diff --git a/deepfence_kafka/kafka_update_run.sh b/deepfence_kafka/kafka_update_run.sh index dd4285962b..ddbdcf6c38 100755 --- a/deepfence_kafka/kafka_update_run.sh +++ b/deepfence_kafka/kafka_update_run.sh @@ -16,12 +16,12 @@ then KAFKA_NODE_ID=$((POD_NUMBER+1)) KAFKA_BROKER_ID=$((POD_NUMBER+1)) KAFKA_LISTENERS="PLAINTEXT://:9092,CONTROLLER://:9093" - KAFKA_ADVERTISED_LISTENERS="PLAINTEXT://$POD_NAME_WITHOUT_INDEX-$POD_NUMBER.$SERVICE.$NAMESPACE.svc:9092" + KAFKA_ADVERTISED_LISTENERS="PLAINTEXT://$POD_NAME_WITHOUT_INDEX-$POD_NUMBER.$SERVICE.$NAMESPACE.svc.$CLUSTER_DOMAIN:9092" KAFKA_CONTROLLER_QUORUM_VOTERS="" for i in $( seq 0 $REPLICAS); do if [[ $i != $REPLICAS ]]; then - KAFKA_CONTROLLER_QUORUM_VOTERS="$KAFKA_CONTROLLER_QUORUM_VOTERS$((i+1))@$POD_NAME_WITHOUT_INDEX-$i.$SERVICE.$NAMESPACE.svc:9093," + KAFKA_CONTROLLER_QUORUM_VOTERS="$KAFKA_CONTROLLER_QUORUM_VOTERS$((i+1))@$POD_NAME_WITHOUT_INDEX-$i.$SERVICE.$NAMESPACE.svc.$CLUSTER_DOMAIN:9093," else KAFKA_CONTROLLER_QUORUM_VOTERS=${KAFKA_CONTROLLER_QUORUM_VOTERS::-1} fi diff --git a/deployment-scripts/helm-charts/deepfence-console/templates/database/kafka/kafka.yaml b/deployment-scripts/helm-charts/deepfence-console/templates/database/kafka/kafka.yaml index e2f7fde086..3fa8219f13 100644 --- a/deployment-scripts/helm-charts/deepfence-console/templates/database/kafka/kafka.yaml +++ b/deployment-scripts/helm-charts/deepfence-console/templates/database/kafka/kafka.yaml @@ -71,7 +71,9 @@ spec: - name: REPLICAS value: "{{ .Values.kafka.replicaCount }}" - name: SERVICE - value: {{ include "deepfence-console.fullname" . }}-kafka-broker.{{ .Release.Namespace }}.svc.{{ .Values.router.cluster_domain }} + value: {{ include "deepfence-console.fullname" . }}-kafka-broker + - name: CLUSTER_DOMAIN + value: {{ .Values.global.cluster_domain }} - name: KAFKA_LOG_DIRS value: /data/kafka envFrom: diff --git a/deployment-scripts/helm-charts/deepfence-console/templates/deepfence-agent.yaml b/deployment-scripts/helm-charts/deepfence-console/templates/deepfence-agent.yaml index eecbdaef8e..1cb297ab4f 100644 --- a/deployment-scripts/helm-charts/deepfence-console/templates/deepfence-agent.yaml +++ b/deployment-scripts/helm-charts/deepfence-console/templates/deepfence-agent.yaml @@ -89,11 +89,11 @@ spec: memory: {{ .Values.console_agents.agent.resources.limits.memory }} env: - name: MGMT_CONSOLE_URL_INTERNAL - value: {{ include "deepfence-console.fullname" . }}-server.{{ .Release.Namespace }}.svc.{{ .Values.router.cluster_domain }} + value: {{ include "deepfence-console.fullname" . }}-server.{{ .Release.Namespace }}.svc.{{ .Values.global.cluster_domain }} - name: MGMT_CONSOLE_PORT_INTERNAL value: "8081" - name: MGMT_CONSOLE_URL - value: {{ include "deepfence-console.fullname" . }}-router.{{ .Release.Namespace }}.svc.{{ .Values.router.cluster_domain }} + value: {{ include "deepfence-console.fullname" . }}-router.{{ .Release.Namespace }}.svc.