flux-operator: Add Flux Status web UI settings

Signed-off-by: Stefan Prodan <[email protected]>

Author: stefanprodan

charts/flux-operator/README.md

@@ -9,6 +9,9 @@ ControlPlane [enterprise distribution](https://control-plane.io/enterprise-for-f
 The operator automates the patching for hotfixes and CVEs affecting the Flux controllers container images
 and enables the configuration of multi-tenancy lockdown on Kubernetes and OpenShift clusters.
 
+The operator comes with the Flux Status Page web UI exposed on port `9080` that allows users to visualize the
+status of the Flux installation and monitor the GitOps delivery pipeline in real-time.
+
 ## Prerequisites
 
 - Kubernetes 1.22+
@@ -61,6 +64,9 @@ see the Flux Operator [documentation](https://fluxcd.control-plane.io/operator/)
 | serviceAccount | object | `{"automount":true,"create":true,"name":""}` | Pod service account settings. The name of the service account defaults to the release name. |
 | serviceMonitor | object | `{"create":false,"interval":"60s","labels":{},"scrapeTimeout":"30s"}` | Prometheus Operator scraping settings. |
 | tolerations | list | `[]` | Pod tolerations settings. |
+| web.enabled | bool | `true` | Enable the Flux Status Page web server on port 8080. |
+| web.networkPolicy | object | `{"create":true}` | Create a NetworkPolicy to allow access to the Flux Status Page web interface. |
+| web.serverOnly | bool | `false` | Run the Flux Status Page web server as a standalone deployment (requires a dedicated Helm release). |
 
 ## Source Code
 

charts/flux-operator/helmdocs.gotmpl

@@ -8,6 +8,9 @@ ControlPlane [enterprise distribution](https://control-plane.io/enterprise-for-f
 The operator automates the patching for hotfixes and CVEs affecting the Flux controllers container images
 and enables the configuration of multi-tenancy lockdown on Kubernetes and OpenShift clusters.
 
+The operator comes with the Flux Status Page web UI exposed on port `9080` that allows users to visualize the
+status of the Flux installation and monitor the GitOps delivery pipeline in real-time.
+
 ## Prerequisites
 
 - Kubernetes 1.22+

charts/flux-operator/templates/deployment.yaml

@@ -56,6 +56,9 @@ spec:
             {{- if .Values.multitenancy.enabledForWorkloadIdentity }}
             - --default-workload-identity-service-account={{ .Values.multitenancy.defaultWorkloadIdentityServiceAccount }}
             {{- end }}
+            {{- if .Values.web.serverOnly }}
+            - --web-server-only=true
+            {{- end }}
             {{- range .Values.extraArgs }}
             - {{ . }}
             {{- end }}
@@ -66,6 +69,8 @@ spec:
                   fieldPath: metadata.namespace
             - name: REPORTING_INTERVAL
               value: {{ .Values.reporting.interval }}
+            - name: WEB_SERVER_PORT
+              value: "{{ ternary "9080" "0" .Values.web.enabled }}"
             {{- with .Values.marketplace.type }}
             - name: MARKETPLACE_TYPE
               value: {{ . }}
@@ -92,6 +97,11 @@ spec:
             - name: http
               containerPort: 8081
               protocol: TCP
+            {{- if .Values.web.enabled }}
+            - name: http-web
+              containerPort: 9080
+              protocol: TCP
+            {{- end }}
           livenessProbe:
             {{- toYaml .Values.livenessProbe | nindent 12 }}
           readinessProbe:

charts/flux-operator/templates/networkpolicy.yaml

@@ -0,0 +1,28 @@
+{{- if .Values.web.networkPolicy.create }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ include "flux-operator.fullname" . }}-web
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "flux-operator.labels" . | nindent 4 }}
+    {{- with .Values.commonLabels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- with .Values.commonAnnotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  policyTypes:
+    - Ingress
+  podSelector:
+    matchLabels:
+      {{- include "flux-operator.selectorLabels" . | nindent 6 }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+        - protocol: TCP
+          port: 9080
+{{- end }}

charts/flux-operator/templates/service.yaml

@@ -18,5 +18,11 @@ spec:
       targetPort: http-metrics
       protocol: TCP
       name: http
+    {{- if .Values.web.enabled }}
+    - port: 9080
+      targetPort: http-web
+      protocol: TCP
+      name: http-web
+    {{- end }}
   selector:
     {{- include "flux-operator.selectorLabels" . | nindent 4 }}

charts/flux-operator/values.schema.json

@@ -425,6 +425,25 @@
             "items": {
                 "type": "object"
             }
+        },
+        "web": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "create": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "serverOnly": {
+                    "type": "boolean"
+                }
+            }
         }
     }
 }

charts/flux-operator/values.yaml

@@ -14,6 +14,15 @@ multitenancy:
 reporting:
   interval: 5m # @schema required: true
 
+web:
+  # -- Enable the Flux Status Page web server on port 8080.
+  enabled: true
+  # -- Create a NetworkPolicy to allow access to the Flux Status Page web interface.
+  networkPolicy:
+    create: true
+  # -- Run the Flux Status Page web server as a standalone deployment (requires a dedicated Helm release).
+  serverOnly: false
+
 # -- Install and upgrade the custom resource definitions.
 installCRDs: true # @schema default: true