Get support for sagikazarmark/curiefense-nginx-ingress

If you're new to LTH, please see our FAQ for more information on what it is we do.

Support Options

Unfortunately, there are currently no active helpers for this repository on the platform. Until they become available, we reccomend the following actions:

View Open Issues

Take a look to see if anyone else has experienced the same issue as you and if they managed to solve it.

Open an Issue

Make sure to read any relevant guidelines for opening issues on this repo before posting a new issue.

Sponsor directly

Check out the page and see if there are any options to sponsor this project or it's developers directly.

sagikazarmark/curiefense-nginx-ingress

Curiefense NGINX Ingress

This repo contains a custom NGINX ingress build based on Curiefense's custom build.

Primary differences:

  • NGINX Ingress upgraded to 2.0.3
  • Openresty upgraded to the latest version
  • Curiesync is not installed (should be a sidecar)
  • There is an initial bootstrap config in case no sidecar pulls the real config
  • Curielogger defaults to curielogger.curiefense.svc.cluster.local so NGINX can be installed in a separate namespace
  • Curiefense can be enabled with custom.nginx.org/enable-curiefense annotation selectively

Installation

Follow the guide I wrote earlier: https://docs.curiefense.io/installation/deployment-first-steps/nginx-ingress

When you get to installing the ingress controller:

Create a namespace for the ingress controller:

kubectl create namespace nginx-ingress

Create a curiesync-secret.yaml with the following content:

apiVersion: v1
kind: Secret
metadata:
  name: curiesync
data:
  curiesync.env: |
    export CURIE_BUCKET_LINK=s3://my-curiefense-test/prod/manifest.json
    export CURIE_S3_ACCESS_KEY=YOUR_ACCESS_KEY_ID
    export CURIE_S3_SECRET_KEY=YOUR_SECRET_ACCESS_KEY

Apply the ConfigMap:

kubectl --namespace nginx-ingress apply -f curiesync-secret.yaml

Create a values.ingress.yaml with the following content:

controller:
  image:
    repository: ghcr.io/sagikazarmark/curiefense-nginx-ingress
    tag: main
    pullPolicy: Always

  volumes:
    - name: curiesync
      secret:
        secretName: curiesync
    - name: curieconf
      emptyDir: {}

  volumeMounts:
    - name: curieconf
      mountPath: /config

  initContainers:
    - name: curiesync-init
      image: curiefense/curiesync:main
      env:
        - name: RUN_MODE
          value: COPY_BOOTSTRAP
      volumeMounts:
        - name: curiesync
          mountPath: /etc/curiefense
        - name: curieconf
          mountPath: /config

  extraContainers:
    - name: curiesync
      image: curiefense/curiesync:main
      env:
        - name: RUN_MODE
          value: PERIODIC_SYNC
      volumeMounts:
        - name: curiesync
          mountPath: /etc/curiefense
        - name: curieconf
          mountPath: /config

Instead of using the official Helm chart from the Helm repo, do this:

git clone git@github.com:sagikazarmark/kubernetes-ingress.git -b extra-containers-backport
helm -n nginx-ingress install -f values.ingress.yaml ingress ./kubernetes-ingress/deployments/helm-chart

Proceed with the installation of Curiefense.

Potential future improvements

  • Syslog should also be a sidecar container AND/OR curiefense log should also be sent to stdout
  • Curielogger service should be configurable

Getting closer to production

  • Curiesync sidecar should be injected by a mutation webhook? (Right now the NGINX Helm chart provides most of the options we need for manual and automatic injection)
  • Use the NGINX ingress controller operator?
Our Mission

We want to make open source more sustainable. The entire platform was born from this and everything we do is in aid of this.

Interesting Articles

Thank you for checking out LiveTechHelper |
2025 © lth-dev incorporated

p-e622a1a2