{{ .Values.global.cluster_domain }} - name: MGMT_CONSOLE_PORT value: "443" - name: "DEEPFENCE_KEY" diff --git a/deployment-scripts/helm-charts/deepfence-console/templates/deepfence-cluster-agent.yaml b/deployment-scripts/helm-charts/deepfence-console/templates/deepfence-cluster-agent.yaml index 21e89663dc..e4183d08cc 100644 --- a/deployment-scripts/helm-charts/deepfence-console/templates/deepfence-cluster-agent.yaml +++ b/deployment-scripts/helm-charts/deepfence-console/templates/deepfence-cluster-agent.yaml @@ -32,11 +32,11 @@ spec: imagePullPolicy: {{ .Values.console_agents.cluster_agent.image.pullPolicy }} env: - name: MGMT_CONSOLE_URL_INTERNAL - value: {{ include "deepfence-console.fullname" . }}-server.{{ .Release.Namespace }}.svc.{{ .Values.router.cluster_domain }} + value: {{ include "deepfence-console.fullname" . }}-server.{{ .Release.Namespace }}.svc.{{ .Values.global.cluster_domain }} - name: MGMT_CONSOLE_PORT_INTERNAL value: "8081" - name: MGMT_CONSOLE_URL - value: {{ include "deepfence-console.fullname" . }}-router.{{ .Release.Namespace }}.svc.{{ .Values.router.cluster_domain }} + value: {{ include "deepfence-console.fullname" . }}-router.{{ .Release.Namespace }}.svc.{{ .Values.global.cluster_domain }} - name: MGMT_CONSOLE_PORT value: "443" - name: "DEEPFENCE_KEY" diff --git a/deployment-scripts/helm-charts/deepfence-console/templates/deepfence-console-config.yaml b/deployment-scripts/helm-charts/deepfence-console/templates/deepfence-console-config.yaml index 450ca9f19f..47a5d81b47 100644 --- a/deployment-scripts/helm-charts/deepfence-console/templates/deepfence-console-config.yaml +++ b/deployment-scripts/helm-charts/deepfence-console/templates/deepfence-console-config.yaml @@ -11,7 +11,7 @@ data: DEEPFENCE_SAAS_DEPLOYMENT: "false" DEEPFENCE_TELEMETRY_ENABLED: "false" {{- if .Values.fileserver.create }} - DEEPFENCE_FILE_SERVER_HOST: {{ include "deepfence-console.fullname" . }}-file-server.{{ .Release.Namespace }}.svc.{{ .Values.router.cluster_domain }} + DEEPFENCE_FILE_SERVER_HOST: {{ include "deepfence-console.fullname" . }}-file-server.{{ .Release.Namespace }}.svc.{{ .Values.global.cluster_domain }} DEEPFENCE_FILE_SERVER_PORT: "9000" DEEPFENCE_FILE_SERVER_EXTERNAL: "false" {{- else }} @@ -23,6 +23,5 @@ data: {{- if .Values.proxy.enabled }} http_proxy: {{ .Values.proxy.http_proxy }} https_proxy: {{ .Values.proxy.https_proxy }} - no_proxy: "127.0.0.1, localhost, {{ include "deepfence-console.fullname" . }}-file-server.{{ .Release.Namespace }}.svc.{{ .Values.router.cluster_domain }}, {{ include "deepfence-console.fullname" . }}-postgres.{{ .Release.Namespace }}.svc.{{ .Values.router.cluster_domain }}, {{ include "deepfence-console.fullname" . }}-redis.{{ .Release.Namespace }}.svc.{{ .Values.router.cluster_domain }}, {{ include "deepfence-console.fullname" . }}-neo4j.{{ .Release.Namespace }}.svc.{{ .Values.router.cluster_domain }}, {{ include "deepfence-console.fullname" . }}-kafka-broker.{{ .Release.Namespace }}.svc.{{ .Values.router.cluster_domain }}, {{ include "deepfence-console.fullname" . }}-ui.{{ .Release.Namespace }}.svc.{{ .Values.router.cluster_domain }}, {{ include "deepfence-console.fullname" . }}-server.{{ .Release.Namespace }}.svc.{{ .Values.router.cluster_domain }}, {{ include "deepfence-console.fullname" . }}-router.{{ .Release.Namespace }}.svc.{{ .Values.router.cluster_domain }}, *.{{ .Release.Namespace }}.svc.{{ .Values.router.cluster_domain }}, *.{{ .Values.router.cluster_domain }}" + no_proxy: "127.0.0.1, localhost, {{ include "deepfence-console.fullname" . }}-file-server.