This is an automated email from the ASF dual-hosted git repository. tiagobento pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/incubator-kie-tools.git
The following commit(s) were added to refs/heads/main by this push:
new d8e217aeeee [incubator-kie-issues#2287] CORS Proxy: Add optional TLS
support (#3554)
d8e217aeeee is described below
commit d8e217aeeee739c77f825465cfea89b725461205
Author: Abhiram Gundala <[email protected]>
AuthorDate: Mon May 11 14:31:28 2026 -0400
[incubator-kie-issues#2287] CORS Proxy: Add optional TLS support (#3554)
---
packages/cors-proxy/env/index.js | 10 +++
packages/cors-proxy/package.json | 4 +-
packages/cors-proxy/src/index.ts | 2 +
packages/cors-proxy/src/proxy/server.ts | 18 ++++-
packages/cors-proxy/tests/server.test.ts | 10 +++
packages/kie-sandbox-helm-chart/README.md | 87 ++++++++++++----------
packages/kie-sandbox-helm-chart/src/README.md | 87 ++++++++++++----------
.../src/charts/cors_proxy/README.md | 31 ++++----
.../cors_proxy/templates/deployment.yaml.helm | 29 ++++++++
.../src/charts/cors_proxy/values.yaml | 16 ++++
10 files changed, 196 insertions(+), 98 deletions(-)
diff --git a/packages/cors-proxy/env/index.js b/packages/cors-proxy/env/index.js
index 4703529f6d1..488224785ec 100644
--- a/packages/cors-proxy/env/index.js
+++ b/packages/cors-proxy/env/index.js
@@ -42,6 +42,14 @@ module.exports =
composeEnv([require("@kie-tools/root-env/env")], {
description:
"Comma-separated list of allowed host patterns. Supports wildcards
(e.g., '*.target.example.com,*.github.com').",
},
+ CORS_PROXY__tlsCertificate: {
+ default: "",
+ description: "Path to TLS certificate file for HTTPS. If empty, the
proxy runs in HTTP mode.",
+ },
+ CORS_PROXY__tlsKey: {
+ default: "",
+ description: "Path to TLS private key file for HTTPS. If empty, the
proxy runs in HTTP mode.",
+ },
}),
get env() {
return {
@@ -52,6 +60,8 @@ module.exports =
composeEnv([require("@kie-tools/root-env/env")], {
verbose: getOrDefault(this.vars.CORS_PROXY__verbose),
useHttpForHosts: getOrDefault(this.vars.CORS_PROXY__useHttpForHosts),
allowedHosts: getOrDefault(this.vars.CORS_PROXY__allowedHosts),
+ tlsCertificate: getOrDefault(this.vars.CORS_PROXY__tlsCertificate),
+ tlsKey: getOrDefault(this.vars.CORS_PROXY__tlsKey),
},
},
};
diff --git a/packages/cors-proxy/package.json b/packages/cors-proxy/package.json
index 44d3f17223a..1b51add43ff 100644
--- a/packages/cors-proxy/package.json
+++ b/packages/cors-proxy/package.json
@@ -21,8 +21,8 @@
"build:prod": "pnpm lint && pnpm test && rimraf dist && webpack",
"lint": "run-script-if --bool \"$(build-env linters.run)\" --then
\"kie-tools--eslint ./src\"",
"start": "run-script-os",
- "start:darwin:linux": "pnpm build:dev && cross-env
CORS_PROXY_USE_HTTP_FOR_HOSTS=$(build-env corsProxy.dev.useHttpForHosts)
CORS_PROXY_HTTP_PORT=$(build-env corsProxy.dev.port)
CORS_PROXY_ALLOWED_ORIGINS=$(build-env corsProxy.dev.allowedOrigins)
CORS_PROXY_VERBOSE=$(build-env corsProxy.dev.verbose)
CORS_PROXY_ALLOWED_HOSTS=$(build-env corsProxy.dev.allowedHosts) node
dist/index.js",
- "start:win32": "pnpm build:dev && pnpm powershell \"cross-env
CORS_PROXY_USE_HTTP_FOR_HOSTS=$(build-env corsProxy.dev.useHttpForHosts)
CORS_PROXY_HTTP_PORT=$(build-env corsProxy.dev.port)
CORS_PROXY_ALLOWED_ORIGINS=$(build-env corsProxy.dev.allowedOrigins)
CORS_PROXY_VERBOSE=$(build-env corsProxy.dev.verbose)
CORS_PROXY_ALLOWED_HOSTS=$(build-env corsProxy.dev.allowedHosts) node
dist/index.js\"",
+ "start:darwin:linux": "pnpm build:dev && cross-env
CORS_PROXY_USE_HTTP_FOR_HOSTS=$(build-env corsProxy.dev.useHttpForHosts)
CORS_PROXY_HTTP_PORT=$(build-env corsProxy.dev.port)
CORS_PROXY_ALLOWED_ORIGINS=$(build-env corsProxy.dev.allowedOrigins)
CORS_PROXY_VERBOSE=$(build-env corsProxy.dev.verbose)
CORS_PROXY_ALLOWED_HOSTS=$(build-env corsProxy.dev.allowedHosts)
CORS_PROXY_TLS_CERTIFICATE_PATH=$(build-env corsProxy.dev.tlsCertificate)
CORS_PROXY_TLS_KEY_PATH=$(build-env corsProxy.dev [...]
+ "start:win32": "pnpm build:dev && pnpm powershell \"cross-env
CORS_PROXY_USE_HTTP_FOR_HOSTS=$(build-env corsProxy.dev.useHttpForHosts)
CORS_PROXY_HTTP_PORT=$(build-env corsProxy.dev.port)
CORS_PROXY_ALLOWED_ORIGINS=$(build-env corsProxy.dev.allowedOrigins)
CORS_PROXY_VERBOSE=$(build-env corsProxy.dev.verbose)
CORS_PROXY_ALLOWED_HOSTS=$(build-env corsProxy.dev.allowedHosts)
CORS_PROXY_TLS_CERTIFICATE_PATH=$(build-env corsProxy.dev.tlsCertificate)
CORS_PROXY_TLS_KEY_PATH=$(build-env co [...]
