Merge pull request #370 from reportportal/develop

Release 24.1

.gitignore

@@ -1,14 +1,24 @@
-*.xml
+# Idea
 /idea/*
 /.idea/
-*.iml
+
+# VSCode
 .vscode/
+
+# Helm
+charts/
+/reportportal/charts/
+/reportportal/Chart.lock
+
+# Other
+*.xml
+*.iml
 .DS_Store
 *.old
 *.backup
 *.bak
 *.orig
 *.rej
-charts/
-Chart.lock
-*.tgz
+*.tgz
+tmp/
+temp/

README.md

@@ -7,19 +7,21 @@
 [![License](https://img.shields.io/badge/license-Apache-brightgreen.svg)](https://www.apache.org/licenses/LICENSE-2.0)
 [![Build with Love](https://img.shields.io/badge/build%20with-❤%EF%B8%8F%E2%80%8D-lightgrey.svg)](http://reportportal.io?style=flat)
 
-
 This repository houses the Helm chart for ReportPortal, a powerful and flexible TestOps service, that provides increased capabilities to speed up results analysis and reporting through the use of built-in analytic features.
 
 ## Prerequisites
+
 * Kubernetes v1.26+
 * Helm Package Manager v3.4+
 
 ## Documentation
+
 * [General User Manual](https://reportportal.io/docs/)
 * [Expert guide and hacks for deploying ReportPortal on Kubernetes](https://reportportal.io/docs/installation-steps/DeployWithKubernetes)
 * [Quick Start Guide for Google Cloud Platform GKE](./reportportal/docs/quick-start-gcp-gke.md)
 
 ## Community / Support
+
 * [**Slack chat**](https://reportportal-slack-auto.herokuapp.com)
 * [**Security Advisories**](https://github.com/reportportal/reportportal/blob/master/SECURITY_ADVISORIES.md)
 * [GitHub Issues](https://github.com/reportportal/reportportal/issues)
@@ -29,5 +31,5 @@ This repository houses the Helm chart for ReportPortal, a powerful and flexible
 * [YouTube Channel](https://www.youtube.com/channel/UCsZxrHqLHPJcrkcgIGRG-cQ)
 
 ## License
-Report Portal is [Apache 2.0](https://www.apache.org/licenses/LICENSE-2.0).
 
+Report Portal is [Apache 2.0](https://www.apache.org/licenses/LICENSE-2.0).

docs/README.md

@@ -0,0 +1,19 @@
+# Kubernetes installation guides
+
+This directory contains installation guides for ReportPortal on Kubernetes.
+
+- [Install ReportPortal on Minikube](minikube-install.md)
+- [Install ReportPortal on GKE](gke-install.md)
+- [Certificates Management](certificates-management.md)
+- [Cert-Manager Configuration](cert-manager-config.md)
+- [Google Managed Certificates Configuration](gcp-managed-cert-config.md)
+
+## Google Kubernetes Engine (GKE) application
+
+Here is a repository with a repository wrapper for Google Cloud Platform Marketplace:
+[reportportal/gcp-k8s-app](https://github.com/reportportal/gcp-k8s-app)
+
+## Feedback
+
+You can provide feedback on these installation guides by
+[opening an issue](https://github.com/reportportal/kubernetes/issues/new/choose).

