Conversation
merll
requested review from
Ani1357,
CasLubbers,
ElderMatt,
ferruhcihan and
j-zimnowoda
as code owners
Contributor
|
Comparison of Helm chart templating output: # raw/templates/resources.yaml
@@ data.REDIRECT_URIS @@
# v1/ConfigMap/apl-keycloak-operator/apl-keycloak-operator-cm
! ± value change
- ["https://alertmanager-demo.dev.linode-apl.net/*","https://alertmanager-dev.dev.linode-apl.net/*","https://alertmanager.dev.linode-apl.net/*","https://api.dev.linode-apl.net/*","https://argocd.dev.linode-apl.net/*","https://auth.dev.linode-apl.net/*","https://console.dev.linode-apl.net/*","https://gitea.dev.linode-apl.net/*","https://grafana-demo.dev.linode-apl.net/*","https://grafana-dev.dev.linode-apl.net/*","https://grafana.dev.linode-apl.net/*","https://harbor.dev.linode-apl.net/*","https://has-cert-svc-demo.dev.linode-apl.net/*","https://hello-admin.dev.linode-apl.net/*","https://hello-auth-demo.dev.linode-apl.net/*","https://hello-blue-green-demo.dev.linode-apl.net/*","https://hello-cname-demo.dev.linode-apl.net/*","https://hello-demo.dev.linode-apl.net/*","https://keycloak.dev.linode-apl.net/*","https://kubeflow-pipelines.dev.linode-apl.net/*","https://prometheus.dev.linode-apl.net/*","https://service-a-demo.dev.linode-apl.net/*","https://service-e-demo.dev.linode-apl.net/*","https://tekton-demo.dev.linode-apl.net/*","https://tekton-dev.dev.linode-apl.net/*","https://tekton.dev.linode-apl.net/*","https://tty.dev.linode-apl.net/*"]
+ ["https://alertmanager-demo.dev.linode-apl.net/*","https://alertmanager-dev.dev.linode-apl.net/*","https://alertmanager.dev.linode-apl.net/*","https://api.dev.linode-apl.net/*","https://argocd.dev.linode-apl.net/*","https://console.dev.linode-apl.net/*","https://gitea.dev.linode-apl.net/*","https://grafana-demo.dev.linode-apl.net/*","https://grafana-dev.dev.linode-apl.net/*","https://grafana.dev.linode-apl.net/*","https://harbor.dev.linode-apl.net/*","https://keycloak.dev.linode-apl.net/*","https://kubeflow-pipelines.dev.linode-apl.net/*","https://prometheus.dev.linode-apl.net/*","https://sealed-secrets.dev.linode-apl.net/*","https://tekton-demo.dev.linode-apl.net/*","https://tekton-dev.dev.linode-apl.net/*","https://tekton.dev.linode-apl.net/*","https://tty.dev.linode-apl.net/*"]
# apl-network-policies/templates/networkpolicies/gitea.yaml
@@ spec.ingress @@
! - one list entry removed:
- - from:
- - namespaceSelector:
- matchLabels:
- name: istio-system
- podSelector:
- matchLabels:
- app.kubernetes.io/instance: istio-ingressgateway-public
- - namespaceSelector:
- matchLabels:
- name: istio-system
- podSelector:
- matchLabels:
- gateway.networking.k8s.io/gateway-name: platform
! + one list entry added:
+ - from:
+ - namespaceSelector:
+ matchLabels:
+ name: istio-system
+ podSelector:
+ matchLabels:
+ gateway.networking.k8s.io/gateway-name: platform
# apl-network-policies/templates/networkpolicies/otomi-api.yaml
@@ spec.ingress.0.from @@
! - one list entry removed:
- - namespaceSelector:
- matchLabels:
- name: istio-system
- podSelector:
- matchLabels:
- app.kubernetes.io/instance: istio-ingressgateway-public
