add ingress for model access (#2536)

* add ingress for cost-model API access

README.md

@@ -58,6 +58,7 @@ Parameter | Description | Default
 `ingress.paths` | Ingress paths | `["/"]`
 `ingress.hosts` | Ingress hostnames | `[cost-analyzer.local]`
 `ingress.tls` | Ingress TLS configuration (YAML) | `[]`
+`kubecostModel.ingress.*` | Same as ingress.*, but will create an ingress directly to the model | `{ enabled: false }`
 `networkPolicy.enabled` | If true, create a NetworkPolicy to deny egress  | `false`
 `networkCosts.enabled` | If true, collect network allocation metrics [More info](https://docs.kubecost.com/using-kubecost/navigating-the-kubecost-ui/cost-allocation/network-allocation) | `false`
 `networkCosts.podMonitor.enabled` | If true, a [PodMonitor](https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#podmonitor) for the network-cost daemonset is created | `false`

cost-analyzer/templates/model-ingress-template.yaml

@@ -0,0 +1,66 @@
+{{- if .Values.kubecostModel.ingress -}}
+{{- if .Values.kubecostModel.ingress.enabled -}}
+{{- $fullName := include "cost-analyzer.fullname" . -}}
+{{- $serviceName := include "cost-analyzer.serviceName" . -}}
+{{- $ingressPaths := .Values.kubecostModel.ingress.paths -}}
+{{- $ingressPathType := .Values.kubecostModel.ingress.pathType -}}
+{{- $apiV1 := false -}}
+{{- if and (.Capabilities.APIVersions.Has "networking.k8s.io/v1") (semverCompare "^1.19-0" .Capabilities.KubeVersion.GitVersion) }}
+{{- $apiV1 = true -}}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end -}}
+kind: Ingress
+metadata:
+  name: {{ $fullName }}-model
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{ include "cost-analyzer.commonLabels" . | nindent 4 }}
+    {{- with .Values.kubecostModel.ingress.labels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- with .Values.kubecostModel.ingress.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+{{- if .Values.kubecostModel.ingress.className }}
+  ingressClassName: {{ .Values.kubecostModel.ingress.className }}
+{{- end }}
+{{- if .Values.kubecostModel.ingress.tls }}
+  tls:
+  {{- range .Values.kubecostModel.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+  rules:
+  {{- range .Values.kubecostModel.ingress.hosts }}
+    - host: {{ . | quote }}
+      http:
+        paths:
+        {{- range $ingressPaths }}
+          {{- if $apiV1 }}
+          - path: {{ . }}
+            pathType: {{ $ingressPathType }}
+            backend:
+              service:
+                name: {{ $serviceName }}
+                port:
+                  name: tcp-model
+          {{- else }}
+          - path: {{ . }}
+            backend:
+              serviceName: {{ $serviceName }}
+              servicePort: tcp-model
+          {{- end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}

cost-analyzer/values.yaml

@@ -499,6 +499,26 @@ kubecostModel:
     failureThreshold: 200
   extraArgs: []
 
+  # creates an ingress directly to the model container, for API access
+  ingress:
+    enabled: false
+    # className: nginx
+    labels:
+      # kubernetes.io/ingress.class: nginx
+      # kubernetes.io/tls-acme: "true"
+    annotations:
+      # kubernetes.io/ingress.class: nginx
+      # kubernetes.io/tls-acme: "true"
+    paths: ["/"]
+    pathType: ImplementationSpecific
+    hosts:
+      - cost-analyzer-model.local
+    tls: []
+    #  - secretName: cost-analyzer-model-tls
+    #    hosts:
+    #      - cost-analyzer-model.local
+
+
 # Basic Kubecost ingress, more examples available at https://github.com/kubecost/docs/blob/main/ingress-examples.md
 ingress:
   enabled: false