feat: Adding platform ingress (#476)

- **Remove `platform` root element** - **Point to single proxy port `3000`** - **Adding ingress**
cloudquery · Dec 5, 2024 · 73c8061 · 73c8061
1 parent 6355632
commit 73c8061
Show file tree

Hide file tree

Showing 10 changed files with 384 additions and 169 deletions.
diff --git a/charts/platform/README.md b/charts/platform/README.md
@@ -4,27 +4,92 @@ Helm chart for installing the CloudQuery self-hosted platform
 
 ![Version: 0.1.2](https://img.shields.io/badge/Version-0.1.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.14.2](https://img.shields.io/badge/AppVersion-0.14.2-informational?style=flat-square)
 
-## Installing the Chart
+## Quickstart
 
-First create a `secrets.yaml` file with the following content:
+The following shows how to install the chart in a local [kind](https://kind.sigs.k8s.io/) cluster, configured to expose ports 80 and 443 on the host machine for ingress.
+
+First create a `kind.config` file with the following content:
+
+```console
+cat <<EOF > kind.config
+kind: Cluster
+apiVersion: kind.x-k8s.io/v1alpha4
+nodes:
+  - role: control-plane
+    kubeadmConfigPatches:
+      - |
+        kind: InitConfiguration
+        nodeRegistration:
+          kubeletExtraArgs:
+            node-labels: "ingress-ready=true"
+    extraPortMappings:
+      - containerPort: 80
+        hostPort: 80
+        protocol: TCP
+      - containerPort: 443
+        hostPort: 443
+        protocol: TCP
+EOF
+```
+
+Create the kind cluster:
+
+```console
+kind create cluster --config kind.config
+```
+
+Install the NGINX Ingress Controller:
+
+```console
+kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/kind/deploy.yaml
+```
+
+Wait for the ingress controller to be ready:
+
+```console
+kubectl wait --namespace ingress-nginx --for=condition=ready pod --selector=app.kubernetes.io/component=controller --timeout=120s
+```
+
+Create a `secrets.yaml` file with the following content, replacing `<activation_key>`, `<postgres_dsn>`, and `<clickhouse_dsn>` with the appropriate values:
 
 ```console
 cat <<EOF > secrets.yml
-platform:
-  activationKey: "<activation_key>"
-  externalDependencies:
-    postgresql_dsn: "<postgres_dsn>"
-    clickhouse_dsn: "<clickhouse_dsn>"
+activationKey: "<activation_key>"
+externalDependencies:
+  postgresql_dsn: "<postgres_dsn>"
+  clickhouse_dsn: "<clickhouse_dsn>"
 EOF
 ```
 
+Create an `ingress.yaml` file with the following content:
+
+```console
+ingress:
+  enabled: true
+  annotations:
+    kubernetes.io/ingress.class: nginx
+  hosts:
+    - host: local.cloudquery.io
+      paths:
+        - path: /
+          pathType: ImplementationSpecific
+```
+
 To install the chart with the release name `platform`:
 
 ```console
 $ helm repo add cloudquery https://cloudquery.github.io/helm-charts/
-$ helm install platform -n cloudquery --create-namespace cloudquery/platform --values ./secrets.yml
+$ helm install platform -n cloudquery --create-namespace cloudquery/platform --values ./secrets.yml --values ./ingress.yml
+```
+
+To access the cloudquery platform, add the following line to your `/etc/hosts` file:
+
+```console
+127.0.0.1 local.cloudquery.io
 ```
 
+The cloudquery platform should now be available at [http://local.cloudquery.io](http://local.cloudquery.io).
+
 ## Requirements
 
 | Repository | Name | Version |
@@ -35,35 +100,42 @@ $ helm install platform -n cloudquery --create-namespace cloudquery/platform --v
 
