From e71b4fc2974b941b1b57c01ad0861d2ccf7efc39 Mon Sep 17 00:00:00 2001
From: Jake Hutchinson <39007539+assumptionsandg@users.noreply.github.com>
Date: Wed, 14 Aug 2024 17:04:48 +0100
Subject: [PATCH] Ingress configuration in Helm chart (#7)

* Ingress
* HTTP functional test
---
 .github/workflows/functional.yaml |  2 ++
 charts/templates/ingress.yaml     | 30 ++++++++++++++++++++++++++++++
 charts/values.yaml                | 17 +++++++++++++++++
 kind-config.yml                   | 17 +++++++++++++++++
 tools/functional_test.sh          | 17 ++++++++++++-----
 5 files changed, 78 insertions(+), 5 deletions(-)
 create mode 100644 charts/templates/ingress.yaml
 create mode 100644 kind-config.yml

diff --git a/.github/workflows/functional.yaml b/.github/workflows/functional.yaml
index 78327b1..45ab671 100644
--- a/.github/workflows/functional.yaml
+++ b/.github/workflows/functional.yaml
@@ -19,6 +19,8 @@ jobs:
 
     - name: Create k8s Kind Cluster
       uses: helm/kind-action@v1.9.0
+      with:
+        config: kind-config.yml
 
     - name: Run test
       timeout-minutes: 10
diff --git a/charts/templates/ingress.yaml b/charts/templates/ingress.yaml
new file mode 100644
index 0000000..617a8d1
--- /dev/null
+++ b/charts/templates/ingress.yaml
@@ -0,0 +1,30 @@
+{{- $ingress := .Values.ingress }}
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: {{ .Release.Name }}
+  labels: {{ include "coral-credits.labels" . | nindent 4 }}
+  {{- $tlsAnnotations := $ingress.tls.enabled | ternary $ingress.tls.annotations dict }}
+  {{- $annotations := mergeOverwrite $ingress.annotations $tlsAnnotations }}
+  {{- with $annotations }}
+  annotations: {{ toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  ingressClassName: {{ .Values.ingress.className }}
+  {{- if .Values.ingress.tls.enabled }}
+  tls:
+    - hosts:
+        - {{ .Values.ingress.host }}
+      secretName: {{ .Values.ingress.tls.secretName }}
+  {{- end }}
+  rules:
+    - host: {{ .Values.ingress.host }}
+      http:
+        paths:
+          - path: "/"
+            pathType: Prefix
+            backend:
+              service:
+                name: {{ include "coral-credits.fullname" . }}
+                port:
+                  name: http
diff --git a/charts/values.yaml b/charts/values.yaml
index 7fcd139..03f6bd4 100644
--- a/charts/values.yaml
+++ b/charts/values.yaml
@@ -67,6 +67,23 @@ securityContext:
     drop: [ALL]
   readOnlyRootFilesystem: true
 
+# Ingress settings
+ingress:
+  # The hostname to use for the portal
+  host:
+  # The ingress class to use
+  className: nginx
+  # Annotations for the portal ingress
+  annotations: {}
+  # TLS configuration for the portal ingress
+  tls:
+    # Indicates if TLS should be enabled
+    enabled: true
+    # The secret to use for the TLS certificate and key
+    secretName:
+    # TLS-specific ingress annotations, e.g. for cert-manager configuration
+    annotations: {}
+
 # Django settings
 settings:
   # The Django secret key
diff --git a/kind-config.yml b/kind-config.yml
new file mode 100644
index 0000000..d4c7007
--- /dev/null
+++ b/kind-config.yml
@@ -0,0 +1,17 @@
+kind: Cluster
+apiVersion: kind.x-k8s.io/v1alpha4
+nodes:
+- role: control-plane
+  kubeadmConfigPatches:
+  - |
+    kind: InitConfiguration
+    nodeRegistration:
+      kubeletExtraArgs:
+        node-labels: "ingress-ready=true"
+  extraPortMappings:
+  - containerPort: 80
+    hostPort: 80
+    protocol: TCP
+  - containerPort: 443
+    hostPort: 443
+    protocol: TCP
diff --git a/tools/functional_test.sh b/tools/functional_test.sh
index cd1434f..cde099b 100755
--- a/tools/functional_test.sh
+++ b/tools/functional_test.sh
@@ -4,7 +4,7 @@ set -eux
 
 SCRIPT_DIR=$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" &>/dev/null && pwd)
 
-PORT=8080
+PORT=80
 SITE=localhost
 # Function to check if port is open
 check_port() {
@@ -14,7 +14,7 @@ check_port() {
 
 # Function to check HTTP status
 check_http_status() {
-	local status=$(curl -s -o /dev/null -w "%{http_code}" http://$SITE:$PORT/_status/)
+	local status=$(curl -s -o /dev/null -w "%{http_code}" http://$SITE/_status/)
 	if [ "$status" -eq 204 ]; then
 		return 0
 	else
@@ -29,6 +29,13 @@ RELEASE_NAME=$CHART_NAME
 NAMESPACE=$CHART_NAME
 TEST_PASSWORD="testpassword"
 
+# Install nginx
+kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/kind/deploy.yaml
+kubectl wait --namespace ingress-nginx \
+  --for=condition=ready pod \
+  --selector=app.kubernetes.io/component=controller \
+  --timeout=90s
+
 # Install the CaaS operator from the chart we are about to ship
 # Make sure to use the images that we just built
 helm upgrade $RELEASE_NAME ./charts \
@@ -39,12 +46,12 @@ helm upgrade $RELEASE_NAME ./charts \
 	--wait \
 	--timeout 3m \
 	--set-string image.tag=${GITHUB_SHA::7} \
-    --set settings.superuserPassword=$TEST_PASSWORD
+    --set settings.superuserPassword=$TEST_PASSWORD \
+    --set ingress.host=$SITE \
+    --set ingress.tls.enabled=false 
 
 # Wait for rollout
 kubectl rollout status deployment/$RELEASE_NAME -n $NAMESPACE --timeout=300s -w
-# Port forward in the background
-kubectl port-forward -n $NAMESPACE svc/$RELEASE_NAME $PORT:$PORT &
 
 # Wait for port to be open
 echo "Waiting for port $PORT to be available..."