From 99bb067765731e1e45b446d298d965fb675318b1 Mon Sep 17 00:00:00 2001 From: Wu Sheng Date: Mon, 18 May 2026 16:51:02 +0800 Subject: [PATCH 01/13] Replace booster-ui with Horizon UI MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit skywalking-booster-ui is deprecated; this migrates the chart to ship Apache SkyWalking Horizon UI (apache/skywalking-horizon-ui). Horizon bundles a BFF in front of the SPA, listens on port 8081, requires a horizon.yaml config file, talks to OAP on two ports (query 12800 + admin 17128), and authenticates users — none of which booster-ui did. Chart: - New ui-configmap.yaml renders horizon.yaml (deep-merged from ui.config over chart defaults that wire queryUrl/adminUrl to the in-cluster OAP service) - New ui-pvc.yaml for the BFF's /data state directory - ui-deployment.yaml: port 8081, ConfigMap mount, /data volume, HTTP readiness probe on /api/oap/info, Recreate strategy, fsGroup - Add oap.ports.admin: 17128 so the OAP service exposes the admin REST surface the BFF needs (OAP 10.5+) - ui.enabled flag gates all UI resources, for deployments that point an external UI at OAP directly - Ship default users admin/admin and skywalking/skywalking (real argon2id hashes) so the chart boots out of the box; NOTES.txt and README warn to rotate before production E2E: - Horizon does not pass-through /graphql, so swctl queries are redirected from the UI service to OAP's 12800 directly - Kind expose-ports switched from service/skywalking-ui to service/skywalking-oap - skywalking-ui added to the wait block as a BFF smoke check - env: UI_REPO=ghcr.io/apache/skywalking-horizon-ui, UI_TAG=main (release images land at apache/skywalking-ui:horizon-x.y.z on Docker Hub) Docs: - New chart/skywalking/values-horizon-ui.yaml self-contained example mirroring the upstream horizon.example.yaml shape - README sections explain credential rotation, ConfigMap+Secret pattern, and the bigger booster→horizon behavioral diff --- README.md | 82 +++++++++++- chart/skywalking/README.md | 24 +++- chart/skywalking/templates/NOTES.txt | 33 +++++ chart/skywalking/templates/ui-configmap.yaml | 46 +++++++ chart/skywalking/templates/ui-deployment.yaml | 61 +++++++-- chart/skywalking/templates/ui-ingress.yaml | 2 +- chart/skywalking/templates/ui-pvc.yaml | 44 +++++++ chart/skywalking/templates/ui-svc.yaml | 2 + chart/skywalking/values-horizon-ui.yaml | 76 +++++++++++ chart/skywalking/values-my-es.yaml | 17 ++- chart/skywalking/values.yaml | 122 +++++++++++++++++- test/e2e/e2e-banyandb-cluster.yaml | 115 +++++++++-------- test/e2e/e2e-banyandb-standalone.yaml | 115 +++++++++-------- test/e2e/e2e-elasticsearch.yaml | 115 +++++++++-------- test/e2e/env | 7 +- test/e2e/values.yaml | 18 +++ 16 files changed, 677 insertions(+), 202 deletions(-) create mode 100644 chart/skywalking/templates/ui-configmap.yaml create mode 100644 chart/skywalking/templates/ui-pvc.yaml create mode 100644 chart/skywalking/values-horizon-ui.yaml diff --git a/README.md b/README.md index ea4e4f3..4648d33 100644 --- a/README.md +++ b/README.md @@ -19,12 +19,84 @@ There are required values that you must set explicitly when deploying SkyWalking | ---- | ----------- | ------- | | `oap.image.tag` | the OAP docker image tag | `10.4.0` | | `oap.storageType` | the storage type of the OAP | `elasticsearch`, `postgresql`, `banyandb`, etc. | -| `ui.image.tag` | the UI docker image tag | `10.4.0` | +| `ui.image.tag` | the Horizon UI docker image tag | `horizon-1.0.0` | You can set these required values via command line (e.g. `--set oap.image.tag=10.4.0 --set oap.storageType=elasticsearch`), or edit them in a separate file(e.g. [`values.yaml`](chart/skywalking/values.yaml), [`values-my-es.yaml`](chart/skywalking/values-my-es.yaml)) and use `-f ` or `--values=` to set them. +## Web UI (Horizon UI) + +The web UI shipped by this chart is [Apache SkyWalking Horizon UI](https://github.com/apache/skywalking-horizon-ui), +which replaces the legacy `skywalking-booster-ui`. Compared to booster-ui: + +- The container bundles a Node-based BFF in front of the SPA. It connects to OAP on **two** ports: the GraphQL query port (`12800`, `oap.ports.rest`) and the admin REST port (`17128`, `oap.ports.admin`, available on OAP 10.5+). +- The container exposes **port 8081** (was 8080) and **does not pass-through `/graphql`** to OAP. Callers that previously talked to the UI's GraphQL endpoint (e.g. `swctl --base-url=http:///graphql`) must now talk to the OAP service directly (`http://:12800/graphql`). +- The BFF requires **authentication**. The chart ships two default users so it boots out of the box: + + | Username | Password | Roles | What they can do | + | --- | --- | --- | --- | + | `admin` | `admin` | `admin` | everything | + | `skywalking` | `skywalking` | `viewer`, `maintainer` | read all observability data, plus OAP cluster + module health | + + ⚠ **These defaults are publicly known. Rotate them before exposing the UI beyond a trusted network.** Generate a replacement `argon2id` hash with `pnpm --filter bff cli:hash` in a checkout of [skywalking-horizon-ui](https://github.com/apache/skywalking-horizon-ui), then override `ui.config.auth.local.users` in your own values file (or wire the hash through a Kubernetes Secret as shown below). +- Release images are published to Docker Hub as `apache/skywalking-ui:horizon-x.y.z`. Pre-release / dev images live at `ghcr.io/apache/skywalking-horizon-ui` (tags: SHA, `vX.Y.Z`, `main`). + +### Out-of-the-box install + +```shell +helm install "${SKYWALKING_RELEASE_NAME}" \ + oci://registry-1.docker.io/apache/skywalking-helm \ + --version "${SKYWALKING_RELEASE_VERSION}" \ + -n "${SKYWALKING_RELEASE_NAMESPACE}" \ + -f chart/skywalking/values-horizon-ui.yaml +``` + +Then port-forward and log in as `admin/admin`: + +```shell +kubectl port-forward -n "${SKYWALKING_RELEASE_NAMESPACE}" \ + svc/${SKYWALKING_RELEASE_NAME}-skywalking-helm-ui 8080:80 +open http://127.0.0.1:8080 +``` + +[`chart/skywalking/values-horizon-ui.yaml`](chart/skywalking/values-horizon-ui.yaml) is a self-contained example that mirrors the public [`horizon.example.yaml`](https://github.com/apache/skywalking-horizon-ui/blob/main/horizon.example.yaml) shipped at `/app/horizon.example.yaml` inside the image. + +### Production: hash via Kubernetes Secret + +For anything beyond a demo, swap the publicly-known hash for one you generated yourself and feed it through a Secret + `${VAR}` interpolation: + +```shell +HASH=$(cd skywalking-horizon-ui && pnpm --filter bff cli:hash 'your-strong-password' | tail -1) + +kubectl create secret generic horizon-admin \ + -n "${SKYWALKING_RELEASE_NAMESPACE}" \ + --from-literal=HORIZON_ADMIN_HASH="$HASH" + +cat > my-values.yaml <<'EOF' +ui: + envFromSecret: horizon-admin + config: + auth: + local: + users: + - username: admin + passwordHash: "${HORIZON_ADMIN_HASH}" + roles: [admin] +EOF + +helm install "${SKYWALKING_RELEASE_NAME}" \ + oci://registry-1.docker.io/apache/skywalking-helm \ + --version "${SKYWALKING_RELEASE_VERSION}" \ + -n "${SKYWALKING_RELEASE_NAMESPACE}" \ + --set oap.image.tag=10.4.0 \ + --set oap.storageType=elasticsearch \ + --set ui.image.tag=horizon-1.0.0 \ + -f my-values.yaml +``` + +Full `horizon.yaml` reference: https://github.com/apache/skywalking-horizon-ui/blob/main/docs/setup/horizon-yaml.md + # Install Let's set some variables for convenient use later. @@ -44,7 +116,7 @@ helm install "${SKYWALKING_RELEASE_NAME}" \ -n "${SKYWALKING_RELEASE_NAMESPACE}" \ --set oap.image.tag=10.4.0 \ --set oap.storageType=elasticsearch \ - --set ui.image.tag=10.4.0 + --set ui.image.tag=horizon-1.0.0 ``` To use BanyanDB as storage solution, you can try @@ -56,7 +128,7 @@ helm install "${SKYWALKING_RELEASE_NAME}" \ -n "${SKYWALKING_RELEASE_NAMESPACE}" \ --set oap.image.tag=10.4.0 \ --set oap.storageType=banyandb \ - --set ui.image.tag=10.4.0 \ + --set ui.image.tag=horizon-1.0.0 \ --set elasticsearch.enabled=false \ --set banyandb.enabled=true \ --set banyandb.image.tag=0.10.1 @@ -135,7 +207,7 @@ here are some examples. helm install "${SKYWALKING_RELEASE_NAME}" ${REPO}/skywalking -n "${SKYWALKING_RELEASE_NAMESPACE}" \ --set oap.image.tag=10.4.0 \ --set oap.storageType=elasticsearch \ - --set ui.image.tag=10.4.0 \ + --set ui.image.tag=horizon-1.0.0 \ --set eck-operator.installCRDs=false ``` @@ -179,7 +251,7 @@ helm -n istio-system install skywalking \ -n "${SKYWALKING_RELEASE_NAMESPACE}" \ --set oap.image.tag=10.4.0 \ --set oap.storageType=elasticsearch \ - --set ui.image.tag=10.4.0 + --set ui.image.tag=horizon-1.0.0 ``` ## Install development version using source codes diff --git a/chart/skywalking/README.md b/chart/skywalking/README.md index 418b05c..8ab8a1f 100644 --- a/chart/skywalking/README.md +++ b/chart/skywalking/README.md @@ -55,7 +55,8 @@ The following table lists the configurable parameters of the Skywalking chart an | `oap.image.tag` | OAP container image tag | `6.1.0` | | `oap.image.pullPolicy` | OAP container image pull policy | `IfNotPresent` | | `oap.ports.grpc` | OAP grpc port for tracing or metric | `11800` | -| `oap.ports.rest` | OAP http port for Web UI | `12800` | +| `oap.ports.rest` | OAP http port for the GraphQL query protocol (used by the UI and by `swctl`) | `12800` | +| `oap.ports.admin` | OAP admin REST port (runtime-rule, DSL debugging, inspect, status). Required by Horizon UI's admin features; available on OAP 10.5+ | `17128` | | `oap.ports.zipkinreceiver` | OAP http port for Zipkin receiver(not exposed by default) | `9411` | | `oap.ports.zipkinquery` | OAP http port for querying Zipkin traces and UI(not exposed by default) | `9412` | | `oap.replicas` | OAP k8s deployment replicas | `2` | @@ -72,10 +73,11 @@ The following table lists the configurable parameters of the Skywalking chart an | `oap.readinessProbe` | Configuration fields for the [readinessProbe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) | `tcpSocket.port: 12800`
`initialDelaySeconds: 5`
`periodSeconds: 10` | `oap.env` | OAP environment variables | `[]` | | `oap.securityContext` | Allows you to set the [securityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) for the pod | `fsGroup: 1000`
`runAsUser: 1000` | +| `ui.enabled` | Deploy the Horizon UI. Set `false` to skip the UI Deployment, Service, Ingress, ConfigMap, and PVC entirely (useful when an external UI talks to OAP directly) | `true` | | `ui.name` | Web UI deployment name | `ui` | -| `ui.replicas` | Web UI k8s deployment replicas | `1` | -| `ui.image.repository` | Web UI container image name | `skywalking.docker.scarf.sh/apache/skywalking-ui` | -| `ui.image.tag` | Web UI container image tag | `6.1.0` | +| `ui.replicas` | Web UI k8s deployment replicas. Keep at `1` unless your ingress provides sticky sessions — the Horizon BFF holds the session table in memory | `1` | +| `ui.image.repository` | Horizon UI container image. Release images: Docker Hub `apache/skywalking-ui` tagged `horizon-x.y.z`. Dev images: `ghcr.io/apache/skywalking-horizon-ui` | `skywalking.docker.scarf.sh/apache/skywalking-ui` | +| `ui.image.tag` | Horizon UI image tag (required), e.g. `horizon-1.0.0` | `null` | | `ui.image.pullPolicy` | Web UI container image pull policy | `IfNotPresent` | | `ui.nodeAffinity` | Web UI node affinity policy | `{}` | | `ui.nodeSelector` | Web UI labels for pod assignment | `{}` | @@ -87,12 +89,22 @@ The following table lists the configurable parameters of the Skywalking chart an | `ui.ingress.tls` | Associate TLS with the Ingress | `[]` | | `ui.service.type` | Web UI svc type | `ClusterIP` | | `ui.service.externalPort` | external port for the service | `80` | -| `ui.service.internalPort` | internal port for the service | `8080` | +| `ui.service.internalPort` | internal port for the service (Horizon BFF binds 8081) | `8081` | | `ui.service.externalIPs` | external IP addresses | `nil` | | `ui.service.loadBalancerIP` | Load Balancer IP address | `nil` | | `ui.service.annotations` | Kubernetes service annotations | `{}` | | `ui.service.loadBalancerSourceRanges` | Limit load balancer source IPs to list of CIDRs (where available)) | `[]` | -| `ui.securityContext` | Allows you to set the [securityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) for the pod | `fsGroup: 1000`
`runAsUser: 1000` | +| `ui.securityContext` | Pod [securityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod). The image runs as the non-root `horizon` user; `fsGroup` makes mounted PVCs group-writable for that user | `fsGroup: 101` | +| `ui.livenessProbe` | TCP liveness probe | `tcpSocket.port: 8081` | +| `ui.readinessProbe` | HTTP readiness probe; verifies the BFF is up and OAP query port is reachable | `httpGet.path: /api/oap/info, port: 8081` | +| `ui.persistence.enabled` | Mount a PVC at `/data` for audit log / setup / alarm state / wire debug log. When `false`, state lands in the container's writable layer and is lost on pod restart | `false` | +| `ui.persistence.existingClaim` | Use a pre-created PVC; if empty, the chart creates one | `""` | +| `ui.persistence.storageClass` | Storage class for the chart-managed PVC | `""` | +| `ui.persistence.accessModes` | PVC access modes | `[ReadWriteOnce]` | +| `ui.persistence.size` | PVC size | `1Gi` | +| `ui.config` | `horizon.yaml` content (deep-merged onto chart defaults that point `oap.queryUrl`/`adminUrl` at the in-cluster OAP). See the [horizon.yaml reference](https://github.com/apache/skywalking-horizon-ui/blob/main/docs/setup/horizon-yaml.md). The chart ships **public-known default users** (`admin`/`admin`, `skywalking`/`skywalking`) so the UI boots out of the box — **rotate before production** | see `values.yaml` | +| `ui.envFromSecret` | Reference a Secret whose keys are exposed as env vars in the BFF container, for use with `${VAR}` interpolation in `ui.config` (e.g. admin password hash) | `""` | +| `ui.extraEnv` | Extra env vars passed to the BFF container | `[]` | | `oapInit.nodeAffinity` | OAP init job node affinity policy | `{}` | | `oapInit.nodeSelector` | OAP init job labels for master pod assignment | `{}` | | `oapInit.tolerations` | OAP init job tolerations | `[]` | diff --git a/chart/skywalking/templates/NOTES.txt b/chart/skywalking/templates/NOTES.txt index 1da5c4d..32d3c88 100644 --- a/chart/skywalking/templates/NOTES.txt +++ b/chart/skywalking/templates/NOTES.txt @@ -27,6 +27,11 @@ Your release is named {{ .Release.Name }}. Learn more, please visit https://skywalking.apache.org/ +{{- if not .Values.ui.enabled }} +The web UI is disabled in this release (ui.enabled=false). No UI Deployment, +Service, ConfigMap, Ingress, or PVC was created. OAP is still reachable on +its GraphQL port (default 12800) for any external UI you point at it. +{{- else }} Get the UI URL by running these commands: {{- if .Values.ui.ingress.enabled }} {{- range .Values.ui.ingress.hosts }} @@ -46,3 +51,31 @@ Get the UI URL by running these commands: kubectl port-forward svc/{{ include "skywalking.ui.fullname" . }} 8080:{{ .Values.ui.service.externalPort }} --namespace {{ .Release.Namespace }} {{- end }} +NOTE on Horizon UI auth: + +The web UI is Apache SkyWalking Horizon UI. It ships with two default users +so the chart boots out of the box: + + admin / admin — full admin + skywalking / skywalking — viewer + maintainer (read data + platform health) + +⚠ These passwords are PUBLICLY KNOWN. Rotate them before exposing the UI +beyond a trusted network. Generate a replacement argon2id hash by checking +out apache/skywalking-horizon-ui and running `pnpm --filter bff cli:hash`, +then override `ui.config.auth.local.users`. For production, store the hash +in a Kubernetes Secret and reference it via ${VAR} interpolation: + + ui: + envFromSecret: horizon-admin-secret # Secret contains HORIZON_ADMIN_HASH + config: + auth: + local: + users: + - username: admin + passwordHash: "${HORIZON_ADMIN_HASH}" + roles: [admin] + +Full config reference: + https://github.com/apache/skywalking-horizon-ui/blob/main/docs/setup/horizon-yaml.md +{{- end }} + diff --git a/chart/skywalking/templates/ui-configmap.yaml b/chart/skywalking/templates/ui-configmap.yaml new file mode 100644 index 0000000..81b22f7 --- /dev/null +++ b/chart/skywalking/templates/ui-configmap.yaml @@ -0,0 +1,46 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{- if .Values.ui.enabled }} +{{- /* +horizon.yaml is built by deep-merging: + 1. chart-managed defaults that point at the in-cluster OAP service + 2. whatever the operator put in `ui.config` +The merge order means user values win on every field except oap.queryUrl / +oap.adminUrl, where we always default to the in-cluster service if the +operator left them unset. +*/ -}} +{{- $defaults := dict + "oap" (dict + "queryUrl" (printf "http://%s:%v" (include "skywalking.oap.fullname" .) .Values.oap.ports.rest) + "adminUrl" (printf "http://%s:%v" (include "skywalking.oap.fullname" .) (default 17128 .Values.oap.ports.admin)) + ) +}} +{{- $userConfig := default (dict) .Values.ui.config }} +{{- $merged := mergeOverwrite (deepCopy $defaults) (deepCopy $userConfig) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "skywalking.ui.fullname" . }} + labels: + app: {{ template "skywalking.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version }} + component: "{{ .Values.ui.name }}" + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +data: + horizon.yaml: | +{{ toYaml $merged | indent 4 }} +{{- end }} diff --git a/chart/skywalking/templates/ui-deployment.yaml b/chart/skywalking/templates/ui-deployment.yaml index 4945f3c..eb4c6c7 100644 --- a/chart/skywalking/templates/ui-deployment.yaml +++ b/chart/skywalking/templates/ui-deployment.yaml @@ -13,6 +13,7 @@ # See the License for the specific language governing permissions and # limitations under the License. +{{- if .Values.ui.enabled }} apiVersion: apps/v1 kind: Deployment metadata: @@ -25,6 +26,11 @@ metadata: release: {{ .Release.Name }} spec: replicas: {{ .Values.ui.replicas }} + # Horizon UI's BFF holds the session table in memory. Recreate (not + # RollingUpdate) avoids the brief window of two pods serving traffic with + # disjoint session state. + strategy: + type: Recreate selector: matchLabels: app: {{ template "skywalking.name" . }} @@ -36,9 +42,12 @@ spec: app: {{ template "skywalking.name" . }} component: "{{ .Values.ui.name }}" release: {{ .Release.Name }} - {{- if .Values.ui.podAnnotations }} annotations: -{{ toYaml .Values.ui.podAnnotations | indent 8 }} + # Roll the pod when horizon.yaml changes — ConfigMap subPath mounts + # don't auto-update at runtime. + checksum/config: {{ include (print $.Template.BasePath "/ui-configmap.yaml") . | sha256sum }} + {{- with .Values.ui.podAnnotations }} +{{ toYaml . | indent 8 }} {{- end }} spec: {{- with .Values.ui.securityContext }} @@ -74,14 +83,44 @@ spec: resources: {{ toYaml .Values.ui.resources | indent 10 }} {{- end }} +{{- if .Values.ui.livenessProbe }} + livenessProbe: +{{ toYaml .Values.ui.livenessProbe | indent 10 }} +{{- end }} +{{- if .Values.ui.readinessProbe }} + readinessProbe: +{{ toYaml .Values.ui.readinessProbe | indent 10 }} +{{- end }} +{{- if or .Values.ui.envFromSecret .Values.ui.extraEnv }} env: - - name: SW_OAP_ADDRESS - value: "http://{{ template "skywalking.oap.fullname" . }}:{{ .Values.oap.ports.rest }}" -{{- if .Values.oap.ports.zipkinquery }} - - name: SW_ZIPKIN_ADDRESS - value: "http://{{ template "skywalking.oap.fullname" . }}:{{ .Values.oap.ports.zipkinquery }}" +{{- range .Values.ui.extraEnv }} + - {{ toYaml . | nindent 10 | trim }} +{{- end }} +{{- end }} +{{- if .Values.ui.envFromSecret }} + envFrom: + - secretRef: + name: {{ .Values.ui.envFromSecret }} +{{- end }} + volumeMounts: + - name: horizon-config + mountPath: /app/horizon.yaml + subPath: horizon.yaml + readOnly: true + - name: horizon-data + mountPath: /data + volumes: + - name: horizon-config + configMap: + name: {{ template "skywalking.ui.fullname" . }} + items: + - key: horizon.yaml + path: horizon.yaml + - name: horizon-data +{{- if .Values.ui.persistence.enabled }} + persistentVolumeClaim: + claimName: {{ default (printf "%s-data" (include "skywalking.ui.fullname" .)) .Values.ui.persistence.existingClaim }} +{{- else }} + emptyDir: {} +{{- end }} {{- end }} - {{- range $key, $value := .Values.ui.env }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} diff --git a/chart/skywalking/templates/ui-ingress.yaml b/chart/skywalking/templates/ui-ingress.yaml index 4d3cb57..94c146b 100644 --- a/chart/skywalking/templates/ui-ingress.yaml +++ b/chart/skywalking/templates/ui-ingress.yaml @@ -13,7 +13,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -{{- if .Values.ui.ingress.enabled }} +{{- if and .Values.ui.enabled .Values.ui.ingress.enabled }} {{- $serviceName := include "skywalking.ui.fullname" . }} {{- $servicePort := .Values.ui.service.externalPort }} {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" }} diff --git a/chart/skywalking/templates/ui-pvc.yaml b/chart/skywalking/templates/ui-pvc.yaml new file mode 100644 index 0000000..3f331a9 --- /dev/null +++ b/chart/skywalking/templates/ui-pvc.yaml @@ -0,0 +1,44 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{- if and .Values.ui.enabled .Values.ui.persistence.enabled (not .Values.ui.persistence.existingClaim) }} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ template "skywalking.ui.fullname" . }}-data + labels: + app: {{ template "skywalking.