From 4c7d768f3108c380d68a68f2421a36f4ecf6d8a2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan-Otto=20Kr=C3=B6pke?= <github@jkroepke.de>
Date: Tue, 5 Nov 2024 10:37:36 +0100
Subject: [PATCH] [kube-prometheus-stack] Implement Gateway API for AM/Thanos
 Ruler (#4971)

---
 charts/kube-prometheus-stack/Chart.yaml       |  2 +-
 .../05-ingress-and-gateway-routes-values.yaml | 54 ++++++++++++++
 .../templates/alertmanager/route.yaml         | 48 +++++++++++++
 .../templates/prometheus/route.yaml           |  3 +-
 .../templates/thanos-ruler/ingress.yaml       |  2 +-
 .../templates/thanos-ruler/route.yaml         | 48 +++++++++++++
 charts/kube-prometheus-stack/values.yaml      | 72 +++++++++++++++++++
 7 files changed, 226 insertions(+), 3 deletions(-)
 create mode 100644 charts/kube-prometheus-stack/templates/alertmanager/route.yaml
 create mode 100644 charts/kube-prometheus-stack/templates/thanos-ruler/route.yaml

diff --git a/charts/kube-prometheus-stack/Chart.yaml b/charts/kube-prometheus-stack/Chart.yaml
index bcdbcdd03450..2ed75bfa007d 100644
--- a/charts/kube-prometheus-stack/Chart.yaml
+++ b/charts/kube-prometheus-stack/Chart.yaml
@@ -23,7 +23,7 @@ name: kube-prometheus-stack
 sources:
   - https://github.com/prometheus-community/helm-charts
   - https://github.com/prometheus-operator/kube-prometheus
-version: 65.6.0
+version: 65.7.0
 appVersion: v0.77.2
 kubeVersion: ">=1.19.0-0"
 home: https://github.com/prometheus-operator/kube-prometheus
diff --git a/charts/kube-prometheus-stack/ci/05-ingress-and-gateway-routes-values.yaml b/charts/kube-prometheus-stack/ci/05-ingress-and-gateway-routes-values.yaml
index 3f1a5fd6f36d..5b380725c461 100644
--- a/charts/kube-prometheus-stack/ci/05-ingress-and-gateway-routes-values.yaml
+++ b/charts/kube-prometheus-stack/ci/05-ingress-and-gateway-routes-values.yaml
@@ -3,6 +3,30 @@ alertmanager:
     enabled: true
     hosts:
       - "*.example.com"
+  route:
+    main:
+      enabled: true
+      hostnames:
+        - "*.example.com"
+      filters:
+        - type: RequestHeaderModifier
+          requestHeaderModifier:
+            set:
+              - name: my-header-name
+                value: my-new-header-value
+      additionalRules:
+        - hostnames:
+            - "foo.example.com"
+          filters:
+            - type: RequestHeaderModifier
+              requestHeaderModifier:
+                set:
+                  - name: my-header-name
+                    value: my-new-header-value
+          matches:
+            - path:
+                type: PathPrefix
+                value: /foo/
 
