From a962a6d2aff779059bb8e437f04834e586c29a6b Mon Sep 17 00:00:00 2001
From: mcgin314 <luther.coleman.mcginty@census.gov>
Date: Tue, 11 Mar 2025 16:58:52 -0400
Subject: [PATCH] Initial setting configuration development

---
 charts/kiali/templates/kiali.yaml             |  34 ---
 charts/kiali/templates/secret.yaml            |  10 -
 charts/kiali/values.yaml                      |  22 --
 copy_images.tf                                |  28 +-
 {charts/kiali => kiali-server}/.helmignore    |   0
 {charts/kiali => kiali-server}/Chart.yaml     |   2 +-
 kiali-server/templates/NOTES.txt              |   2 +
 .../templates/_helpers.tpl                    |  20 +-
 kiali-server/templates/kiali.yaml             |  35 +++
 kiali-server/values.yaml                      |  31 +++
 main.tf                                       | 244 ++++++++++--------
 variables.tf                                  |  20 +-
 12 files changed, 239 insertions(+), 209 deletions(-)
 delete mode 100644 charts/kiali/templates/kiali.yaml
 delete mode 100644 charts/kiali/templates/secret.yaml
 delete mode 100644 charts/kiali/values.yaml
 rename {charts/kiali => kiali-server}/.helmignore (100%)
 rename {charts/kiali => kiali-server}/Chart.yaml (98%)
 create mode 100644 kiali-server/templates/NOTES.txt
 rename {charts/kiali => kiali-server}/templates/_helpers.tpl (73%)
 create mode 100644 kiali-server/templates/kiali.yaml
 create mode 100644 kiali-server/values.yaml

diff --git a/charts/kiali/templates/kiali.yaml b/charts/kiali/templates/kiali.yaml
deleted file mode 100644
index 939cafb..0000000
--- a/charts/kiali/templates/kiali.yaml
+++ /dev/null
@@ -1,34 +0,0 @@
-apiVersion: kiali.io/v1alpha1
-kind: Kiali
-metadata:
-  name: {{ include "kiali.fullname" . }}
-  labels:
-    {{- include "kiali.labels" . | nindent 4 }}
-spec:
-  image_version: "operator_version"
-  istio_namespace: {{ .Values.istioNamespace | quote }}
-  deployment:
-    accessible_namespaces: "**"
-    image_name: {{ .Values.image_name | quote }}
-    # image_version: {{ .Values.image_version | quote }}
-  external_services:
-    grafana:
-      auth:
-        type: "basic"
-        username: {{ .Values.grafanaUserName  | quote }}
-        password: "secret:{{ .Values.grafanaSecretName }}:{{ .Values.grafanaSecretPasswordKey }}"
-      in_cluster_url: {{ .Values.grafanaInClusterUrl | quote}}
-      url: {{ .Values.grafanaPublicUrl | quote }}
-    prometheus:
-      url: {{ .Values.prometheusInClusterUrl | quote }}
-    tracing:
-      in_cluster_url: {{ .Values.jaegerInClusterUrl | quote }}
-  auth:
-    strategy: {{ .Values.kialiAuthStrategy }}
-{{ if eq .Values.kialiAuthStrategy "openid" }}
-    openid:
-      client_id: {{ .Values.openid.clientId | quote }}
-      disable_rbac: {{ .Values.openid.disableRbac }}
-      issuer_uri: {{ .Values.openid.issuerUri | quote }}
-      username_claim: {{ .Values.openid.username_claim | quote }}
-{{- end }}
diff --git a/charts/kiali/templates/secret.yaml b/charts/kiali/templates/secret.yaml
deleted file mode 100644
index 02637db..0000000
--- a/charts/kiali/templates/secret.yaml
+++ /dev/null
@@ -1,10 +0,0 @@
-{{ if .Values.openid.secret }}
-apiVersion: v1
-kind: Secret
-metadata:
-  name: kiali-o
-  labels:
-    {{- include "kiali.labels" . | nindent 4 }}
-stringData:
-  oidc-secret: {{ .Values.openid.secret | quote }}
-{{- end }}
diff --git a/charts/kiali/values.yaml b/charts/kiali/values.yaml
deleted file mode 100644
index 65aabd5..0000000
--- a/charts/kiali/values.yaml
+++ /dev/null
@@ -1,22 +0,0 @@
-
-publicHostname: "kiali"
-publicDomain: "cluster.domain"
-
-istioNamespace: "istio-system"
-prometheusInClusterUrl: "http://loki-prometheus-server.prometheus.svc.cluster.local/"
-jaegerInClusterUrl: "http://istio-jaeger-query.istio-tools.svc.cluster.local:16686/"
-grafanaInClusterUrl: "http://loki-grafana.grafana.svc.cluster.local/"
-grafanaPublicUrl: "https://grafana.cluster.domain/"
-# grafanaUserName: "admin"
-grafanaUserName: "YWRtaW4="
-grafanaSecretName: "kiali"
-grafanaSecretPasswordKey: "grafana_password"
-
-kialiAuthStrategy: openid
-openid:
-  clientId: "sso_admin_client_id"
-  secret: "sso_admin_client_secret"
-  disableRbac: true
-  issuerUri: "https://keycloak.cluster.domain/realms/sso_admin_realm"
-  usernameClaim: "username_claim"
-
diff --git a/copy_images.tf b/copy_images.tf
index 279ea35..e8232d7 100644
--- a/copy_images.tf
+++ b/copy_images.tf
@@ -1,6 +1,8 @@
 locals {
-  kiali_operator_key = format("%v#%v", "istio-tools/kiali-operator", var.kiali_application_version)
-  kiali_key          = format("%v#%v", "istio-tools/kiali", var.kiali_application_version)
+  kiali_operator_version             = "v2.2.0"
+  kiali_operator_key                 = format("%v#%v", "istio-tools/kiali-operator", local.kiali_operator_version)
+
+  kiali_server_key                   = format("%v#%v", "istio-tools/kiali", local.kiali_operator_version)
 
