Disable TLS on ingress for various radar services

RADAR-base · Jul 24, 2024 · b62d460 · b62d460
1 parent c77d560
commit b62d460
Show file tree

Hide file tree

Showing 36 changed files with 120 additions and 108 deletions.
diff --git a/charts/app-config/Chart.yaml b/charts/app-config/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: "0.5.0"
 description: A Helm chart for RADAR-base application config (app-config) backend service which is used as mobile app configuration engine with per-project and per-user configuration.
 name: app-config
-version: 1.1.1
+version: 1.2.0
 icon: "http://radar-base.org/wp-content/uploads/2022/09/Logo_RADAR-Base-RGB.png"
 sources:
 - https://github.com/RADAR-base/radar-helm-charts/tree/main/charts/app-config

diff --git a/charts/app-config/README.md b/charts/app-config/README.md
@@ -3,7 +3,7 @@
 # app-config
 [![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/app-config)](https://artifacthub.io/packages/helm/radar-base/app-config)
 
-![Version: 1.1.1](https://img.shields.io/badge/Version-1.1.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.5.0](https://img.shields.io/badge/AppVersion-0.5.0-informational?style=flat-square)
+![Version: 1.2.0](https://img.shields.io/badge/Version-1.2.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.5.0](https://img.shields.io/badge/AppVersion-0.5.0-informational?style=flat-square)
 
 A Helm chart for RADAR-base application config (app-config) backend service which is used as mobile app configuration engine with per-project and per-user configuration.
 
@@ -45,6 +45,7 @@ A Helm chart for RADAR-base application config (app-config) backend service whic
 | securityContext | object | `{}` | Configure Appconfig containers' Security Context |
 | service.type | string | `"ClusterIP"` | Kubernetes Service type |
 | service.port | int | `8090` | Appconfig port |
+| disable_tls | bool | `false` | Disable TLS (reconfigures Ingress and sets URLs to use HTTP) |
 | ingress.enabled | bool | `true` | Enable ingress controller resource |
 | ingress.annotations | object | check values.yaml | Annotations that define default ingress class, certificate issuer |
 | ingress.path | string | `"/appconfig/api"` | Path within the url structure |

diff --git a/charts/app-config/templates/ingress.yaml b/charts/app-config/templates/ingress.yaml
@@ -20,7 +20,7 @@ metadata:
   {{- end }}
 spec:
   ingressClassName: {{ .Values.ingress.ingressClassName | quote }}
-{{- if .Values.ingress.tls }}
+{{- if and .Values.ingress.tls (not ) }}
   tls:
     - hosts:
       {{- range $hosts }}

diff --git a/charts/app-config/values.yaml b/charts/app-config/values.yaml
@@ -50,6 +50,9 @@ service:
   # -- Appconfig port
   port: 8090
 
+# -- Disable TLS (reconfigures Ingress and sets URLs to use HTTP)
+disable_tls: false
+
 ingress:
   # -- Enable ingress controller resource
   enabled: true

diff --git a/charts/cc-schema-registry-proxy/Chart.yaml b/charts/cc-schema-registry-proxy/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: "1.0"
 description: A Helm chart for Confluent Cloud schema registry proxy. This proxy service is used when RADAR-base platform is used with Confluent Cloud based schema registry. It forwards requests to schema registry with an additonal basic authentication header with Confluent Cloud schema registry credentials. This service will be enabled if `cc.enabled = true`.
 name: cc-schema-registry-proxy
-version: 0.2.4
+version: 0.3.0
 type: application
 home: "https://radar-base.org"
 icon: "http://radar-base.org/wp-content/uploads/2022/09/Logo_RADAR-Base-RGB.png"

diff --git a/charts/cc-schema-registry-proxy/README.md b/charts/cc-schema-registry-proxy/README.md
@@ -3,7 +3,7 @@
 # cc-schema-registry-proxy
 [![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/cc-schema-registry-proxy)](https://artifacthub.io/packages/helm/radar-base/cc-schema-registry-proxy)
 
-![Version: 0.2.4](https://img.shields.io/badge/Version-0.2.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.0](https://img.shields.io/badge/AppVersion-1.0-informational?style=flat-square)
+![Version: 0.3.0](https://img.shields.io/badge/Version-0.3.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.0](https://img.shields.io/badge/AppVersion-1.0-informational?style=flat-square)
 
 A Helm chart for Confluent Cloud schema registry proxy. This proxy service is used when RADAR-base platform is used with Confluent Cloud based schema registry. It forwards requests to schema registry with an additonal basic authentication header with Confluent Cloud schema registry credentials. This service will be enabled if `cc.enabled = true`.
 