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version }} + component: "{{ .Values.ui.name }}" + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + {{- with .Values.ui.persistence.annotations }} + annotations: +{{ toYaml . | indent 4 }} + {{- end }} +spec: + accessModes: +{{ toYaml .Values.ui.persistence.accessModes | indent 4 }} + resources: + requests: + storage: {{ .Values.ui.persistence.size | quote }} + {{- if .Values.ui.persistence.storageClass }} + {{- if (eq "-" .Values.ui.persistence.storageClass) }} + storageClassName: "" + {{- else }} + storageClassName: {{ .Values.ui.persistence.storageClass | quote }} + {{- end }} + {{- end }} +{{- end }} diff --git a/chart/skywalking/templates/ui-svc.yaml b/chart/skywalking/templates/ui-svc.yaml index 6250c83..46b2528 100644 --- a/chart/skywalking/templates/ui-svc.yaml +++ b/chart/skywalking/templates/ui-svc.yaml @@ -13,6 +13,7 @@ # See the License for the specific language governing permissions and # limitations under the License. +{{- if .Values.ui.enabled }} apiVersion: v1 kind: Service metadata: @@ -61,3 +62,4 @@ spec: {{- if .Values.ui.service.loadBalancerIP }} loadBalancerIP: {{ .Values.ui.service.loadBalancerIP }} {{- end }} +{{- end }} diff --git a/chart/skywalking/values-horizon-ui.yaml b/chart/skywalking/values-horizon-ui.yaml new file mode 100644 index 0000000..e9c0312 --- /dev/null +++ b/chart/skywalking/values-horizon-ui.yaml @@ -0,0 +1,76 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Minimal `helm install -f values-horizon-ui.yaml` example that boots the +# chart with Horizon UI using its default users — admin/admin and +# skywalking/skywalking. These match what the chart already ships in +# `values.yaml`; this file exists so an operator can `helm install -f` a +# single, self-contained example without learning every required value +# first. +# +# The Horizon `config` block mirrors the public horizon.example.yaml that +# ships at /app/horizon.example.yaml inside the image — same shape, same +# field names. See: +# https://github.com/apache/skywalking-horizon-ui/blob/main/horizon.example.yaml +# https://github.com/apache/skywalking-horizon-ui/blob/main/docs/setup/horizon-yaml.md +# +# ⚠ ROTATE THE DEFAULT PASSWORDS BEFORE EXPOSING THE UI BEYOND A TRUSTED +# NETWORK. The hashes below are public; anyone can log in as admin/admin. +# Generate replacements by checking out apache/skywalking-horizon-ui and +# running `pnpm --filter bff cli:hash`, or wire production secrets through +# a Kubernetes Secret + `ui.envFromSecret` + `${VAR}` interpolation. + +oap: + image: + tag: 10.4.0 + storageType: elasticsearch + +ui: + image: + tag: horizon-1.0.0 + config: + server: + host: 0.0.0.0 + port: 8081 + oap: + # queryUrl / adminUrl default to the in-cluster OAP service; the chart + # fills them in. Set them explicitly only when pointing at an external + # OAP cluster. + timeoutMs: 15000 + # Optional basic-auth — uncomment when the OAP cluster requires it. + # auth: + # username: skywalking + # password: "${HORIZON_OAP_PW}" + auth: + backend: local + local: + users: + - username: admin # password: admin + passwordHash: "$argon2id$v=19$m=65536,t=3,p=4$eemqy1r72oSXR58y8VpRqw$Bn/dULrmJTHEi3263KfgWDEwQmUsqNLi3xwyv/DekHM" + roles: [admin] + - username: skywalking # password: skywalking + passwordHash: "$argon2id$v=19$m=65536,t=3,p=4$Zqj8HhQDqm8d5c2MipHYZw$BsaCnu4bdd4uadIldx3wwYLsdo47Thxb7Lv1MXpWG2Q" + roles: [viewer, maintainer] + rbac: + enabled: true + session: + ttlMinutes: 60 + cookieName: horizon_sid + cookieSecure: false # flip to true when serving over HTTPS + +# Reach the UI from your laptop: +# kubectl port-forward svc/-skywalking-helm-ui 8080:80 +# then open http://127.0.0.1:8080 and log in as admin/admin (or +# skywalking/skywalking). diff --git a/chart/skywalking/values-my-es.yaml b/chart/skywalking/values-my-es.yaml index aea448c..c568f29 100644 --- a/chart/skywalking/values-my-es.yaml +++ b/chart/skywalking/values-my-es.yaml @@ -19,12 +19,25 @@ oap: image: - tag: 10.0.0 + tag: 10.4.0 storageType: elasticsearch ui: image: - tag: 10.0.0 + tag: horizon-1.0.0 + # Horizon UI's BFF refuses to start with no users. Replace the + # passwordHash with an argon2id hash generated by + # `pnpm --filter bff cli:hash` in apache/skywalking-horizon-ui — or + # reference a Kubernetes Secret via `ui.envFromSecret` + `${VAR}` + # interpolation as shown in the README. + config: + auth: + backend: local + local: + users: + - username: admin + passwordHash: "REPLACE_WITH_ARGON2ID_HASH" + roles: [admin] elasticsearch: enabled: false diff --git a/chart/skywalking/values.yaml b/chart/skywalking/values.yaml index f633102..a10eae9 100644 --- a/chart/skywalking/values.yaml +++ b/chart/skywalking/values.yaml @@ -41,6 +41,11 @@ oap: # zabbix: 10051 grpc: 11800 rest: 12800 + # admin REST exposed by OAP 10.5+. Horizon UI's BFF talks to this for + # runtime-rule, DSL debugging, inspect, status, and config dump. Set to + # null (or remove) if the deployed OAP version predates 10.5 — Horizon + # admin features will be unavailable in that case. + admin: 17128 # zipkinreceiver: 9411 # zipkinquery: 9412 replicas: 2 @@ -133,11 +138,22 @@ oap: # path: /usr/share/elasticsearch/config/certs ui: + # Set to false to skip the UI deployment entirely — no Deployment, Service, + # Ingress, ConfigMap, or PVC will be created. Useful when an external UI + # talks to OAP directly, or when only the OAP backend is wanted. + enabled: true name: ui + # Horizon UI's BFF holds the active session table in memory; a multi-replica + # deployment without sticky routing breaks logins on every other request. + # Keep replicas: 1 unless your ingress provides sticky sessions. replicas: 1 image: + # Horizon UI release images ship to Docker Hub `apache/skywalking-ui` + # tagged `horizon-` (e.g. `horizon-1.0.0`). Dev / pre-release + # images live at `ghcr.io/apache/skywalking-horizon-ui` and are tagged + # by SHA / `vX.Y.Z` / `main`. repository: skywalking.docker.scarf.sh/apache/skywalking-ui - tag: null # Must be set explicitly + tag: null # Must be set explicitly, e.g. horizon-1.0.0 pullPolicy: IfNotPresent # podAnnotations: # example: oap-foo @@ -160,7 +176,8 @@ ui: type: ClusterIP # clusterIP: None externalPort: 80 - internalPort: 8080 + # Horizon UI's BFF binds 8081 by default. + internalPort: 8081 ## nodePort is the port on each node on which this service is exposed when type=NodePort ## Default: auto-allocated port if not specified. 30080 is just an example ## @@ -180,11 +197,102 @@ ui: annotations: {} ## Limit load balancer source ips to list of CIDRs (where available) # loadBalancerSourceRanges: [] - securityContext: {} - # runAsUser: 1000 - # runAsGroup: 1000 - # fsGroup: 1000 - env: + # The image runs as a non-root alpine system user `horizon`. PVCs mounted + # at /data and (optionally) /app/bundled_templates must be group-writable + # by that user; fsGroup defaults to 101 (alpine's typical `nobody` GID). + securityContext: + fsGroup: 101 + # Persistent state directory used by the BFF for audit log, setup state, + # alarm state, and wire debug log. Without persistence these files land in + # the container's writable layer and are lost on pod restart. + persistence: + enabled: false + # existingClaim: "" + # storageClass: "" + accessModes: + - ReadWriteOnce + size: 1Gi + annotations: {} + resources: {} + livenessProbe: + tcpSocket: + port: 8081 + initialDelaySeconds: 30 + periodSeconds: 20 + readinessProbe: + httpGet: + path: /api/oap/info + port: 8081 + initialDelaySeconds: 10 + periodSeconds: 10 + failureThreshold: 6 + # `config` is rendered verbatim into the `horizon.yaml` ConfigMap mounted + # at /app/horizon.yaml. Schema and field reference: + # https://github.com/apache/skywalking-horizon-ui/blob/main/docs/setup/horizon-yaml.md + # See also /app/horizon.example.yaml inside the image for the upstream + # commented example. + # + # Chart-managed defaults wire `oap.queryUrl` / `oap.adminUrl` to the + # in-cluster OAP service. Anything you set here merges over the defaults + # via Helm's mergeOverwrite semantics. + # + # ⚠ Default credentials below — admin/admin and skywalking/skywalking — + # make first-run / demo deployments work out of the box, but they are + # publicly known. ROTATE THEM BEFORE EXPOSING THE UI BEYOND A TRUSTED + # NETWORK. Generate a replacement hash by checking out + # apache/skywalking-horizon-ui and running `pnpm --filter bff cli:hash`, + # or wire production credentials through a Secret via + # `ui.envFromSecret` + `${VAR}` interpolation (see values-my-es.yaml). + config: + server: + host: 0.0.0.0 + port: 8081 + oap: + # queryUrl / adminUrl default to the in-cluster OAP service when unset. + # Override here if you point the UI at an external OAP cluster. + # queryUrl: http://skywalking-oap:12800 + # adminUrl: http://skywalking-oap:17128 + timeoutMs: 15000 + # auth: + # username: skywalking + # password: "${HORIZON_OAP_PW}" + auth: + backend: local + local: + # Default users — change before production. The argon2id hashes + # below decode to the indicated plaintext password. + users: + - username: admin # password: admin → full admin + passwordHash: "$argon2id$v=19$m=65536,t=3,p=4$eemqy1r72oSXR58y8VpRqw$Bn/dULrmJTHEi3263KfgWDEwQmUsqNLi3xwyv/DekHM" + roles: [admin] + - username: skywalking # password: skywalking → read data + platform health + passwordHash: "$argon2id$v=19$m=65536,t=3,p=4$Zqj8HhQDqm8d5c2MipHYZw$BsaCnu4bdd4uadIldx3wwYLsdo47Thxb7Lv1MXpWG2Q" + roles: [viewer, maintainer] + rbac: + enabled: true + session: + ttlMinutes: 60 + cookieName: horizon_sid + # Flip to true when serving over HTTPS (browser refuses Secure + # cookies over plain HTTP). + cookieSecure: false + # Optional: pass extra env vars into the BFF container. Use this to + # provide values referenced by `${VAR}` interpolation in `config` + # (e.g. admin password hash, OAP basic-auth password) without baking + # them into the ConfigMap. + # extraEnv: + # - name: HORIZON_ADMIN_HASH + # valueFrom: + # secretKeyRef: + # name: horizon-admin + # key: passwordHash + extraEnv: [] + # Optional: reference a pre-created Secret whose keys are exposed as env + # vars in the BFF container (shortcut for the common ConfigMap+Secret + # pattern). The Secret must define keys referenced in `config` via + # ${VAR} interpolation. + # envFromSecret: horizon-secrets + envFromSecret: "" oapInit: diff --git a/test/e2e/e2e-banyandb-cluster.yaml b/test/e2e/e2e-banyandb-cluster.yaml index df21347..d21c050 100644 --- a/test/e2e/e2e-banyandb-cluster.yaml +++ b/test/e2e/e2e-banyandb-cluster.yaml @@ -22,8 +22,8 @@ setup: kind: expose-ports: - namespace: istio-system - resource: service/skywalking-ui - port: 80 + resource: service/skywalking-oap + port: 12800 steps: - name: install yq command: bash test/e2e/setup-e2e-shell/install.sh yq @@ -75,6 +75,9 @@ setup: - namespace: istio-system resource: deployments/skywalking-satellite for: condition=available + - namespace: istio-system + resource: deployments/skywalking-ui + for: condition=available - name: Deploy demo services command: | kubectl apply -f https://raw.githubusercontent.com/istio/istio/$ISTIO_VERSION/samples/bookinfo/platform/kube/bookinfo.yaml @@ -102,138 +105,138 @@ verify: interval: 10s cases: # service list - - query: swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql service ls + - query: swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql service ls expected: expected/service.yml # service instance list - - query: swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql instance list --service-name=e2e::productpage + - query: swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql instance list --service-name=e2e::productpage expected: expected/service-instance.yml - - query: swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql instance list --service-name=e2e::reviews + - query: swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql instance list --service-name=e2e::reviews expected: expected/service-instance.yml # service endpoint - - query: swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql endpoint list --service-name=e2e::productpage + - query: swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql endpoint list --service-name=e2e::productpage expected: expected/service-endpoint-productpage.yml - - query: swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql endpoint list --service-name=e2e::reviews + - query: swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql endpoint list --service-name=e2e::reviews expected: expected/service-endpoint-reviews.yml # service metrics: e2e::productpage - - query: swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql metrics exec --expression=service_sla --service-name=e2e::productpage + - query: swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql metrics exec --expression=service_sla --service-name=e2e::productpage expected: expected/metrics-has-value.yml - - query: swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql metrics exec --expression=service_cpm --service-name=e2e::productpage + - query: swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql metrics exec --expression=service_cpm --service-name=e2e::productpage expected: expected/metrics-has-value.yml - - query: swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql metrics exec --expression=service_resp_time --service-name=e2e::productpage + - query: swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql metrics exec --expression=service_resp_time --service-name=e2e::productpage expected: expected/metrics-has-value.yml - - query: swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql metrics exec --expression=service_apdex --service-name=e2e::productpage + - query: swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql metrics exec --expression=service_apdex --service-name=e2e::productpage expected: expected/metrics-has-value.yml # service metrics: e2e::reviews - - query: swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql metrics exec --expression=service_sla --service-name=e2e::reviews + - query: swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql metrics exec --expression=service_sla --service-name=e2e::reviews expected: expected/metrics-has-value.yml - - query: swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql metrics exec --expression=service_cpm --service-name=e2e::reviews + - query: swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql metrics exec --expression=service_cpm --service-name=e2e::reviews expected: expected/metrics-has-value.yml - - query: swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql metrics exec --expression=service_resp_time --service-name=e2e::reviews + - query: swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql metrics exec --expression=service_resp_time --service-name=e2e::reviews expected: expected/metrics-has-value.yml - - query: swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql metrics exec --expression=service_apdex --service-name=e2e::reviews + - query: swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql metrics exec --expression=service_apdex --service-name=e2e::reviews expected: expected/metrics-has-value.yml - - query: swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql metrics exec --expression=service_sidecar_internal_req_latency_nanos --service-name=e2e::reviews + - query: swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql metrics exec --expression=service_sidecar_internal_req_latency_nanos --service-name=e2e::reviews expected: expected/metrics-has-value.yml - - query: swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql metrics exec --expression=service_sidecar_internal_resp_latency_nanos --service-name=e2e::reviews + - query: swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql metrics exec --expression=service_sidecar_internal_resp_latency_nanos --service-name=e2e::reviews expected: expected/metrics-has-value.yml # service instance metrics: e2e::productpage - query: | - swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql metrics exec --expression=service_instance_resp_time --service-name=e2e::productpage --instance-name=$( \ - swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql instance list --service-name=e2e::productpage | yq e '.[0].name' - + swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql metrics exec --expression=service_instance_resp_time --service-name=e2e::productpage --instance-name=$( \ + swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql instance list --service-name=e2e::productpage | yq e '.[0].name' - ) expected: expected/metrics-has-value.yml - query: | - swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql metrics exec --expression=service_instance_cpm --service-name=e2e::productpage --instance-name=$( \ - swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql instance list --service-name=e2e::productpage | yq e '.[0].name' - + swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql metrics exec --expression=service_instance_cpm --service-name=e2e::productpage --instance-name=$( \ + swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql instance list --service-name=e2e::productpage | yq e '.[0].name' - ) expected: expected/metrics-has-value.yml - query: | - swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql metrics exec --expression=service_instance_sla --service-name=e2e::productpage --instance-name=$( \ - swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql instance list --service-name=e2e::productpage | yq e '.[0].name' - + swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql metrics exec --expression=service_instance_sla --service-name=e2e::productpage --instance-name=$( \ + swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql instance list --service-name=e2e::productpage | yq e '.[0].name' - ) expected: expected/metrics-has-value.yml # service instance metrics: e2e::reviews - query: | - swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql metrics exec --expression=service_instance_resp_time --service-name=e2e::reviews --instance-name=$( \ - swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql instance list --service-name=e2e::reviews | yq e '.[0].name' - + swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql metrics exec --expression=service_instance_resp_time --service-name=e2e::reviews --instance-name=$( \ + swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql instance list --service-name=e2e::reviews | yq e '.[0].name' - ) expected: expected/metrics-has-value.yml - query: | - swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql metrics exec --expression=service_instance_cpm --service-name=e2e::reviews --instance-name=$( \ - swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql instance list --service-name=e2e::reviews | yq e '.[0].name' - + swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql metrics exec --expression=service_instance_cpm --service-name=e2e::reviews --instance-name=$( \ + swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql instance list --service-name=e2e::reviews | yq e '.[0].name' - ) expected: expected/metrics-has-value.yml - query: | - swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql metrics exec --expression=service_instance_sla --service-name=e2e::reviews --instance-name=$( \ - swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql instance list --service-name=e2e::reviews | yq e '.[0].name' - + swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql metrics exec --expression=service_instance_sla --service-name=e2e::reviews --instance-name=$( \ + swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql instance list --service-name=e2e::reviews | yq e '.[0].name' - ) expected: expected/metrics-has-value.yml - query: | - swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql metrics exec --expression=service_instance_sidecar_internal_req_latency_nanos --service-name=e2e::reviews --instance-name=$( \ - swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql instance list --service-name=e2e::reviews | yq e '.[0].name' - + swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql metrics exec --expression=service_instance_sidecar_internal_req_latency_nanos --service-name=e2e::reviews --instance-name=$( \ + swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql instance list --service-name=e2e::reviews | yq e '.[0].name' - ) expected: expected/metrics-has-value.yml - query: | - swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql metrics exec --expression=service_instance_sidecar_internal_resp_latency_nanos --service-name=e2e::reviews --instance-name=$( \ - swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql instance list --service-name=e2e::reviews | yq e '.[0].name' - + swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql metrics exec --expression=service_instance_sidecar_internal_resp_latency_nanos --service-name=e2e::reviews --instance-name=$( \ + swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql instance list --service-name=e2e::reviews | yq e '.[0].name' - ) expected: expected/metrics-has-value.yml # service endpoint metrics: e2e::productpage GET:/productpage - - query: swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql metrics exec --expression=endpoint_cpm --endpoint-name=GET:/productpage --service-name=e2e::productpage + - query: swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql metrics exec --expression=endpoint_cpm --endpoint-name=GET:/productpage --service-name=e2e::productpage expected: expected/metrics-has-value.yml - - query: swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql metrics exec --expression=endpoint_resp_time --endpoint-name=GET:/productpage --service-name=e2e::productpage + - query: swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql metrics exec --expression=endpoint_resp_time --endpoint-name=GET:/productpage --service-name=e2e::productpage expected: expected/metrics-has-value.yml - - query: swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql metrics exec --expression=endpoint_sla --endpoint-name=GET:/productpage --service-name=e2e::productpage + - query: swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql metrics exec --expression=endpoint_sla --endpoint-name=GET:/productpage --service-name=e2e::productpage expected: expected/metrics-has-value.yml # service endpoint metrics: e2e::reviews GET:/reviews/0 - - query: swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql metrics exec --expression=endpoint_cpm --endpoint-name=GET:/reviews/0 --service-name=e2e::reviews + - query: swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql metrics exec --expression=endpoint_cpm --endpoint-name=GET:/reviews/0 --service-name=e2e::reviews expected: expected/metrics-has-value.yml - - query: swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql metrics exec --expression=endpoint_resp_time --endpoint-name=GET:/reviews/0 --service-name=e2e::reviews + - query: swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql metrics exec --expression=endpoint_resp_time --endpoint-name=GET:/reviews/0 --service-name=e2e::reviews expected: expected/metrics-has-value.yml - - query: swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql metrics exec --expression=endpoint_sla --endpoint-name=GET:/reviews/0 --service-name=e2e::reviews + - query: swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql metrics exec --expression=endpoint_sla --endpoint-name=GET:/reviews/0 --service-name=e2e::reviews expected: expected/metrics-has-value.yml - - query: swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql metrics exec --expression=endpoint_sidecar_internal_req_latency_nanos --endpoint-name=GET:/reviews/0 --service-name=e2e::reviews + - query: swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql metrics exec --expression=endpoint_sidecar_internal_req_latency_nanos --endpoint-name=GET:/reviews/0 --service-name=e2e::reviews expected: expected/metrics-has-value.yml - - query: swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql metrics exec --expression=endpoint_sidecar_internal_resp_latency_nanos --endpoint-name=GET:/reviews/0 --service-name=e2e::reviews + - query: swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql metrics exec --expression=endpoint_sidecar_internal_resp_latency_nanos --endpoint-name=GET:/reviews/0 --service-name=e2e::reviews expected: expected/metrics-has-value.yml # dependency service - - query: swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql dependency service --service-name=e2e::productpage + - query: swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql dependency service --service-name=e2e::productpage expected: expected/dependency-services-productpage.yml - - query: swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql dependency service --service-name=e2e::reviews + - query: swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql dependency service --service-name=e2e::reviews expected: expected/dependency-services-reviews.yml - - query: swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql dependency instance --service-name=e2e::productpage --dest-service-name=e2e::reviews + - query: swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql dependency instance --service-name=e2e::productpage --dest-service-name=e2e::reviews expected: expected/dependency-services-instance-productpage.yml # service relation metrics - - query: swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql metrics exec --expression=service_relation_client_cpm --service-name=e2e::productpage --dest-service-name=e2e::reviews + - query: swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql metrics exec --expression=service_relation_client_cpm --service-name=e2e::productpage --dest-service-name=e2e::reviews expected: expected/metrics-has-value.yml - - query: swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql metrics exec --expression=service_relation_server_cpm --service-name=e2e::productpage --dest-service-name=e2e::reviews + - query: swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql metrics exec --expression=service_relation_server_cpm --service-name=e2e::productpage --dest-service-name=e2e::reviews expected: expected/metrics-has-value.yml - - query: swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql metrics exec --expression=service_client_sidecar_internal_req_latency_nanos --service-name=e2e::productpage --dest-service-name=e2e::reviews + - query: swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql metrics exec --expression=service_client_sidecar_internal_req_latency_nanos --service-name=e2e::productpage --dest-service-name=e2e::reviews expected: expected/metrics-has-value.yml - - query: swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql metrics exec --expression=service_server_sidecar_internal_req_latency_nanos --service-name=e2e::productpage --dest-service-name=e2e::reviews + - query: swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql metrics exec --expression=service_server_sidecar_internal_req_latency_nanos --service-name=e2e::productpage --dest-service-name=e2e::reviews expected: expected/metrics-has-value.yml - - query: swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql metrics exec --expression=service_client_sidecar_internal_resp_latency_nanos --service-name=e2e::productpage --dest-service-name=e2e::reviews + - query: swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql metrics exec --expression=service_client_sidecar_internal_resp_latency_nanos --service-name=e2e::productpage --dest-service-name=e2e::reviews expected: expected/metrics-has-value.yml - - query: swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql metrics exec --expression=service_server_sidecar_internal_resp_latency_nanos --service-name=e2e::productpage --dest-service-name=e2e::reviews + - query: swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql metrics exec --expression=service_server_sidecar_internal_resp_latency_nanos --service-name=e2e::productpage --dest-service-name=e2e::reviews expected: expected/metrics-has-value.yml # service instance relation metrics, e2e::productpage -> e2e::reviews - query: | - swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql metrics exec --expression=service_instance_relation_client_cpm \ + swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql metrics exec --expression=service_instance_relation_client_cpm \ --service-name=e2e::productpage --instance-name=$( \ - swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql instance list --service-name=e2e::productpage | yq e '.[0].name' - ) \ + swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql instance list --service-name=e2e::productpage | yq e '.[0].name' - ) \ --dest-service-name=e2e::reviews --dest-instance-name=$( \ - swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql instance list --service-name=e2e::reviews | yq e '.[0].name' - ) \ + swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql instance list --service-name=e2e::reviews | yq e '.[0].name' - ) \ expected: expected/metrics-has-value.yml - query: | - swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql metrics exec --expression=service_instance_relation_server_cpm \ + swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql metrics exec --expression=service_instance_relation_server_cpm \ --service-name=e2e::productpage --instance-name=$( \ - swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql instance list --service-name=e2e::productpage | yq e '.[0].name' - ) \ + swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql instance list --service-name=e2e::productpage | yq e '.[0].name' - ) \ --dest-service-name=e2e::reviews --dest-instance-name=$( \ - swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql instance list --service-name=e2e::reviews | yq e '.[0].name' - ) \ + swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql instance list --service-name=e2e::reviews | yq e '.[0].name' - ) \ expected: expected/metrics-has-value.yml diff --git a/test/e2e/e2e-banyandb-standalone.yaml b/test/e2e/e2e-banyandb-standalone.yaml index 244cb66..adf2e03 100644 --- a/test/e2e/e2e-banyandb-standalone.yaml +++ b/test/e2e/e2e-banyandb-standalone.yaml @@ -22,8 +22,8 @@ setup: kind: expose-ports: - namespace: istio-system - resource: service/skywalking-ui - port: 80 + resource: service/skywalking-oap + port: 12800 steps: - name: install yq command: bash test/e2e/setup-e2e-shell/install.sh yq @@ -72,6 +72,9 @@ setup: - namespace: istio-system resource: deployments/skywalking-satellite for: condition=available + - namespace: istio-system + resource: deployments/skywalking-ui + for: condition=available - name: Deploy demo services command: | kubectl apply -f https://raw.githubusercontent.com/istio/istio/$ISTIO_VERSION/samples/bookinfo/platform/kube/bookinfo.yaml @@ -99,138 +102,138 @@ verify: interval: 10s cases: # service list - - query: swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql service ls + - query: swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql service ls expected: expected/service.yml # service instance list - - query: swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql instance list --service-name=e2e::productpage + - query: swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql instance list --service-name=e2e::productpage expected: expected/service-instance.yml - - query: swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql instance list --service-name=e2e::reviews + - query: swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql instance list --service-name=e2e::reviews expected: expected/service-instance.yml # service endpoint - - query: swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql endpoint list --service-name=e2e::productpage + - query: swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql endpoint list --service-name=e2e::productpage expected: expected/service-endpoint-productpage.yml - - query: swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql endpoint list --service-name=e2e::reviews + - query: swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql endpoint list --service-name=e2e::reviews expected: expected/service-endpoint-reviews.yml # service metrics: e2e::productpage - - query: swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql metrics exec --expression=service_sla --service-name=e2e::productpage + - query: swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql metrics exec --expression=service_sla --service-name=e2e::productpage expected: expected/metrics-has-value.yml - - query: swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql metrics exec --expression=service_cpm --service-name=e2e::productpage + - query: swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql metrics exec --expression=service_cpm --service-name=e2e::productpage expected: expected/metrics-has-value.yml - - query: swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql metrics exec --expression=service_resp_time --service-name=e2e::productpage + - query: swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql metrics exec --expression=service_resp_time --service-name=e2e::productpage expected: expected/metrics-has-value.yml - - query: swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql metrics exec --expression=service_apdex --service-name=e2e::productpage + - query: swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql metrics exec --expression=service_apdex --service-name=e2e::productpage expected: expected/metrics-has-value.yml # service metrics: e2e::reviews - - query: swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql metrics exec --expression=service_sla --service-name=e2e::reviews + - query: swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql metrics exec --expression=service_sla --service-name=e2e::reviews expected: expected/metrics-has-value.yml - - query: swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql metrics exec --expression=service_cpm --service-name=e2e::reviews + - query: swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql metrics exec --expression=service_cpm --service-name=e2e::reviews expected: expected/metrics-has-value.yml - - query: swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql metrics exec --expression=service_resp_time --service-name=e2e::reviews + - query: swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql metrics exec --expression=service_resp_time --service-name=e2e::reviews expected: expected/metrics-has-value.yml - - query: swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql metrics exec --expression=service_apdex --service-name=e2e::reviews + - query: swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql metrics exec --expression=service_apdex --service-name=e2e::reviews expected: expected/metrics-has-value.yml - - query: swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql metrics exec --expression=service_sidecar_internal_req_latency_nanos --service-name=e2e::reviews + - query: swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql metrics exec --expression=service_sidecar_internal_req_latency_nanos --service-name=e2e::reviews expected: expected/metrics-has-value.yml - - query: swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql metrics exec --expression=service_sidecar_internal_resp_latency_nanos --service-name=e2e::reviews + - query: swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql metrics exec --expression=service_sidecar_internal_resp_latency_nanos --service-name=e2e::reviews expected: expected/metrics-has-value.yml # service instance metrics: e2e::productpage - query: | - swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql metrics exec --expression=service_instance_resp_time --service-name=e2e::productpage --instance-name=$( \ - swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql instance list --service-name=e2e::productpage | yq e '.[0].name' - + swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql metrics exec --expression=service_instance_resp_time --service-name=e2e::productpage --instance-name=$( \ + swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql instance list --service-name=e2e::productpage | yq e '.[0].name' - ) expected: expected/metrics-has-value.yml - query: | - swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql metrics exec --expression=service_instance_cpm --service-name=e2e::productpage --instance-name=$( \ - swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql instance list --service-name=e2e::productpage | yq e '.[0].name' - + swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql metrics exec --expression=service_instance_cpm --service-name=e2e::productpage --instance-name=$( \ + swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql instance list --service-name=e2e::productpage | yq e '.[0].name' - ) expected: expected/metrics-has-value.yml - query: | - swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql metrics exec --expression=service_instance_sla --service-name=e2e::productpage --instance-name=$( \ - swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql instance list --service-name=e2e::productpage | yq e '.