Updated docs for console (#219)

* doc for chart * chart linting * Added docs for oauth2proxy image * make docs with new tmpl
trifork · Jun 21, 2024 · acfe773 · acfe773
1 parent aab3acc
commit acfe773
Show file tree

Hide file tree

Showing 3 changed files with 286 additions and 10 deletions.
diff --git a/charts/cheetah-redpanda-console/README.md b/charts/cheetah-redpanda-console/README.md
@@ -1,19 +1,49 @@
-# Redpanda Console Helm Chart Specification
+// This file contains the specification for the Cheetah Redpanda Console Helm Chart.
+// It provides information about the default values and descriptions of settings in the chart.// The "chart.valuesTable" template generates a table of settings and their descriptions.
+// It also includes the default values for each setting.
+# Cheetah Redpanda Console Helm Chart Specification
 ---
-description: Find the default values and descriptions of settings in the Redpanda Console Helm chart.
+description: Find the default values and descriptions of settings in the Cheetah Redpanda Console Helm chart.
 ---
 
 ![Version: 1.2.0](https://img.shields.io/badge/Version-1.2.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v2.5.2](https://img.shields.io/badge/AppVersion-v2.5.2-informational?style=flat-square)
 
-Disclaimer - This chart is an extension of the official Redpanda Console Helm Chart.
-The original source code can be found at https://github.com/redpanda-data/helm-charts/tree/main/charts/console
+Disclaimer - This chart is an extension of the official Cheetah Redpanda Console Helm Chart.
+The original source code can be found at https://github.com/redpanda-data/helm-charts/tree/main/charts/console.
 The extension is used by Cheetah to meet their requirements for the chart.
 
 In particular, this page describes the contents of the chart’s [`values.yaml` file](https://github.com/redpanda-data/helm-charts/blob/main/charts/console/values.yaml).
 Each of the settings is listed and described on this page, along with any default values.
 
 For instructions on how to install and use the chart, refer to the [deployment documentation](https://docs.redpanda.com/docs/deploy/deployment-option/self-hosted/kubernetes/kubernetes-deploy/).
-For instructions on how to override and customize the chart’s values, see [Configure Redpanda Console](https://docs.redpanda.com/docs/manage/kubernetes/configure-helm-chart/#configure-redpanda-console).
+For instructions on how to override and customize the chart’s values, see [Configure Cheetah Redpanda Console](https://docs.redpanda.com/docs/manage/kubernetes/configure-helm-chart/#configure-redpanda-console).
+
+## Settings sepcific for Cheetah Redpanda Console
+This chart uses the following settings that are specific to Cheetah Redpanda Console and must be set thoguh values:
+
+- values for oauth2Proxy
+  - image: [Your chosen image of oauth2Proxy]
+  - issuerUrl: [Your issuer URL]
+  - OAUTH2_PROXY_COOKIE_SECRET: [Your cookie secret]
+  - OAUTH2_PROXY_CLIENT_ID: [Your client ID]
+  - OAUTH2_PROXY_CLIENT_SECRET: [Your client secret]
+
+- extraEnv
+  - extraEnv variables to set up kafka
+    - KAFKA_SASL_OAUTH_CLIENTID: [Your client ID]
+    - KAFKA_SASL_OAUTH_CLIENTSECRET: [Your client secret]
+    - KAFKA_SASL_OAUTH_SCOPE: [Your scope]
+
+- kafka:
+  - brokers: [Your brokers]
+  - sasl:
+    - oauth:
+      - tokenEndpoint: [Your token endpoint]
+  - schemaRegistry:
+    - urls: [Your URLs]
+  - tls: [Your TLS settings]
+
+See an example of how the vaules can be set through a release at the bottom of this readme
 
 ----------------------------------------------
 Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0)
@@ -480,3 +510,103 @@ Grant time to test connectivity to upstream services such as Kafka and Schema Re
 
 **Default:** `{}`
 
+# An example of how to set these values and use the helm chart through a release is shown below:
+
+```yaml
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: cheetah-redpanda-console-example
+  namespace: cheetah-redpanda-console-example
+spec:
+  chart:
+    spec:
+      chart: cheetah-redpanda-console
+      version: 1.2.0
+      sourceRef:
+        name: cheetah-charts
+        kind: HelmRepository
+        namespace: default
+  interval: 30m
+  timeout: 10m0s
+  values:
+    image:
+      repository: redpandadata/console
+      registry: docker.io
+      tag: v2.5.2
+    podLabels:
+      netic.dk/network-component: redpanda
+      netic.dk/network-egress: istio
+      netic.dk/kafka-client: "true"
+      # netic.dk/schema-registry-egress: "true"
+      netic.dk/network-rules-egress: redpanda
+      netic.dk/schema-registry-egress: redpanda
+
+    service:
+      targetPort: example # This is the port that the service will route to
+
+    console:
+      config:
+        kafka:
+          brokers:
+            - <broker-url>
+          sasl:
+            oauth:
+              tokenEndpoint: <token-endpoint> # Could be Keycloak URL
+          schemaRegistry:
+            urls:
+              - <schema-registry-url>
+          tls:
+            enabled: true
+            caFilepath: /tmp/kafka/ca.crt
+            insecureSkipTlsVerify: false
+
+    oauth2Proxy:
+      issuerUrl: https://keycloak.cheetah.example/realms/<realm> # Keycloak URL
+      env:
+      - name: OAUTH2_PROXY_COOKIE_SECRET
+        valueFrom:
+          secretKeyRef:
+            name: redpanda-oauth2-proxy
+            key: cookie-secret
+      - name: OAUTH2_PROXY_CLIENT_ID
+        valueFrom:
+          secretKeyRef:
+            name: redpanda-oauth2-proxy
+            key: client-id
+      - name: OAUTH2_PROXY_CLIENT_SECRET
+        valueFrom:
+          secretKeyRef:
+            name: redpanda-oauth2-proxy
+            key: OAUTH2_PROXY_CLIENT_SECRET
+
+    extraEnv:
+      - name: KAFKA_SASL_OAUTH_CLIENTID
+        valueFrom:
+          secretKeyRef:
+            name: redpanda-credentials
+            key: client-id
+      - name: KAFKA_SASL_OAUTH_CLIENTSECRET
+        valueFrom:
+          secretKeyRef:
+            name: redpanda-credentials
+            key: client-secret
+      - name: KAFKA_SASL_OAUTH_SCOPE
+        value: kafka
+    secretMounts:
+      - name: kafka-ca
+        secretName: kafka-ca
+        path: /tmp/kafka/
+
+    ingress:
+      enabled: true
+      hosts:
+        - host: example.redpanda.cheetah.trifork.dev
+          paths:
+            - path: /
+              pathType: ImplementationSpecific
+      tls:
+        - hosts:
+            - example.redpanda.cheetah.trifork.dev
+          secretName: redpanda-cheetah-cert
+```
diff --git a/charts/cheetah-redpanda-console/README.md.gotmpl b/charts/cheetah-redpanda-console/README.md.gotmpl
@@ -1,23 +1,55 @@
+// This file contains the specification for the Cheetah Redpanda Console Helm Chart.
+// It provides information about the default values and descriptions of settings in the chart.
+
 {{- define "chart.header" -}}
-# Redpanda Console Helm Chart Specification
+# Cheetah Redpanda Console Helm Chart Specification
 ---
-description: Find the default values and descriptions of settings in the Redpanda Console Helm chart.
+description: Find the default values and descriptions of settings in the Cheetah Redpanda Console Helm chart.
 ---
 {{- end -}}
 
 {{ define "chart.description" -}}
 
-Disclaimer - This chart is an extension of the official Redpanda Console Helm Chart.
-The original source code can be found at https://github.com/redpanda-data/helm-charts/tree/main/charts/console
+Disclaimer - This chart is an extension of the official Cheetah Redpanda Console Helm Chart.
+The original source code can be found at https://github.com/redpanda-data/helm-charts/tree/main/charts/console.
 The extension is used by Cheetah to meet their requirements for the chart.
 
