957 lines
43 KiB
YAML
957 lines
43 KiB
YAML
{{- if .Values.kubecostFrontend.enabled }}
|
|
{{- if and (not .Values.agent) (not .Values.cloudAgent) (not .Values.federatedETL.agentOnly) }}
|
|
{{- $serviceName := include "cost-analyzer.serviceName" . -}}
|
|
{{- if .Values.saml.enabled }}
|
|
{{- if .Values.oidc.enabled }}
|
|
{{- fail "SAML and OIDC cannot both be enabled" }}
|
|
{{- end }}
|
|
{{- end }}
|
|
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: nginx-conf
|
|
namespace: {{ .Release.Namespace }}
|
|
labels:
|
|
{{ include "cost-analyzer.commonLabels" . | nindent 4 }}
|
|
data:
|
|
nginx.conf: |
|
|
gzip_static on;
|
|
|
|
# Enable gzip encoding for content of the provided types of 50kb and higher.
|
|
gzip on;
|
|
gzip_min_length 50000;
|
|
gzip_proxied expired no-cache no-store private auth;
|
|
gzip_types
|
|
application/atom+xml
|
|
application/geo+json
|
|
application/javascript
|
|
application/x-javascript
|
|
application/json
|
|
application/ld+json
|
|
application/manifest+json
|
|
application/rdf+xml
|
|
application/rss+xml
|
|
application/vnd.ms-fontobject
|
|
application/wasm
|
|
application/x-web-app-manifest+json
|
|
application/xhtml+xml
|
|
application/xml
|
|
font/eot
|
|
font/otf
|
|
font/ttf
|
|
image/bmp
|
|
image/svg+xml
|
|
text/cache-manifest
|
|
text/calendar
|
|
text/css
|
|
text/javascript
|
|
text/markdown
|
|
text/plain
|
|
text/xml
|
|
text/x-component
|
|
text/x-cross-domain-policy;
|
|
|
|
upstream api {
|
|
{{- if.Values.kubecostFrontend.api }}
|
|
{{- if.Values.kubecostFrontend.api.fqdn }}
|
|
server {{ .Values.kubecostFrontend.api.fqdn }};
|
|
{{- else }}
|
|
server {{ $serviceName }}.{{ .Release.Namespace }}:9001;
|
|
{{- end }}
|
|
{{- else }}
|
|
server {{ $serviceName }}.{{ .Release.Namespace }}:9001;
|
|
{{- end }}
|
|
}
|
|
|
|
upstream model {
|
|
{{- if.Values.kubecostFrontend.model }}
|
|
{{- if.Values.kubecostFrontend.model.fqdn }}
|
|
server {{ .Values.kubecostFrontend.model.fqdn }};
|
|
{{- else }}
|
|
server {{ $serviceName }}.{{ .Release.Namespace }}:9003;
|
|
{{- end }}
|
|
{{- else }}
|
|
server {{ $serviceName }}.{{ .Release.Namespace }}:9003;
|
|
{{- end }}
|
|
}
|
|
|
|
{{- if .Values.clusterController }}
|
|
{{- if .Values.clusterController.enabled }}
|
|
upstream clustercontroller {
|
|
{{- if .Values.clusterController.fqdn }}
|
|
server {{ .Values.clusterController.fqdn }};
|
|
{{- else }}
|
|
server {{ template "kubecost.clusterControllerName" . }}-service.{{ .Release.Namespace }}:9731;
|
|
{{- end }}
|
|
}
|
|
{{- end }}
|
|
{{- end }}
|
|
|
|
{{- if .Values.global.grafana.proxy }}
|
|
upstream grafana {
|
|
{{- if .Values.global.grafana.enabled }}
|
|
{{- if .Values.global.grafana.fqdn }}
|
|
server {{ .Values.global.grafana.fqdn }};
|
|
{{- else }}
|
|
server {{ .Release.Name }}-grafana.{{ .Release.Namespace }};
|
|
{{- end }}
|
|
{{- else }}
|
|
server {{.Values.global.grafana.domainName}};
|
|
{{- end }}
|
|
}
|
|
{{- end }}
|
|
|
|
{{- if .Values.forecasting.enabled }}
|
|
upstream forecasting {
|
|
server {{ .Release.Name }}-forecasting.{{ .Release.Namespace }}:5000;
|
|
}
|
|
{{- end }}
|
|
|
|
{{- if and (not .Values.agent) (not .Values.cloudAgent) (not (eq (include "aggregator.deployMethod" .) "disabled")) }}
|
|
upstream aggregator {
|
|
server {{ .Release.Name }}-aggregator.{{ .Release.Namespace }}:9004;
|
|
}
|
|
upstream cloudCost {
|
|
server {{ template "cloudCost.serviceName" . }}.{{ .Release.Namespace }}:9005;
|
|
}
|
|
{{- end }}
|
|
{{- if and .Values.diagnostics.enabled .Values.diagnostics.isDiagnosticsPrimary.enabled }}
|
|
{{- if (not (empty .Values.kubecostModel.federatedStorageConfigSecret )) }}
|
|
upstream multi-cluster-diagnostics {
|
|
server {{ template "diagnostics.fullname" . }}.{{ .Release.Namespace }}:9007;
|
|
}
|
|
{{- end }}
|
|
{{- end }}
|
|
|
|
server {
|
|
server_name _;
|
|
root /var/www;
|
|
index index.html;
|
|
|
|
add_header Cache-Control "must-revalidate";
|
|
|
|
{{- if.Values.kubecostFrontend.extraServerConfig }}
|
|
{{- .Values.kubecostFrontend.extraServerConfig | toString | nindent 8 -}}
|
|
{{- else }}
|
|
large_client_header_buffers 4 32k;
|
|
