From 8f7c1ab8e7839f08adeeb10f7be4b3063c0ba14c Mon Sep 17 00:00:00 2001 From: shahargl Date: Tue, 22 Oct 2024 21:00:55 +0300 Subject: [PATCH] feat: wip --- README.md | 115 +++++++++++++++--- charts/keep/templates/_helpers.tpl | 67 +++++----- charts/keep/templates/delete-secret-job.yaml | 4 +- charts/keep/templates/frontend.yaml | 19 +-- .../role-binding-secret-manager.yaml | 4 +- .../keep/templates/role-secret-manager.yaml | 2 +- charts/keep/values.yaml | 8 +- 7 files changed, 154 insertions(+), 65 deletions(-) diff --git a/README.md b/README.md index ead6350..c2512e5 100644 --- a/README.md +++ b/README.md @@ -1,37 +1,114 @@ # Keep Helm Chart The Keep Helm Chart provides a convenient way to deploy and manage Keep on Kubernetes using Helm, a package manager for Kubernetes applications. +# Prerequisites + +## Ingress Controller (Recommended) +The recommended way to deploy Keep is with ingress-nginx that serves as a single ingress for all services (backend, frontend, and websocket server). + +1. Install ingress-nginx: +```bash +helm upgrade --install ingress-nginx ingress-nginx \ + --repo https://kubernetes.github.io/ingress-nginx \ + --namespace ingress-nginx --create-namespace +``` + +2. Enable snippet annotations: +The ingress controller must have snippet annotations enabled. You can enable it during installation: +```bash +helm upgrade --install ingress-nginx ingress-nginx \ + --repo https://kubernetes.github.io/ingress-nginx \ + --namespace ingress-nginx --create-namespace \ + --set controller.config.allow-snippet-annotations=true +``` + +To verify if snippet annotations are enabled: +```bash +# Check the configmap +kubectl get configmap -n ingress-nginx ingress-nginx-controller -o yaml | grep allow-snippet-annotations + +# Or check the controller logs +kubectl logs -n ingress-nginx -l app.kubernetes.io/component=controller | grep "allow-snippet-annotations" +``` + # Installation -The easiest way to install Keep with Helm is with the following command: +## Option 1: With ingress-nginx (Recommended) ```bash -# add the Helm repository +# Add the Helm repository helm repo add keephq https://keephq.github.io/helm-charts -# pull the latest version of the chart -helm pull keephq/keep -# install the chart + +# Install Keep with ingress enabled (default nginx) +helm install keep keephq/keep -n keep --create-namespace +``` + +## Option 2: Without ingress-nginx (Not recommended) +Keep can be deployed without ingress-nginx, but this will create three separate ingresses (one for each service): +```bash +# Add the Helm repository +helm repo add keephq https://keephq.github.io/helm-charts + +# Install Keep without ingress helm install keep keephq/keep ``` +# Post-Installation + +## With ingress-nginx +Your Keep installation will be available at the ingress host you configured. Check your ingress status: +```bash +kubectl get ingress +``` + +## Without ingress-nginx +You'll need to set up port forwarding to access the services: +```bash +# Expose the UI locally +kubectl port-forward svc/keep-frontend 3000:3000 & + +# Expose the Backend locally +kubectl port-forward svc/keep-backend 8080:8080 & + +# Export websocket server (optional) +kubectl port-forward svc/keep-websocket 6001:6001 & +``` + # Uninstallation -`helm uninstall keep` +```bash +helm uninstall keep +``` # Configuration To view supported configuration, see [this](charts/keep/README.md). -# Openshift -Keep's Helm Chart also supports installation on Openshift. -Simply set up the keys under frontend(/backend).route: -- route.host: your desired hostname +# Platform-Specific Instructions -# Local Kubernetes -For local kubernetes without external IP (such as NodePort or LoadBalancer), you'll need to run port forwarding: +## Openshift +Keep's Helm Chart supports installation on Openshift. +Configure the route settings under frontend(/backend).route: +```yaml +frontend: + route: + host: your-desired-hostname +``` -## Port forward -```bash +## Local Kubernetes +For local Kubernetes clusters without external IP (such as when using NodePort or LoadBalancer): -# expose the UI locally -kubectl port-forward svc/keep-frontend 3000:3000 & \ -# export websocket server (optional) -kubectl port-forward svc/keep-websocket 6001:6001 & -``` +1. If using ingress-nginx, ensure your ingress controller is properly configured for local development +2. If not using ingress-nginx, use the port forwarding method described in the "Without ingress-nginx" section + +# Troubleshooting + +## Common Issues +1. Ingress not working + - Verify ingress-nginx is properly installed + - Check if snippet annotations are enabled + - Verify ingress configuration with `kubectl describe ingress` + +2. WebSocket connection issues + - Ensure the websocket service is running + - Check ingress configuration for proper WebSocket headers + - Verify connectivity using `curl` or browser developer tools + +For more detailed configuration options and troubleshooting, refer to the [documentation](charts/keep/README.md). \ No newline at end of file diff --git a/charts/keep/templates/_helpers.tpl b/charts/keep/templates/_helpers.tpl index d7c2687..78a9b54 100644 --- a/charts/keep/templates/_helpers.tpl +++ b/charts/keep/templates/_helpers.tpl @@ -66,9 +66,9 @@ Helper function to find an environment variable in the list */}} {{- define "keep.findEnvVar" -}} {{- $name := index . 0 -}} -{{- $values := index . 1 -}} -{{- if and $values.frontend $values.frontend.env -}} - {{- range $values.frontend.env -}} +{{- $root := index . 1 -}} +{{- if and $root.Values.frontend $root.Values.frontend.env -}} + {{- range $root.Values.frontend.env -}} {{- if eq .name $name -}} {{- .value -}} {{- end -}} @@ -112,41 +112,52 @@ Helper function for PUSHER_HOST {{/* Helper function for API_URL for the frontend */}} -{{- define "keep.apiUrl" -}} -{{- $apiUrl := include "keep.findEnvVar" (list "API_URL" .) -}} -{{- if $apiUrl -}} - {{- $apiUrl -}} +{{- define "keep.apiUrlClient" -}} +{{- $apiUrlClient := include "keep.findEnvVar" (list "API_URL_CLIENT" .) -}} +{{- if $apiUrlClient -}} + {{- $apiUrlClient -}} {{- else -}} {{- include "keep.backendPrefix" . -}} {{- end -}} {{- end -}} +{{/* +Expand the namespace of the release. +*/}} +{{- define "keep.namespace" -}} +{{- default .Release.Namespace .Values.namespaceOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + {{/* -Determine if ingress-nginx should be installed +Helper function for getting the full URL (with protocol and host) */}} -{{- define "keep.shouldInstallIngressNginx" -}} -{{- if .Release.IsInstall -}} - {{- if .Values.preInstallJob.enabled -}} - {{- $jobName := printf "%s-nginx-ingress-check" .Release.Name -}} - {{- $job := (lookup "batch/v1" "Job" .Release.Namespace $jobName) -}} - {{- if $job -}} - {{- if $job.status -}} - {{- if eq (int $job.status.succeeded) 0 -}} - {{- printf "false" -}} - {{- else -}} - {{- printf "true" -}} - {{- end -}} - {{- else -}} - {{- printf "true" -}} - {{- end -}} - {{- else -}} - {{- printf "true" -}} - {{- end -}} +{{- define "keep.fullUrl" -}} +{{- if and .Values.global.ingress.enabled .Values.global.ingress.hosts -}} + {{- if .Values.global.ingress.tls -}} + {{- $host := index .Values.global.ingress.hosts 0 -}} + {{- printf "https://%s" $host.host -}} {{- else -}} - {{- printf "true" -}} + {{- $host := index .Values.global.ingress.hosts 0 -}} + {{- printf "http://%s" $host.host -}} {{- end -}} {{- else -}} - {{- printf "false" -}} + {{- print "http://localhost:3000" -}} +{{- end -}} +{{- end -}} + +{{/* +Helper function for NEXTAUTH_URL +*/}} +{{- define "keep.nextAuthUrl" -}} +{{- $nextAuthUrl := include "keep.findEnvVar" (list "NEXTAUTH_URL" .) -}} +{{- if $nextAuthUrl -}} + {{- $nextAuthUrl -}} +{{- else -}} + {{- if .Values.global.ingress.enabled -}} + {{- include "keep.fullUrl" . -}} + {{- else -}} + {{- print "http://localhost:3000" -}} + {{- end -}} {{- end -}} {{- end -}} \ No newline at end of file diff --git a/charts/keep/templates/delete-secret-job.yaml b/charts/keep/templates/delete-secret-job.yaml index e1fd325..9de20b7 100644 --- a/charts/keep/templates/delete-secret-job.yaml +++ b/charts/keep/templates/delete-secret-job.yaml @@ -16,9 +16,9 @@ spec: - /bin/sh - -c - > - secrets=$(kubectl get secrets -n {{ .Values.Namespace }} -o name | grep '^secret/keep-'); + secrets=$(kubectl get secrets -n {{ include "keep.namespace" . }} -o name | grep '^secret/keep-'); if [ -n "$secrets" ]; then - echo "$secrets" | xargs kubectl delete -n {{ .Values.Namespace }}; + echo "$secrets" | xargs kubectl delete -n {{ include "keep.namespace" . }}; else echo "No matching secrets found to delete."; fi diff --git a/charts/keep/templates/frontend.yaml b/charts/keep/templates/frontend.yaml index 3f599ce..00fa9df 100644 --- a/charts/keep/templates/frontend.yaml +++ b/charts/keep/templates/frontend.yaml @@ -42,19 +42,20 @@ spec: containerPort: {{ .Values.frontend.service.port }} protocol: TCP env: - {{- $pusherHost := include "keep.pusherHost" . -}} - {{- $apiUrl := include "keep.apiUrl" . -}} + - name: PUSHER_HOST + value: {{ include "keep.pusherHost" . | quote }} + - name: API_URL_CLIENT + value: {{ include "keep.apiUrlClient" . | quote }} + - name: NEXTAUTH_URL + value: {{ include "keep.nextAuthUrl" . | quote }} {{- range .Values.frontend.env }} + {{- if and + (ne .name "PUSHER_HOST") + (ne .name "API_URL_CLIENT") + (ne .name "NEXTAUTH_URL") }} - name: {{ .name }} value: {{ .value | quote }} {{- end }} - {{- if and $pusherHost (not (include "keep.findEnvVar" (list "PUSHER_HOST" .))) }} - - name: PUSHER_HOST - value: {{ $pusherHost | quote }} - {{- end }} - {{- if and $apiUrl (not (include "keep.findEnvVar" (list "API_URL" .))) }} - - name: API_URL - value: {{ $apiUrl | quote }} {{- end }} volumeMounts: - name: state-volume diff --git a/charts/keep/templates/role-binding-secret-manager.yaml b/charts/keep/templates/role-binding-secret-manager.yaml index 3c9b8bc..313e975 100644 --- a/charts/keep/templates/role-binding-secret-manager.yaml +++ b/charts/keep/templates/role-binding-secret-manager.yaml @@ -2,11 +2,11 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: secret-manager-rolebinding - namespace: {{ .Values.namespace | default .Release.Namespace | default "default" }} + namespace: {{ include "keep.namespace" . }} subjects: - kind: ServiceAccount name: {{ include "keep.serviceAccountName" . }} - namespace: {{ .Values.namespace | default .Release.Namespace | default "default" }} + namespace: {{ include "keep.namespace" . }} roleRef: kind: Role name: secret-manager-role diff --git a/charts/keep/templates/role-secret-manager.yaml b/charts/keep/templates/role-secret-manager.yaml index 57b842f..917ae57 100644 --- a/charts/keep/templates/role-secret-manager.yaml +++ b/charts/keep/templates/role-secret-manager.yaml @@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: secret-manager-role - namespace: {{ .Values.namespace | default .Release.Namespace | default "default" }} + namespace: {{ include "keep.namespace" . }} rules: - apiGroups: [""] resources: ["secrets"] diff --git a/charts/keep/values.yaml b/charts/keep/values.yaml index 0b8ed7e..680ebaf 100644 --- a/charts/keep/values.yaml +++ b/charts/keep/values.yaml @@ -1,4 +1,4 @@ -namespace: default +namespace: keep serviceAccount: create: true annotations: {} @@ -138,8 +138,8 @@ frontend: env: - name: NEXTAUTH_SECRET value: secret - - name: NEXTAUTH_URL - value: http://localhost:3000 + - name: API_URL_CLIENT + value: http://keep-backend:8080 # Shahar: took me whole day to figure out that I need to set this to 1 # https://github.com/nextauthjs/next-auth/issues/600 - name: VERCEL @@ -156,7 +156,7 @@ frontend: image: repository: us-central1-docker.pkg.dev/keephq/keep/keep-ui pullPolicy: Always - tag: "feature_websocket-improve" + tag: feat_debug-k8s imagePullSecrets: [] serviceAccount: create: true