Release FortiWebIngressController: 2.0.1

Signed-off-by: FTNT-HQCM <[email protected]>

charts/fwb-k8s-ctrl-1.0.0/values.yaml

@@ -1,7 +1,7 @@
-# Default values for fadc-k8s-ctrl.
+# Default values for fwb-k8s-ctrl.
 # This is a YAML-formatted file.
 # Declare variables to be passed into your templates.
-# FortiADC Ingress Controller image from Dockerhub.com
+# FortiWEB Ingress Controller image from Dockerhub.com
 image:
   repository: fortinet/fortiweb-ingress
   pullPolicy: IfNotPresent
@@ -41,7 +41,7 @@ tolerations:
 
 affinity: {}
 
-# Define Ingress Class for FortiADC Ingress Controller
+# Define Ingress Class for FortiWEB Ingress Controller
 controller:
   ingressClassResource:
     name: "fwb-ingress-controller"

charts/fwb-k8s-ctrl-1.0.1/values.yaml

@@ -1,7 +1,7 @@
-# Default values for fadc-k8s-ctrl.
+# Default values for fwb-k8s-ctrl.
 # This is a YAML-formatted file.
 # Declare variables to be passed into your templates.
-# FortiADC Ingress Controller image from Dockerhub.com
+# FortiWEB Ingress Controller image from Dockerhub.com
 image:
   repository: fortinet/fortiweb-ingress
   pullPolicy: IfNotPresent
@@ -41,7 +41,7 @@ tolerations:
 
 affinity: {}
 
-# Define Ingress Class for FortiADC Ingress Controller
+# Define Ingress Class for FortiWEB Ingress Controller
 controller:
   ingressClassResource:
     name: "fwb-ingress-controller"

charts/fwb-k8s-ctrl-1.0.2/values.yaml

@@ -1,7 +1,7 @@
-# Default values for fadc-k8s-ctrl.
+# Default values for fwb-k8s-ctrl.
 # This is a YAML-formatted file.
 # Declare variables to be passed into your templates.
-# FortiADC Ingress Controller image from Dockerhub.com
+# FortiWEB Ingress Controller image from Dockerhub.com
 image:
   repository: fortinet/fortiweb-ingress
   pullPolicy: IfNotPresent
@@ -41,7 +41,7 @@ tolerations:
 
 affinity: {}
 
-# Define Ingress Class for FortiADC Ingress Controller
+# Define Ingress Class for FortiWEB Ingress Controller
 controller:
   ingressClassResource:
     name: "fwb-ingress-controller"

charts/fwb-k8s-ctrl-2.0.0/values.yaml

@@ -1,7 +1,7 @@
-# Default values for fadc-k8s-ctrl.
+# Default values for fwb-k8s-ctrl.
 # This is a YAML-formatted file.
 # Declare variables to be passed into your templates.
-# FortiADC Ingress Controller image from Dockerhub.com
+# FortiWEB Ingress Controller image from Dockerhub.com
 image:
   repository: fortinet/fortiweb-ingress
   pullPolicy: IfNotPresent
@@ -41,7 +41,7 @@ tolerations:
 
 affinity: {}
 
-# Define Ingress Class for FortiADC Ingress Controller
+# Define Ingress Class for FortiWEB Ingress Controller
 controller:
   ingressClassResource:
     name: "fwb-ingress-controller"

charts/fwb-k8s-ctrl-2.0.1/Chart.yaml

@@ -0,0 +1,7 @@
+apiVersion: v2
+name: fwb-k8s-ctrl
+version: 2.0.1
+kubeVersion: ">= 1.19.8-0, <= 1.30-0"
+description: A Helm chart for FortiWeb Ingress Controller
+type: application
+appVersion: "2.0.1"

charts/fwb-k8s-ctrl-2.0.1/templates/_helpers.tpl

@@ -0,0 +1,62 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "fwb-k8s-ctrl.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "fwb-k8s-ctrl.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "fwb-k8s-ctrl.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "fwb-k8s-ctrl.labels" -}}
+helm.sh/chart: {{ include "fwb-k8s-ctrl.chart" . }}
+{{ include "fwb-k8s-ctrl.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "fwb-k8s-ctrl.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "fwb-k8s-ctrl.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "fwb-k8s-ctrl.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "fwb-k8s-ctrl.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}