{{- end }}
|
|
|
|
error_page 504 /custom_504.html;
|
|
location = /custom_504.html {
|
|
internal;
|
|
}
|
|
|
|
{{- if or .Values.saml.enabled .Values.oidc.enabled }}
|
|
add_header Cache-Control "max-age=0";
|
|
location / {
|
|
auth_request /auth;
|
|
proxy_redirect off;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Connection "";
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
error_page 401 = /login;
|
|
try_files $uri $uri/ /index.html;
|
|
}
|
|
{{- else }}
|
|
add_header Cache-Control "max-age=300";
|
|
location / {
|
|
try_files $uri $uri/ /index.html;
|
|
}
|
|
{{- end }}
|
|
{{- if .Values.imageVersion }}
|
|
add_header ETag "{{ $.Values.imageVersion }}";
|
|
{{- else }}
|
|
add_header ETag "{{ $.Chart.Version }}";
|
|
{{- end }}
|
|
{{- if .Values.kubecostFrontend.tls }}
|
|
{{- if .Values.kubecostFrontend.tls.enabled }}
|
|
{{- if .Values.kubecostFrontend.tls.specifyProtocols }}
|
|
ssl_protocols {{ $.Values.kubecostFrontend.tls.protocols }};
|
|
{{- end }}
|
|
ssl_certificate /etc/ssl/certs/kc.crt;
|
|
ssl_certificate_key /etc/ssl/certs/kc.key;
|
|
listen {{ .Values.service.targetPort }} ssl;
|
|
{{- if .Values.kubecostFrontend.ipv6.enabled }}
|
|
listen [::]:{{ .Values.service.targetPort }} ssl;
|
|
{{- end }}
|
|
{{- else }}
|
|
listen {{ .Values.service.targetPort }};
|
|
{{- if .Values.kubecostFrontend.ipv6.enabled }}
|
|
listen [::]:{{ .Values.service.targetPort }};
|
|
{{- end }}
|
|
{{- end }}
|
|
{{- else }}
|
|
listen {{ .Values.service.targetPort }};
|
|
{{- if .Values.kubecostFrontend.ipv6.enabled }}
|
|
listen [::]:{{ .Values.service.targetPort }};
|
|
{{- end }}
|
|
{{- end }}
|
|
location /api/ {
|
|
{{- if or .Values.saml.enabled .Values.oidc.enabled }}
|
|
auth_request /auth;
|
|
{{- end }}
|
|
proxy_pass http://api/;
|
|
proxy_redirect off;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Connection "";
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
}
|
|
location /model/ {
|
|
proxy_connect_timeout {{ .Values.kubecostFrontend.timeoutSeconds | default 300 }};
|
|
proxy_send_timeout {{ .Values.kubecostFrontend.timeoutSeconds | default 300 }};
|
|
proxy_read_timeout {{ .Values.kubecostFrontend.timeoutSeconds | default 300 }};
|
|
proxy_pass http://model/;
|
|
proxy_redirect off;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Connection "";
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
{{- if .Values.kubecostFrontend.extraModelConfigs }}
|
|
{{- .Values.kubecostFrontend.extraModelConfigs | toString | nindent 12 -}}
|
|
{{- end }}
|
|
}
|
|
|
|
location ~ ^/(turndown|cluster)/ {
|
|
|
|
add_header 'Access-Control-Allow-Origin' '*' always;
|
|
add_header 'Access-Control-Allow-Methods' 'GET, PUT, POST, DELETE, OPTIONS' always;
|
|
{{- if .Values.clusterController }}
|
|
{{- if .Values.clusterController.enabled }}
|
|
{{- if or .Values.saml .Values.oidc }}
|
|
{{- if or .Values.saml.enabled .Values.oidc.enabled }}
|
|
auth_request /auth;
|
|
{{- else if .Values.saml.rbac.enabled}}
|
|
auth_request /authrbac;
|
|
{{- end }}
|
|
{{- end }}
|
|
|
|
rewrite ^/(?:turndown|cluster)/(.*)$ /$1 break;
|
|
proxy_pass http://clustercontroller;
|
|
proxy_connect_timeout 180;
|
|
proxy_send_timeout 180;
|
|
proxy_read_timeout 180;
|
|
proxy_redirect off;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Connection "";
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
|
|
{{- else }}
|
|
return 404;
|
|
{{- end }}
|
|
{{- else }}
|
|
return 404;
|
|
{{- end }}
|
|
}
|
|
location /oidc/ {
|
|
proxy_connect_timeout 180;
|
|
proxy_send_timeout 180;
|
|
proxy_read_timeout 180;
|
|
proxy_pass http://aggregator/oidc/;
|
|
proxy_redirect off;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Connection "";
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
}
|
|
location /saml/ {
|
|
proxy_connect_timeout 180;
|
|
proxy_send_timeout 180;
|
|
proxy_read_timeout 180;
|
|
proxy_pass http://aggregator/saml/;
|
|
proxy_redirect off;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Connection "";
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
}
|
|
location /login {
|
|
proxy_connect_timeout 180;
|
|
proxy_send_timeout 180;
