From 54b076ae2bf22bfb0a345eb716571b6c4a065098 Mon Sep 17 00:00:00 2001 From: sunnyyip Date: Tue, 26 Mar 2024 18:15:29 -0400 Subject: [PATCH] Deploy traefik ingressroute (#46) * add traefik ingressroute Signed-off-by: Sunny Yip * lower minio mem request Signed-off-by: Sunny Yip * update ingressroute enable param Signed-off-by: Sunny Yip * add alb-oidc-secret read role Signed-off-by: Sunny Yip * undeploy alb secret read role Signed-off-by: Sunny Yip * clean up ingress yaml Signed-off-by: Sunny Yip * bump version Signed-off-by: Sunny Yip * fix white spaces Signed-off-by: Sunny Yip * fix linting error Signed-off-by: Sunny Yip * remove traefik ingress defaults Signed-off-by: Sunny Yip * add support to create nodeport service for gql server Signed-off-by: Sunny Yip * update README Signed-off-by: Sunny Yip * check in test values file Signed-off-by: Sunny Yip * fix linting test Signed-off-by: Sunny Yip * tidy up test workflow Signed-off-by: Sunny Yip --------- Signed-off-by: Sunny Yip --- .github/workflows/tests.yaml | 1 - charts/guac/Chart.yaml | 4 +-- charts/guac/README.md | 3 +++ charts/guac/ci/guac-values.yaml | 4 +++ charts/guac/schema.json | 20 ++++++++++++++ .../templates/graphql-server-service.yaml | 27 +++++++++++++++++++ charts/guac/templates/ingressroute.yaml | 22 +++++++++++++++ charts/guac/tests/graphql_service_test.yaml | 7 ++++- charts/guac/tests/values_graphql_service.yaml | 6 +++++ charts/guac/values.yaml | 22 +++++++++++++-- 10 files changed, 110 insertions(+), 6 deletions(-) create mode 100644 charts/guac/templates/ingressroute.yaml create mode 100644 charts/guac/tests/values_graphql_service.yaml diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml index 59c2fed..1ba99c8 100644 --- a/.github/workflows/tests.yaml +++ b/.github/workflows/tests.yaml @@ -37,7 +37,6 @@ jobs: - name: Add Helm repos run: | - # helm repo add neo4j https://helm.neo4j.com/neo4j helm repo add nats https://nats-io.github.io/k8s/helm/charts helm repo add minio https://charts.min.io/ diff --git a/charts/guac/Chart.yaml b/charts/guac/Chart.yaml index f2d7a83..3af7f2b 100644 --- a/charts/guac/Chart.yaml +++ b/charts/guac/Chart.yaml @@ -9,8 +9,8 @@ maintainers: email: guac-info@kusari.dev type: application -version: 0.2.7 -appVersion: "v0.5.0" +version: 0.2.8 +appVersion: "v0.5.1" dependencies: - name: nats diff --git a/charts/guac/README.md b/charts/guac/README.md index 14d3c13..f1ed24d 100644 --- a/charts/guac/README.md +++ b/charts/guac/README.md @@ -152,9 +152,11 @@ This section contains parameters for configuring the different GUAC components. | `guac.graphqlServer.svcPorts[0].protocol` | Protocol used at the the GraphQL Server | `TCP` | | `guac.graphqlServer.svcPorts[0].port` | Port the GraphQL Server service listens on | `8080` | | `guac.graphqlServer.svcPorts[0].targetPort` | Port the GraphQL Server container listens on | `8080` | +| `guac.graphqlServer.nodePortSvcPorts` | NodePort service port definition | `{}` | | `guac.graphqlServer.backend` | which backend to use - keyvalue (default) | arango | ent. | `keyvalue` | | `guac.graphqlServer.debug` | Enable debug mode for graphql server; also enable the UI | `true` | | `guac.graphqlServer.nodeSelector` | - sets the node selector for where to run the deployment | `{}` | +| `guac.graphqlServer.service.createNodePortService` | - Whether to deploy a NodePort type service | `false` | | `guac.visualizer.enabled` | String Whether to deploy the visualizer. | `true` | | `guac.visualizer.name` | String Name of the visualizer. | `visualizer` | | `guac.visualizer.annotations.reloader.stakater.com/auto` | Boolean for deploying [stakater/Reloader] (https://github.com/stakater/Reloader) | `""` | @@ -182,6 +184,7 @@ This section contains parameters for configuring the different GUAC components. | `guac.apiOnlyIngress.ingressClassName` | Ingress class name for API only ingress | `undefined` | | `guac.apiOnlyIngress.apiHostname` | DNS name for the