Merge pull request #322 from younsl/feat/add-httproute

ameijer · web-flow · commit 2851387d7724 · 2026-01-21T11:05:55.000-05:00
feat(opencost): add Gateway API HTTPRoute support
diff --git a/charts/opencost/Chart.yaml b/charts/opencost/Chart.yaml
@@ -9,7 +9,7 @@ keywords:
 - finops
 - monitoring
 - opencost
-version: 2.5.3
+version: 2.5.4
 maintainers:
   - name: jessegoodier
   - name: toscott
diff --git a/charts/opencost/README.md b/charts/opencost/README.md
@@ -2,9 +2,9 @@
 
 OpenCost and OpenCost UI
 
-![Version: 2.1.5](https://img.shields.io/badge/Version-2.1.5-informational?style=flat-square)
+![Version: 2.5.0](https://img.shields.io/badge/Version-2.5.0-informational?style=flat-square)
 ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
-![AppVersion: 1.115.0](https://img.shields.io/badge/AppVersion-1.115.0-informational?style=flat-square)
+![AppVersion: 1.118.0](https://img.shields.io/badge/AppVersion-1.118.0-informational?style=flat-square)
 [![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/opencost)](https://artifacthub.io/packages/search?repo=opencost)
 [![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/opencost-oci)](https://artifacthub.io/packages/search?repo=opencost-oci)
 
@@ -57,7 +57,13 @@ $ helm install opencost opencost/opencost
 | opencost.customPricing.createConfigmap | bool | `true` | Configures the pricing model provided in the values file. |
 | opencost.customPricing.enabled | bool | `false` | Enables custom pricing configuration |
 | opencost.customPricing.provider | string | `"custom"` | Sets the provider type for the custom pricing file. |
-| opencost.dataRetention.dailyResolutionDays | int | `15` |  |
+| opencost.exporter.apiHttpRoute | object | `{"annotations":{},"enabled":false,"hostnames":[],"labels":{},"parentRefs":[{"name":"","namespace":"","sectionName":""}],"rules":[{"backendRefs":[{"name":"","port":9003}],"matches":[{"path":{"type":"PathPrefix","value":"/"}}]}]}` | HTTPRoute for OpenCost API (Gateway API) |
+| opencost.exporter.apiHttpRoute.annotations | object | `{}` | Annotations for HTTPRoute resource |
+| opencost.exporter.apiHttpRoute.enabled | bool | `false` | Enable HTTPRoute resource |
+| opencost.exporter.apiHttpRoute.hostnames | list | `[]` | Hostnames for the HTTPRoute |
+| opencost.exporter.apiHttpRoute.labels | object | `{}` | Labels for HTTPRoute resource |
+| opencost.exporter.apiHttpRoute.parentRefs | list | See [values.yaml](values.yaml) | Gateway API parent references |
+| opencost.exporter.apiHttpRoute.rules | list | See [values.yaml](values.yaml) | HTTPRoute rules |
 | opencost.exporter.apiIngress.annotations | object | `{}` | Annotations for Ingress resource |
 | opencost.exporter.apiIngress.enabled | bool | `false` | Ingress for OpenCost API |
 | opencost.exporter.apiIngress.hosts | list | See [values.yaml](values.yaml) | A list of host rules used to configure the Ingress |
@@ -70,21 +76,23 @@ $ helm install opencost opencost/opencost
 | opencost.exporter.cloudProviderApiKey | string | `""` | The GCP Pricing API requires a key. This is supplied just for evaluation. |
 | opencost.exporter.collectorDataSource.enabled | bool | `false` |  |
 | opencost.exporter.collectorDataSource.networkPort | int | `3001` | The port at which network pods are open to egress |
-| opencost.exporter.collectorDataSource.retentionResolution10m | int | `36` | The number of 10m intervals the Collector DataSource should maintain |
-| opencost.exporter.collectorDataSource.retentionResolution1d | int | `15` | The number of 1d intervals the Collector DataSource should maintain |
-| opencost.exporter.collectorDataSource.retentionResolution1h | int | `49` | The number of 1h intervals the Collector DataSource should maintain |
+| opencost.exporter.collectorDataSource.retention10m | int | `36` | The number of 10m intervals the Collector DataSource should maintain |
+| opencost.exporter.collectorDataSource.retention1d | int | `15` | The number of 1d intervals the Collector DataSource should maintain |
+| opencost.exporter.collectorDataSource.retention1h | int | `49` | The number of 1h intervals the Collector DataSource should maintain |