|
|
proxy_read_timeout 180;
|
|
proxy_pass http://aggregator/login;
|
|
proxy_redirect off;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Connection "";
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Original-URI $request_uri;
|
|
}
|
|
|
|
location /logout {
|
|
proxy_connect_timeout 180;
|
|
proxy_send_timeout 180;
|
|
proxy_read_timeout 180;
|
|
proxy_pass http://aggregator/logout;
|
|
proxy_redirect off;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Connection "";
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
}
|
|
|
|
{{- if .Values.global.grafana.proxy }}
|
|
location /grafana/ {
|
|
{{- if .Values.saml.enabled }}
|
|
auth_request /auth;
|
|
{{- end }}
|
|
proxy_pass http://grafana/;
|
|
proxy_redirect off;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Connection "";
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header Host $http_host;
|
|
}
|
|
{{ end }}
|
|
{{- if .Values.oidc.enabled }}
|
|
location /auth {
|
|
proxy_pass http://aggregator/isAuthenticated;
|
|
}
|
|
{{- end }}
|
|
{{- if .Values.saml.enabled }}
|
|
location /auth {
|
|
proxy_pass http://aggregator/isAuthenticated;
|
|
}
|
|
{{- if .Values.saml.rbac.enabled }}
|
|
location /authrbac {
|
|
proxy_pass http://aggregator/isAdminAuthenticated;
|
|
}
|
|
{{- end }}
|
|
{{- end }}
|
|
|
|
|
|
{{- if and (not .Values.agent) (not .Values.cloudAgent) (not (eq (include "aggregator.deployMethod" .) "disabled")) }}
|
|
# TODO make aggregator route the default, start special-casing
|
|
# cost-model APIs
|
|
|
|
# Aggregator proxy
|
|
{{- if and (.Values.kubecostDeployment) (.Values.kubecostDeployment.queryServiceReplicas) (gt (.Values.kubecostDeployment.queryServiceReplicas | toString | atoi) 0) }}
|
|
{{- fail "The Kubecost Aggregator should not be used at the same time as Query Service Replicas" }}
|
|
{{- end }}
|
|
|
|
location = /model/allocation {
|
|
proxy_read_timeout {{ .Values.kubecostFrontend.timeoutSeconds | default 300 }};
|
|
proxy_pass http://aggregator/allocation;
|
|
proxy_redirect off;
|
|
proxy_set_header Connection "";
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
}
|
|
{{- if not .Values.kubecostFrontend.trendsDisabled }}
|
|
location = /model/allocation/trends {
|
|
proxy_read_timeout 300;
|
|
proxy_pass http://aggregator/allocation/trends;
|
|
proxy_redirect off;
|
|
proxy_set_header Connection "";
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
}
|
|
{{ end }}
|
|
location = /model/allocation/view {
|
|
proxy_read_timeout {{ .Values.kubecostFrontend.timeoutSeconds | default 300 }};
|
|
proxy_pass http://aggregator/allocation/view;
|
|
proxy_redirect off;
|
|
proxy_set_header Connection "";
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
}
|
|
location = /model/allocation/summary {
|
|
proxy_read_timeout {{ .Values.kubecostFrontend.timeoutSeconds | default 300 }};
|
|
proxy_pass http://aggregator/allocation/summary;
|
|
proxy_redirect off;
|
|
proxy_set_header Connection "";
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
}
|
|
location = /model/allocation/summary/topline {
|
|
proxy_read_timeout {{ .Values.kubecostFrontend.timeoutSeconds | default 300 }};
|
|
proxy_pass http://aggregator/allocation/summary/topline;
|
|
proxy_redirect off;
|
|
proxy_set_header Connection "";
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
}
|
|
location = /model/allocation/autocomplete {
|
|
proxy_read_timeout 300;
|
|
proxy_pass http://aggregator/allocation/autocomplete;
|
|
proxy_redirect off;
|
|
proxy_set_header Connection "";
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
}
|
|
location = /model/assets {
|
|
proxy_read_timeout {{ .Values.kubecostFrontend.timeoutSeconds | default 300 }};
|
|
proxy_pass http://aggregator/assets;
|
|
proxy_redirect off;
|
|
proxy_set_header Connection "";
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
}
|
|
location = /model/assets/topline {
|
|
proxy_read_timeout 300;
|
|
proxy_pass http://aggregator/assets/topline;
|
|
proxy_redirect off;
|
|
proxy_set_header Connection "";
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
}
|
|
location = /model/assets/graph {
|
|
proxy_read_timeout 300;
|
|
proxy_pass http://aggregator/assets/graph;
|
|
proxy_redirect off;
|
|
proxy_set_header Connection "";
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
}
|
|
location = /model/assets/totals {
|
|
return 501 "<b>Aggregator does not support this endpoint.</b>";
|
|
}
|
|
location = /model/assets/diff {
|
|
return 501 "<b>Aggregator does not support this endpoint.</b>";
|
|
}
|
|
location = /model/assets/breakdown {
|
|
return 501 "<b>Aggregator does not support this endpoint.</b>";
|
|
}
|
|
location = /model/assets/autocomplete {
|
|
proxy_read_timeout 300;
|
|
proxy_pass http://aggregator/assets/autocomplete;
|
|
proxy_redirect off;
|
|
proxy_set_header Connection "";
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
}
|
|
location = /model/savings/requestSizingV2 {
|
|
proxy_read_timeout {{ .Values.kubecostFrontend.timeoutSeconds | default 300 }};
|
|
proxy_pass http://aggregator/savings/requestSizingV2;
|
|
proxy_redirect off;
|
|
proxy_set_header Connection "";
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
}
|
|
location = /model/savings/requestSizingV2/topline {
|
|
proxy_read_timeout {{ .Values.kubecostFrontend.timeoutSeconds | default 300 }};
|
|
proxy_pass http://aggregator/savings/requestSizingV2/topline;
|
|
proxy_redirect off;
|
|
proxy_set_header Connection "";
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
}
|
|
location = /model/cloudCost {
|
|
proxy_read_timeout {{ .Values.kubecostFrontend.timeoutSeconds | default 300 }};
|
|
proxy_pass http://aggregator/cloudCost;
|
|
proxy_redirect off;
|
|
proxy_set_header Connection "";
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
}
|
|
location = /model/cloudCost/view/graph {
|
|
proxy_read_timeout {{ .Values.kubecostFrontend.timeoutSeconds | default 300 }};
|
|
proxy_pass http://aggregator/cloudCost/view/graph;
|
|
proxy_redirect off;
|
|
proxy_set_header Connection "";
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
}
|
|
location = /model/cloudCost/view/totals {
|
|
proxy_read_timeout {{ .Values.kubecostFrontend.timeoutSeconds | default 300 }};
|
|
proxy_pass http://aggregator/cloudCost/view/totals;
|
|
proxy_redirect off;
|
|
proxy_set_header Connection "";
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
}
|
|
location = /model/cloudCost/view/table {
|
|
proxy_read_timeout {{ .Values.kubecostFrontend.timeoutSeconds | default 300 }};
|
|
proxy_pass http://aggregator/cloudCost/view/table;
|
|
proxy_redirect off;
|
|
proxy_set_header Connection "";
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
}
|
|
location = /model/cloudCost/view/trends {
|
|
proxy_read_timeout {{ .Values.kubecostFrontend.timeoutSeconds | default 300 }};
|
|
proxy_pass http://aggregator/cloudCost/view/trends;
|
|
proxy_redirect off;
|
|
proxy_set_header Connection "";
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
}
|
|
location = /model/cloudCost/autocomplete {
|
|
proxy_read_timeout 300;
|
|
proxy_pass http://aggregator/cloudCost/autocomplete;
|
|
proxy_redirect off;
|
|
proxy_set_header Connection "";
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
}
|
|
location = /model/clusters/status {
|
|
proxy_read_timeout {{ .Values.kubecostFrontend.timeoutSeconds | default 300 }};
|
|
proxy_pass http://aggregator/clusters/status;
|
|
proxy_redirect off;
|
|
proxy_set_header Connection "";
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
}
|
|
location = /model/savings {
|
|
proxy_read_timeout {{ .Values.kubecostFrontend.timeoutSeconds | default 300 }};
|
|
proxy_pass http://aggregator/savings;
|
|
proxy_redirect off;
|
|
proxy_set_header Connection "";
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
}
|
|
location = /model/savings/abandonedWorkloads {
|
|
proxy_read_timeout {{ .Values.kubecostFrontend.timeoutSeconds | default 300 }};
|
|
proxy_pass http://aggregator/savings/abandonedWorkloads;
|
|
proxy_redirect off;
|
|
proxy_set_header Connection "";
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
}
|
|
location = /model/savings/abandonedWorkloads/topline {
|
|
proxy_read_timeout {{ .Values.kubecostFrontend.timeoutSeconds | default 300 }};
