Ingress feature for nopo11y-stack (#23)

* Added istio common ingress helm chart

* Removed nopo11y-health-check ingress, added it in nopo11y-ingress

* Updated chart version to 1.4.0 from 1.3.1

* Updated max item limit to 500 from 20

* Added helper function to get service name, path and port of all nopo11y component

* Added nopo11y_ingress values and removed nopo11y health check ingress option

* Added istio and nginx ingress config for nopo11y component access

* Removed istio-common-ingress

* Updated the description for the ingress values

* Added indentation

* Changed default ingress type to istio

* Updated logic for kiali path

* Added double qoute for ingress type

* Corrected istio gateway api version

charts/nopo11y-stack/Chart.yaml

@@ -44,4 +44,4 @@ dependencies:
 description: A Helm chart for observability stack
 name: nopo11y-stack
 type: application
-version: 1.3.1
+version: 1.4.0

charts/nopo11y-stack/dashboards/home.json

@@ -36,7 +36,7 @@
         },
         "id": 4,
         "options": {
-          "maxItems": 20,
+          "maxItems": 500,
           "query": "",
           "showHeadings": false,
           "showRecentlyViewed": false,

charts/nopo11y-stack/templates/_helpers.tpl

@@ -6,4 +6,105 @@
 {{- define "kuberhealthy-url" -}}
 {{ $port:= .Values.kuberhealthy.service.externalPort |int }}
 {{- printf "%s:%d"  (include "kuberhealthy.name" .Subcharts.kuberhealthy) $port -}}
+{{- end -}}
+
+{{- define "nopo11y.services" -}}
+
+    {{- if .Values.nopo11y_ingress.enabled }}
+        {{- $servicesList:= list }}
+
+        {{- $prometheus:= dict }}
+        {{- $prometheus = set $prometheus "name" (printf "%s-prometheus" (include "kube-prometheus-stack.fullname" (index .Subcharts "kube-prometheus-stack"))) }}
+        {{- $port:= (index .Values "kube-prometheus-stack" "prometheus" "service" "port") |int }}
+        {{- $path:= (index .Values "kube-prometheus-stack" "prometheus" "prometheusSpec" "routePrefix") }}
+        {{- $prometheus = set $prometheus "port" $port }}
+        {{- if ne $path "/" }}
+            {{- $prometheus = set $prometheus "path" $path }}
+            {{- $servicesList = append $servicesList $prometheus }}
+        {{- end }}
+
+        {{- if (index .Values "kube-prometheus-stack" "grafana" "enabled" ) }}
+            {{- $grafana:= dict }}
+            {{- $path:= "" }}
+            {{- if hasKey (index .Values "kube-prometheus-stack" "grafana" "grafana.ini" "server") "root_url" }}
+                {{- $path = (urlParse (index .Values "kube-prometheus-stack" "grafana" "grafana.ini" "server" "root_url")).path }}
+            {{- end }}
+            {{- $port:= (index .Values "kube-prometheus-stack" "grafana" "service" "port") |int }}
+            {{- $grafana = set $grafana "name" (printf "%s" (include "grafana.fullname" (index .Subcharts "kube-prometheus-stack").Subcharts.grafana)) }}
+            {{- $grafana = set $grafana "port" (printf "%d" $port) }}
+            {{- if ne $path "" }}
+                {{- $grafana = set $grafana "path" (trimSuffix "/" $path) }}
+                {{- $servicesList = append $servicesList $grafana }}
+            {{- end }}
+        {{- end }}
+
+        {{- if (index .Values "kube-prometheus-stack" "alertmanager" "enabled" ) }}
+            {{- $alertmanager:= dict }}
+            {{- $alertmanager = set $alertmanager "name" (printf "%s-alertmanager" (include "kube-prometheus-stack.fullname" (index .Subcharts "kube-prometheus-stack"))) }}