"test": "run-script-if --ignore-errors \"$(build-env
tests.ignoreFailures)\" --bool \"$(build-env tests.run)\" --then \"jest
--silent --verbose --passWithNoTests\""
},
"dependencies": {
diff --git a/packages/cors-proxy/src/index.ts b/packages/cors-proxy/src/index.ts
index 7caec5711f0..20e77e47b33 100644
--- a/packages/cors-proxy/src/index.ts
+++ b/packages/cors-proxy/src/index.ts
@@ -61,6 +61,8 @@ export const run = () => {
startServer({
allowedOrigins: getAllowedOrigins(),
port: getPort(),
+ tlsCertificate: process.env.CORS_PROXY_TLS_CERTIFICATE_PATH ?? "",
+ tlsKey: process.env.CORS_PROXY_TLS_KEY_PATH ?? "",
verbose: process.env.CORS_PROXY_VERBOSE === "true",
hostsToUseHttp: (process.env.CORS_PROXY_USE_HTTP_FOR_HOSTS ||
undefined)?.split(",") ?? [],
allowedHosts: getAllowedHosts(),
diff --git a/packages/cors-proxy/src/proxy/server.ts
b/packages/cors-proxy/src/proxy/server.ts
index a74dc68cd75..8cd859389ee 100644
--- a/packages/cors-proxy/src/proxy/server.ts
+++ b/packages/cors-proxy/src/proxy/server.ts
@@ -18,6 +18,8 @@
*/
import * as express from "express";
+import * as https from "https";
+import * as fs from "fs";
import * as cors from "cors";
import { ExpressCorsProxy } from "./ExpressCorsProxy";
@@ -25,6 +27,8 @@ import { ExpressCorsProxy } from "./ExpressCorsProxy";
export type ServerArgs = {
allowedOrigins: string[];
port: number;
+ tlsCertificate: string;
+ tlsKey: string;
verbose: boolean;
hostsToUseHttp: string[];
allowedHosts: string[];
@@ -97,5 +101,17 @@ export const startServer = (args: ServerArgs): void => {
</html>`);
});
- app.listen(args.port, () => console.log(`CORS proxy listening at port
${args.port}`));
+ if (args.tlsCertificate && args.tlsKey) {
+ https
+ .createServer(
+ {
+ cert: fs.readFileSync(args.tlsCertificate),
+ key: fs.readFileSync(args.tlsKey),
+ },
+ app
+ )
+ .listen(args.port, () => console.log(`CORS proxy listening at port
${args.port} (HTTPS)`));
+ } else {
+ app.listen(args.port, () => console.log(`CORS proxy listening at port
${args.port}`));
+ }
};
diff --git a/packages/cors-proxy/tests/server.test.ts
b/packages/cors-proxy/tests/server.test.ts
index 5678134ede1..98bef2bd5eb 100644
--- a/packages/cors-proxy/tests/server.test.ts
+++ b/packages/cors-proxy/tests/server.test.ts
@@ -43,6 +43,8 @@ describe("CORS handler logic test", () => {
const args: ServerArgs = {
allowedOrigins: ["http://localhost:9000";],
port: 8080,
+ tlsCertificate: "",
+ tlsKey: "",
verbose: false,
hostsToUseHttp: [],
allowedHosts: ["localhost"],
@@ -76,6 +78,8 @@ describe("CORS handler logic test", () => {
const args: ServerArgs = {
allowedOrigins: ["http://localhost:9000";],
port: 8080,
+ tlsCertificate: "",
+ tlsKey: "",
verbose: false,
hostsToUseHttp: [],
allowedHosts: ["localhost"],
@@ -113,6 +117,8 @@ describe("CORS handler logic test", () => {
const args: ServerArgs = {
allowedOrigins: ["http://example.com";, "http://staging.example.com";],
port: 8080,
+ tlsCertificate: "",
+ tlsKey: "",
verbose: false,
hostsToUseHttp: [],
allowedHosts: ["localhost"],
@@ -147,6 +153,8 @@ describe("CORS handler logic test", () => {
const args: ServerArgs = {
allowedOrigins: ["http://example.com";, "http://staging.example.com";],
port: 8080,
+ tlsCertificate: "",
+ tlsKey: "",
verbose: false,
hostsToUseHttp: [],
allowedHosts: ["localhost"],
@@ -180,6 +188,8 @@ describe("CORS handler logic test", () => {
const args: ServerArgs = {
allowedOrigins: ["http://localhost:9000";],
port: 8080,
+ tlsCertificate: "",
+ tlsKey: "",
verbose: false,
hostsToUseHttp: [],
allowedHosts: ["localhost"],
diff --git a/packages/kie-sandbox-helm-chart/README.md
b/packages/kie-sandbox-helm-chart/README.md
index af6f078f908..1df35f5252e 100644
--- a/packages/kie-sandbox-helm-chart/README.md
+++ b/packages/kie-sandbox-helm-chart/README.md
@@ -214,47 +214,52 @@ The following table lists the configurable parameters of
the KIE Sandbox chart a
<!-- CHART_VALUES_README -->
-| Key | Type | Default
| Description
|
-| ---------------------------------- | ------ |
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
|
-----------------------------------------------------------------------------------------------------------------------------------------------
|
-| global.ingressSource | string | `""`
| Which ingress source
is being used (none/"minikube"/"kubernetes"/"openshift") Obs.: For NOTES
generation only |
-| global.kubernetesClusterDomain | string | `""`
| If using Minikube or
Kubernetes, set the cluster domain
|
-| global.kubernetesIngressClass | string | `""`
| If using Minikube or
Kubernetes, set the Ingress class (i.e: nginx)
|
-| global.openshiftRouteDomain | string | `""`
| If using OpenShift
Routes, set the Route domain
|
-| fullnameOverride | string | `""`
| Overrides charts full
name
|
-| nameOverride | string | `""`
| Overrides charts name
|
-| cors_proxy.autoscaling | object |
`{"enabled":false,"maxReplicas":100,"minReplicas":1,"targetCPUUtilizationPercentage":80}`
|
CORS Proxy HorizontalPodAutoscaler configuration
(https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/)
|
-| cors_proxy.fullnameOverride | string | `""`
| Overrides charts full
name
|
-| cors_proxy.image | object |
`{"account":"apache","name":"incubator-kie-cors-proxy","pullPolicy":"IfNotPresent","registry":"docker.io","tag":"main"}`
| Image source configuration for
the CORS Proxy image
|
-| cors_proxy.imagePullSecrets | list | `[]`
| Pull secrets used
when pulling CORS Proxy image
|
-| cors_proxy.ingress | object |
`{"annotations":{},"className":"{{ .Values.global.kubernetesIngressClass
}}","enabled":false,"hosts":[{"host":"cors-proxy.{{
.Values.global.kubernetesClusterDomain
}}","paths":[{"path":"/","pathType":"ImplementationSpecific"}]}],"tls":[]}`
| CORS Proxy Ingress configuration
(https://kubernetes.io/docs/concepts/services-networking/ingress/)
|
-| cors_proxy.name | string | `"cors-proxy"`
| The CORS Proxy
application name
|
-| cors_proxy.nameOverride | string | `""`
| Overrides charts name
|
-| cors_proxy.nodeSelector | object | `{}`
|
|
-| cors_proxy.openshiftRoute | object |
`{"annotations":{},"enabled":false,"host":"cors-proxy.{{
.Values.global.openshiftRouteDomain
}}","tls":{"insecureEdgeTerminationPolicy":"None","termination":"edge"}}`
|
CORS Proxy OpenShift Route configuration
(https://docs.openshift.com/container-platform/4.14/networking/routes/route-configuration.html)
|
-| cors_proxy.service | object |
