Add option to override relay port by contour config

plejik commented 1 year ago

What does this PR change?

Add option to use user main ingress controller ( aka nginx or traefik ) but use contour as well but on diff port ( so you do not need to make own custom setup and rules, which will simplify any future chart upgrade )

Does the PR depend on any other PRs or Issues? If yes, please list them.

-

Checklist

I confirm, that I have...

[x] Read and followed the contributing guide in CONTRIBUTING.md
[x] Updated documentation on the Paralus docs site (if applicable)
[x] Updated CHANGELOG.md
[ ] Ran helm-docs to update docs for chart (if values.yaml file was changed)

plejik commented 1 year ago

JFYI: I have deploy full setup with contour ( and left my traefik ingress ) set parameters like that

deploy:
  postgresql:
    enable: true
  contour:
    enable: true
    tls:
      secretName: consoleparalus
  filebeat: 
    enable: false
  fluentbit:
    enable: false
fqdn:
  domain: example.com

contour:
  envoy:
    hostPorts:
        http: 32080
        https: 32443
    service:
      type: NodePort
ingress:
  enabled: true

So now console move via console.example.com ( via traefik ) And user connect work via contour ( but via port 32443) and one automation problem left - it's how config was set up for paralus service, by default i could not override it ( so fix by hand ) but this provide option at least override it by contour values ( if exist )

niravparikh05 commented 1 year ago

@plejik hey thanks for raising a pr, can you provide your complete configuration that users both traefik and contour for our reference ?

plejik commented 1 year ago

Genarally not so much to add here, but anyway, install traefik with 80 ports, ( ssl for ui covered by cloudflare ). Add my fix to ports and specify this default values:

contour:
  envoy:
    hostPorts:
      http: 32080
      https: 32443
    service:
      type: NodePort
deploy:
  contour:
    enable: true
    tls:
      secretName: paralus-le
  filebeat:
    enable: false
  fluentbit:
    enable: false
  postgresql:
    enable: true
fqdn:
  domain: pr.example.com
ingress:
  enabled: true

So in this configuration it will work with nginx as well. There only could be question how it will work with let encrypt but unfortunately i do not check this scenario. So in this case setup pretty simple, UI covered but incluster ingress controller. Only problem that i do not resolve ( since it's work as is ) - it's duplicated vaule in ingress and httpproxy

NAME      CLASS     HOSTS                                               ADDRESS   PORTS   AGE
console   traefik   console.pr.example.com                                          80      44d
ztka      traefik   *.core-connector.pr.example.com,*.user.pr.example.com             80      44d

And

NAME                  FQDN                            TLS SECRET   STATUS    STATUS DESCRIPTION
console               console.pr.example.com            paralus-le   invalid   At least one error present, see Errors for details
ztka-core-connector   *.core-connector.pr.example.com                valid     Valid HTTPProxy
ztka-user             *.user.pr.example.com                          valid     Valid HTTPProxy

Maybe i will try handle it later on when have time back to this one :)

akshay196 commented 1 year ago

Verified PR. Also pushed some minor changes.

paralus / helm-charts