Merge branch 'main' of github.com:kubeshop/tracetest-cloud-charts

README.md

@@ -1,13 +1,163 @@
 # tracetest-cloud-charts
 
-TODO: make this nice
+This is the helm repo for the on prem instalation of Tracetest
 
-this repo provides a script to create a local kind cluster with an entire Tracetest cloud instance. 
-while we have this repo private and all the private images, this is just deploying Tracetest cloud.
-we need to use a secret so you need to use the create image pull secret script to configure that in the kind cluster.
+## DNS
 
-once everything is public, we can use kind to validate PRs before merging.
-this can also become the main helm repo for cloud, since it has a much nicer approach, but we'll see if that works out without needing too much customization
+Tracetest needs to be accesible from outside the cluster, exposed via a [Traefik's](#Traefik) IgressRoute.
+For this, it requires a DNS resolvable name. You can use a public DNS, an intranet DNS, or even hostfile based,
+as long as clients are able to resolve the hostnames to the correct IPs.
+
+You can choose any hostname you want. Tracetest imposes no limitation on this.
+
+If you choose to use a resolving mechanism that is not available within the Kuberetes cluster where Tracetest runs, 
+you can configure the clusters CoreDNS to point the selected hostname to the Traefik Service. We provide a [script for this](./scripts/coredns_config.sh)
+
+If you want to use managed agents, and send tracing info to them from outside the cluster, you need to set a wildcard subdomain.
+
+**Example**
+
+Your main domain is `tracetest.acme.com`. You need to setup `tracetest.acme.com` and `*.tracetest.acme.com` to the LoadBalancer IP.
+
+
+## Cluster prerequisites
+
+Tracetest expects some preconditions in the environment where it runs.
+
+### Cert manager
+
+Tracetest uses cert-manager to create sign certificates for JWT tokens, and SSL certificates for Ingress.
+
+Quick install:
+```
+helm repo add jetstack https://charts.jetstack.io --force-update
+  helm upgrade --install \
+    cert-manager jetstack/cert-manager \
+    --namespace cert-manager \
+    --create-namespace \
+    --version v1.15.0 \
+    --set crds.enabled=true
+```
+
+Cert Manager defines Issuers. If you have existing Issuers that you want to use, you can configure them in `values.yaml`.
+
+You can also create a SelfSigned issuer and create self signed certificates:
+```
+cat <<EOF | kubectl apply -f -
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: issuer-selfsigned
+  labels:
+spec:
+  selfSigned: {}
+EOF
+```
+
+### Traefik
+
+Tracetest relies on Traefik for its exposed web UI and API, as well for the managed agents.
+The process is simple, but the process for exposing the Traefik deplyment might differ depending on the cloud platform.
+See [Install Traefik using Helm Chart](https://doc.traefik.io/traefik/getting-started/install-traefik/#use-the-helm-chart)
+
+## External Services
+
+Tracetest requires two databases to operate
+
+### PostgreSQL
+
+We recommend using an out of cluster instance. Version should not matter a lot, but it is always a good idea to have the latest.
+
+You can configure the credentials in `values.yaml`:
+
+```yaml
+global:
+  postgresql:
+    auth:
+      host: "ttdeps-postgresql"
+      username: "postgres"
+      password: "postgres"
+      database: "tracetest"
+```
+
+### MongoDB
+
+We recommend using an out of cluster instance. Version should not matter a lot, but it is always a good idea to have the latest.
+
+You can configure the credentials in `values.yaml`:
+
+```yaml
+global:
+  mongodb:
+    auth:
+      protocol: "mongodb"
+      host: "ttdeps-tracetest-dependencies-mongodb"
+      username: "mongodb"
+      password: "mongodb"
+      database: "tracetest"
+      options:
+        retryWrites: "true"
+        authSource: admin
+```
+
+# SSO
+
+This chart comes with a **EXTREMELY INSECURE** default GitHub OAuth App. It is used for demo purposes only, and should not under any circumstances be used in  any real environment.
+
+**TODO: add guides on how to setup oauth apps**
+
+You can enable GitHub and Google SSO by creating corresponding Apps and setting the credentials in `values.yaml`:
+
+```yaml
+global:
+      google:
+      clientID: "clientID"
+      clientSecret: "clientSecret"
+    github:
+      clientID: "clientID"
+      clientSecret: "clientSecret"
+```
+
+## Installing the chart.
+
+`tracetest-onprem` is an umbrella chart that simplifies the installation of Tracetest on a cluster that fits the prerequisites.
+
+The basic steps to install are:
+```sh
+helm repo add tracetestcloud https://kubeshop.github.io/tracetest-cloud-charts
+
+helm install my-tracetest tracetestcloud/tracetest-onprem \
+  --set global.licenseKey=YOUR-TRACETEST-LICENSE \
+  -f values.yaml
+```
+
+Here's an example values.yaml:
+
+```yaml
+global:
+  urls:
+    rootDomain: &rootDomain "tracetest.acme.com" #it's important to keep the `&rootDomain` part
+
+  postgresql:
+    auth:
+      host: "ttdeps-postgresql"
+      username: "postgres"
+      password: "postgres"
+      database: "tracetest"
+
+  mongodb:
+    auth:
+      protocol: "mongodb"
+      host: "ttdeps-tracetest-dependencies-mongodb"
+      username: "mongodb"
+      password: "mongodb"
+      database: "tracetest"
+      options:
+        retryWrites: "true"
+        authSource: admin
+```
+
+# Developing
 
