diff --git a/kiali-operator/Chart.yaml b/kiali-operator/Chart.yaml new file mode 100644 index 0000000..b447748 --- /dev/null +++ b/kiali-operator/Chart.yaml @@ -0,0 +1,20 @@ +apiVersion: v2 +appVersion: v2.7.1 +description: Kiali is an open source project for service mesh observability, refer + to https://www.kiali.io for details. +home: https://github.com/kiali/kiali-operator +icon: https://raw.githubusercontent.com/kiali/kiali.io/current/assets/icons/logo.svg +keywords: +- istio +- kiali +- operator +maintainers: +- email: kiali-users@googlegroups.com + name: Kiali + url: https://kiali.io +name: kiali-operator +sources: +- https://github.com/kiali/kiali +- https://github.com/kiali/kiali-operator +- https://github.com/kiali/helm-charts +version: 2.7.1 diff --git a/kiali-operator/crds/crds.yaml b/kiali-operator/crds/crds.yaml new file mode 100644 index 0000000..8e98412 --- /dev/null +++ b/kiali-operator/crds/crds.yaml @@ -0,0 +1,24 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: kialis.kiali.io +spec: + group: kiali.io + names: + kind: Kiali + listKind: KialiList + plural: kialis + singular: kiali + scope: Namespaced + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true +... diff --git a/kiali-operator/templates/NOTES.txt b/kiali-operator/templates/NOTES.txt new file mode 100644 index 0000000..4f22052 --- /dev/null +++ b/kiali-operator/templates/NOTES.txt @@ -0,0 +1,30 @@ +Welcome to Kiali! For more details on Kiali, see: https://kiali.io + +The Kiali Operator [{{ .Chart.AppVersion }}] has been installed in namespace [{{ .Release.Namespace }}]. It will be ready soon. + +{{- if .Values.cr.create }} + {{- if or (and (not .Values.watchNamespace) (not .Values.cr.namespace)) (and (.Values.watchNamespace) (eq .Values.watchNamespace .Release.Namespace)) (and (.Values.cr.namespace) (eq .Values.cr.namespace .Release.Namespace)) }} +You have elected to install a Kiali CR in the same namespace as the operator [{{ .Release.Namespace }}]. You should be able to access Kiali soon. + +================================ +PLEASE READ THIS WARNING NOTICE: +Because the Kiali CR lives in the same namespace as the operator, DO NOT uninstall the operator or delete the operator namespace without first removing the Kiali CR. If you do not follow this advice then the Kiali Operator deletion will hang indefinitely until you remove the finalizer from the Kiali CR, and then you may find your Kubernetes environment still has Kiali Server remnants left behind. +================================ + {{- else if .Values.watchNamespace }} +You have elected to install a Kiali CR in the operator watch namespace [{{ .Values.watchNamespace }}]. You should be able to access Kiali soon. + {{- else if .Values.cr.namespace }} +You have elected to install a Kiali CR in the namespace [{{ .Values.cr.namespace }}]. You should be able to access Kiali soon. + {{- else }} +You have elected to install a Kiali CR. You should be able to access Kiali soon. + {{- end }} +{{- else }} + {{- if (not .Values.watchNamespace) }} +You have elected not to install a Kiali CR. You must first install a Kiali CR before you can access Kiali. The operator is watching all namespaces, so you can create the Kiali CR anywhere. + {{- else }} +You have elected not to install a Kiali CR. You must first install a Kiali CR in the operator watch namespace [{{ .Values.watchNamespace }}] before you can access Kiali. + {{- end }} +{{- end }} + +If you ever want to uninstall the Kiali Operator, remember to delete the Kiali CR first before uninstalling the operator to give the operator a chance to uninstall and remove all the Kiali Server resources. + +(Helm: Chart=[{{ .Chart.Name }}], Release=[{{ .Release.Name }}], Version=[{{ .Chart.Version }}]) diff --git a/kiali-server/templates/_helpers.tpl b/kiali-operator/templates/_helpers.tpl similarity index 60% rename from kiali-server/templates/_helpers.tpl rename to kiali-operator/templates/_helpers.tpl index 21d38a9..23392fe 100644 --- a/kiali-server/templates/_helpers.tpl +++ b/kiali-operator/templates/_helpers.tpl @@ -1,8 +1,8 @@ ---- +{{/* vim: set filetype=mustache: */}} {{/* Expand the name of the chart. */}} -{{- define "kiali-server.name" -}} +{{- define "kiali-operator.name" -}} {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} {{- end }} @@ -11,7 +11,7 @@ Create a default fully qualified app name. We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). If release name contains chart name it will be used as a full name. */}} -{{- define "kiali-server.fullname" -}} +{{- define "kiali-operator.fullname" -}} {{- if .Values.fullnameOverride }} {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} {{- else }} @@ -27,37 +27,28 @@ If release name contains chart name it will be used as a full name. {{/* Create chart name and version as used by the chart label. */}} -{{- define "kiali-server.chart" -}} +{{- define "kiali-operator.chart" -}} {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} {{- end }} {{/* Common labels */}} -{{- define "kiali-server.labels" -}} -helm.sh/chart: {{ include "kiali-server.chart" . }} -{{ include "kiali-server.selectorLabels" . }} +{{- define "kiali-operator.labels" -}} +helm.sh/chart: {{ include "kiali-operator.chart" . }} +app: {{ include "kiali-operator.name" . }} +{{ include "kiali-operator.selectorLabels" . }} {{- if .Chart.AppVersion }} +version: {{ .Chart.AppVersion | quote }} app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} {{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} +app.kubernetes.io/part-of: "kiali-operator" {{- end }} {{/* Selector labels */}} -{{- define "kiali-server.selectorLabels" -}} -app.kubernetes.io/name: {{ include "kiali-server.name" . }} +{{- define "kiali-operator.selectorLabels" -}} +app.kubernetes.io/name: {{ include "kiali-operator.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} {{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "kiali-server.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "kiali-server.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} diff --git a/kiali-operator/templates/clusterrole.yaml b/kiali-operator/templates/clusterrole.yaml new file mode 100644 index 0000000..3e648e2 --- /dev/null +++ b/kiali-operator/templates/clusterrole.yaml @@ -0,0 +1,311 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "kiali-operator.fullname" . }} + labels: + {{- include "kiali-operator.labels" . | nindent 4 }} +rules: +- apiGroups: [""] + resources: + - configmaps + - endpoints + - pods + - serviceaccounts + - services + - services/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: [""] + resources: + - namespaces + verbs: + - get + - list + - patch +- apiGroups: [""] + resources: + - secrets + verbs: + - create + - list + - watch +- apiGroups: [""] + resourceNames: + - kiali-signing-key + resources: + - secrets + verbs: + - delete + - get + - list + - patch + - update + - watch +- apiGroups: ["apps"] + resources: + - deployments + - replicasets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: ["autoscaling"] + resources: + - horizontalpodautoscalers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: ["monitoring.coreos.com"] + resources: + - servicemonitors + verbs: + - create + - get +- apiGroups: ["apps"] + resourceNames: + - kiali-operator + resources: + - deployments/finalizers + verbs: + - update +- apiGroups: ["kiali.io"] + resources: + - '*' + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: ["authorization.k8s.io"] + resources: + - selfsubjectaccessreviews + verbs: + - list +- apiGroups: ["rbac.authorization.k8s.io"] + resources: + {{- if or (and (.Values.cr.create) (.Values.cr.spec.deployment.cluster_wide_access)) (.Values.clusterRoleCreator) }} + - clusterrolebindings + - clusterroles + {{- end }} + - rolebindings + - roles + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: ["apiextensions.k8s.io"] + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch +- apiGroups: ["extensions", "networking.k8s.io"] + resources: + - ingresses + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: ["route.openshift.io"] + resources: + - routes + - routes/custom-host + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: ["oauth.openshift.io"] + resources: + - oauthclients + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: ["config.openshift.io"] + resources: + - clusteroperators + verbs: + - list + - watch +- apiGroups: ["config.openshift.io"] + resourceNames: + - kube-apiserver + resources: + - clusteroperators + verbs: + - get +- apiGroups: ["console.openshift.io"] + resources: + - consolelinks + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} +# The permissions below are for OSSMC operator capabilities +- apiGroups: ["console.openshift.io"] + resources: + - consoleplugins + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: ["operator.openshift.io"] + resources: + - consoles + verbs: + - get + - list + - patch + - update + - watch +{{- end }} +# The permissions below are for Kiali itself; operator needs these so it can escalate when creating Kiali's roles +- apiGroups: [""] + resources: + - configmaps + - endpoints + - pods/log + verbs: + - get + - list + - watch +- apiGroups: [""] + resources: + - namespaces + - pods + - replicationcontrollers + - services + verbs: + - get + - list + - watch + {{- if eq .Values.onlyViewOnlyMode false }} + - patch + {{- end }} +- apiGroups: [""] + resources: + - pods/portforward + verbs: + - create + - post +- apiGroups: ["extensions", "apps"] + resources: + - daemonsets + - deployments + - replicasets + - statefulsets + verbs: + - get + - list + - watch + {{- if eq .Values.onlyViewOnlyMode false }} + - patch + {{- end }} +- apiGroups: ["batch"] + resources: + - cronjobs + - jobs + verbs: + - get + - list + - watch + {{- if eq .Values.onlyViewOnlyMode false }} + - patch + {{- end }} +- apiGroups: + - config.istio.io + - networking.istio.io + - authentication.istio.io + - rbac.istio.io + - security.istio.io + - extensions.istio.io + - telemetry.istio.io + - gateway.networking.k8s.io + resources: ["*"] + verbs: + - get + - list + - watch + {{- if eq .Values.onlyViewOnlyMode false }} + - create + - delete + - patch + {{- end }} +- apiGroups: ["apps.openshift.io"] + resources: + - deploymentconfigs + verbs: + - get + - list + - watch + {{- if eq .Values.onlyViewOnlyMode false }} + - patch + {{- end }} +- apiGroups: ["project.openshift.io"] + resources: + - projects + verbs: + - get +- apiGroups: ["route.openshift.io"] + resources: + - routes + verbs: + - get +- apiGroups: ["authentication.k8s.io"] + resources: + - tokenreviews + verbs: + - create +- apiGroups: ["admissionregistration.k8s.io"] + resources: + - mutatingwebhookconfigurations + verbs: + - get + - list + - watch +... diff --git a/kiali-operator/templates/clusterrolebinding.yaml b/kiali-operator/templates/clusterrolebinding.yaml new file mode 100644 index 0000000..747939b --- /dev/null +++ b/kiali-operator/templates/clusterrolebinding.yaml @@ -0,0 +1,16 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "kiali-operator.fullname" . }} + labels: + {{- include "kiali-operator.labels" . | nindent 4 }} +subjects: +- kind: ServiceAccount + name: {{ include "kiali-operator.fullname" . }} + namespace: "{{ .Release.Namespace }}" +roleRef: + kind: ClusterRole + name: {{ include "kiali-operator.fullname" . }} + apiGroup: rbac.authorization.k8s.io +... diff --git a/kiali-operator/templates/deployment.yaml b/kiali-operator/templates/deployment.yaml new file mode 100644 index 0000000..bd99ece --- /dev/null +++ b/kiali-operator/templates/deployment.yaml @@ -0,0 +1,156 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "kiali-operator.fullname" . }} + namespace: "{{ .Release.Namespace }}" + labels: + {{- include "kiali-operator.