# Old file deleted: ingress-ingress-nginx-artifacts
# Old file deleted: ingress-ingress-nginx-net-a
# Old file deleted: ingress-ingress-nginx-platform
# Old file deleted: istio-system-istio-ingressgateway-public
# raw/templates/resources.yaml
@@ (root level) @@
# networking.k8s.io/v1/Ingress/oauth2-proxy
! - one document removed:
- ---
- # Source: raw/templates/resources.yaml
- apiVersion: networking.k8s.io/v1
- kind: Ingress
- metadata:
- name: oauth2-proxy
- annotations:
- externaldns: "true"
- ingress.kubernetes.io/ssl-redirect: "true"
- nginx.ingress.kubernetes.io/auth-response-headers: Authorization
- nginx.ingress.kubernetes.io/ssl-redirect: "true"
- labels:
- app: raw
- app.kubernetes.io/instance: oauth2-proxy-artifacts
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/name: raw
- app.kubernetes.io/part-of: otomi
- app.kubernetes.io/version: 0.2.3
- helm.sh/chart: raw-0.2.3
- spec:
- ingressClassName: platform
- rules:
- - host: auth.dev.linode-apl.net
- http:
- paths:
- - backend:
- service:
- name: oauth2-proxy
- port:
- number: 80
- path: /
- pathType: Prefix
- tls:
- - hosts:
- - auth.dev.linode-apl.net
- secretName: mysecret
# raw-cr/templates/resources.yaml
@@ spec.config @@
! - one map entry removed:
- istio:
- gateway.knative-serving.knative-ingress-gateway: istio-ingressgateway-1-26-0-public.istio-system.svc.cluster.local
@@ spec.ingress @@
! + one map entry added:
+ gateway-api:
+ enabled: true
@@ spec.ingress.istio @@
! - two map entries removed:
- knative-ingress-gateway:
- selector:
- istio: ingressgateway-1-26-0-public
- knative-local-gateway:
- selector:
- istio: ingressgateway-1-26-0-public
@@ spec.ingress.istio.enabled @@
! ± value change
- true
+ false
# kube-prometheus-stack/templates/prometheus/servicemonitors.yaml
@@ items @@
! - one list entry removed:
- - apiVersion: monitoring.coreos.com/v1
- kind: ServiceMonitor
- metadata:
- name: istio-ingressgateway-public
- namespace: monitoring
- labels:
- app: po-prometheus
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/instance: prometheus-operator
- app.kubernetes.io/version: 84.5.0
- app.kubernetes.io/part-of: po
- chart: kube-prometheus-stack-84.5.0
- release: prometheus-operator
- heritage: Helm
- prometheus: system
- spec:
- endpoints:
- - path: /stats/prometheus
- targetPort: http-envoy-prom
- namespaceSelector:
- matchNames:
- - istio-system
- selector:
- matchLabels:
- istio: ingressgateway-1-26-0-public
# otomi-api/templates/configmap.yaml
@@ data.VERSIONS @@
! ± value change in multiline text (one insert, one deletion)
- {"api":"main","aplCharts":"main","console":"main","consoleLogin":"main","core":"main","specVersion":66,"tasks":"main","tools":"main"}
+ {"api":"main","aplCharts":"main","console":"main","consoleLogin":"main","core":"main","specVersion":67,"tasks":"main","tools":"main"}
# otomi-api/templates/core-config.yaml
@@ data.core.yaml @@
! ± value change in multiline text (eleven inserts, 19 deletions)
adminApps:
- deps:
- prometheus
- ingress:
- - auth: true
- namespace: monitoring
- port: 9093
- svc: po-alertmanager
- type: public
name: alertmanager
ownHost: true
tags:
- alerting
- observability
- - ingress:
- - auth: true