+            {{- $port:= (index .Values "kube-prometheus-stack" "alertmanager" "service" "port") |int }}
+            {{- $path:= (index .Values "kube-prometheus-stack" "alertmanager" "alertmanagerSpec" "routePrefix") }}
+            {{- $alertmanager = set $alertmanager "port" (printf "%d" $port) }}
+            {{- if ne $path "/" }}
+                {{- $alertmanager = set $alertmanager "path" $path }}
+                {{- $servicesList = append $servicesList $alertmanager }}
+            {{- end }}
+        {{- end }}
+
+        {{- if .Values.thanos.enabled }}
+            {{- if .Values.thanos.query.enabled }}
+                {{- $query:= dict }}
+                {{- $query = set $query "name" (printf "%s-query" (include "common.names.fullname" .Subcharts.thanos)) }}
+                {{- $query = set $query "port" .Values.thanos.query.service.ports.http }}
+                {{- $path:= "" }}
+                {{- if .Values.thanos.query.extraFlags }}
+                    {{- range .Values.thanos.query.extraFlags }}
+                        {{- if contains "--web.route-prefix" . }}
+                            {{- $path = (trimPrefix "--web.route-prefix=" . ) }}
+                        {{- end }}
+                    {{- end }}
+                {{- end }}
+                {{- if ne $path "" }}
+                    {{- $query = set $query "path" $path }}
+                    {{- $servicesList = append $servicesList $query }}
+                {{- end }}
+            {{- end }}
+        {{- end }}
+
+
+        {{- if (index .Values "kiali-server" "enabled") }}
+            {{- $kiali:= dict }}
+            {{- $kiali = set $kiali "name" (printf "%s" (include "kiali-server.fullname" (index .Subcharts "kiali-server"))) }}
+            {{- $kiali = set $kiali "port" .Values.kiali.server.port }}
+            {{- if (index .Values "kiali-server" "server" "web_root") }}
+                {{- if ne (index .Values "kiali-server" "server" "web_root") "/" }}
+                    {{- $kiali = set $kiali "path" (index .Values "kiali-server" "server" "web_root") }}
+                    {{- $servicesList = append $servicesList $kiali }}
+                {{- end }}
+            {{- else }}
+                {{- $kiali = set $kiali "path" "/kiali" }}
+                {{- $servicesList = append $servicesList $kiali }}
+            {{- end }}
+        {{- end }}
+
+        {{- if .Values.jaeger.enabled}}
+            {{- $jaeger:= dict }}
+            {{- $jaeger = set $jaeger "name" (printf "%s-tracing" .Release.Name) }}
+            {{- $jaeger = set $jaeger "port" 80 }}
+            {{- $jaeger = set $jaeger "path" .Values.jaeger.jaeger.pathPrefix }}
+            {{- $servicesList = append $servicesList $jaeger }}
+        {{- end }}
+
+        {{- if .Values.kuberhealthy.enabled }}
+            {{- $kuberhealthy:= dict }}
+            {{- $kuberhealthy = set $kuberhealthy "name" (printf "%s" (include "kuberhealthy.name" .Subcharts.kuberhealthy)) }}
+            {{- $kuberhealthy = set $kuberhealthy "port" .Values.kuberhealthy.service.externalPort }}
+            {{- $kuberhealthy = set $kuberhealthy "path" "/nopo11y-health-check" }}
+            {{- $kuberhealthy = set $kuberhealthy "rewritePath" "/" }}
+            {{- $servicesList = append $servicesList $kuberhealthy }}
+        {{- end }}
+
+        {{- toJson $servicesList }}
+
+    {{- end }}
+
 {{- end -}}

charts/nopo11y-stack/templates/istio-gateway.yaml

@@ -0,0 +1,37 @@
+{{- if and (.Values.nopo11y_ingress.enabled) (eq .Values.nopo11y_ingress.type "istio") }}
+{{- if gt (len (include "nopo11y.services" . |fromJsonArray)) 0 }}
+{{- if and (.Values.nopo11y_ingress.tls.enabled) (not .Values.nopo11y_ingress.host) }}
+{{- fail "if nopo11y_ingress tls is enabled then host is required host can not be empty" }}
+{{- end }}
+apiVersion: networking.istio.io/v1beta1
+kind: Gateway
+metadata:
+  name: {{ .Release.Name }}-gateway
+  namespace: {{ .Release.Namespace }}
+spec:
+  selector:
+    {{- toYaml .Values.nopo11y_ingress.istioGatewaySelector |nindent 4 }}
+  servers:
+  - port:
+      {{- if $.Values.nopo11y_ingress.tls.enabled  }}
+      number: 443
+      name: https
+      protocol: HTTPS
+      {{- else }}
+      number: 80
+      name: http
+      protocol: HTTP
+      {{- end }}
+    hosts:
+    {{- if .Values.nopo11y_ingress.host }}
+    - {{ .Values.nopo11y_ingress.host |quote }}
+    {{- else }}
+    - "*"
+    {{- end }}
+    {{- if .Values.nopo11y_ingress.tls.enabled }}
+    tls:
+      mode: SIMPLE
+      credentialName: {{ $.Release.Name }}-{{ $.Release.Namespace }}-tls-secret
+    {{- end }}
+{{- end }}
+{{- end }}

charts/nopo11y-stack/templates/istio-secret.yaml

@@ -0,0 +1,20 @@
+{{- if and (.Values.nopo11y_ingress.enabled) (eq .Values.nopo11y_ingress.type "istio") }}
+{{- if .Values.nopo11y_ingress.tls.enabled }}
+{{- if gt (len (include "nopo11y.services" . |fromJsonArray)) 0 }}
+{{- if or (not .Values.nopo11y_ingress.tls.tlsKey) (not .Values.nopo11y_ingress.tls.tlsCert) }}
+{{- fail "If tls is enaled for nopo11y_ingress then tls.tlsKey and tls.tlsCert can not be empyt" }}
+{{- end }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .Release.Name }}-{{ .Release.Namespace }}-tls-secret
+  namespace: {{ .Values.nopo11y_ingress.istioNamespace }}
+type: kubernetes.io/tls
+data:
+  tls.crt: |
+    {{ .Values.nopo11y_ingress.tls.tlsCert  }}
+  tls.key: |
+    {{ .Values.nopo11y_ingress.tls.tlsKey }}
+{{- end }}
+{{- end }}
+{{- end }}

charts/nopo11y-stack/templates/istio-virtual-service.yaml

@@ -0,0 +1,33 @@
+{{- if and (.Values.nopo11y_ingress.enabled) (eq .Values.nopo11y_ingress.type "istio") }}
+{{- if gt (len (include "nopo11y.services" . |fromJsonArray)) 0 }}
+apiVersion: networking.istio.io/v1beta1
+kind: VirtualService
+metadata:
+  name: {{ .Release.Name }}-vs
+  namespace: {{ .Release.Namespace }}
+spec:
+  hosts:
+  {{- if .Values.nopo11y_ingress.host }}
+  - {{ .Values.nopo11y_ingress.host |quote }}
+  {{- else }}
+  - "*"
+  {{- end }}
+  gateways:
+  - {{ $.Release.Name }}-gateway
+  http:
+  {{- range (include "nopo11y.services" . |fromJsonArray) }}
+  - match:
+    - uri:
+        prefix: {{ .path }}
+    {{- if hasKey . "rewritePath"}}
+    rewrite:
+      uri: {{ .rewritePath }}
+    {{- end }}
+    route:
+    - destination:
+        host: {{ .name }}
+        port:
+          number: {{ .port }}
+  {{- end }}
+{{- end }}
+{{- end }}

