SCT-Engineering · morga471 · Apr 16, 2025 · Mar 27, 2025 · Apr 1, 2025 · Apr 10, 2025
diff --git a/README.md b/README.md
@@ -20,12 +20,12 @@
 | Name | Source | Version |
 |------|--------|---------|
 | <a name="module_images"></a> [images](#module\_images) | git::https://github.e.it.census.gov/terraform-modules/aws-ecr-copy-images.git/ | tf-upgrade |
-| <a name="module_ingress_resources"></a> [ingress\_resources](#module\_ingress\_resources) | git::https://github.e.it.census.gov/SCT-Engineering/tfmod-istio-service-ingress.git | main |
 
 ## Resources
 
 | Name | Type |
 |------|------|
+| [helm_release.kiali](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.kiali_operator](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 
 ## Inputs
@@ -46,6 +46,8 @@
 | <a name="input_prometheus_internal_url"></a> [prometheus\_internal\_url](#input\_prometheus\_internal\_url) | The url within the cluster to use to query the prometheus server. | `string` | n/a | yes |
 | <a name="input_region"></a> [region](#input\_region) | region name | `string` | `"us-gov-east-1"` | no |
 | <a name="input_service_name"></a> [service\_name](#input\_service\_name) | The name of the service for Kiali. | `string` | `"kiali"` | no |
+| <a name="input_tempo_datasource_id"></a> [tempo\_datasource\_id](#input\_tempo\_datasource\_id) | The UID of the created Tempo datasource | `string` | n/a | yes |
+| <a name="input_tempo_internal_url"></a> [tempo\_internal\_url](#input\_tempo\_internal\_url) | The url within the cluster to use to query tempo tracing. | `string` | n/a | yes |
 
 ## Outputs
 
@@ -54,5 +56,5 @@
 | <a name="output_internal_endpoint"></a> [internal\_endpoint](#output\_internal\_endpoint) | The internal endpoint to use to access kiali |
 | <a name="output_module_name"></a> [module\_name](#output\_module\_name) | The name of this module. |
 | <a name="output_module_version"></a> [module\_version](#output\_module\_version) | The version of this module. |
-| <a name="output_public_endpoint"></a> [public\_endpoint](#output\_public\_endpoint) | The endpoint at which keycloak can be reached from outside the cluster. |
+| <a name="output_namespace"></a> [namespace](#output\_namespace) | The namespace in which kiali gets installed in. |
 <!-- END_TF_DOCS -->
diff --git a/kiali-operator/templates/_helpers.tpl b/kiali-operator/templates/_helpers.tpl
@@ -2,7 +2,7 @@
 {{/*
 Expand the name of the chart.
 */}}
-{{- define "kiali-operator.name" -}}
+{{- define "kiali.name" -}}
 {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
 {{- end }}
 
@@ -11,7 +11,7 @@ Create a default fully qualified app name.
 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
 If release name contains chart name it will be used as a full name.
 */}}
-{{- define "kiali-operator.fullname" -}}
+{{- define "kiali.fullname" -}}
 {{- if .Values.fullnameOverride }}
 {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
 {{- else }}
@@ -27,17 +27,16 @@ If release name contains chart name it will be used as a full name.
 {{/*
 Create chart name and version as used by the chart label.
 */}}
-{{- define "kiali-operator.chart" -}}
+{{- define "kiali.chart" -}}
 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
 {{- end }}
 