 | opencost.exporter.collectorDataSource.scrapeInterval | string | `"30s"` | define the interval at which the collector scrapes for data points (10s, 15s, 1m) |
+| opencost.exporter.command | list | `[]` | Optional command to override the default container command |
 | opencost.exporter.csv_path | string | `""` |  |
 | opencost.exporter.defaultClusterId | string | `"default-cluster"` | Default cluster ID to use if cluster_id is not set in Prometheus metrics. |
 | opencost.exporter.env | list | `[]` | List of additional environment variables to set in the container |
 | opencost.exporter.extraArgs | list | `[]` | List of extra arguments for the command, e.g.: log-format=json |
 | opencost.exporter.extraEnv | object | `{}` | Any extra environment variables you would like to pass on to the pod |
 | opencost.exporter.extraVolumeMounts | list | `[]` | A list of volume mounts to be added to the pod |
+| opencost.exporter.image | object | `{"fullImageName":null,"pullPolicy":"IfNotPresent","registry":"ghcr.io","repository":"opencost/opencost","tag":"1.118.0@sha256:c1a08767fe3c3b2964a75885c145bae0cba32225c0b4c1e0382a77566aef93e9"}` | This overrides the above defaultClusterId. Ensure the ConfigMap exists and contains the required CLUSTER_ID key. clusterIdConfigmap: cluster-id-configmap |
 | opencost.exporter.image.fullImageName | string | `nil` | Override the full image name for development purposes |
 | opencost.exporter.image.pullPolicy | string | `"IfNotPresent"` | Exporter container image pull policy |
 | opencost.exporter.image.registry | string | `"ghcr.io"` | Exporter container image registry |
 | opencost.exporter.image.repository | string | `"opencost/opencost"` | Exporter container image name |
-| opencost.exporter.image.tag | string | `"1.115.0@sha256:fb6468a1ef45dbd4a9e521122c8d306f882bb33d1657d28d21aeaef79412e9e1"` | Exporter container image tag |
+| opencost.exporter.image.tag | string | `"1.118.0@sha256:c1a08767fe3c3b2964a75885c145bae0cba32225c0b4c1e0382a77566aef93e9"` | Exporter container image tag |
 | opencost.exporter.livenessProbe.enabled | bool | `true` | Whether probe is enabled |
 | opencost.exporter.livenessProbe.failureThreshold | int | `3` | Number of failures for probe to be considered failed |
 | opencost.exporter.livenessProbe.initialDelaySeconds | int | `10` | Number of seconds before probe is initiated |
@@ -96,6 +104,7 @@ $ helm install opencost opencost/opencost
 | opencost.exporter.persistence.mountPath | string | `"/mnt/export"` | The path that the PV will be mounted to the exporter at |
 | opencost.exporter.persistence.size | string | `""` | Size for persistent volume |
 | opencost.exporter.persistence.storageClass | string | `""` | Storage class for persistent volume |
+| opencost.exporter.prometheusDataSource.queryResolutionSeconds | int | `300` |  |
 | opencost.exporter.readinessProbe.enabled | bool | `true` | Whether probe is enabled |
 | opencost.exporter.readinessProbe.failureThreshold | int | `3` | Number of failures for probe to be considered failed |
 | opencost.exporter.readinessProbe.initialDelaySeconds | int | `10` | Number of seconds before probe is initiated |
@@ -111,6 +120,21 @@ $ helm install opencost opencost/opencost
 | opencost.exporter.startupProbe.path | string | `"/healthz"` | Probe path |
 | opencost.exporter.startupProbe.periodSeconds | int | `5` | Probe frequency in seconds |
 | opencost.extraContainers | list | `[]` | extra sidecars to add to the pod.  Useful for things like oauth-proxy for the UI |
+| opencost.mcp | object | `{"enabled":true,"httpRoute":{"annotations":{},"enabled":false,"hostnames":[],"labels":{},"parentRefs":[{"name":"","namespace":"","sectionName":""}],"rules":[{"backendRefs":[{"name":"","port":8081}],"matches":[{"path":{"type":"PathPrefix","value":"/"}}]}]},"ingress":{"annotations":{},"enabled":false,"hosts":[{"host":"example.local","paths":[{"path":"/","pathType":"Prefix"}]}],"ingressClassName":"","tls":[]},"port":8081}` | MCP (Model Context Protocol) Server Configuration The MCP server provides AI agents with access to cost allocation and asset data |