[0].name' - + swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql metrics exec --expression=service_instance_sla --service-name=e2e::productpage --instance-name=$( \ + swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql instance list --service-name=e2e::productpage | yq e '.[0].name' - ) expected: expected/metrics-has-value.yml # service instance metrics: e2e::reviews - query: | - swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql metrics exec --expression=service_instance_resp_time --service-name=e2e::reviews --instance-name=$( \ - swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql instance list --service-name=e2e::reviews | yq e '.[0].name' - + swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql metrics exec --expression=service_instance_resp_time --service-name=e2e::reviews --instance-name=$( \ + swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql instance list --service-name=e2e::reviews | yq e '.[0].name' - ) expected: expected/metrics-has-value.yml - query: | - swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql metrics exec --expression=service_instance_cpm --service-name=e2e::reviews --instance-name=$( \ - swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql instance list --service-name=e2e::reviews | yq e '.[0].name' - + swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql metrics exec --expression=service_instance_cpm --service-name=e2e::reviews --instance-name=$( \ + swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql instance list --service-name=e2e::reviews | yq e '.[0].name' - ) expected: expected/metrics-has-value.yml - query: | - swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql metrics exec --expression=service_instance_sla --service-name=e2e::reviews --instance-name=$( \ - swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql instance list --service-name=e2e::reviews | yq e '.[0].name' - + swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql metrics exec --expression=service_instance_sla --service-name=e2e::reviews --instance-name=$( \ + swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql instance list --service-name=e2e::reviews | yq e '.[0].name' - ) expected: expected/metrics-has-value.yml - query: | - swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql metrics exec --expression=service_instance_sidecar_internal_req_latency_nanos --service-name=e2e::reviews --instance-name=$( \ - swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql instance list --service-name=e2e::reviews | yq e '.[0].name' - + swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql metrics exec --expression=service_instance_sidecar_internal_req_latency_nanos --service-name=e2e::reviews --instance-name=$( \ + swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql instance list --service-name=e2e::reviews | yq e '.[0].name' - ) expected: expected/metrics-has-value.yml - query: | - swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql metrics exec --expression=service_instance_sidecar_internal_resp_latency_nanos --service-name=e2e::reviews --instance-name=$( \ - swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql instance list --service-name=e2e::reviews | yq e '.[0].name' - + swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql metrics exec --expression=service_instance_sidecar_internal_resp_latency_nanos --service-name=e2e::reviews --instance-name=$( \ + swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql instance list --service-name=e2e::reviews | yq e '.[0].name' - ) expected: expected/metrics-has-value.yml # service endpoint metrics: e2e::productpage GET:/productpage - - query: swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql metrics exec --expression=endpoint_cpm --endpoint-name=GET:/productpage --service-name=e2e::productpage + - query: swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql metrics exec --expression=endpoint_cpm --endpoint-name=GET:/productpage --service-name=e2e::productpage expected: expected/metrics-has-value.yml - - query: swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql metrics exec --expression=endpoint_resp_time --endpoint-name=GET:/productpage --service-name=e2e::productpage + - query: swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql metrics exec --expression=endpoint_resp_time --endpoint-name=GET:/productpage --service-name=e2e::productpage expected: expected/metrics-has-value.yml - - query: swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql metrics exec --expression=endpoint_sla --endpoint-name=GET:/productpage --service-name=e2e::productpage + - query: swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql metrics exec --expression=endpoint_sla --endpoint-name=GET:/productpage --service-name=e2e::productpage expected: expected/metrics-has-value.yml # service endpoint metrics: e2e::reviews GET:/reviews/0 - - query: swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql metrics exec --expression=endpoint_cpm --endpoint-name=GET:/reviews/0 --service-name=e2e::reviews + - query: swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql metrics exec --expression=endpoint_cpm --endpoint-name=GET:/reviews/0 --service-name=e2e::reviews expected: expected/metrics-has-value.yml - - query: swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql metrics exec --expression=endpoint_resp_time --endpoint-name=GET:/reviews/0 --service-name=e2e::reviews + - query: swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql metrics exec --expression=endpoint_resp_time --endpoint-name=GET:/reviews/0 --service-name=e2e::reviews expected: expected/metrics-has-value.yml - - query: swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql metrics exec --expression=endpoint_sla --endpoint-name=GET:/reviews/0 --service-name=e2e::reviews + - query: swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql metrics exec --expression=endpoint_sla --endpoint-name=GET:/reviews/0 --service-name=e2e::reviews expected: expected/metrics-has-value.yml - - query: swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql metrics exec --expression=endpoint_sidecar_internal_req_latency_nanos --endpoint-name=GET:/reviews/0 --service-name=e2e::reviews + - query: swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql metrics exec --expression=endpoint_sidecar_internal_req_latency_nanos --endpoint-name=GET:/reviews/0 --service-name=e2e::reviews expected: expected/metrics-has-value.yml - - query: swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql metrics exec --expression=endpoint_sidecar_internal_resp_latency_nanos --endpoint-name=GET:/reviews/0 --service-name=e2e::reviews + - query: swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql metrics exec --expression=endpoint_sidecar_internal_resp_latency_nanos --endpoint-name=GET:/reviews/0 --service-name=e2e::reviews expected: expected/metrics-has-value.yml # dependency service - - query: swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql dependency service --service-name=e2e::productpage + - query: swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql dependency service --service-name=e2e::productpage expected: expected/dependency-services-productpage.yml - - query: swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql dependency service --service-name=e2e::reviews + - query: swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql dependency service --service-name=e2e::reviews expected: expected/dependency-services-reviews.yml - - query: swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql dependency instance --service-name=e2e::productpage --dest-service-name=e2e::reviews + - query: swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql dependency instance --service-name=e2e::productpage --dest-service-name=e2e::reviews expected: expected/dependency-services-instance-productpage.yml # service relation metrics - - query: swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql metrics exec --expression=service_relation_client_cpm --service-name=e2e::productpage --dest-service-name=e2e::reviews + - query: swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql metrics exec --expression=service_relation_client_cpm --service-name=e2e::productpage --dest-service-name=e2e::reviews expected: expected/metrics-has-value.yml - - query: swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql metrics exec --expression=service_relation_server_cpm --service-name=e2e::productpage --dest-service-name=e2e::reviews + - query: swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql metrics exec --expression=service_relation_server_cpm --service-name=e2e::productpage --dest-service-name=e2e::reviews expected: expected/metrics-has-value.yml - - query: swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql metrics exec --expression=service_client_sidecar_internal_req_latency_nanos --service-name=e2e::productpage --dest-service-name=e2e::reviews + - query: swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql metrics exec --expression=service_client_sidecar_internal_req_latency_nanos --service-name=e2e::productpage --dest-service-name=e2e::reviews expected: expected/metrics-has-value.yml - - query: swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql metrics exec --expression=service_server_sidecar_internal_req_latency_nanos --service-name=e2e::productpage --dest-service-name=e2e::reviews + - query: swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql metrics exec --expression=service_server_sidecar_internal_req_latency_nanos --service-name=e2e::productpage --dest-service-name=e2e::reviews expected: expected/metrics-has-value.yml - - query: swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql metrics exec --expression=service_client_sidecar_internal_resp_latency_nanos --service-name=e2e::productpage --dest-service-name=e2e::reviews + - query: swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql metrics exec --expression=service_client_sidecar_internal_resp_latency_nanos --service-name=e2e::productpage --dest-service-name=e2e::reviews expected: expected/metrics-has-value.yml - - query: swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql metrics exec --expression=service_server_sidecar_internal_resp_latency_nanos --service-name=e2e::productpage --dest-service-name=e2e::reviews + - query: swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql metrics exec --expression=service_server_sidecar_internal_resp_latency_nanos --service-name=e2e::productpage --dest-service-name=e2e::reviews expected: expected/metrics-has-value.yml # service instance relation metrics, e2e::productpage -> e2e::reviews - query: | - swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql metrics exec --expression=service_instance_relation_client_cpm \ + swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql metrics exec --expression=service_instance_relation_client_cpm \ --service-name=e2e::productpage --instance-name=$( \ - swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql instance list --service-name=e2e::productpage | yq e '.[0].name' - ) \ + swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql instance list --service-name=e2e::productpage | yq e '.[0].name' - ) \ --dest-service-name=e2e::reviews --dest-instance-name=$( \ - swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql instance list --service-name=e2e::reviews | yq e '.[0].name' - ) \ + swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql instance list --service-name=e2e::reviews | yq e '.[0].name' - ) \ expected: expected/metrics-has-value.yml - query: | - swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql metrics exec --expression=service_instance_relation_server_cpm \ + swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql metrics exec --expression=service_instance_relation_server_cpm \ --service-name=e2e::productpage --instance-name=$( \ - swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql instance list --service-name=e2e::productpage | yq e '.[0].name' - ) \ + swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql instance list --service-name=e2e::productpage | yq e '.[0].name' - ) \ --dest-service-name=e2e::reviews --dest-instance-name=$( \ - swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql instance list --service-name=e2e::reviews | yq e '.[0].name' - ) \ + swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql instance list --service-name=e2e::reviews | yq e '.[0].name' - ) \ expected: expected/metrics-has-value.yml diff --git a/test/e2e/e2e-elasticsearch.yaml b/test/e2e/e2e-elasticsearch.yaml index 4afe7e7..54133e7 100644 --- a/test/e2e/e2e-elasticsearch.yaml +++ b/test/e2e/e2e-elasticsearch.yaml @@ -22,8 +22,8 @@ setup: kind: expose-ports: - namespace: istio-system - resource: service/skywalking-ui - port: 80 + resource: service/skywalking-oap + port: 12800 steps: - name: install yq command: bash test/e2e/setup-e2e-shell/install.sh yq @@ -71,6 +71,9 @@ setup: - namespace: istio-system resource: deployments/skywalking-satellite for: condition=available + - namespace: istio-system + resource: deployments/skywalking-ui + for: condition=available - name: Deploy demo services command: | kubectl apply -f https://raw.githubusercontent.com/istio/istio/$ISTIO_VERSION/samples/bookinfo/platform/kube/bookinfo.yaml @@ -98,138 +101,138 @@ verify: interval: 10s cases: # service list - - query: swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql service ls + - query: swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql service ls expected: expected/service.yml # service instance list - - query: swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql instance list --service-name=e2e::productpage + - query: swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql instance list --service-name=e2e::productpage expected: expected/service-instance.yml - - query: swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql instance list --service-name=e2e::reviews + - query: swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql instance list --service-name=e2e::reviews expected: expected/service-instance.yml # service endpoint - - query: swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql endpoint list --service-name=e2e::productpage + - query: swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql endpoint list --service-name=e2e::productpage expected: expected/service-endpoint-productpage.yml - - query: swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql endpoint list --service-name=e2e::reviews + - query: swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql endpoint list --service-name=e2e::reviews expected: expected/service-endpoint-reviews.yml # service metrics: e2e::productpage - - query: swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql metrics exec --expression=service_sla --service-name=e2e::productpage + - query: swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql metrics exec --expression=service_sla --service-name=e2e::productpage expected: expected/metrics-has-value.yml - - query: swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql metrics exec --expression=service_cpm --service-name=e2e::productpage + - query: swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql metrics exec --expression=service_cpm --service-name=e2e::productpage expected: expected/metrics-has-value.yml - - query: swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql metrics exec --expression=service_resp_time --service-name=e2e::productpage + - query: swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql metrics exec --expression=service_resp_time --service-name=e2e::productpage expected: expected/metrics-has-value.yml - - query: swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql metrics exec --expression=service_apdex --service-name=e2e::productpage + - query: swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql metrics exec --expression=service_apdex --service-name=e2e::productpage expected: expected/metrics-has-value.yml # service metrics: e2e::reviews - - query: swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql metrics exec --expression=service_sla --service-name=e2e::reviews + - query: swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql metrics exec --expression=service_sla --service-name=e2e::reviews expected: expected/metrics-has-value.yml - - query: swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql metrics exec --expression=service_cpm --service-name=e2e::reviews + - query: swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql metrics exec --expression=service_cpm --service-name=e2e::reviews expected: expected/metrics-has-value.yml - - query: swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql metrics exec --expression=service_resp_time --service-name=e2e::reviews + - query: swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql metrics exec --expression=service_resp_time --service-name=e2e::reviews expected: expected/metrics-has-value.yml - - query: swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql metrics exec --expression=service_apdex --service-name=e2e::reviews + - query: swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql metrics exec --expression=service_apdex --service-name=e2e::reviews expected: expected/metrics-has-value.yml - - query: swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql metrics exec --expression=service_sidecar_internal_req_latency_nanos --service-name=e2e::reviews + - query: swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql metrics exec --expression=service_sidecar_internal_req_latency_nanos --service-name=e2e::reviews expected: expected/metrics-has-value.yml - - query: swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql metrics exec --expression=service_sidecar_internal_resp_latency_nanos --service-name=e2e::reviews + - query: swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql metrics exec --expression=service_sidecar_internal_resp_latency_nanos --service-name=e2e::reviews expected: expected/metrics-has-value.yml # service instance metrics: e2e::productpage - query: | - swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql metrics exec --expression=service_instance_resp_time --service-name=e2e::productpage --instance-name=$( \ - swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql instance list --service-name=e2e::productpage | yq e '.[0].name' - + swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql metrics exec --expression=service_instance_resp_time --service-name=e2e::productpage --instance-name=$( \ + swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql instance list --service-name=e2e::productpage | yq e '.[0].name' - ) expected: expected/metrics-has-value.yml - query: | - swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql metrics exec --expression=service_instance_cpm --service-name=e2e::productpage --instance-name=$( \ - swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql instance list --service-name=e2e::productpage | yq e '.[0].name' - + swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql metrics exec --expression=service_instance_cpm --service-name=e2e::productpage --instance-name=$( \ + swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql instance list --service-name=e2e::productpage | yq e '.[0].name' - ) expected: expected/metrics-has-value.yml - query: | - swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql metrics exec --expression=service_instance_sla --service-name=e2e::productpage --instance-name=$( \ - swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql instance list --service-name=e2e::productpage | yq e '.[0].name' - + swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql metrics exec --expression=service_instance_sla --service-name=e2e::productpage --instance-name=$( \ + swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql instance list --service-name=e2e::productpage | yq e '.[0].name' - ) expected: expected/metrics-has-value.yml # service instance metrics: e2e::reviews - query: | - swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql metrics exec --expression=service_instance_resp_time --service-name=e2e::reviews --instance-name=$( \ - swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql instance list --service-name=e2e::reviews | yq e '.[0].name' - + swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql metrics exec --expression=service_instance_resp_time --service-name=e2e::reviews --instance-name=$( \ + swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql instance list --service-name=e2e::reviews | yq e '.[0].name' - ) expected: expected/metrics-has-value.yml - query: | - swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql metrics exec --expression=service_instance_cpm --service-name=e2e::reviews --instance-name=$( \ - swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql instance list --service-name=e2e::reviews | yq e '.[0].name' - + swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql metrics exec --expression=service_instance_cpm --service-name=e2e::reviews --instance-name=$( \ + swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql instance list --service-name=e2e::reviews | yq e '.[0].name' - ) expected: expected/metrics-has-value.yml - query: | - swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql metrics exec --expression=service_instance_sla --service-name=e2e::reviews --instance-name=$( \ - swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql instance list --service-name=e2e::reviews | yq e '.[0].name' - + swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql metrics exec --expression=service_instance_sla --service-name=e2e::reviews --instance-name=$( \ + swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql instance list --service-name=e2e::reviews | yq e '.[0].name' - ) expected: expected/metrics-has-value.yml - query: | - swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql metrics exec --expression=service_instance_sidecar_internal_req_latency_nanos --service-name=e2e::reviews --instance-name=$( \ - swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql instance list --service-name=e2e::reviews | yq e '.[0].name' - + swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql metrics exec --expression=service_instance_sidecar_internal_req_latency_nanos --service-name=e2e::reviews --instance-name=$( \ + swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql instance list --service-name=e2e::reviews | yq e '.[0].name' - ) expected: expected/metrics-has-value.yml - query: | - swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql metrics exec --expression=service_instance_sidecar_internal_resp_latency_nanos --service-name=e2e::reviews --instance-name=$( \ - swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql instance list --service-name=e2e::reviews | yq e '.[0].name' - + swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql metrics exec --expression=service_instance_sidecar_internal_resp_latency_nanos --service-name=e2e::reviews --instance-name=$( \ + swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql instance list --service-name=e2e::reviews | yq e '.[0].name' - ) expected: expected/metrics-has-value.yml # service endpoint metrics: e2e::productpage GET:/productpage - - query: swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql metrics exec --expression=endpoint_cpm --endpoint-name=GET:/productpage --service-name=e2e::productpage + - query: swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql metrics exec --expression=endpoint_cpm --endpoint-name=GET:/productpage --service-name=e2e::productpage expected: expected/metrics-has-value.yml - - query: swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql metrics exec --expression=endpoint_resp_time --endpoint-name=GET:/productpage --service-name=e2e::productpage + - query: swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql metrics exec --expression=endpoint_resp_time --endpoint-name=GET:/productpage --service-name=e2e::productpage expected: expected/metrics-has-value.yml - - query: swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql metrics exec --expression=endpoint_sla --endpoint-name=GET:/productpage --service-name=e2e::productpage + - query: swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql metrics exec --expression=endpoint_sla --endpoint-name=GET:/productpage --service-name=e2e::productpage expected: expected/metrics-has-value.yml # service endpoint metrics: e2e::reviews GET:/reviews/0 - - query: swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql metrics exec --expression=endpoint_cpm --endpoint-name=GET:/reviews/0 --service-name=e2e::reviews + - query: swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql metrics exec --expression=endpoint_cpm --endpoint-name=GET:/reviews/0 --service-name=e2e::reviews expected: expected/metrics-has-value.yml - - query: swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql metrics exec --expression=endpoint_resp_time --endpoint-name=GET:/reviews/0 --service-name=e2e::reviews + - query: swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql metrics exec --expression=endpoint_resp_time --endpoint-name=GET:/reviews/0 --service-name=e2e::reviews expected: expected/metrics-has-value.yml - - query: swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql metrics exec --expression=endpoint_sla --endpoint-name=GET:/reviews/0 --service-name=e2e::reviews + - query: swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql metrics exec --expression=endpoint_sla --endpoint-name=GET:/reviews/0 --service-name=e2e::reviews expected: expected/metrics-has-value.yml - - query: swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql metrics exec --expression=endpoint_sidecar_internal_req_latency_nanos --endpoint-name=GET:/reviews/0 --service-name=e2e::reviews + - query: swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql metrics exec --expression=endpoint_sidecar_internal_req_latency_nanos --endpoint-name=GET:/reviews/0 --service-name=e2e::reviews expected: expected/metrics-has-value.yml - - query: swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql metrics exec --expression=endpoint_sidecar_internal_resp_latency_nanos --endpoint-name=GET:/reviews/0 --service-name=e2e::reviews + - query: swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql metrics exec --expression=endpoint_sidecar_internal_resp_latency_nanos --endpoint-name=GET:/reviews/0 --service-name=e2e::reviews expected: expected/metrics-has-value.yml # dependency service - - query: swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql dependency service --service-name=e2e::productpage + - query: swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql dependency service --service-name=e2e::productpage expected: expected/dependency-services-productpage.yml - - query: swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql dependency service --service-name=e2e::reviews + - query: swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql dependency service --service-name=e2e::reviews expected: expected/dependency-services-reviews.yml - - query: swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql dependency instance --service-name=e2e::productpage --dest-service-name=e2e::reviews + - query: swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql dependency instance --service-name=e2e::productpage --dest-service-name=e2e::reviews expected: expected/dependency-services-instance-productpage.yml # service relation metrics - - query: swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql metrics exec --expression=service_relation_client_cpm --service-name=e2e::productpage --dest-service-name=e2e::reviews + - query: swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql metrics exec --expression=service_relation_client_cpm --service-name=e2e::productpage --dest-service-name=e2e::reviews expected: expected/metrics-has-value.yml - - query: swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql metrics exec --expression=service_relation_server_cpm --service-name=e2e::productpage --dest-service-name=e2e::reviews + - query: swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql metrics exec --expression=service_relation_server_cpm --service-name=e2e::productpage --dest-service-name=e2e::reviews expected: expected/metrics-has-value.yml - - query: swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql metrics exec --expression=service_client_sidecar_internal_req_latency_nanos --service-name=e2e::productpage --dest-service-name=e2e::reviews + - query: swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql metrics exec --expression=service_client_sidecar_internal_req_latency_nanos --service-name=e2e::productpage --dest-service-name=e2e::reviews expected: expected/metrics-has-value.yml - - query: swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql metrics exec --expression=service_server_sidecar_internal_req_latency_nanos --service-name=e2e::productpage --dest-service-name=e2e::reviews + - query: swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql metrics exec --expression=service_server_sidecar_internal_req_latency_nanos --service-name=e2e::productpage --dest-service-name=e2e::reviews expected: expected/metrics-has-value.yml - - query: swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql metrics exec --expression=service_client_sidecar_internal_resp_latency_nanos --service-name=e2e::productpage --dest-service-name=e2e::reviews + - query: swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql metrics exec --expression=service_client_sidecar_internal_resp_latency_nanos --service-name=e2e::productpage --dest-service-name=e2e::reviews expected: expected/metrics-has-value.yml - - query: swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql metrics exec --expression=service_server_sidecar_internal_resp_latency_nanos --service-name=e2e::productpage --dest-service-name=e2e::reviews + - query: swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql metrics exec --expression=service_server_sidecar_internal_resp_latency_nanos --service-name=e2e::productpage --dest-service-name=e2e::reviews expected: expected/metrics-has-value.yml # service instance relation metrics, e2e::productpage -> e2e::reviews - query: | - swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql metrics exec --expression=service_instance_relation_client_cpm \ + swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql metrics exec --expression=service_instance_relation_client_cpm \ --service-name=e2e::productpage --instance-name=$( \ - swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql instance list --service-name=e2e::productpage | yq e '.[0].name' - ) \ + swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql instance list --service-name=e2e::productpage | yq e '.[0].name' - ) \ --dest-service-name=e2e::reviews --dest-instance-name=$( \ - swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql instance list --service-name=e2e::reviews | yq e '.[0].name' - ) \ + swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql instance list --service-name=e2e::reviews | yq e '.[0].name' - ) \ expected: expected/metrics-has-value.yml - query: | - swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql metrics exec --expression=service_instance_relation_server_cpm \ + swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql metrics exec --expression=service_instance_relation_server_cpm \ --service-name=e2e::productpage --instance-name=$( \ - swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql instance list --service-name=e2e::productpage | yq e '.[0].name' - ) \ + swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql instance list --service-name=e2e::productpage | yq e '.[0].name' - ) \ --dest-service-name=e2e::reviews --dest-instance-name=$( \ - swctl --display yaml --base-url=http://${service_skywalking_ui_host}:${service_skywalking_ui_80}/graphql instance list --service-name=e2e::reviews | yq e '.[0].name' - ) \ + swctl --display yaml --base-url=http://${service_skywalking_oap_host}:${service_skywalking_oap_12800}/graphql instance list --service-name=e2e::reviews | yq e '.[0].name' - ) \ expected: expected/metrics-has-value.yml diff --git a/test/e2e/env b/test/e2e/env index fc6284d..1b0f788 100644 --- a/test/e2e/env +++ b/test/e2e/env @@ -15,8 +15,11 @@ OAP_TAG=a0cec0ca237792497d2da0b65757d11f58c3f342 OAP_REPO=ghcr.io/apache/skywalking/oap -UI_TAG=a0cec0ca237792497d2da0b65757d11f58c3f342 -UI_REPO=ghcr.io/apache/skywalking/ui +# Horizon UI dev images are published to GHCR by the apache/skywalking-horizon-ui +# repo (tags: full commit SHA, vX.Y.Z, main). Release images live on Docker Hub +# at apache/skywalking-ui:horizon-x.y.z. For CI we pull from GHCR by SHA / main. +UI_TAG=main +UI_REPO=ghcr.io/apache/skywalking-horizon-ui SATELLITE_TAG=v35bfaff6352b4dc351a706772796a1f79b651c14 SATELLITE_REPO=ghcr.io/apache/skywalking-satellite/skywalking-satellite BANYANDB_TAG=5dedaa1aa5106dd87ad9d6c5f08c63deefee5579 diff --git a/test/e2e/values.yaml b/test/e2e/values.yaml index ebbd206..9b3a9b4 100644 --- a/test/e2e/values.yaml +++ b/test/e2e/values.yaml @@ -18,6 +18,24 @@ oap: metadata-service-mapping.yaml: | serviceName: e2e::${LABELS."service.istio.io/canonical-name"} serviceInstanceName: ${NAME} + +# E2E runs with the chart's shipped defaults — admin/admin and +# skywalking/skywalking — so a developer port-forwarding into a kind cluster +# can log in interactively while reproducing a CI failure. These are the +# same hashes that ship in chart/skywalking/values.yaml; we re-state them +# here so the test overlay is explicit about what the credentials are. +ui: + config: + auth: + backend: local + local: + users: + - username: admin # password: admin + passwordHash: "$argon2id$v=19$m=65536,t=3,p=4$eemqy1r72oSXR58y8VpRqw$Bn/dULrmJTHEi3263KfgWDEwQmUsqNLi3xwyv/DekHM" + roles: [admin] + - username: skywalking # password: skywalking + passwordHash: "$argon2id$v=19$m=65536,t=3,p=4$Zqj8HhQDqm8d5c2MipHYZw$BsaCnu4bdd4uadIldx3wwYLsdo47Thxb7Lv1MXpWG2Q" + roles: [viewer, maintainer] elasticsearch: nodeSets: - name: default From 88dd689fc00e62fb9433c5817153d9febafeac47 Mon Sep 17 00:00:00 2001 From: Wu Sheng Date: Mon, 18 May 2026 17:02:02 +0800 Subject: [PATCH 02/13] Pin e2e Horizon UI to a SHA; drop OAP block from values-horizon-ui.yaml MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - test/e2e/env: replace UI_TAG=main (mutable) with the most recent GHCR-built horizon-ui commit SHA. Matches how OAP/Satellite/BanyanDB images are pinned and makes e2e re-runs reproducible. - values-horizon-ui.yaml: drop the oap.image.tag / oap.storageType block — this is meant to be a UI-only auth/RBAC overlay, not a full install template. The oap fields were copy-pasted from values-my-es.yaml where they belonged for a different reason. - README install example updated: pass oap settings via --set alongside -f values-horizon-ui.yaml, mirroring how the file is actually intended to be consumed. --- README.md | 19 ++++++++++++++++-- chart/skywalking/values-horizon-ui.yaml | 26 ++++++++++++------------- test/e2e/env | 5 +++-- 3 files changed, 33 insertions(+), 17 deletions(-) diff --git a/README.md b/README.md index 4648d33..0a94a6d 100644 --- a/README.md +++ b/README.md @@ -44,12 +44,16 @@ which replaces the legacy `skywalking-booster-ui`. Compared to booster-ui: ### Out-of-the-box install +The chart's own `values.yaml` ships the default users; a plain install Just Works: + ```shell helm install "${SKYWALKING_RELEASE_NAME}" \ oci://registry-1.docker.io/apache/skywalking-helm \ --version "${SKYWALKING_RELEASE_VERSION}" \ -n "${SKYWALKING_RELEASE_NAMESPACE}" \ - -f chart/skywalking/values-horizon-ui.yaml + --set oap.image.tag=10.4.0 \ + --set oap.storageType=elasticsearch \ + --set ui.image.tag=horizon-1.0.0 ``` Then port-forward and log in as `admin/admin`: @@ -60,7 +64,18 @@ kubectl port-forward -n "${SKYWALKING_RELEASE_NAMESPACE}" \ open http://127.0.0.1:8080 ``` -[`chart/skywalking/values-horizon-ui.yaml`](chart/skywalking/values-horizon-ui.yaml) is a self-contained example that mirrors the public [`horizon.example.yaml`](https://github.com/apache/skywalking-horizon-ui/blob/main/horizon.example.yaml) shipped at `/app/horizon.example.yaml` inside the image. +If you want to customize Horizon's auth / RBAC / session, copy [`chart/skywalking/values-horizon-ui.yaml`](chart/skywalking/values-horizon-ui.yaml) — a UI-only overlay mirroring the public [`horizon.example.yaml`](https://github.com/apache/skywalking-horizon-ui/blob/main/horizon.example.yaml) shipped at `/app/horizon.example.yaml` inside the image — and apply it alongside the OAP `--set` flags: + +```shell +helm install "${SKYWALKING_RELEASE_NAME}" \ + oci://registry-1.docker.io/apache/skywalking-helm \ + --version "${SKYWALKING_RELEASE_VERSION}" \ + -n "${SKYWALKING_RELEASE_NAMESPACE}" \ + --set oap.image.tag=10.4.0 \ + --set oap.storageType=elasticsearch \ + --set ui.image.tag=horizon-1.0.0 \ + -f chart/skywalking/values-horizon-ui.yaml +``` ### Production: hash via Kubernetes Secret diff --git a/chart/skywalking/values-horizon-ui.yaml b/chart/skywalking/values-horizon-ui.yaml index e9c0312..368b263 100644 --- a/chart/skywalking/values-horizon-ui.yaml +++ b/chart/skywalking/values-horizon-ui.yaml @@ -13,12 +13,19 @@ # See the License for the specific language governing permissions and # limitations under the License. -# Minimal `helm install -f values-horizon-ui.yaml` example that boots the -# chart with Horizon UI using its default users — admin/admin and -# skywalking/skywalking. These match what the chart already ships in -# `values.yaml`; this file exists so an operator can `helm install -f` a -# single, self-contained example without learning every required value -# first. +# UI-only example values overlay. Apply alongside the OAP-required values +# (`oap.image.tag`, `oap.storageType`, `ui.image.tag`): +# +# helm install chart/skywalking \ +# --set oap.image.tag=10.4.0 \ +# --set oap.storageType=elasticsearch \ +# --set ui.image.tag=horizon-1.0.0 \ +# -f chart/skywalking/values-horizon-ui.yaml +# +# This file exists so an operator who wants to customize Horizon UI's auth / +# RBAC / session has a self-contained template to copy from — it intentionally +# does NOT pin OAP version or storage backend, since those are orthogonal to +# the UI configuration. # # The Horizon `config` block mirrors the public horizon.example.yaml that # ships at /app/horizon.example.yaml inside the image — same shape, same @@ -32,14 +39,7 @@ # running `pnpm --filter bff cli:hash`, or wire production secrets through # a Kubernetes Secret + `ui.envFromSecret` + `${VAR}` interpolation. -oap: - image: - tag: 10.4.0 - storageType: elasticsearch - ui: - image: - tag: horizon-1.0.0 config: server: host: 0.0.0.0 diff --git a/test/e2e/env b/test/e2e/env index 1b0f788..fc13d86 100644 --- a/test/e2e/env +++ b/test/e2e/env @@ -17,8 +17,9 @@ OAP_TAG=a0cec0ca237792497d2da0b65757d11f58c3f342 OAP_REPO=ghcr.io/apache/skywalking/oap # Horizon UI dev images are published to GHCR by the apache/skywalking-horizon-ui # repo (tags: full commit SHA, vX.Y.Z, main). Release images live on Docker Hub -# at apache/skywalking-ui:horizon-x.y.z. For