kubero-dev
diff --git a/‎.github/workflows/docker-prerelease.yaml‎
Lines changed: 12 additions & 15 deletions b/‎.github/workflows/docker-prerelease.yaml‎
Lines changed: 12 additions & 15 deletions
diff --git a/‎client/src/components/apps/new.vue‎
Lines changed: 214 additions & 6 deletions b/‎client/src/components/apps/new.vue‎
Lines changed: 214 additions & 6 deletions
@@ -33,7 +33,7 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: build
         run: |
@@ -52,22 +52,22 @@ jobs:
       # https://github.com/sigstore/cosign-installer
       - name: Install cosign
         if: github.event_name != 'pull_request'
-        uses: sigstore/cosign-installer@main
+        uses: sigstore/cosign-installer@v3
 
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
+        uses: docker/setup-qemu-action@v3
         with:
-          platforms: 'arm64,amd64'
+          platforms: 'amd64'
 
       # Workaround: https://github.com/docker/build-push-action/issues/461
       - name: Setup Docker buildx
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@v3
 
       # Login against a Docker registry except on PR
       # https://github.com/docker/login-action
       - name: Log into registry ${{ env.REGISTRY }}
         if: github.event_name != 'pull_request'
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
           registry: ${{ env.REGISTRY }}
           username: ${{ github.actor }}
@@ -77,25 +77,22 @@ jobs:
       # https://github.com/docker/metadata-action
       - name: Extract Docker metadata
         id: kubero-meta
-        uses: docker/metadata-action@v4
+        uses: docker/metadata-action@v5
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}
           images: ${{ env.REGISTRY }}/${{ github.repository }}/kubero
-          tags: |
-            type=semver,pattern=v{{version}}
-            type=semver,pattern=v{{major}}.{{minor}}
-            type=semver,pattern=v{{major}}
+          tags: type=raw,value=v${{ inputs.version }}
 
       # Build and push Docker image with Buildx (don't push on PR)
       # https://github.com/docker/build-push-action
       - name: Build and push Docker image
         id: kubero-build-and-push
-        uses: docker/build-push-action@v3
+        uses: docker/build-push-action@v5
         with:
           context: .
-          push: ${{ github.event_name != 'pull_request' }}
-          tags: v${{ inputs.version }}
-          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: ${{ steps.kubero-meta.outputs.tags }}
+          platforms: linux/amd64
           labels: ${{ steps.kubero-meta.outputs.labels }}
 
       # Sign the resulting Docker image digest except on PRs.
 
@@ -348,7 +348,6 @@
                 v-model="security.vulnerabilityScans"
                 label="Enable Trivy vulnerabfility scans"
                 color="primary"
-                inset
             ></v-switch>
             </v-col>
             <v-col
@@ -359,7 +358,6 @@
                 v-model="buildpack.run.securityContext.readOnlyRootFilesystem"
                 label="Read only root filesystem"
                 color="primary"
-                inset
             ></v-switch>
             </v-col>
           </v-row>
@@ -373,7 +371,6 @@
                 v-model="buildpack.run.securityContext.allowPrivilegeEscalation"
                 label="Allow privilege escalation"
                 color="primary"
-                inset
             ></v-switch>
             </v-col>
             <v-col
@@ -384,7 +381,6 @@
                 v-model="buildpack.run.securityContext.runAsNonRoot"
                 label="Run as non root"
                 color="primary"
-                inset
             ></v-switch>
             </v-col>
           </v-row>
@@ -448,6 +444,151 @@
         </v-expansion-panel-content>
       </v-expansion-panel>
 