   image_config = [
     ## Images for Kiali
@@ -10,8 +12,8 @@ locals {
       name            = "istio-tools/kiali-operator"
       source_image    = "kiali/kiali-operator"
       source_registry = "quay.io"
-      source_tag      = var.kiali_application_version
-      tag             = var.kiali_application_version
+      source_tag      = local.kiali_operator_version
+      tag             = local.kiali_operator_version
     },
     {
       enabled         = true
@@ -19,28 +21,22 @@ locals {
       name            = "istio-tools/kiali"
       source_image    = "kiali/kiali"
       source_registry = "quay.io"
-      source_tag      = var.kiali_application_version
-      tag             = var.kiali_application_version
+      source_tag      = local.kiali_operator_version
+      tag             = local.kiali_operator_version
     },
   ]
 }
 
 module "images" {
-  source = "git@github.e.it.census.gov:terraform-modules/aws-ecr-copy-images.git/?ref=2.0.2"
+  source = "git@github.e.it.census.gov:terraform-modules/aws-ecr-copy-images.git/?ref=tf-upgrade"
 
   profile          = var.profile
   application_name = var.cluster_name
   image_config     = local.image_config
   tags             = {}
 
-  ### optional
-  ##  account_alias        = ""
-  ##  account_id           = ""
-  ##  destination_password = ""
-  ##  destination_username = ""
-  ##  override_prefixes    = {}
-  ##  region               = ""
-  ##  source_password      = ""
-  ##  source_username      = ""
+  enable_lifecycle_policy = true
+  lifecycle_policy_all    = true
+  force_delete            = true
 }
 
diff --git a/charts/kiali/.helmignore b/kiali-server/.helmignore
similarity index 100%
rename from charts/kiali/.helmignore
rename to kiali-server/.helmignore
diff --git a/charts/kiali/Chart.yaml b/kiali-server/Chart.yaml
similarity index 98%
rename from charts/kiali/Chart.yaml
rename to kiali-server/Chart.yaml
index f6f22a3..29729f4 100644
--- a/charts/kiali/Chart.yaml
+++ b/kiali-server/Chart.yaml
@@ -1,5 +1,5 @@
 apiVersion: v2
-name: kiali
+name: kiali-server
 description: A Helm chart for Kubernetes
 
 # A chart can be either an 'application' or a 'library' chart.
diff --git a/kiali-server/templates/NOTES.txt b/kiali-server/templates/NOTES.txt
new file mode 100644
index 0000000..c3b3453
--- /dev/null
+++ b/kiali-server/templates/NOTES.txt
@@ -0,0 +1,2 @@
+1. Get the application URL by running these commands:
+
diff --git a/charts/kiali/templates/_helpers.tpl b/kiali-server/templates/_helpers.tpl
similarity index 73%
rename from charts/kiali/templates/_helpers.tpl
rename to kiali-server/templates/_helpers.tpl
index 1a082cd..b7e85ed 100644
--- a/charts/kiali/templates/_helpers.tpl
+++ b/kiali-server/templates/_helpers.tpl
@@ -1,7 +1,7 @@
 {{/*
 Expand the name of the chart.
 */}}
-{{- define "kiali.name" -}}
+{{- define "kiali-server.name" -}}
 {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
 {{- end }}
 
@@ -10,7 +10,7 @@ Create a default fully qualified app name.
 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
 If release name contains chart name it will be used as a full name.
 */}}
-{{- define "kiali.fullname" -}}
+{{- define "kiali-server.fullname" -}}
 {{- if .Values.fullnameOverride }}
 {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
 {{- else }}
@@ -26,16 +26,16 @@ If release name contains chart name it will be used as a full name.
 {{/*
 Create chart name and version as used by the chart label.
 */}}
-{{- define "kiali.chart" -}}
+{{- define "kiali-server.chart" -}}
 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
 {{- end }}
 
 {{/*
 Common labels
 */}}
-{{- define "kiali.labels" -}}
-helm.sh/chart: {{ include "kiali.chart" . }}
-{{ include "kiali.selectorLabels" . }}
+{{- define "kiali-server.labels" -}}
+helm.sh/chart: {{ include "kiali-server.chart" . }}
+{{ include "kiali-server.selectorLabels" . }}
 {{- if .Chart.AppVersion }}
 app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
 {{- end }}
@@ -45,17 +45,17 @@ app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{/*
 Selector labels
 */}}
-{{- define "kiali.selectorLabels" -}}
-app.kubernetes.io/name: {{ include "kiali.name" . }}
+{{- define "kiali-server.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "kiali-server.name" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end }}
 
 {{/*
 Create the name of the service account to use
 */}}
-{{- define "kiali.serviceAccountName" -}}
+{{- define "kiali-server.serviceAccountName" -}}
 {{- if .Values.serviceAccount.create }}
-{{- default (include "kiali.fullname" .) .Values.serviceAccount.name }}
+{{- default (include "kiali-server.fullname" .) .Values.serviceAccount.name }}
 {{- else }}
 {{- default "default" .Values.serviceAccount.name }}
 {{- end }}
diff --git a/kiali-server/templates/kiali.yaml b/kiali-server/templates/kiali.yaml
new file mode 100644
index 0000000..aca8d96
--- /dev/null
+++ b/kiali-server/templates/kiali.yaml
@@ -0,0 +1,35 @@
+apiVersion: kiali.io/v1alpha1
+kind: Kiali
+metadata:
+  name: kiali
+spec:
+  istio_namespace: {{ .Values.istioNamespace }}
+  auth:
+    strategy: "token"
+  deployment:
+    cluster_wide_access: true
+    view_only_mode: false
+  external_services:
+    prometheus:
+      enabled: true
+      auth:
+        insecure_skip_verify: true
+      # url: "http://prometheus-server.prometheus.svc.cluster.local:80/"
+      url: {{ .Values.prometheus.url }}
+    grafana:
+      enabled: true
+      auth:
+        type: basic
+        username: "admin"
+        password: secret:{{ .Values.grafana.secretName }}:{{ .Values.grafana.passwordKey }}
+      external_url: {{ .Values.grafana.externalUrl }}
+      internal_url: {{ .Values.grafana.internalUrl }}
+    tracing:
+      enabled: true
+      internal_url: {{ .Values.tracing.internalUrl }}
+      use_grpc: false
+      provider: "tempo"
+      tempo_config:
+        org_id: "1"
+        datasource_uid: "fedkp0zap3uv4d"
+        url_format: "grafana"
diff --git a/kiali-server/values.yaml b/kiali-server/values.yaml
new file mode 100644
index 0000000..33d4e43
--- /dev/null
+++ b/kiali-server/values.yaml
@@ -0,0 +1,31 @@
+# Default values for kiali-server.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+istioNamespace: "istio-system"
+
+prometheus:
+  enabled: true
+  url:
+
+grafana:
+  enabled: true
+  auth:
+    type: basic
+    username: "admin"
+    secretName: 
+    passwordKey: 
+    # password: "Q8rktnHqzYFEf591U35Uf66T1xFJ4HZZFqiOn4fh"
+        # password: secret:my-secret:my-cred
+  externalUrl: 
+  internalUrl: 
+
+tracing:
+  enabled: true
+  internalUrl: 
+  use_grpc: false
+  provider: "tempo"
+  tempo_config:
+    org_id: "1"
+    datasource_uid: 
+    url_format: "grafana"
diff --git a/main.tf b/main.tf
index 1e1b963..917be5d 100644
--- a/main.tf
+++ b/main.tf
@@ -1,4 +1,3 @@
-
 locals {
   public_hostname    = format("kiali.%v", var.cluster_domain)
   public_port_number = "80"
@@ -8,23 +7,8 @@ locals {
   internal_port_number = "20001"
   internal_url         = format("http://%v:%v/", local.internal_hostname, local.internal_port_number)
 