charts/nopo11y-stack/templates/nginx-ingress.yaml

@@ -0,0 +1,56 @@
+{{- if and (.Values.nopo11y_ingress.enabled) (eq .Values.nopo11y_ingress.type "nginx") }}
+{{- if gt (len (include "nopo11y.services" . |fromJsonArray)) 0 }}
+{{- if and (.Values.nopo11y_ingress.tls.enabled) (not .Values.nopo11y_ingress.host) }}
+{{- fail "if nopo11y_ingress tls is enabled host is required host can not be empty" }}
+{{- end }}
+{{- range (include "nopo11y.services" . |fromJsonArray) }}
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: {{ .name }}-ingress
+  namespace: {{ $.Release.Namespace }}
+  {{- if hasKey . "rewritePath" }}
+  {{- if contains "nopo11y-health-check" .path }}
+  annotations:
+    kubernetes.io/ingress.class: nginx
+    nginx.ingress.kubernetes.io/rewrite-target: /
+    nginx.ingress.kubernetes.io/add-base-url : "true"
+  {{- end }}
+  {{- else }}
+  annotations:
+    nginx.ingress.kubernetes.io/rewrite-target: /$1$2
+    nginx.ingress.kubernetes.io/ssl-redirect: "false"
+    nginx.ingress.kubernetes.io/use-regex: "true"
+  {{- end }}
+spec:
+  {{- if $.Values.nopo11y_ingress.tls.enabled }}
+  tls:
+  - hosts:
+    - {{ $.Values.nopo11y_ingress.host |quote }}
+    secretName: {{ $.Release.Name }}-{{ $.Release.Namespace }}-tls-secret
+  {{- end }}
+  ingressClassName: nginx
+  rules:
+    {{- if $.Values.nopo11y_ingress.host }}
+  - host: {{ $.Values.nopo11y_ingress.host }}
+    http:
+    {{- else }}
+  - http:
+    {{- end }}
+      paths:
+      {{- $path:= (trimPrefix "/" .path) }}
+      {{- if contains "nopo11y-health-check" .path }}
+      - path: {{ .path }}
+      {{- else }}
+      - path: "/({{ $path }})(/.*){0,}"
+      {{- end }}
+        pathType: Prefix
+        backend:
+          service:
+            name: {{ .name }}
+            port:
+              number: {{ .port }}
+---
+{{- end }}
+{{- end }}
+{{- end }}

charts/nopo11y-stack/templates/nginx-secret.yaml

@@ -0,0 +1,20 @@
+{{- if and (.Values.nopo11y_ingress.enabled) (eq .Values.nopo11y_ingress.type "nginx") }}
+{{- if gt (len (include "nopo11y.services" . |fromJsonArray)) 0 }}
+{{- if .Values.nopo11y_ingress.tls.enabled }}
+{{- if or (not .Values.nopo11y_ingress.tls.tlsKey) (not .Values.nopo11y_ingress.tls.tlsCert) }}
+{{- fail "If tls is enaled for nopo11y_ingress then tls.tlsKey and tls.tlsCert can not be empyt" }}
+{{- end }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .Release.Name }}-{{ .Release.Namespace }}-tls-secret
+  namespace: {{ .Release.Namespace }}
+type: kubernetes.io/tls
+data:
+  tls.crt: |
+    {{ .Values.nopo11y_ingress.tls.tlsCert }}
+  tls.key: |
+    {{ .Values.nopo11y_ingress.tls.tlsKey }}
+{{- end }}
+{{- end }}
+{{- end }}

charts/nopo11y-stack/values.yaml

@@ -16015,8 +16015,6 @@ kuberhealthy:
 
 ### Nopo11y-health-check
 nopo11y_health_check:
-  ingress:
-    enabled: false
   checks: []
   # - name: test
   #   image: ghcr.io/znsio/nopo11y/system_health_check:1.0
@@ -16126,3 +16124,23 @@ nopo11y-operator:
   tolerations: []
 
   affinity: {}
+
+## Ingress for nopo11y-stack components 
+nopo11y_ingress:
+  ## enable or disable ingress for nopo11y-stack components, the default it is disabled
+  enabled: false
+  ## Ingress type either istio or nginx, the default is istio
+  type: "istio"
+  ## DNS or host name to access nopo11y-stack components with.
+  host: ""
+  ## istio gateway selector to select which istio gateway to use.
+  ## if you set ingress type to istio, check the lables of your istio ingress gateway pod and add it as istioGatewaySelector
+  istioGatewaySelector: {}
+    # app: gateway
+  ## if you set ingress type to istio then istio namespace is required, the default is istio-system
+  istioNamespace: "istio-system"
+  ## TLS section for ingress
+  tls:
+    enabled: false
+    tlsKey: ""
+    tlsCert: ""