Deploy traefik ingressroute (#46)

* add traefik ingressroute Signed-off-by: Sunny Yip <[email protected]> * lower minio mem request Signed-off-by: Sunny Yip <[email protected]> * update ingressroute enable param Signed-off-by: Sunny Yip <[email protected]> * add alb-oidc-secret read role Signed-off-by: Sunny Yip <[email protected]> * undeploy alb secret read role Signed-off-by: Sunny Yip <[email protected]> * clean up ingress yaml Signed-off-by: Sunny Yip <[email protected]> * bump version Signed-off-by: Sunny Yip <[email protected]> * fix white spaces Signed-off-by: Sunny Yip <[email protected]> * fix linting error Signed-off-by: Sunny Yip <[email protected]> * remove traefik ingress defaults Signed-off-by: Sunny Yip <[email protected]> * add support to create nodeport service for gql server Signed-off-by: Sunny Yip <[email protected]> * update README Signed-off-by: Sunny Yip <[email protected]> * check in test values file Signed-off-by: Sunny Yip <[email protected]> * fix linting test Signed-off-by: Sunny Yip <[email protected]> * tidy up test workflow Signed-off-by: Sunny Yip <[email protected]> --------- Signed-off-by: Sunny Yip <[email protected]>
kusaridev · Mar 26, 2024 · 54b076a · 54b076a
1 parent 3266c92
commit 54b076a
Show file tree

Hide file tree

Showing 10 changed files with 110 additions and 6 deletions.
diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml
@@ -37,7 +37,6 @@ jobs:
 
       - name: Add Helm repos
         run: |
-          # helm repo add neo4j https://helm.neo4j.com/neo4j
           helm repo add nats https://nats-io.github.io/k8s/helm/charts
           helm repo add minio https://charts.min.io/
 

diff --git a/charts/guac/Chart.yaml b/charts/guac/Chart.yaml
@@ -9,8 +9,8 @@ maintainers:
     email: [email protected]
 
 type: application
-version: 0.2.7
-appVersion: "v0.5.0"
+version: 0.2.8
+appVersion: "v0.5.1"
 
 dependencies:
 - name: nats

diff --git a/charts/guac/README.md b/charts/guac/README.md
@@ -152,9 +152,11 @@ This section contains parameters for configuring the different GUAC components.
 | `guac.graphqlServer.svcPorts[0].protocol`                      | Protocol used at the the GraphQL Server                                                      | `TCP`                                                   |
 | `guac.graphqlServer.svcPorts[0].port`                          | Port the GraphQL Server service listens on                                                   | `8080`                                                  |
 | `guac.graphqlServer.svcPorts[0].targetPort`                    | Port the GraphQL Server container listens on                                                 | `8080`                                                  |
+| `guac.graphqlServer.nodePortSvcPorts`                          | NodePort service port definition                                                             | `{}`                                                    |
 | `guac.graphqlServer.backend`                                   | which backend to use - keyvalue (default) | arango | ent.                                    | `keyvalue`                                              |
 | `guac.graphqlServer.debug`                                     | Enable debug mode for graphql server; also enable the UI                                     | `true`                                                  |
 | `guac.graphqlServer.nodeSelector`                              | - sets the node selector for where to run the deployment                                     | `{}`                                                    |
+| `guac.graphqlServer.service.createNodePortService`             | - Whether to deploy a NodePort type service                                                  | `false`                                                 |
 | `guac.visualizer.enabled`                                      | String Whether to deploy the visualizer.                                                     | `true`                                                  |
 | `guac.visualizer.name`                                         | String Name of the visualizer.                                                               | `visualizer`                                            |
 | `guac.visualizer.annotations.reloader.stakater.com/auto`       | Boolean for deploying [stakater/Reloader] (https://github.com/stakater/Reloader)             | `""`                                                    |
@@ -182,6 +184,7 @@ This section contains parameters for configuring the different GUAC components.
 | `guac.apiOnlyIngress.ingressClassName`                         | Ingress class name for API only ingress                                                      | `undefined`                                             |
 | `guac.apiOnlyIngress.apiHostname`                              | DNS name for the GQL API.                                                                    | `undefined`                                             |
 | `guac.apiOnlyIngress.annotations`                              | Annotations for the API only ingress object                                                  | `{}`                                                    |
+| `guac.traefikIngressRoute.enabled`                             | Whether to deploy Traefik IngressRoute object                                                | `false`                                                 |
 | `guac.backend.ent.db-driver`                                   | database driver to use, one of [postgres | sqlite3 | mysql] or anything supported by sql.DB  | `postgres`                                              |
 | `guac.backend.ent.db-address`                                  | Full URL of database to connect to                                                           | `postgres://guac:guac@host:port/dbName?sslmode=disable` |
 | `guac.backend.ent.db-migrate`                                  | Wether to automatically run database migrations on start                                     | `true`                                                  |