{{ .Release.Namespace }}.svc.{{ .Values.global.cluster_domain }}, {{ include "deepfence-console.fullname" . }}-postgres.{{ .Release.Namespace }}.svc.{{ .Values.global.cluster_domain }}, {{ include "deepfence-console.fullname" . }}-redis.{{ .Release.Namespace }}.svc.{{ .Values.global.cluster_domain }}, {{ include "deepfence-console.fullname" . }}-neo4j.{{ .Release.Namespace }}.svc.{{ .Values.global.cluster_domain }}, {{ include "deepfence-console.fullname" . }}-kafka-broker.{{ .Release.Namespace }}.svc.{{ .Values.global.cluster_domain }}, {{ include "deepfence-console.fullname" . }}-ui.{{ .Release.Namespace }}.svc.{{ .Values.global.cluster_domain }}, {{ include "deepfence-console.fullname" . }}-server.{{ .Release.Namespace }}.svc.{{ .Values.global.cluster_domain }}, {{ include "deepfence-console.fullname" . }}-router.{{ .Release.Namespace }}.svc.{{ .Values.global.cluster_domain }}, *.{{ .Release.Namespace }}.svc.{{ .Values.global.cluster_domain }}, *.{{ .Values.global.cluster_domain }}, {{ .Values.proxy.additional_no_proxy }}" {{- end }} - diff --git a/deployment-scripts/helm-charts/deepfence-console/templates/deepfence-console-secrets/fileserver.yaml b/deployment-scripts/helm-charts/deepfence-console/templates/deepfence-console-secrets/fileserver.yaml index e6bf23dad8..66ad48a9b7 100644 --- a/deployment-scripts/helm-charts/deepfence-console/templates/deepfence-console-secrets/fileserver.yaml +++ b/deployment-scripts/helm-charts/deepfence-console/templates/deepfence-console-secrets/fileserver.yaml @@ -9,7 +9,7 @@ metadata: {{- include "deepfence-console.labels" . | nindent 4 }} component: file-server stringData: - DEEPFENCE_FILE_SERVER_HOST: {{ include "deepfence-console.fullname" . }}-file-server.{{ .Release.Namespace }}.svc.{{ .Values.router.cluster_domain }} + DEEPFENCE_FILE_SERVER_HOST: {{ include "deepfence-console.fullname" . }}-file-server.{{ .Release.Namespace }}.svc.{{ .Values.global.cluster_domain }} DEEPFENCE_FILE_SERVER_PORT: "9000" DEEPFENCE_FILE_SERVER_SECURE: "false" DEEPFENCE_FILE_SERVER_BUCKET: default diff --git a/deployment-scripts/helm-charts/deepfence-console/templates/deepfence-console-secrets/kafka.yaml b/deployment-scripts/helm-charts/deepfence-console/templates/deepfence-console-secrets/kafka.yaml index 1e60abb989..bc025c6e50 100644 --- a/deployment-scripts/helm-charts/deepfence-console/templates/deepfence-console-secrets/kafka.yaml +++ b/deployment-scripts/helm-charts/deepfence-console/templates/deepfence-console-secrets/kafka.yaml @@ -9,5 +9,5 @@ metadata: {{- include "deepfence-console.labels" . | nindent 4 }} component: kafka stringData: - DEEPFENCE_KAFKA_BROKERS: "{{ include "deepfence-console.fullname" . }}-kafka-broker.{{ .Release.Namespace }}.svc.{{ .Values.router.cluster_domain }}:9092" + DEEPFENCE_KAFKA_BROKERS: "{{ include "deepfence-console.fullname" . }}-kafka-broker.{{ .Release.Namespace }}.svc.{{ .Values.global.cluster_domain }}:9092" {{- end }} diff --git a/deployment-scripts/helm-charts/deepfence-console/templates/deepfence-console-secrets/neo4j.yaml b/deployment-scripts/helm-charts/deepfence-console/templates/deepfence-console-secrets/neo4j.yaml index 07e96a3961..700e8a6938 100644 --- a/deployment-scripts/helm-charts/deepfence-console/templates/deepfence-console-secrets/neo4j.yaml +++ b/deployment-scripts/helm-charts/deepfence-console/templates/deepfence-console-secrets/neo4j.yaml @@ -10,7 +10,7 @@ metadata: component: neo4j stringData: DEEPFENCE_NEO4J_BOLT_PORT: "7687" - DEEPFENCE_NEO4J_HOST: {{ include "deepfence-console.fullname" . }}-neo4j.