docs/cert-manager-config.md

@@ -0,0 +1,90 @@
+# Using Cert-Manager to manage certificates
+
+- [Using Cert-Manager to manage certificates](#using-cert-manager-to-manage-certificates)
+  - [Overview](#overview)
+  - [Install Cert-Manager](#install-cert-manager)
+  - [Create an Issuer resource](#create-an-issuer-resource)
+  - [Configure the Ingress resource](#configure-the-ingress-resource)
+
+## Overview
+
+You can use [Cert-Manager](https://cert-manager.io/docs/) to manage certificates for your domain name.
+
+Detailed instructions on how to install and configure Cert-Manager can be found in the [official documentation](https://cert-manager.io/docs/getting-started/).
+
+## Install Cert-Manager
+
+```bash
+kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.8.2/cert-manager.yaml
+```
+
+This will install the latest version of Cert-Manager.
+
+Check the installation:
+
+```bash
+kubectl -n cert-manager get all
+```
+
+## Create an Issuer resource
+
+Create a file called `letsencrypt.yaml` with the following content:
+
+```yaml
+# letsencrypt.yaml
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: letsencrypt
+spec:
+  acme:
+    server: https://acme-v02.api.letsencrypt.org/directory
+    email: {EMAIL_ADDRESS} # Replace this with your email address
+    privateKeySecretRef:
+      name: letsencrypt
+    solvers:
+    - http01:
+        ingress:
+          name: {APP_NAME}-gateway-ingress
+```
+
+Apply the configuration:
+
+```bash
+kubectl apply -f letsencrypt.yaml
+```
+
+## Configure the Ingress resource
+
+Open the Ingress resource for editing:
+
+```bash
+kubectl edit ingress {APP_NAME}-gateway-ingress
+```
+
+Add the following annotations:
+
+```yaml
+...
+metadata:
+  annotations:
+    cert-manager.io/issuer: letsencrypt
+...
+```
+
+Add the following tls section if it does not exist:
+
+```yaml
+spec:
+  tls:
+  - secretName: {APP_NAME}-gateway-tls
+    hosts:
+      - example.com
+...
+```
+
+After saving the changes, Cert-Manager will automatically request a certificate from Let's Encrypt
+and store it in the `APP_NAME-gateway-tls` secret.
+
+Read more about Cert-Manager and Let's Encrypt integration in
+the [official documentation](https://cert-manager.io/docs/configuration/acme/).

docs/certificates-management.md

@@ -0,0 +1,14 @@
+# Use certificates for secure HTTPS connections
+
+Certificates are used to secure connections between clients and servers over HTTPS.
+We provide built-in certificate managers to automatically provision, renew,
+and manage certificates for your domain.
+
+You must own a domain and opportunity to manage DNS records to use certificates.
+
+There are two options for managing certificates:
+
+- [Google-managed SSL certificates](./gcp-managed-cert-config.md)
+are available only for use with Google Cloud Platform (GCP) services.
+- [Cert-Manager](./cert-manager-config.md)
+is vendor-agnostic and can be used with any Kubernetes cluster and Cloud providers.

