Description

I identified inconsistencies in the Ingress configuration of the Dependency-Track Helm chart, which limit its flexibility and effectiveness in modern Kubernetes environments. Specifically, the configuration lacks a customizable ingressClassName option and exhibits suboptimal TLS support. This issue aims to outline these deficiencies and propose the necessary changes to enhance functionality and user experience.

Details

1. Missing ingressClassName Configurability:

   • Current State: The Ingress resource definition in the Helm chart does not allow for specifying the ingressClassName, which is essential for selecting among multiple Ingress controllers within a cluster.
   • Impact: Users are unable to specify which Ingress controller should handle the Ingress resource, potentially leading to conflicts or unintended behavior in clusters with multiple Ingress controllers.

2. Inadequate TLS Support:

   • Current State: The TLS configuration options are limited and do not effectively support modern, secure practices. The current setup does not allow for easy configuration of TLS parameters or the use of multiple TLS secrets for different hosts.
   • Impact: This limitation hampers the ability to secure Ingress resources properly, affecting the security posture and flexibility in managing HTTPS traffic.

Proposed Solution

❗ Check my Pull Request: #16

To resolve these issues, I propose the following enhancements, which are also detailed in a pull request aimed at improving the overall Ingress configuration:

• Ingress Template Improvement:

  • Refine the Ingress resource configuration to include support for specifying an ingressClassName. This modification allows users to select the appropriate Ingress controller.
  • Enhance TLS configuration support to allow more granular and secure settings, including support for multiple TLS secrets based on hostnames.

• New Configurable Values:

  • Introduce additional parameters in the values.yaml file to allow dynamic customization of Ingress settings, such as ingressClassName, annotations, TLS secrets, and hostnames.

• Updated Documentation:

  • Update the documentation in the values.yaml and README.md files to reflect these new capabilities and guide users on how to effectively configure their Ingress resources using the new parameters.

Steps to Reproduce

1. Deploy the current version of the Dependency-Track Helm chart in a Kubernetes environment with multiple Ingress controllers with ingress.enabled=true.
2. If default Ingress Controller is not configured in the cluster, Ingress doesn't work.

Expected Behavior

The Ingress configuration should:

• Allow users to specify an ingresClassName to select the appropriate controller.

Actual Behavior

• The ingressClassName parameter cannot be configured, leading to potential misrouting of traffic. The use of annotation is deprecated for a long time.

Additional Information

This issue has been documented, and a pull request has been prepared with proposed changes to address these shortcomings effectively. The pull request includes a detailed description of the changes, how to test them, and notes on the enhancements aimed at increasing the flexibility and security of the Dependency-Track Helm chart.

By addressing these issues, we can significantly improve the usability and security of the Dependency-Track Helm chart in diverse Kubernetes environments.