`{"nodePort":"","port":8080,"type":"ClusterIP"}`
| CORS Proxy Service configuration
(https://kubernetes.io/docs/concepts/services-networking/service/)
|
-| cors_proxy.serviceAccount | object |
`{"annotations":{},"create":true,"name":""}`
| CORS Proxy ServiceAccount configuration
(https://kubernetes.io/docs/concepts/security/service-accounts/)
|
-| extended_services.autoscaling | object |
`{"enabled":false,"maxReplicas":100,"minReplicas":1,"targetCPUUtilizationPercentage":80}`
|
Extended Services HorizontalPodAutoscaler configuration
(https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/)
|
-| extended_services.fullnameOverride | string | `""`
| Overrides charts full
name
|
-| extended_services.image | object |
`{"account":"apache","name":"incubator-kie-sandbox-extended-services","pullPolicy":"IfNotPresent","registry":"docker.io","tag":"main"}`
| Image source configuration for the Extended
Services image
|
-| extended_services.imagePullSecrets | list | `[]`
| Pull secrets used
when pulling Extended Services image
|
-| extended_services.ingress | object |
`{"annotations":{},"className":"{{ .Values.global.kubernetesIngressClass
}}","enabled":false,"hosts":[{"host":"extended-services.{{
.Values.global.kubernetesClusterDomain
}}","paths":[{"path":"/","pathType":"ImplementationSpecific"}]}],"tls":[]}` |
Extended Services Ingress configuration
(https://kubernetes.io/docs/concepts/services-networking/ingress/)
|
-| extended_services.name | string | `"extended-services"`
| The Extended Services
application name
|
-| extended_services.nameOverride | string | `""`
| Overrides charts name
|
-| extended_services.nodeSelector | object | `{}`
|
|
-| extended_services.openshiftRoute | object |
`{"annotations":{},"enabled":false,"host":"extended-services.{{
.Values.global.openshiftRouteDomain
}}","tls":{"insecureEdgeTerminationPolicy":"None","termination":"edge"}}`
| Extended
Services OpenShift Route configuration
(https://docs.openshift.com/container-platform/4.14/networking/routes/route-configuration.html)
|
-| extended_services.service | object |
`{"nodePort":"","port":21345,"type":"ClusterIP"}`
| Extended Services Service configuration
(https://kubernetes.io/docs/concepts/services-networking/service/)
|
-| extended_services.serviceAccount | object |
`{"annotations":{},"create":true,"name":""}`
| Extended Services ServiceAccount configuration
(https://kubernetes.io/docs/concepts/security/service-accounts/)
|
-| kie_sandbox.autoscaling | object |
`{"enabled":false,"maxReplicas":100,"minReplicas":1,"targetCPUUtilizationPercentage":80}`
|
KIE Sandbox HorizontalPodAutoscaler configuration
(https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/)
|
-| kie_sandbox.env | list |
`[{"name":"KIE_SANDBOX_EXTENDED_SERVICES_URL","value":"http://127.0.0.1:21345"},{"name":"KIE_SANDBOX_CORS_PROXY_URL","value":"http://127.0.0.1:8081"}]`
| Env variables for KIE Sandbox deployment
|
-| kie_sandbox.fullnameOverride | string | `""`
| Overrides charts full
name
|
-| kie_sandbox.image | object |
`{"account":"apache","name":"incubator-kie-sandbox-webapp","pullPolicy":"IfNotPresent","registry":"docker.io","tag":"main"}`
| Image source configuration for the
KIE Sandbox image
|
-| kie_sandbox.imagePullSecrets | list | `[]`
| Pull secrets used
when pulling KIE Sandbox image
|
-| kie_sandbox.ingress | object |
`{"annotations":{},"className":"{{ .Values.global.kubernetesIngressClass
}}","enabled":false,"hosts":[{"host":"kie-sandbox.{{
.Values.global.kubernetesClusterDomain
}}","paths":[{"path":"/","pathType":"ImplementationSpecific"}]}],"tls":[]}`
| KIE Sandbox Ingress configuration
(https://kubernetes.io/docs/concepts/services-networking/ingress/)
|
-| kie_sandbox.name | string | `"kie-sandbox"`
| The KIE Sandbox
application name
|
-| kie_sandbox.nameOverride | string | `""`
| Overrides charts name
|
-| kie_sandbox.openshiftRoute | object |
`{"annotations":{},"enabled":false,"host":"kie-sandbox.{{
.Values.global.openshiftRouteDomain
}}","tls":{"insecureEdgeTerminationPolicy":"None","termination":"edge"}}`
| KIE
Sandbox OpenShift Route configuration
(https://docs.openshift.com/container-platform/4.14/networking/routes/route-configuration.html)
|
-| kie_sandbox.service | object |
`{"nodePort":"","port":8080,"type":"ClusterIP"}`
| KIE Sandbox Service configuration
(https://kubernetes.io/docs/concepts/services-networking/service/)
|
-| kie_sandbox.serviceAccount | object |
`{"annotations":{},"create":true,"name":""}`
| KIE Sandbox ServiceAccount configuration
(https://kubernetes.io/docs/concepts/security/service-accounts/)
|
+| Key | Type | Default
| Description
[...]
+| ---------------------------------- | ------ |
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
|
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
[...]
+| global.ingressSource | string | `""`
| Which ingress source
is being used (none/"minikube"/"kubernetes"/"openshift") Obs.: For NOTES
generation only
[...]
+| global.kubernetesClusterDomain | string | `""`
| If using Minikube or
Kubernetes, set the cluster domain
[...]
+| global.kubernetesIngressClass | string | `""`
| If using Minikube or
Kubernetes, set the Ingress class (i.e: nginx)
[...]
+| global.openshiftRouteDomain | string | `""`
| If using OpenShift
Routes, set the Route domain
[...]
+| fullnameOverride | string | `""`
| Overrides charts full
name
[...]
+| nameOverride | string | `""`
| Overrides charts name
[...]
+| cors_proxy.autoscaling | object |
`{"enabled":false,"maxReplicas":100,"minReplicas":1,"targetCPUUtilizationPercentage":80}`
|
CORS Proxy HorizontalPodAutoscaler configuration
(https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/)
[...]
+| cors_proxy.fullnameOverride | string | `""`
| Overrides charts full
name
[...]
+| cors_proxy.image | object |
`{"account":"apache","name":"incubator-kie-cors-proxy","pullPolicy":"IfNotPresent","registry":"docker.io","tag":"main"}`
| Image source configuration for
the CORS Proxy image
[...]
+| cors_proxy.imagePullSecrets | list | `[]`
| Pull secrets used
when pulling CORS Proxy image
[...]
+| cors_proxy.ingress | object |
`{"annotations":{},"className":"{{ .Values.global.kubernetesIngressClass
}}","enabled":false,"hosts":[{"host":"cors-proxy.{{
.Values.global.kubernetesClusterDomain
}}","paths":[{"path":"/","pathType":"ImplementationSpecific"}]}],"tls":[]}`
| CORS Proxy Ingress configuration
(https://kubernetes.io/docs/concepts/services-networking/ingress/)
[...]