docs/gcp-managed-cert-config.md

@@ -0,0 +1,158 @@
+# Use Google-managed SSL certificates
+
+- [Use Google-managed SSL certificates](#use-google-managed-ssl-certificates)
+  - [Limitations](#limitations)
+  - [Before you begin](#before-you-begin)
+  - [Add a Google-managed SSL via Helm chart](#add-a-google-managed-ssl-via-helm-chart)
+  - [Manual adding a Google-managed SSL certificate](#manual-adding-a-google-managed-ssl-certificate)
+    - [Setting up a Google-managed certificate](#setting-up-a-google-managed-certificate)
+      - [Create a `ManagedCertificate` resource](#create-a-managedcertificate-resource)
+      - [Update the Ingress resource](#update-the-ingress-resource)
+  - [Check the status of the certificate](#check-the-status-of-the-certificate)
+    - [Using kubectl](#using-kubectl)
+    - [Using the Google Cloud CLI](#using-the-google-cloud-cli)
+  - [Disable HTTP Load Balancing](#disable-http-load-balancing)
+  - [Clean up](#clean-up)
+
+You can use Google-managed SSL certificates to secure your custom domain with HTTPS.
+Google-managed SSL certificates are provisioned, renewed, and managed for your domain by Google.
+You can use Google-managed SSL certificates with Google Kubernetes Engine (GKE) and Google Cloud Load Balancing.
+
+Comprehensive documentation is available at [Google-managed SSL certificates](https://cloud.google.com/kubernetes-engine/docs/how-to/managed-certs).
+
+## Limitations
+
+- Don't support wildcard domains.
+- The domain name must be no longer than 63 characters.
+- Your ingressClassName must be "gce".
+- You must apply Ingress and ManagedCertificate resources in the same project and namespace.
+
+## Before you begin
+
+- [Install the Google Cloud CLI](https://cloud.google.com/sdk/docs/install).
+- [Install kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/).
+- [Set up default gcloud settings](https://cloud.google.com/sdk/gcloud/reference/init).
+- [Set up Environment Variables](./quick-start-gcp-gke.md#set-up-environment-variables).
+- [Get cluster credentials for kubectl](./quick-start-gcp-gke.md#get-cluster-credentials-for-kubectl)
+
+## Add a Google-managed SSL via Helm chart
+
+To add a Google-managed SSL certificate to your ReportPortal deployment,
+you need to set the following parameters:
+
+```bash
+helm install \
+...
+  --set ingress.tls.certificate.gcpManaged=true
+  --set ingress.hosts[0]="example.com"
+...
+
+```
+
+Helm creates a `ManagedCertificate` resource and an `Ingress` resource that references the `ManagedCertificate` resource.
+
+GKE automatically provisions the certificate and configures the load balancer to use it.
+
+## Manual adding a Google-managed SSL certificate
+
+### Setting up a Google-managed certificate
+
+#### Create a `ManagedCertificate` resource
+
+Create a `ManagedCertificate` resource in gcp-managed-cert.yaml to request a Google-managed SSL certificate for your domain.
+
+```yaml
+# gcp-managed-cert.yaml
+apiVersion: networking.gke.io/v1
+kind: ManagedCertificate
+metadata:
+  name: gcp-managed-certificate
+spec:
+  domains:
+    - FQDN_1
+    - FQDN_2
+```
+
+`FQDN_1`, `FQDN_2`: Fully-qualified domain names that you own. For example, example.com.
+
+Apply the configuration:
+
+```bash
+kubectl apply -f gcp-managed-cert.yaml
+```
+
+#### Update the Ingress resource
+
+> **Note:** Replace `{APP_NAME}` with your application name.
+
+If you have tls section in your Ingress resource, remove it.
+
+```bash
+kubectl edit ingress ${APP_NAME}-gateway-ingress
+```
+
+Update the Ingress resource to reference the `ManagedCertificate` resource:
+
+```bash
+kubectl annotate ingress ${APP_NAME}-gateway-ingress networking.gke.io/manage-certificates=gcp-managed-certificate
+```
+
+## Check the status of the certificate
+
+### Using kubectl
+
+To check the status of the certificate, run the following command:
+
+```bash
+kubectl describe managedcertificate
+```
+
+In the output, look for the `Status`. The status contains `Certificate Status`.
+`Certificate Name` is the GCP managed certificate name.
+
+### Using the Google Cloud CLI
+
+To check all GCP managed certificates, run the following command:
+
+```bash
+gcloud compute ssl-certificates list --global
+```
+
+You need to find the certificate by the Google generated name and check the `MANAGED_STATUS` column.
+
+You can get Google generated name from the `Certificate Name` [using kubectl](#using-kubectl).
+
+## Disable HTTP Load Balancing
+
+If you want to disable HTTP Load Balancing, you can do it after the certificate
+is attached to the Ingress resource:
+
+```bash
+kubectl annotate ingress ${APP_NAME}-gateway-ingress kubernetes.io/ingress.allow-http: "false"
+```
+
+## Clean up
+
+To delete the `ManagedCertificate` resource:
+
+```bash
+kubectl delete managedcertificate gcp-managed-certificate
+```
+
+Remove the `ManagedCertificate` reference from the Ingress resource:
+
+```bash
+kubectl annotate ingress managed-cert-ingress networking.gke.io/gcp-managed-certificate-
+```
+
+Also, check that the certificate is removed from the Google Cloud Console
+
+```bash
+gcloud compute ssl-certificates list --global
+```
+
+If the certificate is still present, delete it:
+
+```bash
+gcloud compute ssl-certificates delete ${CERTIFICATE_NAME} --global
+```