GQL API. | `undefined` | | `guac.apiOnlyIngress.annotations` | Annotations for the API only ingress object | `{}` | +| `guac.traefikIngressRoute.enabled` | Whether to deploy Traefik IngressRoute object | `false` | | `guac.backend.ent.db-driver` | database driver to use, one of [postgres | sqlite3 | mysql] or anything supported by sql.DB | `postgres` | | `guac.backend.ent.db-address` | Full URL of database to connect to | `postgres://guac:guac@host:port/dbName?sslmode=disable` | | `guac.backend.ent.db-migrate` | Wether to automatically run database migrations on start | `true` | diff --git a/charts/guac/ci/guac-values.yaml b/charts/guac/ci/guac-values.yaml index 83c573a..52251b9 100644 --- a/charts/guac/ci/guac-values.yaml +++ b/charts/guac/ci/guac-values.yaml @@ -2,3 +2,7 @@ guac: sampleData: ingest: true + + graphqlServer: + service: + createNodePortService: true diff --git a/charts/guac/schema.json b/charts/guac/schema.json index 9b43137..f97cb62 100644 --- a/charts/guac/schema.json +++ b/charts/guac/schema.json @@ -410,6 +410,16 @@ "type": "object", "description": "- sets the node selector for where to run the deployment", "default": {} + }, + "service": { + "type": "object", + "properties": { + "createNodePortService": { + "type": "boolean", + "description": "- Whether to deploy a NodePort type service ", + "default": false + } + } } } }, @@ -553,6 +563,16 @@ } } }, + "traefikIngressRoute": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "Whether to deploy Traefik IngressRoute object", + "default": false + } + } + }, "backend": { "type": "object", "properties": { diff --git a/charts/guac/templates/graphql-server-service.yaml b/charts/guac/templates/graphql-server-service.yaml index b5b6dca..c129476 100644 --- a/charts/guac/templates/graphql-server-service.yaml +++ b/charts/guac/templates/graphql-server-service.yaml @@ -12,6 +12,7 @@ metadata: app.kubernetes.io/name: {{ .Values.guac.graphqlServer.name }} app.kubernetes.io/component: {{ .Values.guac.graphqlServer.name }} spec: + type: ClusterIP selector: {{- include "guac.selectorLabels" . | nindent 4 }} app.kubernetes.io/name: {{ .Values.guac.graphqlServer.name }} @@ -21,4 +22,30 @@ spec: - {{ . | toYaml | indent 6 | trim }} {{- end }} {{- end }} +{{- end }} + +{{ if .Values.guac.graphqlServer.enabled }} +{{- if .Values.guac.graphqlServer.svcPorts }} +{{ if .Values.guac.graphqlServer.service.createNodePortService }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ .Values.guac.graphqlServer.name }}-nodeport + labels: + {{- include "guac.labels" . | nindent 4 }} + app.kubernetes.io/name: {{ .Values.guac.graphqlServer.name }} + app.kubernetes.io/component: {{ .Values.guac.graphqlServer.name }} +spec: + type: NodePort + selector: + {{- include "guac.selectorLabels" . | nindent 4 }} + app.kubernetes.io/name: {{ .Values.guac.graphqlServer.name }} + app.kubernetes.io/component: {{ .Values.guac.graphqlServer.name }} + ports: + {{- range .Values.guac.graphqlServer.nodePortSvcPorts }} + - {{ . | toYaml | indent 6 | trim }} + {{- end }} +{{- end }} +{{- end }} {{- end }} \ No newline at end of file diff --git a/charts/guac/templates/ingressroute.yaml b/charts/guac/templates/ingressroute.yaml new file mode 100644 index 0000000..fbe6199 --- /dev/null +++ b/charts/guac/templates/ingressroute.yaml @@ -0,0 +1,22 @@ +{{- if .Values.guac.traefikIngressRoute.enabled -}} +--- +apiVersion: traefik.containo.us/v1alpha1 +kind: IngressRoute +metadata: + name: {{ .Release.Namespace }} + namespace: {{ .Release.Namespace }} +spec: + entryPoints: + {{- range .Values.guac.traefikIngressRoute.entryPoints }} + - {{ . | toYaml | indent 6 | trim }} + {{- end }} + routes: + - kind: Rule + match: (Headers(`{{ .Values.guac.traefikIngressRoute.hostMatchingHeader }}`, `{{ .Values.guac.traefikIngressRoute.apiHostname }}`) && Path(`{{ .Values.guac.traefikIngressRoute.gqlPath }}`)) + services: + - kind: Service + name: graphql-server + namespace: {{ .Release.Namespace }} + port: 8080 + scheme: http +{{- end -}} \ No newline at end of file diff --git a/charts/guac/tests/graphql_service_test.yaml b/charts/guac/tests/graphql_service_test.yaml index 10c846b..0d6d53a 100644 --- a/charts/guac/tests/graphql_service_test.yaml +++ b/charts/guac/tests/graphql_service_test.yaml @@ -6,11 +6,16 @@ templates: tests: - it: service should render + values: + - "./values_graphql_service.yaml" asserts: - isKind: of: Service - hasDocuments: - count: 1 + count: 2 + - matchRegex: + path: spec.type + pattern: NodePort|ClusterIP - it: should respect spec level parameters values: diff --git a/charts/guac/tests/values_graphql_service.yaml b/charts/guac/tests/values_graphql_service.yaml new file mode 100644 index 0000000..e499bb2 --- /dev/null +++ b/charts/guac/tests/values_graphql_service.yaml @@ -0,0 +1,6 @@ +# Copyright Kusari, Inc. and contributors +# Licensed under the MIT license. See LICENSE file in the project root for details. +guac: + graphqlServer: + service: + createNodePortService: true \ No newline at end of file diff --git a/charts/guac/values.yaml b/charts/guac/values.yaml index 7245041..d6f0fc8 100644 --- a/charts/guac/values.yaml +++ b/charts/guac/values.yaml @@ -65,9 +65,12 @@ imagePullSecrets: ## @param guac.graphqlServer.svcPorts[0].protocol Protocol used at the the GraphQL Server ## @param guac.graphqlServer.svcPorts[0].port Port the GraphQL Server service listens on ## @param guac.graphqlServer.svcPorts[0].targetPort Port the GraphQL Server container listens on +## @param guac.graphqlServer.nodePortSvcPorts [object] NodePort service ports definition ## @param guac.graphqlServer.backend which backend to use - keyvalue (default) | arango | ent. ## @param guac.graphqlServer.debug Enable debug mode for graphql server; also enable the UI ## @param guac.graphqlServer.nodeSelector - sets the node selector for where to run the deployment +## @param guac.graphqlServer.service.createNodePortService - Whether to deploy a NodePort type service + ## @param guac.visualizer.enabled String Whether to deploy the visualizer. ## @param guac.visualizer.name String Name of the visualizer. ## @param guac.visualizer.annotations.reloader.stakater.com/auto [string] Boolean for deploying [stakater/Reloader] (https://github.com/stakater/Reloader) @@ -95,6 +98,7 @@ imagePullSecrets: ## @param guac.apiOnlyIngress.ingressClassName [nullable] Ingress class name for API only ingress ## @param guac.apiOnlyIngress.apiHostname [nullable] DNS name for the GQL API. ## @param guac.apiOnlyIngress.annotations [object] Annotations for the API only ingress object +## @param guac.traefikIngressRoute.enabled Whether to deploy Traefik IngressRoute object ## @param guac.backend.ent.db-driver database driver to use, one of [postgres | sqlite3 | mysql] or anything supported by sql.DB ## @param guac.backend.ent.db-address Full URL of database to connect to ## @param guac.backend.ent.db-migrate Wether to automatically run database migrations on start @@ -106,7 +110,7 @@ guac: guacImage: repository: ghcr.io/guacsec/guac # if not set appVersion field from Chart.yaml is used - # tag: v0.5.0 + # tag: # When digest is set to a non-empty value, images will be pulled by digest (regardless of tag value). digest: "" pullPolicy: IfNotPresent @@ -197,9 +201,16 @@ guac: - protocol: TCP port: 8080 targetPort: 8080 + nodePortSvcPorts: + - protocol: TCP + port: 8080 + targetPort: 8080 + nodePort: 30080 backend: keyvalue debug: true nodeSelector: {} + service: + createNodePortService: false visualizer: enabled: true @@ -244,6 +255,13 @@ guac: # apiHostname: # annotations: + traefikIngressRoute: + enabled: false + # entryPoints: [] + # hostMatchingHeader: + # gqlPath: /query + # apiHostname: + backend: ent: db-driver: postgres @@ -322,7 +340,7 @@ minio: mode: standalone resources: requests: - memory: 1Gi + memory: 500Mi rootUser: "rootUser" rootPassword: "rootPassword" buckets: