Introduce experimentalManagedServicesEnabled helm value

The upcoming managed services support would be initially disabled by
setting the helm value to `false` (the default)

Operators should deliberately enable the flag should they want to give
the feature a try.

This change simply introduces the flag in the helm chart, there is no
implementation that uses it yet. The `deploy-on-kind` script sets it to
`true` as it is meant to be run for development purposes.

The kind installer sets it to `true` as well - whoever is installing
Korifi on kind probably just wants to play with it, therefore enabling
the experimental support does make sense.

fixes #3262

README.helm.md

@@ -74,6 +74,7 @@ Here are all the values that can be set for the chart:
 - `debug` (_Boolean_): Enables remote debugging with [Delve](https://github.com/go-delve/delve).
 - `defaultAppDomainName` (_String_): Base domain name for application URLs.
 - `eksContainerRegistryRoleARN` (_String_): Amazon Resource Name (ARN) of the IAM role to use to access the ECR registry from an EKS deployed Korifi. Required if containerRegistrySecret not set.
+- `experimentalManagedServicesEnabled` (_Boolean_): Enable the experimental managed services support
 - `generateIngressCertificates` (_Boolean_): Use `cert-manager` to generate self-signed certificates for the API and app endpoints.
 - `helm`:
   - `hooksImage` (_String_): Image for the helm hooks containing kubectl

api/config/config.go

@@ -47,6 +47,8 @@ type (
 		AuthProxyHost   string        `yaml:"authProxyHost"`
 		AuthProxyCACert string        `yaml:"authProxyCACert"`
 		LogLevel        zapcore.Level `yaml:"logLevel"`
+
+		ExperimentalManagedServicesEnabled bool `yaml:"experimentalManagedServicesEnabled"`
 	}
 
 	RoleLevel string

api/config/config_test.go

@@ -46,6 +46,7 @@ var _ = Describe("Config", func() {
 				Stack:           "lc-stack",
 				StagingMemoryMB: 10,
 			},
+			"experimentalManagedServicesEnabled": true,
 		}
 	})
 
@@ -88,6 +89,7 @@ var _ = Describe("Config", func() {
 			StagingMemoryMB: 10,
 		}))
 		Expect(cfg.ContainerRegistryType).To(BeEmpty())
+		Expect(cfg.ExperimentalManagedServicesEnabled).To(BeTrue())
 	})
 
 	When("the FQDN is not specified", func() {

controllers/config/config.go

@@ -43,6 +43,8 @@ type ControllerConfig struct {
 	ContainerRepositoryPrefix string     `yaml:"containerRepositoryPrefix"`
 	ContainerRegistryType     string     `yaml:"containerRegistryType"`
 	Networking                Networking `yaml:"networking"`
+
+	ExperimentalManagedServicesEnabled bool `yaml:"experimentalManagedServicesEnabled"`
 }
 
 type CFProcessDefaults struct {

controllers/config/config_test.go

@@ -52,6 +52,7 @@ var _ = Describe("LoadFromPath", func() {
 				GatewayName:      "gw-name",
 				GatewayNamespace: "gw-ns",
 			},
+			ExperimentalManagedServicesEnabled: true,
 		}
 	})
 
@@ -94,6 +95,7 @@ var _ = Describe("LoadFromPath", func() {
 				GatewayName:      "gw-name",
 				GatewayNamespace: "gw-ns",
 			},
+			ExperimentalManagedServicesEnabled: true,
 		}))
 	})
 

helm/korifi/api/configmap.yaml

@@ -53,6 +53,7 @@ data:
     {{- if .Values.eksContainerRegistryRoleARN }}
     containerRegistryType: "ECR"
     {{- end }}
+    experimentalManagedServicesEnabled: {{ .Values.experimentalManagedServicesEnabled }}
   role_mappings_config.yaml: |
     roleMappings:
       admin:

helm/korifi/controllers/configmap.yaml

@@ -61,4 +61,5 @@ data:
     networking:
       gatewayNamespace: {{ .Release.Namespace }}-gateway
       gatewayName: korifi
+    experimentalManagedServicesEnabled: {{ .Values.experimentalManagedServicesEnabled }}
 

helm/korifi/values.schema.json

@@ -54,6 +54,10 @@
       "description": "Amazon Resource Name (ARN) of the IAM role to use to access the ECR registry from an EKS deployed Korifi. Required if containerRegistrySecret not set.",
       "type": "string"
     },
+    "experimentalManagedServicesEnabled": {
+      "description": "Enable the experimental managed services support",
+      "type": "boolean"
+    },
     "reconcilers": {
       "type": "object",
       "properties": {
@@ -224,7 +228,14 @@
               "type": "string"
             }
           },
-          "required": ["description", "name", "minCLIVersion", "recommendedCLIVersion", "custom", "supportAddress"]
+          "required": [
+            "description",
+            "name",
+            "minCLIVersion",
+            "recommendedCLIVersion",
+            "custom",
+            "supportAddress"
+          ]
         },
         "lifecycle": {
           "type": "object",

helm/korifi/values.yaml

@@ -10,6 +10,8 @@ eksContainerRegistryRoleARN: ""
 containerRegistryCACertSecret:
 systemImagePullSecrets: []
 
+experimentalManagedServicesEnabled: false
+
 reconcilers:
   build: kpack-image-builder
   run: statefulset-runner
@@ -23,7 +25,7 @@ api:
   include: true
 
   image: cloudfoundry/korifi-api:latest
-  
+
   nodeSelector: {}
   tolerations: []
   replicas: 1
@@ -66,7 +68,7 @@ api:
 
 controllers:
   image: cloudfoundry/korifi-controllers:latest
-  
+
   nodeSelector: {}
   tolerations: []
   replicas: 1

scripts/deploy-on-kind.sh

@@ -211,6 +211,7 @@ function deploy_korifi() {
       --set=kpackImageBuilder.clusterStackRunImage="paketobuildpacks/run-jammy-base" \
       --set=kpackImageBuilder.builderRepository="$KPACK_BUILDER_REPOSITORY" \
       --set=networking.gatewayClass="contour" \
+      --set=experimentalManagedServicesEnabled="true" \
       --wait
   }
   popd >/dev/null

scripts/installer/install-korifi-kind.yaml

@@ -111,6 +111,7 @@ spec:
             --set=kpackImageBuilder.clusterStackRunImage="paketobuildpacks/run-jammy-base" \
             --set=kpackImageBuilder.builderRepository="localregistry-docker-registry.default.svc.cluster.local:30050/kpack-builder" \
             --set=networking.gatewayClass="contour" \
+            --set=experimentalManagedServicesEnabled="true" \
             --wait
 
           kubectl wait --for=condition=ready clusterbuilder --all=true --timeout=15m