Get support for sagikazarmark/curiefense-nginx-ingress
If you're new to LTH, please see our FAQ for more information on what it is we do.
Support Options
Unfortunately, there are currently no active helpers for this repository on the platform. Until they become available, we reccomend the following actions:
View Open IssuesTake a look to see if anyone else has experienced the same issue as you and if they managed to solve it.
Open an IssueMake sure to read any relevant guidelines for opening issues on this repo before posting a new issue.
Sponsor directlyCheck out the page and see if there are any options to sponsor this project or it's developers directly.
sagikazarmark/curiefense-nginx-ingress
Curiefense NGINX Ingress
This repo contains a custom NGINX ingress build based on Curiefense's custom build.
Primary differences:
- NGINX Ingress upgraded to 2.0.3
- Openresty upgraded to the latest version
- Curiesync is not installed (should be a sidecar)
- There is an initial bootstrap config in case no sidecar pulls the real config
- Curielogger defaults to
curielogger.curiefense.svc.cluster.local
so NGINX can be installed in a separate namespace - Curiefense can be enabled with
custom.nginx.org/enable-curiefense
annotation selectively
Installation
Follow the guide I wrote earlier: https://docs.curiefense.io/installation/deployment-first-steps/nginx-ingress
When you get to installing the ingress controller:
Create a namespace for the ingress controller:
kubectl create namespace nginx-ingress
Create a curiesync-secret.yaml
with the following content:
apiVersion: v1
kind: Secret
metadata:
name: curiesync
data:
curiesync.env: |
export CURIE_BUCKET_LINK=s3://my-curiefense-test/prod/manifest.json
export CURIE_S3_ACCESS_KEY=YOUR_ACCESS_KEY_ID
export CURIE_S3_SECRET_KEY=YOUR_SECRET_ACCESS_KEY
Apply the ConfigMap:
kubectl --namespace nginx-ingress apply -f curiesync-secret.yaml
Create a values.ingress.yaml
with the following content:
controller:
image:
repository: ghcr.io/sagikazarmark/curiefense-nginx-ingress
tag: main
pullPolicy: Always
volumes:
- name: curiesync
secret:
secretName: curiesync
- name: curieconf
emptyDir: {}
volumeMounts:
- name: curieconf
mountPath: /config
initContainers:
- name: curiesync-init
image: curiefense/curiesync:main
env:
- name: RUN_MODE
value: COPY_BOOTSTRAP
volumeMounts:
- name: curiesync
mountPath: /etc/curiefense
- name: curieconf
mountPath: /config
extraContainers:
- name: curiesync
image: curiefense/curiesync:main
env:
- name: RUN_MODE
value: PERIODIC_SYNC
volumeMounts:
- name: curiesync
mountPath: /etc/curiefense
- name: curieconf
mountPath: /config
Instead of using the official Helm chart from the Helm repo, do this:
git clone git@github.com:sagikazarmark/kubernetes-ingress.git -b extra-containers-backport
helm -n nginx-ingress install -f values.ingress.yaml ingress ./kubernetes-ingress/deployments/helm-chart
Proceed with the installation of Curiefense.
Potential future improvements
- Syslog should also be a sidecar container AND/OR curiefense log should also be sent to stdout
- Curielogger service should be configurable
Getting closer to production
- Curiesync sidecar should be injected by a mutation webhook? (Right now the NGINX Helm chart provides most of the options we need for manual and automatic injection)
- Use the NGINX ingress controller operator?
Our Mission
We want to make open source more sustainable. The entire platform was born from this and everything we do is in aid of this.
From the Blog
Interesting Articles
-
Generating income from open source
Jun 23 • 8 min read
-
2023 State of OSS
Apr 23 • 45 min read ★
-
A funding experiment...
Aug 19 • 10 min read
-
But You Said I could
Aug 19 • 2 min read
Thank you for checking out LiveTechHelper |
2025 © lth-dev incorporated
p-e622a1a2