+| cors_proxy.name | string | `"cors-proxy"`
| The CORS Proxy
application name
[...]
+| cors_proxy.nameOverride | string | `""`
| Overrides charts name
[...]
+| cors_proxy.nodeSelector | object | `{}`
|
[...]
+| cors_proxy.openshiftRoute | object |
`{"annotations":{},"enabled":false,"host":"cors-proxy.{{
.Values.global.openshiftRouteDomain
}}","tls":{"insecureEdgeTerminationPolicy":"None","termination":"edge"}}`
|
CORS Proxy OpenShift Route configuration
(https://docs.openshift.com/container-platform/4.14/networking/routes/route-configuration.html)
[...]
+| cors_proxy.service | object |
`{"nodePort":"","port":8080,"type":"ClusterIP"}`
| CORS Proxy Service configuration
(https://kubernetes.io/docs/concepts/services-networking/service/)
[...]
+| cors_proxy.serviceAccount | object |
`{"annotations":{},"create":true,"name":""}`
| CORS Proxy ServiceAccount configuration
(https://kubernetes.io/docs/concepts/security/service-accounts/)
[...]
+| cors_proxy.tls | object |
`{"certPath":"/etc/tls/tls.crt","enabled":false,"keyPath":"/etc/tls/tls.key","mountPath":"/etc/tls","secretName":""}`
| CORS Proxy in-container TLS
configuration. When enabled, mounts a Kubernetes TLS Secret into the container
and the Node.js server serves HTTPS on service.port. Intended for use with
OpenShift pas [...]
+| cors_proxy.tls.certPath | string | `"/etc/tls/tls.crt"`
| Path to the TLS
certificate file inside the container (consumed by
CORS_PROXY_TLS_CERTIFICATE_PATH).
[...]
+| cors_proxy.tls.keyPath | string | `"/etc/tls/tls.key"`
| Path to the TLS
private key file inside the container (consumed by CORS_PROXY_TLS_KEY_PATH).
[...]
+| cors_proxy.tls.mountPath | string | `"/etc/tls"`
| Mount path for the
TLS Secret inside the container.
[...]
+| cors_proxy.tls.secretName | string | `""`
| Name of the
Kubernetes TLS Secret (type: kubernetes.io/tls) to mount. Required when
tls.enabled is true.
[...]
+| extended_services.autoscaling | object |
`{"enabled":false,"maxReplicas":100,"minReplicas":1,"targetCPUUtilizationPercentage":80}`
|
Extended Services HorizontalPodAutoscaler configuration
(https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/)
[...]
+| extended_services.fullnameOverride | string | `""`
| Overrides charts full
name
[...]
+| extended_services.image | object |
`{"account":"apache","name":"incubator-kie-sandbox-extended-services","pullPolicy":"IfNotPresent","registry":"docker.io","tag":"main"}`
| Image source configuration for the Extended
Services image
[...]
+| extended_services.imagePullSecrets | list | `[]`
| Pull secrets used
when pulling Extended Services image
[...]
+| extended_services.ingress | object |
`{"annotations":{},"className":"{{ .Values.global.kubernetesIngressClass
}}","enabled":false,"hosts":[{"host":"extended-services.{{
.Values.global.kubernetesClusterDomain
}}","paths":[{"path":"/","pathType":"ImplementationSpecific"}]}],"tls":[]}` |
Extended Services Ingress configuration
(https://kubernetes.io/docs/concepts/services-networking/ingress/)
[...]
+| extended_services.name | string | `"extended-services"`
| The Extended Services
application name
[...]
+| extended_services.nameOverride | string | `""`
| Overrides charts name
[...]
+| extended_services.nodeSelector | object | `{}`
|
[...]
+| extended_services.openshiftRoute | object |
`{"annotations":{},"enabled":false,"host":"extended-services.{{
.Values.global.openshiftRouteDomain
}}","tls":{"insecureEdgeTerminationPolicy":"None","termination":"edge"}}`
| Extended
Services OpenShift Route configuration
(https://docs.openshift.com/container-platform/4.14/networking/routes/route-configuration.html)
[...]
+| extended_services.service | object |
`{"nodePort":"","port":21345,"type":"ClusterIP"}`
| Extended Services Service configuration
(https://kubernetes.io/docs/concepts/services-networking/service/)
[...]
+| extended_services.serviceAccount | object |
`{"annotations":{},"create":true,"name":""}`
| Extended Services ServiceAccount configuration
(https://kubernetes.io/docs/concepts/security/service-accounts/)
[...]
+| kie_sandbox.autoscaling | object |
`{"enabled":false,"maxReplicas":100,"minReplicas":1,"targetCPUUtilizationPercentage":80}`
|
KIE Sandbox HorizontalPodAutoscaler configuration
(https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/)
[...]
+| kie_sandbox.env | list |
`[{"name":"KIE_SANDBOX_EXTENDED_SERVICES_URL","value":"http://127.0.0.1:21345"},{"name":"KIE_SANDBOX_CORS_PROXY_URL","value":"http://127.0.0.1:8081"}]`
| Env variables for KIE Sandbox deployment
[...]
+| kie_sandbox.fullnameOverride | string | `""`
| Overrides charts full
name
[...]
+| kie_sandbox.image | object |
`{"account":"apache","name":"incubator-kie-sandbox-webapp","pullPolicy":"IfNotPresent","registry":"docker.io","tag":"main"}`
| Image source configuration for the
KIE Sandbox image
[...]
+| kie_sandbox.imagePullSecrets | list | `[]`
| Pull secrets used
when pulling KIE Sandbox image
[...]
+| kie_sandbox.ingress | object |
`{"annotations":{},"className":"{{ .Values.global.kubernetesIngressClass
}}","enabled":false,"hosts":[{"host":"kie-sandbox.{{
.Values.global.kubernetesClusterDomain
}}","paths":[{"path":"/","pathType":"ImplementationSpecific"}]}],"tls":[]}`
| KIE Sandbox Ingress configuration
(https://kubernetes.io/docs/concepts/services-networking/ingress/)
[...]
+| kie_sandbox.name | string | `"kie-sandbox"`
| The KIE Sandbox
application name
[...]
+| kie_sandbox.nameOverride | string | `""`
| Overrides charts name
[...]
+| kie_sandbox.openshiftRoute | object |
`{"annotations":{},"enabled":false,"host":"kie-sandbox.{{
.Values.global.openshiftRouteDomain
}}","tls":{"insecureEdgeTerminationPolicy":"None","termination":"edge"}}`
| KIE
Sandbox OpenShift Route configuration
(https://docs.openshift.com/container-platform/4.14/networking/routes/route-configuration.html)
[...]
