Provide a read-only option to the installer

[dlespiau]

Users may want to disable scope controls as they allow creating shells in containers, including the privileged containers. Add an option to prevent that.

The flow is a bit intricate, but that's the same one we have the cri-endpoint parameter.

• give the --read-only option to the installer (script)
• script forward option to bootstrap binary
• bootstrap uses it to ask for the agent manifest to the service through a URL Get parameter
• service serves an agent manifest with the read-only option
• agent uses that option to both:
  • auto-updates: agent query service for agent manifests
  • scope installs: agent uses the read-only parameter of the launch-generator to get the corresponding scope manifest.

While what we really want is going to a CRD with the various weave cloud options as described in https://github.com/weaveworks/launcher/issues/245#issuecomment-409268010, it's a bit of work to get there. The read-only option may become read-only: true in the CRD at some point. At least we have a migration path: bootstrap will directly forge the right CRD with the option given and agent will consult the CRD to know what to do.

[dlespiau]

Now tested in dev. If I install wc agents with:

curl -Ls https://get.dev.weave.works |   sh -s -- --token=xxxx --read-only

Scope doesn't have controls (here showing the flux container):

(also tested that without --read-only we do have the scope controls!)

[stefanprodan]

@dlespiau for the Helm chart I can add the --read-only={{ .Values.readonly }} flag where readonly will be a boolean in values.yaml with false as default?

https://github.com/helm/charts/blob/master/stable/weave-cloud/templates/deployment.yaml#L33

[dlespiau]

@stefanprodan absolutely! we'll probably need a tagged version I'm guessing, can tag it when this PR is merged.

[stefanprodan]

Yes a new tag is needed so I can do PR on the Helm repo. Thanks @dlespiau