CI we pull from GHCR by SHA / main. -UI_TAG=main +# at apache/skywalking-ui:horizon-x.y.z. CI pins to a SHA so re-runs are +# reproducible — bump this when a new horizon-ui feature/fix needs CI coverage. +UI_TAG=cfed07a1b69fd130559a0cc238ec5f2d6a913832 UI_REPO=ghcr.io/apache/skywalking-horizon-ui SATELLITE_TAG=v35bfaff6352b4dc351a706772796a1f79b651c14 SATELLITE_REPO=ghcr.io/apache/skywalking-satellite/skywalking-satellite From af5c9930104349bdcaf62d5452e7707f26ff7243 Mon Sep 17 00:00:00 2001 From: Wu Sheng Date: Mon, 18 May 2026 17:03:28 +0800 Subject: [PATCH 03/13] Keep values.yaml's auth.local.users empty; demo creds only in example file Shipping real argon2id hashes in chart/skywalking/values.yaml weakened Horizon's upstream "no default admin/admin" stance. Reverting: - values.yaml: ui.config.auth.local.users back to [] with a commented example. The chart's defaults no longer give anyone a logged-in UI; the operator must consciously provide creds. - values-horizon-ui.yaml stays as the recommended demo overlay (real admin/admin + skywalking/skywalking hashes). README install example now requires `-f values-horizon-ui.yaml` to get a working UI. - NOTES.txt: two-path guidance (apply the example overlay for demos, Secret + ${VAR} for production) instead of advertising defaults. - values-my-es.yaml: drop the placeholder hash; point at the example file or to define users locally. --- README.md | 34 +++++++------------- chart/skywalking/README.md | 2 +- chart/skywalking/templates/NOTES.txt | 48 ++++++++++++++++------------ chart/skywalking/values-my-es.yaml | 17 +++------- chart/skywalking/values.yaml | 28 +++++++--------- 5 files changed, 56 insertions(+), 73 deletions(-) diff --git a/README.md b/README.md index 0a94a6d..0ee9ffe 100644 --- a/README.md +++ b/README.md @@ -32,19 +32,19 @@ which replaces the legacy `skywalking-booster-ui`. Compared to booster-ui: - The container bundles a Node-based BFF in front of the SPA. It connects to OAP on **two** ports: the GraphQL query port (`12800`, `oap.ports.rest`) and the admin REST port (`17128`, `oap.ports.admin`, available on OAP 10.5+). - The container exposes **port 8081** (was 8080) and **does not pass-through `/graphql`** to OAP. Callers that previously talked to the UI's GraphQL endpoint (e.g. `swctl --base-url=http:///graphql`) must now talk to the OAP service directly (`http://:12800/graphql`). -- The BFF requires **authentication**. The chart ships two default users so it boots out of the box: +- The BFF requires **authentication**. There is no built-in `admin/admin` fallback — `ui.config.auth.local.users` ships **empty**, and the BFF refuses to start until you provide at least one user. You have two paths: + - **Demo / first-run**: apply the example overlay [`chart/skywalking/values-horizon-ui.yaml`](chart/skywalking/values-horizon-ui.yaml), which ships: - | Username | Password | Roles | What they can do | - | --- | --- | --- | --- | - | `admin` | `admin` | `admin` | everything | - | `skywalking` | `skywalking` | `viewer`, `maintainer` | read all observability data, plus OAP cluster + module health | + | Username | Password | Roles | What they can do | + | --- | --- | --- | --- | + | `admin` | `admin` | `admin` | everything | + | `skywalking` | `skywalking` | `viewer`, `maintainer` | read all observability data, plus OAP cluster + module health | - ⚠ **These defaults are publicly known. Rotate them before exposing the UI beyond a trusted network.** Generate a replacement `argon2id` hash with `pnpm --filter bff cli:hash` in a checkout of [skywalking-horizon-ui](https://github.com/apache/skywalking-horizon-ui), then override `ui.config.auth.local.users` in your own values file (or wire the hash through a Kubernetes Secret as shown below). + ⚠ **Those passwords are publicly known in this repo. Use only on trusted networks; rotate before exposing externally.** + - **Production**: generate your own `argon2id` hash with `pnpm --filter bff cli:hash` in a checkout of [skywalking-horizon-ui](https://github.com/apache/skywalking-horizon-ui), store it in a Kubernetes Secret, and inject via `ui.envFromSecret` + `${VAR}` interpolation (example below). - Release images are published to Docker Hub as `apache/skywalking-ui:horizon-x.y.z`. Pre-release / dev images live at `ghcr.io/apache/skywalking-horizon-ui` (tags: SHA, `vX.Y.Z`, `main`). -### Out-of-the-box install - -The chart's own `values.yaml` ships the default users; a plain install Just Works: +### Demo install (uses the shipped example) ```shell helm install "${SKYWALKING_RELEASE_NAME}" \ @@ -53,7 +53,8 @@ helm install "${SKYWALKING_RELEASE_NAME}" \ -n "${SKYWALKING_RELEASE_NAMESPACE}" \ --set oap.image.tag=10.4.0 \ --set oap.storageType=elasticsearch \ - --set ui.image.tag=horizon-1.0.0 + --set ui.image.tag=horizon-1.0.0 \ + -f chart/skywalking/values-horizon-ui.yaml ``` Then port-forward and log in as `admin/admin`: @@ -64,18 +65,7 @@ kubectl port-forward -n "${SKYWALKING_RELEASE_NAMESPACE}" \ open http://127.0.0.1:8080 ``` -If you want to customize Horizon's auth / RBAC / session, copy [`chart/skywalking/values-horizon-ui.yaml`](chart/skywalking/values-horizon-ui.yaml) — a UI-only overlay mirroring the public [`horizon.example.yaml`](https://github.com/apache/skywalking-horizon-ui/blob/main/horizon.example.yaml) shipped at `/app/horizon.example.yaml` inside the image — and apply it alongside the OAP `--set` flags: - -```shell -helm install "${SKYWALKING_RELEASE_NAME}" \ - oci://registry-1.docker.io/apache/skywalking-helm \ - --version "${SKYWALKING_RELEASE_VERSION}" \ - -n "${SKYWALKING_RELEASE_NAMESPACE}" \ - --set oap.image.tag=10.4.0 \ - --set oap.storageType=elasticsearch \ - --set ui.image.tag=horizon-1.0.0 \ - -f chart/skywalking/values-horizon-ui.yaml -``` +`values-horizon-ui.yaml` is a UI-only overlay mirroring the public [`horizon.example.yaml`](https://github.com/apache/skywalking-horizon-ui/blob/main/horizon.example.yaml) shipped at `/app/horizon.example.yaml` inside the image — copy it as the starting point for your own auth / RBAC / session customizations. ### Production: hash via Kubernetes Secret diff --git a/chart/skywalking/README.md b/chart/skywalking/README.md index 8ab8a1f..c433521 100644 --- a/chart/skywalking/README.md +++ b/chart/skywalking/README.md @@ -102,7 +102,7 @@ The following table lists the configurable parameters of the Skywalking chart an | `ui.persistence.storageClass` | Storage class for the chart-managed PVC | `""` | | `ui.persistence.accessModes` | PVC access modes | `[ReadWriteOnce]` | | `ui.persistence.size` | PVC size | `1Gi` | -| `ui.config` | `horizon.yaml` content (deep-merged onto chart defaults that point `oap.queryUrl`/`adminUrl` at the in-cluster OAP). See the [horizon.yaml reference](https://github.com/apache/skywalking-horizon-ui/blob/main/docs/setup/horizon-yaml.md). The chart ships **public-known default users** (`admin`/`admin`, `skywalking`/`skywalking`) so the UI boots out of the box — **rotate before production** | see `values.yaml` | +| `ui.config` | `horizon.yaml` content (deep-merged onto chart defaults that point `oap.queryUrl`/`adminUrl` at the in-cluster OAP). See the [horizon.yaml reference](https://github.com/apache/skywalking-horizon-ui/blob/main/docs/setup/horizon-yaml.md). `auth.local.users` defaults to empty (BFF refuses to start); apply `chart/skywalking/values-horizon-ui.yaml` for demo creds or wire your own via Secret | see `values.yaml` | | `ui.envFromSecret` | Reference a Secret whose keys are exposed as env vars in the BFF container, for use with `${VAR}` interpolation in `ui.config` (e.g. admin password hash) | `""` | | `ui.extraEnv` | Extra env vars passed to the BFF container | `[]` | | `oapInit.nodeAffinity` | OAP init job node affinity policy | `{}` | diff --git a/chart/skywalking/templates/NOTES.txt b/chart/skywalking/templates/NOTES.txt index 32d3c88..0c8d809 100644 --- a/chart/skywalking/templates/NOTES.txt +++ b/chart/skywalking/templates/NOTES.txt @@ -53,27 +53,33 @@ Get the UI URL by running these commands: NOTE on Horizon UI auth: -The web UI is Apache SkyWalking Horizon UI. It ships with two default users -so the chart boots out of the box: - - admin / admin — full admin - skywalking / skywalking — viewer + maintainer (read data + platform health) - -⚠ These passwords are PUBLICLY KNOWN. Rotate them before exposing the UI -beyond a trusted network. Generate a replacement argon2id hash by checking -out apache/skywalking-horizon-ui and running `pnpm --filter bff cli:hash`, -then override `ui.config.auth.local.users`. For production, store the hash -in a Kubernetes Secret and reference it via ${VAR} interpolation: - - ui: - envFromSecret: horizon-admin-secret # Secret contains HORIZON_ADMIN_HASH - config: - auth: - local: - users: - - username: admin - passwordHash: "${HORIZON_ADMIN_HASH}" - roles: [admin] +The web UI is Apache SkyWalking Horizon UI. Its BFF refuses to start when +no users are configured — there is no built-in "admin/admin" fallback. + +If your `ui.config.auth.local.users` list is empty, the UI pod will +CrashLoopBackOff. Two ways to provide users: + +1. Demo / first-run — apply the example overlay we ship, which configures + admin/admin and skywalking/skywalking with real argon2id hashes: + + helm install … -f chart/skywalking/values-horizon-ui.yaml + + ⚠ Those passwords are PUBLICLY KNOWN in this repo. Use only on trusted + networks; rotate before exposing externally. + +2. Production — generate your own argon2id hash via + `pnpm --filter bff cli:hash` in apache/skywalking-horizon-ui, store it + in a Kubernetes Secret, and reference it via ${VAR} interpolation: + + ui: + envFromSecret: horizon-admin-secret # Secret has HORIZON_ADMIN_HASH + config: + auth: + local: + users: + - username: admin + passwordHash: "${HORIZON_ADMIN_HASH}" + roles: [admin] Full config reference: https://github.com/apache/skywalking-horizon-ui/blob/main/docs/setup/horizon-yaml.md diff --git a/chart/skywalking/values-my-es.yaml b/chart/skywalking/values-my-es.yaml index c568f29..85b6aad 100644 --- a/chart/skywalking/values-my-es.yaml +++ b/chart/skywalking/values-my-es.yaml @@ -25,19 +25,10 @@ oap: ui: image: tag: horizon-1.0.0 - # Horizon UI's BFF refuses to start with no users. Replace the - # passwordHash with an argon2id hash generated by - # `pnpm --filter bff cli:hash` in apache/skywalking-horizon-ui — or - # reference a Kubernetes Secret via `ui.envFromSecret` + `${VAR}` - # interpolation as shown in the README. - config: - auth: - backend: local - local: - users: - - username: admin - passwordHash: "REPLACE_WITH_ARGON2ID_HASH" - roles: [admin] + # Horizon UI's BFF refuses to start with no users. This file is the + # external-Elasticsearch example; for the UI auth/RBAC config, layer + # `-f chart/skywalking/values-horizon-ui.yaml` on top of this file, + # or define your own `ui.config.auth.local.users[]` here. elasticsearch: enabled: false diff --git a/chart/skywalking/values.yaml b/chart/skywalking/values.yaml index a10eae9..b75093f 100644 --- a/chart/skywalking/values.yaml +++ b/chart/skywalking/values.yaml @@ -236,13 +236,14 @@ ui: # in-cluster OAP service. Anything you set here merges over the defaults # via Helm's mergeOverwrite semantics. # - # ⚠ Default credentials below — admin/admin and skywalking/skywalking — - # make first-run / demo deployments work out of the box, but they are - # publicly known. ROTATE THEM BEFORE EXPOSING THE UI BEYOND A TRUSTED - # NETWORK. Generate a replacement hash by checking out - # apache/skywalking-horizon-ui and running `pnpm --filter bff cli:hash`, - # or wire production credentials through a Secret via - # `ui.envFromSecret` + `${VAR}` interpolation (see values-my-es.yaml). + # `auth.local.users` is intentionally empty by default — Horizon's BFF + # refuses to start without it, which is the upstream's "no default + # admin/admin" stance. For a working demo / first-run install, apply + # `chart/skywalking/values-horizon-ui.yaml` (it ships admin/admin and + # skywalking/skywalking with real argon2id hashes). For production, + # generate your own hash via `pnpm --filter bff cli:hash` in + # apache/skywalking-horizon-ui and feed it through a Secret + + # `${VAR}` interpolation (see README "Web UI" section). config: server: host: 0.0.0.0 @@ -259,15 +260,10 @@ ui: auth: backend: local local: - # Default users — change before production. The argon2id hashes - # below decode to the indicated plaintext password. - users: - - username: admin # password: admin → full admin - passwordHash: "$argon2id$v=19$m=65536,t=3,p=4$eemqy1r72oSXR58y8VpRqw$Bn/dULrmJTHEi3263KfgWDEwQmUsqNLi3xwyv/DekHM" - roles: [admin] - - username: skywalking # password: skywalking → read data + platform health - passwordHash: "$argon2id$v=19$m=65536,t=3,p=4$Zqj8HhQDqm8d5c2MipHYZw$BsaCnu4bdd4uadIldx3wwYLsdo47Thxb7Lv1MXpWG2Q" - roles: [viewer, maintainer] + users: [] + # - username: admin + # passwordHash: "${HORIZON_ADMIN_HASH}" + # roles: [admin] rbac: enabled: true session: From b301474e5a672299424a0d7ef219efd4bb202230 Mon Sep 17 00:00:00 2001 From: Wu Sheng Date: Mon, 18 May 2026 17:07:38 +0800 Subject: [PATCH 04/13] Drop hardcoded image tags from values-my-es.yaml MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Pinning oap.image.tag and ui.image.tag in the example file means every SkyWalking / Horizon UI release leaves these values stale. The chart already requires these to be set explicitly at install time, so the example file just needs to tell operators that — not pin a version that'll be wrong in three months. --- chart/skywalking/values-my-es.yaml | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) diff --git a/chart/skywalking/values-my-es.yaml b/chart/skywalking/values-my-es.yaml index 85b6aad..a3b5234 100644 --- a/chart/skywalking/values-my-es.yaml +++ b/chart/skywalking/values-my-es.yaml @@ -18,17 +18,13 @@ # Declare variables to be passed into your templates. oap: - image: - tag: 10.4.0 storageType: elasticsearch + # Set oap.image.tag at install time, e.g. --set oap.image.tag= -ui: - image: - tag: horizon-1.0.0 - # Horizon UI's BFF refuses to start with no users. This file is the - # external-Elasticsearch example; for the UI auth/RBAC config, layer - # `-f chart/skywalking/values-horizon-ui.yaml` on top of this file, - # or define your own `ui.config.auth.local.users[]` here. +# Set ui.image.tag at install time, e.g. --set ui.image.tag=horizon- +# Horizon UI's BFF refuses to start with no users. For UI auth/RBAC, layer +# `-f chart/skywalking/values-horizon-ui.yaml` on top of this file, or +# define your own `ui.config.auth.local.users[]` here. elasticsearch: enabled: false From cdd6eb91cead9ba3f1aa9f59c070be3adcda096e Mon Sep 17 00:00:00 2001 From: Wu Sheng Date: Mon, 18 May 2026 17:11:15 +0800 Subject: [PATCH 05/13] Drop values-horizon-ui.yaml; inline the demo snippet, link upstream MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit values-horizon-ui.yaml was ~75 lines, but only ~5 lines (two argon2id hashes) were unique to this chart — the rest duplicated the server / oap / auth / rbac / session shape that already lives in horizon-ui's horizon.example.yaml and per-section docs. Two-copy maintenance with nothing keeping them in sync. - Delete chart/skywalking/values-horizon-ui.yaml. - README "Web UI" section now shows the minimal copy-pastable demo-values.yaml snippet (the two hashes + the surrounding ui.config.auth shape) and links to the upstream horizon.example.yaml and docs/setup/horizon-yaml.md for the rest of the schema. - values.yaml, values-my-es.yaml, NOTES.txt, chart README: drop refs to the deleted file, point at the README / upstream docs instead. - Demo and production install snippets in README use as the image-tag placeholder instead of pinning specific versions that go stale every cut. --- README.md | 48 ++++++++++------ chart/skywalking/README.md | 2 +- chart/skywalking/templates/NOTES.txt | 29 ++-------- chart/skywalking/values-horizon-ui.yaml | 76 ------------------------- chart/skywalking/values-my-es.yaml | 6 +- chart/skywalking/values.yaml | 9 +-- 6 files changed, 44 insertions(+), 126 deletions(-) delete mode 100644 chart/skywalking/values-horizon-ui.yaml diff --git a/README.md b/README.md index 0ee9ffe..7f051e8 100644 --- a/README.md +++ b/README.md @@ -32,29 +32,45 @@ which replaces the legacy `skywalking-booster-ui`. Compared to booster-ui: - The container bundles a Node-based BFF in front of the SPA. It connects to OAP on **two** ports: the GraphQL query port (`12800`, `oap.ports.rest`) and the admin REST port (`17128`, `oap.ports.admin`, available on OAP 10.5+). - The container exposes **port 8081** (was 8080) and **does not pass-through `/graphql`** to OAP. Callers that previously talked to the UI's GraphQL endpoint (e.g. `swctl --base-url=http:///graphql`) must now talk to the OAP service directly (`http://:12800/graphql`). -- The BFF requires **authentication**. There is no built-in `admin/admin` fallback — `ui.config.auth.local.users` ships **empty**, and the BFF refuses to start until you provide at least one user. You have two paths: - - **Demo / first-run**: apply the example overlay [`chart/skywalking/values-horizon-ui.yaml`](chart/skywalking/values-horizon-ui.yaml), which ships: +- The BFF requires **authentication**. There is no built-in `admin/admin` fallback — `ui.config.auth.local.users` ships **empty**, and the BFF refuses to start until you provide at least one user. +- The full `horizon.yaml` schema (server, oap, auth, rbac, session, audit, debugLog) is owned upstream: + - Canonical commented example: [horizon.example.yaml](https://github.com/apache/skywalking-horizon-ui/blob/main/horizon.example.yaml) (also shipped inside the image at `/app/horizon.example.yaml`) + - Per-section reference: [docs/setup/horizon-yaml.md](https://github.com/apache/skywalking-horizon-ui/blob/main/docs/setup/horizon-yaml.md) - | Username | Password | Roles | What they can do | - | --- | --- | --- | --- | - | `admin` | `admin` | `admin` | everything | - | `skywalking` | `skywalking` | `viewer`, `maintainer` | read all observability data, plus OAP cluster + module health | - - ⚠ **Those passwords are publicly known in this repo. Use only on trusted networks; rotate before exposing externally.