karpor icon indicating copy to clipboard operation
karpor copied to clipboard
Published 1 month ago verified publisher icon KusionStack

Installation: Add Helm Parameter for Ingress

Open elliotxx opened this issue 10 months ago • 19 comments

What would you like to be added?

Propose a new Helm parameter to optionally enable Ingress during installation.

Why is this needed?

Currently, users need to manually create an Ingress for Karpor. This enhancement would allow users to enable Ingress via a Helm flag, reducing manual steps and improving deployment flexibility.

Expected Benefits:

  • Simplified Ingress setup during installation
  • Better out-of-the-box experience
  • Reduced manual configuration needed

Proposed Implementation:

  • Add a new boolean flag in the Helm chart (e.g., --enable-ingress)
  • Generate Ingress YAML automatically if flag is set
  • Provide default configuration with reasonable settings
  • Allow additional customizations if needed

This would streamline the deployment process and improve the overall user experience.

elliotxx avatar Mar 01 '25 04:03 elliotxx

i would like to help on this task

ashwini897 avatar Mar 05 '25 14:03 ashwini897

Welcome! You can help on this task according to [https://www.kusionstack.io/karpor/developer-guide/contribution-guide/](contribution guide)

fanfan-yu avatar Mar 05 '25 14:03 fanfan-yu

Proposed Changes: Create an ingress.yml template file to define the Ingress resource. Add an ingress.enabled flag in values.yaml to control whether Ingress is deployed ingress: enabled: true host: karpor.example.com paths: - path: / pathType: Prefix backend: serviceName: karpor-server servicePort: 7443 annotations: {} tls: enabled: false secretName:

Could you confirm if this approach aligns with best practices for the Karpor Helm Chart? Also, any guidance on additional parameters or implementation considerations would be appreciated.

ashwini897 avatar Mar 06 '25 18:03 ashwini897

@ashwini897 Can I provide a web http port? I am using istio gateway to expose the host, but since the backend already uses its own https, it always prompts: "Client sent an HTTP request to an HTTPS server." Or provide a backend tls switch function to allow me to turn off the backend tls. I will configure tls at the gateway.

I want to configure reverse proxy access externally

suyanhj avatar Mar 08 '25 05:03 suyanhj

Proposed Changes: Create an ingress.yml template file to define the Ingress resource. Add an ingress.enabled flag in values.yaml to control whether Ingress is deployed ingress: enabled: true host: karpor.example.com paths: - path: / pathType: Prefix backend: serviceName: karpor-server servicePort: 7443 annotations: {} tls: enabled: false secretName:

Could you confirm if this approach aligns with best practices for the Karpor Helm Chart? Also, any guidance on additional parameters or implementation considerations would be appreciated.

Cool! I think it is good idea.

fanfan-yu avatar Mar 08 '25 14:03 fanfan-yu

@ashwini897 Hi~ Has there been any progress on this matter? Do you need any help?

elliotxx avatar Mar 17 '25 11:03 elliotxx

NAME READY STATUS RESTARTS AGE elasticsearch-65bb6d5b79-xzhwc 0/1 Pending 0 6m12s etcd-0 0/1 Pending 0 6m12s karpor-server-c744c6cbd-cgbx6 0/1 CrashLoopBackOff 5 (33s ago) 6m12s karpor-syncer-7548877ddb-r8m4c 0/1 Error 6 6m12s

i have added ingress.yml and updated the values.yml but before that i am not able to run karpor, its throwing the error - MountVolume.SetUp failed for volume "karpor-secret" : secret "karpor-secret" not found

ashwini897 avatar Mar 18 '25 12:03 ashwini897

@ashwini897 Hi, first-time deployment of karpor will issue a job to sign a certificate and then generate karpor-secret, you can confirm whether the job has completed its work

elliotxx avatar Mar 19 '25 03:03 elliotxx

@elliotxx yes, i see that karpor-secret has been created and its available but still i am getting the same error and karpor-server and karpor-syncer are going in to CrashLoopBackOff with the above error.

ashwini897 avatar Mar 20 '25 09:03 ashwini897

@ashwini897 Sorry for the late reply, I've been busy recently. Maybe you can share your development branch, and I'll try to reproduce this issue locally.

elliotxx avatar Apr 02 '25 04:04 elliotxx

Hey @elliotxx ,

If @ashwini897 isn’t able to complete the work or if he/she might be stuck, I can step in and add value. Let me know what you think.