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
+| activationKey | string | `""` | Activation key for the self-hosted platform |
+| containerSecurityContext | object | `{}` | Specify the container-level security context |
 | debug.enabled | bool | `false` | Optional. Enable debug mode. |
-| platform.activationKey | string | `""` | Activation key for the self-hosted platform |
-| platform.containerSecurityContext | object | `{}` | Specify the container-level security context |
-| platform.externalDependencies.clickhouse_dsn | string | `""` | Required: The DSN for the ClickHouse database |
-| platform.externalDependencies.postgresql_dsn | string | `""` | Required: The DSN for the Postgres database |
-| platform.fullNameOverride | string | `""` | Override the full name |
-| platform.image.pullPolicy | string | `"IfNotPresent"` |  |
-| platform.image.repository | string | `"us-east1-docker.pkg.dev/cq-cloud-prod/platform/full"` | The image repository to pull from |
-| platform.image.tag | string | `nil` | Overrides the image tag whose default is the chart appVersion |
-| platform.livenessProbe.httpGet.path | string | `"/"` |  |
-| platform.livenessProbe.httpGet.port | string | `"api"` |  |
-| platform.livenessProbe.periodSeconds | int | `60` |  |
-| platform.nameOverride | string | `""` | Override the default name |
-| platform.podAnnotations | object | `{}` | Addition pod annotations |
-| platform.podLabels | object | `{}` | Addition pod labels |
-| platform.podSecurityContext | object | `{}` | Specify the pod-level security context |
-| platform.readinessProbe.httpGet.path | string | `"/"` |  |
-| platform.readinessProbe.httpGet.port | string | `"api"` |  |
-| platform.readinessProbe.periodSeconds | int | `30` |  |
-| platform.replicaCount | int | `1` | The number of replicas to deploy |
-| platform.resources | object | `{}` | Deployment resources |
-| platform.service | object | `{"apiPort":4444,"apiType":"ClusterIP","storagePort":4445,"storageType":"ClusterIP","uiPort":3000,"uiType":"ClusterIP"}` | Specify the ports the container exposes |
-| platform.serviceAccount.annotations | object | `{}` |  |
-| platform.serviceAccount.automount | bool | `true` |  |
-| platform.serviceAccount.create | bool | `false` |  |
-| platform.serviceAccount.name | string | `""` |  |
-| platform.volumeMounts | list | `[]` | Additional volumeMounts on the output Deployment definition. |
-| platform.volumes | list | `[]` | Additional volumes on the output Deployment definition. |
+| externalDependencies.clickhouse_dsn | string | `""` | Required: The DSN for the ClickHouse database |
+| externalDependencies.postgresql_dsn | string | `""` | Required: The DSN for the Postgres database |
+| fullNameOverride | string | `""` | Override the full name |
+| image.pullPolicy | string | `"IfNotPresent"` |  |
+| image.repository | string | `"us-east1-docker.pkg.dev/cq-cloud-prod/platform/full"` | The image repository to pull from |
+| image.tag | string | `nil` | Overrides the image tag whose default is the chart appVersion |
+| ingress.annotations | object | `{}` |  |
+| ingress.className | string | `""` |  |
+| ingress.enabled | bool | `false` | Optional. Enable ingress. |
+| ingress.hosts[0].host | string | `"local.cloudquery.io"` |  |
+| ingress.hosts[0].paths[0].path | string | `"/"` |  |
+| ingress.hosts[0].paths[0].pathType | string | `"ImplementationSpecific"` |  |
+| ingress.tls | list | `[]` |  |
+| livenessProbe.httpGet.path | string | `"/"` |  |
+| livenessProbe.httpGet.port | string | `"api"` |  |
+| livenessProbe.periodSeconds | int | `60` |  |
+| nameOverride | string | `""` | Override the default name |
+| podAnnotations | object | `{}` | Addition pod annotations |
+| podLabels | object | `{}` | Addition pod labels |
+| podSecurityContext | object | `{}` | Specify the pod-level security context |
+| readinessProbe.httpGet.path | string | `"/"` |  |
+| readinessProbe.httpGet.port | string | `"api"` |  |
+| readinessProbe.periodSeconds | int | `30` |  |
 | redis | object | `{"auth":{"enabled":false},"enabled":true}` | Redis configuration |
+| replicaCount | int | `1` | The number of replicas to deploy |
+| resources | object | `{}` | Deployment resources |
+| service | object | `{"apiPort":4444,"apiType":"ClusterIP","proxyPort":3000,"proxyType":"ClusterIP","storagePort":4445,"storageType":"ClusterIP","uiPort":3001,"uiType":"ClusterIP"}` | Specify the ports the container exposes |
+| serviceAccount.annotations | object | `{}` |  |
+| serviceAccount.automount | bool | `true` |  |
+| serviceAccount.create | bool | `false` |  |
+| serviceAccount.name | string | `""` |  |
+| volumeMounts | list | `[]` | Additional volumeMounts on the output Deployment definition. |
+| volumes | list | `[]` | Additional volumes on the output Deployment definition. |
 
