Merge pull request #10 from SCT-Engineering/feature-gatekeeper

Feature gatekeeper
SCT-Engineering · Apr 17, 2025 · dce5524 · dce5524
2 parents e3f685b + 3f41972
commit dce5524
Show file tree

Hide file tree

Showing 8 changed files with 97 additions and 40 deletions.
diff --git a/README.md b/README.md
@@ -1,5 +1,9 @@
 # tfmod-kiali
 
+Kiali is a web console for the Istio Service Mesh. It is analogous to how the Kubernetes Dashboard is a web console for Kubernetes, ie. it is a web interface for viewing configurations and operations of the system. Additionally, the same as the Kubernetes Dashboard, we deploy Kiali in a read-only manner, given mesh objects should only be configured through code and pipelines, not modification through web or command line. Kiali provides a useful tool for reviewing configurations and topology, observing mesh health and performance, and tracing along with its associated details. Additional details about Kiali can be reviewed at the [Kiali website](https://kiali.io/).
+
+This module deploys and configures Kiali via its operator and integrates it with Istio and the other telemetry oriented tools of the cluster. 
+
 <!-- BEGIN_TF_DOCS -->
 ## Requirements
 

diff --git a/kiali-operator/Chart.yaml b/kiali-operator/Chart.yaml
@@ -1,20 +1,19 @@
 apiVersion: v2
-appVersion: v2.7.1
-description: Kiali is an open source project for service mesh observability, refer
-  to https://www.kiali.io for details.
+name: kiali-operator
+description: Kiali is an open source project for service mesh observability, refer to https://www.kiali.io for details.
+version: 0.0.0
+appVersion: 0.0.0
 home: https://github.com/kiali/kiali-operator
-icon: https://raw.githubusercontent.com/kiali/kiali.io/current/assets/icons/logo.svg
+maintainers:
+- name: Kiali
+  email: kiali-users@googlegroups.com
+  url: https://kiali.io
 keywords:
 - istio
 - kiali
 - operator
-maintainers:
-- email: kiali-users@googlegroups.com
-  name: Kiali
-  url: https://kiali.io
-name: kiali-operator
 sources:
 - https://github.com/kiali/kiali
 - https://github.com/kiali/kiali-operator
 - https://github.com/kiali/helm-charts
-version: 2.7.1
+icon: https://raw.githubusercontent.com/kiali/kiali.io/current/assets/icons/logo.svg
diff --git a/kiali-operator/templates/_helpers.tpl b/kiali-operator/templates/_helpers.tpl
@@ -51,14 +51,3 @@ Selector labels
 app.kubernetes.io/name: {{ include "kiali.name" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end }}
-
-{{/*
-Create the name of the service account to use
-*/}}
-{{- define "kiali.serviceAccountName" -}}
-{{- if .Values.serviceAccount.create }}
-{{- default (include "kiali.fullname" .) .Values.serviceAccount.name }}
-{{- else }}
-{{- default "default" .Values.serviceAccount.name }}
-{{- end }}
-{{- end }}
diff --git a/kiali-server/templates/_helpers.tpl b/kiali-server/templates/_helpers.tpl
@@ -0,0 +1,62 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "kiali.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "kiali.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "kiali.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "kiali.labels" -}}
+helm.sh/chart: {{ include "kiali.chart" . }}
+{{ include "kiali.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "kiali.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "kiali.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "kiali.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "kiali.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}
diff --git a/kiali-server/templates/kiali.yaml b/kiali-server/templates/kiali.yaml
@@ -34,5 +34,5 @@ spec:
       provider: "tempo"
       tempo_config:
         org_id: "1"
-        datasource_uid: "fedkp0zap3uv4d"
+        datasource_uid: {{ .Values.tracing.tempo_config.datasource_uid }}
         url_format: "grafana"
diff --git a/kiali-server/values.yaml b/kiali-server/values.yaml
@@ -19,17 +19,17 @@ grafana:
   auth:
     type: basic
     username: "admin"
-    secretName:
-    passwordKey:
-  externalUrl:
-  internalUrl:
+    secretName: 
+    passwordKey: 
+  externalUrl: 
+  internalUrl: 
 
 tracing:
   enabled: true
-  internalUrl:
+  internalUrl: 
   use_grpc: false
   provider: "tempo"
   tempo_config:
     org_id: "1"
-    datasource_uid:
+    datasource_uid: 
     url_format: "grafana"
diff --git a/main.tf b/main.tf
@@ -2,15 +2,17 @@ locals {
   internal_hostname    = format("%v.%v.svc.cluster.local", var.service_name, var.namespace)
   internal_port_number = "20001"
   internal_url         = format("http://%s:%s/", local.internal_hostname, local.internal_port_number)
+  # This may seem unusual, but we cannot input/pass the grafana ingress url, since kiali is a dependency of gatekeeper 
+  # that creates the ingress (circular dep). So, we build the ingress url here using the same variables as gatekeeper.
+  grafana_public_url   = format("https://%s.%s", var.grafana_service_name, var.cluster_domain)
 }
 
 resource "helm_release" "kiali_operator" {
-  depends_on = [module.images]
-  chart      = "kiali-operator"
+
+  chart      = "./kiali-operator"
   version    = var.kiali_operator_version
   name       = "kiali-operator"
   namespace  = var.namespace
-  repository = "./"
 
   set {
     name = "image.repo"
@@ -58,7 +60,7 @@ resource "helm_release" "kiali_operator" {
   }
   set {
     name  = "grafana.externalUrl"
-    value = var.grafana_public_url
+    value = local.grafana_public_url
   }
   set {
     name  = "grafana.internalUrl"
@@ -75,9 +77,9 @@ resource "helm_release" "kiali" {
     helm_release.kiali_operator,
   ]
 
-  chart     = "./kiali-server"
-  name      = "kiali"
-  namespace = var.namespace
+  chart      = "./kiali-server"
+  name       = "kiali"
+  namespace  = var.namespace
 
   set {
     name  = "auth.strategy"
@@ -97,7 +99,7 @@ resource "helm_release" "kiali" {
   }
   set {
     name  = "grafana.externalUrl"
-    value = var.grafana_public_url
+    value = local.grafana_public_url
   }
   set {
     name  = "grafana.internalUrl"

diff --git a/variables.tf b/variables.tf
@@ -31,14 +31,15 @@ variable "grafana_secret_name" {
   type        = string
 }
 
-variable "grafana_public_url" {
-  description = "The URL incoming traffic from outisde the cluster uses to access grafana."
+variable "grafana_internal_url" {
+  description = "The url within the cluster to use to access grafana."
   type        = string
 }
 
-variable "grafana_internal_url" {
-  description = "The url within the cluster to use to access grafana."
+variable "grafana_service_name" {
+  description = "The name of the service used for grafana."
   type        = string
+  default     = "grafana"
 }
 
 variable "prometheus_internal_url" {