ .Release.Namespace  }}.svc.{{ .Values.global.cluster_domain }}
             - name: MGMT_CONSOLE_PORT_INTERNAL
               value: "8081"
             - name: MGMT_CONSOLE_URL
-              value: {{ include "deepfence-console.fullname" . }}-router.{{ .Release.Namespace  }}.svc.{{ .Values.router.cluster_domain }}
+              value: {{ include "deepfence-console.fullname" . }}-router.{{ .Release.Namespace  }}.svc.{{ .Values.global.cluster_domain }}
             - name: MGMT_CONSOLE_PORT
               value: "443"
             - name: "DEEPFENCE_KEY"

diff --git a/deployment-scripts/helm-charts/deepfence-console/templates/deepfence-console-config.yaml b/deployment-scripts/helm-charts/deepfence-console/templates/deepfence-console-config.yaml
@@ -11,7 +11,7 @@ data:
   DEEPFENCE_SAAS_DEPLOYMENT: "false"
   DEEPFENCE_TELEMETRY_ENABLED: "false"
   {{- if .Values.fileserver.create }}
-  DEEPFENCE_FILE_SERVER_HOST: {{ include "deepfence-console.fullname" . }}-file-server.{{ .Release.Namespace }}.svc.{{ .Values.router.cluster_domain }}
+  DEEPFENCE_FILE_SERVER_HOST: {{ include "deepfence-console.fullname" . }}-file-server.{{ .Release.Namespace }}.svc.{{ .Values.global.cluster_domain }}
   DEEPFENCE_FILE_SERVER_PORT: "9000"
   DEEPFENCE_FILE_SERVER_EXTERNAL: "false"
   {{- else }}
@@ -23,6 +23,5 @@ data:
   {{- if .Values.proxy.enabled }}
   http_proxy: {{ .Values.proxy.http_proxy }}
   https_proxy: {{ .Values.proxy.https_proxy }}
-  no_proxy: "127.0.0.1, localhost, {{ include "deepfence-console.fullname" . }}-file-server.{{ .Release.Namespace  }}.svc.{{ .Values.router.cluster_domain }}, {{ include "deepfence-console.fullname" . }}-postgres.{{ .Release.Namespace  }}.svc.{{ .Values.router.cluster_domain }}, {{ include "deepfence-console.fullname" . }}-redis.{{ .Release.Namespace  }}.svc.{{ .Values.router.cluster_domain }}, {{ include "deepfence-console.fullname" . }}-neo4j.{{ .Release.Namespace  }}.svc.{{ .Values.router.cluster_domain }}, {{ include "deepfence-console.fullname" . }}-kafka-broker.{{ .Release.Namespace  }}.svc.{{ .Values.router.cluster_domain }}, {{ include "deepfence-console.fullname" . }}-ui.{{ .Release.Namespace  }}.svc.{{ .Values.router.cluster_domain }}, {{ include "deepfence-console.fullname" . }}-server.{{ .Release.Namespace  }}.svc.{{ .Values.router.cluster_domain }}, {{ include "deepfence-console.fullname" . }}-router.{{ .Release.Namespace  }}.svc.{{ .Values.router.cluster_domain }}, *.{{ .Release.Namespace  }}.svc.{{ .Values.router.cluster_domain }}, *.{{ .Values.router.cluster_domain }}"
+  no_proxy: "127.0.0.1, localhost, {{ include "deepfence-console.fullname" . }}-file-server.{{ .Release.Namespace  }}.svc.{{ .Values.global.cluster_domain }}, {{ include "deepfence-console.fullname" . }}-postgres.{{ .Release.Namespace  }}.svc.{{ .Values.global.cluster_domain }}, {{ include "deepfence-console.fullname" . }}-redis.{{ .Release.Namespace  }}.svc.{{ .Values.global.cluster_domain }}, {{ include "deepfence-console.fullname" . }}-neo4j.{{ .Release.Namespace  }}.svc.{{ .Values.global.cluster_domain }}, {{ include "deepfence-console.fullname" . }}-kafka-broker.{{ .Release.Namespace  }}.svc.{{ .Values.global.cluster_domain }}, {{ include "deepfence-console.fullname" . }}-ui.{{ .Release.Namespace  }}.svc.{{ .Values.global.cluster_domain }}, {{ include "deepfence-console.fullname" . }}-server.{{ .Release.Namespace  }}.svc.{{ .Values.global.cluster_domain }}, {{ include "deepfence-console.fullname" . }}-router.{{ .Release.Namespace  }}.svc.{{ .Values.global.cluster_domain }}, *.{{ .Release.Namespace  }}.svc.{{ .Values.global.cluster_domain }}, *.{{ .Values.global.cluster_domain }}, {{ .Values.proxy.additional_no_proxy }}"
   {{- end }}
-
diff --git a/...scripts/helm-charts/deepfence-console/templates/deepfence-console-secrets/fileserver.yaml b/...scripts/helm-charts/deepfence-console/templates/deepfence-console-secrets/fileserver.yaml
@@ -9,7 +9,7 @@ metadata:
     {{- include "deepfence-console.labels" . | nindent 4 }}
     component: file-server
 stringData:
-  DEEPFENCE_FILE_SERVER_HOST: {{ include "deepfence-console.fullname" . }}-file-server.{{ .Release.Namespace }}.svc.{{ .Values.router.cluster_domain }}
+  DEEPFENCE_FILE_SERVER_HOST: {{ include "deepfence-console.fullname" . }}-file-server.{{ .Release.Namespace }}.svc.{{ .Values.global.cluster_domain }}
   DEEPFENCE_FILE_SERVER_PORT: "9000"
   DEEPFENCE_FILE_SERVER_SECURE: "false"
   DEEPFENCE_FILE_SERVER_BUCKET: default