diff --git a/charts/guac/ci/guac-values.yaml b/charts/guac/ci/guac-values.yaml
@@ -2,3 +2,7 @@
 guac:
   sampleData:
     ingest: true
+
+  graphqlServer:
+    service:
+      createNodePortService: true
diff --git a/charts/guac/schema.json b/charts/guac/schema.json
@@ -410,6 +410,16 @@
                             "type": "object",
                             "description": "- sets the node selector for where to run the deployment",
                             "default": {}
+                        },
+                        "service": {
+                            "type": "object",
+                            "properties": {
+                                "createNodePortService": {
+                                    "type": "boolean",
+                                    "description": "- Whether to deploy a NodePort type service ",
+                                    "default": false
+                                }
+                            }
                         }
                     }
                 },
@@ -553,6 +563,16 @@
                         }
                     }
                 },
+                "traefikIngressRoute": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean",
+                            "description": "Whether to deploy Traefik IngressRoute object",
+                            "default": false
+                        }
+                    }
+                },
                 "backend": {
                     "type": "object",
                     "properties": {

diff --git a/charts/guac/templates/graphql-server-service.yaml b/charts/guac/templates/graphql-server-service.yaml
@@ -12,6 +12,7 @@ metadata:
     app.kubernetes.io/name: {{ .Values.guac.graphqlServer.name }}
     app.kubernetes.io/component: {{ .Values.guac.graphqlServer.name }}
 spec:
+  type: ClusterIP
   selector:
     {{- include "guac.selectorLabels" . | nindent 4 }}
     app.kubernetes.io/name: {{ .Values.guac.graphqlServer.name }}
@@ -21,4 +22,30 @@ spec:
     - {{ . | toYaml | indent 6 | trim }}
   {{- end }}
 {{- end }}
+{{- end }}
+
+{{ if .Values.guac.graphqlServer.enabled }}
+{{- if .Values.guac.graphqlServer.svcPorts }}
+{{ if .Values.guac.graphqlServer.service.createNodePortService }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ .Values.guac.graphqlServer.name }}-nodeport
+  labels:
+    {{- include "guac.labels" . | nindent 4 }}
+    app.kubernetes.io/name: {{ .Values.guac.graphqlServer.name }}
+    app.kubernetes.io/component: {{ .Values.guac.graphqlServer.name }}
+spec:
+  type: NodePort
+  selector:
+    {{- include "guac.selectorLabels" . | nindent 4 }}
+    app.kubernetes.io/name: {{ .Values.guac.graphqlServer.name }}
+    app.kubernetes.io/component: {{ .Values.guac.graphqlServer.name }}
+  ports:
+  {{- range .Values.guac.graphqlServer.nodePortSvcPorts }}
+    - {{ . | toYaml | indent 6 | trim }}
+  {{- end }}
+{{- end }}
+{{- end }}
 {{- end }}
diff --git a/charts/guac/templates/ingressroute.yaml b/charts/guac/templates/ingressroute.yaml
@@ -0,0 +1,22 @@
+{{- if .Values.guac.traefikIngressRoute.enabled -}}
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: {{ .Release.Namespace }}
+  namespace: {{ .Release.Namespace }}
+spec:
+  entryPoints:
+  {{- range .Values.guac.traefikIngressRoute.entryPoints }}
+    - {{ . | toYaml | indent 6 | trim }}
+  {{- end }}
+  routes:
+  - kind: Rule
+    match: (Headers(`{{ .Values.guac.traefikIngressRoute.hostMatchingHeader }}`, `{{ .Values.guac.traefikIngressRoute.apiHostname }}`) && Path(`{{ .Values.guac.traefikIngressRoute.gqlPath }}`))
+    services:
+    - kind: Service
+      name: graphql-server
+      namespace: {{ .Release.Namespace }}
+      port: 8080
+      scheme: http
+{{- end -}}
diff --git a/charts/guac/tests/graphql_service_test.yaml b/charts/guac/tests/graphql_service_test.yaml
@@ -6,11 +6,16 @@ templates:
 
 tests:
   - it: service should render
+    values:
+      - "./values_graphql_service.yaml"
     asserts:
       - isKind:
           of: Service
       - hasDocuments:
-          count: 1
+          count: 2
+      - matchRegex:
+          path: spec.type 
+          pattern: NodePort|ClusterIP
 