|
|
proxy_pass http://aggregator/savings/abandonedWorkloads/topline;
|
|
proxy_redirect off;
|
|
proxy_set_header Connection "";
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
}
|
|
location = /model/savings/unclaimedVolumes {
|
|
proxy_read_timeout {{ .Values.kubecostFrontend.timeoutSeconds | default 300 }};
|
|
proxy_pass http://aggregator/savings/unclaimedVolumes;
|
|
proxy_redirect off;
|
|
proxy_set_header Connection "";
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
}
|
|
location = /model/savings/localLowDisks {
|
|
proxy_read_timeout {{ .Values.kubecostFrontend.timeoutSeconds | default 300 }};
|
|
proxy_pass http://aggregator/savings/localLowDisks;
|
|
proxy_redirect off;
|
|
proxy_set_header Connection "";
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
}
|
|
location = /model/savings/persistentVolumeSizing {
|
|
proxy_read_timeout {{ .Values.kubecostFrontend.timeoutSeconds | default 300 }};
|
|
proxy_pass http://aggregator/savings/persistentVolumeSizing;
|
|
proxy_redirect off;
|
|
proxy_set_header Connection "";
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
}
|
|
location = /model/savings/persistentVolumeSizing/topline {
|
|
proxy_read_timeout {{ .Values.kubecostFrontend.timeoutSeconds | default 300 }};
|
|
proxy_pass http://aggregator/savings/persistentVolumeSizing/topline;
|
|
proxy_redirect off;
|
|
proxy_set_header Connection "";
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
}
|
|
location = /model/reports/allocation {
|
|
proxy_read_timeout {{ .Values.kubecostFrontend.timeoutSeconds | default 300 }};
|
|
proxy_pass http://aggregator/reports/allocation;
|
|
proxy_redirect off;
|
|
proxy_set_header Connection "";
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
}
|
|
location = /model/reports/asset {
|
|
proxy_read_timeout {{ .Values.kubecostFrontend.timeoutSeconds | default 300 }};
|
|
proxy_pass http://aggregator/reports/asset;
|
|
proxy_redirect off;
|
|
proxy_set_header Connection "";
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
}
|
|
location = /model/reports/advanced {
|
|
proxy_read_timeout {{ .Values.kubecostFrontend.timeoutSeconds | default 300 }};
|
|
proxy_pass http://aggregator/reports/advanced;
|
|
proxy_redirect off;
|
|
proxy_set_header Connection "";
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
}
|
|
location = /model/reports/cloudCost {
|
|
proxy_read_timeout {{ .Values.kubecostFrontend.timeoutSeconds | default 300 }};
|
|
proxy_pass http://aggregator/reports/cloudCost;
|
|
proxy_redirect off;
|
|
proxy_set_header Connection "";
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
}
|
|
location = /model/reports/group {
|
|
proxy_read_timeout {{ .Values.kubecostFrontend.timeoutSeconds | default 300 }};
|
|
proxy_pass http://aggregator/reports/group;
|
|
proxy_redirect off;
|
|
proxy_set_header Connection "";
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
}
|
|
# this is a special case to handle /reports/group/:group in the Kubecost Aggregator. prior to aggregator, this endpoint
|
|
# was handled by /model/, so no special case proxies were required. without this, /model/reports/groups/?foo=bar
|
|
# will be directed to /reports/groups?foo=bar (note the missing /model prefix)
|
|
location ~ ^/model/reports/group/ {
|
|
proxy_read_timeout {{ .Values.kubecostFrontend.timeoutSeconds | default 300 }};
|
|
proxy_pass http://aggregator/reports/group/$is_args$args;
|
|
proxy_set_header Connection "";
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
}
|
|
location = /model/budget {
|
|
proxy_read_timeout {{ .Values.kubecostFrontend.timeoutSeconds | default 300 }};
|
|
proxy_pass http://aggregator/budget;
|
|
proxy_redirect off;
|
|
proxy_set_header Connection "";
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
}
|
|
location = /model/budgets {
|
|
proxy_read_timeout {{ .Values.kubecostFrontend.timeoutSeconds | default 300 }};
|
|
proxy_pass http://aggregator/budgets;
|
|
proxy_redirect off;
|
|
proxy_set_header Connection "";
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
}
|
|
location = /model/collection {
|
|
proxy_read_timeout {{ .Values.kubecostFrontend.timeoutSeconds | default 300 }};
