Modifications to local operator chart and removing auth for use with …

…gatekeeper

kiali-server/Chart.yaml

@@ -1,6 +1,6 @@
 ---
 apiVersion: v2
-name: kiali-server
+name: kiali
 description: A Helm chart for Kubernetes
 
 # A chart can be either an 'application' or a 'library' chart.

kiali-server/templates/_helpers.tpl

@@ -2,7 +2,7 @@
 {{/*
 Expand the name of the chart.
 */}}
-{{- define "kiali-server.name" -}}
+{{- define "kiali.name" -}}
 {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
 {{- end }}
 
@@ -11,7 +11,7 @@ Create a default fully qualified app name.
 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
 If release name contains chart name it will be used as a full name.
 */}}
-{{- define "kiali-server.fullname" -}}
+{{- define "kiali.fullname" -}}
 {{- if .Values.fullnameOverride }}
 {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
 {{- else }}
@@ -27,16 +27,16 @@ If release name contains chart name it will be used as a full name.
 {{/*
 Create chart name and version as used by the chart label.
 */}}
-{{- define "kiali-server.chart" -}}
+{{- define "kiali.chart" -}}
 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
 {{- end }}
 
 {{/*
 Common labels
 */}}
-{{- define "kiali-server.labels" -}}
-helm.sh/chart: {{ include "kiali-server.chart" . }}
-{{ include "kiali-server.selectorLabels" . }}
+{{- define "kiali.labels" -}}
+helm.sh/chart: {{ include "kiali.chart" . }}
+{{ include "kiali.selectorLabels" . }}
 {{- if .Chart.AppVersion }}
 app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
 {{- end }}
@@ -46,17 +46,17 @@ app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{/*
 Selector labels
 */}}
-{{- define "kiali-server.selectorLabels" -}}
-app.kubernetes.io/name: {{ include "kiali-server.name" . }}
+{{- define "kiali.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "kiali.name" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end }}
 
 {{/*
 Create the name of the service account to use
 */}}
-{{- define "kiali-server.serviceAccountName" -}}
+{{- define "kiali.serviceAccountName" -}}
 {{- if .Values.serviceAccount.create }}
-{{- default (include "kiali-server.fullname" .) .Values.serviceAccount.name }}
+{{- default (include "kiali.fullname" .) .Values.serviceAccount.name }}
 {{- else }}
 {{- default "default" .Values.serviceAccount.name }}
 {{- end }}

kiali-server/templates/kiali.yaml

@@ -7,10 +7,10 @@ metadata:
 spec:
   istio_namespace: {{ .Values.istioNamespace }}
   auth:
-    strategy: "token"
+    strategy: {{ .Values.auth.strategy }}
   deployment:
     cluster_wide_access: true
-    view_only_mode: false
+    view_only_mode: {{ .Values.deployment.view_only_mode }}
   external_services:
     prometheus:
       enabled: true
@@ -19,10 +19,12 @@ spec:
       url: {{ .Values.prometheus.url }}
     grafana:
       enabled: true
-      auth:
-        type: basic
-        username: "admin"
-        password: secret:{{ .Values.grafana.secretName }}:{{ .Values.grafana.passwordKey }}
+      auth: 
+        insecure_skip_verify: true
+      # auth:
+      #   type: basic
+      #   username: "admin"
+      #   password: secret:{{ .Values.grafana.secretName }}:{{ .Values.grafana.passwordKey }}
       external_url: {{ .Values.grafana.externalUrl }}
       internal_url: {{ .Values.grafana.internalUrl }}
     tracing:

kiali-server/values.yaml

@@ -4,6 +4,12 @@
 
 istioNamespace: "istio-system"
 
