feat: wip

README.md

@@ -1,37 +1,114 @@
 # Keep Helm Chart
 The Keep Helm Chart provides a convenient way to deploy and manage Keep on Kubernetes using Helm, a package manager for Kubernetes applications.
 
+# Prerequisites
+
+## Ingress Controller (Recommended)
+The recommended way to deploy Keep is with ingress-nginx that serves as a single ingress for all services (backend, frontend, and websocket server).
+
+1. Install ingress-nginx:
+```bash
+helm upgrade --install ingress-nginx ingress-nginx \
+  --repo https://kubernetes.github.io/ingress-nginx \
+  --namespace ingress-nginx --create-namespace
+```
+
+2. Enable snippet annotations:
+The ingress controller must have snippet annotations enabled. You can enable it during installation:
+```bash
+helm upgrade --install ingress-nginx ingress-nginx \
+  --repo https://kubernetes.github.io/ingress-nginx \
+  --namespace ingress-nginx --create-namespace \
+  --set controller.config.allow-snippet-annotations=true
+```
+
+To verify if snippet annotations are enabled:
+```bash
+# Check the configmap
+kubectl get configmap -n ingress-nginx ingress-nginx-controller -o yaml | grep allow-snippet-annotations
+
+# Or check the controller logs
+kubectl logs -n ingress-nginx -l app.kubernetes.io/component=controller | grep "allow-snippet-annotations"
+```
+
 # Installation
-The easiest way to install Keep with Helm is with the following command:
 
+## Option 1: With ingress-nginx (Recommended)
 ```bash
-# add the Helm repository
+# Add the Helm repository
 helm repo add keephq https://keephq.github.io/helm-charts
-# pull the latest version of the chart
-helm pull keephq/keep
-# install the chart
+
+# Install Keep with ingress enabled (default nginx)
+helm install keep keephq/keep -n keep --create-namespace
+```
+
+## Option 2: Without ingress-nginx (Not recommended)
+Keep can be deployed without ingress-nginx, but this will create three separate ingresses (one for each service):
+```bash
+# Add the Helm repository
+helm repo add keephq https://keephq.github.io/helm-charts
+
+# Install Keep without ingress
 helm install keep keephq/keep
 ```
 
+# Post-Installation
+
+## With ingress-nginx
+Your Keep installation will be available at the ingress host you configured. Check your ingress status:
+```bash
+kubectl get ingress
+```
+
+## Without ingress-nginx
+You'll need to set up port forwarding to access the services:
+```bash
+# Expose the UI locally
+kubectl port-forward svc/keep-frontend 3000:3000 &
+
+# Expose the Backend locally
+kubectl port-forward svc/keep-backend 8080:8080 &
+
+# Export websocket server (optional)
+kubectl port-forward svc/keep-websocket 6001:6001 &
+```
+
 # Uninstallation
-`helm uninstall keep`
+```bash
+helm uninstall keep
+```
 
 # Configuration
 To view supported configuration, see [this](charts/keep/README.md).
 
-# Openshift
-Keep's Helm Chart also supports installation on Openshift.
-Simply set up the keys under frontend(/backend).route:
-- route.host: your desired hostname
+# Platform-Specific Instructions
 
-# Local Kubernetes
-For local kubernetes without external IP (such as NodePort or LoadBalancer), you'll need to run port forwarding:
+## Openshift
+Keep's Helm Chart supports installation on Openshift.
+Configure the route settings under frontend(/backend).route:
+```yaml
+frontend:
+  route:
+    host: your-desired-hostname
+```
 
-## Port forward
-```bash
+## Local Kubernetes
+For local Kubernetes clusters without external IP (such as when using NodePort or LoadBalancer):
 
