search

Kong / charts

Helm chart for Kong
Apache License 2.0
243 stars 475 forks source link

add `alignWithControllerVersion` to allow auto-adjustment of GW settings #936

Closed czeslavo closed 10 months ago

czeslavo commented 10 months ago

What this PR does / why we need it:

It's an attempt to provide a workaround for the inability to propagate values between two subcharts (gateway and controller) in kong/ingress chart.

Branches off https://github.com/Kong/charts/pull/935.

This is a bit explicit way, but I couldn't come up with anything else that could allow us to pick a controller.ingressController.image value and somehow inject it into the other subchart.

Example values.yaml that demonstrates how this could be used in Konnect installation instructions:

controller:
  ingressController:
    image:
      tag: &ingressControllerVersion "2.11"
    env:
      feature_gates: "FillIDs=true"
    konnect:
      license:
        enabled: true
      enabled: true
      runtimeGroupID: "adea34c5-90c6-4e23-bc93-3c2df8554f72"
      tlsClientSecretName: konnect-client-tls
      apiHostname: "us.kic.api.konghq.tech"

gateway:
  deployment:
    kong:
      # Align Gateway's settings with the controller version capabilities (e.g. router flavor).
      alignWithControllerVersion: *ingressControllerVersion
  image:
    repository: kong/kong-gateway
    tag: "3.3"
  env:
    konnect_mode: "on"
    vitals: "off"
    cluster_mtls: pki
    cluster_telemetry_endpoint: "3e07ee37d9.tp0.konghq.tech:443"
    cluster_telemetry_server_name: "3e07ee37d9.tp0.konghq.tech"
    cluster_cert: /etc/secrets/konnect-client-tls/tls.crt
    cluster_cert_key: /etc/secrets/konnect-client-tls/tls.key
    lua_ssl_trusted_certificate: system

  secretVolumes:
    - konnect-client-tls

This should be safe, as when gateway.deployment.kong.alignWithControllerVersion will be left empty, the old default will be used, so we're not breaking anything. It would be opt-in and instructions would have to be updated to use that.

An obvious drawback is that it won't work with just helm install kong kong/ingress. Installation command would have to be more complex, i.e.: 

helm install kong kong/ingress --set gateway.deployment.kong.alignWithControllerVersion=3.0 --set controller.ingressController.image.tag=3.0

So it's on a similar level of user-friendliness as just telling the user to set the router flavor explicitly if they're using KIC >= 3.0:

helm install kong kong/ingress --set gateway.env.router_flavor=expressions
czeslavo commented 10 months ago

This won't be a desired solution, closing.