 ## TLDR
 
@@ -22,17 +172,4 @@ kubectl get pods
 ```
 
 now you can access the app at https://tracetest.localdev:30000
-The pokeshop demo is available at https://pokeshop.localdev:30000
-
-## charts
-
-the tracetest-onprem chart is the main umbrella chart. 
-
-tracetest-dependencies is mainly for development/PR validation. it installs cert manager and other dependencies that can be considered "external", like traefik, postgres, etc.
-onprem users will have to configure this externally, so we'll need docs for that (like testkube has for the nginx ingerss controller)
-
-one exception is cert-manager, that is a dependency but is very very hard to install as a subchart, so it's installed in the kind setup script
-
-tracetest-auth is an umbrella for grouping all the ory services toghether
-
-tracetest-core and tracetest-cloud are copypasted from the infra repo so they are a base, but we can modify them as we want without impacting our cloud infra.
+The pokeshop demo is available at https://pokeshop.localdev:30000

charts/tracetest-agent-operator/Chart.yaml

@@ -17,7 +17,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: v1.6.0
+version: v1.7.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
@@ -26,5 +26,5 @@ version: v1.6.0
 appVersion: v1.4.4-rc.10
 dependencies:
 - name: tracetest-common
-  version: v1.0.0
+  version: v1.1.0
   repository: file://../tracetest-common

charts/tracetest-agent-operator/templates/configmap.yaml

@@ -5,7 +5,7 @@ metadata:
   labels:
     {{- include "tracetest-agent-operator.labels" . | nindent 4 }}
 data:
-  TRACETEST_NATS_ENDPOINT: "{{ .Values.global.nats.endpoint }}"
+  TRACETEST_NATS_ENDPOINT: {{ include "tracetest-common.nats_endpoint" . }}
   TRACETEST_TARGET_VERSION: "{{ .Values.config.targetVersion }}"
   TRACETEST_TARGET_NAMESPACE: "{{ .Values.config.targetNamespace }}"
   TRACETEST_TARGET_SERVER: {{ include "tracetest-common.url" .Values.global.urls.web }}

charts/tracetest-auth/Chart.yaml

@@ -27,7 +27,7 @@ appVersion: v1.2.0
 
 dependencies:
 - name: tracetest-common
-  version: v1.0.0
+  version: v1.1.0
   repository: file://../tracetest-common
 - name: keto
   version: 0.36.0

charts/tracetest-cloud/Chart.yaml

@@ -17,7 +17,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: v1.14.0
+version: v1.15.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
@@ -27,5 +27,5 @@ appVersion: v1.4.4-rc.10
 
 dependencies:
 - name: tracetest-common
-  version: v1.0.0
+  version: v1.1.0
   repository: file://../tracetest-common

charts/tracetest-cloud/templates/configmap.yaml

@@ -18,7 +18,7 @@ data:
   KETO_API_URL: "http://{{ .Release.Name }}-keto-read.{{ .Release.Namespace }}"
   KRATOS_ADMIN_API_URL: "http://{{ .Release.Name }}-kratos-admin.{{ .Release.Namespace }}"
   KRATOS_PUBLIC_API_URL: "http://{{ .Release.Name }}-kratos-public.{{ .Release.Namespace }}"
-  NATS_URI: "{{ .Values.global.nats.endpoint }}"
+  NATS_URI: {{ include "tracetest-common.nats_endpoint" . }}
   OAUTH_ENABLED: "false"
   OSS_ENDPOINT: "http://{{ .Release.Name }}-tracetest-core.{{ .Release.Namespace }}:{{ .Values.global.tracetestCore.service.httpPort }}"
   ROOT_DOMAIN: "{{ .Values.global.urls.rootDomain }}"

charts/tracetest-common/Chart.yaml

@@ -15,7 +15,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: v1.0.0
+version: v1.1.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

charts/tracetest-common/templates/_functions.tpl