+| kie_sandbox.service | object |
`{"nodePort":"","port":8080,"type":"ClusterIP"}`
| KIE Sandbox Service configuration
(https://kubernetes.io/docs/concepts/services-networking/service/)
[...]
+| kie_sandbox.serviceAccount | object |
`{"annotations":{},"create":true,"name":""}`
| KIE Sandbox ServiceAccount configuration
(https://kubernetes.io/docs/concepts/security/service-accounts/)
[...]
---
diff --git a/packages/kie-sandbox-helm-chart/src/README.md
b/packages/kie-sandbox-helm-chart/src/README.md
index 9f703326dbc..48452a75f41 100644
--- a/packages/kie-sandbox-helm-chart/src/README.md
+++ b/packages/kie-sandbox-helm-chart/src/README.md
@@ -31,47 +31,52 @@ A Helm chart to deploy KIE Sandbox and related services on
Kubernetes
## Values
-| Key | Type | Default
| Description
|
-| ---------------------------------- | ------ |
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
|
-----------------------------------------------------------------------------------------------------------------------------------------------
|
-| global.ingressSource | string | `""`
| Which ingress source
is being used (none/"minikube"/"kubernetes"/"openshift") Obs.: For NOTES
generation only |
-| global.kubernetesClusterDomain | string | `""`
| If using Minikube or
Kubernetes, set the cluster domain
|
-| global.kubernetesIngressClass | string | `""`
| If using Minikube or
Kubernetes, set the Ingress class (i.e: nginx)
|
-| global.openshiftRouteDomain | string | `""`
| If using OpenShift
Routes, set the Route domain
|
-| fullnameOverride | string | `""`
| Overrides charts full
name
|
-| nameOverride | string | `""`
| Overrides charts name
|
-| cors_proxy.autoscaling | object |
`{"enabled":false,"maxReplicas":100,"minReplicas":1,"targetCPUUtilizationPercentage":80}`
|
CORS Proxy HorizontalPodAutoscaler configuration
(https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/)
|
-| cors_proxy.fullnameOverride | string | `""`
| Overrides charts full
name
|
-| cors_proxy.image | object |
`{"account":"apache","name":"incubator-kie-cors-proxy","pullPolicy":"IfNotPresent","registry":"docker.io","tag":"main"}`
| Image source configuration for
the CORS Proxy image
|
-| cors_proxy.imagePullSecrets | list | `[]`
| Pull secrets used
when pulling CORS Proxy image
|
-| cors_proxy.ingress | object |
`{"annotations":{},"className":"{{ .Values.global.kubernetesIngressClass
}}","enabled":false,"hosts":[{"host":"cors-proxy.{{
.Values.global.kubernetesClusterDomain
}}","paths":[{"path":"/","pathType":"ImplementationSpecific"}]}],"tls":[]}`
| CORS Proxy Ingress configuration
(https://kubernetes.io/docs/concepts/services-networking/ingress/)
|
-| cors_proxy.name | string | `"cors-proxy"`
| The CORS Proxy
application name
|
-| cors_proxy.nameOverride | string | `""`
| Overrides charts name
|
-| cors_proxy.nodeSelector | object | `{}`
|
|
-| cors_proxy.openshiftRoute | object |
`{"annotations":{},"enabled":false,"host":"cors-proxy.{{
.Values.global.openshiftRouteDomain
}}","tls":{"insecureEdgeTerminationPolicy":"None","termination":"edge"}}`
|
CORS Proxy OpenShift Route configuration
(https://docs.openshift.com/container-platform/4.14/networking/routes/route-configuration.html)
|
-| cors_proxy.service | object |
`{"nodePort":"","port":8080,"type":"ClusterIP"}`
| CORS Proxy Service configuration
(https://kubernetes.io/docs/concepts/services-networking/service/)
|
-| cors_proxy.serviceAccount | object |
`{"annotations":{},"create":true,"name":""}`
| CORS Proxy ServiceAccount configuration
(https://kubernetes.io/docs/concepts/security/service-accounts/)
|
-| extended_services.autoscaling | object |
`{"enabled":false,"maxReplicas":100,"minReplicas":1,"targetCPUUtilizationPercentage":80}`
|
Extended Services HorizontalPodAutoscaler configuration
(https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/)
|
-| extended_services.fullnameOverride | string | `""`
| Overrides charts full
name
|
-| extended_services.image | object |
`{"account":"apache","name":"incubator-kie-sandbox-extended-services","pullPolicy":"IfNotPresent","registry":"docker.io","tag":"main"}`
| Image source configuration for the Extended
Services image
|
-| extended_services.imagePullSecrets | list | `[]`
| Pull secrets used
when pulling Extended Services image
|
-| extended_services.ingress | object |
`{"annotations":{},"className":"{{ .Values.global.kubernetesIngressClass
}}","enabled":false,"hosts":[{"host":"extended-services.{{
.Values.global.kubernetesClusterDomain
}}","paths":[{"path":"/","pathType":"ImplementationSpecific"}]}],"tls":[]}` |
Extended Services Ingress configuration
(https://kubernetes.io/docs/concepts/services-networking/ingress/)
|
-| extended_services.name | string | `"extended-services"`
| The Extended Services
application name
|
-| extended_services.nameOverride | string | `""`
| Overrides charts name
|
-| extended_services.nodeSelector | object | `{}`
|
|
-| extended_services.openshiftRoute | object |
`{"annotations":{},"enabled":false,"host":"extended-services.{{
.Values.global.openshiftRouteDomain
}}","tls":{"insecureEdgeTerminationPolicy":"None","termination":"edge"}}`
| Extended
Services OpenShift Route configuration
(https://docs.openshift.com/container-platform/4.14/networking/routes/route-configuration.html)
|
-| extended_services.service | object |
`{"nodePort":"","port":21345,"type":"ClusterIP"}`
| Extended Services Service configuration
(https://kubernetes.io/docs/concepts/services-networking/service/)
|
-| extended_services.serviceAccount | object |
`{"annotations":{},"create":true,"name":""}`
| Extended Services ServiceAccount configuration
(https://kubernetes.io/docs/concepts/security/service-accounts/)
|
-| kie_sandbox.autoscaling | object |
`{"enabled":false,"maxReplicas":100,"minReplicas":1,"targetCPUUtilizationPercentage":80}`
|
KIE Sandbox HorizontalPodAutoscaler configuration
(https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/)
|
-| kie_sandbox.env | list |
`[{"name":"KIE_SANDBOX_EXTENDED_SERVICES_URL","value":"http://127.0.0.1:21345"},{"name":"KIE_SANDBOX_CORS_PROXY_URL","value":"http://127.0.0.1:8081"}]`
| Env variables for KIE Sandbox deployment
|
-| kie_sandbox.fullnameOverride | string | `""`
| Overrides charts full
name
|
-| kie_sandbox.image | object |
`{"account":"apache","name":"incubator-kie-sandbox-webapp","pullPolicy":"IfNotPresent","registry":"docker.io","tag":"main"}`
| Image source configuration for the
KIE Sandbox image
|
-| kie_sandbox.imagePullSecrets | list | `[]`
| Pull secrets used
when pulling KIE Sandbox image
|
-| kie_sandbox.ingress | object |
`{"annotations":{},"className":"{{ .Values.global.kubernetesIngressClass
}}","enabled":false,"hosts":[{"host":"kie-sandbox.{{
.Values.global.kubernetesClusterDomain
}}","paths":[{"path":"/","pathType":"ImplementationSpecific"}]}],"tls":[]}`
| KIE Sandbox Ingress configuration
(https://kubernetes.io/docs/concepts/services-networking/ingress/)
|
-| kie_sandbox.name | string | `"kie-sandbox"`
| The KIE Sandbox
application name
|
-| kie_sandbox.nameOverride | string | `""`
| Overrides charts name
|
-| kie_sandbox.openshiftRoute | object |
`{"annotations":{},"enabled":false,"host":"kie-sandbox.{{
.Values.global.openshiftRouteDomain
}}","tls":{"insecureEdgeTerminationPolicy":"None","termination":"edge"}}`
| KIE
Sandbox OpenShift Route configuration
(https://docs.openshift.com/container-platform/4.14/networking/routes/route-configuration.html)
|
-| kie_sandbox.service | object |
`{"nodePort":"","port":8080,"type":"ClusterIP"}`
| KIE Sandbox Service configuration
(https://kubernetes.io/docs/concepts/services-networking/service/)
|
-| kie_sandbox.serviceAccount | object |
`{"annotations":{},"create":true,"name":""}`
| KIE Sandbox ServiceAccount configuration
(https://kubernetes.io/docs/concepts/security/service-accounts/)
|
+| Key | Type | Default
| Description
[...]