- namespace: argocd
- svc: argocd-server
- type: public
- isShared: true
+ - isShared: true
name: argocd
ownHost: true
tags:
- cicd
[five lines unchanged)]
- tls
- name: cnpg
tags:
- database
- - ingress:
- - auth: true
- namespace: ingress
- svc: tty
- type: public
- isShared: true
+ - isShared: true
name: tty
ownHost: true
tags:
- tty
[one line unchanged)]
tags:
- ingress
- security
- tls
- - ingress:
- - namespace: gitea
- port: 3000
- svc: gitea-http
- type: public
- isShared: true
+ - isShared: true
name: gitea
ownHost: true
path: /user/oauth2/otomi-idp
tags:
- git
- deps:
- prometheus
- ingress:
- - auth: true
- namespace: grafana
- removeRequestHeaders:
- - authorization
- svc: po-grafana
- type: public
name: grafana
ownHost: true
path: /dashboards
tags:
- tracing
- telemetry
- observability
- - ingress:
- - auth: true
- namespace: harbor
- svc: harbor-portal
- type: public
- - auth: true
- forwardPath: true
- namespace: harbor
- paths:
- - /api/
- - /c/
- svc: harbor-core
- type: public
- - forwardPath: true
- hasOwnIngress: true
- namespace: harbor
- paths:
- - /chartrepo/
- - /service/
- - /v1/
- - /v2/
- svc: harbor-core
- type: public
- isShared: true
+ - isShared: true
name: harbor
ownHost: true
tags:
- security
- hide: true
name: hello
tags:
- demo
- - name: ingress-nginx
- tags:
- - ingress
- - auth
- name: istio
tags:
- ingress
- egress
[one line unchanged)]
- security
- tls
- observability
- policies
- - ingress:
- - namespace: keycloak
- port: 8080
- svc: keycloak-keycloakx-http
- type: public
- name: keycloak
+ - name: keycloak
ownHost: true
path: /admin/otomi/console/
tags:
- auth
[three lines unchanged)]
name: knative
tags:
- serverless
- functions
- - ingress:
- - auth: true
- namespace: kfp
- port: 80
- svc: ml-pipeline-ui
- type: public
- isShared: true
+ - isShared: true
name: kubeflow-pipelines
ownHost: true
tags:
- ai
- ml
- name: kserve
tags:
- ai
- - ingress:
- - auth: true
- namespace: tekton-dashboard
- port: 9097
- removeRequestHeaders:
- - authorization
- svc: tekton-dashboard
- type: public
- name: tekton
+ - name: tekton
ownHost: true
path: /#/namespaces/team-admin/pipelineruns
tags:
- buildpacks
[ten lines unchanged)]
- telemetry
- observability
useHost: grafana
- hide: true
- ingress:
- - auth: true
- namespace: otomi
- paths:
- - /api/
- svc: otomi-api
- type: public
- - auth: true
- namespace: otomi
- svc: otomi-console
- type: public
isShared: true
name: console
ownHost: true
- hide: true
- ingress:
- - auth: false
- namespace: otomi
- svc: otomi-api
- type: public
isShared: true
name: api
ownHost: true
- - ingress:
- - auth: true
- namespace: monitoring
- port: 9090
- svc: po-prometheus
- type: public
- name: prometheus
+ - name: prometheus
ownHost: true
tags:
- metrics
- observability
[159 lines unchanged)]
relatedLinks:
- https://goharbor.io/docs/2.6.0/
repo: https://github.com/goharbor/harbor
title: Harbor
- ingress-nginx:
- about: ingress-nginx is an Ingress controller for Kubernetes using NGINX as a
- reverse proxy and load balancer.
- appVersion: 1.14.3
- integration: App Platform integrated ingress-nginx into an advanced ingress architecture.