{{ .Release.Namespace }}.svc.{{ .Values.router.cluster_domain }} + DEEPFENCE_NEO4J_HOST: {{ include "deepfence-console.fullname" . }}-neo4j.{{ .Release.Namespace }}.svc.{{ .Values.global.cluster_domain }} {{- if .Values.neo4j.secrets }} DEEPFENCE_NEO4J_USER: {{ (splitList "/" .Values.neo4j.secrets.NEO4J_AUTH) | first | quote }} DEEPFENCE_NEO4J_PASSWORD: {{ (splitList "/" .Values.neo4j.secrets.NEO4J_AUTH) | last | quote }} diff --git a/deployment-scripts/helm-charts/deepfence-console/templates/deepfence-console-secrets/postgres.yaml b/deployment-scripts/helm-charts/deepfence-console/templates/deepfence-console-secrets/postgres.yaml index 736fa64497..2bc1d8235f 100644 --- a/deployment-scripts/helm-charts/deepfence-console/templates/deepfence-console-secrets/postgres.yaml +++ b/deployment-scripts/helm-charts/deepfence-console/templates/deepfence-console-secrets/postgres.yaml @@ -10,7 +10,7 @@ metadata: name: {{ include "deepfence-console.fullname" . }}-secrets-postgres stringData: DEEPFENCE_POSTGRES_USER_DB_PORT: "5432" - DEEPFENCE_POSTGRES_USER_DB_HOST: {{ include "deepfence-console.fullname" . }}-postgres.{{ .Release.Namespace }}.svc.{{ .Values.router.cluster_domain }} + DEEPFENCE_POSTGRES_USER_DB_HOST: {{ include "deepfence-console.fullname" . }}-postgres.{{ .Release.Namespace }}.svc.{{ .Values.global.cluster_domain }} DEEPFENCE_POSTGRES_USER_DB_SSLMODE: disable {{- if .Values.fileserver.secrets }} DEEPFENCE_POSTGRES_USER_DB_USER: {{ .Values.postgres.secrets.POSTGRES_USER | quote }} diff --git a/deployment-scripts/helm-charts/deepfence-console/templates/deepfence-console-secrets/redis.yaml b/deployment-scripts/helm-charts/deepfence-console/templates/deepfence-console-secrets/redis.yaml index ce10c95c69..efbb9f0655 100644 --- a/deployment-scripts/helm-charts/deepfence-console/templates/deepfence-console-secrets/redis.yaml +++ b/deployment-scripts/helm-charts/deepfence-console/templates/deepfence-console-secrets/redis.yaml @@ -11,5 +11,5 @@ metadata: stringData: DEEPFENCE_REDIS_DB_NUMBER: "0" DEEPFENCE_REDIS_PORT: "6379" - DEEPFENCE_REDIS_HOST: {{ include "deepfence-console.fullname" . }}-redis.{{ .Release.Namespace }}.svc.{{ .Values.router.cluster_domain }} + DEEPFENCE_REDIS_HOST: {{ include "deepfence-console.fullname" . }}-redis.{{ .Release.Namespace }}.svc.{{ .Values.global.cluster_domain }} {{- end }} diff --git a/deployment-scripts/helm-charts/deepfence-console/templates/deepfence-router.yaml b/deployment-scripts/helm-charts/deepfence-console/templates/deepfence-router.yaml index 4d6cb70b97..aaebfb0bc9 100644 --- a/deployment-scripts/helm-charts/deepfence-console/templates/deepfence-router.yaml +++ b/deployment-scripts/helm-charts/deepfence-console/templates/deepfence-router.yaml @@ -39,11 +39,11 @@ spec: - name: FORCE_HTTPS_REDIRECT value: "{{ .Values.router.forceHttpsRedirect }}" - name: UI_SERVICE_NAME - value: {{ include "deepfence-console.fullname" . }}-ui.{{ .Release.Namespace }}.svc.