|
|
proxy_pass http://aggregator/collection;
|
|
proxy_redirect off;
|
|
proxy_set_header Connection "";
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
}
|
|
location = /model/collections {
|
|
proxy_read_timeout {{ .Values.kubecostFrontend.timeoutSeconds | default 300 }};
|
|
proxy_pass http://aggregator/collections;
|
|
proxy_redirect off;
|
|
proxy_set_header Connection "";
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
}
|
|
location = /model/collection/query/total {
|
|
proxy_read_timeout {{ .Values.kubecostFrontend.timeoutSeconds | default 300 }};
|
|
proxy_pass http://aggregator/collection/query/total;
|
|
proxy_redirect off;
|
|
proxy_set_header Connection "";
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
}
|
|
location = /model/collection/query/timeseries {
|
|
proxy_read_timeout {{ .Values.kubecostFrontend.timeoutSeconds | default 300 }};
|
|
proxy_pass http://aggregator/collection/query/timeseries;
|
|
proxy_redirect off;
|
|
proxy_set_header Connection "";
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
}
|
|
location = /model/collection/query/complement {
|
|
proxy_read_timeout {{ .Values.kubecostFrontend.timeoutSeconds | default 300 }};
|
|
proxy_pass http://aggregator/collection/query/complement;
|
|
proxy_redirect off;
|
|
proxy_set_header Connection "";
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
}
|
|
location = /model/collection/query/complement/cloud {
|
|
proxy_read_timeout {{ .Values.kubecostFrontend.timeoutSeconds | default 300 }};
|
|
proxy_pass http://aggregator/collection/query/complement/cloud;
|
|
proxy_redirect off;
|
|
proxy_set_header Connection "";
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
}
|
|
location = /model/collection/query/complement/kubernetes {
|
|
proxy_read_timeout {{ .Values.kubecostFrontend.timeoutSeconds | default 300 }};
|
|
proxy_pass http://aggregator/collection/query/complement/kubernetes;
|
|
proxy_redirect off;
|
|
proxy_set_header Connection "";
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
}
|
|
|
|
location = /model/collections/query/total {
|
|
proxy_read_timeout {{ .Values.kubecostFrontend.timeoutSeconds | default 300 }};
|
|
proxy_pass http://aggregator/collections/query/total;
|
|
proxy_redirect off;
|
|
proxy_set_header Connection "";
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
}
|
|
location = /model/collections/query/timeseries {
|
|
proxy_read_timeout {{ .Values.kubecostFrontend.timeoutSeconds | default 300 }};
|
|
proxy_pass http://aggregator/collections/query/timeseries;
|
|
proxy_redirect off;
|
|
proxy_set_header Connection "";
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
}
|
|
location = /model/collections/query/complement {
|
|
proxy_read_timeout {{ .Values.kubecostFrontend.timeoutSeconds | default 300 }};
|
|
proxy_pass http://aggregator/collections/query/complement;
|
|
proxy_redirect off;
|
|
proxy_set_header Connection "";
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
}
|
|
location = /model/collections/query/complement/cloud {
|
|
proxy_read_timeout {{ .Values.kubecostFrontend.timeoutSeconds | default 300 }};
|
|
proxy_pass http://aggregator/collections/query/complement/cloud;
|
|
proxy_redirect off;
|
|
proxy_set_header Connection "";
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
}
|
|
location = /model/collections/query/complement/kubernetes {
|
|
proxy_read_timeout {{ .Values.kubecostFrontend.timeoutSeconds | default 300 }};
|
|
proxy_pass http://aggregator/collections/query/complement/kubernetes;
|
|
proxy_redirect off;
|
|
proxy_set_header Connection "";
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
}
|
|
location = /model/collection/cache/status {
|
|
proxy_read_timeout {{ .Values.kubecostFrontend.timeoutSeconds | default 300 }};
|
|
proxy_pass http://aggregator/collection/cache/status;
|
|
proxy_redirect off;
|
|
proxy_set_header Connection "";
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
}
|
|
location = /model/networkinsights {
|
|
proxy_read_timeout {{ .Values.kubecostFrontend.timeoutSeconds | default 300 }};
|
|
proxy_pass http://aggregator/networkinsights;