   - it: should respect spec level parameters
     values:

diff --git a/charts/guac/tests/values_graphql_service.yaml b/charts/guac/tests/values_graphql_service.yaml
@@ -0,0 +1,6 @@
+# Copyright Kusari, Inc. and contributors
+# Licensed under the MIT license. See LICENSE file in the project root for details.
+guac:
+  graphqlServer:
+    service:
+      createNodePortService: true
diff --git a/charts/guac/values.yaml b/charts/guac/values.yaml
@@ -65,9 +65,12 @@ imagePullSecrets:
 ## @param guac.graphqlServer.svcPorts[0].protocol Protocol used at the the GraphQL Server
 ## @param guac.graphqlServer.svcPorts[0].port Port the GraphQL Server service listens on
 ## @param guac.graphqlServer.svcPorts[0].targetPort Port the GraphQL Server container listens on
+## @param guac.graphqlServer.nodePortSvcPorts [object] NodePort service ports definition
 ## @param guac.graphqlServer.backend which backend to use - keyvalue (default) | arango | ent.
 ## @param guac.graphqlServer.debug Enable debug mode for graphql server; also enable the UI
 ## @param guac.graphqlServer.nodeSelector - sets the node selector for where to run the deployment
+## @param guac.graphqlServer.service.createNodePortService - Whether to deploy a NodePort type service
+
 ## @param guac.visualizer.enabled String Whether to deploy the visualizer.
 ## @param guac.visualizer.name String Name of the visualizer.
 ## @param guac.visualizer.annotations.reloader.stakater.com/auto [string] Boolean for deploying [stakater/Reloader] (https://github.com/stakater/Reloader)
@@ -95,6 +98,7 @@ imagePullSecrets:
 ## @param guac.apiOnlyIngress.ingressClassName [nullable] Ingress class name for API only ingress
 ## @param guac.apiOnlyIngress.apiHostname [nullable] DNS name for the GQL API.
 ## @param guac.apiOnlyIngress.annotations [object] Annotations for the API only ingress object
+## @param guac.traefikIngressRoute.enabled Whether to deploy Traefik IngressRoute object
 ## @param guac.backend.ent.db-driver database driver to use, one of [postgres | sqlite3 | mysql] or anything supported by sql.DB
 ## @param guac.backend.ent.db-address Full URL of database to connect to
 ## @param guac.backend.ent.db-migrate Wether to automatically run database migrations on start
@@ -106,7 +110,7 @@ guac:
   guacImage:
     repository: ghcr.io/guacsec/guac
     # if not set appVersion field from Chart.yaml is used
-    # tag: v0.5.0
+    # tag:
     # When digest is set to a non-empty value, images will be pulled by digest (regardless of tag value).
     digest: ""
     pullPolicy: IfNotPresent
@@ -197,9 +201,16 @@ guac:
       - protocol: TCP
         port: 8080
         targetPort: 8080
+    nodePortSvcPorts:
+      - protocol: TCP
+        port: 8080
+        targetPort: 8080
+        nodePort: 30080
     backend: keyvalue
     debug: true
     nodeSelector: {}
+    service:
+      createNodePortService: false
 
   visualizer:
     enabled: true
@@ -244,6 +255,13 @@ guac:
     # apiHostname:
     # annotations:
 
+  traefikIngressRoute:
+    enabled: false
+    # entryPoints: []
+    # hostMatchingHeader:
+    # gqlPath: /query
+    # apiHostname:
+
   backend:
     ent:
       db-driver: postgres
@@ -322,7 +340,7 @@ minio:
   mode: standalone
   resources:
     requests:
-      memory: 1Gi
+      memory: 500Mi
   rootUser: "rootUser"
   rootPassword: "rootPassword"
   buckets: