feat!: add extra port support (#103)

Release-As: 0.9.0

.github/ISSUE_TEMPLATE/tech_debt.md

@@ -10,7 +10,7 @@ assignees: ''
 A clear and concise description of what should be changed/researched. Ex. This piece of the code is not DRY enough [...]
 
 ### Links to any relevant code
-(optional) i.e. - https://github.com/defenseunicorns/uds-template-capability/blob/main/README.md?plain=1#L1
+(optional) i.e. - https://github.com/defenseunicorns/uds-k3d/blob/main/README.md?plain=1#L1
 
 ### Additional context
 Add any other context or screenshots about the technical debt here.

.github/pull_request_template.md

@@ -17,4 +17,4 @@ Relates to #
 ## Checklist before merging
 
 - [ ] Test, docs, adr added or updated as needed
-- [ ] [Contributor Guide Steps](https://github.com/defenseunicorns/uds-template-capability/blob/main/CONTRIBUTING.md)(https://github.com/defenseunicorns/uds-template-capability/blob/main/CONTRIBUTING.md#submitting-a-pull-request) followed
+- [ ] [Contributor Guide Steps](https://github.com/defenseunicorns/uds-k3d/blob/main/CONTRIBUTING.md) followed

CONTRIBUTING.md

@@ -1,4 +1,4 @@
-# Welcome to the [NAME] UDS Capability
+# Welcome to UDS K3d!
 
 Thank you for your interest in this Defense Unicorns UDS Capability!
 

LICENSE

@@ -186,7 +186,7 @@
       same "printed page" as the copyright notice for easier
       identification within third-party archives.
 
-   Copyright [yyyy] [name of copyright owner]
+   Copyright 2024 Defense Unicorns
 
    Licensed under the Apache License, Version 2.0 (the "License");
    you may not use this file except in compliance with the License.

chart/templates/nginx.yaml

@@ -13,8 +13,6 @@ data:
         map $ssl_preread_server_name $selected_upstream {
             hostnames;  
             *.admin.uds.dev backend_admin;
-            keycloak.uds.dev backend_passthrough;
-            login.uds.dev backend_passthrough;
             *.uds.dev backend_tenant;
         }
 
@@ -26,15 +24,22 @@ data:
             server ###ZARF_VAR_BASE_IP###.201:443; 
         }
 
-        upstream backend_passthrough {
-            server ###ZARF_VAR_BASE_IP###.202:443;
-        }
-
         server {
             listen 443;
             proxy_pass $selected_upstream;
             ssl_preread on;
         }
+
+        {{- range .Values.extraPorts }}
+        upstream backend_tenant_{{ . }} {
+            server ###ZARF_VAR_BASE_IP###.201:{{ . }}; 
+        }
+
+        server {
+            listen {{ . }};
+            proxy_pass backend_tenant_{{ . }};
+        }
+        {{- end }}
     }
 
     http {
@@ -74,6 +79,10 @@ spec:
               hostPort: 80
             - containerPort: 443
               hostPort: 443
+          {{- range .Values.extraPorts }}
+            - containerPort: {{ . }}
+              hostPort: {{ . }}
+          {{- end }}
           volumeMounts:
             - name: config-volume
               mountPath: /etc/nginx/nginx.conf

chart/values.yaml

@@ -0,0 +1 @@
+extraPorts: []

docs/DNS.md

@@ -10,4 +10,4 @@ The outcome of this is a pods in the cluster can resolve domains like sso.uds.de
 
 ### Nginx Configuration
 
-Additionally, the package includes Nginx configuration that assumes the use of `uds.dev` as the base domain. This configuration is tailored to support the development environment setup, ensuring that Nginx correctly handles requests and routes them within the cluster, based on the `uds.dev` domain.
+Additionally, the package includes Nginx configuration that assumes the use of `uds.dev` as the base domain. This configuration is tailored to support the development environment setup, ensuring that Nginx correctly handles requests and routes them within the cluster, based on the `uds.dev` domain.

docs/PORTS.md

@@ -0,0 +1,22 @@
+## Port Configuration
+
+By default, `uds-k3d` will only expose ports `80` and `443` through `k3d` with a redirect from `80` to `443` within the Nginx configuration. The works for most packages however some may require additional TCP ports to be opened in order to provide / test all of their functionality.  To do so you can override the following:
+
+### K3d Override
+
+First set (or add to) `K3D_EXTRA_ARGS` to include all of the ports that you would like to expose:
+
+```
+--set K3D_EXTRA_ARGS="-p <port>:<port>@server:* -p 9999:9999@server:*"
+```
+
+### Nginx Configuration
+
+Then allow the ports to pass through Nginx by setting `NGINX_EXTRA_PORTS`:
+
+```
+--set NGINX_EXTRA_PORTS="[<port>,9999]"
+```
+
+> [!IMPORTANT]
+> This configuration only supports forwarding traffic exposed over the `tenant` gateway in `uds-core` - if you need to expose traffic over another gateway this configuration will not work.

tasks.yaml

@@ -5,6 +5,8 @@ variables:
     default: "rancher/k3s"
   - name: K3D_EXTRA_ARGS
     default: ""
+  - name: NGINX_EXTRA_PORTS
+    default: "[]"
 
 tasks:
   - name: default
@@ -14,7 +16,7 @@ tasks:
         cmd: "uds zarf package create --confirm --no-progress"
 
       - description: "Deploy UDS K3d package"
-        cmd: "uds zarf package deploy zarf-package-uds-k3d-*.tar.zst --confirm --set K3D_IMAGE=${IMAGE_NAME}:${VERSION} --set K3D_EXTRA_ARGS=\"${K3D_EXTRA_ARGS}\" --no-progress"
+        cmd: "uds zarf package deploy zarf-package-uds-k3d-*.tar.zst --confirm --set K3D_IMAGE=${IMAGE_NAME}:${VERSION} --set K3D_EXTRA_ARGS=\"${K3D_EXTRA_ARGS}\" --set NGINX_EXTRA_PORTS=\"${NGINX_EXTRA_PORTS}\" --no-progress"
 
   - name: validate
     actions:

values/dev-stack-values.yaml

@@ -0,0 +1 @@
+extraPorts: ###ZARF_VAR_NGINX_EXTRA_PORTS###

zarf.yaml

@@ -23,6 +23,10 @@ variables:
     description: "Optionally pass k3d arguments to the default"
     default: ""
 
+  - name: NGINX_EXTRA_PORTS
+    description: "Optionally allow more ports through Nginx (combine with K3D_EXTRA_ARGS '-p <port>:<port>@server:*')"
+    default: "[]"
+
 components:
   - name: destroy-cluster
     required: true
@@ -85,6 +89,8 @@ components:
         namespace: uds-dev-stack
         localPath: chart
         version: 0.2.0
+        valuesFiles:
+          - "values/dev-stack-values.yaml"
       - name: minio
         namespace: uds-dev-stack
         version: 5.2.0