+
+      <!-- NETWORKING -->
+      <v-expansion-panel v-if="advanced">
+        <v-expansion-panel-header class="text-uppercase text-caption-2 font-weight-medium secondary">Networking</v-expansion-panel-header>
+        <v-expansion-panel-content class="secondary">
+
+          <v-row>
+            <v-col
+              cols="12"
+              md="6"
+            >
+              <v-text-field
+                v-model="ingress.annotations['nginx.ingress.kubernetes.io/whitelist-source-range']"
+                label="Whitelist Source Range"
+              ></v-text-field>
+            </v-col>
+            <v-col
+              cols="12"
+              md="6"
+            >
+              <v-text-field
+                v-model="ingress.annotations['nginx.ingress.kubernetes.io/denylist-source-range']"
+                label="Denylist Source Range"
+              ></v-text-field>
+            </v-col>
+          </v-row>
+
+          <v-row>
+            <v-col
+              cols="12"
+              md="6"
+            >
+              <v-switch
+                v-model="ingress.annotations['nginx.ingress.kubernetes.io/force-ssl-redirect']"
+                label="Force SSL Redirect"
+                color="primary"
+                :disabled="!ssl"
+              ></v-switch>
+            </v-col>
+            <v-col
+              cols="12"
+              md="6"
+            >
+              <v-text-field
+                v-model="ingress.annotations['nginx.ingress.kubernetes.io/proxy-buffer-size']"
+                label="Proxy Buffer Size"
+              ></v-text-field>
+            </v-col>
+          </v-row>
+
+        </v-expansion-panel-content>
+      </v-expansion-panel>
+
+
+      <!-- CORS -->
+      <v-expansion-panel v-if="advanced">
+        <v-expansion-panel-header class="text-uppercase text-caption-2 font-weight-medium secondary">Cors</v-expansion-panel-header>
+        <v-expansion-panel-content class="secondary">
+
+          <v-row>
+            <v-col
+              cols="12"
+              md="12"
+            >
+              <v-switch
+                v-model="ingress.annotations['nginx.ingress.kubernetes.io/enable-cors']"
+                label="Enable CORS"
+                color="primary"
+                inset
+              ></v-switch>
+            </v-col>
+          </v-row>
+          
+          <v-row>
+            <v-col
+              cols="12"
+              md="4"
+            >
+              <v-text-field
+                v-model="ingress.annotations['nginx.ingress.kubernetes.io/cors-allow-origin']"
+                label="CORS Allow Origin"
+                :disabled="!ingress.annotations['nginx.ingress.kubernetes.io/enable-cors']"
+              ></v-text-field>
+            </v-col>
+            <v-col
+              cols="12"
+              md="4"
+            >
+              <v-text-field
+                v-model="ingress.annotations['nginx.ingress.kubernetes.io/cors-allow-headers']"
+                label="CORS Allow Headers"
+                :disabled="!ingress.annotations['nginx.ingress.kubernetes.io/enable-cors']"
+              ></v-text-field>
+            </v-col>
+            <v-col
+              cols="12"
+              md="4"
+            >
+              <v-text-field
+                v-model="ingress.annotations['nginx.ingress.kubernetes.io/cors-expose-headers']"
+                label="CORS Expose Headers"
+                :disabled="!ingress.annotations['nginx.ingress.kubernetes.io/enable-cors']"
+              ></v-text-field>
+            </v-col>
+          </v-row>
+          
+          <v-row>
+            <v-col
+              cols="12"
+              md="4"
+            >
+              <v-switch
+                v-model="ingress.annotations['nginx.ingress.kubernetes.io/cors-allow-credentials']"
+                label="CORS Allow Credentials"
+                color="primary"
+                :disabled="!ingress.annotations['nginx.ingress.kubernetes.io/enable-cors']"
+              ></v-switch>
+            </v-col>
+            <v-col
+              cols="12"
+              md="4"
+            >
+              <v-text-field
+                v-model="ingress.annotations['nginx.ingress.kubernetes.io/cors-max-age']"
+                label="CORS Max Age"
+                :disabled="!ingress.annotations['nginx.ingress.kubernetes.io/enable-cors']"
+              ></v-text-field>
+            </v-col>
+            <v-col
+              cols="12"
+              md="4"
+            >
+              <v-text-field
+                v-model="ingress.annotations['nginx.ingress.kubernetes.io/cors-allow-methods']"
+                label="CORS Allow Methods"
+                :disabled="!ingress.annotations['nginx.ingress.kubernetes.io/enable-cors']"
+              ></v-text-field>
+            </v-col>
+          </v-row>
+
+
+
+        </v-expansion-panel-content>
+      </v-expansion-panel>
+
       <!-- ENVIRONMENT VARS -->
       <v-expansion-panel>
         <v-expansion-panel-header class="text-uppercase text-caption-2 font-weight-medium cardBackground">Environment Variables</v-expansion-panel-header>
@@ -1023,6 +1164,21 @@ export default {
         },
         */
       },
+      ingress: {
+        annotations: {
+          'nginx.ingress.kubernetes.io/whitelist-source-range': '',
+          'nginx.ingress.kubernetes.io/denylist-source-range': '',
+          'nginx.ingress.kubernetes.io/force-ssl-redirect': false,
+          'nginx.ingress.kubernetes.io/proxy-buffer-size': '4k',
+          'nginx.ingress.kubernetes.io/enable-cors': false,
+          'nginx.ingress.kubernetes.io/cors-allow-origin': '*',
+          'nginx.ingress.kubernetes.io/cors-allow-headers': 'DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization',
+          'nginx.ingress.kubernetes.io/cors-expose-headers': '*',
+          'nginx.ingress.kubernetes.io/cors-allow-credentials': true,
+          'nginx.ingress.kubernetes.io/cors-max-age': '1728000',
+          'nginx.ingress.kubernetes.io/cors-allow-methods': 'GET, PUT, POST, DELETE, PATCH, OPTIONS',
+        },
+      },
       capabilities: [
         'AUDIT_CONTROL',
         'AUDIT_READ',
@@ -1099,7 +1255,9 @@ export default {
       this.loadStorageClasses();
       this.loadPodsizeList();
       this.loadBuildpacks();
-      this.loadApp(); // this may lead into a race condition with the buildpacks loaded in loadPipeline
+      if (this.app != 'new') {
+        this.loadApp(); // this may lead into a race condition with the buildpacks loaded in loadPipeline
+      }
 