- license: Apache 2.0
- maintainers: NGINX
- relatedLinks:
- - https://docs.nginx.com/nginx-ingress-controller
- repo: https://github.com/kubernetes/ingress-nginx
- title: Ingress-NGINX
istio:
about: Istio is an open platform for providing a uniform way to integrate microservices,
manage traffic flow across microservices, enforce policies and aggregate telemetry
data. Istio's control plane provides an abstraction layer over the underlying
[240 lines unchanged)]
name: apl-operator
- app: grafana
name: grafana
- disableIstioInjection: true
- labels:
- apl.io/ingress-controller-scope: "true"
name: istio-system
- - disableIstioInjection: true
- labels:
- apl.io/ingress-controller-scope: "true"
- name: ingress
- name: keycloak
- disableIstioInjection: true
name: apl-keycloak-operator
- app: knative
[55 lines unchanged)]
disableIstioInjection: true
disablePolicyChecks: true
name: policy-reporter
teamApps:
- - ingress:
- - auth: true
- hasPrefix: true
- port: 9093
- svc: po-alertmanager
- type: public
- name: alertmanager
+ - name: alertmanager
ownHost: true
path: /#/alerts?silenced=false&inhibited=false&active=true&filter=%7Bnamespace%3D"team-#TEAM#"%7D
- - ingress:
- - auth: true
- forwardPath: true
- hasPrefix: true
- removeRequestHeaders:
- - authorization
- svc: po-grafana
- type: public
- name: grafana
+ - name: grafana
ownHost: true
path: /dashboards
- name: loki
path: /explore?orgId=1&left=%7B"datasource":"loki","queries":%5B%7B"refId":"A","expr":"","queryType":"range","datasource":%7B"type":"loki","uid":"loki"%7D%7D%5D,"range":%7B"from":"now-1h","to":"now"%7D%7D
useHost: grafana
- - ingress:
- - auth: true
- hasPrefix: true
- port: 9097
- removeRequestHeaders:
- - authorization
- svc: tekton-dashboard
- type: public
- name: tekton
+ - name: tekton
ownHost: true
# otomi-api/templates/deployment.yaml
# rabbitmq-cluster-operator/templates/messaging-topology-operator/validating-webhook-configuration.yaml
# Old file deleted: team-admin-team-ns-admin
# Old file deleted: team-ns/templates/ingress.yaml
# Old file deleted: team-ns/templates/istio-gateway.yaml
# Old file deleted: team-ns/templates/istio-virtualservices.yaml
# Old file deleted: team-ns/templates/ingress.yaml
# Old file deleted: team-ns/templates/istio-gateway.yaml
# Old file deleted: team-ns/templates/istio-virtualservices.yaml
# values-repo.yaml
@@ apps @@
! - two map entries removed:
- ingress-nginx-net-a:
- resources:
- controller:
- limits:
- cpu: 200m
- memory: 256Mi
- requests:
- cpu: 100m
- memory: 192Mi
- maxBodySize: 1024m
- modsecurity:
- enabled: true
- _rawValues:
- controller:
- config:
- modsecurity-snippet: |
- SecRuleRemoveById 911101
-
- ingress-nginx-platform:
- resources:
- controller:
- limits:
- cpu: 200m
- memory: 256Mi
- requests:
- cpu: 100m
- memory: 192Mi
- maxBodySize: 2048m
- enabled: true
- autoscaling:
- enabled: true
- maxReplicas: 10
- minReplicas: 1
- targetCPUUtilizationPercentage: 80
- targetMemoryUtilizationPercentage: 80
- modsecurity:
- enabled: true
- _rawValues:
- controller:
- config:
- modsecurity-snippet: |
- SecRuleRemoveById 911102
@@ apps.istio.autoscaling @@
! - one map entry removed:
- ingressgateway:
- maxReplicas: 5
- minReplicas: 1
@@ apps.istio.resources @@
! - one map entry removed:
- ingressgateway:
- limits:
- cpu: 500m
- memory: 256Mi
- requests:
- cpu: 100m
- memory: 128Mi
@@ versions.specVersion @@
! ± value change
- 66
+ 67
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
📌 Summary
This PR removes the chart and values template of ingress-nginx, the values template of istio-ingress-gateway (chart is also used by egress gateway), and all references in templates and values structure.
Some code around collecting redirect URLs for Keycloak as been refactored. As a result, only core apps and team apps are added, not other services.
Upgrade (pre- / post-runtime) code has not been removed as this is handled in another issue.
🔍 Reviewer Notes
For not showing any elements of ingress-nginx any longer, this branch should be tested together with the corresponding feature branches of API and Console:
🧹 Checklist