 In particular, this page describes the contents of the chart’s [`values.yaml` file](https://github.com/redpanda-data/helm-charts/blob/main/charts/console/values.yaml).
 Each of the settings is listed and described on this page, along with any default values.
 
 For instructions on how to install and use the chart, refer to the [deployment documentation](https://docs.redpanda.com/docs/deploy/deployment-option/self-hosted/kubernetes/kubernetes-deploy/).
-For instructions on how to override and customize the chart’s values, see [Configure Redpanda Console](https://docs.redpanda.com/docs/manage/kubernetes/configure-helm-chart/#configure-redpanda-console).
+For instructions on how to override and customize the chart’s values, see [Configure Cheetah Redpanda Console](https://docs.redpanda.com/docs/manage/kubernetes/configure-helm-chart/#configure-redpanda-console).
+
+## Settings sepcific for Cheetah Redpanda Console
+This chart uses the following settings that are specific to Cheetah Redpanda Console and must be set thoguh values:
+
+- values for oauth2Proxy
+  - image: [Your chosen image of oauth2Proxy]
+  - issuerUrl: [Your issuer URL]
+  - OAUTH2_PROXY_COOKIE_SECRET: [Your cookie secret]
+  - OAUTH2_PROXY_CLIENT_ID: [Your client ID]
+  - OAUTH2_PROXY_CLIENT_SECRET: [Your client secret]
+
+- extraEnv
+  - extraEnv variables to set up kafka
+    - KAFKA_SASL_OAUTH_CLIENTID: [Your client ID]
+    - KAFKA_SASL_OAUTH_CLIENTSECRET: [Your client secret]
+    - KAFKA_SASL_OAUTH_SCOPE: [Your scope]
+
+- kafka:
+  - brokers: [Your brokers]
+  - sasl:
+    - oauth:
+      - tokenEndpoint: [Your token endpoint]
+  - schemaRegistry:
+    - urls: [Your URLs]
+  - tls: [Your TLS settings]
+
+See an example of how the vaules can be set through a release at the bottom of this readme
 {{ end -}}
 
+// The "chart.valuesTable" template generates a table of settings and their descriptions.
+// It also includes the default values for each setting.
 {{ define "chart.valuesTable" }}
 
 ## Settings
@@ -59,3 +91,106 @@ For instructions on how to override and customize the chart’s values, see [Con
 {{ template "chart.requirementsSection" . }}
 