+| opencost.mcp.enabled | bool | `true` | Enable MCP server for AI agent integration (default: true) Set to false to disable MCP server completely |
+| opencost.mcp.httpRoute | object | `{"annotations":{},"enabled":false,"hostnames":[],"labels":{},"parentRefs":[{"name":"","namespace":"","sectionName":""}],"rules":[{"backendRefs":[{"name":"","port":8081}],"matches":[{"path":{"type":"PathPrefix","value":"/"}}]}]}` | HTTPRoute for MCP server (Gateway API) |
+| opencost.mcp.httpRoute.annotations | object | `{}` | Annotations for HTTPRoute resource |
+| opencost.mcp.httpRoute.enabled | bool | `false` | Enable HTTPRoute resource |
+| opencost.mcp.httpRoute.hostnames | list | `[]` | Hostnames for the HTTPRoute |
+| opencost.mcp.httpRoute.labels | object | `{}` | Labels for HTTPRoute resource |
+| opencost.mcp.httpRoute.parentRefs | list | See [values.yaml](values.yaml) | Gateway API parent references |
+| opencost.mcp.httpRoute.rules | list | See [values.yaml](values.yaml) | HTTPRoute rules |
+| opencost.mcp.ingress.annotations | object | `{}` | Annotations for Ingress resource |
+| opencost.mcp.ingress.enabled | bool | `false` | Ingress for MCP server |
+| opencost.mcp.ingress.hosts | list | See [values.yaml](values.yaml) | A list of host rules used to configure the Ingress |
+| opencost.mcp.ingress.ingressClassName | string | `""` | Ingress controller which implements the resource |
+| opencost.mcp.ingress.tls | list | `[]` | Ingress TLS configuration |
+| opencost.mcp.port | int | `8081` | HTTP port for MCP server (default: 8081) Change this if port 8081 conflicts with other services |
 | opencost.metrics.config.configmapName | string | `"custom-metrics"` | Customize the configmap name used for metrics |
 | opencost.metrics.config.disabledMetrics | list | `[]` | List of metrics to be disabled |
 | opencost.metrics.config.enabled | bool | `false` | Enables creating the metrics.json configuration as a ConfigMap |
@@ -147,10 +171,10 @@ $ helm install opencost opencost/opencost
 | opencost.prometheus.insecureSkipVerify | bool | `false` | Whether to disable SSL certificate verification |
 | opencost.prometheus.internal.enabled | bool | `true` | Use in-cluster Prometheus |
 | opencost.prometheus.internal.namespaceName | string | `"prometheus-system"` | Namespace of in-cluster Prometheus |
+| opencost.prometheus.internal.path | string | `""` | Path to access the Prometheus API, this is neccesary if the Prometheus server is behind a reverse proxy(mimir) or has a different path. |
 | opencost.prometheus.internal.port | int | `80` | Service port of in-cluster Prometheus |
 | opencost.prometheus.internal.scheme | string | `"http"` | Scheme to use for in-cluster Prometheus |
 | opencost.prometheus.internal.serviceName | string | `"prometheus-server"` | Service name of in-cluster Prometheus |
-| opencost.prometheus.internal.path | string | `""` | Set path to prometheus if behind reverse proxy(mimir) |
 | opencost.prometheus.kubeRBACProxy | bool | `false` | If true, opencost will use kube-rbac-proxy to authenticate with in cluster Prometheus for openshift |
 | opencost.prometheus.password | string | `""` | Prometheus Basic auth password |
 | opencost.prometheus.password_key | string | `"DB_BASIC_AUTH_PW"` | Key in the secret that references the password |
@@ -167,6 +191,8 @@ $ helm install opencost opencost/opencost
 | opencost.prometheus.thanos.queryOffset | string | `""` |  |
 | opencost.prometheus.username | string | `""` | Prometheus Basic auth username |
 | opencost.prometheus.username_key | string | `"DB_BASIC_AUTH_USERNAME"` | Key in the secret that references the username |
+| opencost.retention1d | int | `15` |  |
+| opencost.retention1h | int | `49` |  |
 | opencost.sigV4Proxy.extraEnv | string | `nil` |  |
 | opencost.sigV4Proxy.host | string | `"aps-workspaces.us-west-2.amazonaws.com"` |  |
 | opencost.sigV4Proxy.image | string | `"public.ecr.aws/aws-observability/aws-sigv4-proxy:latest"` |  |
@@ -181,6 +207,13 @@ $ helm install opencost opencost/opencost
 | opencost.ui.enabled | bool | `true` | Enable OpenCost UI |
 | opencost.ui.extraEnv | list | `[]` | A list of environment variables to be added to the pod |