+| ---------------------------------- | ------ |
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
|
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
[...]
+| global.ingressSource | string | `""`
| Which ingress source
is being used (none/"minikube"/"kubernetes"/"openshift") Obs.: For NOTES
generation only
[...]
+| global.kubernetesClusterDomain | string | `""`
| If using Minikube or
Kubernetes, set the cluster domain
[...]
+| global.kubernetesIngressClass | string | `""`
| If using Minikube or
Kubernetes, set the Ingress class (i.e: nginx)
[...]
+| global.openshiftRouteDomain | string | `""`
| If using OpenShift
Routes, set the Route domain
[...]
+| fullnameOverride | string | `""`
| Overrides charts full
name
[...]
+| nameOverride | string | `""`
| Overrides charts name
[...]
+| cors_proxy.autoscaling | object |
`{"enabled":false,"maxReplicas":100,"minReplicas":1,"targetCPUUtilizationPercentage":80}`
|
CORS Proxy HorizontalPodAutoscaler configuration
(https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/)
[...]
+| cors_proxy.fullnameOverride | string | `""`
| Overrides charts full
name
[...]
+| cors_proxy.image | object |
`{"account":"apache","name":"incubator-kie-cors-proxy","pullPolicy":"IfNotPresent","registry":"docker.io","tag":"main"}`
| Image source configuration for
the CORS Proxy image
[...]
+| cors_proxy.imagePullSecrets | list | `[]`
| Pull secrets used
when pulling CORS Proxy image
[...]
+| cors_proxy.ingress | object |
`{"annotations":{},"className":"{{ .Values.global.kubernetesIngressClass
}}","enabled":false,"hosts":[{"host":"cors-proxy.{{
.Values.global.kubernetesClusterDomain
}}","paths":[{"path":"/","pathType":"ImplementationSpecific"}]}],"tls":[]}`
| CORS Proxy Ingress configuration
(https://kubernetes.io/docs/concepts/services-networking/ingress/)
[...]
+| cors_proxy.name | string | `"cors-proxy"`
| The CORS Proxy
application name
[...]
+| cors_proxy.nameOverride | string | `""`
| Overrides charts name
[...]
+| cors_proxy.nodeSelector | object | `{}`
|
[...]
+| cors_proxy.openshiftRoute | object |
`{"annotations":{},"enabled":false,"host":"cors-proxy.{{
.Values.global.openshiftRouteDomain
}}","tls":{"insecureEdgeTerminationPolicy":"None","termination":"edge"}}`
|
CORS Proxy OpenShift Route configuration
(https://docs.openshift.com/container-platform/4.14/networking/routes/route-configuration.html)
[...]
+| cors_proxy.service | object |
`{"nodePort":"","port":8080,"type":"ClusterIP"}`
| CORS Proxy Service configuration
(https://kubernetes.io/docs/concepts/services-networking/service/)
[...]
+| cors_proxy.serviceAccount | object |
`{"annotations":{},"create":true,"name":""}`
| CORS Proxy ServiceAccount configuration
(https://kubernetes.io/docs/concepts/security/service-accounts/)
[...]
+| cors_proxy.tls | object |
`{"certPath":"/etc/tls/tls.crt","enabled":false,"keyPath":"/etc/tls/tls.key","mountPath":"/etc/tls","secretName":""}`
| CORS Proxy in-container TLS
configuration. When enabled, mounts a Kubernetes TLS Secret into the container
and the Node.js server serves HTTPS on service.port. Intended for use with
OpenShift pas [...]
+| cors_proxy.tls.certPath | string | `"/etc/tls/tls.crt"`
| Path to the TLS
certificate file inside the container (consumed by
CORS_PROXY_TLS_CERTIFICATE_PATH).
[...]
+| cors_proxy.tls.keyPath | string | `"/etc/tls/tls.key"`
| Path to the TLS
private key file inside the container (consumed by CORS_PROXY_TLS_KEY_PATH).
[...]
+| cors_proxy.tls.mountPath | string | `"/etc/tls"`
| Mount path for the
TLS Secret inside the container.
[...]
+| cors_proxy.tls.secretName | string | `""`
| Name of the
Kubernetes TLS Secret (type: kubernetes.io/tls) to mount. Required when
tls.enabled is true.
[...]
+| extended_services.autoscaling | object |
`{"enabled":false,"maxReplicas":100,"minReplicas":1,"targetCPUUtilizationPercentage":80}`
|
Extended Services HorizontalPodAutoscaler configuration
(https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/)
[...]
+| extended_services.fullnameOverride | string | `""`
| Overrides charts full
name
[...]
+| extended_services.image | object |
`{"account":"apache","name":"incubator-kie-sandbox-extended-services","pullPolicy":"IfNotPresent","registry":"docker.io","tag":"main"}`
| Image source configuration for the Extended
Services image
[...]
+| extended_services.imagePullSecrets | list | `[]`
| Pull secrets used
when pulling Extended Services image
[...]