** - - **Production**: generate your own `argon2id` hash with `pnpm --filter bff cli:hash` in a checkout of [skywalking-horizon-ui](https://github.com/apache/skywalking-horizon-ui), store it in a Kubernetes Secret, and inject via `ui.envFromSecret` + `${VAR}` interpolation (example below). + Anything you set under `ui.config:` in your Helm values is rendered verbatim into `horizon.yaml`, so the upstream docs apply 1:1. - Release images are published to Docker Hub as `apache/skywalking-ui:horizon-x.y.z`. Pre-release / dev images live at `ghcr.io/apache/skywalking-horizon-ui` (tags: SHA, `vX.Y.Z`, `main`). -### Demo install (uses the shipped example) +### Quick demo install (publicly-known credentials) + +For a first-run / trusted-network demo, paste the snippet below into a values file. It seeds two users — **`admin/admin`** (admin role) and **`skywalking/skywalking`** (viewer + maintainer) — using `argon2id` hashes of those plaintext passwords. + +> ⚠ The hashes below are publicly known in this repo. Use only on trusted networks; rotate before exposing the UI externally. + +```yaml +# demo-values.yaml +ui: + config: + auth: + backend: local + local: + users: + - username: admin # password: admin + passwordHash: "$argon2id$v=19$m=65536,t=3,p=4$eemqy1r72oSXR58y8VpRqw$Bn/dULrmJTHEi3263KfgWDEwQmUsqNLi3xwyv/DekHM" + roles: [admin] + - username: skywalking # password: skywalking + passwordHash: "$argon2id$v=19$m=65536,t=3,p=4$Zqj8HhQDqm8d5c2MipHYZw$BsaCnu4bdd4uadIldx3wwYLsdo47Thxb7Lv1MXpWG2Q" + roles: [viewer, maintainer] +``` ```shell helm install "${SKYWALKING_RELEASE_NAME}" \ oci://registry-1.docker.io/apache/skywalking-helm \ --version "${SKYWALKING_RELEASE_VERSION}" \ -n "${SKYWALKING_RELEASE_NAMESPACE}" \ - --set oap.image.tag=10.4.0 \ + --set oap.image.tag= \ --set oap.storageType=elasticsearch \ - --set ui.image.tag=horizon-1.0.0 \ - -f chart/skywalking/values-horizon-ui.yaml + --set ui.image.tag=horizon- \ + -f demo-values.yaml ``` Then port-forward and log in as `admin/admin`: @@ -65,8 +81,6 @@ kubectl port-forward -n "${SKYWALKING_RELEASE_NAMESPACE}" \ open http://127.0.0.1:8080 ``` -`values-horizon-ui.yaml` is a UI-only overlay mirroring the public [`horizon.example.yaml`](https://github.com/apache/skywalking-horizon-ui/blob/main/horizon.example.yaml) shipped at `/app/horizon.example.yaml` inside the image — copy it as the starting point for your own auth / RBAC / session customizations. - ### Production: hash via Kubernetes Secret For anything beyond a demo, swap the publicly-known hash for one you generated yourself and feed it through a Secret + `${VAR}` interpolation: @@ -94,9 +108,9 @@ helm install "${SKYWALKING_RELEASE_NAME}" \ oci://registry-1.docker.io/apache/skywalking-helm \ --version "${SKYWALKING_RELEASE_VERSION}" \ -n "${SKYWALKING_RELEASE_NAMESPACE}" \ - --set oap.image.tag=10.4.0 \ + --set oap.image.tag= \ --set oap.storageType=elasticsearch \ - --set ui.image.tag=horizon-1.0.0 \ + --set ui.image.tag=horizon- \ -f my-values.yaml ``` diff --git a/chart/skywalking/README.md b/chart/skywalking/README.md index c433521..ff78ca3 100644 --- a/chart/skywalking/README.md +++ b/chart/skywalking/README.md @@ -102,7 +102,7 @@ The following table lists the configurable parameters of the Skywalking chart an | `ui.persistence.storageClass` | Storage class for the chart-managed PVC | `""` | | `ui.persistence.accessModes` | PVC access modes | `[ReadWriteOnce]` | | `ui.persistence.size` | PVC size | `1Gi` | -| `ui.config` | `horizon.yaml` content (deep-merged onto chart defaults that point `oap.queryUrl`/`adminUrl` at the in-cluster OAP). See the [horizon.yaml reference](https://github.com/apache/skywalking-horizon-ui/blob/main/docs/setup/horizon-yaml.md). `auth.local.users` defaults to empty (BFF refuses to start); apply `chart/skywalking/values-horizon-ui.yaml` for demo creds or wire your own via Secret | see `values.yaml` | +| `ui.config` | `horizon.yaml` content (deep-merged onto chart defaults that point `oap.queryUrl`/`adminUrl` at the in-cluster OAP). See the upstream [`horizon.example.yaml`](https://github.com/apache/skywalking-horizon-ui/blob/main/horizon.example.yaml) and [horizon.yaml reference](https://github.com/apache/skywalking-horizon-ui/blob/main/docs/setup/horizon-yaml.md). `auth.local.users` defaults to empty (BFF refuses to start); see the root README "Web UI" section for a demo snippet and the production Secret pattern | see `values.yaml` | | `ui.envFromSecret` | Reference a Secret whose keys are exposed as env vars in the BFF container, for use with `${VAR}` interpolation in `ui.config` (e.g. admin password hash) | `""` | | `ui.extraEnv` | Extra env vars passed to the BFF container | `[]` | | `oapInit.nodeAffinity` | OAP init job node affinity policy | `{}` | diff --git a/chart/skywalking/templates/NOTES.txt b/chart/skywalking/templates/NOTES.txt index 0c8d809..8d02cad 100644 --- a/chart/skywalking/templates/NOTES.txt +++ b/chart/skywalking/templates/NOTES.txt @@ -57,31 +57,14 @@ The web UI is Apache SkyWalking Horizon UI. Its BFF refuses to start when no users are configured — there is no built-in "admin/admin" fallback. If your `ui.config.auth.local.users` list is empty, the UI pod will -CrashLoopBackOff. Two ways to provide users: +CrashLoopBackOff. See the README "Web UI" section for: -1. Demo / first-run — apply the example overlay we ship, which configures - admin/admin and skywalking/skywalking with real argon2id hashes: + - a copy-pastable demo snippet (publicly-known admin/admin hash) + - the production Secret + ${VAR} interpolation pattern - helm install … -f chart/skywalking/values-horizon-ui.yaml - - ⚠ Those passwords are PUBLICLY KNOWN in this repo. Use only on trusted - networks; rotate before exposing externally. - -2. Production — generate your own argon2id hash via - `pnpm --filter bff cli:hash` in apache/skywalking-horizon-ui, store it - in a Kubernetes Secret, and reference it via ${VAR} interpolation: - - ui: - envFromSecret: horizon-admin-secret # Secret has HORIZON_ADMIN_HASH - config: - auth: - local: - users: - - username: admin - passwordHash: "${HORIZON_ADMIN_HASH}" - roles: [admin] - -Full config reference: +Full horizon.yaml config reference and upstream example: https://github.com/apache/skywalking-horizon-ui/blob/main/docs/setup/horizon-yaml.md + https://github.com/apache/skywalking-horizon-ui/blob/main/horizon.example.yaml + (also shipped inside the image at /app/horizon.example.yaml) {{- end }} diff --git a/chart/skywalking/values-horizon-ui.yaml b/chart/skywalking/values-horizon-ui.yaml deleted file mode 100644 index 368b263..0000000 --- a/chart/skywalking/values-horizon-ui.yaml +++ /dev/null @@ -1,76 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# UI-only example values overlay. Apply alongside the OAP-required values -# (`oap.image.tag`, `oap.storageType`, `ui.image.tag`): -# -# helm install chart/skywalking \ -# --set oap.image.tag=10.4.0 \ -# --set oap.storageType=elasticsearch \ -# --set ui.image.tag=horizon-1.0.0 \ -# -f chart/skywalking/values-horizon-ui.yaml -# -# This file exists so an operator who wants to customize Horizon UI's auth / -# RBAC / session has a self-contained template to copy from — it intentionally -# does NOT pin OAP version or storage backend, since those are orthogonal to -# the UI configuration. -# -# The Horizon `config` block mirrors the public horizon.example.yaml that -# ships at /app/horizon.example.yaml inside the image — same shape, same -# field names. See: -# https://github.com/apache/skywalking-horizon-ui/blob/main/horizon.example.yaml -# https://github.com/apache/skywalking-horizon-ui/blob/main/docs/setup/horizon-yaml.md -# -# ⚠ ROTATE THE DEFAULT PASSWORDS BEFORE EXPOSING THE UI BEYOND A TRUSTED -# NETWORK. The hashes below are public; anyone can log in as admin/admin. -# Generate replacements by checking out apache/skywalking-horizon-ui and -# running `pnpm --filter bff cli:hash`, or wire production secrets through -# a Kubernetes Secret + `ui.envFromSecret` + `${VAR}` interpolation. - -ui: - config: - server: - host: 0.0.0.0 - port: 8081 - oap: - # queryUrl / adminUrl default to the in-cluster OAP service; the chart - # fills them in. Set them explicitly only when pointing at an external - # OAP cluster. - timeoutMs: 15000 - # Optional basic-auth — uncomment when the OAP cluster requires it. - # auth: - # username: skywalking - # password: "${HORIZON_OAP_PW}" - auth: - backend: local - local: - users: - - username: admin # password: admin - passwordHash: "$argon2id$v=19$m=65536,t=3,p=4$eemqy1r72oSXR58y8VpRqw$Bn/dULrmJTHEi3263KfgWDEwQmUsqNLi3xwyv/DekHM" - roles: [admin] - - username: skywalking # password: skywalking - passwordHash: "$argon2id$v=19$m=65536,t=3,p=4$Zqj8HhQDqm8d5c2MipHYZw$BsaCnu4bdd4uadIldx3wwYLsdo47Thxb7Lv1MXpWG2Q" - roles: [viewer, maintainer] - rbac: - enabled: true - session: - ttlMinutes: 60 - cookieName: horizon_sid - cookieSecure: false # flip to true when serving over HTTPS - -# Reach the UI from your laptop: -# kubectl port-forward svc/-skywalking-helm-ui 8080:80 -# then open http://127.0.0.1:8080 and log in as admin/admin (or -# skywalking/skywalking). diff --git a/chart/skywalking/values-my-es.yaml b/chart/skywalking/values-my-es.yaml index a3b5234..157201c 100644 --- a/chart/skywalking/values-my-es.yaml +++ b/chart/skywalking/values-my-es.yaml @@ -22,9 +22,9 @@ oap: # Set oap.image.tag at install time, e.g. --set oap.image.tag= # Set ui.image.tag at install time, e.g. --set ui.image.tag=horizon- -# Horizon UI's BFF refuses to start with no users. For UI auth/RBAC, layer -# `-f chart/skywalking/values-horizon-ui.yaml` on top of this file, or -# define your own `ui.config.auth.local.users[]` here. +# Horizon UI's BFF refuses to start with no users. Define +# `ui.config.auth.local.users[]` here (see the README "Web UI" section) +# or layer your own UI values file on top. elasticsearch: enabled: false diff --git a/chart/skywalking/values.yaml b/chart/skywalking/values.yaml index b75093f..09a6606 100644 --- a/chart/skywalking/values.yaml +++ b/chart/skywalking/values.yaml @@ -238,12 +238,9 @@ ui: # # `auth.local.users` is intentionally empty by default — Horizon's BFF # refuses to start without it, which is the upstream's "no default - # admin/admin" stance. For a working demo / first-run install, apply - # `chart/skywalking/values-horizon-ui.yaml` (it ships admin/admin and - # skywalking/skywalking with real argon2id hashes). For production, - # generate your own hash via `pnpm --filter bff cli:hash` in - # apache/skywalking-horizon-ui and feed it through a Secret + - # `${VAR}` interpolation (see README "Web UI" section). + # admin/admin" stance. See the README "Web UI" section for two paths: + # a copy-pastable demo snippet (publicly-known admin/admin hash) or the + # production Secret + `${VAR}` interpolation pattern. config: server: host: 0.0.0.0 From dd6a419996dc792303e6fd46b55c874173b6403b Mon Sep 17 00:00:00 2001 From: Wu Sheng Date: Mon, 18 May 2026 17:14:41 +0800 Subject: [PATCH 06/13] =?UTF-8?q?Reset=20values-my-es.yaml=20=E2=80=94=20o?= =?UTF-8?q?ut=20of=20scope=20for=20the=20Horizon=20UI=20migration?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- chart/skywalking/values-my-es.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/chart/skywalking/values-my-es.yaml b/chart/skywalking/values-my-es.yaml index 157201c..aea448c 100644 --- a/chart/skywalking/values-my-es.yaml +++ b/chart/skywalking/values-my-es.yaml @@ -18,13 +18,13 @@ # Declare variables to be passed into your templates. oap: + image: + tag: 10.0.0 storageType: elasticsearch - # Set oap.image.tag at install time, e.g. --set oap.image.tag= -# Set ui.image.tag at install time, e.g. --set ui.image.tag=horizon- -# Horizon UI's BFF refuses to start with no users. Define -# `ui.config.auth.local.users[]` here (see the README "Web UI" section) -# or layer your own UI values file on top. +ui: + image: + tag: 10.0.0 elasticsearch: enabled: false From a43e69aa061e2572ed6b13726cfed4b701be7292 Mon Sep 17 00:00:00 2001 From: Wu Sheng Date: Mon, 18 May 2026 23:55:14 +0800 Subject: [PATCH 07/13] Bump horizon-ui e2e pin to 80565f5 (static-build, fixes .ts crash) cfed07a1 had the pnpm-deploy regression where api-client/src/index.ts was shipped in the image instead of compiled JS, crashing the BFF at import time. 80565f5 is the first GHCR build after horizon-ui's Dockerfile move to copy-in-static-dist. --- test/e2e/env | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/e2e/env b/test/e2e/env index fc13d86..d0854c8 100644 --- a/test/e2e/env +++ b/test/e2e/env @@ -19,7 +19,7 @@ OAP_REPO=ghcr.io/apache/skywalking/oap # repo (tags: full commit SHA, vX.Y.Z, main). Release images live on Docker Hub # at apache/skywalking-ui:horizon-x.y.z. CI pins to a SHA so re-runs are # reproducible — bump this when a new horizon-ui feature/fix needs CI coverage. -UI_TAG=cfed07a1b69fd130559a0cc238ec5f2d6a913832 +UI_TAG=80565f563b6ea47c274141029d8ef6bd33b7eeac UI_REPO=ghcr.io/apache/skywalking-horizon-ui SATELLITE_TAG=v35bfaff6352b4dc351a706772796a1f79b651c14 SATELLITE_REPO=ghcr.io/apache/skywalking-satellite/skywalking-satellite From bfa70629b465da0ef2cc5bdc407e1246e257851b Mon Sep 17 00:00:00 2001 From: Wu Sheng Date: Tue, 19 May 2026 07:56:25 +0800 Subject: [PATCH 08/13] =?UTF-8?q?Fix=20UI=20readiness=20probe=20=E2=80=94?= =?UTF-8?q?=20use=20/api/auth/health,=20not=20/api/oap/info?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit /api/oap/info is gated behind a logged-in session and returns 401 to the kubelet's unauthenticated probe, so the UI deployment never became ready and e2e's wait timed out. /api/auth/health is the right unauthenticated liveness signal — verifies BFF is up + auth backend is healthy without needing credentials. Confirmed against horizon-ui 80565f5: GET /api/oap/info → 401 {"error":"unauthenticated"}; GET /api/auth/health → 200. --- chart/skywalking/README.md | 2 +- chart/skywalking/values.yaml | 5 ++++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/chart/skywalking/README.md b/chart/skywalking/README.md index ff78ca3..f2b8996 100644 --- a/chart/skywalking/README.md +++ b/chart/skywalking/README.md @@ -96,7 +96,7 @@ The following table lists the configurable parameters of the Skywalking chart an | `ui.service.loadBalancerSourceRanges` | Limit load balancer source IPs to list of CIDRs (where available)) | `[]` | | `ui.securityContext` | Pod [securityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod). The image runs as the non-root `horizon` user; `fsGroup` makes mounted PVCs group-writable for that user | `fsGroup: 101` | | `ui.livenessProbe` | TCP liveness probe | `tcpSocket.port: 8081` | -| `ui.readinessProbe` | HTTP readiness probe; verifies the BFF is up and OAP query port is reachable | `httpGet.path: /api/oap/info, port: 8081` | +| `ui.readinessProbe` | HTTP readiness probe; verifies the BFF is up and the auth backend is healthy. `/api/auth/health` is the only unauthenticated BFF health endpoint | `httpGet.path: /api/auth/health, port: 8081` | | `ui.persistence.enabled` | Mount a PVC at `/data` for audit log / setup / alarm state / wire debug log. When `false`, state lands in the container's writable layer and is lost on pod restart | `false` | | `ui.persistence.existingClaim` | Use a pre-created PVC; if empty, the chart creates one | `""` | | `ui.persistence.storageClass` | Storage class for the chart-managed PVC | `""` | diff --git a/chart/skywalking/values.yaml b/chart/skywalking/values.yaml index 09a6606..f51d059 100644 --- a/chart/skywalking/values.yaml +++ b/chart/skywalking/values.yaml @@ -220,8 +220,11 @@ ui: initialDelaySeconds: 30 periodSeconds: 20 readinessProbe: + # /api/auth/health is the only unauthenticated BFF health endpoint — + # /api/oap/info is gated behind a logged-in session and returns 401 + # to an unauthenticated kubelet probe. httpGet: - path: /api/oap/info + path: /api/auth/health port: 8081 initialDelaySeconds: 10 periodSeconds: 10 From e359de006d5de49ae2edfbf46a7279333537241c Mon Sep 17 00:00:00 2001 From: Wu Sheng Date: Tue, 19 May 2026 08:23:33 +0800 Subject: [PATCH 09/13] Skip UI install in SWCK e2e tests MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit apache/skywalking-swck's UI CRD still deploys booster-ui (port 8080, env-driven). The Horizon UI image needs a horizon.yaml ConfigMap + port 8081 + configured auth users, none of which the operator wires. Pointing it at the Horizon image leaves UI/skywalking-system stuck in condition=Available=false, timing out the test setup. Teaching SWCK to deploy Horizon is upstream-only — out of scope for this helm chart PR. Until then, drop the UI block from the SWCK component manifests and the UI/skywalking-system wait gates. The verify cases query OAP's GraphQL on 12800 directly, so the UI was never on the SWCK test path anyway. --- test/e2e/swck/oap-agent-banyandb.yaml | 3 --- test/e2e/swck/oap-ui-agent-elasticsearch.yaml | 3 --- .../swck/oap-ui-agent-oapserverconfig.yaml | 3 --- test/e2e/swck/oap-ui-agent-satellite.yaml | 6 +---- .../skywalking-components-elasticsearch.yaml | 22 +++++-------------- .../swck/skywalking-components-satellite.yaml | 22 +++++-------------- test/e2e/swck/skywalking-components.yaml | 22 +++++-------------- 7 files changed, 19 insertions(+), 62 deletions(-) diff --git a/test/e2e/swck/oap-agent-banyandb.yaml b/test/e2e/swck/oap-agent-banyandb.yaml index fe02c6d..d0011c9 100644 --- a/test/e2e/swck/oap-agent-banyandb.yaml +++ b/test/e2e/swck/oap-agent-banyandb.yaml @@ -74,9 +74,6 @@ setup: - namespace: skywalking-system resource: OAPServer/skywalking-system for: condition=Available - - namespace: skywalking-system - resource: UI/skywalking-system - for: condition=Available - name: Setup java agent demo command: | kubectl label namespace skywalking-system swck-injection=enabled diff --git a/test/e2e/swck/oap-ui-agent-elasticsearch.yaml b/test/e2e/swck/oap-ui-agent-elasticsearch.yaml index 81f4b60..18a445b 100644 --- a/test/e2e/swck/oap-ui-agent-elasticsearch.yaml +++ b/test/e2e/swck/oap-ui-agent-elasticsearch.yaml @@ -64,9 +64,6 @@ setup: - namespace: skywalking-system resource: OAPServer/skywalking-system for: condition=Available - - namespace: skywalking-system - resource: UI/skywalking-system - for: condition=Available - name: Setup java agent demo command: | kubectl label namespace skywalking-system swck-injection=enabled diff --git a/test/e2e/swck/oap-ui-agent-oapserverconfig.yaml b/test/e2e/swck/oap-ui-agent-oapserverconfig.yaml index fb54bc4..573f20c 100644 --- a/test/e2e/swck/oap-ui-agent-oapserverconfig.yaml +++ b/test/e2e/swck/oap-ui-agent-oapserverconfig.yaml @@ -77,9 +77,6 @@ setup: - namespace: skywalking-system resource: OAPServer/skywalking-system for: condition=Available - - namespace: skywalking-system - resource: UI/skywalking-system - for: condition=Available - name: setup java agent demo(test for dynamic configuration) command: | kubectl label namespace skywalking-system swck-injection=enabled diff --git a/test/e2e/swck/oap-ui-agent-satellite.yaml b/test/e2e/swck/oap-ui-agent-satellite.yaml index 7653ddc..fa33c80 100644 --- a/test/e2e/swck/oap-ui-agent-satellite.yaml +++ b/test/e2e/swck/oap-ui-agent-satellite.yaml @@ -73,11 +73,7 @@ setup: wait: - namespace: skywalking-system resource: OAPServer/skywalking-system - for: condition=Available - - namespace: skywalking-system - resource: UI/skywalking-system - for: condition=Available - - namespace: skywalking-system + for: condition=Available - namespace: skywalking-system resource: Satellite/skywalking-system for: condition=Available - name: Setup java agent demo diff --git a/test/e2e/swck/skywalking-components-elasticsearch.yaml b/test/e2e/swck/skywalking-components-elasticsearch.yaml index 9df8ef3..cf68d89 100644 --- a/test/e2e/swck/skywalking-components-elasticsearch.yaml +++ b/test/e2e/swck/skywalking-components-elasticsearch.yaml @@ -31,19 +31,9 @@ spec: value: elasticsearch - name: SW_STORAGE_ES_CLUSTER_NODES value: es-out.default:9200 ---- -apiVersion: operator.skywalking.apache.org/v1alpha1 -kind: UI -metadata: - name: skywalking-system - namespace: skywalking-system -spec: - version: PLACEHOLDER - instances: 1 - image: UI_IMAGE_PLACEHOLDER - OAPServerAddress: http://skywalking-system-oap.skywalking-system:12800 - service: - template: - type: ClusterIP - ingress: - host: demo.ui.skywalking +# The SWCK operator's `UI` CRD only knows how to deploy booster-ui +# (port 8080, env-driven config). Horizon UI needs a horizon.yaml +# config file + port 8081 + auth users, none of which the CRD wires. +# Until apache/skywalking-swck teaches the UI CRD about Horizon, we +# skip deploying it from SWCK tests — verify queries hit OAP directly +# at port 12800, so the UI isn't on the test path anyway. diff --git a/test/e2e/swck/skywalking-components-satellite.yaml