-  have_keycloak = (
-    try(length(var.keycloak_namespace), 0) > 0 &&
-    try(length(var.sso_client_id), 0) > 0 &&
-    try(length(var.sso_client_secret), 0) > 0 &&
-    try(length(var.keycloak_public_url), 0) > 0 &&
-    try(length(var.keycloak_realm), 0) > 0
-  ) ? true : false
-
-  keycloak_issuer_uri = (
-    local.have_keycloak ?
-    format("%v/realms/%v",
-      var.keycloak_public_url,
-      var.keycloak_realm
-    )
-  : "")
-
-  kiali_oidc_secret = local.have_keycloak ? "ensure_secret kiali oidc-secret \"${var.sso_client_secret}\"" : ";"
+  grafana_secret_name  = "kiali"
+  grafana_password_key = "grafana_password"
 
   preinstall_script = <<CONFIG
 wait_for_istio_ready() {
@@ -40,53 +24,15 @@ wait_for_istio_ready() {
   echo "wait_for_istio_ready = $http_code"
 }
 wait_for_istio_ready
-ensure_secret kiali grafana_password "$(kubectl -n ${var.grafana_namespace} get secret ${var.grafana_secret_name} -o jsonpath='{.data.admin-password}' | base64 -d)"
+ensure_secret ${local.grafana_secret_name} ${local.grafana_password_key} "$(kubectl -n ${var.grafana_namespace} get secret ${var.grafana_secret_name} -o jsonpath='{.data.admin-password}' | base64 -d)"
 CONFIG
 }
 
-data "kubernetes_namespace" "operators" {
-  metadata {
-    name = var.operators_namespace
-  }
-}
-
-resource "kubernetes_namespace" "ns" {
-  count = var.create_namespace == true ? 1 : 0
-
-  metadata {
-    name = var.namespace
-    labels = {
-      istio-injection = "enabled"
-    }
-  }
-}
-
-data "kubernetes_namespace" "existing-ns" {
-  count = var.create_namespace == true ? 0 : 1
-
-  metadata {
-    name = var.namespace
-  }
-}
-
-locals {
-  ns = try(kubernetes_namespace.ns[0].metadata[0].name, data.kubernetes_namespace.existing-ns[0].metadata[0].name)
-}
-
-
-data "kubernetes_namespace" "keycloak" {
-  count = local.have_keycloak ? 1 : 0
-
-  metadata {
-    name = var.keycloak_namespace
-  }
-}
-
 module "service_account" {
   source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-config-job.git//service-account"
 