 | opencost.ui.extraVolumeMounts | list | `[]` | A list of volume mounts to be added to the pod |
+| opencost.ui.httpRoute | object | `{"annotations":{},"enabled":false,"hostnames":[],"labels":{},"parentRefs":[{"name":"","namespace":"","sectionName":""}],"rules":[{"backendRefs":[{"name":"","port":9090}],"matches":[{"path":{"type":"PathPrefix","value":"/"}}]}]}` | HTTPRoute for OpenCost UI (Gateway API) |
+| opencost.ui.httpRoute.annotations | object | `{}` | Annotations for HTTPRoute resource |
+| opencost.ui.httpRoute.enabled | bool | `false` | Enable HTTPRoute resource |
+| opencost.ui.httpRoute.hostnames | list | `[]` | Hostnames for the HTTPRoute |
+| opencost.ui.httpRoute.labels | object | `{}` | Labels for HTTPRoute resource |
+| opencost.ui.httpRoute.parentRefs | list | See [values.yaml](values.yaml) | Gateway API parent references |
+| opencost.ui.httpRoute.rules | list | See [values.yaml](values.yaml) | HTTPRoute rules |
 | opencost.ui.image.fullImageName | string | `nil` | Override the full image name for development purposes |
 | opencost.ui.image.pullPolicy | string | `"IfNotPresent"` | UI container image pull policy |
 | opencost.ui.image.registry | string | `"ghcr.io"` | UI container image registry |
@@ -211,18 +244,22 @@ $ helm install opencost opencost/opencost
 | opencost.ui.route.targetPort | string | `"http-ui"` | Redirect ingress to an extraPort defined on the service such as oauth-proxy |
 | opencost.ui.route.tls | list | `[]` | Ingress TLS configuration |
 | opencost.ui.securityContext | object | `{}` | The security options the container should be run with |
+| opencost.ui.uiPath | string | `"/"` |  |
 | opencost.ui.uiPort | int | `9090` |  |
-| opencost.ui.uiPath | string | `/` | Base path for serving the UI. Requires building a custom image using the build argument "ui_path". |
 | opencost.ui.useDefaultFqdn | bool | `false` |  |
 | opencost.ui.useIPv6 | bool | `true` |  |
-| opencost.updateCaTrust.enabled | bool | `false` | Enable update of CA trust(Mount custom CA certificates to the opencost container) |
-| opencost.updateCaTrust.securityContext | object | `{}` | Security context for the init container that mounts the custom CA certificates |
-| opencost.updateCaTrust.caCertsSecret | string | `"ca-certs-secret"` | Name of the Secret containing custom CA certificates to mount to the opencost container |
-| opencost.updateCaTrust.caCertsConfig | string | `"ca-certs-config"` | Name of the ConfigMap containing CA certificates to mount to the opencost container |
-| opencost.updateCaTrust.resources | object | `{}` | Resources for the init container |
+| opencost.updateCaTrust.caCertsSecret | string | `"ca-certs-secret"` |  |
+| opencost.updateCaTrust.enabled | bool | `false` |  |
+| opencost.updateCaTrust.resources | object | `{}` |  |
+| opencost.updateCaTrust.securityContext.allowPrivilegeEscalation | bool | `false` |  |
+| opencost.updateCaTrust.securityContext.readOnlyRootFilesystem | bool | `true` |  |
+| opencost.updateCaTrust.securityContext.runAsGroup | int | `0` |  |
+| opencost.updateCaTrust.securityContext.runAsNonRoot | bool | `false` |  |
+| opencost.updateCaTrust.securityContext.runAsUser | int | `0` |  |
+| opencost.updateCaTrust.securityContext.seccompProfile.type | string | `"RuntimeDefault"` |  |
 | pdb.enabled | bool | `false` |  |
-| pdb.minAvailable | int | `nil` | Minimum number of pods that must be available after the eviction |
-| pdb.maxUnavailable | int | `nil` | Maximum number of pods that can be unavailable after the eviction |
+| pdb.maxUnavailable | string | `nil` | Maximum number of pods that can be unavailable after the eviction |
+| pdb.minAvailable | string | `nil` | Minimum number of pods that must be available after the eviction |
 | plugins.configs | string | `nil` |  |
 | plugins.enabled | bool | `false` |  |
 | plugins.folder | string | `"/opt/opencost/plugin"` |  |
diff --git a/charts/opencost/templates/httproute.yaml b/charts/opencost/templates/httproute.yaml
@@ -0,0 +1,131 @@
+{{- if and .Values.opencost.ui.enabled .Values.opencost.ui.httpRoute.enabled }}