 ----------------------------------------------
 Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0)
diff --git a/charts/platform/README.md.gotmpl b/charts/platform/README.md.gotmpl
@@ -3,27 +3,92 @@
 
 {{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }}
 
-## Installing the Chart
+## Quickstart
 
-First create a `secrets.yaml` file with the following content:
+The following shows how to install the chart in a local [kind](https://kind.sigs.k8s.io/) cluster, configured to expose ports 80 and 443 on the host machine for ingress.
+
+First create a `kind.config` file with the following content:
+
+```console
+cat <<EOF > kind.config
+kind: Cluster
+apiVersion: kind.x-k8s.io/v1alpha4
+nodes:
+  - role: control-plane
+    kubeadmConfigPatches:
+      - |
+        kind: InitConfiguration
+        nodeRegistration:
+          kubeletExtraArgs:
+            node-labels: "ingress-ready=true"
+    extraPortMappings:
+      - containerPort: 80
+        hostPort: 80
+        protocol: TCP
+      - containerPort: 443
+        hostPort: 443
+        protocol: TCP
+EOF
+```
+
+Create the kind cluster:
+
+```console
+kind create cluster --config kind.config
+```
+
+Install the NGINX Ingress Controller:
+
+```console
+kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/kind/deploy.yaml
+```
+
+Wait for the ingress controller to be ready:
+
+```console
+kubectl wait --namespace ingress-nginx --for=condition=ready pod --selector=app.kubernetes.io/component=controller --timeout=120s
+```
+
+Create a `secrets.yaml` file with the following content, replacing `<activation_key>`, `<postgres_dsn>`, and `<clickhouse_dsn>` with the appropriate values:
 
 ```console
 cat <<EOF > secrets.yml
-platform:
-  activationKey: "<activation_key>"
-  externalDependencies:
-    postgresql_dsn: "<postgres_dsn>"
-    clickhouse_dsn: "<clickhouse_dsn>"
+activationKey: "<activation_key>"
+externalDependencies:
+  postgresql_dsn: "<postgres_dsn>"
+  clickhouse_dsn: "<clickhouse_dsn>"
 EOF
 ```
 
+Create an `ingress.yaml` file with the following content:
+
+```console
+ingress:
+  enabled: true
+  annotations:
+    kubernetes.io/ingress.class: nginx
+  hosts:
+    - host: local.cloudquery.io
+      paths:
+        - path: /
+          pathType: ImplementationSpecific
+```
+
 To install the chart with the release name `platform`:
 
 ```console
 $ helm repo add cloudquery https://cloudquery.github.io/helm-charts/
-$ helm install platform -n cloudquery --create-namespace cloudquery/{{ template "chart.name" . }} --values ./secrets.yml
+$ helm install platform -n cloudquery --create-namespace cloudquery/{{ template "chart.name" . }} --values ./secrets.yml --values ./ingress.yml
+```
+
+To access the cloudquery platform, add the following line to your `/etc/hosts` file:
+
+```console
+127.0.0.1 local.cloudquery.io
 ```
 
+The cloudquery platform should now be available at [http://local.cloudquery.io](http://local.cloudquery.io).
+
 {{ template "chart.requirementsSection" . }}
 