Iamrushabhshahh avatar Apr 02 '25 09:04 Iamrushabhshahh

@Iamrushabhshahh Please feel free to take this task, I am in between a assignment and not able to work in this issue.

ashwini897 avatar Apr 02 '25 13:04 ashwini897

Okay @ashwini897 , could you share the progress you've made or give me a quick rundown of what you've done?

Iamrushabhshahh avatar Apr 02 '25 18:04 Iamrushabhshahh

Hey, I saw the discussion. So I will transfer the issue to @Iamrushabhshahh . Sincerely thank you both for your enthusiasm! If you encounter any problems, feel free to ping me at any time

elliotxx avatar Apr 03 '25 03:04 elliotxx

could someone share if there's any progress for enabling web http port? I have the same goal with @suyanhj

joshuajetomo avatar Apr 10 '25 14:04 joshuajetomo

@joshuajetomo Hi, Maybe this configuration can help you.

Layer 4 forwarding:

apiVersion: traefik.containo.us/v1alpha1
kind: IngressRouteTCP
metadata:
  name: tls-passthrough-route
  namespace: karpor
spec:
  entryPoints:
  - websecure
  routes:
  - match: HostSNI(`*`)
    services:
    - name: karpor-server
      port: 7443
  tls:
    passthrough: true

Layer 7 forwarding

apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: ingressroute-web
  namespace: karpor
spec:
  entryPoints:
  - web
  routes:
  - kind: Rule
    match: Host(`{your_karpor_domain}`)
    middlewares:
    - name: redirect-to-https
      namespace: karpor
    services:
    - name: karpor-server
      port: 7443
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: ingressroute-websecure
  namespace: karpor
spec:
  entryPoints:
  - websecure
  routes:
  - kind: Rule
    match: Host(`{your_karpor_domain}`)
    middlewares:
    - name: redirect-to-https
      namespace: karpor
    services:
    - name: karpor-server
      port: 7443
      scheme: https
      serversTransport: skip-verify
  tls:
    secretName: karpor-tls-secret

elliotxx avatar Apr 11 '25 12:04 elliotxx

thanks for this! will try this out but I have an existing istio gateway and I wanted to create a virtual service for karpor. do you have ideas on this @elliotxx ?

joshuajetomo avatar Apr 11 '25 15:04 joshuajetomo

Hey, @elliotxx !

I would like to help on this task, but i don't understand on what stage of solving the problem you are, and what exactly do you want.

As i understand from the issue itself, we need to improve helm chart which is originated in Karpor Chart Repo. Then i can try to add ingress template that is close to, for example grafana helm chart ingress, if it aligns with your best practices https://github.com/grafana/helm-charts/blob/main/charts/grafana/templates/ingress.yaml

But according to your conversation you are discussing Ingress using Traefik IngressRoute CRD, Istio gateway and etc

@joshuajetomo Hi, Maybe this configuration can help you.

Layer 4 forwarding:

apiVersion: traefik.containo.us/v1alpha1 kind: IngressRouteTCP metadata: name: tls-passthrough-route namespace: karpor ...

thanks for this! will try this out but I have an existing istio gateway and I wanted to create a virtual service for karpor. do you have ideas on this @elliotxx ?

Which could be implemented in a helm chart, but i guess is not used by everyone, so it would not provide out-of-the-box experience.

So, if the help is still needed, and you could explain me the goal, i can try to implement it

It is my first time ever trying to contribute to open source project, so any criticism and corrections will be appreciated)

endesapt avatar Apr 30 '25 20:04 endesapt

Hi need any helping hand here?

abhaykohli avatar Oct 22 '25 12:10 abhaykohli