+| extended_services.ingress | object |
`{"annotations":{},"className":"{{ .Values.global.kubernetesIngressClass
}}","enabled":false,"hosts":[{"host":"extended-services.{{
.Values.global.kubernetesClusterDomain
}}","paths":[{"path":"/","pathType":"ImplementationSpecific"}]}],"tls":[]}` |
Extended Services Ingress configuration
(https://kubernetes.io/docs/concepts/services-networking/ingress/)
[...]
+| extended_services.name | string | `"extended-services"`
| The Extended Services
application name
[...]
+| extended_services.nameOverride | string | `""`
| Overrides charts name
[...]
+| extended_services.nodeSelector | object | `{}`
|
[...]
+| extended_services.openshiftRoute | object |
`{"annotations":{},"enabled":false,"host":"extended-services.{{
.Values.global.openshiftRouteDomain
}}","tls":{"insecureEdgeTerminationPolicy":"None","termination":"edge"}}`
| Extended
Services OpenShift Route configuration
(https://docs.openshift.com/container-platform/4.14/networking/routes/route-configuration.html)
[...]
+| extended_services.service | object |
`{"nodePort":"","port":21345,"type":"ClusterIP"}`
| Extended Services Service configuration
(https://kubernetes.io/docs/concepts/services-networking/service/)
[...]
+| extended_services.serviceAccount | object |
`{"annotations":{},"create":true,"name":""}`
| Extended Services ServiceAccount configuration
(https://kubernetes.io/docs/concepts/security/service-accounts/)
[...]
+| kie_sandbox.autoscaling | object |
`{"enabled":false,"maxReplicas":100,"minReplicas":1,"targetCPUUtilizationPercentage":80}`
|
KIE Sandbox HorizontalPodAutoscaler configuration
(https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/)
[...]
+| kie_sandbox.env | list |
`[{"name":"KIE_SANDBOX_EXTENDED_SERVICES_URL","value":"http://127.0.0.1:21345"},{"name":"KIE_SANDBOX_CORS_PROXY_URL","value":"http://127.0.0.1:8081"}]`
| Env variables for KIE Sandbox deployment
[...]
+| kie_sandbox.fullnameOverride | string | `""`
| Overrides charts full
name
[...]
+| kie_sandbox.image | object |
`{"account":"apache","name":"incubator-kie-sandbox-webapp","pullPolicy":"IfNotPresent","registry":"docker.io","tag":"main"}`
| Image source configuration for the
KIE Sandbox image
[...]
+| kie_sandbox.imagePullSecrets | list | `[]`
| Pull secrets used
when pulling KIE Sandbox image
[...]
+| kie_sandbox.ingress | object |
`{"annotations":{},"className":"{{ .Values.global.kubernetesIngressClass
}}","enabled":false,"hosts":[{"host":"kie-sandbox.{{
.Values.global.kubernetesClusterDomain
}}","paths":[{"path":"/","pathType":"ImplementationSpecific"}]}],"tls":[]}`
| KIE Sandbox Ingress configuration
(https://kubernetes.io/docs/concepts/services-networking/ingress/)
[...]
+| kie_sandbox.name | string | `"kie-sandbox"`
| The KIE Sandbox
application name
[...]
+| kie_sandbox.nameOverride | string | `""`
| Overrides charts name
[...]
+| kie_sandbox.openshiftRoute | object |
`{"annotations":{},"enabled":false,"host":"kie-sandbox.{{
.Values.global.openshiftRouteDomain
}}","tls":{"insecureEdgeTerminationPolicy":"None","termination":"edge"}}`
| KIE
Sandbox OpenShift Route configuration
(https://docs.openshift.com/container-platform/4.14/networking/routes/route-configuration.html)
[...]
+| kie_sandbox.service | object |
`{"nodePort":"","port":8080,"type":"ClusterIP"}`
| KIE Sandbox Service configuration
(https://kubernetes.io/docs/concepts/services-networking/service/)
[...]
+| kie_sandbox.serviceAccount | object |
`{"annotations":{},"create":true,"name":""}`
| KIE Sandbox ServiceAccount configuration
(https://kubernetes.io/docs/concepts/security/service-accounts/)
[...]
---
diff --git a/packages/kie-sandbox-helm-chart/src/charts/cors_proxy/README.md
b/packages/kie-sandbox-helm-chart/src/charts/cors_proxy/README.md
index 2795ce3a78f..11ff525b7c5 100644
--- a/packages/kie-sandbox-helm-chart/src/charts/cors_proxy/README.md
+++ b/packages/kie-sandbox-helm-chart/src/charts/cors_proxy/README.md
@@ -23,19 +23,24 @@ A Helm chart to deploy CORS Proxy on Kubernetes
## Values
-| Key | Type | Default
| Description
|
-| ---------------- | ------ |
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
|
----------------------------------------------------------------------------------------------------------------------------------------
|
-| autoscaling | object |
`{"enabled":false,"maxReplicas":100,"minReplicas":1,"targetCPUUtilizationPercentage":80}`
| CORS
Proxy HorizontalPodAutoscaler configuration
(https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/)
|
-| fullnameOverride | string | `""`
| Overrides charts full name
|
-| image | object |
`{"account":"apache","name":"incubator-kie-cors-proxy","pullPolicy":"IfNotPresent","registry":"docker.io","tag":"main"}`
| Image source configuration for the
CORS Proxy image
|
-| imagePullSecrets | list | `[]`
| Pull secrets used when pulling CORS Proxy
image
|
-| ingress | object | `{"annotations":{},"className":"{{
.Values.global.kubernetesIngressClass
}}","enabled":false,"hosts":[{"host":"cors-proxy.{{
.Values.global.kubernetesClusterDomain
}}","paths":[{"path":"/","pathType":"ImplementationSpecific"}]}],"tls":[]}` |
CORS Proxy Ingress configuration
(https://kubernetes.io/docs/concepts/services-networking/ingress/)
|
-| name | string | `"cors-proxy"`
| The CORS Proxy application name
|
-| nameOverride | string | `""`
| Overrides charts name
|
-| nodeSelector | object | `{}`
|
|
-| openshiftRoute | object |
`{"annotations":{},"enabled":false,"host":"cors-proxy.{{
.Values.global.openshiftRouteDomain
}}","tls":{"insecureEdgeTerminationPolicy":"None","termination":"edge"}}`
| CORS Proxy
OpenShift Route configuration
(https://docs.openshift.com/container-platform/4.14/networking/routes/route-configuration.html)
|
-| service | object | `{"nodePort":"","port":8080,"type":"ClusterIP"}`
| CORS Proxy Service configuration
(https://kubernetes.io/docs/concepts/services-networking/service/)
|
-| serviceAccount | object | `{"annotations":{},"create":true,"name":""}`
| CORS Proxy ServiceAccount configuration
(https://kubernetes.io/docs/concepts/security/service-accounts/)
|
+| Key | Type | Default
| Description
[...]
+| ---------------- | ------ |
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
|
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
[...]
+| autoscaling | object |
`{"enabled":false,"maxReplicas":100,"minReplicas":1,"targetCPUUtilizationPercentage":80}`
| CORS
Proxy HorizontalPodAutoscaler configuration
(https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/)
[...]