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: {{ include "opencost.fullname" . }}-ui
+  namespace: {{ include "opencost.namespace" . }}
+  labels: {{- include "opencost.labels" . | nindent 4 }}
+  {{- with .Values.opencost.ui.httpRoute.labels }}
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  {{- with .Values.opencost.ui.httpRoute.annotations }}
+  annotations: {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  parentRefs:
+    {{- range .Values.opencost.ui.httpRoute.parentRefs }}
+    - name: {{ .name }}
+      {{- if .namespace }}
+      namespace: {{ .namespace }}
+      {{- end }}
+      {{- if .sectionName }}
+      sectionName: {{ .sectionName }}
+      {{- end }}
+    {{- end }}
+  {{- with .Values.opencost.ui.httpRoute.hostnames }}
+  hostnames:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  rules:
+    {{- range .Values.opencost.ui.httpRoute.rules }}
+    - matches:
+        {{- range .matches }}
+        - path:
+            type: {{ .path.type }}
+            value: {{ .path.value }}
+        {{- end }}
+      backendRefs:
+        {{- range .backendRefs }}
+        - name: {{ default (include "opencost.fullname" $) .name }}
+          port: {{ default $.Values.opencost.ui.uiPort .port }}
+        {{- end }}
+    {{- end }}
+{{- end }}
+---
+{{- if .Values.opencost.exporter.apiHttpRoute.enabled }}
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: {{ include "opencost.fullname" . }}-api
+  namespace: {{ include "opencost.namespace" . }}
+  labels: {{- include "opencost.labels" . | nindent 4 }}
+  {{- with .Values.opencost.exporter.apiHttpRoute.labels }}
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  {{- with .Values.opencost.exporter.apiHttpRoute.annotations }}
+  annotations: {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  parentRefs:
+    {{- range .Values.opencost.exporter.apiHttpRoute.parentRefs }}
+    - name: {{ .name }}
+      {{- if .namespace }}
+      namespace: {{ .namespace }}
+      {{- end }}
+      {{- if .sectionName }}
+      sectionName: {{ .sectionName }}
+      {{- end }}
+    {{- end }}
+  {{- with .Values.opencost.exporter.apiHttpRoute.hostnames }}
+  hostnames:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  rules:
+    {{- range .Values.opencost.exporter.apiHttpRoute.rules }}
+    - matches:
+        {{- range .matches }}
+        - path:
+            type: {{ .path.type }}
+            value: {{ .path.value }}
+        {{- end }}
+      backendRefs:
+        {{- range .backendRefs }}
+        - name: {{ default (include "opencost.fullname" $) .name }}
+          port: {{ default $.Values.opencost.exporter.apiPort .port }}
+        {{- end }}
+    {{- end }}
+{{- end }}
+---
+{{- if and .Values.opencost.mcp.enabled .Values.opencost.mcp.httpRoute.enabled }}
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: {{ include "opencost.fullname" . }}-mcp
+  namespace: {{ include "opencost.namespace" . }}
+  labels: {{- include "opencost.labels" . | nindent 4 }}
+  {{- with .Values.opencost.mcp.httpRoute.labels }}
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  {{- with .Values.opencost.mcp.httpRoute.annotations }}
+  annotations: {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  parentRefs:
+    {{- range .Values.opencost.mcp.httpRoute.parentRefs }}
+    - name: {{ .name }}
+      {{- if .namespace }}
+      namespace: {{ .namespace }}
+      {{- end }}
+      {{- if .sectionName }}
+      sectionName: {{ .sectionName }}
+      {{- end }}
+    {{- end }}
+  {{- with .Values.opencost.mcp.httpRoute.hostnames }}
+  hostnames:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  rules:
+    {{- range .Values.opencost.mcp.httpRoute.rules }}
+    - matches:
+        {{- range .matches }}
+        - path:
+            type: {{ .path.type }}
+            value: {{ .path.value }}
+        {{- end }}
+      backendRefs:
+        {{- range .backendRefs }}
+        - name: {{ default (include "opencost.fullname" $) .name }}
+          port: {{ default $.Values.opencost.mcp.port .port }}
+        {{- end }}
+    {{- end }}
+{{- end }}
diff --git a/charts/opencost/values.yaml b/charts/opencost/values.yaml