@@ -34,6 +34,7 @@ A Helm chart for Confluent Cloud schema registry proxy. This proxy service is us
 | service.type | string | `"ExternalName"` | Kubernetes Service type, |
 | service.externalName | string | `"schema-registry-domain"` | Domain name used for pointing to actual schema registry instance |
 | service.port | int | `443` | Port number to connect to Confluent platform |
+| disable_tls | bool | `false` | Disable TLS (reconfigures Ingress and sets URLs to use HTTP) |
 | ingress.enabled | bool | `true` | Enable ingress controller resource |
 | ingress.annotations | object | check values.yaml | Annotations that define default ingress class, certificate issuer |
 | ingress.path | string | `"/schema/?(.*)"` | Path within the url structure |

diff --git a/charts/cc-schema-registry-proxy/templates/ingress.yaml b/charts/cc-schema-registry-proxy/templates/ingress.yaml
@@ -27,7 +27,7 @@ metadata:
     nginx.ingress.kubernetes.io/upstream-vhost: {{ $externalName }}
   {{- end }}
 spec:
-{{- if .Values.ingress.tls }}
+{{- if and .Values.ingress.tls (not .Values.disable_tls) }}
   tls:
     - hosts:
       {{- range $hosts }}

diff --git a/charts/cc-schema-registry-proxy/values.yaml b/charts/cc-schema-registry-proxy/values.yaml
@@ -9,6 +9,9 @@ service:
   # -- Port number to connect to Confluent platform
   port: 443
 
+# -- Disable TLS (reconfigures Ingress and sets URLs to use HTTP)
+disable_tls: false
+
 ingress:
   # -- Enable ingress controller resource
   enabled: true

diff --git a/charts/data-dashboard-backend/Chart.yaml b/charts/data-dashboard-backend/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: "0.1.7"
 name: data-dashboard-backend
 description: API for data in the data dashboard
-version: 0.2.3
+version: 0.3.0
 sources: ["https://github.com/thehyve/radar-data-dashboard-backend"]
 deprecated: false
 type: application

diff --git a/charts/data-dashboard-backend/README.md b/charts/data-dashboard-backend/README.md
@@ -2,7 +2,7 @@
 
 # data-dashboard-backend
 
-![Version: 0.2.3](https://img.shields.io/badge/Version-0.2.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.1.7](https://img.shields.io/badge/AppVersion-0.1.7-informational?style=flat-square)
+![Version: 0.3.0](https://img.shields.io/badge/Version-0.3.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.1.7](https://img.shields.io/badge/AppVersion-0.1.7-informational?style=flat-square)
 
 API for data in the data dashboard
 
@@ -41,6 +41,7 @@ API for data in the data dashboard
 | securityContext | object | `{}` | Configure container's Security Context |
 | service.type | string | `"ClusterIP"` | Kubernetes Service type |
 | service.port | int | `9000` | data-dashboard-backend port |
+| disable_tls | bool | `false` | Disable TLS (reconfigures Ingress and sets URLs to use HTTP) |
 | ingress.enabled | bool | `true` | Enable ingress controller resource |
 | ingress.ingressClassName | string | `"nginx"` | Ingress class name |
 | ingress.annotations | object | check values.yaml | Annotations that define default ingress class, certificate issuer |

diff --git a/charts/data-dashboard-backend/templates/ingress.yaml b/charts/data-dashboard-backend/templates/ingress.yaml
@@ -20,7 +20,7 @@ metadata:
   {{- end }}
 spec:
   ingressClassName: {{ .Values.ingress.ingressClassName | quote }}
-  {{- if .Values.ingress.tls }}
+  {{- if and .Values.ingress.tls (not .Values.disable_tls) }}
   tls:
     - hosts:
         {{- range .Values.ingress.hosts }}

diff --git a/charts/data-dashboard-backend/values.yaml b/charts/data-dashboard-backend/values.yaml
@@ -40,6 +40,9 @@ service:
   # -- data-dashboard-backend port
   port: 9000
 
+# -- Disable TLS (reconfigures Ingress and sets URLs to use HTTP)
+disable_tls: false
+
 ingress:
   # -- Enable ingress controller resource
   enabled: true

diff --git a/charts/kafka-manager/Chart.yaml b/charts/kafka-manager/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v2
 name: kafka-manager
-version: 2.1.6
+version: 2.2.0
 appVersion: 1.3.3.18
 kubeVersion: "^1.8.0-0"
 description: A tool for managing Apache Kafka.

diff --git a/charts/kafka-manager/README.md b/charts/kafka-manager/README.md
@@ -1,84 +1,61 @@
-# Kafka Manager Helm Chart
 
-[Kafka Manager](https://github.com/yahoo/kafka-manager) is a tool for managing [Apache Kafka](http://kafka.apache.org/).
 