charts/fwb-k8s-ctrl-2.0.1/templates/deployment.yaml

@@ -0,0 +1,42 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "fwb-k8s-ctrl.fullname" . }}
+  labels:
+    {{- include "fwb-k8s-ctrl.labels" . | nindent 4 }}
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      {{- include "fwb-k8s-ctrl.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      {{- with .Values.podAnnotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      labels:
+        {{- include "fwb-k8s-ctrl.selectorLabels" . | nindent 8 }}
+    spec:
+      serviceAccountName: {{ .Values.serviceAccount.name }}
+      securityContext:
+        {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      containers:
+        - name: {{ .Chart.Name }}
+          securityContext:
+            {{- toYaml .Values.securityContext | nindent 12 }}
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}

charts/fwb-k8s-ctrl-2.0.1/templates/ingressclass.yaml

@@ -0,0 +1,14 @@
+{{- if .Values.controller.ingressClassResource.enabled -}}
+# We don't support namespaced ingressClass yet
+# So a ClusterRole and a ClusterRoleBinding is required
+apiVersion: networking.k8s.io/v1
+kind: IngressClass
+metadata:
+  name: {{ .Values.controller.ingressClassResource.name }}
+{{- if .Values.controller.ingressClassResource.default }}
+  annotations:
+    ingressclass.kubernetes.io/is-default-class: "true"
+{{- end }}
+spec:
+  controller: {{ .Values.controller.ingressClassResource.controllerValue }}
+{{- end }}

charts/fwb-k8s-ctrl-2.0.1/templates/rbac.yaml

@@ -0,0 +1,48 @@
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ include "fwb-k8s-ctrl.serviceAccountName" . }}
+rules:
+- apiGroups: [""]
+  resources: ["pods", "services", "nodes", "endpoints", "secrets"]
+  verbs: ["get", "watch", "list", "update"]
+- apiGroups:
+  - networking.k8s.io
+  resources:
+  - ingresses
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - networking.k8s.io
+  resources:
+  - ingressclasses
+  verbs:
+  - get
+  - list
+- apiGroups:
+  - networking.k8s.io
+  resources:
+  - ingresses/status
+  verbs:
+  - update
+- apiGroups:
+  - extensions
+  resources:
+  - ingresses/status
+  verbs:
+  - update
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ include "fwb-k8s-ctrl.serviceAccountName" . }}
+subjects:
+- kind: ServiceAccount
+  name: {{ include "fwb-k8s-ctrl.serviceAccountName" . }}
+  namespace: {{ .Release.Namespace }}
+roleRef:
+  kind: ClusterRole
+  name: {{ include "fwb-k8s-ctrl.serviceAccountName" . }}
+  apiGroup: rbac.authorization.k8s.io

charts/fwb-k8s-ctrl-2.0.1/templates/serviceaccount.yaml

@@ -0,0 +1,14 @@
+{{- if .Values.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "fwb-k8s-ctrl.serviceAccountName" . }}
+  #namespace: kube-system
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "fwb-k8s-ctrl.labels" . | nindent 4 }}
+  {{- with .Values.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+{{- end }}

charts/fwb-k8s-ctrl-2.0.1/values.yaml

@@ -0,0 +1,50 @@
+# Default values for fwb-k8s-ctrl.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+# FortiWEB Ingress Controller image from Dockerhub.com
+image:
+  repository: fortinet/fortiweb-ingress
+  pullPolicy: IfNotPresent
+  tag: "2.0.1"
+
+nameOverride: ""
+fullnameOverride: ""
+
+serviceAccount:
+  create: true
+  annotations: {}
+  name: "fortiweb-ingress"
+
+podAnnotations: {}
+
+podSecurityContext: {}
+
+securityContext: {}
+  # capabilities:
+  #   drop:
+  #   - ALL
+  # readOnlyRootFilesystem: true
+  # runAsNonRoot: true
+  # runAsUser: 1000
+
+nodeSelector: {}
+
+tolerations:
+  - effect: "NoExecute"
+    key: "node.kubernetes.io/not-ready"
+    operator: "Exists"
+    tolerationSeconds: 30
+  - effect: "NoExecute"
+    key: "node.kubernetes.io/unreachable"
+    operator: "Exists"
+    tolerationSeconds: 30
+
+affinity: {}
+
+# Define Ingress Class for FortiWEB Ingress Controller
+controller:
+  ingressClassResource:
+    name: "fwb-ingress-controller"
+    enabled: true
+    default: true
+    controllerValue: "fortinet.com/fwb-ingress-controller"

