diff --git a/kubernetes-templates/aspire-dashboard.yml b/kubernetes-templates/aspire-dashboard.yml index e423793..89c3bbc 100644 --- a/kubernetes-templates/aspire-dashboard.yml +++ b/kubernetes-templates/aspire-dashboard.yml @@ -35,6 +35,7 @@ spec: requests: storage: 1Gi --- +# 1. Aspire Dashboard Deployment apiVersion: apps/v1 kind: Deployment metadata: @@ -50,9 +51,11 @@ spec: labels: app: aspire-dashboard spec: + securityContext: + fsGroup: 1000 containers: - name: dashboard - image: mcr.microsoft.com/dotnet/aspire-dashboard:8.0 + image: mcr.microsoft.com/dotnet/aspire-dashboard:13 ports: - name: ui containerPort: 18888 @@ -61,30 +64,20 @@ spec: - name: otlp-http containerPort: 18890 env: + - name: DOTNET_DASHBOARD_UNSECURED_ALLOW_ANONYMOUS + value: "true" + - name: ASPNETCORE_URLS + value: "http://0.0.0.0:18888" + - name: DOTNET_DASHBOARD_OTLP_ENDPOINT_URL + value: "http://0.0.0.0:18889" + - name: DOTNET_DASHBOARD_OTLP_HTTP_ENDPOINT_URL + value: "http://0.0.0.0:18890" - name: Dashboard__ApplicationName value: "Khongisa Monitoring" - - name: Dashboard__Frontend__EndpointUrls - value: "http://0.0.0.0:18888" - - name: Dashboard__Otlp__EndpointUrl - value: "http://0.0.0.0:18889" - - name: Dashboard__Otlp__HttpEndpointUrl - value: "http://0.0.0.0:18890" - - name: ASPIRE_ALLOW_UNSECURED_TRANSPORT - value: "true" - - name: Dashboard__Frontend__AuthMode - value: "BrowserToken" - - name: Dashboard__Frontend__BrowserToken - valueFrom: - secretKeyRef: - name: aspire-dashboard-auth - key: dashboard-token - - name: Dashboard__Otlp__AuthMode - value: "ApiKey" - - name: Dashboard__Otlp__PrimaryApiKey - valueFrom: - secretKeyRef: - name: aspire-dashboard-auth - key: otlp-api-key + - name: Dashboard__TelemetryLimits__MaxLogCount + value: "50000" + - name: Dashboard__ResourceServiceClient__AuthMode + value: "Unsecured" volumeMounts: - name: aspire-keys mountPath: /home/app/.aspnet/DataProtection-Keys @@ -92,7 +85,9 @@ spec: - name: aspire-keys persistentVolumeClaim: claimName: aspire-dashboard-pvc + --- +# 2. UI & Telemetry Service (Combined) apiVersion: v1 kind: Service metadata: @@ -106,43 +101,50 @@ spec: - name: ui port: 18888 targetPort: 18888 - - name: otlp-grpc - port: 18889 - targetPort: 18889 - name: otlp-http port: 18890 targetPort: 18890 + --- +# 3. Path Stripping Middleware +# This removes /otlp-http from the URL before sending it to the pod +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: aspire-otlp-strip-prefix + namespace: aspire +spec: + stripPrefix: + prefixes: + - /otlp-http + +--- +# 4. IngressRoute (Updated for UI and Telemetry Path) apiVersion: traefik.io/v1alpha1 kind: IngressRoute metadata: - name: aspire-dashboard-web + name: aspire-dashboard-ui-web namespace: aspire spec: entryPoints: - websecure routes: - - match: Host(`aspire.khongisa.co.za`) && PathPrefix(`/`) - kind: Rule - services: - - name: aspire-dashboard-service - port: 18888 - - match: Host(`aspire.khongisa.co.za`) && PathPrefix(`/otlp`) + # Telemetry Route: Catches your app traffic + - match: Host(`aspire.khongisa.co.za`) && PathPrefix(`/otlp-http`) kind: Rule + priority: 20 middlewares: - - name: aspire-strip-prefix + - name: aspire-otlp-strip-prefix services: - name: aspire-dashboard-service port: 18890 + + # UI Route: Standard access + - match: Host(`aspire.khongisa.co.za`) && PathPrefix(`/`) + kind: Rule + priority: 10 + services: + - name: aspire-dashboard-service + port: 18888 tls: - secretName: aspire-cert-secret ---- -apiVersion: traefik.io/v1alpha1 -kind: Middleware -metadata: - name: aspire-strip-prefix - namespace: aspire -spec: - stripPrefix: - prefixes: - - /otlp \ No newline at end of file + secretName: aspire-cert-secret \ No newline at end of file