Add gateway and keda support to kafka-ui

Signed-off-by: Tamal Saha <[email protected]>
kubedb · Sep 10, 2024 · a11732a · a11732a
1 parent 05d1691
commit a11732a
Show file tree

Hide file tree

Showing 9 changed files with 272 additions and 226 deletions.
diff --git a/charts/kafka-ui/README.md b/charts/kafka-ui/README.md
diff --git a/charts/kafka-ui/artifacthub-repo.yml b/charts/kafka-ui/artifacthub-repo.yml
diff --git a/charts/kafka-ui/index.yaml b/charts/kafka-ui/index.yaml
diff --git a/charts/kafka-ui/templates/NOTES.txt b/charts/kafka-ui/templates/NOTES.txt
@@ -1,21 +0,0 @@
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range $host := .Values.ingress.hosts }}
-  {{- range .paths }}
-  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ . }}
-  {{- end }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
-  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "kafka-ui.fullname" . }})
-  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
-  echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
-     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
-           You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "kafka-ui.fullname" . }}'
-  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "kafka-ui.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
-  echo http://$SERVICE_IP:{{ .Values.service.port }}
-{{- else if contains "ClusterIP" .Values.service.type }}
-  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "kafka-ui.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
-  echo "Visit http://127.0.0.1:8080 to use your application"
-  kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:8080
-{{- end }}

diff --git a/charts/kafka-ui/templates/_helpers.tpl b/charts/kafka-ui/templates/_helpers.tpl
@@ -82,3 +82,21 @@ This allows us to check if the registry of the image is specified or not.
 {{- end }}
 {{- end -}}
 
+{{/*
+Fake keda hostname
+*/}}
+{{- define "keda.hostname" -}}
+{{- printf "pgadmin.%s.%s.%s.%s.kubedb.test" .Values.bind.name .Values.bind.namespace .Values.app.service.name .Values.app.service.namespace | quote }}
+{{- end }}
+
+{{- define "image.dockerHub" -}}
+{{ list .Values.proxies.dockerHub ._repo | compact | join "/" }}
+{{- end }}
+
+{{- define "image.dockerLibrary" -}}
+{{ prepend (list ._repo) (list .Values.proxies.dockerLibrary .Values.proxies.dockerHub | compact | first) | compact | join "/" }}
+{{- end }}
+
+{{- define "image.ghcr" -}}
+{{ list .Values.proxies.ghcr ._repo | compact | join "/" }}
+{{- end }}
diff --git a/charts/kafka-ui/templates/gw.yaml b/charts/kafka-ui/templates/gw.yaml
@@ -0,0 +1,85 @@
+apiVersion: gateway.networking.k8s.io/v1
+kind: Gateway
+metadata:
+  name: {{ include "kafka-ui.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  {{- if .Values.gateway.nodePort }}
+  annotations:
+    port-mapping.gateway.voyagermesh.com/{{ .Values.gateway.port }}: {{ .Values.gateway.nodePort }}
+  {{- end }}
+spec:
+  gatewayClassName: {{ .Values.gateway.className }}
+  listeners:
+    - name: {{ include "kafka-ui.fullname" . }}
+      protocol: HTTPS
+      port: {{ .Values.gateway.port }}
+      tls:
+        certificateRefs:
+        - group: ""
+          kind: Secret
+          name: {{ .Values.gateway.tlsSecretRef.name }}
+          namespace: {{ .Values.gateway.tlsSecretRef.namespace }}
+        mode: Terminate
+
+---
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: {{ include "kafka-ui.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+spec:
+  parentRefs:
+    - group: gateway.networking.k8s.io
+      kind: Gateway
+      name: {{ include "kafka-ui.fullname" . }}
+      namespace: {{ .Release.Namespace }}
+      sectionName: {{ include "kafka-ui.fullname" . }}
+  rules:
+    - backendRefs:
+        - group: ""
+          kind: Service
+          name: {{ .Values.keda.proxyService.name }}
+          namespace: {{ .Values.keda.proxyService.namespace }}
+          port: {{ .Values.keda.proxyService.port }}
+          weight: 1
+      matches:
+        - path:
+            type: PathPrefix
+            value: /
+      filters:
+        - type: URLRewrite
+          urlRewrite:
+            hostname: {{ include "keda.hostname" . }}
+---
+{{ if .Values.gateway.referenceGrant.create }}
+
+apiVersion: gateway.networking.k8s.io/v1beta1
+kind: ReferenceGrant
+metadata:
+  name: dbui-cert-{{ .Release.Namespace }}
+  namespace: {{ .Values.gateway.tlsSecretRef.namespace }}
+spec:
+  from:
+  - group: gateway.networking.k8s.io
+    kind: Gateway
+    namespace: {{ .Release.Namespace }}
+  to:
+  - group: ""
+    kind: Secret
+    name: {{ .Values.gateway.tlsSecretRef.name }}
+---
+apiVersion: gateway.networking.k8s.io/v1beta1
+kind: ReferenceGrant
+metadata:
+  name: dbui-httproute-{{ .Release.Namespace }}
+  namespace: {{ .Values.keda.proxyService.namespace }}
+spec:
+  from:
+  - group: gateway.networking.k8s.io
+    kind: HTTPRoute
+    namespace: {{ .Release.Namespace }}
+  to:
+  - group: ""
+    kind: Service
+    name: {{ .Values.keda.proxyService.name }}
+{{ end }}
diff --git a/charts/kafka-ui/templates/ingress.yaml b/charts/kafka-ui/templates/ingress.yaml
diff --git a/charts/kafka-ui/templates/keda.yaml b/charts/kafka-ui/templates/keda.yaml
@@ -0,0 +1,20 @@
+kind: HTTPScaledObject
+apiVersion: http.keda.sh/v1alpha1
+metadata:
+    name: {{ include "kafka-ui.fullname" . }}
+    namespace: {{ .Release.Namespace }}
+spec:
+    hosts:
+      - {{ include "keda.hostname" . }}
+    pathPrefixes:
+      - "/"
+    targetPendingRequests: {{ .Values.targetPendingRequests }}
+    scaleTargetRef:
+        name: {{ include "kafka-ui.fullname" . }}
+        kind: Deployment
+        apiVersion: apps/v1
+        service: {{ include "kafka-ui.fullname" . }}
+        port: {{ .Values.service.port }}
+    replicas:
+        min: {{ .Values.autoscaling.http.minReplicas }}
+        max: {{ .Values.autoscaling.http.maxReplicas }}
diff --git a/charts/kafka-ui/values.yaml b/charts/kafka-ui/values.yaml
@@ -82,15 +82,14 @@ podSecurityContext:
   {}
   # fsGroup: 2000
 