 
 prometheus:
@@ -34,3 +58,33 @@ prometheus:
             - path:
                 type: PathPrefix
                 value: /foo/
+
+thanosRuler:
+  ingress:
+    enabled: true
+    hosts:
+      - "*.example.com"
+  route:
+    main:
+      enabled: true
+      hostnames:
+        - "*.example.com"
+      filters:
+        - type: RequestHeaderModifier
+          requestHeaderModifier:
+            set:
+              - name: my-header-name
+                value: my-new-header-value
+      additionalRules:
+        - hostnames:
+            - "foo.example.com"
+          filters:
+            - type: RequestHeaderModifier
+              requestHeaderModifier:
+                set:
+                  - name: my-header-name
+                    value: my-new-header-value
+          matches:
+            - path:
+                type: PathPrefix
+                value: /foo/
diff --git a/charts/kube-prometheus-stack/templates/alertmanager/route.yaml b/charts/kube-prometheus-stack/templates/alertmanager/route.yaml
new file mode 100644
index 000000000000..8c8077e9b90c
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/alertmanager/route.yaml
@@ -0,0 +1,48 @@
+{{- if .Values.alertmanager.enabled -}}
+  {{- $serviceName := printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "alertmanager" }}
+  {{- $servicePort := .Values.alertmanager.ingress.servicePort | default .Values.alertmanager.service.port -}}
+  {{- range $name, $route := .Values.alertmanager.route }}
+    {{- if $route.enabled -}}
+---
+apiVersion: {{ $route.apiVersion | default "gateway.networking.k8s.io/v1" }}
+kind: {{ $route.kind | default "HTTPRoute" }}
+metadata:
+  {{- with $route.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  name: {{ $serviceName }}{{ if ne $name "main" }}-{{ $name }}{{ end }}
+  namespace: {{ template "kube-prometheus-stack.namespace" $ }}
+  labels:
+    app: {{ template "kube-prometheus-stack.name" $ }}-alertmanager
+    {{- include "kube-prometheus-stack.labels" $ | nindent 4 }}
+    {{- with $route.labels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+spec:
+  {{- with $route.parentRefs }}
+  parentRefs:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  {{- with $route.hostnames }}
+  hostnames:
+    {{- tpl (toYaml .) $ | nindent 4 }}
+  {{- end }}
+  rules:
+    {{- if $route.additionalRules }}
+    {{- tpl (toYaml $route.additionalRules) $ | nindent 4 }}
+    {{- end }}
+    - backendRefs:
+        - name: {{ $serviceName }}
+          port: {{ $servicePort }}
+      {{- with $route.filters }}
+      filters:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with $route.matches }}
+      matches:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+    {{- end }}
+  {{- end }}
+{{- end }}
diff --git a/charts/kube-prometheus-stack/templates/prometheus/route.yaml b/charts/kube-prometheus-stack/templates/prometheus/route.yaml
index 03942d90e056..888bec57dc2d 100644
--- a/charts/kube-prometheus-stack/templates/prometheus/route.yaml
+++ b/charts/kube-prometheus-stack/templates/prometheus/route.yaml
@@ -1,5 +1,6 @@
 {{- if .Values.prometheus.enabled -}}
   {{- $serviceName := printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "prometheus" -}}
+  {{- $servicePort := .Values.prometheus.ingress.servicePort | default .Values.prometheus.service.port -}}
   {{- range $name, $route := .Values.prometheus.route }}
     {{- if $route.enabled -}}
 ---
@@ -33,7 +34,7 @@ spec:
     {{- end }}
     - backendRefs:
         - name: {{ $serviceName }}
-          port: {{ $.Values.prometheus.service.port }}
+          port: {{ $servicePort }}
       {{- with $route.filters }}
       filters:
         {{- toYaml . | nindent 8 }}
diff --git a/charts/kube-prometheus-stack/templates/thanos-ruler/ingress.yaml b/charts/kube-prometheus-stack/templates/thanos-ruler/ingress.yaml
index e245ad448e82..b645a3918ab8 100644
--- a/charts/kube-prometheus-stack/templates/thanos-ruler/ingress.yaml
+++ b/charts/kube-prometheus-stack/templates/thanos-ruler/ingress.yaml
@@ -30,7 +30,7 @@ spec:
   rules:
   {{- if .Values.thanosRuler.ingress.hosts }}
   {{- range $host := .Values.thanosRuler.ingress.hosts }}
-    - host: {{ tpl $host $ }}
+    - host: {{ tpl $host $ | quote }}
       http:
         paths:
   {{- range $p := $paths }}
diff --git a/charts/kube-prometheus-stack/templates/thanos-ruler/route.yaml b/charts/kube-prometheus-stack/templates/thanos-ruler/route.yaml
new file mode 100644
index 000000000000..28c10754dd73
--- /dev/null
+++ b/charts/kube-prometheus-stack/templates/thanos-ruler/route.yaml
@@ -0,0 +1,48 @@
+{{- if .Values.thanosRuler.enabled -}}
+  {{- $serviceName := include "kube-prometheus-stack.thanosRuler.name" . }}
+  {{- $servicePort := .Values.thanosRuler.service.port -}}
+  {{- range $name, $route := .Values.thanosRuler.route }}
+    {{- if $route.enabled -}}
+---
+apiVersion: {{ $route.apiVersion | default "gateway.networking.k8s.io/v1" }}
+kind: {{ $route.kind | default "HTTPRoute" }}
+metadata:
+  {{- with $route.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  name: {{ $serviceName }}{{ if ne $name "main" }}-{{ $name }}{{ end }}
+  namespace: {{ template "kube-prometheus-stack.namespace" $ }}
+  labels:
+    app: {{ template "kube-prometheus-stack.name" $ }}-prometheus
+    {{- include "kube-prometheus-stack.labels" $ | nindent 4 }}
+    {{- with $route.labels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+spec:
+  {{- with $route.parentRefs }}
+  parentRefs:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  {{- with $route.hostnames }}
+  hostnames:
+    {{- tpl (toYaml .) $ | nindent 4 }}
+  {{- end }}
+  rules:
+    {{- if $route.additionalRules }}
+    {{- tpl (toYaml $route.additionalRules) $ | nindent 4 }}
+    {{- end }}
+    - backendRefs:
+        - name: {{ $serviceName }}
+          port: {{ $servicePort }}
+      {{- with $route.filters }}
+      filters:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with $route.matches }}
+      matches:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+    {{- end }}
+  {{- end }}
+{{- end }}
diff --git a/charts/kube-prometheus-stack/values.yaml b/charts/kube-prometheus-stack/values.yaml
index 8547d3e842ba..e80aae2d8996 100644
--- a/charts/kube-prometheus-stack/values.yaml
+++ b/charts/kube-prometheus-stack/values.yaml
@@ -429,6 +429,42 @@ alertmanager:
     #   hosts:
     #   - alertmanager.example.com
 