-## TL;DR;
-
-```bash
-$ helm install stable/kafka-manager
-```
-
-## Prerequisites
-
-- Kubernetes 1.9+ with Beta APIs enabled
-
-## Installing the Chart
-
-To install the chart with the release name `my-release`:
-
-```bash
-$ helm install --name my-release stable/kafka-manager
-```
-
-The command deploys Kafka Manager on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation.
-
-> **Tip**: List all releases using `helm list`
-
-## Uninstalling the Chart
-
-To uninstall/delete the `my-release` deployment:
-
-```bash
-$ helm delete my-release
-```
-
-The command removes all the Kubernetes components associated with the chart and deletes the release.
-
-## Configuration
-
-The following table lists the configurable parameters of the Kafka Manager chart and their default values.
-
-Parameter | Description | Default
---------- | ----------- | -------
-`serviceAccount.create` | If true, create a service account for kafka-manager | `true`
-`serviceAccount.name` | Name of the service account to create or use | `{{ kafka-manager.fullname }}`
-`image.repository` | Container image repository | `zenko/kafka-manager`
-`image.tag` | Container image tag | `1.3.3.18`
-`image.pullPolicy` | Container image pull policy | `IfNotPresent`
-`zkHosts` | Zookeeper hosts required by the kafka-manager | `localhost:2181`
-`clusters` | Configuration of the clusters to manage | `{}`
-`applicationSecret` | Kafka-manager application secret | `""`
-`basicAuth.enabled` | If ture, enable basic authentication | `false`
-`basicAuth.username` | Username for basic auth | `admin`
-`basicAuth.password` | Paswword for basic auth | `""`
-`javaOptions` | Java runtime options | `""`
-`service.type` | Kafka-manager service type | `ClusterIP`
-`service.port` | Kafka-manager service port | `9000`
-`service.annotations` | Optional service annotations | `{}`
-`ingress.enabled` | If true, create an ingress resource | `false`
-`ingress.annotations` | Optional ingress annotations | `{}`
-`ingress.path` | Ingress path | `/`
-`ingress.hosts` | Ingress hostnames | `kafka-manager.local`
-`ingress.tls` | Ingress TLS configuration | `[]`
-`resources` | Pod resource requests and limits | `{}`
-`nodeSelector` | Node labels for pod assignment | `{}`
-`tolerations` | Tolerations for pod assignment | `[]`
-`affinity` | Affinity for pod assignment | `{}`
-`zookeeper.enabled` | If true, deploy Zookeeper | `false`
-`zookeeper.env` | Enviromental variables for Zookeeper | `ZK_HEAP_SIZE: "1G"`
-`zookeeper.persistence` | If true, enable persistence for Zookeeper | `false`
-
-Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
-
-```console
-$ helm install stable/kafka-manager --name my-release \
-    --set ingress.enabled=true
-```
-
-Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example,
-
-```console
-$ helm install stable/kafka-manager --name my-release -f values.yaml
-```
-
-> **Tip**: You can use the default [values.yaml](values.yaml)
+# kafka-manager
+
+![Version: 2.2.0](https://img.shields.io/badge/Version-2.2.0-informational?style=flat-square) ![AppVersion: 1.3.3.18](https://img.shields.io/badge/AppVersion-1.3.3.18-informational?style=flat-square)
+
+A tool for managing Apache Kafka.
+
+**Homepage:** <https://github.com/yahoo/kafka-manager>
+
+## Maintainers
+
+| Name | Email | Url |
+| ---- | ------ | --- |
+| giacomoguiulfo | <giacomoguiulfo@gmail.com> |  |
+| ssalaues | <salim.salaues@scality.com> |  |
+
+## Source Code
+
+* <https://github.com/yahoo/kafka-manager>
+
+## Requirements
+
+Kubernetes: `^1.8.0-0`
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| serviceAccount.create | bool | `true` |  |
+| serviceAccount.name | string | `""` |  |
+| clusters | string | `nil` |  |
+| applicationSecret | string | `""` |  |
+| basicAuth.enabled | bool | `false` |  |
+| basicAuth.username | string | `"admin"` |  |
+| basicAuth.password | string | `""` |  |
+| javaOptions | string | `""` |  |
+| service.type | string | `"ClusterIP"` |  |
+| service.port | int | `9000` |  |
+| service.annotations | object | `{}` |  |
+| resources.requests.cpu | string | `"100m"` |  |
+| resources.requests.memory | string | `"400Mi"` |  |
+| nodeSelector | object | `{}` |  |
+| tolerations | list | `[]` |  |
+| affinity | object | `{}` |  |
+| zookeeper | object | `{"enabled":false,"env":{"ZK_HEAP_SIZE":"1G"},"persistence":{"enabled":false}}` | ---------------------------------------------------------------------------- |
+| zkHosts | string | `"cp-zookeeper:2181"` |  |
+| image.repository | string | `"radarbase/kafka-manager"` |  |
+| image.tag | string | `"1.3.3.18"` |  |
+| image.pullPolicy | string | `"IfNotPresent"` |  |
+| imagePullSecrets | list | `[]` | Docker registry secret names as an array |
+| disable_tls | bool | `false` | Disable TLS (reconfigures Ingress and sets URLs to use HTTP) |
+| ingress.enabled | bool | `true` | Enable ingress controller resource |
+| ingress.annotations | object | check values.yaml | Annotations that define default ingress class, certificate issuer |
+| ingress.path | string | `"/kafkamanager/"` | Path within the url structure |
+| ingress.pathType | string | `"ImplementationSpecific"` |  |
+| ingress.hosts | list | `["localhost"]` | Hosts to accept requests from |
+| ingress.tls.secretName | string | `"radar-base-tls"` | TLS Secret Name |
+
+----------------------------------------------
+Autogenerated from chart metadata using [helm-docs v1.13.1](https://github.com/norwoodj/helm-docs/releases/v1.13.1)
diff --git a/charts/kafka-manager/templates/ingress.yaml b/charts/kafka-manager/templates/ingress.yaml
@@ -19,7 +19,7 @@ metadata:
     {{- toYaml . | nindent 4 }}
   {{- end }}
 spec:
-{{- if .Values.ingress.tls }}
+{{- if and .Values.ingress.tls (not .Values.disable_tls) }}
   tls:
     - hosts:
       {{- range $hosts }}

diff --git a/charts/kafka-manager/values.yaml b/charts/kafka-manager/values.yaml
@@ -146,6 +146,9 @@ image:
 # -- Docker registry secret names as an array
 imagePullSecrets: []
 
+# -- Disable TLS (reconfigures Ingress and sets URLs to use HTTP)
+disable_tls: false
+
 ingress:
   # -- Enable ingress controller resource
   enabled: true

diff --git a/charts/radar-appserver/Chart.yaml b/charts/radar-appserver/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: "2.4.1"
 description: A Helm chart for the backend application of RADAR-base Appserver
 name: radar-appserver
-version: 0.3.0
+version: 0.4.0
 icon: "http://radar-base.org/wp-content/uploads/2022/09/Logo_RADAR-Base-RGB.png"
 sources:
 - https://github.com/RADAR-base/radar-helm-charts/tree/main/charts/radar-appserver

diff --git a/charts/radar-appserver/README.md b/charts/radar-appserver/README.md
@@ -3,7 +3,7 @@
 # radar-appserver
 [![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/radar-appserver)](https://artifacthub.io/packages/helm/radar-base/radar-appserver)
 
-![Version: 0.3.0](https://img.shields.io/badge/Version-0.3.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.4.1](https://img.shields.io/badge/AppVersion-2.4.1-informational?style=flat-square)
+![Version: 0.4.0](https://img.shields.io/badge/Version-0.4.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.4.1](https://img.shields.io/badge/AppVersion-2.4.1-informational?style=flat-square)
 
