From dd899627b0cb14c26aa9c935ccb1a57b521f4b5d Mon Sep 17 00:00:00 2001 From: Danail Branekov Date: Thu, 6 Jun 2024 09:39:53 +0000 Subject: [PATCH] Introduce `experimental.managedServices.include` helm value The upcoming managed services support would be initially disabled by setting the helm value to `false` (the default) Operators should deliberately enable the flag should they want to give the feature a try. This change simply introduces the flag in the helm chart, there is no implementation that uses it yet. The `deploy-on-kind` script sets it to `true` as it is meant to be run for development purposes. The kind installer sets it to `true` as well - whoever is installing Korifi on kind probably just wants to play with it, therefore enabling the experimental support does make sense. fixes #3262 --- README.helm.md | 3 +++ api/config/config.go | 2 ++ api/config/config_test.go | 2 ++ controllers/config/config.go | 2 ++ controllers/config/config_test.go | 2 ++ helm/korifi/api/configmap.yaml | 1 + helm/korifi/controllers/configmap.yaml | 1 + helm/korifi/values.schema.json | 24 +++++++++++++++++++++- helm/korifi/values.yaml | 10 +++++++-- scripts/deploy-on-kind.sh | 1 + scripts/installer/install-korifi-kind.yaml | 1 + 11 files changed, 46 insertions(+), 3 deletions(-) diff --git a/README.helm.md b/README.helm.md index 620e970d6..7dcb6d3ab 100644 --- a/README.helm.md +++ b/README.helm.md @@ -74,6 +74,9 @@ Here are all the values that can be set for the chart: - `debug` (_Boolean_): Enables remote debugging with [Delve](https://github.com/go-delve/delve). - `defaultAppDomainName` (_String_): Base domain name for application URLs. - `eksContainerRegistryRoleARN` (_String_): Amazon Resource Name (ARN) of the IAM role to use to access the ECR registry from an EKS deployed Korifi. Required if containerRegistrySecret not set. +- `experimental`: Experimental features. Make sure you do not enable those on production. No guarantee provided! Backwards incompatible changes in future are quite probable! + - `managedServices`: + - `include` (_Boolean_): Enable managed services support - `generateIngressCertificates` (_Boolean_): Use `cert-manager` to generate self-signed certificates for the API and app endpoints. - `helm`: - `hooksImage` (_String_): Image for the helm hooks containing kubectl diff --git a/api/config/config.go b/api/config/config.go index c6811402c..9773782f4 100644 --- a/api/config/config.go +++ b/api/config/config.go @@ -47,6 +47,8 @@ type ( AuthProxyHost string `yaml:"authProxyHost"` AuthProxyCACert string `yaml:"authProxyCACert"` LogLevel zapcore.Level `yaml:"logLevel"` + + ExperimentalManagedServicesEnabled bool `yaml:"experimentalManagedServicesEnabled"` } RoleLevel string diff --git a/api/config/config_test.go b/api/config/config_test.go index e9c4b17d8..48b0c0c82 100644 --- a/api/config/config_test.go +++ b/api/config/config_test.go @@ -46,6 +46,7 @@ var _ = Describe("Config", func() { Stack: "lc-stack", StagingMemoryMB: 10, }, + "experimentalManagedServicesEnabled": true, } }) @@ -88,6 +89,7 @@ var _ = Describe("Config", func() { StagingMemoryMB: 10, })) Expect(cfg.ContainerRegistryType).To(BeEmpty()) + Expect(cfg.ExperimentalManagedServicesEnabled).To(BeTrue()) }) When("the FQDN is not specified", func() { diff --git a/controllers/config/config.go b/controllers/config/config.go index b7a53633f..a447de909 100644 --- a/controllers/config/config.go +++ b/controllers/config/config.go @@ -43,6 +43,8 @@ type ControllerConfig struct { ContainerRepositoryPrefix string `yaml:"containerRepositoryPrefix"` ContainerRegistryType string `yaml:"containerRegistryType"` Networking Networking `yaml:"networking"` + + ExperimentalManagedServicesEnabled bool `yaml:"experimentalManagedServicesEnabled"` } type CFProcessDefaults struct { diff --git a/controllers/config/config_test.go b/controllers/config/config_test.go index 5ce6acf44..3073fee11 100644 --- a/controllers/config/config_test.go +++ b/controllers/config/config_test.go @@ -52,6 +52,7 @@ var _ = Describe("LoadFromPath", func() { GatewayName: "gw-name", GatewayNamespace: "gw-ns", }, + ExperimentalManagedServicesEnabled: true, } }) @@ -94,6 +95,7 @@ var _ = Describe("LoadFromPath", func() { GatewayName: "gw-name", GatewayNamespace: "gw-ns", }, + ExperimentalManagedServicesEnabled: true, })) }) diff --git a/helm/korifi/api/configmap.yaml b/helm/korifi/api/configmap.yaml index a7b853542..7baefadc5 100644 --- a/helm/korifi/api/configmap.yaml +++ b/helm/korifi/api/configmap.yaml @@ -53,6 +53,7 @@ data: {{- if .Values.eksContainerRegistryRoleARN }} containerRegistryType: "ECR" {{- end }} + experimentalManagedServicesEnabled: {{ .Values.experimental.managedServices.include }} role_mappings_config.yaml: | roleMappings: admin: diff --git a/helm/korifi/controllers/configmap.yaml b/helm/korifi/controllers/configmap.yaml index 31f5dd861..2b13f07b0 100644 --- a/helm/korifi/controllers/configmap.yaml +++ b/helm/korifi/controllers/configmap.yaml @@ -61,4 +61,5 @@ data: networking: gatewayNamespace: {{ .Release.Namespace }}-gateway gatewayName: korifi + experimentalManagedServicesEnabled: {{ .Values.experimental.managedServices.include }} diff --git a/helm/korifi/values.schema.json b/helm/korifi/values.schema.json index 591b0b623..bacb1e006 100644 --- a/helm/korifi/values.schema.json +++ b/helm/korifi/values.schema.json @@ -224,7 +224,14 @@ "type": "string" } }, - "required": ["description", "name", "minCLIVersion", "recommendedCLIVersion", "custom", "supportAddress"] + "required": [ + "description", + "name", + "minCLIVersion", + "recommendedCLIVersion", + "custom", + "supportAddress" + ] }, "lifecycle": { "type": "object", @@ -579,6 +586,21 @@ } }, "type": "object" + }, + "experimental": { + "properties": { + "managedServices": { + "properties": { + "include": { + "description": "Enable managed services support", + "type": "boolean" + } + }, + "type": "object" + } + }, + "description": "Experimental features. Make sure you do not enable those on production. No guarantee provided! Backwards incompatible changes in future are quite probable!", + "type": "object" } }, "required": [ diff --git a/helm/korifi/values.yaml b/helm/korifi/values.yaml index 29dba140a..e787a53a0 100644 --- a/helm/korifi/values.yaml +++ b/helm/korifi/values.yaml @@ -10,6 +10,8 @@ eksContainerRegistryRoleARN: "" containerRegistryCACertSecret: systemImagePullSecrets: [] +experimentalManagedServicesEnabled: false + reconcilers: build: kpack-image-builder run: statefulset-runner @@ -23,7 +25,7 @@ api: include: true image: cloudfoundry/korifi-api:latest - + nodeSelector: {} tolerations: [] replicas: 1 @@ -66,7 +68,7 @@ api: controllers: image: cloudfoundry/korifi-controllers:latest - + nodeSelector: {} tolerations: [] replicas: 1 @@ -138,3 +140,7 @@ helm: networking: gatewayClass: + +experimental: + managedServices: + include: false diff --git a/scripts/deploy-on-kind.sh b/scripts/deploy-on-kind.sh index 353ed2a69..83cb619a4 100755 --- a/scripts/deploy-on-kind.sh +++ b/scripts/deploy-on-kind.sh @@ -211,6 +211,7 @@ function deploy_korifi() { --set=kpackImageBuilder.clusterStackRunImage="paketobuildpacks/run-jammy-base" \ --set=kpackImageBuilder.builderRepository="$KPACK_BUILDER_REPOSITORY" \ --set=networking.gatewayClass="contour" \ + --set=experimental.managedServices.include="true" \ --wait } popd >/dev/null diff --git a/scripts/installer/install-korifi-kind.yaml b/scripts/installer/install-korifi-kind.yaml index c79529104..4290e372c 100644 --- a/scripts/installer/install-korifi-kind.yaml +++ b/scripts/installer/install-korifi-kind.yaml @@ -111,6 +111,7 @@ spec: --set=kpackImageBuilder.clusterStackRunImage="paketobuildpacks/run-jammy-base" \ --set=kpackImageBuilder.builderRepository="localregistry-docker-registry.default.svc.cluster.local:30050/kpack-builder" \ --set=networking.gatewayClass="contour" \ + --set=experimental.managedServices.include="true" \ --wait kubectl wait --for=condition=ready clusterbuilder --all=true --timeout=15m