|
|
proxy_redirect off;
|
|
proxy_set_header Connection "";
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
}
|
|
location = /model/networkinsights/graph {
|
|
proxy_read_timeout {{ .Values.kubecostFrontend.timeoutSeconds | default 300 }};
|
|
proxy_pass http://aggregator/networkinsights/graph;
|
|
proxy_redirect off;
|
|
proxy_set_header Connection "";
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
}
|
|
location = /model/rbacGroups {
|
|
proxy_read_timeout {{ .Values.kubecostFrontend.timeoutSeconds | default 300 }};
|
|
proxy_pass http://aggregator/rbacGroups;
|
|
proxy_redirect off;
|
|
proxy_set_header Connection "";
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
}
|
|
location = /model/teams {
|
|
proxy_read_timeout {{ .Values.kubecostFrontend.timeoutSeconds | default 300 }};
|
|
proxy_pass http://aggregator/teams;
|
|
proxy_redirect off;
|
|
proxy_set_header Connection "";
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
}
|
|
location = /model/team {
|
|
proxy_read_timeout {{ .Values.kubecostFrontend.timeoutSeconds | default 300 }};
|
|
proxy_pass http://aggregator/team;
|
|
proxy_redirect off;
|
|
proxy_set_header Connection "";
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
}
|
|
location = /model/users {
|
|
proxy_read_timeout {{ .Values.kubecostFrontend.timeoutSeconds | default 300 }};
|
|
proxy_pass http://aggregator/users;
|
|
proxy_redirect off;
|
|
proxy_set_header Connection "";
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
}
|
|
location = /model/user {
|
|
proxy_read_timeout {{ .Values.kubecostFrontend.timeoutSeconds | default 300 }};
|
|
proxy_pass http://aggregator/user;
|
|
proxy_redirect off;
|
|
proxy_set_header Connection "";
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
}
|
|
location = /model/debug/orchestrator {
|
|
proxy_read_timeout {{ .Values.kubecostFrontend.timeoutSeconds | default 300 }};
|
|
proxy_pass http://aggregator/debug/orchestrator;
|
|
proxy_redirect off;
|
|
proxy_set_header Connection "";
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
}
|
|
location = /model/prediction/speccost {
|
|
proxy_read_timeout {{ .Values.kubecostFrontend.timeoutSeconds | default 300 }};
|
|
proxy_pass http://aggregator/prediction/speccost;
|
|
proxy_redirect off;
|
|
proxy_set_header Connection "";
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
}
|
|
location = /model/diagnostic/coreCount {
|
|
proxy_read_timeout {{ .Values.kubecostFrontend.timeoutSeconds | default 300 }};
|
|
proxy_pass http://aggregator/diagnostic/coreCount;
|
|
proxy_redirect off;
|
|
proxy_set_header Connection "";
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
}
|
|
|
|
#Cloud Cost Endpoints
|
|
location = /model/cloudCost/status {
|
|
proxy_read_timeout {{ .Values.kubecostFrontend.timeoutSeconds | default 300 }};
|
|
proxy_pass http://cloudCost/cloudCost/status;
|
|
proxy_redirect off;
|
|
proxy_set_header Connection "";
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
}
|
|
location = /model/cloudCost/rebuild {
|
|
proxy_read_timeout {{ .Values.kubecostFrontend.timeoutSeconds | default 300 }};
|
|
proxy_pass http://cloudCost/cloudCost/rebuild;
|
|
proxy_redirect off;
|
|
proxy_set_header Connection "";
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
}
|
|
location = /model/cloudCost/repair {
|
|
proxy_read_timeout {{ .Values.kubecostFrontend.timeoutSeconds | default 300 }};
|
|
proxy_pass http://cloudCost/cloudCost/repair;
|
|
proxy_redirect off;
|
|
proxy_set_header Connection "";
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
}
|
|
location = /model/cloudCost/integration/export {
|
|
proxy_read_timeout {{ .Values.kubecostFrontend.timeoutSeconds | default 300 }};
|
|
proxy_pass http://cloudCost/cloudCost/integration/export;
|
|
proxy_redirect off;
|
|
proxy_set_header Connection "";
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
}
|
|
location = /model/cloudCost/integration/enable {
|
|
proxy_read_timeout {{ .Values.kubecostFrontend.timeoutSeconds | default 300 }};
|
|
proxy_pass http://cloudCost/cloudCost/integration/enable;
|
|
proxy_redirect off;
|
|
proxy_set_header Connection "";