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + {{- include "kiali-operator.selectorLabels" . | nindent 6 }} + template: + metadata: + name: {{ include "kiali-operator.fullname" . }} + namespace: "{{ .Release.Namespace }}" + labels: + # required for the operator SDK metric service selector + name: {{ include "kiali-operator.fullname" . }} + {{- include "kiali-operator.labels" . | nindent 8 }} + {{- if .Values.podLabels }} + {{- toYaml .Values.podLabels | nindent 8 }} + {{- end }} + annotations: + prometheus.io/scrape: {{ .Values.metrics.enabled | quote }} + prometheus.io/path: /metrics + prometheus.io/port: "8080" + {{- if .Values.podAnnotations }} + {{- toYaml .Values.podAnnotations | nindent 8 }} + {{- end }} + spec: + serviceAccountName: {{ include "kiali-operator.fullname" . }} + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName | quote }} + {{- end }} + {{- if .Values.tolerations }} + tolerations: + {{- toYaml .Values.tolerations | nindent 8 }} + {{- end }} + {{- if .Values.nodeSelector }} + nodeSelector: + {{- toYaml .Values.nodeSelector | nindent 8 }} + {{- end }} + containers: + - name: operator + image: "{{ .Values.image.repo }}{{ if .Values.image.digest }}@{{ .Values.image.digest }}{{ end }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy | default "Always" }} + args: + - "--zap-log-level=info" + - "--leader-election-id={{ include "kiali-operator.fullname" . }}" + - "--watches-file=./$(WATCHES_FILE)" + - "--health-probe-bind-address=:6789" + - "--metrics-bind-address=:8080" + terminationMessagePolicy: FallbackToLogsOnError + readinessProbe: + httpGet: + path: /readyz + port: 6789 + periodSeconds: 30 + livenessProbe: + httpGet: + path: /healthz + port: 6789 + periodSeconds: 30 + startupProbe: + httpGet: + path: /healthz + port: 6789 + initialDelaySeconds: 30 + periodSeconds: 10 + failureThreshold: 6 + securityContext: + {{- if .Values.securityContext }} + {{- toYaml .Values.securityContext | nindent 10 }} + {{- else }} + allowPrivilegeEscalation: false + privileged: false + runAsNonRoot: true + readOnlyRootFilesystem: true + capabilities: + drop: + - ALL + {{- end }} + volumeMounts: + - mountPath: /tmp + name: tmp + env: + - name: WATCH_NAMESPACE + value: {{ .Values.watchNamespace | default "\"\"" }} + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: ALLOW_AD_HOC_KIALI_NAMESPACE + value: {{ .Values.allowAdHocKialiNamespace | quote }} + - name: ALLOW_AD_HOC_KIALI_IMAGE + value: {{ .Values.allowAdHocKialiImage | quote }} +{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + - name: ALLOW_AD_HOC_OSSMCONSOLE_IMAGE + value: {{ .Values.allowAdHocOSSMConsoleImage | quote }} +{{- end }} + - name: ALLOW_SECURITY_CONTEXT_OVERRIDE + value: {{ .Values.allowSecurityContextOverride | quote }} + - name: ALLOW_ALL_ACCESSIBLE_NAMESPACES + value: {{ or (and (.Values.cr.create) (.Values.cr.spec.deployment.cluster_wide_access)) (.Values.allowAllAccessibleNamespaces) | quote }} + - name: PROFILE_TASKS_TASK_OUTPUT_LIMIT + value: "100" + - name: ANSIBLE_DEBUG_LOGS + value: {{ .Values.debug.enabled | quote }} + - name: ANSIBLE_VERBOSITY_KIALI_KIALI_IO + value: {{ .Values.debug.verbosity | quote }} +{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + - name: ANSIBLE_VERBOSITY_OSSMCONSOLE_KIALI_IO + value: {{ .Values.debug.verbosity | quote }} +{{- end }} + - name: ANSIBLE_CONFIG + {{- if .Values.debug.enableProfiler }} + value: "/opt/ansible/ansible-profiler.cfg" + {{- else }} + value: "/etc/ansible/ansible.cfg" + {{- end }} + - name: ANSIBLE_LOCAL_TEMP + value: "/tmp/ansible/tmp" + - name: ANSIBLE_REMOTE_TEMP + value: "/tmp/ansible/tmp" + - name: WATCHES_FILE +{{- if .Values.watchesFile }} + value: "{{ .Values.watchesFile }}" +{{- else }} +{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + value: "watches-os.yaml" +{{- else }} + value: "watches-k8s.yaml" +{{- end }} +{{- end }} + {{- if .Values.env }} + {{- toYaml .Values.env | nindent 8 }} + {{- end }} + ports: + - name: http-metrics + containerPort: 8080 + {{- if .Values.resources }} + resources: + {{- toYaml .Values.resources | nindent 10 }} + {{- end }} + volumes: + - name: tmp + emptyDir: {} + affinity: + {{- toYaml .Values.affinity | nindent 8 }} +... diff --git a/kiali-operator/templates/kiali-cr.yaml b/kiali-operator/templates/kiali-cr.yaml new file mode 100644 