 {{ template "chart.valuesTable" . }}
+
+
+
+# An example of how to set these values and use the helm chart through a release is shown below:
+
+```yaml
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: cheetah-redpanda-console-example
+  namespace: cheetah-redpanda-console-example
+spec:
+  chart:
+    spec:
+      chart: cheetah-redpanda-console
+      version: 1.2.0
+      sourceRef:
+        name: cheetah-charts
+        kind: HelmRepository
+        namespace: default
+  interval: 30m
+  timeout: 10m0s
+  values:
+    image:
+      repository: redpandadata/console
+      registry: docker.io
+      tag: v2.5.2
+    podLabels:
+      netic.dk/network-component: redpanda
+      netic.dk/network-egress: istio
+      netic.dk/kafka-client: "true"
+      # netic.dk/schema-registry-egress: "true"
+      netic.dk/network-rules-egress: redpanda
+      netic.dk/schema-registry-egress: redpanda
+
+    service:
+      targetPort: example # This is the port that the service will route to
+
+    console:
+      config:
+        kafka:
+          brokers:
+            - <broker-url>
+          sasl:
+            oauth:
+              tokenEndpoint: <token-endpoint> # Could be Keycloak URL
+          schemaRegistry:
+            urls:
+              - <schema-registry-url>
+          tls:
+            enabled: true
+            caFilepath: /tmp/kafka/ca.crt
+            insecureSkipTlsVerify: false
+
+    oauth2Proxy:
+      issuerUrl: https://keycloak.cheetah.example/realms/<realm> # Keycloak URL
+      env:
+      - name: OAUTH2_PROXY_COOKIE_SECRET
+        valueFrom:
+          secretKeyRef:
+            name: redpanda-oauth2-proxy
+            key: cookie-secret
+      - name: OAUTH2_PROXY_CLIENT_ID
+        valueFrom:
+          secretKeyRef:
+            name: redpanda-oauth2-proxy
+            key: client-id
+      - name: OAUTH2_PROXY_CLIENT_SECRET
+        valueFrom:
+          secretKeyRef:
+            name: redpanda-oauth2-proxy
+            key: OAUTH2_PROXY_CLIENT_SECRET
+
+    extraEnv:
+      - name: KAFKA_SASL_OAUTH_CLIENTID
+        valueFrom:
+          secretKeyRef:
+            name: redpanda-credentials
+            key: client-id
+      - name: KAFKA_SASL_OAUTH_CLIENTSECRET
+        valueFrom:
+          secretKeyRef:
+            name: redpanda-credentials
+            key: client-secret
+      - name: KAFKA_SASL_OAUTH_SCOPE
+        value: kafka
+    secretMounts:
+      - name: kafka-ca
+        secretName: kafka-ca
+        path: /tmp/kafka/
+
+    ingress:
+      enabled: true
+      hosts:
+        - host: example.redpanda.cheetah.trifork.dev
+          paths:
+            - path: /
+              pathType: ImplementationSpecific
+      tls:
+        - hosts:
+            - example.redpanda.cheetah.trifork.dev
+          secretName: redpanda-cheetah-cert
+```
diff --git a/charts/cheetah-redpanda-console/values.yaml b/charts/cheetah-redpanda-console/values.yaml
@@ -13,6 +13,10 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# This file contains the configuration values for the Cheetah Redpanda Console Helm chart.
+# The chart deploys the Cheetah Redpanda Console, a modified version of the original Redpanda Console Helm chart.
+# The modifications include adding an auth2proxy to the original Helm chart as a sidecar.
+
 replicaCount: 1
 
 image:
@@ -21,13 +25,15 @@ image:
   pullPolicy: IfNotPresent
   tag: v2.5.2
 
+# Labels to be applied to the Cheetah Redpanda Console pods.
 podLabels:
   netic.dk/network-component: redpanda
   netic.dk/network-egress: istio
   netic.dk/kafka-client: "true"
   netic.dk/network-rules-egress: redpanda
   netic.dk/schema-registry-egress: redpanda
 
+# Service configuration for the Cheetah Redpanda Console.
 service:
   type: ClusterIP
   port: 4180
@@ -37,6 +43,7 @@ service:
   # -- Override the value in `console.config.server.listenPort` if not `nil`
   annotations: {}
 
+# Ingress configuration for the Cheetah Redpanda Console.
 ingress:
   enabled: false
   className: nginx
@@ -54,12 +61,14 @@ ingress:
   #    hosts:
   #      - chart-example.local
 
+# Pod security context for the Cheetah Redpanda Console pods.
 podSecurityContext:
   seccompProfile:
     type: RuntimeDefault
   runAsUser: 99
   fsGroup: 99
 
+# Security context for the Cheetah Redpanda Console container.
 securityContext:
   runAsNonRoot: true
   capabilities:
@@ -68,6 +77,7 @@ securityContext:
   allowPrivilegeEscalation: false
   readOnlyRootFilesystem: true
 
+# Configuration for the Cheetah Redpanda Console.
 console:
   config:
     kafka:
@@ -83,6 +93,7 @@ console:
   roles: {}
   roleBindings: {}
 
+# Configuration for the oauth2proxy sidecar container.
 oauth2Proxy:
   image: quay.io/oauth2-proxy/oauth2-proxy:v7.5.1
   issuerUrl: ""