+| fullnameOverride | string | `""`
| Overrides charts full name
[...]
+| image | object |
`{"account":"apache","name":"incubator-kie-cors-proxy","pullPolicy":"IfNotPresent","registry":"docker.io","tag":"main"}`
| Image source configuration for the
CORS Proxy image
[...]
+| imagePullSecrets | list | `[]`
| Pull secrets used when pulling CORS Proxy
image
[...]
+| ingress | object | `{"annotations":{},"className":"{{
.Values.global.kubernetesIngressClass
}}","enabled":false,"hosts":[{"host":"cors-proxy.{{
.Values.global.kubernetesClusterDomain
}}","paths":[{"path":"/","pathType":"ImplementationSpecific"}]}],"tls":[]}` |
CORS Proxy Ingress configuration
(https://kubernetes.io/docs/concepts/services-networking/ingress/)
[...]
+| name | string | `"cors-proxy"`
| The CORS Proxy application name
[...]
+| nameOverride | string | `""`
| Overrides charts name
[...]
+| nodeSelector | object | `{}`
|
[...]
+| openshiftRoute | object |
`{"annotations":{},"enabled":false,"host":"cors-proxy.{{
.Values.global.openshiftRouteDomain
}}","tls":{"insecureEdgeTerminationPolicy":"None","termination":"edge"}}`
| CORS Proxy
OpenShift Route configuration
(https://docs.openshift.com/container-platform/4.14/networking/routes/route-configuration.html)
[...]
+| service | object | `{"nodePort":"","port":8080,"type":"ClusterIP"}`
| CORS Proxy Service configuration
(https://kubernetes.io/docs/concepts/services-networking/service/)
[...]
+| serviceAccount | object | `{"annotations":{},"create":true,"name":""}`
| CORS Proxy ServiceAccount configuration
(https://kubernetes.io/docs/concepts/security/service-accounts/)
[...]
+| tls | object |
`{"certPath":"/etc/tls/tls.crt","enabled":false,"keyPath":"/etc/tls/tls.key","mountPath":"/etc/tls","secretName":""}`
| CORS Proxy in-container TLS
configuration. When enabled, mounts a Kubernetes TLS Secret into the container
and the Node.js server serves HTTPS on service.port. Intended for use with
OpenShift passthrough Routes (set open [...]
+| tls.certPath | string | `"/etc/tls/tls.crt"`
| Path to the TLS certificate file inside the
container (consumed by CORS_PROXY_TLS_CERTIFICATE_PATH).
[...]
+| tls.keyPath | string | `"/etc/tls/tls.key"`
| Path to the TLS private key file inside the
container (consumed by CORS_PROXY_TLS_KEY_PATH).
[...]
+| tls.mountPath | string | `"/etc/tls"`
| Mount path for the TLS Secret inside the
container.
[...]
+| tls.secretName | string | `""`
| Name of the Kubernetes TLS Secret (type:
kubernetes.io/tls) to mount. Required when tls.enabled is true.
[...]
---
diff --git
a/packages/kie-sandbox-helm-chart/src/charts/cors_proxy/templates/deployment.yaml.helm
b/packages/kie-sandbox-helm-chart/src/charts/cors_proxy/templates/deployment.yaml.helm
index 3143186e614..08c168c3c24 100644
---
a/packages/kie-sandbox-helm-chart/src/charts/cors_proxy/templates/deployment.yaml.helm
+++
b/packages/kie-sandbox-helm-chart/src/charts/cors_proxy/templates/deployment.yaml.helm
@@ -33,20 +33,49 @@ spec:
{{- toYaml .Values.securityContext | nindent 12 }}
image: "{{ .Values.image.registry }}/{{ .Values.image.account }}/{{
.Values.image.name }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
+ {{- if .Values.tls.enabled }}
+ env:
+ - name: CORS_PROXY_TLS_CERTIFICATE_PATH
+ value: {{ .Values.tls.certPath | quote }}
+ - name: CORS_PROXY_TLS_KEY_PATH
+ value: {{ .Values.tls.keyPath | quote }}
+ {{- end }}
ports:
- name: http
containerPort: {{ .Values.service.port }}
protocol: TCP
livenessProbe:
+ {{- if .Values.tls.enabled }}
+ tcpSocket:
+ port: http
+ {{- else }}
httpGet:
path: /ping
port: http
+ {{- end }}
readinessProbe:
+ {{- if .Values.tls.enabled }}
+ tcpSocket:
+ port: http
+ {{- else }}
httpGet:
path: /ping
port: http
+ {{- end }}
resources:
{{- toYaml .Values.resources | nindent 12 }}
+ {{- if .Values.tls.enabled }}
+ volumeMounts:
+ - name: tls-cert
+ mountPath: {{ .Values.tls.mountPath }}
+ readOnly: true
+ {{- end }}
+ {{- if .Values.tls.enabled }}
+ volumes:
+ - name: tls-cert
+ secret:
+ secretName: {{ required "tls.secretName is required when
tls.enabled is true" .Values.tls.secretName }}
+ {{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
diff --git a/packages/kie-sandbox-helm-chart/src/charts/cors_proxy/values.yaml
b/packages/kie-sandbox-helm-chart/src/charts/cors_proxy/values.yaml
index 0457117ae94..750c2ab1897 100644
--- a/packages/kie-sandbox-helm-chart/src/charts/cors_proxy/values.yaml
+++ b/packages/kie-sandbox-helm-chart/src/charts/cors_proxy/values.yaml
@@ -82,6 +82,22 @@ openshiftRoute:
termination: edge
insecureEdgeTerminationPolicy: None
+# -- CORS Proxy in-container TLS configuration.
+# When enabled, mounts a Kubernetes TLS Secret into the container and the
Node.js server serves HTTPS on service.port.
+# Intended for use with OpenShift passthrough Routes (set
openshiftRoute.tls.termination=passthrough and
openshiftRoute.tls.insecureEdgeTerminationPolicy=Redirect).
+# The Secret must be of type kubernetes.io/tls and contain tls.crt and tls.key
keys.
+# Note: CORS Proxy does not expose a separate HTTPS port - the single
service.port (default 8080) serves HTTPS when TLS is enabled.
+tls:
+ enabled: false
+ # -- Name of the Kubernetes TLS Secret (type: kubernetes.io/tls) to mount.
Required when tls.enabled is true.
+ secretName: ""
+ # -- Mount path for the TLS Secret inside the container.
+ mountPath: /etc/tls
+ # -- Path to the TLS certificate file inside the container (consumed by
CORS_PROXY_TLS_CERTIFICATE_PATH).
+ certPath: /etc/tls/tls.crt
+ # -- Path to the TLS private key file inside the container (consumed by
CORS_PROXY_TLS_KEY_PATH).
+ keyPath: /etc/tls/tls.key
+
# @ignored
resources: {}
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
