feat: allow additional ingress definitions (#41)

dhable · web-flow · commit 7b964f1eae2d · 2025-06-11T01:43:07.000Z
Adds a method for supplying additional ingress definitions, which allows users to expose any other helm chart resources outside of the cluster.

Ref: HDX-1843
diff --git a/.changeset/angry-lines-repair.md b/.changeset/angry-lines-repair.md
@@ -0,0 +1,5 @@
+---
+"helm-charts": minor
+---
+
+Allow defining additional ingresses so resources outside of the HyperDX application can accept traffic outside of the cluster.
diff --git a/.github/workflows/chart-test.yml b/.github/workflows/chart-test.yml
@@ -16,7 +16,7 @@ on:
 jobs:
   test-helm-chart:
     runs-on: ubuntu-latest
-    
+
     steps:
     - name: Checkout code
       uses: actions/checkout@v4
@@ -55,7 +55,7 @@ jobs:
 
     - name: Run Helm unit tests
       run: |
-        helm plugin install https://github.com/quintush/helm-unittest || true
+        helm plugin install https://github.com/helm-unittest/helm-unittest.git || true
         helm unittest charts/hdx-oss-v2
 
     - name: Deploy HyperDX chart
@@ -66,33 +66,33 @@ jobs:
           apiKey: "test-api-key-for-ci"
           appUrl: "http://localhost:3000"
           replicas: 1
-        
+
         clickhouse:
           persistence:
             enabled: true
             dataSize: 2Gi
             logSize: 1Gi
-        
+
         persistence:
           mongodb:
             enabled: true
             size: 2Gi
-        
+
         # Enable NodePort services for testing
         hyperdx:
           service:
             type: NodePort
             nodePort: 30000
-        
+
         otel:
           service:
             type: NodePort
             nodePort: 30001
         EOF
-        
+
         # Install the chart
         helm install hyperdx-test ./charts/hdx-oss-v2 -f test-values.yaml --timeout=2m
-        
+
         # Give services time to initialize after pods are running
         echo "Waiting for services to initialize..."
         sleep 20
@@ -101,18 +101,18 @@ jobs:
       run: |
         # Wait for all pods to be ready
         kubectl wait --for=condition=Ready pods --all --timeout=300s
-        
+
         # Check pod status
         kubectl get pods -o wide
-        
+
         # Check services
         kubectl get services
 
     - name: Run comprehensive smoke tests
       run: |
         # Make smoke test script executable
         chmod +x ./scripts/smoke-test.sh
-        
+
         # Run the smoke test with CI-specific environment
         RELEASE_NAME=hyperdx-test NAMESPACE=default ./scripts/smoke-test.sh
 
@@ -121,19 +121,19 @@ jobs:
       run: |
         echo "=== Pod Status ==="
         kubectl get pods -o wide
-        
+
         echo "=== Events ==="
         kubectl get events --sort-by=.metadata.creationTimestamp
-        
+
         echo "=== HyperDX App Logs ==="
         kubectl logs -l app=app --tail=100 || true
-        
+
         echo "=== ClickHouse Logs ==="
         kubectl logs -l app=clickhouse --tail=100 || true
-        
+
         echo "=== MongoDB Logs ==="
         kubectl logs -l app=mongodb --tail=100 || true
-        
+
         echo "=== OTEL Collector Logs ==="
         kubectl logs -l app=otel-collector --tail=100 || true
 
diff --git a/.github/workflows/helm-test.yaml b/.github/workflows/helm-test.yaml
@@ -26,11 +26,11 @@ jobs:
         uses: azure/setup-helm@v3
         with:
           version: v3.12.0
-        
+
       - name: Install helm-unittest plugin
         run: |
-          helm plugin install https://github.com/quintush/helm-unittest
-        
+          helm plugin install https://github.com/helm-unittest/helm-unittest.git
+
       - name: Run helm-unittest
         run: |
-          helm unittest charts/hdx-oss-v2 
+          helm unittest charts/hdx-oss-v2
diff --git a/README.md b/README.md
@@ -106,6 +106,39 @@ hyperdx:
   otelExporterEndpoint: "http://your-otel-collector:4318"
 ```
 
+#### Configuring Ingress for OTEL Collector
+
+If you need to expose your OTEL collector endpoints through ingress, you can use the additional ingresses configuration. The example below uses a regex pattern to capture all OTLP endpoints (traces, metrics, and logs) in a single path rule:
+
+```yaml
+hyperdx:
+  ingress:
+    enabled: true
+    additionalIngresses:
+      - name: otel-collector
+        annotations:
+          nginx.ingress.kubernetes.io/ssl-redirect: "false"
+          nginx.ingress.kubernetes.io/force-ssl-redirect: "false"
+          nginx.ingress.kubernetes.io/use-regex: "true"
+        ingressClassName: nginx
+        hosts:
+          - host: collector.yourdomain.com
+            paths:
+              - path: /v1/(traces|metrics|logs)
+                pathType: Prefix
+                port: 4318
+        tls:
+          - hosts:
+              - collector.yourdomain.com
+            secretName: collector-tls
+```
+
+This configuration creates a separate ingress resource for the OTEL collector endpoints, allowing you to:
+- Use a different domain for collector traffic
+- Configure specific TLS settings
+- Apply custom annotations for the collector ingress
+- Route all telemetry signals through a single regex-based path rule
+
 ### Minimal Deployment
 
 For organizations with existing infrastructure:
@@ -285,7 +318,7 @@ helm install my-hyperdx hyperdx/hdx-oss-v2 \
 # values-gke.yaml
 hyperdx:
   appUrl: "http://34.123.61.99"  # Use your LoadBalancer external IP
-  
+
 otel:
   opampServerUrl: "http://my-hyperdx-hdx-oss-v2-app.default.svc.cluster.local:4320"
 
diff --git a/charts/hdx-oss-v2/templates/ingress.yaml b/charts/hdx-oss-v2/templates/ingress.yaml
@@ -35,4 +35,59 @@ spec:
                 name: {{ include "hdx-oss.fullname" . }}-app
                 port:
                   number: {{ .Values.hyperdx.appPort }}
-{{- end }}
+{{- range .Values.hyperdx.ingress.additionalIngresses}}
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: {{ printf "%s-%s" (include "hdx-oss.fullname" $) .name }}
+  labels:
+    {{- include "hdx-oss.labels" $ | nindent 4 }}
+  {{- if .annotations }}
+  {{- if not (kindIs "map" .annotations) }}
+  {{- fail "annotations must be a map of string key-value pairs" }}
+  {{- end }}
+  annotations:
+    {{- range $key, $value := .annotations }}
+    {{- printf "%s: %s" $key (tpl $value $ | quote) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+spec:
+  {{- if .ingressClassName }}
+  ingressClassName: {{ .ingressClassName }}
+  {{- end -}}
+  {{- if .tls }}
+  tls:
+    {{- range .tls }}
+    {{- if not .hosts }}
+    {{- fail "TLS configuration must contain hosts property" }}
+    {{- end }}
+    - hosts:
+        {{- range .hosts }}
+        - {{ tpl . $ | quote }}
+        {{- end }}
+      {{- with .secretName }}
+      secretName: {{ . }}
+      {{- end }}
+    {{- end }}
+  {{- end }}
+  rules:
+    {{- range .hosts }}
+    - host: {{ tpl .host $ | quote }}
+      http:
+        paths:
+          {{- range .paths }}
+          {{- if or (not .path) (not .pathType) (not .port) }}
+          {{- fail "Each path in additional ingress must contain path, pathType, and port properties" }}
+          {{- end }}
+          - path: {{ .path }}
+            pathType: {{ .pathType }}
+            backend:
+              service:
+                name: {{ include "hdx-oss.fullname" $ }}
+                port:
+                  number: {{ .port }}
+          {{- end }}
+    {{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/hdx-oss-v2/tests/__snapshot__/ingress_test.yaml.snap b/charts/hdx-oss-v2/tests/__snapshot__/ingress_test.yaml.snap
@@ -0,0 +1,60 @@
+should render additional ingress templates:
+  1: |
+    apiVersion: networking.k8s.io/v1
+    kind: Ingress
+    metadata:
+      annotations:
+        another: "yes"
+        testProperty: "true"
+      labels:
+        app.kubernetes.io/instance: RELEASE-NAME
+        app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: hdx-oss-v2
+        app.kubernetes.io/version: 1.0.0
+        helm.sh/chart: hdx-oss-v2-0.5.2
+      name: RELEASE-NAME-hdx-oss-v2-otel-collector
+    spec:
+      ingressClassName: nginx
+      rules:
+        - host: collector.example.com
+          http:
+            paths:
+              - backend:
+                  service:
+                    name: RELEASE-NAME-hdx-oss-v2
+                    port:
+                      number: 4318
+                path: /
+                pathType: Prefix
+should render additional ingress templates with TLS enabled:
+  1: |
+    apiVersion: networking.k8s.io/v1
+    kind: Ingress
+    metadata:
+      annotations:
+        another: "yes"
+        testProperty: "true"
+      labels:
+        app.kubernetes.io/instance: RELEASE-NAME
+        app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: hdx-oss-v2
+        app.kubernetes.io/version: 1.0.0
+        helm.sh/chart: hdx-oss-v2-0.5.2
+      name: RELEASE-NAME-hdx-oss-v2-otel-collector
+    spec:
+      ingressClassName: nginx
+      rules:
+        - host: collector.example.com
+          http:
+            paths:
+              - backend:
+                  service:
+                    name: RELEASE-NAME-hdx-oss-v2
+                    port:
+                      number: 4318
+                path: /
+                pathType: Prefix
+      tls:
+        - hosts:
+            - collector.example.com
+          secretName: otel-collector-tls
diff --git a/charts/hdx-oss-v2/tests/ingress_test.yaml b/charts/hdx-oss-v2/tests/ingress_test.yaml
diff --git a/charts/hdx-oss-v2/values.yaml b/charts/hdx-oss-v2/values.yaml

-Original file line number
+Diff line change
@@ @@ -0,0 +1,5 @@ @@
 +---
 +"helm-charts": minor
 +---
++
 +Allow defining additional ingresses so resources outside of the HyperDX application can accept traffic outside of the cluster.