diff --git a/...ment-scripts/helm-charts/deepfence-console/templates/deepfence-console-secrets/kafka.yaml b/...ment-scripts/helm-charts/deepfence-console/templates/deepfence-console-secrets/kafka.yaml
@@ -9,5 +9,5 @@ metadata:
     {{- include "deepfence-console.labels" . | nindent 4 }}
     component: kafka
 stringData:
-  DEEPFENCE_KAFKA_BROKERS: "{{ include "deepfence-console.fullname" . }}-kafka-broker.{{ .Release.Namespace }}.svc.{{ .Values.router.cluster_domain }}:9092"
+  DEEPFENCE_KAFKA_BROKERS: "{{ include "deepfence-console.fullname" . }}-kafka-broker.{{ .Release.Namespace }}.svc.{{ .Values.global.cluster_domain }}:9092"
 {{- end }}
diff --git a/...ment-scripts/helm-charts/deepfence-console/templates/deepfence-console-secrets/neo4j.yaml b/...ment-scripts/helm-charts/deepfence-console/templates/deepfence-console-secrets/neo4j.yaml
@@ -10,7 +10,7 @@ metadata:
     component: neo4j
 stringData:
   DEEPFENCE_NEO4J_BOLT_PORT: "7687"
-  DEEPFENCE_NEO4J_HOST: {{ include "deepfence-console.fullname" . }}-neo4j.{{ .Release.Namespace }}.svc.{{ .Values.router.cluster_domain }}
+  DEEPFENCE_NEO4J_HOST: {{ include "deepfence-console.fullname" . }}-neo4j.{{ .Release.Namespace }}.svc.{{ .Values.global.cluster_domain }}
   {{- if .Values.neo4j.secrets }}
   DEEPFENCE_NEO4J_USER: {{ (splitList "/" .Values.neo4j.secrets.NEO4J_AUTH) | first | quote }} 
   DEEPFENCE_NEO4J_PASSWORD: {{ (splitList "/" .Values.neo4j.secrets.NEO4J_AUTH) | last | quote }} 

diff --git a/...t-scripts/helm-charts/deepfence-console/templates/deepfence-console-secrets/postgres.yaml b/...t-scripts/helm-charts/deepfence-console/templates/deepfence-console-secrets/postgres.yaml
@@ -10,7 +10,7 @@ metadata:
     name: {{ include "deepfence-console.fullname" . }}-secrets-postgres
 stringData:
   DEEPFENCE_POSTGRES_USER_DB_PORT: "5432"
-  DEEPFENCE_POSTGRES_USER_DB_HOST: {{ include "deepfence-console.fullname" . }}-postgres.{{ .Release.Namespace }}.svc.{{ .Values.router.cluster_domain }}
+  DEEPFENCE_POSTGRES_USER_DB_HOST: {{ include "deepfence-console.fullname" . }}-postgres.{{ .Release.Namespace }}.svc.{{ .Values.global.cluster_domain }}
   DEEPFENCE_POSTGRES_USER_DB_SSLMODE: disable
   {{- if .Values.fileserver.secrets }}
   DEEPFENCE_POSTGRES_USER_DB_USER: {{ .Values.postgres.secrets.POSTGRES_USER | quote }}