index 0000000..ef77353 --- /dev/null +++ b/kiali-operator/templates/kiali-cr.yaml @@ -0,0 +1,22 @@ +{{ if .Values.cr.create }} +--- +apiVersion: kiali.io/v1alpha1 +kind: Kiali +metadata: + {{- if .Values.watchNamespace }} + namespace: "{{ .Values.watchNamespace }}" + {{- else if .Values.cr.namespace }} + namespace: "{{ .Values.cr.namespace }}" + {{- end }} + name: {{ .Values.cr.name }} + labels: + {{- include "kiali-operator.labels" . | nindent 4 }} + annotations: + ansible.sdk.operatorframework.io/verbosity: {{ .Values.debug.verbosity | quote }} + {{- if .Values.cr.annotations }} + {{- toYaml .Values.cr.annotations | nindent 4 }} + {{- end }} +spec: + {{- toYaml .Values.cr.spec | nindent 2 }} +... +{{ end }} diff --git a/kiali-operator/templates/ossmconsole-crd.yaml b/kiali-operator/templates/ossmconsole-crd.yaml new file mode 100644 index 0000000..85a4a07 --- /dev/null +++ b/kiali-operator/templates/ossmconsole-crd.yaml @@ -0,0 +1,34 @@ +# The operator will watch resources of this kind and install OSSMC when one is found. +# This CRD needs to be templated because we do not want it installed on non-OpenShift clusters. +# However, the crds/ directory is not templated by Helm. See the Helm documentation on this here: +# https://helm.sh/docs/chart_best_practices/custom_resource_definitions/#method-1-let-helm-do-it-for-you +# Therefore, this CRD declaration is in templates/. The operator helm chart does not create resources +# of this kind, so this should be OK. Just realize if you uninstall the operator, this CRD will also +# be uninstalled (and thus any existing OSSMC CR will also be purged). + +{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: ossmconsoles.kiali.io +spec: + group: kiali.io + names: + kind: OSSMConsole + listKind: OSSMConsoleList + plural: ossmconsoles + singular: ossmconsole + scope: Namespaced + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true +... +{{- end }} diff --git a/kiali-operator/templates/serviceaccount.yaml b/kiali-operator/templates/serviceaccount.yaml new file mode 100644 index 0000000..64e8238 --- /dev/null +++ b/kiali-operator/templates/serviceaccount.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "kiali-operator.fullname" . }} + namespace: "{{ .Release.Namespace }}" + labels: + {{- include "kiali-operator.labels" . | nindent 4 }} +{{- if .Values.image.pullSecrets }} +imagePullSecrets: +{{- range .Values.image.pullSecrets }} +- name: {{ . }} +{{- end }} +{{- end }} +... diff --git a/kiali-operator/values.yaml b/kiali-operator/values.yaml new file mode 100644 index 0000000..386b69a --- /dev/null +++ b/kiali-operator/values.yaml @@ -0,0 +1,105 @@ +nameOverride: "" +fullnameOverride: "" + +image: # see: https://quay.io/repository/kiali/kiali-operator?tab=tags + repo: quay.io/kiali/kiali-operator # quay.io/kiali/kiali-operator + tag: v2.7.1 # version string like v1.39.0 or a digest hash + digest: "" # use "sha256" if tag is a sha256 hash (do NOT prefix this value with a "@") + pullPolicy: Always + pullSecrets: [] + +# Deployment options for the operator pod. +nodeSelector: {} +podAnnotations: {} +podLabels: {} +env: [] +tolerations: [] +resources: + requests: + cpu: "10m" + memory: "64Mi" +affinity: {} +replicaCount: 1 +priorityClassName: "" +securityContext: {} + +# metrics.enabled: set to true if you want Prometheus to collect metrics from the operator +metrics: + enabled: true + +# debug.enabled: when true the full ansible logs are dumped after each reconciliation run +# debug.verbosity: defines the amount of details the operator will log (higher numbers are more noisy) +# debug.enableProfiler: when true (regardless of debug.enabled), timings for the most expensive tasks will be logged after each reconciliation loop +debug: + enabled: true + verbosity: "1" + enableProfiler: false + +# Defines where the operator will look for Kial CR resources. "" means "all namespaces". +watchNamespace: "" + +# Set to true if you want the operator to be able to create cluster roles. This is necessary +# if you