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
}
|
|
location = /model/cloudCost/integration/disable {
|
|
proxy_read_timeout {{ .Values.kubecostFrontend.timeoutSeconds | default 300 }};
|
|
proxy_pass http://cloudCost/cloudCost/integration/disable;
|
|
proxy_redirect off;
|
|
proxy_set_header Connection "";
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
}
|
|
{{- end }}
|
|
location = /model/hideOrphanedResources {
|
|
default_type 'application/json';
|
|
add_header 'Access-Control-Allow-Origin' '*' always;
|
|
add_header 'Access-Control-Allow-Methods' 'GET, PUT, POST, DELETE, OPTIONS' always;
|
|
{{- if .Values.kubecostFrontend.hideOrphanedResources }}
|
|
return 200 '{"hideOrphanedResources": "true"}';
|
|
{{- else }}
|
|
return 200 '{"hideOrphanedResources": "false"}';
|
|
{{- end }}
|
|
}
|
|
location = /model/hideDiagnostics {
|
|
default_type 'application/json';
|
|
add_header 'Access-Control-Allow-Origin' '*' always;
|
|
add_header 'Access-Control-Allow-Methods' 'GET, PUT, POST, DELETE, OPTIONS' always;
|
|
{{- if .Values.kubecostFrontend.hideDiagnostics }}
|
|
return 200 '{"hideDiagnostics": "true"}';
|
|
{{- else }}
|
|
return 200 '{"hideDiagnostics": "false"}';
|
|
{{- end }}
|
|
}
|
|
|
|
{{- if .Values.kubecostFrontend.trendsDisabled }}
|
|
location /model/allocation/trends {
|
|
return 204 'endpoint disabled';
|
|
}
|
|
{{ end }}
|
|
|
|
location /model/multi-cluster-diagnostics-enabled {
|
|
default_type 'application/json';
|
|
add_header 'Access-Control-Allow-Origin' '*' always;
|
|
add_header 'Access-Control-Allow-Methods' 'GET, PUT, POST, DELETE, OPTIONS' always;
|
|
{{- if and .Values.diagnostics.enabled .Values.diagnostics.isDiagnosticsPrimary.enabled }}
|
|
{{- if (not (empty .Values.kubecostModel.federatedStorageConfigSecret )) }}
|
|
return 200 '{"multi-cluster-diagnostics-enabled": "true"}';
|
|
{{- end }}
|
|
{{- else }}
|
|
return 200 '{"multi-cluster-diagnostics-enabled": "false"}';
|
|
{{- end }}
|
|
}
|
|
{{- if and .Values.diagnostics.enabled .Values.diagnostics.isDiagnosticsPrimary.enabled }}
|
|
{{- if (not (empty .Values.kubecostModel.federatedStorageConfigSecret )) }}
|
|
location /model/multi-cluster-diagnostics {
|
|
default_type 'application/json';
|
|
add_header 'Access-Control-Allow-Origin' '*' always;
|
|
add_header 'Access-Control-Allow-Methods' 'GET, PUT, POST, DELETE, OPTIONS' always;
|
|
proxy_read_timeout 300;
|
|
proxy_pass http://multi-cluster-diagnostics/status;
|
|
proxy_redirect off;
|
|
proxy_set_header Connection "";
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
}
|
|
# simple alias for support
|
|
location /model/mcd {
|
|
default_type 'application/json';
|
|
add_header 'Access-Control-Allow-Origin' '*' always;
|
|
add_header 'Access-Control-Allow-Methods' 'GET, PUT, POST, DELETE, OPTIONS' always;
|
|
proxy_read_timeout 300;
|
|
proxy_pass http://multi-cluster-diagnostics/status?window=7d;
|
|
proxy_redirect off;
|
|
proxy_set_header Connection "";
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
}
|
|
{{- end }}
|
|
{{- end }}
|
|
|
|
location /model/aggregatorEnabled {
|
|
default_type 'application/json';
|
|
return 200 '{"aggregatorEnabled": "true"}';
|
|
}
|
|
|
|
{{- if .Values.forecasting.enabled }}
|
|
location /forecasting {
|
|
default_type 'application/json';
|
|
add_header 'Access-Control-Allow-Origin' '*' always;
|
|
add_header 'Access-Control-Allow-Methods' 'GET, PUT, POST, DELETE, OPTIONS' always;
|
|
proxy_read_timeout 300;
|
|
proxy_pass http://forecasting/;
|
|
proxy_redirect off;
|
|
proxy_set_header Connection "";
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
}
|
|
{{- else }}
|
|
location /forecasting {
|
|
default_type 'application/json';
|
|
return 405 '{"forecastingEnabled": "false"}';
|
|
}
|
|
{{- end }}
|
|
location /model/productConfigs {
|
|
default_type 'application/json';
|
|
add_header 'Access-Control-Allow-Origin' '*' always;
|
|
add_header 'Access-Control-Allow-Methods' 'GET, PUT, POST, DELETE, OPTIONS' always;
|
|
return 200 '\n
|
|
{"ssoConfigured": "{{ template "ssoEnabled" . }}"}\n
|
|
';
|
|
}
|
|
}
|
|
{{- end }}
|
|
{{- end }}
|