+  # -- BETA: Configure the gateway routes for the chart here.
+  # More routes can be added by adding a dictionary key like the 'main' route.
+  # Be aware that this is an early beta of this feature,
+  # kube-prometheus-stack does not guarantee this works and is subject to change.
+  # Being BETA this can/will change in the future without notice, do not use unless you want to take that risk
+  # [[ref]](https://gateway-api.sigs.k8s.io/references/spec/#gateway.networking.k8s.io%2fv1alpha2)
+  route:
+    main:
+      # -- Enables or disables the route
+      enabled: false
+
+      # -- Set the route apiVersion, e.g. gateway.networking.k8s.io/v1 or gateway.networking.k8s.io/v1alpha2
+      apiVersion: gateway.networking.k8s.io/v1
+      # -- Set the route kind
+      # Valid options are GRPCRoute, HTTPRoute, TCPRoute, TLSRoute, UDPRoute
+      kind: HTTPRoute
+
+      annotations: {}
+      labels: {}
+
+      hostnames: []
+      # - my-filter.example.com
+      parentRefs: []
+      # - name: acme-gw
+
+      matches:
+        - path:
+            type: PathPrefix
+            value: /
+
+      ## Filters define the filters that are applied to requests that match this rule.
+      filters: []
+
+      ## Additional custom rules that can be added to the route
+      additionalRules: []
+
   ## Configuration for Alertmanager secret
   ##
   secret:
@@ -4415,6 +4451,42 @@ thanosRuler:
     #   hosts:
     #   - thanosruler.example.com
 
+  # -- BETA: Configure the gateway routes for the chart here.
+  # More routes can be added by adding a dictionary key like the 'main' route.
+  # Be aware that this is an early beta of this feature,
+  # kube-prometheus-stack does not guarantee this works and is subject to change.
+  # Being BETA this can/will change in the future without notice, do not use unless you want to take that risk
+  # [[ref]](https://gateway-api.sigs.k8s.io/references/spec/#gateway.networking.k8s.io%2fv1alpha2)
+  route:
+    main:
+      # -- Enables or disables the route
+      enabled: false
+
+      # -- Set the route apiVersion, e.g. gateway.networking.k8s.io/v1 or gateway.networking.k8s.io/v1alpha2
+      apiVersion: gateway.networking.k8s.io/v1
+      # -- Set the route kind
+      # Valid options are GRPCRoute, HTTPRoute, TCPRoute, TLSRoute, UDPRoute
+      kind: HTTPRoute
+
+      annotations: {}
+      labels: {}
+
+      hostnames: []
+      # - my-filter.example.com
+      parentRefs: []
+      # - name: acme-gw
+
+      matches:
+        - path:
+            type: PathPrefix
+            value: /
+
+      ## Filters define the filters that are applied to requests that match this rule.
+      filters: []
+
+      ## Additional custom rules that can be added to the route
+      additionalRules: []
+
   ## Configuration for ThanosRuler service
   ##
   service: