From 789f0e168559ad0f6ce93dfc2754b1fd64243e2c Mon Sep 17 00:00:00 2001 From: Gabriel Eisbruch Date: Thu, 4 Sep 2025 10:15:28 -0300 Subject: [PATCH 1/6] Add init scripts --- charts/agent/templates/deployment.yaml | 5 +++++ charts/agent/values.yaml | 2 ++ 2 files changed, 7 insertions(+) diff --git a/charts/agent/templates/deployment.yaml b/charts/agent/templates/deployment.yaml index 6a682db..33b37e9 100644 --- a/charts/agent/templates/deployment.yaml +++ b/charts/agent/templates/deployment.yaml @@ -54,6 +54,11 @@ spec: volumeMounts: {{- toYaml . | nindent 12 }} {{- end }} + env: + {{- if .Values.initScripts }} + - name: INIT_SCRIPTS_CONFIGMAP + value: "init-scripts-{{ .Release.Name }}" + {{- end }} envFrom: - secretRef: name: {{ .Values.configuration.secretName }}-{{ .Release.Name }} diff --git a/charts/agent/values.yaml b/charts/agent/values.yaml index d452e60..0266e2a 100644 --- a/charts/agent/values.yaml +++ b/charts/agent/values.yaml @@ -106,6 +106,8 @@ initContainers: [] volumes: [] +initScripts: [] + # Additional volumeMounts on the output Deployment definition. volumeMounts: [] From c15c1fc43ee661120b9e336ee8d921ae1d74de08 Mon Sep 17 00:00:00 2001 From: Gabriel Eisbruch Date: Wed, 17 Sep 2025 15:49:03 -0300 Subject: [PATCH 2/6] feature: Improve docs and support install in k3s --- charts/base/README.md | 45 ++++++++++++---------- charts/base/templates/gateways.yaml | 39 +++++++++++++++++-- charts/base/templates/pre-install-crd.yaml | 4 +- charts/base/values.yaml | 7 +++- 4 files changed, 69 insertions(+), 26 deletions(-) diff --git a/charts/base/README.md b/charts/base/README.md index 6dc48f4..056844b 100644 --- a/charts/base/README.md +++ b/charts/base/README.md @@ -11,7 +11,7 @@ To install the nullplatform base helm chart with custom values, you can use the following `helm install` command with specific `--set` parameters: ```bash -helm install my-release nullplatform/base \ +helm install my-release nullplatform/nullplatform-base \ --set global.provider=eks \ --set global.awsRegion=us-east-1 \ --set tls.secretName=my-tls-secret \ @@ -22,22 +22,26 @@ helm install my-release nullplatform/base \ The following table lists the configurable parameters of the Null chart and their default values. -| Parameter | Description | Default | -|-----------------------------| --------------------------------------------------------- |------------------------------------| -| `global.provider` | Kubernetes provider (options: "oks", "gke", "eks", "aks") | `"eks"` | -| `global.awsRegion` | AWS region (applicable for EKS provider) | `"us-east-1"` | -| `tls.secretName` | Name of the TLS secret | `""` | -| `logging.gelf.enabled` | Enable GELF logging | `false` | -| `logging.loki.enabled` | Enable Loki logging | `false` | -| `logging.datadog.enabled` | Enable Datadog logging | `false` | -| `cloudwatch.enabled` | Enable CloudWatch | `false` | -| `metricsServer.enabled` | Enable metrics server | `true` | -| `gatewayAPI.enabled` | Enable Gateway API | `true` | -| `imagePullSecrets.enabled` | Enable image pull secret | `false` | -| `imagePullSecrets.name` | Name of the image pull secret | `"image-pull-secret-nullplatform"` | -| `imagePullSecrets.registry` | Container registry URL for image pull secret | `""` | -| `imagePullSecrets.username` | Username for container registry | `""` | -| `imagePullSecrets.password` | Password for container registry | `""` | +| Parameter | Description | Default | +|-----------------------------| ----------------------------------------------------------------- |------------------------------------| +| `global.provider` | Kubernetes provider (options: "oks", "gke", "eks", "aks", native) | `"eks"` | +| `global.awsRegion` | AWS region (applicable for EKS provider) | `"us-east-1"` | +| `global.installGatewayV2Crd`| Install Gateway API v2 CRDs via pre-install hook | `true` | +| `gateway.http.enabled` | Enable HTTP listener on port 80 | `false` | +| `gateway.internal.enabled` | Enable internal/private load balancer gateway | `true` | +| `tls.secretName` | Name of the TLS secret | `""` | +| `tls.required` | Require TLS secret name to be provided | `true` | +| `logging.gelf.enabled` | Enable GELF logging | `false` | +| `logging.loki.enabled` | Enable Loki logging | `false` | +| `logging.datadog.enabled` | Enable Datadog logging | `false` | +| `cloudwatch.enabled` | Enable CloudWatch | `false` | +| `metricsServer.enabled` | Enable metrics server | `true` | +| `gatewayAPI.enabled` | Enable Gateway API | `true` | +| `imagePullSecrets.enabled` | Enable image pull secret | `false` | +| `imagePullSecrets.name` | Name of the image pull secret | `"image-pull-secret-nullplatform"` | +| `imagePullSecrets.registry` | Container registry URL for image pull secret | `""` | +| `imagePullSecrets.username` | Username for container registry | `""` | +| `imagePullSecrets.password` | Password for container registry | `""` | For a complete list of configurable options, please refer to the `values.yaml` file. @@ -52,8 +56,9 @@ When users attempt to run helm uninstall, they must check the job logs to see th ## Notes - When using specific logging solutions (GELF, Loki, Datadog), make sure to set their respective `enabled` flag to `true` and provide the necessary configuration details. -- The `global.provider` must be set to one of the supported providers: "oks", "gke", "eks", or "aks". +- The `global.provider` must be set to one of the supported providers: "oks", "gke", "eks", "native" or "aks". - For EKS installations, you may want to enable CloudWatch by setting `cloudwatch.enabled=true`. -- Always provide a valid `tls.secretName` when configuring TLS. +- By default, TLS configuration requires a valid `tls.secretName`. Set `tls.required=false` to make TLS optional. +- Set `global.installGatewayV2Crd=false` to skip installing Gateway API CRDs if they're already present in your cluster. - The `metrics-server` and `gateway-api` are enabled by default. Set their `enabled` flag to `false` if you don't want to use them. -- If you have `nullplatform` and/or `nullplatform-tools` already created run helm with `--no-hooks` option \ No newline at end of file +- If you have `nullplatform` and/or `nullplatform-tools` already created run helm with `--no-hooks` option diff --git a/charts/base/templates/gateways.yaml b/charts/base/templates/gateways.yaml index 2c15b63..b10de66 100644 --- a/charts/base/templates/gateways.yaml +++ b/charts/base/templates/gateways.yaml @@ -1,5 +1,10 @@ {{- if or (eq .Values.global.provider "aks") (eq .Values.global.provider "gke") (eq .Values.global.provider "oke") }} -{{- $secretName := required "The 'tls.secretName' field is required" .Values.tls.secretName }} +{{- $secretName := "" }} +{{- if .Values.tls.required }} +{{- $secretName = required "The 'tls.secretName' field is required" .Values.tls.secretName }} +{{- else }} +{{- $secretName = .Values.tls.secretName | default "" }} +{{- end }} {{- if not (lookup "v1" "Namespace" "" .Values.namespaces.gateway) }} apiVersion: v1 kind: Namespace @@ -12,7 +17,7 @@ metadata: "helm.sh/resource-policy": "keep" {{- end }} --- -{{- if .Values.gateways.enabled }} +{{- if and .Values.gateways.enabled .Values.gateway.internal.enabled }} apiVersion: gateway.networking.k8s.io/v1beta1 kind: Gateway metadata: @@ -30,17 +35,29 @@ spec: {{- toYaml . | nindent 2 }} {{- end }} listeners: - - name: default + {{- if .Values.gateway.http.enabled }} + - name: http + port: 80 + protocol: HTTP + allowedRoutes: + namespaces: + from: All + {{- end }} + {{- if .Values.tls.required }} + - name: https port: 443 protocol: HTTPS + {{- if $secretName }} tls: certificateRefs: - group: '' kind: Secret name: {{ $secretName }} + {{- end }} allowedRoutes: namespaces: from: All + {{- end }} --- apiVersion: gateway.networking.k8s.io/v1beta1 kind: Gateway @@ -58,17 +75,29 @@ spec: {{- toYaml . | nindent 2 }} {{- end }} listeners: - - name: default + {{- if .Values.gateway.http.enabled }} + - name: http + port: 80 + protocol: HTTP + allowedRoutes: + namespaces: + from: All + {{- end }} + {{- if .Values.tls.required }} + - name: https port: 443 protocol: HTTPS + {{- if $secretName }} tls: certificateRefs: - group: '' kind: Secret name: {{ $secretName }} + {{- end }} allowedRoutes: namespaces: from: All + {{- end }} --- apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler @@ -106,6 +135,7 @@ spec: matchLabels: istio.io/gateway-name: {{ .Values.gateway.public.name }} --- +{{- if .Values.gateway.internal.enabled }} apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: @@ -143,3 +173,4 @@ spec: istio.io/gateway-name: {{ .Values.gateway.internal.name }} {{- end }} {{- end }} +{{- end }} diff --git a/charts/base/templates/pre-install-crd.yaml b/charts/base/templates/pre-install-crd.yaml index 4635a27..11908c0 100644 --- a/charts/base/templates/pre-install-crd.yaml +++ b/charts/base/templates/pre-install-crd.yaml @@ -1,3 +1,4 @@ +{{- if .Values.global.installGatewayV2Crd }} apiVersion: batch/v1 kind: Job metadata: @@ -9,7 +10,7 @@ spec: spec: containers: - name: install-crds - image: bitnami/kubectl:latest + image: bitnamisecure/kubectl:latest command: - /bin/sh - -c @@ -17,3 +18,4 @@ spec: kubectl get crd gateways.gateway.networking.k8s.io &> /dev/null || \ { kubectl kustomize "github.com/kubernetes-sigs/gateway-api/config/crd?ref=444631bfe06f3bcca5d0eadf1857eac1d369421d" | kubectl apply -f -; } restartPolicy: OnFailure +{{- end }} diff --git a/charts/base/values.yaml b/charts/base/values.yaml index 3755c54..86dd33a 100644 --- a/charts/base/values.yaml +++ b/charts/base/values.yaml @@ -1,5 +1,6 @@ # Global settings global: + installGatewayV2Crd: true # Kubernetes provider (options: "oks", "gke", "eks", "aks") provider: "eks" # AWS region (applicable for EKS provider) @@ -12,11 +13,15 @@ namespaces: gateway: "gateways" # TLS configuration tls: + required: true # Name of the TLS secret secretName: "wildcard-tls" -# Gateway configurations + # Gateway configurations gateway: + http: + enabled: false internal: + enabled: true name: "gateway-private" addresses: {} autoscaling: From dc889ce24e3bcadf770204c771f718737f0e44b1 Mon Sep 17 00:00:00 2001 From: Gabriel Eisbruch Date: Wed, 17 Sep 2025 15:49:29 -0300 Subject: [PATCH 3/6] feature: Improve docs and support install in k3s --- charts/agent/templates/configmap.yaml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 charts/agent/templates/configmap.yaml diff --git a/charts/agent/templates/configmap.yaml b/charts/agent/templates/configmap.yaml new file mode 100644 index 0000000..fda8975 --- /dev/null +++ b/charts/agent/templates/configmap.yaml @@ -0,0 +1,14 @@ +{{- if .Values.initScripts }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: init-scripts-{{ .Release.Name }} + namespace: {{ .Values.namespace }} + labels: + {{- include "agent.labels" . | nindent 4 }} +data: + {{- range $i, $cmd := .Values.initScripts }} + {{ printf "%02d-script.sh" (add1 $i) }}: | + {{ $cmd }} + {{- end }} +{{- end }} \ No newline at end of file From 9271eefafbe8db4e1472b002c4721d8844a0ae45 Mon Sep 17 00:00:00 2001 From: Gabriel Eisbruch Date: Fri, 19 Sep 2025 12:13:33 -0300 Subject: [PATCH 4/6] Fix gateways --- charts/base/templates/gateways.yaml | 76 ++++++++++++++--------------- 1 file changed, 38 insertions(+), 38 deletions(-) diff --git a/charts/base/templates/gateways.yaml b/charts/base/templates/gateways.yaml index b10de66..d9b519e 100644 --- a/charts/base/templates/gateways.yaml +++ b/charts/base/templates/gateways.yaml @@ -58,7 +58,44 @@ spec: namespaces: from: All {{- end }} + +--- +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ .Values.gateway.internal.name }} + namespace: {{ .Values.namespaces.gateway }} +spec: + # Match the generated Deployment by reference + # Note: Do not use `kind: Gateway`. + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ .Values.gateway.internal.name }}-istio + namespace: {{ .Values.namespaces.gateway }} + minReplicas: {{ .Values.gateway.internal.autoscaling.minReplicas }} + maxReplicas: {{ .Values.gateway.internal.autoscaling.maxReplicas }} + metrics: + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: 50 --- +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: {{ .Values.gateway.internal.name }} + namespace: {{ .Values.namespaces.gateway }} + +spec: + minAvailable: 1 + selector: + # Match the generated Deployment by label + matchLabels: + istio.io/gateway-name: {{ .Values.gateway.internal.name }} +{{- end }} apiVersion: gateway.networking.k8s.io/v1beta1 kind: Gateway metadata: @@ -135,42 +172,5 @@ spec: matchLabels: istio.io/gateway-name: {{ .Values.gateway.public.name }} --- -{{- if .Values.gateway.internal.enabled }} -apiVersion: autoscaling/v2 -kind: HorizontalPodAutoscaler -metadata: - name: {{ .Values.gateway.internal.name }} - namespace: {{ .Values.namespaces.gateway }} -spec: - # Match the generated Deployment by reference - # Note: Do not use `kind: Gateway`. - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{ .Values.gateway.internal.name }}-istio - namespace: {{ .Values.namespaces.gateway }} - minReplicas: {{ .Values.gateway.internal.autoscaling.minReplicas }} - maxReplicas: {{ .Values.gateway.internal.autoscaling.maxReplicas }} - metrics: - - type: Resource - resource: - name: cpu - target: - type: Utilization - averageUtilization: 50 ---- -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - name: {{ .Values.gateway.internal.name }} - namespace: {{ .Values.namespaces.gateway }} - -spec: - minAvailable: 1 - selector: - # Match the generated Deployment by label - matchLabels: - istio.io/gateway-name: {{ .Values.gateway.internal.name }} -{{- end }} -{{- end }} {{- end }} + From 332276213152806e6bb93c8af0af8c4e5d579521 Mon Sep 17 00:00:00 2001 From: Gabriel Eisbruch Date: Fri, 19 Sep 2025 12:16:52 -0300 Subject: [PATCH 5/6] Merge --- charts/base/templates/gateways.yaml | 37 +---------------------------- 1 file changed, 1 insertion(+), 36 deletions(-) diff --git a/charts/base/templates/gateways.yaml b/charts/base/templates/gateways.yaml index 1284691..0306d28 100644 --- a/charts/base/templates/gateways.yaml +++ b/charts/base/templates/gateways.yaml @@ -60,42 +60,6 @@ spec: {{- end }} --- -{{- if .Values.gateway.internal.enabled }} -apiVersion: autoscaling/v2 -kind: HorizontalPodAutoscaler -metadata: - name: {{ .Values.gateway.internal.name }} - namespace: {{ .Values.namespaces.gateway }} -spec: - # Match the generated Deployment by reference - # Note: Do not use `kind: Gateway`. - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{ .Values.gateway.internal.name }}-istio - namespace: {{ .Values.namespaces.gateway }} - minReplicas: {{ .Values.gateway.internal.autoscaling.minReplicas }} - maxReplicas: {{ .Values.gateway.internal.autoscaling.maxReplicas }} - metrics: - - type: Resource - resource: - name: cpu - target: - type: Utilization - averageUtilization: 50 ---- -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - name: {{ .Values.gateway.internal.name }} - namespace: {{ .Values.namespaces.gateway }} - -spec: - minAvailable: 1 - selector: - # Match the generated Deployment by label - matchLabels: - istio.io/gateway-name: {{ .Values.gateway.internal.name }} {{- end }} apiVersion: gateway.networking.k8s.io/v1beta1 kind: Gateway @@ -174,3 +138,4 @@ spec: istio.io/gateway-name: {{ .Values.gateway.public.name }} --- {{- end }} + From c7c6e8a6aafebdda82819327edfd317cc6ab1993 Mon Sep 17 00:00:00 2001 From: Gabriel Eisbruch Date: Fri, 19 Sep 2025 15:32:22 -0300 Subject: [PATCH 6/6] Update gateways --- charts/base/templates/gateways.yaml | 36 +++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/charts/base/templates/gateways.yaml b/charts/base/templates/gateways.yaml index 0306d28..2cfb9f4 100644 --- a/charts/base/templates/gateways.yaml +++ b/charts/base/templates/gateways.yaml @@ -60,6 +60,42 @@ spec: {{- end }} --- +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ .Values.gateway.internal.name }} + namespace: {{ .Values.namespaces.gateway }} +spec: + # Match the generated Deployment by reference + # Note: Do not use `kind: Gateway`. + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ .Values.gateway.internal.name }}-istio + namespace: {{ .Values.namespaces.gateway }} + minReplicas: {{ .Values.gateway.internal.autoscaling.minReplicas }} + maxReplicas: {{ .Values.gateway.internal.autoscaling.maxReplicas }} + metrics: + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: 50 +--- +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: {{ .Values.gateway.internal.name }} + namespace: {{ .Values.namespaces.gateway }} + +spec: + minAvailable: 1 + selector: + # Match the generated Deployment by label + matchLabels: + istio.io/gateway-name: {{ .Values.gateway.internal.name }} +--- {{- end }} apiVersion: gateway.networking.k8s.io/v1beta1 kind: Gateway