-# expose the UI locally
-kubectl port-forward svc/keep-frontend 3000:3000 & \
-# export websocket server (optional)
-kubectl port-forward svc/keep-websocket 6001:6001 &
-```
+1. If using ingress-nginx, ensure your ingress controller is properly configured for local development
+2. If not using ingress-nginx, use the port forwarding method described in the "Without ingress-nginx" section
+
+# Troubleshooting
+
+## Common Issues
+1. Ingress not working
+   - Verify ingress-nginx is properly installed
+   - Check if snippet annotations are enabled
+   - Verify ingress configuration with `kubectl describe ingress`
+
+2. WebSocket connection issues
+   - Ensure the websocket service is running
+   - Check ingress configuration for proper WebSocket headers
+   - Verify connectivity using `curl` or browser developer tools
+
+For more detailed configuration options and troubleshooting, refer to the [documentation](charts/keep/README.md).

charts/keep/templates/_helpers.tpl

@@ -66,9 +66,9 @@ Helper function to find an environment variable in the list
 */}}
 {{- define "keep.findEnvVar" -}}
 {{- $name := index . 0 -}}
-{{- $values := index . 1 -}}
-{{- if and $values.frontend $values.frontend.env -}}
-  {{- range $values.frontend.env -}}
+{{- $root := index . 1 -}}
+{{- if and $root.Values.frontend $root.Values.frontend.env -}}
+  {{- range $root.Values.frontend.env -}}
     {{- if eq .name $name -}}
       {{- .value -}}
     {{- end -}}
@@ -112,41 +112,52 @@ Helper function for PUSHER_HOST
 {{/*
 Helper function for API_URL for the frontend
 */}}
-{{- define "keep.apiUrl" -}}
-{{- $apiUrl := include "keep.findEnvVar" (list "API_URL" .) -}}
-{{- if $apiUrl -}}
-  {{- $apiUrl -}}
+{{- define "keep.apiUrlClient" -}}
+{{- $apiUrlClient := include "keep.findEnvVar" (list "API_URL_CLIENT" .) -}}
+{{- if $apiUrlClient -}}
+  {{- $apiUrlClient -}}
 {{- else -}}
   {{- include "keep.backendPrefix" . -}}
 {{- end -}}
 {{- end -}}
 
+{{/*
+Expand the namespace of the release.
+*/}}
+{{- define "keep.namespace" -}}
+{{- default .Release.Namespace .Values.namespaceOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
 
 {{/*
-Determine if ingress-nginx should be installed
+Helper function for getting the full URL (with protocol and host)
 */}}
-{{- define "keep.shouldInstallIngressNginx" -}}
-{{- if .Release.IsInstall -}}
-  {{- if .Values.preInstallJob.enabled -}}
-    {{- $jobName := printf "%s-nginx-ingress-check" .Release.Name -}}
-    {{- $job := (lookup "batch/v1" "Job" .Release.Namespace $jobName) -}}
-    {{- if $job -}}
-      {{- if $job.status -}}
-        {{- if eq (int $job.status.succeeded) 0 -}}
-          {{- printf "false" -}}
-        {{- else -}}
-          {{- printf "true" -}}
-        {{- end -}}
-      {{- else -}}
-        {{- printf "true" -}}
-      {{- end -}}
-    {{- else -}}
-      {{- printf "true" -}}
-    {{- end -}}
+{{- define "keep.fullUrl" -}}
+{{- if and .Values.global.ingress.enabled .Values.global.ingress.hosts -}}
+  {{- if .Values.global.ingress.tls -}}
+    {{- $host := index .Values.global.ingress.hosts 0 -}}
+    {{- printf "https://%s" $host.host -}}
   {{- else -}}
-    {{- printf "true" -}}
+    {{- $host := index .Values.global.ingress.hosts 0 -}}
+    {{- printf "http://%s" $host.host -}}
   {{- end -}}
 {{- else -}}
-  {{- printf "false" -}}
+  {{- print "http://localhost:3000" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Helper function for NEXTAUTH_URL
+*/}}
+{{- define "keep.nextAuthUrl" -}}
+{{- $nextAuthUrl := include "keep.findEnvVar" (list "NEXTAUTH_URL" .) -}}
+{{- if $nextAuthUrl -}}
+    {{- $nextAuthUrl -}}
+{{- else -}}
+    {{- if .Values.global.ingress.enabled -}}
+        {{- include "keep.fullUrl" . -}}
+    {{- else -}}
+        {{- print "http://localhost:3000" -}}
+    {{- end -}}
 {{- end -}}
 {{- end -}}

