feat(argo-rollouts): Add rollouts dashboard ingress support (#870)

* Add rollouts dashboard ingress support

Signed-off-by: Sergey Shaykhullin <sergeyshaykhullin@gmail.com>

* Fix eol

Signed-off-by: Sergey Shaykhullin <sergeyshaykhullin@gmail.com>

* Bump version

Signed-off-by: Sergey Shaykhullin <sergeyshaykhullin@gmail.com>

* Update Chart.yaml

Signed-off-by: Sergey Shaykhullin <sergeyshaykhullin@gmail.com>

* Fix service duplication

* Extend warning in terms of exposing the dashboard

Signed-off-by: Marco Kilchhofer <mkilchhofer@users.noreply.github.com>

* Adapt API overrides to other charts (apiVersionOverrides)

Also add missing param 'kubeVersionOverride' to README.

Signed-off-by: Marco Kilchhofer <mkilchhofer@users.noreply.github.com>

* Use consistent code style for empty lists

Signed-off-by: Marco Kilchhofer <mkilchhofer@users.noreply.github.com>

* Fix README `[/]` -> `["/"]`

Signed-off-by: Marco Kilchhofer <mkilchhofer@users.noreply.github.com>

Co-authored-by: Marco Kilchhofer <mkilchhofer@users.noreply.github.com>

charts/argo-rollouts/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: "v1.1.1"
 description: A Helm chart for Argo Rollouts
 name: argo-rollouts
-version: 2.8.1
+version: 2.9.0
 icon: https://argoproj.github.io/argo-rollouts/assets/logo.png
 home: https://github.com/argoproj/argo-helm
 maintainers:
@@ -11,4 +11,4 @@ maintainers:
   - name: jessesuen
 annotations:
   artifacthub.io/changes: |
-    - "[Updated]: Updated Argo Rollouts to v1.1.1"
+    - "[Added]: Dashboard ingress support"

charts/argo-rollouts/README.md

@@ -31,12 +31,13 @@ If dashboard is installed by `--set dashboard.enabled=true`, checkout the argo-r
 
 | :warning: WARNING when the Service type is set to LoadBalancer or NodePort |
 |:---------------------------------------------------------------------------|
-| The chart provides an option to change the service type (`dashboard.service.type`). Dashboard was never intended to be exposed as an administrative console -- it started out as a local view available via CLI. It should be protected by something (e.g. network access or even better an oauth proxy). |
+| The chart provides an option to change the service type (`dashboard.service.type`). Also it provides the ability to expose the dashboard via Ingress. Dashboard was never intended to be exposed as an administrative console -- it started out as a local view available via CLI. It should be protected by something (e.g. network access or even better an oauth proxy). |
 
 ## Chart Values
 
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
+| apiVersionOverrides.ingress | string | `""` | String to override apiVersion of ingresses rendered by this helm chart |
 | clusterInstall | bool | `true` | `false` runs controller in namespaced mode (does not require cluster RBAC) |
 | controller.component | string | `"rollouts-controller"` | Value of label `app.kubernetes.io/component` |
 | controller.image.pullPolicy | string | `"IfNotPresent"` | Image pull policy |
@@ -56,6 +57,7 @@ If dashboard is installed by `--set dashboard.enabled=true`, checkout the argo-r
 | imagePullSecrets | list | `[]` | Registry secret names as an array |
 | installCRDs | bool | `true` | Install and upgrade CRDs |
 | keepCRDs | bool | `true` | Keep CRD's on helm uninstall |
+| kubeVersionOverride | string | `""` | Override the Kubernetes version, which is used to evaluate certain manifests |
 | crdAnnotations | object | `{}` | Annotations to be added to all CRDs |
 | podAnnotations | object | `{}` | Annotations to be added to the Rollout pods |
 | podLabels | object | `{}` | Labels to be added to the Rollout pods |
@@ -84,6 +86,20 @@ If dashboard is installed by `--set dashboard.enabled=true`, checkout the argo-r
 | dashboard.serviceAccount.create | bool | `true` | Specifies whether a dashboard service account should be created |
 | dashboard.serviceAccount.annotations | object | `{}` | Annotations to add to the dashboard service account |
 | dashboard.serviceAccount.name | string | `""` | The name of the dashboard service account to use. If not set and create is true, a name is generated using the fullname template |
+| dashboard.service.annotations | object | `{}` | Dashboard service annotations |
+| dashboard.service.labels | object | `{}` | Dashboard service labels |
+| dashboard.service.portName | string | `dashboard` | Dashboard service port name |
+| dashboard.service.port | int | `3100` | Dashboard service port |
+| dashboard.service.targetPort | int | `3100` | Dashboard service target port |
+| dashboard.ingress.enabled | bool | `false` | Enable dashboard ingress support |
+| dashboard.ingress.annotations | object | `{}` | Dashboard ingress annotations |
+| dashboard.ingress.labels | object | `{}` | Dashboard ingress labels |
+| dashboard.ingress.ingressClassName | string | `""` | Dashboard ingress class name |
+| dashboard.ingress.hosts | list | `[]` | Dashboard ingress hosts |
+| dashboard.ingress.paths | list | `["/"]` | Dashboard ingress paths |
+| dashboard.ingress.pathType | string | `Prefix` | Dashboard ingress path type |
+| dashboard.ingress.extraPaths | list | `[]` | Dashboard ingress extra paths |
+| dashboard.ingress.tls | list | `[]` | Dashboard ingress tls |
 