       if (this.$route.query.template) {
         this.loadTemplate(this.$route.query.catalogId, this.$route.query.template);
@@ -1313,9 +1471,54 @@ export default {
             this.cronjobs = this.cronjobUnformat(response.data.spec.cronjobs) || [];
             this.addons= response.data.spec.addons || [];
             this.security.vulnerabilityScans = response.data.spec.vulnerabilityscan.enabled;
+            this.ingress = response.data.spec.ingress || {};
           });
         }
       },
+      cleanupIngressAnnotations(){
+
+        if (this.ssl === false) {
+          delete this.ingress.annotations['cert-manager.io/cluster-issuer'];
+          delete this.ingress.annotations['kubernetes.io/tls-acme'];
+          this.ingress.tls = [];
+        } else {
+          this.ingress.annotations['cert-manager.io/cluster-issuer'] = 'letsencrypt-prod';
+          this.ingress.annotations['kubernetes.io/tls-acme'] = 'true';
+          this.ingress.tls = [
+            {
+              hosts: [this.domain],
+              secretName: this.appname+'-tls',
+            },
+          ];
+        }
+
+        if (this.ingress.annotations['nginx.ingress.kubernetes.io/whitelist-source-range'] == '') {
+          delete this.ingress.annotations['nginx.ingress.kubernetes.io/whitelist-source-range'];
+        }
+
+        if (this.ingress.annotations['nginx.ingress.kubernetes.io/denylist-source-range'] == '') {
+          delete this.ingress.annotations['nginx.ingress.kubernetes.io/denylist-source-range'];
+        }
+
+        if (this.ingress.annotations['nginx.ingress.kubernetes.io/force-ssl-redirect'] == false) {
+          delete this.ingress.annotations['nginx.ingress.kubernetes.io/force-ssl-redirect'];
+        }
+
+        if (this.ingress.annotations['nginx.ingress.kubernetes.io/proxy-buffer-size'] == '4k') {
+          delete this.ingress.annotations['nginx.ingress.kubernetes.io/proxy-buffer-size'];
+        }
+
+        if (this.ingress.annotations['nginx.ingress.kubernetes.io/enable-cors'] == false) {
+          delete this.ingress.annotations['nginx.ingress.kubernetes.io/enable-cors'];
+          delete this.ingress.annotations['nginx.ingress.kubernetes.io/cors-allow-origin'];
+          delete this.ingress.annotations['nginx.ingress.kubernetes.io/cors-allow-headers'];
+          delete this.ingress.annotations['nginx.ingress.kubernetes.io/cors-expose-headers'];
+          delete this.ingress.annotations['nginx.ingress.kubernetes.io/cors-allow-credentials'];
+          delete this.ingress.annotations['nginx.ingress.kubernetes.io/cors-max-age'];
+          delete this.ingress.annotations['nginx.ingress.kubernetes.io/cors-allow-methods'];
+        }
+
+      },
       updateApp() {
 
         if (this.gitrepo.ssh_url == this.pipelineData.git.repository.ssh_url) {
@@ -1329,6 +1532,8 @@ export default {
           this.gitrepo.clone_url = this.gitrepo.ssh_url.replace(regex, "https://$2/$4$5");
         }
 
+        this.cleanupIngressAnnotations();
+
         let postdata = {
           resourceVersion: this.resourceVersion,
           buildpack: this.buildpack,
@@ -1373,7 +1578,7 @@ export default {
           cronjobs: this.cronjobFormat(this.cronjobs),
           addons: this.addons,
           security: this.security,
-
+          ingress: this.ingress,
         }
 /*
         if (this.security.vulnerabilityScans) {
@@ -1437,6 +1642,8 @@ export default {
           this.docker.tag = "v1"
         }
 
+        this.cleanupIngressAnnotations();
+
         let postdata = {
           pipeline: this.pipeline,
           buildpack: this.buildpack,
@@ -1482,6 +1689,7 @@ export default {
           cronjobs: this.cronjobFormat(this.cronjobs),
           addons: this.addons,
           security: this.security,
+          ingress: this.ingress,
         }
 
         if (postdata.image.run == undefined) {