diff --git a/...ment-scripts/helm-charts/deepfence-console/templates/deepfence-console-secrets/redis.yaml b/...ment-scripts/helm-charts/deepfence-console/templates/deepfence-console-secrets/redis.yaml
@@ -11,5 +11,5 @@ metadata:
 stringData:
   DEEPFENCE_REDIS_DB_NUMBER: "0"
   DEEPFENCE_REDIS_PORT: "6379"
-  DEEPFENCE_REDIS_HOST: {{ include "deepfence-console.fullname" . }}-redis.{{ .Release.Namespace }}.svc.{{ .Values.router.cluster_domain }}
+  DEEPFENCE_REDIS_HOST: {{ include "deepfence-console.fullname" . }}-redis.{{ .Release.Namespace }}.svc.{{ .Values.global.cluster_domain }}
 {{- end }}
diff --git a/deployment-scripts/helm-charts/deepfence-console/templates/deepfence-router.yaml b/deployment-scripts/helm-charts/deepfence-console/templates/deepfence-router.yaml
@@ -39,11 +39,11 @@ spec:
             - name: FORCE_HTTPS_REDIRECT
               value: "{{ .Values.router.forceHttpsRedirect }}"
             - name: UI_SERVICE_NAME
-              value: {{ include "deepfence-console.fullname" . }}-ui.{{ .Release.Namespace }}.svc.{{ .Values.router.cluster_domain }}
+              value: {{ include "deepfence-console.fullname" . }}-ui.{{ .Release.Namespace }}.svc.{{ .Values.global.cluster_domain }}
             - name: UI_SERVICE_PORT
               value: {{ .Values.ui.service.port | quote }}
             - name: API_SERVICE_HOST
-              value: {{ include "deepfence-console.fullname" . }}-server.{{ .Release.Namespace }}.svc.{{ .Values.router.cluster_domain }}
+              value: {{ include "deepfence-console.fullname" . }}-server.{{ .Release.Namespace }}.svc.{{ .Values.global.cluster_domain }}
             - name: API_SERVICE_PORT
               value: {{ .Values.server.service.port | quote }}
           envFrom:

diff --git a/deployment-scripts/helm-charts/deepfence-console/values.yaml b/deployment-scripts/helm-charts/deepfence-console/values.yaml
@@ -14,7 +14,10 @@ global:
   # this image tag is used everywhere for console services
   # to override set tag at service level
   imageTag: 2.2.1
-  storageClass: ""
+  storageClass: "standard"
+  # used in service name generation
+  # <service>.<namespace>.svc.<cluster_domain>
+  cluster_domain: "cluster.local"
 
 serviceAccount:
   # Specifies whether a service account should be created
@@ -42,6 +45,8 @@ proxy:
   # Example: http://my.internal.server:port
   http_proxy: ""
   https_proxy: ""
+  # Domains or ip addresses to add in no_proxy env variable, comma-separated string
+  additional_no_proxy: ""
 
 kafka:
   # Specifies whether a kafka cluster should be created
@@ -278,9 +283,6 @@ router:
     # Overrides the image tag whose default is .global.imageTag
     # tag: 2.2.1
   forceHttpsRedirect: true
-  # used to in service name generation
-  # <service>.<namespace>.svc.<cluster_domain>
-  cluster_domain: "cluster.local"
   podAnnotations: {}
   podSecurityContext: {}
   securityContext: {}

diff --git a/deployment-scripts/helm-charts/index.yaml b/deployment-scripts/helm-charts/index.yaml
@@ -3,7 +3,7 @@ entries:
   deepfence-agent:
   - apiVersion: v2
     appVersion: 2.2.1
-    created: "2024-05-13T12:20:52.97059+05:30"
+    created: "2024-05-13T15:42:47.596024+05:30"
     description: Deepfence Agent - Helm chart for Kubernetes
     digest: 501493788e763d7faa261ee296333b541f13eb57152e63e9a366b693838fce08
     name: deepfence-agent
@@ -274,9 +274,9 @@ entries:
   deepfence-console:
   - apiVersion: v2
     appVersion: 2.2.1
-    created: "2024-05-13T12:20:52.97185+05:30"
+    created: "2024-05-13T15:42:47.59834+05:30"
     description: A Helm chart for Kubernetes
-    digest: 99a1805a9e2c3d5dd297a50dc00f92722d869c9e4a710f947de499688d65c2a4
+    digest: 706c425180142234a7339178d9d9680f666e5ef28137d996fc6661263be2225e
     name: deepfence-console
     type: application
     urls:
@@ -555,7 +555,7 @@ entries:
   deepfence-router:
   - apiVersion: v2
     appVersion: 2.2.1
-    created: "2024-05-13T12:20:52.972332+05:30"
+    created: "2024-05-13T15:42:47.598917+05:30"
     description: Deepfence Router - Helm chart for Kubernetes
     digest: d2e9d95cdc8fd5081f8a9e577f88513bf353c86e738cc63732dc1170490590a0
     name: deepfence-router
@@ -723,4 +723,4 @@ entries:
     urls:
     - deepfence-router-1.0.0.tgz
     version: 1.0.0
-generated: "2024-05-13T12:20:52.969828+05:30"
+generated: "2024-05-13T15:42:47.59521+05:30"