 ## Upgrading
 

charts/argo-rollouts/templates/_helpers.tpl

@@ -62,3 +62,25 @@ Create the name of the service account to use
 {{- default "default" .Values.serviceAccount.name }}
 {{- end }}
 {{- end }}
+
+{{/*
+Return the appropriate apiVersion for ingress
+*/}}
+{{- define "argo-rollouts.ingress.apiVersion" -}}
+{{- if .Values.apiVersionOverrides.ingress -}}
+{{- print .Values.apiVersionOverrides.ingress -}}
+{{- else if semverCompare "<1.14-0" (include "argo-rollouts.kubeVersion" $) -}}
+{{- print "extensions/v1beta1" -}}
+{{- else if semverCompare "<1.19-0" (include "argo-rollouts.kubeVersion" $) -}}
+{{- print "networking.k8s.io/v1beta1" -}}
+{{- else -}}
+{{- print "networking.k8s.io/v1" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the target Kubernetes version
+*/}}
+{{- define "argo-rollouts.kubeVersion" -}}
+  {{- default .Capabilities.KubeVersion.Version .Values.kubeVersionOverride }}
+{{- end -}}

charts/argo-rollouts/templates/dashboard/deployment.yaml

@@ -40,7 +40,7 @@ spec:
         {{- end }}
         name: argo-rollouts-dashboard
         ports:
-        - containerPort: 3100
+        - containerPort: {{ .Values.dashboard.service.targetPort }}
           name: dashboard
         securityContext:
           {{- toYaml .Values.dashboard.containerSecurityContext | nindent 10 }}

charts/argo-rollouts/templates/dashboard/ingress.yaml

@@ -0,0 +1,89 @@
+{{- if and .Values.dashboard.enabled .Values.dashboard.ingress.enabled -}}
+{{- $serviceName := include "argo-rollouts.fullname" . -}}
+{{- $servicePort := .Values.dashboard.service.port -}}
+{{- $paths := .Values.dashboard.ingress.paths -}}
+{{- $extraPaths := .Values.dashboard.ingress.extraPaths -}}
+{{- $pathType := .Values.dashboard.ingress.pathType -}}
+apiVersion: {{ include "argo-rollouts.ingress.apiVersion" . }}
+kind: Ingress
+metadata:
+{{- if .Values.dashboard.ingress.annotations }}
+  annotations:
+  {{- range $key, $value := .Values.dashboard.ingress.annotations }}
+    {{ $key }}: {{ $value | quote }}
+  {{- end }}
+{{- end }}
+  name: {{ template "argo-rollouts.fullname" . }}-dashboard
+  labels:
+    {{- include "argo-rollouts.labels" . | nindent 4 }}
+    {{- if .Values.dashboard.ingress.labels }}
+    {{- toYaml .Values.dashboard.ingress.labels | nindent 4 }}
+    {{- end }}
+spec:
+  {{- if eq (include "argo-rollouts.ingress.apiVersion" $) "networking.k8s.io/v1" }}
+  {{- with .Values.dashboard.ingress.ingressClassName }}
+  ingressClassName: {{ . }}
+  {{- end }}
+  {{- end }}
+  rules:
+  {{- if .Values.dashboard.ingress.hosts }}
+    {{- range $host := .Values.dashboard.ingress.hosts }}
+    - host: {{ $host }}
+      http:
+        paths:
+          {{- if $extraPaths }}
+          {{- toYaml $extraPaths | nindent 10 }}
+          {{- end }}
+          {{- range $p := $paths }}
+          - path: {{ $p }}
+            {{- if eq (include "argo-rollouts.ingress.apiVersion" $) "networking.k8s.io/v1" }}
+            pathType: {{ $pathType }}
+            {{- end }}
+            backend:
+              {{- if eq (include "argo-rollouts.ingress.apiVersion" $) "networking.k8s.io/v1" }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  {{- if kindIs "float64" $servicePort }}
+                  number: {{ $servicePort }}
+                  {{- else }}
+                  name: {{ $servicePort }}
+                  {{- end }}
+              {{- else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{- end }}
+          {{- end -}}
+    {{- end -}}
+  {{- else }}
+    - http:
+        paths:
+          {{- if $extraPaths }}
+          {{- toYaml $extraPaths | nindent 10 }}
+          {{- end }}
+          {{- range $p := $paths }}
+          - path: {{ $p }}
+            {{- if eq (include "argo-rollouts.ingress.apiVersion" $) "networking.k8s.io/v1" }}
+            pathType: {{ $pathType }}
+            {{- end }}
+            backend:
+              {{- if eq (include "argo-rollouts.ingress.apiVersion" $) "networking.k8s.io/v1" }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  {{- if kindIs "float64" $servicePort }}
+                  number: {{ $servicePort }}
+                  {{- else }}
+                  name: {{ $servicePort }}
+                  {{- end }}
+              {{- else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{- end }}
+          {{- end -}}
+  {{- end -}}
+  {{- if .Values.dashboard.ingress.tls }}
+  tls:
+    {{- toYaml .Values.dashboard.ingress.tls | nindent 4 }}
+  {{- end -}}
+{{- end -}}