-  namespace            = local.ns
-  read_only_namespaces = ["grafana"]
+  namespace            = var.namespace
+  read_only_namespaces = [var.grafana_namespace]
 }
 
 module "preinstall" {
@@ -94,7 +40,7 @@ module "preinstall" {
 
   profile              = var.profile
   cluster_name         = var.cluster_name
-  namespace            = local.ns
+  namespace            = var.namespace
   service_account_name = module.service_account.service_account_name
   job_name             = "istio-tools-config-job"
   config_script        = local.preinstall_script
@@ -104,7 +50,7 @@ resource "helm_release" "kiali-operator" {
   chart      = "kiali-operator"
   version    = var.kiali_operator_version
   name       = "kiali-operator"
-  namespace  = data.kubernetes_namespace.operators.metadata[0].name
+  namespace  = var.namespace
   repository = "https://kiali.org/helm-charts"
 
   set {
@@ -125,82 +71,174 @@ resource "helm_release" "kiali-operator" {
   }
   set {
     name  = "watchNamespace"
-    value = local.ns
+    value = var.namespace
+  }
+  set {
+    name  = "env[0].name"
+    value = "RELATED_IMAGE_kiali_default"
   }
   set {
-    name  = "allowAdHocKialiImage"
-    value = true
+    name  = "env[0].value"
+    value = format("%v/%v:%v",
+      module.images.images[local.kiali_server_key].dest_registry,
+      module.images.images[local.kiali_server_key].dest_repository,
+      module.images.images[local.kiali_server_key].tag
+    )
   }
 }
 
 resource "helm_release" "kiali" {
   depends_on = [
     helm_release.kiali-operator,
-    # module.preinstall,
+    module.preinstall,
   ]
 
-  chart      = "kiali"
+  chart      = "./kiali-server"
   name       = "kiali"
-  namespace  = local.ns
-  repository = "./charts"
-  # repository = "${path.module}/charts"
-
-  set {
-    name  = "image_name"
-    value = format("%v/%v",
-      module.images.images[local.kiali_key].dest_registry,
-      module.images.images[local.kiali_key].dest_repository
-    )
-  }
-  set {
-    name  = "image_version"
-    value = module.images.images[local.kiali_key].tag
-  }
-
-  set {
-    name  = "publicHostname"
-    value = var.public_hostname
-  }
-  set {
-    name  = "publicDomain"
-    value = var.cluster_domain
-  }
+  namespace  = var.namespace
 
   set {
     name  = "istioNamespace"
     value = var.istio_namespace
   }
   set {
-    name  = "prometheusInClusterUrl"
+    name  = "prometheus.url"
     value = var.prometheus_internal_url
   }
   set {
-    name  = "jaegerInClusterUrl"
-    value = var.jaeger_internal_url
+    name  = "grafana.secretName"
+    value = local.grafana_secret_name
   }
   set {
-    name  = "grafanaInClusterUrl"
-    value = var.grafana_internal_url
+    name  = "grafana.passwordKey"
+    value = local.grafana_password_key
   }
   set {
-    name  = "grafanaPublicUrl"
+    name  = "grafana.externalUrl"
     value = var.grafana_public_url
   }
   set {
-    name  = "grafanaUserName"
-    value = "YWRtaW4="
-    # value = "admin"
+    name  = "grafana.internalUrl"
+    value = var.grafana_internal_url
   }
   set {
-    name  = "grafanaSecretName"
-    value = "kiali"
+    name  = "tracing.internalUrl"
+    value = var.tempo_internal_url
   }
   set {
-    name  = "grafanaPasswordKey"
-    value = "grafana_password"
+    name  = "tracing.tempo_config.datasource_uid"
+    value = var.tempo_datasource_id
   }
+
+  
 }
 