-securityContext: {}
-  # allowPrivilegeEscalation: false
+securityContext:
+  {}
   # capabilities:
-  #   drop: ["ALL"]
+  #   drop:
+  #   - ALL
   # readOnlyRootFilesystem: true
   # runAsNonRoot: true
-  # runAsUser: 65534
-  # seccompProfile:
-  #   type: RuntimeDefault
+  # runAsUser: 1000
 
 service:
   type: ClusterIP
@@ -100,39 +99,6 @@ service:
   # if you want to force a specific nodePort. Must be use with service.type=NodePort
   # nodePort:
 
-# Ingress configuration
-ingress:
-  # Enable ingress resource
-  enabled: false
-
-  # Annotations for the Ingress
-  annotations: {}
-
-  # ingressClassName for the Ingress
-  ingressClassName: ""
-
-  # The path for the Ingress
-  path: "/"
-
-  # The path type for the Ingress
-  pathType: "Prefix"  
-
-  # The hostname for the Ingress
-  host: ""
-
-  # configs for Ingress TLS
-  tls:
-    # Enable TLS termination for the Ingress
-    enabled: false
-    # the name of a pre-created Secret containing a TLS private key and certificate
-    secretName: ""
-
-  # HTTP paths to add to the Ingress before the default path
-  precedingPaths: []
-
-  # Http paths to add to the Ingress after the default path
-  succeedingPaths: []
-
 resources:
   {}
   # limits:
@@ -165,3 +131,67 @@ volumes: {}
 
 namespace:
   create: false
+
+gateway:
+  className: "ace"
+  port: 8082
+  # nodePort: 30080
+  tlsSecretRef:
+    name: service-presets-cert
+    namespace: ace
+  referenceGrant:
+    create: true
+
+# This is the namespace that the ingress should be installed
+# into. It should be set to the same namespace as the
+# KEDA HTTP componentry is installed in. Defaults to the Helm
+# chart release namespace
+keda:
+  proxyService:
+    namespace: "keda"
+    name: "keda-add-ons-http-interceptor-proxy"
+    port: 8080
+targetPendingRequests: 200
+autoscaling:
+  http:
+    minReplicas: 0
+    maxReplicas: 1
+
+# authSecret, Bind CR, HelmRelease CR in same namespace
+# db could be in cross namespace
+app:
+  service:
+    name: ""
+    namespace: ""
+  authSecret:
+    name: ""
+bind:
+  name: ""
+  namespace: ""
+
+authzproxy:
+  enabled: false
+  # KubeDB operator container image
+  repository: appscode/kube-authz-proxy
+  # KubeDB operator container image tag
+  tag: "v0.0.1"
+  # Security options this container should run with
+  securityContext: # +doc-gen:break
+    allowPrivilegeEscalation: false
+    capabilities:
+      drop: ["ALL"]
+    readOnlyRootFilesystem: true
+    runAsNonRoot: true
+    runAsUser: 65534
+    seccompProfile:
+      type: RuntimeDefault
+  # Compute Resources required by this container
+  resources: {}
+  # requests:
+  #   cpu: 100m
+  #   memory: 128Mi
+  params:
+    listen: 8000
+    metricsAddr: 8080
+    platformURL: ""
+    platformCABundle: ""