charts/keep/templates/delete-secret-job.yaml

@@ -16,9 +16,9 @@ spec:
           - /bin/sh
           - -c
           - >
-            secrets=$(kubectl get secrets -n {{ .Values.Namespace }} -o name | grep '^secret/keep-');
+            secrets=$(kubectl get secrets -n {{ include "keep.namespace" . }} -o name | grep '^secret/keep-');
             if [ -n "$secrets" ]; then
-              echo "$secrets" | xargs kubectl delete -n {{ .Values.Namespace }};
+              echo "$secrets" | xargs kubectl delete -n {{ include "keep.namespace" . }};
             else
               echo "No matching secrets found to delete.";
             fi

charts/keep/templates/frontend.yaml

@@ -42,19 +42,20 @@ spec:
               containerPort: {{ .Values.frontend.service.port }}
               protocol: TCP
           env:
-            {{- $pusherHost := include "keep.pusherHost" . -}}
-            {{- $apiUrl := include "keep.apiUrl" . -}}
+            - name: PUSHER_HOST
+              value: {{ include "keep.pusherHost" . | quote }}
+            - name: API_URL_CLIENT
+              value: {{ include "keep.apiUrlClient" . | quote }}
+            - name: NEXTAUTH_URL
+              value: {{ include "keep.nextAuthUrl" . | quote }}
             {{- range .Values.frontend.env }}
+            {{- if and 
+                  (ne .name "PUSHER_HOST") 
+                  (ne .name "API_URL_CLIENT") 
+                  (ne .name "NEXTAUTH_URL") }}
             - name: {{ .name }}
               value: {{ .value | quote }}
             {{- end }}
-            {{- if and $pusherHost (not (include "keep.findEnvVar" (list "PUSHER_HOST" .))) }}
-            - name: PUSHER_HOST
-              value: {{ $pusherHost | quote }}
-            {{- end }}
-            {{- if and $apiUrl (not (include "keep.findEnvVar" (list "API_URL" .))) }}
-            - name: API_URL
-              value: {{ $apiUrl | quote }}
             {{- end }}
           volumeMounts:
             - name: state-volume

charts/keep/templates/role-binding-secret-manager.yaml

@@ -2,11 +2,11 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
   name: secret-manager-rolebinding
-  namespace: {{ .Values.namespace | default .Release.Namespace | default "default" }}
+  namespace: {{ include "keep.namespace" . }}
 subjects:
   - kind: ServiceAccount
     name: {{ include "keep.serviceAccountName" . }}
-    namespace: {{ .Values.namespace | default .Release.Namespace | default "default" }}
+    namespace: {{ include "keep.namespace" . }}
 roleRef:
   kind: Role
   name: secret-manager-role

charts/keep/templates/role-secret-manager.yaml

@@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
   name: secret-manager-role
-  namespace: {{ .Values.namespace | default .Release.Namespace | default "default" }}
+  namespace: {{ include "keep.namespace" . }}
 rules:
   - apiGroups: [""]
     resources: ["secrets"]

charts/keep/values.yaml

@@ -1,4 +1,4 @@
-namespace: default
+namespace: keep
 serviceAccount:
   create: true
   annotations: {}
@@ -138,8 +138,8 @@ frontend:
   env:
     - name: NEXTAUTH_SECRET
       value: secret
-    - name: NEXTAUTH_URL
-      value: http://localhost:3000
+    - name: API_URL_CLIENT
+      value: http://keep-backend:8080
     # Shahar: took me whole day to figure out that I need to set this to 1
     # https://github.com/nextauthjs/next-auth/issues/600
     - name: VERCEL
@@ -156,7 +156,7 @@ frontend:
   image:
     repository: us-central1-docker.pkg.dev/keephq/keep/keep-ui
     pullPolicy: Always
-    tag: "feature_websocket-improve"
+    tag: feat_debug-k8s
   imagePullSecrets: []
   serviceAccount:
     create: true