want to support Kiali CRs with spec.deployment.cluster_wide_access=true. +# Setting this to "true" requires allowAllAccessibleNamespaces to be "true" also. +# Note that this will be overriden to "true" if cr.create is true and cr.spec.deployment.cluster_wide_access=true. +clusterRoleCreator: true + +# Set to true if you want to allow the operator to only be able to install Kiali in view-only-mode. +# The purpose for this setting is to allow you to restrict the permissions given to the operator itself. +onlyViewOnlyMode: false + +# allowAdHocKialiNamespace tells the operator to allow a user to be able to install a Kiali CR in one namespace but +# be able to install Kiali in another namespace. In other words, it will allow the Kiali CR spec.deployment.namespace +# to be something other than the namespace where the CR is installed. You may want to disable this if you are +# running in a multi-tenant scenario in which you only want a user to be able to install Kiali in the same namespace +# where the user has permissions to install a Kiali CR. +allowAdHocKialiNamespace: true + +# allowAdHocKialiImage tells the operator to allow a user to be able to install a custom Kiali image as opposed +# to the image the operator will install by default. In other words, it will allow the +# Kiali CR spec.deployment.image_name and spec.deployment.image_version to be configured by the user. +# You may want to disable this if you do not want users to install their own Kiali images. +allowAdHocKialiImage: false + +# allowAdHocOSSMConsoleImage tells the operator to allow a user to be able to install a custom OSSMC image as opposed +# to the image the operator will install by default. In other words, it will allow the +# OSSMConsole CR spec.deployment.imageName and spec.deployment.imageVersion to be configured by the user. +# You may want to disable this if you do not want users to install their own OSSMC images. +# This is only applicable when running on OpenShift. +allowAdHocOSSMConsoleImage: false + +# allowSecurityContextOverride tells the operator to allow a user to be able to fully override the Kiali +# container securityContext. If this is false, certain securityContext settings must exist on the Kiali +# container and any attempt to override them will be ignored. +allowSecurityContextOverride: false + +# allowAllAccessibleNamespaces tells the operator to allow a user to be able to configure Kiali +# to access all namespaces in the cluster via spec.deployment.cluster_wide_access=true. +# If this is false, the user must specify an explicit set of namespaces in the Kiali CR via spec.deployment.discovery_selectors. +# Setting this to "true" requires clusterRoleCreator to be "true" also. +# Note that this will be overriden to "true" if cr.create is true and cr.spec.deployment.cluster_wide_access=true. +allowAllAccessibleNamespaces: true + +# watchesFile: If specified, this determines what watches file will be used to configure the operator. There are four different +# files that can be selected: (a) `watches-os.yaml`, (b) `watches-os-ns.yaml`, (c) `watches-k8s.yaml` or (d) `watches-k8s-ns.yaml`. +# The first two are for OpenShift only, the last two are for non-OpenShift Kubernetes clusters. The two with "-ns" in their name +# enable the operator to automatically update the Kiali Server with access to new namespaces as those namespaces are created in +# the cluster. This namespace watching feature provides some advanced capabilities but is never required. It is also not +# the default behavior and is not necessary if your Kiali CRs will have `spec.deployment.cluster_wide_access` set to `true`. +watchesFile: "" + +# For what a Kiali CR spec can look like, see: https://kiali.io/docs/configuration/kialis.kiali.io/ +cr: + create: false + name: kiali + # If you elect to create a Kiali CR (--set cr.create=true) + # and the operator is watching all namespaces (--set watchNamespace="") + # then this is the namespace where the CR will be created (the default will be the operator