+auth:
+  strategy:
+
+deployment:
+  view_only_mode:
+
 prometheus:
   enabled: true
   url:

main.tf

@@ -1,7 +1,7 @@
 locals {
   internal_hostname    = format("%v.%v.svc.cluster.local", var.service_name, var.namespace)
   internal_port_number = "20001"
-  internal_url         = format("https://%s:%s/", local.internal_hostname, local.internal_port_number)
+  internal_url         = format("http://%s:%s/", local.internal_hostname, local.internal_port_number)
 }
 
 resource "helm_release" "kiali_operator" {
@@ -10,7 +10,8 @@ resource "helm_release" "kiali_operator" {
   version    = var.kiali_operator_version
   name       = "kiali-operator"
   namespace  = var.namespace
-  repository = "https://kiali.org/helm-charts"
+  repository = "./helm-charts-2.4.0"
+  # repository = "https://kiali.org/helm-charts"
 
   set {
     name = "image.repo"
@@ -70,13 +71,65 @@ resource "helm_release" "kiali_operator" {
   }
 }
 
-module "ingress_resources" {
-  depends_on = [helm_release.kiali_operator]
-  # tflint-ignore: terraform_module_pinned_source
-  source            = "git@github.e.it.census.gov:SCT-Engineering/tfmod-istio-service-ingress.git?ref=main"
-  public_hostname   = var.service_name
-  public_domain     = var.cluster_domain
-  service_name      = var.service_name
-  service_namespace = var.namespace
-  service_port      = local.internal_port_number
+resource "helm_release" "kiali" {
+  depends_on = [
+    helm_release.kiali_operator,
+    # module.preinstall,
+  ]
+
+  chart      = "./kiali-server"
+  name       = "kiali"
+  namespace  = var.namespace
+
+  set {
+    name  = "auth.strategy"
+    value = "anonymous"
+  }
+  set {
+    name  = "deployment.view_only_mode"
+    value = true
+  }
+  set {
+    name  = "istioNamespace"
+    value = var.istio_namespace
+  }
+  set {
+    name  = "prometheus.url"
+    value = var.prometheus_internal_url
+  }
+  # set {
+  #   name  = "grafana.secretName"
+  #   value = var.grafana_secret_name
+  # }
+  # set {
+  #   name  = "grafana.passwordKey"
+  #   value = local.grafana_password_key
+  # }
+  set {
+    name  = "grafana.externalUrl"
+    value = var.grafana_public_url
+  }
+  set {
+    name  = "grafana.internalUrl"
+    value = var.grafana_internal_url
+  }
+  set {
+    name  = "tracing.internalUrl"
+    value = var.tempo_internal_url
+  }
+  set {
+    name  = "tracing.tempo_config.datasource_uid"
+    value = var.tempo_datasource_id
+  }
 }
+
+# module "ingress_resources" {
+#   depends_on = [helm_release.kiali_operator]
+#   # tflint-ignore: terraform_module_pinned_source
+#   source            = "git@github.e.it.census.gov:SCT-Engineering/tfmod-istio-service-ingress.git?ref=main"
+#   public_hostname   = var.service_name
+#   public_domain     = var.cluster_domain
+#   service_name      = var.service_name
+#   service_namespace = var.namespace
+#   service_port      = local.internal_port_number
+# }

outputs.tf

@@ -1,7 +1,7 @@
-output "public_endpoint" {
-  description = "The endpoint at which keycloak can be reached from outside the cluster."
-  value       = module.ingress_resources.service_url
-}
+# output "public_endpoint" {
+#   description = "The endpoint at which keycloak can be reached from outside the cluster."
+#   value       = module.ingress_resources.service_url
+# }
 
 output "internal_endpoint" {
   description = "The internal endpoint to use to access kiali"
@@ -12,6 +12,11 @@ output "internal_endpoint" {
   }
 }
 
+output "namespace" {
+  description = "The namespace in which kiali gets installed in."
+  value       = var.namespace
+}
+
 ################################################################################
 # Module information
 ################################################################################

variables.tf

@@ -46,6 +46,16 @@ variable "prometheus_internal_url" {
   type        = string
 }
 
+variable "tempo_internal_url" {
+  description = "The url within the cluster to use to query tempo tracing."
+  type        = string
+}
+
+variable "tempo_datasource_id" {
+  description = "The UID of the created Tempo datasource"
+  type        = string
+}
+
 # variable "jaeger_internal_url" {
 #   description = "The url within the cluster to use to query the jaegertracing."
 #   type        = string