@@ -47,4 +47,12 @@ Create a URI from a given object containing protocol, hostname, port, and path.
 {{- else }}
 {{- printf "%s://%s:%s%s" $protocol $hostname $port $path }}
 {{- end }}
+{{- end }}
+
+{{- define "tracetest-common.nats_endpoint" -}}
+{{- if .Values.global.natsEndpointOverride }}
+  {{- .Values.global.natsEndpointOverride }}
+{{- else }}
+  {{- printf "nats://{{.Release.Name}}-nats-headless.{{.Release.Namespace}}" }}
+{{- end }}
 {{- end }}

charts/tracetest-core/templates/configmap.yaml

@@ -7,7 +7,7 @@ metadata:
 data:
   config.yaml: |-
     nats:
-      endpoint: {{ .Values.global.nats.endpoint }}
+      endpoint: {{ include "tracetest-common.nats_endpoint" . }}
 
     telemetry:
       profiler:

charts/tracetest-frontend/Chart.yaml

@@ -15,7 +15,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: v1.1.0
+version: v1.3.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
@@ -25,5 +25,5 @@ appVersion: v1.4.5
 
 dependencies:
 - name: tracetest-common
-  version: v1.0.0
+  version: v1.1.0
   repository: file://../tracetest-common

charts/tracetest-monitor-operator/Chart.yaml

@@ -17,7 +17,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: v1.2.0
+version: v1.3.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
@@ -26,5 +26,5 @@ version: v1.2.0
 appVersion: v1.4.4-rc.10
 dependencies:
 - name: tracetest-common
-  version: v1.0.0
+  version: v1.1.0
   repository: file://../tracetest-common

charts/tracetest-monitor-operator/templates/configmap.yaml

@@ -5,7 +5,7 @@ metadata:
   labels:
     {{- include "tracetest-monitor-operator.labels" . | nindent 4 }}
 data:
-  TRACETEST_NATS_ENDPOINT: "{{ .Values.global.nats.endpoint }}"
+  TRACETEST_NATS_ENDPOINT: {{ include "tracetest-common.nats_endpoint" . }}
   TRACETEST_TARGET_NAMESPACE: "{{ .Values.config.targetNamespace }}"
   TRACETEST_TARGET_SERVERURL: {{ include "tracetest-common.url" .Values.global.urls.web }}
   TRACETEST_TRACING_COLLECTORENDPOINT: "{{ .Values.config.collectorEndpoint }}"

charts/tracetest-onprem/Chart.yaml

@@ -2,22 +2,22 @@ apiVersion: v2
 name: tracetest-onprem
 description: A Helm chart for tracetest On Prem
 type: application
-version: v1.24.0
+version: v1.26.0
 dependencies:
 - name: tracetest-frontend
-  version: v1.1.0
+  version: v1.3.0
   repository: file://../tracetest-frontend
 - name: tracetest-core
   version: v1.13.0
   repository: file://../tracetest-core
 - name: tracetest-cloud
-  version: v1.14.0
+  version: v1.15.0
   repository: file://../tracetest-cloud
 - name: tracetest-agent-operator
-  version: v1.6.0
+  version: v1.7.0
   repository: file://../tracetest-agent-operator
 - name: tracetest-monitor-operator
-  version: v1.2.0
+  version: v1.3.0
   repository: file://../tracetest-monitor-operator
 - name: tracetest-auth
   version: v1.11.0

charts/tracetest-onprem/templates/nats-initial-config.yaml

@@ -16,11 +16,12 @@ spec:
         command: ["/bin/sh", "-c"]
         env:
         - name: NATS_URL
-          value: {{ .Values.global.nats.endpoint }}
+          value: {{ include "tracetest-common.nats_endpoint" . }}
         args:
           - |
+            nats
             timeout=600
-            while ! nc -z -w1 {{ .Values.global.nats.host }} 4222; do
+            while ! nats rtt --server {{ include "tracetest-common.nats_endpoint" . }}; do
               echo "Waiting for NATS connection..."
               sleep 1
               timeout=$((timeout-1))