 {{/*
 Common labels
 */}}
-{{- define "kiali-operator.labels" -}}
-helm.sh/chart: {{ include "kiali-operator.chart" . }}
-app: {{ include "kiali-operator.name" . }}
-{{ include "kiali-operator.selectorLabels" . }}
+{{- define "kiali.labels" -}}
+helm.sh/chart: {{ include "kiali.chart" . }}
+{{ include "kiali.selectorLabels" . }}
 {{- if .Chart.AppVersion }}
 version: {{ .Chart.AppVersion | quote }}
 app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
@@ -48,7 +47,18 @@ app.kubernetes.io/part-of: "kiali-operator"
 {{/*
 Selector labels
 */}}
-{{- define "kiali-operator.selectorLabels" -}}
-app.kubernetes.io/name: {{ include "kiali-operator.name" . }}
+{{- define "kiali.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "kiali.name" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "kiali.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "kiali.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}
diff --git a/kiali-server/Chart.yaml b/kiali-server/Chart.yaml
@@ -0,0 +1,25 @@
+---
+apiVersion: v2
+name: kiali
+description: A Helm chart for Kubernetes
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.1.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "1.16.0"
diff --git a/kiali-server/templates/kiali.yaml b/kiali-server/templates/kiali.yaml
@@ -0,0 +1,38 @@
+apiVersion: kiali.io/v1alpha1
+kind: Kiali
+metadata:
+  name: {{ include "kiali.fullname" . }}
+  labels:
+    {{- include "kiali.labels" . | nindent 4 }}
+spec:
+  istio_namespace: {{ .Values.istioNamespace }}
+  auth:
+    strategy: {{ .Values.auth.strategy }}
+  deployment:
+    cluster_wide_access: true
+    view_only_mode: {{ .Values.deployment.view_only_mode }}
+  external_services:
+    prometheus:
+      enabled: true
+      auth:
+        insecure_skip_verify: true
+      url: {{ .Values.prometheus.url }}
+    grafana:
+      enabled: true
+      auth:
+        insecure_skip_verify: true
+      # auth:
+      #   type: basic
+      #   username: "admin"
+      #   password: secret:{{ .Values.grafana.secretName }}:{{ .Values.grafana.passwordKey }}
+      external_url: {{ .Values.grafana.externalUrl }}
+      internal_url: {{ .Values.grafana.internalUrl }}
+    tracing:
+      enabled: true
+      internal_url: {{ .Values.tracing.internalUrl }}
+      use_grpc: false
+      provider: "tempo"
+      tempo_config:
+        org_id: "1"
+        datasource_uid: "fedkp0zap3uv4d"
+        url_format: "grafana"
diff --git a/kiali-server/values.yaml b/kiali-server/values.yaml
@@ -0,0 +1,35 @@
+# Default values for kiali-server.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+istioNamespace: "istio-system"
+
+auth:
+  strategy:
+
+deployment:
+  view_only_mode:
+
+prometheus:
+  enabled: true
+  url:
+
+grafana:
+  enabled: true
+  auth:
+    type: basic
+    username: "admin"
+    secretName:
+    passwordKey:
+  externalUrl:
+  internalUrl:
+
+tracing:
+  enabled: true
+  internalUrl:
+  use_grpc: false
+  provider: "tempo"
+  tempo_config:
+    org_id: "1"
+    datasource_uid:
+    url_format: "grafana"
diff --git a/main.tf b/main.tf
@@ -1,11 +1,11 @@
 locals {
   internal_hostname    = format("%v.%v.svc.cluster.local", var.service_name, var.namespace)
   internal_port_number = "20001"
-  internal_url         = format("https://%s:%s/", local.internal_hostname, local.internal_port_number)
+  internal_url         = format("http://%s:%s/", local.internal_hostname, local.internal_port_number)
 }
 
 resource "helm_release" "kiali_operator" {
-  depends_on = [module.images]
+
   chart      = "kiali-operator"
   version    = var.kiali_operator_version
   name       = "kiali-operator"
@@ -70,13 +70,45 @@ resource "helm_release" "kiali_operator" {
   }
 }
 
-module "ingress_resources" {
-  depends_on = [helm_release.kiali_operator]
-  # tflint-ignore: terraform_module_pinned_source
-  source            = "git::https://github.e.it.census.gov/SCT-Engineering/tfmod-istio-service-ingress.git?ref=main"
-  public_hostname   = var.service_name
-  public_domain     = var.cluster_domain
-  service_name      = var.service_name
-  service_namespace = var.namespace
-  service_port      = local.internal_port_number
+resource "helm_release" "kiali" {
+  depends_on = [
+    helm_release.kiali_operator,
+  ]
+
+  chart     = "./kiali-server"
+  name      = "kiali"
+  namespace = var.namespace
+
+  set {
+    name  = "auth.strategy"
+    value = "anonymous"
+  }
+  set {
+    name  = "deployment.view_only_mode"
+    value = true
+  }
+  set {
+    name  = "istioNamespace"
+    value = var.istio_namespace
+  }
+  set {
+    name  = "prometheus.url"
+    value = var.prometheus_internal_url
+  }
+  set {
+    name  = "grafana.externalUrl"
+    value = var.grafana_public_url
+  }
+  set {
+    name  = "grafana.internalUrl"
+    value = var.grafana_internal_url
+  }
+  set {
+    name  = "tracing.internalUrl"
+    value = var.tempo_internal_url
+  }
+  set {
+    name  = "tracing.tempo_config.datasource_uid"
+    value = var.tempo_datasource_id
+  }
 }
diff --git a/outputs.tf b/outputs.tf
@@ -1,7 +1,7 @@
-output "public_endpoint" {
-  description = "The endpoint at which keycloak can be reached from outside the cluster."
-  value       = module.ingress_resources.service_url
-}
+# output "public_endpoint" {
+#   description = "The endpoint at which keycloak can be reached from outside the cluster."
+#   value       = module.ingress_resources.service_url
+# }
 
 output "internal_endpoint" {
   description = "The internal endpoint to use to access kiali"
@@ -12,6 +12,11 @@ output "internal_endpoint" {
   }
 }
 
+output "namespace" {
+  description = "The namespace in which kiali gets installed in."
+  value       = var.namespace
+}
+
 ################################################################################
 # Module information
 ################################################################################

diff --git a/variables.tf b/variables.tf
@@ -46,16 +46,15 @@ variable "prometheus_internal_url" {
   type        = string
 }
 
-# variable "jaeger_internal_url" {
-#   description = "The url within the cluster to use to query the jaegertracing."
-#   type        = string
-# }
+variable "tempo_internal_url" {
+  description = "The url within the cluster to use to query tempo tracing."
+  type        = string
+}
 
-# variable "public_hostname" {
-#   description = "The hostname to use for kiali that will be publicly available"
-#   type        = string
-#   default     = "kiali"
-# }
+variable "tempo_datasource_id" {
+  description = "The UID of the created Tempo datasource"
+  type        = string
+}
 
 # helm repo add kiali https://kiali.org/helm-charts
 # helm search repo kiali/kiali-operator