namespace). + namespace: "" + + # Annotations to place in the Kiali CR metadata. + annotations: {} + + spec: + deployment: + cluster_wide_access: true diff --git a/kiali-server/.helmignore b/kiali-server/.helmignore deleted file mode 100644 index 0e8a0eb..0000000 --- a/kiali-server/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/kiali-server/Chart.yaml b/kiali-server/Chart.yaml deleted file mode 100644 index 742901b..0000000 --- a/kiali-server/Chart.yaml +++ /dev/null @@ -1,25 +0,0 @@ ---- -apiVersion: v2 -name: kiali-server -description: A Helm chart for Kubernetes - -# A chart can be either an 'application' or a 'library' chart. -# -# Application charts are a collection of templates that can be packaged into versioned archives -# to be deployed. -# -# Library charts provide useful utilities or functions for the chart developer. They're included as -# a dependency of application charts to inject those utilities and functions into the rendering -# pipeline. Library charts do not define any templates and therefore cannot be deployed. -type: application - -# This is the chart version. This version number should be incremented each time you make changes -# to the chart and its templates, including the app version. -# Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.0 - -# This is the version number of the application being deployed. This version number should be -# incremented each time you make changes to the application. Versions are not expected to -# follow Semantic Versioning. They should reflect the version the application is using. -# It is recommended to use it with quotes. -appVersion: "1.16.0" diff --git a/kiali-server/templates/NOTES.txt b/kiali-server/templates/NOTES.txt deleted file mode 100644 index 7d790da..0000000 --- a/kiali-server/templates/NOTES.txt +++ /dev/null @@ -1 +0,0 @@ -1. Get the application URL by running these commands: diff --git a/kiali-server/templates/kiali.yaml b/kiali-server/templates/kiali.yaml deleted file mode 100644 index 47f8cd1..0000000 --- a/kiali-server/templates/kiali.yaml +++ /dev/null @@ -1,36 +0,0 @@ -apiVersion: kiali.io/v1alpha1 -kind: Kiali -metadata: - name: {{ include "kiali.fullname" . }} - labels: - {{- include "kiali.labels" . | nindent 4 }} -spec: - istio_namespace: {{ .Values.istioNamespace }} - auth: - strategy: "token" - deployment: - cluster_wide_access: true - view_only_mode: false - external_services: - prometheus: - enabled: true - auth: - insecure_skip_verify: true - url: {{ .Values.prometheus.url }} - grafana: - enabled: true - auth: - type: basic - username: "admin" - password: secret:{{ .Values.grafana.secretName }}:{{ .Values.grafana.passwordKey }} - external_url: {{ .Values.grafana.externalUrl }} - internal_url: {{ .Values.grafana.internalUrl }} - tracing: - enabled: true - internal_url: {{ .Values.tracing.internalUrl }} - use_grpc: false - provider: "tempo" - tempo_config: - org_id: "1" - datasource_uid: "fedkp0zap3uv4d" - url_format: "grafana" diff --git a/kiali-server/values.yaml b/kiali-server/values.yaml deleted file mode 100644 index da5a88d..0000000 --- a/kiali-server/values.yaml +++ /dev/null @@ -1,29 +0,0 @@ -# Default values for kiali-server. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -istioNamespace: "istio-system" - -prometheus: - enabled: true - url: - -grafana: - enabled: true - auth: - type: basic - username: "admin" - secretName: - passwordKey: - externalUrl: - internalUrl: - -tracing: - enabled: true - internalUrl: - use_grpc: false - provider: "tempo" - tempo_config: - org_id: "1" - datasource_uid: - url_format: "grafana" diff --git a/main.tf b/main.tf index 46c11df..12035a5 100644 --- a/main.tf +++ b/main.tf @@ -6,11 +6,11 @@ locals { resource "helm_release" "kiali_operator" { depends_on = [module.images] - chart = "kiali/kiali-operator" + chart = "kiali-operator" version = var.kiali_operator_version name = "kiali-operator" namespace = var.namespace - repository = "./kiali-server" + repository = "./kiali-operator" set { name = "image.repo"