Secure ingress path for Grafana and Kibana
The change enables TLS for the ingress path of Grafana and Kibana. Change-Id: I1bca5a3d78421873bff275d315ec0cca6682a498
This commit is contained in:
Lo, Chi (cl566n)
parent
31932af08c
commit
181cbf5599
|
|
@ -15,7 +15,7 @@ apiVersion: v1
|
|||
appVersion: v7.3.6
|
||||
description: OpenStack-Helm Grafana
|
||||
name: grafana
|
||||
version: 0.1.5
|
||||
version: 0.1.6
|
||||
home: https://grafana.com/
|
||||
sources:
|
||||
- https://github.com/grafana/grafana
|
||||
|
|
|
|||
|
|
@ -13,6 +13,10 @@ limitations under the License.
|
|||
*/}}
|
||||
|
||||
{{- if and .Values.manifests.ingress .Values.network.grafana.ingress.public }}
|
||||
{{- $ingressOpts := dict "envAll" . "backendService" "grafana" "backendServiceType" "grafana" "backendPort" "dashboard" -}}
|
||||
{{- $envAll := . -}}
|
||||
{{- $ingressOpts := dict "envAll" $envAll "backendService" "grafana" "backendServiceType" "grafana" "backendPort" "dashboard" -}}
|
||||
{{- if .Values.manifests.certificates -}}
|
||||
{{- $_ := set $ingressOpts "certIssuer" .Values.endpoints.grafana.host_fqdn_override.default.tls.issuerRef.name -}}
|
||||
{{- end -}}
|
||||
{{ $ingressOpts | include "helm-toolkit.manifests.ingress" }}
|
||||
{{- end }}
|
||||
|
|
|
|||
|
|
@ -26,6 +26,14 @@ conf:
|
|||
basicAuthPassword: {{ .Values.endpoints.monitoring.auth.user.password }}
|
||||
tlsCACert: $CACERT
|
||||
url: {{ $prom_uri }}
|
||||
endpoints:
|
||||
grafana:
|
||||
host_fqdn_override:
|
||||
default:
|
||||
tls:
|
||||
issuerRef:
|
||||
name: ca-issuer
|
||||
kind: ClusterIssuer
|
||||
manifests:
|
||||
certificates: true
|
||||
...
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@ apiVersion: v1
|
|||
appVersion: v7.1.0
|
||||
description: OpenStack-Helm Kibana
|
||||
name: kibana
|
||||
version: 0.1.3
|
||||
version: 0.1.4
|
||||
home: https://www.elastic.co/products/kibana
|
||||
sources:
|
||||
- https://github.com/elastic/kibana
|
||||
|
|
|
|||
|
|
@ -12,7 +12,12 @@ See the License for the specific language governing permissions and
|
|||
limitations under the License.
|
||||
*/}}
|
||||
|
||||
|
||||
{{- if and .Values.manifests.ingress .Values.network.kibana.ingress.public }}
|
||||
{{- $ingressOpts := dict "envAll" . "backendService" "kibana" "backendServiceType" "kibana" "backendPort" "http" -}}
|
||||
{{- $envAll := . -}}
|
||||
{{- $ingressOpts := dict "envAll" $envAll "backendService" "kibana" "backendServiceType" "kibana" "backendPort" "http" -}}
|
||||
{{- if .Values.manifests.certificates -}}
|
||||
{{- $_ := set $ingressOpts "certIssuer" .Values.endpoints.kibana.host_fqdn_override.default.tls.issuerRef.name -}}
|
||||
{{- end -}}
|
||||
{{ $ingressOpts | include "helm-toolkit.manifests.ingress" }}
|
||||
{{- end }}
|
||||
|
|
|
|||
|
|
@ -12,6 +12,13 @@ endpoints:
|
|||
port:
|
||||
http:
|
||||
default: 443
|
||||
kibana:
|
||||
host_fqdn_override:
|
||||
default:
|
||||
tls:
|
||||
issuerRef:
|
||||
name: ca-issuer
|
||||
kind: ClusterIssue
|
||||
manifests:
|
||||
certificates: true
|
||||
...
|
||||
|
|
|
|||
|
|
@ -6,4 +6,5 @@ grafana:
|
|||
- 0.1.3 Provision any dashboard as homepage
|
||||
- 0.1.4 Enable TLS for Grafana
|
||||
- 0.1.5 Enable TLS between Grafana and Prometheus
|
||||
- 0.1.6 Enable TLS for Grafana ingress path
|
||||
...
|
||||
|
|
|
|||
|
|
@ -4,4 +4,5 @@ kibana:
|
|||
- 0.1.1 Change helm-toolkit dependency version to ">= 0.1.0"
|
||||
- 0.1.2 Drop usage of fsGroup inside container
|
||||
- 0.1.3 Enable TLS with Elasticsearch
|
||||
- 0.1.4 Enable TLS for Kibana ingress path
|
||||
...
|
||||
|
|
|
|||
Loading…
Reference in New Issue