 {{ template "chart.valuesSection" . }}

diff --git a/charts/platform/ci/test-values.yaml b/charts/platform/ci/test-values.yaml
@@ -1,5 +1,4 @@
-platform:
-  externalDependencies:
-    # 172.17.0.1 is the default gateway for the docker0 bridge network
-    postgresql_dsn: "postgres://postgres:[email protected]:5432/postgres?sslmode=disable"
-    clickhouse_dsn: "clickhouse://user:[email protected]:9000/assets"
+externalDependencies:
+  # 172.17.0.1 is the default gateway for the docker0 bridge network
+  postgresql_dsn: "postgres://postgres:[email protected]:5432/postgres?sslmode=disable"
+  clickhouse_dsn: "clickhouse://user:[email protected]:9000/assets"
diff --git a/charts/platform/templates/NOTES.txt b/charts/platform/templates/NOTES.txt
@@ -1,8 +1,23 @@
-The CloudQuery Platform UI can be accessed via port {{ .Values.platform.service.uiPort }} and the API server via port {{ .Values.platform.service.apiPort }}.
+# Pod Access
 
-1. Setup port forwarding to access the UI and API servers by doing the following:
+The CloudQuery Platform UI can be accessed directly via the pod on port {{ .Values.service.proxyPort }}.
+
+1. Setup port forwarding to access the UI by doing the following:
 
    export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "platform.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
-   kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 3000 4444
+   kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 3000
 
 2. Visit the UI on http://localhost:3000 using username `admin@localhost` and initial password of `pass`
+
+{{ if .Values.ingress.enabled }}
+# Ingress Access
+
+The CloudQuery Platform UI can be accessed via the following ingress endpoints:
+
+{{ range $host := .Values.ingress.hosts }}
+  {{- range .paths }}
+  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }}
+  {{- end }}
+{{- end }}
+
+{{- end }}
diff --git a/charts/platform/templates/_helpers.tpl b/charts/platform/templates/_helpers.tpl
@@ -2,7 +2,7 @@
 Expand the name of the chart.
 */}}
 {{- define "platform.name" -}}
-{{- default .Chart.Name .Values.platform.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
 {{- end }}
 
 {{/*
@@ -11,10 +11,10 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this
 If release name contains chart name it will be used as a full name.
 */}}
 {{- define "platform.fullName" -}}
-{{- if .Values.platform.fullNameOverride }}
-{{- .Values.platform.fullNameOverride | trunc 63 | trimSuffix "-" }}
+{{- if .Values.fullNameOverride }}
+{{- .Values.fullNameOverride | trunc 63 | trimSuffix "-" }}
 {{- else }}
-{{- $name := default .Chart.Name .Values.platform.nameOverride }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
 {{- if contains $name .Release.Name }}
 {{- .Release.Name | trunc 63 | trimSuffix "-" }}
 {{- else }}
@@ -54,16 +54,16 @@ app.kubernetes.io/instance: {{ .Release.Name }}
 Create the name of the service account to use
 */}}
 {{- define "platform.serviceAccount" -}}
-{{- if .Values.platform.serviceAccount.create }}
-{{- default (include "platform.fullName" .) .Values.platform.serviceAccount.name }}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "platform.fullName" .) .Values.serviceAccount.name }}
 {{- else }}
-{{- default "default" .Values.platform.serviceAccount.name }}
+{{- default "default" .Values.serviceAccount.name }}
 {{- end }}
 {{- end }}
 
 {{/*
 Return the image to use depending on the AppVersion and image tag defined
 */}}
 {{- define "platform.image" -}}
-{{ .Values.platform.image.repository }}:{{ if .Values.platform.image.tag }}{{ .Values.platform.image.tag }}{{ else }}v{{ .Chart.AppVersion }}{{ end }}
+{{ .Values.image.repository }}:{{ if .Values.image.tag }}{{ .Values.image.tag }}{{ else }}v{{ .Chart.AppVersion }}{{ end }}
 {{- end }}