From b625ea5cb0ddcd0b6264b63f3cab9bde6aca9aab Mon Sep 17 00:00:00 2001 From: Danail Branekov Date: Fri, 31 May 2024 13:54:15 +0000 Subject: [PATCH] Introduce `experimentalManagedServicesEnabled` helm value The upcoming managed services support would be initially disabled by setting the helm value to `false` (the default) Operators should deliberately enable the flag should they want to give the feature a try. This change simply introduces the flag in the helm chart, there is no implementation that uses it yet. The `deploy-on-kind` script sets it to `true` as it is meant to be run for development purposes. The kind installer sets it to `true` as well - whoever is installing Korifi on kind probably just wants to play with it, therefore enabling the experimental support does make sense. fixes #3262 --- README.helm.md | 1 + api/config/config.go | 2 ++ api/config/config_test.go | 2 ++ controllers/config/config.go | 2 ++ controllers/config/config_test.go | 2 ++ helm/korifi/api/configmap.yaml | 1 + helm/korifi/controllers/configmap.yaml | 1 + helm/korifi/values.schema.json | 13 ++++++++++++- helm/korifi/values.yaml | 6 ++++-- scripts/deploy-on-kind.sh | 1 + scripts/installer/install-korifi-kind.yaml | 1 + 11 files changed, 29 insertions(+), 3 deletions(-) diff --git a/README.helm.md b/README.helm.md index 620e970d6..f9bc4ad83 100644 --- a/README.helm.md +++ b/README.helm.md @@ -74,6 +74,7 @@ Here are all the values that can be set for the chart: - `debug` (_Boolean_): Enables remote debugging with [Delve](https://github.com/go-delve/delve). - `defaultAppDomainName` (_String_): Base domain name for application URLs. - `eksContainerRegistryRoleARN` (_String_): Amazon Resource Name (ARN) of the IAM role to use to access the ECR registry from an EKS deployed Korifi. Required if containerRegistrySecret not set. +- `experimentalManagedServicesEnabled` (_Boolean_): Enable the experimental managed services support - `generateIngressCertificates` (_Boolean_): Use `cert-manager` to generate self-signed certificates for the API and app endpoints. - `helm`: - `hooksImage` (_String_): Image for the helm hooks containing kubectl diff --git a/api/config/config.go b/api/config/config.go index c6811402c..9773782f4 100644 --- a/api/config/config.go +++ b/api/config/config.go @@ -47,6 +47,8 @@ type ( AuthProxyHost string `yaml:"authProxyHost"` AuthProxyCACert string `yaml:"authProxyCACert"` LogLevel zapcore.Level `yaml:"logLevel"` + + ExperimentalManagedServicesEnabled bool `yaml:"experimentalManagedServicesEnabled"` } RoleLevel string diff --git a/api/config/config_test.go b/api/config/config_test.go index e9c4b17d8..48b0c0c82 100644 --- a/api/config/config_test.go +++ b/api/config/config_test.go @@ -46,6 +46,7 @@ var _ = Describe("Config", func() { Stack: "lc-stack", StagingMemoryMB: 10, }, + "experimentalManagedServicesEnabled": true, } }) @@ -88,6 +89,7 @@ var _ = Describe("Config", func() { StagingMemoryMB: 10, })) Expect(cfg.ContainerRegistryType).To(BeEmpty()) + Expect(cfg.ExperimentalManagedServicesEnabled).To(BeTrue()) }) When("the FQDN is not specified", func() { diff --git a/controllers/config/config.go b/controllers/config/config.go index b7a53633f..a447de909 100644 --- a/controllers/config/config.go +++ b/controllers/config/config.go @@ -43,6 +43,8 @@ type ControllerConfig struct { ContainerRepositoryPrefix string `yaml:"containerRepositoryPrefix"` ContainerRegistryType string `yaml:"containerRegistryType"` Networking Networking `yaml:"networking"` + + ExperimentalManagedServicesEnabled bool `yaml:"experimentalManagedServicesEnabled"` } type CFProcessDefaults struct { diff --git a/controllers/config/config_test.go b/controllers/config/config_test.go index 5ce6acf44..3073fee11 100644 --- a/controllers/config/config_test.go +++ b/controllers/config/config_test.go @@ -52,6 +52,7 @@ var _ = Describe("LoadFromPath", func() { GatewayName: "gw-name", GatewayNamespace: "gw-ns", }, + ExperimentalManagedServicesEnabled: true, } }) @@ -94,6 +95,7 @@ var _ = Describe("LoadFromPath", func() { GatewayName: "gw-name", GatewayNamespace: "gw-ns", }, + ExperimentalManagedServicesEnabled: true, })) }) diff --git a/helm/korifi/api/configmap.yaml b/helm/korifi/api/configmap.yaml index a7b853542..86cfed5d2 100644 --- a/helm/korifi/api/configmap.yaml +++ b/helm/korifi/api/configmap.yaml @@ -53,6 +53,7 @@ data: {{- if .Values.eksContainerRegistryRoleARN }} containerRegistryType: "ECR" {{- end }} + experimentalManagedServicesEnabled: {{ .Values.experimentalManagedServicesEnabled }} role_mappings_config.yaml: | roleMappings: admin: diff --git a/helm/korifi/controllers/configmap.yaml b/helm/korifi/controllers/configmap.yaml index 31f5dd861..a821ac762 100644 --- a/helm/korifi/controllers/configmap.yaml +++ b/helm/korifi/controllers/configmap.yaml @@ -61,4 +61,5 @@ data: networking: gatewayNamespace: {{ .Release.Namespace }}-gateway gatewayName: korifi + experimentalManagedServicesEnabled: {{ .Values.experimentalManagedServicesEnabled }} diff --git a/helm/korifi/values.schema.json b/helm/korifi/values.schema.json index 591b0b623..081a0b859 100644 --- a/helm/korifi/values.schema.json +++ b/helm/korifi/values.schema.json @@ -54,6 +54,10 @@ "description": "Amazon Resource Name (ARN) of the IAM role to use to access the ECR registry from an EKS deployed Korifi. Required if containerRegistrySecret not set.", "type": "string" }, + "experimentalManagedServicesEnabled": { + "description": "Enable the experimental managed services support", + "type": "boolean" + }, "reconcilers": { "type": "object", "properties": { @@ -224,7 +228,14 @@ "type": "string" } }, - "required": ["description", "name", "minCLIVersion", "recommendedCLIVersion", "custom", "supportAddress"] + "required": [ + "description", + "name", + "minCLIVersion", + "recommendedCLIVersion", + "custom", + "supportAddress" + ] }, "lifecycle": { "type": "object", diff --git a/helm/korifi/values.yaml b/helm/korifi/values.yaml index 29dba140a..037063522 100644 --- a/helm/korifi/values.yaml +++ b/helm/korifi/values.yaml @@ -10,6 +10,8 @@ eksContainerRegistryRoleARN: "" containerRegistryCACertSecret: systemImagePullSecrets: [] +experimentalManagedServicesEnabled: false + reconcilers: build: kpack-image-builder run: statefulset-runner @@ -23,7 +25,7 @@ api: include: true image: cloudfoundry/korifi-api:latest - + nodeSelector: {} tolerations: [] replicas: 1 @@ -66,7 +68,7 @@ api: controllers: image: cloudfoundry/korifi-controllers:latest - + nodeSelector: {} tolerations: [] replicas: 1 diff --git a/scripts/deploy-on-kind.sh b/scripts/deploy-on-kind.sh index 353ed2a69..25dc0d5c9 100755 --- a/scripts/deploy-on-kind.sh +++ b/scripts/deploy-on-kind.sh @@ -211,6 +211,7 @@ function deploy_korifi() { --set=kpackImageBuilder.clusterStackRunImage="paketobuildpacks/run-jammy-base" \ --set=kpackImageBuilder.builderRepository="$KPACK_BUILDER_REPOSITORY" \ --set=networking.gatewayClass="contour" \ + --set=experimentalManagedServicesEnabled="true" \ --wait } popd >/dev/null diff --git a/scripts/installer/install-korifi-kind.yaml b/scripts/installer/install-korifi-kind.yaml index 66b073554..9fd6ea58b 100644 --- a/scripts/installer/install-korifi-kind.yaml +++ b/scripts/installer/install-korifi-kind.yaml @@ -111,6 +111,7 @@ spec: --set=kpackImageBuilder.clusterStackRunImage="paketobuildpacks/run-jammy-base" \ --set=kpackImageBuilder.builderRepository="localregistry-docker-registry.default.svc.cluster.local:30050/kpack-builder" \ --set=networking.gatewayClass="contour" \ + --set=experimentalManagedServicesEnabled="true" \ --wait kubectl wait --for=condition=ready clusterbuilder --all=true --timeout=15m