Add Istio overlay for UI integration with Central Dashboard

Signed-off-by: Griffin-Sullivan <[email protected]>

clients/ui/manifests/base/model-registry-ui-deployment.yaml

@@ -28,4 +28,12 @@ spec:
           - containerPort: 8080
         env:
           - name: API_URL
-            value: "http://model-registry-bff-service:4000"
+            value: "http://model-registry-bff-service.kubeflow.svc.cluster.local:4000"
+          - name: APP_PREFIX
+            value: /modelRegistry
+          - name: USERID_HEADER
+            value: kubeflow-userid
+          - name: USERID_PREFIX
+            value: /modelRegistry
+          - name: APP_SECURE_COOKIES
+            value: $(VWA_APP_SECURE_COOKIES)

clients/ui/manifests/overlays/istio/authorization-policy.yaml

@@ -0,0 +1,33 @@
+---
+apiVersion: security.istio.io/v1beta1
+kind: AuthorizationPolicy
+metadata:
+  name: model-registry-ui
+  namespace: kubeflow
+spec:
+  action: ALLOW
+  rules:
+  - from:
+    - source:
+        principals:
+        - cluster.local/ns/istio-system/sa/istio-ingressgateway-service-account
+  selector:
+    matchLabels:
+      app: model-registry-ui
+
+---
+apiVersion: security.istio.io/v1beta1
+kind: AuthorizationPolicy
+metadata:
+  name: model-registry-bff
+  namespace: kubeflow
+spec:
+  action: ALLOW
+  rules:
+    - from:
+        - source:
+            principals:
+              - cluster.local/ns/istio-system/sa/istio-ingressgateway-service-account
+  selector:
+    matchLabels:
+      app: model-registry-bff

clients/ui/manifests/overlays/istio/destination-rule.yaml

@@ -0,0 +1,23 @@
+---
+apiVersion: networking.istio.io/v1alpha3
+kind: DestinationRule
+metadata:
+  name: model-registry-ui
+  namespace: kubeflow
+spec:
+  host: model-registry-ui-service.kubeflow.svc.cluster.local
+  trafficPolicy:
+    tls:
+      mode: ISTIO_MUTUAL
+
+---
+apiVersion: networking.istio.io/v1alpha3
+kind: DestinationRule
+metadata:
+  name: model-registry-bff
+  namespace: kubeflow
+spec:
+  host: model-registry-bff-service.kubeflow.svc.cluster.local
+  trafficPolicy:
+    tls:
+      mode: ISTIO_MUTUAL

clients/ui/manifests/overlays/istio/kustomization.yaml

@@ -0,0 +1,13 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- ../../base
+- virtual-service.yaml
+- authorization-policy.yaml
+- destination-rule.yaml
+namespace: kubeflow
+commonLabels:
+  app: model-registry-ui
+  kustomize.component: model-registry-ui
+configurations:
+- params.yaml

clients/ui/manifests/overlays/istio/params.yaml

@@ -0,0 +1,3 @@
+varReference:
+- path: spec/http/route/destination/host
+  kind: VirtualService

clients/ui/manifests/overlays/istio/virtual-service.yaml

@@ -0,0 +1,56 @@
+
+apiVersion: networking.istio.io/v1alpha3
+kind: VirtualService
+metadata:
+  name: model-registry-ui
+  namespace: kubeflow
+spec:
+  gateways:
+    - kubeflow-gateway
+  hosts:
+    - '*'
+  http:
+    # Rule for the main application path
+    - match:
+        - uri:
+            prefix: /modelRegistry/
+      rewrite:
+        uri: /
+      headers:
+        request:
+          add:
+            x-forwarded-prefix: /modelRegistry
+      route:
+        - destination:
+            host: model-registry-ui-service.kubeflow.svc.cluster.local
+            port:
+              number: 8080
+
+    # Rules for static assets
+    - match:
+        - uri:
+            exact: /main.bundle.js
+      route:
+        - destination:
+            host: model-registry-ui-service.kubeflow.svc.cluster.local
+            port:
+              number: 8080
+
+    - match:
+        - uri:
+            exact: /styles.css
+      route:
+        - destination:
+            host: model-registry-ui-service.kubeflow.svc.cluster.local
+            port:
+              number: 8080
+
+    # Add additional static assets as needed
+    - match:
+        - uri:
+            prefix: /static/
+      route:
+        - destination:
+            host: model-registry-ui-service.kubeflow.svc.cluster.local
+            port:
+              number: 8080