 A Helm chart for the backend application of RADAR-base Appserver
 
@@ -41,6 +41,7 @@ A Helm chart for the backend application of RADAR-base Appserver
 | securityContext | object | `{}` | Configure radar-appserver containers' Security Context |
 | service.type | string | `"ClusterIP"` | Kubernetes Service type |
 | service.port | int | `8080` | radar-appserver port |
+| disable_tls | bool | `false` | Disable TLS (reconfigures Ingress and sets URLs to use HTTP) |
 | ingress.enabled | bool | `true` | Enable ingress controller resource |
 | ingress.annotations | object | check values.yaml | Annotations that define default ingress class, certificate issuer and session configuration |
 | ingress.path | string | `"/appserver/?(.*)"` | Path within the url structure |

diff --git a/charts/radar-appserver/templates/ingress.yaml b/charts/radar-appserver/templates/ingress.yaml
@@ -20,7 +20,7 @@ metadata:
   {{- end }}
 spec:
   ingressClassName: {{ .Values.ingress.ingressClassName | quote }}
-{{- if .Values.ingress.tls }}
+{{- if and .Values.ingress.tls (not .Values.disable_tls) }}
   tls:
     - hosts:
       {{- range $hosts }}

diff --git a/charts/radar-appserver/values.yaml b/charts/radar-appserver/values.yaml
@@ -41,6 +41,9 @@ service:
   # -- radar-appserver port
   port: 8080
 
+# -- Disable TLS (reconfigures Ingress and sets URLs to use HTTP)
+disable_tls: false
+
 ingress:
   # -- Enable ingress controller resource
   enabled: true

diff --git a/charts/radar-gateway/Chart.yaml b/charts/radar-gateway/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: "0.7.2"
 description: A Helm chart for RADAR-base gateway. REST Gateway to Kafka, for incoming participant data. It performs authentication, authorization, content validation and decompression. For more details of the configurations, see https://github.com/RADAR-base/RADAR-Gateway/blob/master/gateway.yml.
 name: radar-gateway
-version: 1.1.7
+version: 1.2.0
 icon: "http://radar-base.org/wp-content/uploads/2022/09/Logo_RADAR-Base-RGB.png"
 sources:
 - https://github.com/RADAR-base/radar-helm-charts/tree/main/charts/radar-gateway

diff --git a/charts/radar-gateway/README.md b/charts/radar-gateway/README.md
@@ -3,7 +3,7 @@
 # radar-gateway
 [![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/radar-gateway)](https://artifacthub.io/packages/helm/radar-base/radar-gateway)
 
-![Version: 1.1.7](https://img.shields.io/badge/Version-1.1.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.7.2](https://img.shields.io/badge/AppVersion-0.7.2-informational?style=flat-square)
+![Version: 1.2.0](https://img.shields.io/badge/Version-1.2.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.7.2](https://img.shields.io/badge/AppVersion-0.7.2-informational?style=flat-square)
 
 A Helm chart for RADAR-base gateway. REST Gateway to Kafka, for incoming participant data. It performs authentication, authorization, content validation and decompression. For more details of the configurations, see https://github.com/RADAR-base/RADAR-Gateway/blob/master/gateway.yml.
 
@@ -41,6 +41,7 @@ A Helm chart for RADAR-base gateway. REST Gateway to Kafka, for incoming partici
 | securityContext | object | `{}` | Configure radar-gateway containers' Security Context |
 | service.type | string | `"ClusterIP"` | Kubernetes Service type |
 | service.port | int | `8080` | radar-gateway port |
+| disable_tls | bool | `false` | Disable TLS (reconfigures Ingress and sets URLs to use HTTP) |
 | ingress.enabled | bool | `true` | Enable ingress controller resource |
 | ingress.annotations | object | check values.yaml | Annotations that define default ingress class, certificate issuer and deny access to sensitive URLs |
 | ingress.path | string | `"/kafka/?(.*)"` | Path within the url structure |

diff --git a/charts/radar-gateway/templates/ingress.yaml b/charts/radar-gateway/templates/ingress.yaml
@@ -20,7 +20,7 @@ metadata:
   {{- end }}
 spec:
   ingressClassName: {{ .Values.ingress.ingressClassName | quote }}
-{{- if .Values.ingress.tls }}
+{{- if and .Values.ingress.tls (not .Values.disable_tls) }}
   tls:
     - hosts:
       {{- range $hosts }}

diff --git a/charts/radar-gateway/values.yaml b/charts/radar-gateway/values.yaml
@@ -41,6 +41,9 @@ service:
   # -- radar-gateway port
   port: 8080
 
+# -- Disable TLS (reconfigures Ingress and sets URLs to use HTTP)
+disable_tls: false
+
 ingress:
   # -- Enable ingress controller resource
   enabled: true