b/test/e2e/swck/skywalking-components-satellite.yaml index 7b8f4c6..f3cb7e0 100644 --- a/test/e2e/swck/skywalking-components-satellite.yaml +++ b/test/e2e/swck/skywalking-components-satellite.yaml @@ -49,19 +49,9 @@ spec: service: template: type: ClusterIP ---- -apiVersion: operator.skywalking.apache.org/v1alpha1 -kind: UI -metadata: - name: skywalking-system - namespace: skywalking-system -spec: - version: PLACEHOLDER - instances: 1 - image: UI_IMAGE_PLACEHOLDER - OAPServerAddress: http://skywalking-system-oap.skywalking-system:12800 - service: - template: - type: ClusterIP - ingress: - host: demo.ui.skywalking +# The SWCK operator's `UI` CRD only knows how to deploy booster-ui +# (port 8080, env-driven config). Horizon UI needs a horizon.yaml +# config file + port 8081 + auth users, none of which the CRD wires. +# Until apache/skywalking-swck teaches the UI CRD about Horizon, we +# skip deploying it from SWCK tests — verify queries hit OAP directly +# at port 12800, so the UI isn't on the test path anyway. diff --git a/test/e2e/swck/skywalking-components.yaml b/test/e2e/swck/skywalking-components.yaml index 63ad62f..f347f63 100644 --- a/test/e2e/swck/skywalking-components.yaml +++ b/test/e2e/swck/skywalking-components.yaml @@ -31,19 +31,9 @@ spec: value: banyandb - name: SW_STORAGE_BANYANDB_TARGETS value: banyandb-grpc.default:17912 ---- -apiVersion: operator.skywalking.apache.org/v1alpha1 -kind: UI -metadata: - name: skywalking-system - namespace: skywalking-system -spec: - version: PLACEHOLDER - instances: 1 - image: UI_IMAGE_PLACEHOLDER - OAPServerAddress: http://skywalking-system-oap.skywalking-system:12800 - service: - template: - type: ClusterIP - ingress: - host: demo.ui.skywalking +# The SWCK operator's `UI` CRD only knows how to deploy booster-ui +# (port 8080, env-driven config). Horizon UI needs a horizon.yaml +# config file + port 8081 + auth users, none of which the CRD wires. +# Until apache/skywalking-swck teaches the UI CRD about Horizon, we +# skip deploying it from SWCK tests — verify queries hit OAP directly +# at port 12800, so the UI isn't on the test path anyway. From 8b324fd3117b8791d6ff7b56434d2be330ae6472 Mon Sep 17 00:00:00 2001 From: Wu Sheng Date: Tue, 19 May 2026 09:14:47 +0800 Subject: [PATCH 10/13] Revert "Skip UI install in SWCK e2e tests" This reverts commit e359de006d5de49ae2edfbf46a7279333537241c. --- test/e2e/swck/oap-agent-banyandb.yaml | 3 +++ test/e2e/swck/oap-ui-agent-elasticsearch.yaml | 3 +++ .../swck/oap-ui-agent-oapserverconfig.yaml | 3 +++ test/e2e/swck/oap-ui-agent-satellite.yaml | 6 ++++- .../skywalking-components-elasticsearch.yaml | 22 ++++++++++++++----- .../swck/skywalking-components-satellite.yaml | 22 ++++++++++++++----- test/e2e/swck/skywalking-components.yaml | 22 ++++++++++++++----- 7 files changed, 62 insertions(+), 19 deletions(-) diff --git a/test/e2e/swck/oap-agent-banyandb.yaml b/test/e2e/swck/oap-agent-banyandb.yaml index d0011c9..fe02c6d 100644 --- a/test/e2e/swck/oap-agent-banyandb.yaml +++ b/test/e2e/swck/oap-agent-banyandb.yaml @@ -74,6 +74,9 @@ setup: - namespace: skywalking-system resource: OAPServer/skywalking-system for: condition=Available + - namespace: skywalking-system + resource: UI/skywalking-system + for: condition=Available - name: Setup java agent demo command: | kubectl label namespace skywalking-system swck-injection=enabled diff --git a/test/e2e/swck/oap-ui-agent-elasticsearch.yaml b/test/e2e/swck/oap-ui-agent-elasticsearch.yaml index 18a445b..81f4b60 100644 --- a/test/e2e/swck/oap-ui-agent-elasticsearch.yaml +++ b/test/e2e/swck/oap-ui-agent-elasticsearch.yaml @@ -64,6 +64,9 @@ setup: - namespace: skywalking-system resource: OAPServer/skywalking-system for: condition=Available + - namespace: skywalking-system + resource: UI/skywalking-system + for: condition=Available - name: Setup java agent demo command: | kubectl label namespace skywalking-system swck-injection=enabled diff --git a/test/e2e/swck/oap-ui-agent-oapserverconfig.yaml b/test/e2e/swck/oap-ui-agent-oapserverconfig.yaml index 573f20c..fb54bc4 100644 --- a/test/e2e/swck/oap-ui-agent-oapserverconfig.yaml +++ b/test/e2e/swck/oap-ui-agent-oapserverconfig.yaml @@ -77,6 +77,9 @@ setup: - namespace: skywalking-system resource: OAPServer/skywalking-system for: condition=Available + - namespace: skywalking-system + resource: UI/skywalking-system + for: condition=Available - name: setup java agent demo(test for dynamic configuration) command: | kubectl label namespace skywalking-system swck-injection=enabled diff --git a/test/e2e/swck/oap-ui-agent-satellite.yaml b/test/e2e/swck/oap-ui-agent-satellite.yaml index fa33c80..7653ddc 100644 --- a/test/e2e/swck/oap-ui-agent-satellite.yaml +++ b/test/e2e/swck/oap-ui-agent-satellite.yaml @@ -73,7 +73,11 @@ setup: wait: - namespace: skywalking-system resource: OAPServer/skywalking-system - for: condition=Available - namespace: skywalking-system + for: condition=Available + - namespace: skywalking-system + resource: UI/skywalking-system + for: condition=Available + - namespace: skywalking-system resource: Satellite/skywalking-system for: condition=Available - name: Setup java agent demo diff --git a/test/e2e/swck/skywalking-components-elasticsearch.yaml b/test/e2e/swck/skywalking-components-elasticsearch.yaml index cf68d89..9df8ef3 100644 --- a/test/e2e/swck/skywalking-components-elasticsearch.yaml +++ b/test/e2e/swck/skywalking-components-elasticsearch.yaml @@ -31,9 +31,19 @@ spec: value: elasticsearch - name: SW_STORAGE_ES_CLUSTER_NODES value: es-out.default:9200 -# The SWCK operator's `UI` CRD only knows how to deploy booster-ui -# (port 8080, env-driven config). Horizon UI needs a horizon.yaml -# config file + port 8081 + auth users, none of which the CRD wires. -# Until apache/skywalking-swck teaches the UI CRD about Horizon, we -# skip deploying it from SWCK tests — verify queries hit OAP directly -# at port 12800, so the UI isn't on the test path anyway. +--- +apiVersion: operator.skywalking.apache.org/v1alpha1 +kind: UI +metadata: + name: skywalking-system + namespace: skywalking-system +spec: + version: PLACEHOLDER + instances: 1 + image: UI_IMAGE_PLACEHOLDER + OAPServerAddress: http://skywalking-system-oap.skywalking-system:12800 + service: + template: + type: ClusterIP + ingress: + host: demo.ui.skywalking diff --git a/test/e2e/swck/skywalking-components-satellite.yaml b/test/e2e/swck/skywalking-components-satellite.yaml index f3cb7e0..7b8f4c6 100644 --- a/test/e2e/swck/skywalking-components-satellite.yaml +++ b/test/e2e/swck/skywalking-components-satellite.yaml @@ -49,9 +49,19 @@ spec: service: template: type: ClusterIP -# The SWCK operator's `UI` CRD only knows how to deploy booster-ui -# (port 8080, env-driven config). Horizon UI needs a horizon.yaml -# config file + port 8081 + auth users, none of which the CRD wires. -# Until apache/skywalking-swck teaches the UI CRD about Horizon, we -# skip deploying it from SWCK tests — verify queries hit OAP directly -# at port 12800, so the UI isn't on the test path anyway. +--- +apiVersion: operator.skywalking.apache.org/v1alpha1 +kind: UI +metadata: + name: skywalking-system + namespace: skywalking-system +spec: + version: PLACEHOLDER + instances: 1 + image: UI_IMAGE_PLACEHOLDER + OAPServerAddress: http://skywalking-system-oap.skywalking-system:12800 + service: + template: + type: ClusterIP + ingress: + host: demo.ui.skywalking diff --git a/test/e2e/swck/skywalking-components.yaml b/test/e2e/swck/skywalking-components.yaml index f347f63..63ad62f 100644 --- a/test/e2e/swck/skywalking-components.yaml +++ b/test/e2e/swck/skywalking-components.yaml @@ -31,9 +31,19 @@ spec: value: banyandb - name: SW_STORAGE_BANYANDB_TARGETS value: banyandb-grpc.default:17912 -# The SWCK operator's `UI` CRD only knows how to deploy booster-ui -# (port 8080, env-driven config). Horizon UI needs a horizon.yaml -# config file + port 8081 + auth users, none of which the CRD wires. -# Until apache/skywalking-swck teaches the UI CRD about Horizon, we -# skip deploying it from SWCK tests — verify queries hit OAP directly -# at port 12800, so the UI isn't on the test path anyway. +--- +apiVersion: operator.skywalking.apache.org/v1alpha1 +kind: UI +metadata: + name: skywalking-system + namespace: skywalking-system +spec: + version: PLACEHOLDER + instances: 1 + image: UI_IMAGE_PLACEHOLDER + OAPServerAddress: http://skywalking-system-oap.skywalking-system:12800 + service: + template: + type: ClusterIP + ingress: + host: demo.ui.skywalking From 8e0bb8dd7250ba76d4796a3639f9d0cb8b9eba68 Mon Sep 17 00:00:00 2001 From: Wu Sheng Date: Tue, 19 May 2026 10:10:17 +0800 Subject: [PATCH 11/13] SWCK e2e: pin operator to dev image d299bc0 with Horizon UI support apache/skywalking-swck's chart default is v0.9.0, which only deploys booster-ui-style manifests (port 8080, env-driven). d299bc0 is the first SWCK master commit that branches on Spec.Kind, defaults Kind to horizon, emits port-8081 manifests, and renders a horizon.yaml ConfigMap. Override the operator image via --set on every SWCK e2e install so this PR's CI can validate the horizon path before SWCK cuts a release. The chart's own default (apache/skywalking-swck:v0.9.0) stays untouched for end users. Bump SWCK_OPERATOR_TAG when SWCK ships a release with Horizon support; drop the overrides entirely once chart/operator's tag points at that release. --- test/e2e/env | 6 ++++++ test/e2e/swck/oap-agent-adapter-hpa.yaml | 4 +++- test/e2e/swck/oap-agent-banyandb.yaml | 4 +++- test/e2e/swck/oap-ui-agent-elasticsearch.yaml | 4 +++- test/e2e/swck/oap-ui-agent-oapserverconfig.yaml | 4 +++- test/e2e/swck/oap-ui-agent-satellite.yaml | 4 +++- 6 files changed, 21 insertions(+), 5 deletions(-) diff --git a/test/e2e/env b/test/e2e/env index d0854c8..a9097f4 100644 --- a/test/e2e/env +++ b/test/e2e/env @@ -21,6 +21,12 @@ OAP_REPO=ghcr.io/apache/skywalking/oap # reproducible — bump this when a new horizon-ui feature/fix needs CI coverage. UI_TAG=80565f563b6ea47c274141029d8ef6bd33b7eeac UI_REPO=ghcr.io/apache/skywalking-horizon-ui +# SWCK operator dev image — published by apache/skywalking-swck's +# publish-docker.yml on every master push. Bump SWCK_OPERATOR_TAG when +# the SWCK PR with Horizon UI support gets merged & released; the chart's +# own default (apache/skywalking-swck:v0.9.0) stays unchanged for users. +SWCK_OPERATOR_REPO=ghcr.io/apache/skywalking-swck/operator +SWCK_OPERATOR_TAG=d299bc05ee230f5f366584054db5b099ca60166f SATELLITE_TAG=v35bfaff6352b4dc351a706772796a1f79b651c14 SATELLITE_REPO=ghcr.io/apache/skywalking-satellite/skywalking-satellite BANYANDB_TAG=5dedaa1aa5106dd87ad9d6c5f08c63deefee5579 diff --git a/test/e2e/swck/oap-agent-adapter-hpa.yaml b/test/e2e/swck/oap-agent-adapter-hpa.yaml index 99c49dc..96ac3a4 100644 --- a/test/e2e/swck/oap-agent-adapter-hpa.yaml +++ b/test/e2e/swck/oap-agent-adapter-hpa.yaml @@ -58,7 +58,9 @@ setup: helm dep up chart/operator helm install operator chart/operator --namespace=skywalking-swck-system \ --create-namespace \ - --set fullnameOverride=skywalking-swck + --set fullnameOverride=skywalking-swck \ + --set image.repository=$SWCK_OPERATOR_REPO \ + --set image.tag=$SWCK_OPERATOR_TAG wait: - namespace: skywalking-swck-system resource: deployment/skywalking-swck-operator diff --git a/test/e2e/swck/oap-agent-banyandb.yaml b/test/e2e/swck/oap-agent-banyandb.yaml index fe02c6d..364b349 100644 --- a/test/e2e/swck/oap-agent-banyandb.yaml +++ b/test/e2e/swck/oap-agent-banyandb.yaml @@ -46,7 +46,9 @@ setup: helm dep up chart/operator helm install operator chart/operator --namespace=skywalking-swck-system \ --create-namespace \ - --set fullnameOverride=skywalking-swck + --set fullnameOverride=skywalking-swck \ + --set image.repository=$SWCK_OPERATOR_REPO \ + --set image.tag=$SWCK_OPERATOR_TAG wait: - namespace: skywalking-swck-system resource: deployment/skywalking-swck-operator diff --git a/test/e2e/swck/oap-ui-agent-elasticsearch.yaml b/test/e2e/swck/oap-ui-agent-elasticsearch.yaml index 81f4b60..994f441 100644 --- a/test/e2e/swck/oap-ui-agent-elasticsearch.yaml +++ b/test/e2e/swck/oap-ui-agent-elasticsearch.yaml @@ -46,7 +46,9 @@ setup: helm dep up chart/operator helm install operator chart/operator --namespace=skywalking-swck-system \ --create-namespace \ - --set fullnameOverride=skywalking-swck + --set fullnameOverride=skywalking-swck \ + --set image.repository=$SWCK_OPERATOR_REPO \ + --set image.tag=$SWCK_OPERATOR_TAG wait: - namespace: skywalking-swck-system resource: deployment/skywalking-swck-operator diff --git a/test/e2e/swck/oap-ui-agent-oapserverconfig.yaml b/test/e2e/swck/oap-ui-agent-oapserverconfig.yaml index fb54bc4..46c7bc6 100644 --- a/test/e2e/swck/oap-ui-agent-oapserverconfig.yaml +++ b/test/e2e/swck/oap-ui-agent-oapserverconfig.yaml @@ -49,7 +49,9 @@ setup: helm dep up chart/operator helm install operator chart/operator --namespace=skywalking-swck-system \ --create-namespace \ - --set fullnameOverride=skywalking-swck + --set fullnameOverride=skywalking-swck \ + --set image.repository=$SWCK_OPERATOR_REPO \ + --set image.tag=$SWCK_OPERATOR_TAG wait: - namespace: skywalking-swck-system resource: deployment/skywalking-swck-operator diff --git a/test/e2e/swck/oap-ui-agent-satellite.yaml b/test/e2e/swck/oap-ui-agent-satellite.yaml index 7653ddc..c2822cb 100644 --- a/test/e2e/swck/oap-ui-agent-satellite.yaml +++ b/test/e2e/swck/oap-ui-agent-satellite.yaml @@ -46,7 +46,9 @@ setup: helm dep up chart/operator helm install operator chart/operator --namespace=skywalking-swck-system \ --create-namespace \ - --set fullnameOverride=skywalking-swck + --set fullnameOverride=skywalking-swck \ + --set image.repository=$SWCK_OPERATOR_REPO \ + --set image.tag=$SWCK_OPERATOR_TAG wait: - namespace: skywalking-swck-system resource: deployment/skywalking-swck-operator From d8424c366c50be6d04c53b3904420f524c32acb4 Mon Sep 17 00:00:00 2001 From: Wu Sheng Date: Tue, 19 May 2026 10:29:06 +0800 Subject: [PATCH 12/13] Sync UI CRD from skywalking-swck d299bc0 (adds Kind, Config, Admin URL) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit chart/operator vendored the v0.9.0 UI CRD, which has no Kind / OAPServerAdminAddress / OAPServerZipkinAddress / Config fields. The new operator's deployment template branches on .Spec.Kind, but with the old CRD installed, k8s strips that field on apply — Kind always arrives as \"\" at the controller and the booster (port-8080) path is taken even for Horizon images, leaving the pod unable to pass the readiness probe. Replace the UI section of chart/operator/templates/crds.yaml with the regenerated CRD from apache/skywalking-swck@d299bc0. Verified via helm template that the new field set + default=horizon + enum constraint render correctly. Other CRDs in the file are unchanged. --- chart/operator/templates/crds.yaml | 64 +++++++++++++++++++++++------- 1 file changed, 50 insertions(+), 14 deletions(-) diff --git a/chart/operator/templates/crds.yaml b/chart/operator/templates/crds.yaml index 7c613f1..eac98f8 100644 --- a/chart/operator/templates/crds.yaml +++ b/chart/operator/templates/crds.yaml @@ -3418,25 +3418,32 @@ spec: storage: true subresources: status: {} +--- +# Licensed to Apache Software Foundation (ASF) under one or more contributor +# license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright +# ownership. Apache Software Foundation (ASF) licenses this file to you under +# the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ include "operator.fullname" . }}-serving-cert - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.19.0 name: uis.operator.skywalking.apache.org spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - name: skywalking-swck-webhook-service - namespace: {{ .Release.Namespace }} - path: /convert - conversionReviewVersions: - - v1 group: operator.skywalking.apache.org names: kind: UI @@ -3501,7 +3508,26 @@ spec: description: UISpec defines the desired state of UI properties: OAPServerAddress: - description: Backend OAP server address + description: |- + Backend OAP server address. + For kind=booster, exported as the SW_OAP_ADDRESS env var. + For kind=horizon, used as oap.queryUrl in the generated horizon.yaml. + type: string + OAPServerAdminAddress: + description: |- + OAPServerAdminAddress is the OAP admin host (port 17128 by default; runtime-rule, + dsl-debug, inspect, status). Only used when kind=horizon. If unset, defaults to + http://-oap.:17128. + type: string + OAPServerZipkinAddress: + description: |- + OAPServerZipkinAddress is the OAP Zipkin REST host. Only used when kind=horizon. + If unset, defaults to /zipkin. + type: string + config: + description: |- + Config is a raw horizon.yaml that, when set, fully replaces the operator-generated + config mounted into the Horizon UI container. Only used when kind=horizon. type: string image: description: Image is the UI Docker image to deploy. @@ -3510,6 +3536,16 @@ spec: description: Count is the number of UI pods format: int32 type: integer + kind: + default: horizon + description: |- + Kind selects which SkyWalking web UI to deploy. + "horizon" deploys the next-generation Horizon UI (default). + "booster" deploys the legacy Booster UI image. + enum: + - horizon + - booster + type: string service: description: Service relevant settings properties: @@ -3677,4 +3713,4 @@ spec: storage: true subresources: status: {} -{{- end }} \ No newline at end of file +{{- end }} From c72e74eaa0df83225d23c61d03955ab17eab62e1 Mon Sep 17 00:00:00 2001 From: Wu Sheng Date: Tue, 19 May 2026 10:31:34 +0800 Subject: [PATCH 13/13] Restore chart-specific CRD annotations + conversion webhook on UI CRD MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When I synced the UI CRD from apache/skywalking-swck d299bc0, I copied the bare kubebuilder-generated file verbatim, which: - dropped two annotations every other CRD in this chart carries: cert-manager.io/inject-ca-from controller-gen.kubebuilder.io/version Without inject-ca-from the conversion webhook talks to the operator over plain HTTP (no CA injected), and webhook calls fail. - dropped the conversion: {strategy: Webhook, ...} block, which would break any future v1alpha1 ↔ vNext conversion the operator wires. - left an in-file Apache license header in the middle of crds.yaml. Re-added the annotations + conversion block to match the pattern used by oapservers / satellites / banyandbs / etc. Stripped the duplicate license header. --- chart/operator/templates/crds.yaml | 29 +++++++++++------------------ 1 file changed, 11 insertions(+), 18 deletions(-) diff --git a/chart/operator/templates/crds.yaml b/chart/operator/templates/crds.yaml index eac98f8..8431b64 100644 --- a/chart/operator/templates/crds.yaml +++ b/chart/operator/templates/crds.yaml @@ -3418,32 +3418,25 @@ spec: storage: true subresources: status: {} ---- -# Licensed to Apache Software Foundation (ASF) under one or more contributor -# license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright -# ownership. Apache Software Foundation (ASF) licenses this file to you under -# the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. - --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: + cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ include "operator.fullname" . }}-serving-cert controller-gen.kubebuilder.io/version: v0.19.0 name: uis.operator.skywalking.apache.org spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: skywalking-swck-webhook-service + namespace: {{ .Release.Namespace }} + path: /convert + conversionReviewVersions: + - v1 group: operator.skywalking.apache.org names: kind: UI