charts/argo-rollouts/templates/dashboard/service.yaml

@@ -6,8 +6,14 @@ metadata:
   labels:
     app.kubernetes.io/component: {{ .Values.dashboard.component }}
     {{- include "argo-rollouts.labels" . | nindent 4 }}
-  {{- with .Values.serviceAnnotations }}
+    {{- with .Values.dashboard.service.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
   annotations:
+  {{- with .Values.serviceAnnotations }}
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  {{- with .Values.dashboard.service.annotations }}
     {{- toYaml . | nindent 4 }}
   {{- end }}
 spec:
@@ -24,10 +30,10 @@ spec:
   {{- end }}
   type: {{ .Values.dashboard.service.type }}
   ports:
-  - name: dashboard
+  - name: {{ .Values.dashboard.service.portName }}
     protocol: TCP
-    port: 3100
+    port: {{ .Values.dashboard.service.port }}
-    targetPort: 3100
+    targetPort: {{ .Values.dashboard.service.targetPort }}
   selector:
     app.kubernetes.io/component: {{ .Values.dashboard.component }}
     {{- include "argo-rollouts.selectorLabels" . | nindent 4 }}

charts/argo-rollouts/values.yaml

@@ -3,6 +3,25 @@ keepCRDs: true
 
 clusterInstall: true
 
+## String to partially override "argo-rollouts.fullname" template
+##
+nameOverride:
+
+## String to fully override "argo-rollouts.fullname" template
+##
+fullnameOverride:
+
+## Override APIVersions
+## If you want to template helm charts but cannot access k8s API server
+## you can set api versions here
+apiVersionOverrides:
+  # String to override apiVersion of ingresses rendered by this helm chart
+  ingress: "" # networking.k8s.io/v1beta1
+
+## Override the Kubernetes version, which is used to evaluate certain manifests
+##
+kubeVersionOverride: ""
+
 controller:
   component: rollouts-controller
   ## Node selectors and tolerations for server scheduling to nodes with taints
@@ -134,9 +153,54 @@ dashboard:
     loadBalancerSourceRanges: []
     # -- Dashboard service external IPs
     externalIPs: []
+    # -- Service annotations
+    annotations: {}
+    # -- Service labels
+    labels: {}
+    # -- Service port name
+    portName: dashboard
+    # -- Service port
+    port: 3100
+    # -- Service target port
+    targetPort: 3100
   serviceAccount:
     create: true
     annotations: {}
     # The name of the service account to use.
     # If not set and create is true, a name is generated using the fullname template
     name: ""
+  ## Ingress configuration.
+  ## ref: https://kubernetes.io/docs/user-guide/ingress/
+  ##
+  ingress:
+    enabled: false
+    annotations: {}
+    labels: {}
+    ingressClassName: ""
+
+    ## Argo Rollouts Dashboard Ingress.
+    ## Hostnames must be provided if Ingress is enabled.
+    ## Secrets must be manually created in the namespace
+    ##
+    hosts: []
+      # - argorollouts.example.com
+    paths:
+      - /
+    pathType: Prefix
+    extraPaths: []
+      # - path: /*
+      #   backend:
+      #     serviceName: ssl-redirect
+      #     servicePort: use-annotation
+      ## for Kubernetes >=1.19 (when "networking.k8s.io/v1" is used)
+      # - path: /*
+      #   pathType: Prefix
+      #   backend:
+      #     service
+      #       name: ssl-redirect
+      #       port:
+      #         name: use-annotation
+    tls: []
+      # - secretName: argorollouts-example-tls
+      #   hosts:
+      #     - argorollouts.example.com