{{ .Values.router.cluster_domain }} + value: {{ include "deepfence-console.fullname" . }}-ui.{{ .Release.Namespace }}.svc.{{ .Values.global.cluster_domain }} - name: UI_SERVICE_PORT value: {{ .Values.ui.service.port | quote }} - name: API_SERVICE_HOST - value: {{ include "deepfence-console.fullname" . }}-server.{{ .Release.Namespace }}.svc.{{ .Values.router.cluster_domain }} + value: {{ include "deepfence-console.fullname" . }}-server.{{ .Release.Namespace }}.svc.{{ .Values.global.cluster_domain }} - name: API_SERVICE_PORT value: {{ .Values.server.service.port | quote }} envFrom: diff --git a/deployment-scripts/helm-charts/deepfence-console/values.yaml b/deployment-scripts/helm-charts/deepfence-console/values.yaml index 48ab226f2c..49680ea476 100644 --- a/deployment-scripts/helm-charts/deepfence-console/values.yaml +++ b/deployment-scripts/helm-charts/deepfence-console/values.yaml @@ -14,7 +14,10 @@ global: # this image tag is used everywhere for console services # to override set tag at service level imageTag: 2.2.1 - storageClass: "" + storageClass: "standard" + # used in service name generation + # ..svc. + cluster_domain: "cluster.local" serviceAccount: # Specifies whether a service account should be created @@ -42,6 +45,8 @@ proxy: # Example: http://my.internal.server:port http_proxy: "" https_proxy: "" + # Domains or ip addresses to add in no_proxy env variable, comma-separated string + additional_no_proxy: "" kafka: # Specifies whether a kafka cluster should be created @@ -278,9 +283,6 @@ router: # Overrides the image tag whose default is .global.imageTag # tag: 2.2.1 forceHttpsRedirect: true - # used to in service name generation - # ..svc. - cluster_domain: "cluster.local" podAnnotations: {} podSecurityContext: {} securityContext: {} diff --git a/deployment-scripts/helm-charts/index.yaml b/deployment-scripts/helm-charts/index.yaml index fe7560db8a..8fae575276 100644 --- a/deployment-scripts/helm-charts/index.yaml +++ b/deployment-scripts/helm-charts/index.yaml @@ -3,7 +3,7 @@ entries: deepfence-agent: - apiVersion: v2 appVersion: 2.2.1 - created: "2024-05-13T12:20:52.97059+05:30" + created: "2024-05-13T15:42:47.596024+05:30" description: Deepfence Agent - Helm chart for Kubernetes digest: 501493788e763d7faa261ee296333b541f13eb57152e63e9a366b693838fce08 name: deepfence-agent @@ -274,9 +274,9 @@ entries: deepfence-console: - apiVersion: v2 appVersion: 2.2.1 - created: "2024-05-13T12:20:52.97185+05:30" + created: "2024-05-13T15:42:47.59834+05:30" description: A Helm chart for Kubernetes - digest: 99a1805a9e2c3d5dd297a50dc00f92722d869c9e4a710f947de499688d65c2a4 + digest: 706c425180142234a7339178d9d9680f666e5ef28137d996fc6661263be2225e name: deepfence-console type: application urls: @@ -555,7 +555,7 @@ entries: deepfence-router: - apiVersion: v2 appVersion: 2.2.1 - created: "2024-05-13T12:20:52.972332+05:30" + created: "2024-05-13T15:42:47.598917+05:30" description: Deepfence Router - Helm chart for Kubernetes digest: d2e9d95cdc8fd5081f8a9e577f88513bf353c86e738cc63732dc1170490590a0 name: deepfence-router @@ -723,4 +723,4 @@ entries: urls: - deepfence-router-1.0.0.tgz version: 1.0.0 -generated: "2024-05-13T12:20:52.969828+05:30" +generated: "2024-05-13T15:42:47.59521+05:30"