+module "ingress_resources" {
+  # tflint-ignore: terraform_module_version
+  # tflint-ignore: terraform_module_pinned_source
+  # source = "git@github.e.it.census.gov:SCT-Engineering/tfmod-istio-service-ingress.git?ref=main"
+  source = "/apps/terraform/workspaces/mcgin314/tfmod-istio-service-ingress"
+
+  public_hostname = "kiali"
+  public_domain = format("%v.%v", var.cluster_name, var.cluster_domain)
+  service_name = "kiali"
+  service_namespace = var.namespace
+  service_port = local.internal_port_number
+}
+
+# grafana:
+#   enabled: true
+#   auth:
+#     type: basic
+#     username: "admin"
+#     password: "Q8rktnHqzYFEf591U35Uf66T1xFJ4HZZFqiOn4fh"
+
+# tracing:
+#   enabled: true
+#   internalUrl: "http://tempo.tempo.svc.cluster.local:3100"
+#   use_grpc: false
+#   provider: "tempo"
+#   tempo_config:
+#     org_id: "1"
+#     datasource_uid: "fedkp0zap3uv4d"
+#     url_format: "grafana"
+
+
+# resource "helm_release" "kiali" {
+#   depends_on = [
+#     helm_release.kiali-operator,
+#     # module.preinstall,
+#   ]
+
+#   chart      = "kiali"
+#   name       = "kiali"
+#   namespace  = local.ns
+#   repository = "./charts"
+#   # repository = "${path.module}/charts"
+
+#   set {
+#     name  = "image_name"
+#     value = format("%v/%v",
+#       module.images.images[local.kiali_key].dest_registry,
+#       module.images.images[local.kiali_key].dest_repository
+#     )
+#   }
+#   set {
+#     name  = "image_version"
+#     value = module.images.images[local.kiali_key].tag
+#   }
+
+#   set {
+#     name  = "kialiAuthStrategy"
+#     value = "anonymous"
+#   }
+
+#   set {
+#     name  = "publicHostname"
+#     value = var.public_hostname
+#   }
+#   set {
+#     name  = "publicDomain"
+#     value = var.cluster_domain
+#   }
+
+#   set {
+#     name  = "istioNamespace"
+#     value = var.istio_namespace
+#   }
+#   set {
+#     name  = "prometheusInClusterUrl"
+#     value = var.prometheus_internal_url
+#   }
+#   set {
+#     name  = "jaegerInClusterUrl"
+#     value = var.jaeger_internal_url
+#   }
+#   set {
+#     name  = "grafanaInClusterUrl"
+#     value = var.grafana_internal_url
+#   }
+#   set {
+#     name  = "grafanaPublicUrl"
+#     value = var.grafana_public_url
+#   }
+#   set {
+#     name  = "grafanaUserName"
+#     value = "YWRtaW4="
+#     # value = "admin"
+#   }
+#   set {
+#     name  = "grafanaSecretName"
+#     value = "kiali"
+#   }
+#   set {
+#     name  = "grafanaPasswordKey"
+#     value = "grafana_password"
+#   }
+# }
+
+
+
   #  dynamic "set" {
   #    for_each = local.have_keycloak ? ["openid"] : ["anonymous"]
   #    content {
diff --git a/variables.tf b/variables.tf
index b90d012..1c52579 100644
--- a/variables.tf
+++ b/variables.tf
@@ -20,23 +20,12 @@ variable "namespace" {
   default     = "istio-tools"
 }
 
-variable "create_namespace" {
-  description = "Indicates whether the `namespace` needs to be created ('true') or already exists (not `true`)"
-  type        = bool
-  default     = true
-}
-
 variable "istio_namespace" {
   description = "The namespace where istio has been deployed."
   type        = string
   default     = "istio-system"
 }
 
-variable "operators_namespace" {
-  description = "The namespace into which all operators are to be deployed."
-  type        = string
-}
-
 variable "keycloak_namespace" {
   description = "The namespace holding the keycloak instance."
   type        = string
@@ -68,8 +57,13 @@ variable "prometheus_internal_url" {
   type        = string
 }
 
-variable "jaeger_internal_url" {
-  description = "The url within the cluster to use to query the jaegertracing."
+variable "tempo_internal_url" {
+  description = "The url within the cluster to use to query tempo tracing."
+  type        = string
+}
+
+variable "tempo_datasource_id" {
+  description = "The UID of the created Tempo datasource"
   type        = string
 }