docs/index.yaml

@@ -2,19 +2,19 @@ apiVersion: v1
 entries:
   fwb-k8s-ctrl:
   - apiVersion: v2
-    appVersion: 2.0.0
-    created: "2024-07-02T15:06:55.024314685-07:00"
+    appVersion: 2.0.1
+    created: "2024-09-12T15:42:38.148627821-07:00"
     description: A Helm chart for FortiWeb Ingress Controller
-    digest: a5d95b3fd784e6e373e919c4b9c27568b7e8b0a4bbb851ff894efc8fab3adc6f
-    kubeVersion: '>= 1.19.8-0, <= 1.29-0'
+    digest: 26450ff51cd871e739f4c9ee0974efe1136695ab2edc7813398076a6d1009b3a
+    kubeVersion: '>= 1.19.8-0, <= 1.30-0'
     name: fwb-k8s-ctrl
     type: application
     urls:
-    - https://github.com/fortinet/fortiweb-ingress/raw/main/docs/fwb-k8s-ctrl-2.0.0.tgz
-    version: 2.0.0
+    - https://github.com/fortinet/fortiweb-ingress/raw/main/docs/fwb-k8s-ctrl-2.0.1.tgz
+    version: 2.0.1
   - apiVersion: v2
     appVersion: 1.0.0-1
-    created: "2024-07-02T15:06:55.023714088-07:00"
+    created: "2024-09-12T15:42:38.148092045-07:00"
     description: A Helm chart for FortiWeb Ingress Controller
     digest: d9728e6c7cc4349b1da01c99a29e75bc31e10235ecfd2f72b5cb182e47dafdba
     kubeVersion: '>= 1.19.8-0, <= 1.27-0'
@@ -23,4 +23,4 @@ entries:
     urls:
     - https://github.com/fortinet/fortiweb-ingress/raw/main/docs/fwb-k8s-ctrl-1.0.0-1.tgz
     version: 1.0.0-1
-generated: "2024-07-02T15:06:55.022793554-07:00"
+generated: "2024-09-12T15:42:38.147133224-07:00"

ingress_examples/cr_with_web_profile.yaml

@@ -0,0 +1,41 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: cr-with-web-profile
+  annotations: {
+    "fortiweb-ip" : "172.23.133.148",
+    "fortiweb-port" : "443",
+    "fortiweb-login" : "fad-login1",
+    "fortiweb-ctrl-log" : "enable",
+    "virtual-server-ip" : "192.168.0.9",
+    "virtual-server-addr-type" : "ipv4",
+    "virtual-server-interface" : "port3",
+    "virtual_server_profile" : "just_a_test",
+    "server-policy-web-protection-profile" : "Inline Standard Protection",
+    "server-policy-https-service" : "HTTPS",
+    "server-policy-http-service" : "HTTP",
+    "server-policy-syn-cookie" : "enable",
+    "server-policy-http-to-https" : "disable",
+    "content-routing-web-protect-profile" : "test.com_service1:Inline Alert Only,test.com_service2:Inline Alert Only"
+  }
+spec:
+  ingressClassName: fwb-ingress-controller
+  rules:
+  - host: test.com
+    http:
+      paths:
+      - path: /info
+        pathType: Prefix
+        backend:
+          service:
+            name: service2
+            port:
+              number: 1243
+      - path: /test
+        pathType: Prefix
+        backend:
+          service:
+            name: service1
+            port:
+              number: 1241
+