diff --git a/charts/flux-operator/README.md b/charts/flux-operator/README.md index f9827cb..8f5db91 100644 --- a/charts/flux-operator/README.md +++ b/charts/flux-operator/README.md @@ -9,6 +9,9 @@ ControlPlane [enterprise distribution](https://control-plane.io/enterprise-for-f The operator automates the patching for hotfixes and CVEs affecting the Flux controllers container images and enables the configuration of multi-tenancy lockdown on Kubernetes and OpenShift clusters. +The operator comes with the Flux Status Page web UI exposed on port `9080` that allows users to visualize the +status of the Flux installation and monitor the GitOps delivery pipeline in real-time. + ## Prerequisites - Kubernetes 1.22+ @@ -61,6 +64,9 @@ see the Flux Operator [documentation](https://fluxcd.control-plane.io/operator/) | serviceAccount | object | `{"automount":true,"create":true,"name":""}` | Pod service account settings. The name of the service account defaults to the release name. | | serviceMonitor | object | `{"create":false,"interval":"60s","labels":{},"scrapeTimeout":"30s"}` | Prometheus Operator scraping settings. | | tolerations | list | `[]` | Pod tolerations settings. | +| web.enabled | bool | `true` | Enable the Flux Status Page web server on port 8080. | +| web.networkPolicy | object | `{"create":true}` | Create a NetworkPolicy to allow access to the Flux Status Page web interface. | +| web.serverOnly | bool | `false` | Run the Flux Status Page web server as a standalone deployment (requires a dedicated Helm release). | ## Source Code diff --git a/charts/flux-operator/helmdocs.gotmpl b/charts/flux-operator/helmdocs.gotmpl index a095cd6..2f9f08b 100644 --- a/charts/flux-operator/helmdocs.gotmpl +++ b/charts/flux-operator/helmdocs.gotmpl @@ -8,6 +8,9 @@ ControlPlane [enterprise distribution](https://control-plane.io/enterprise-for-f The operator automates the patching for hotfixes and CVEs affecting the Flux controllers container images and enables the configuration of multi-tenancy lockdown on Kubernetes and OpenShift clusters. +The operator comes with the Flux Status Page web UI exposed on port `9080` that allows users to visualize the +status of the Flux installation and monitor the GitOps delivery pipeline in real-time. + ## Prerequisites - Kubernetes 1.22+ diff --git a/charts/flux-operator/templates/deployment.yaml b/charts/flux-operator/templates/deployment.yaml index db02065..73f3d27 100644 --- a/charts/flux-operator/templates/deployment.yaml +++ b/charts/flux-operator/templates/deployment.yaml @@ -56,6 +56,9 @@ spec: {{- if .Values.multitenancy.enabledForWorkloadIdentity }} - --default-workload-identity-service-account={{ .Values.multitenancy.defaultWorkloadIdentityServiceAccount }} {{- end }} + {{- if .Values.web.serverOnly }} + - --web-server-only=true + {{- end }} {{- range .Values.extraArgs }} - {{ . }} {{- end }} @@ -66,6 +69,8 @@ spec: fieldPath: metadata.namespace - name: REPORTING_INTERVAL value: {{ .Values.reporting.interval }} + - name: WEB_SERVER_PORT + value: "{{ ternary "9080" "0" .Values.web.enabled }}" {{- with .Values.marketplace.type }} - name: MARKETPLACE_TYPE value: {{ . }} @@ -92,6 +97,11 @@ spec: - name: http containerPort: 8081 protocol: TCP + {{- if .Values.web.enabled }} + - name: http-web + containerPort: 9080 + protocol: TCP + {{- end }} livenessProbe: {{- toYaml .Values.livenessProbe | nindent 12 }} readinessProbe: diff --git a/charts/flux-operator/templates/networkpolicy.yaml b/charts/flux-operator/templates/networkpolicy.yaml new file mode 100644 index 0000000..6c2f493 --- /dev/null +++ b/charts/flux-operator/templates/networkpolicy.yaml @@ -0,0 +1,28 @@ +{{- if .Values.web.networkPolicy.create }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: {{ include "flux-operator.fullname" . }}-web + namespace: {{ .Release.Namespace }} + labels: + {{- include "flux-operator.labels" . | nindent 4 }} + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.commonAnnotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + policyTypes: + - Ingress + podSelector: + matchLabels: + {{- include "flux-operator.selectorLabels" . | nindent 6 }} + ingress: + - from: + - namespaceSelector: {} + ports: + - protocol: TCP + port: 9080 +{{- end }} diff --git a/charts/flux-operator/templates/service.yaml b/charts/flux-operator/templates/service.yaml index 37ad04c..a5c73ca 100644 --- a/charts/flux-operator/templates/service.yaml +++ b/charts/flux-operator/templates/service.yaml @@ -18,5 +18,11 @@ spec: targetPort: http-metrics protocol: TCP name: http + {{- if .Values.web.enabled }} + - port: 9080 + targetPort: http-web + protocol: TCP + name: http-web + {{- end }} selector: {{- include "flux-operator.selectorLabels" . | nindent 4 }} diff --git a/charts/flux-operator/values.schema.json b/charts/flux-operator/values.schema.json index 6c42d4f..081e895 100644 --- a/charts/flux-operator/values.schema.json +++ b/charts/flux-operator/values.schema.json @@ -425,6 +425,25 @@ "items": { "type": "object" } + }, + "web": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + }, + "networkPolicy": { + "type": "object", + "properties": { + "create": { + "type": "boolean" + } + } + }, + "serverOnly": { + "type": "boolean" + } + } } } } diff --git a/charts/flux-operator/values.yaml b/charts/flux-operator/values.yaml index aa2a6b5..df89ef5 100644 --- a/charts/flux-operator/values.yaml +++ b/charts/flux-operator/values.yaml @@ -14,6 +14,15 @@ multitenancy: reporting: interval: 5m # @schema required: true +web: + # -- Enable the Flux Status Page web server on port 8080. + enabled: true + # -- Create a NetworkPolicy to allow access to the Flux Status Page web interface. + networkPolicy: + create: true + # -- Run the Flux Status Page web server as a standalone deployment (requires a dedicated Helm release). + serverOnly: false + # -- Install and upgrade the custom resource definitions. installCRDs: true # @schema default: true