feat(konnect): require gateway discovery enabled + rename gw discover…

…y, release rc

charts/kong/CHANGELOG.md

@@ -4,14 +4,15 @@
 
 ### Improvements
 
-* Added support for controller's admin API service discovery.
-  With `ingressController.serviceDiscovery.enabled` set to `true` Kong Ingress Controller
-  will enable service discovery for admin API service.
-  For more information on this please see [the corresponding README.md section][kic_service_discovery_readme].
+* Added support for controller's gateway discovery.
+  With `ingressController.gatewayDiscovery.enabled` set to `true` Kong Ingress Controller
+  will enable gateway discovery using an Admin API service.
+  For more information on this please see [the corresponding README.md section][kic_gateway_discovery_readme].
   This feature is only available when deploying chart with Kong Ingress Controller in version 2.9 or higher.
   [#747](https://github.com/Kong/charts/pull/747)
 * Added experimental support for the ingress controller's Konnect sync feature via `ingressController.konnect.*` values.
-  This feature is only available when deploying chart with Kong Ingress Controller in version 2.9 or higher.
+  This feature is only available when deploying chart with Kong Ingress Controller in version 2.9 or higher and
+  requires `ingressController.gatewayDiscovery.enabled` set to `true`. 
   [#746](https://github.com/Kong/charts/pull/746)
 
 ### Under the hood
@@ -20,7 +21,7 @@
   with community best practices.
   [#751](https://github.com/Kong/charts/pull/751)
 
-[kic_service_discovery_readme]: ./README.md#the-servicediscovery-section
+[kic_gateway_discovery_readme]: ./README.md#the-gatewaydiscovery-section
 
 ## 2.16.5
 

charts/kong/Chart.yaml

@@ -11,7 +11,7 @@ maintainers:
 name: kong
 sources:
 - https://github.com/Kong/charts/tree/main/charts/kong
-version: 2.16.5
+version: 2.17.0-rc.1
 appVersion: "3.1"
 dependencies:
 - name: postgresql

charts/kong/example-values/README.md

@@ -52,8 +52,8 @@ common Kong deployment scenarios on Kubernetes.
   restarts them, so starting control planes second, but around the same time
   will usually work), but is the smoothest option.
 
-* [minimal-kong-sd-controller.yaml](minimal-kong-sd-controller.yaml) and
-  [minimal-kong-sd-gateway.yaml](minimal-kong-sd-gateway.yaml) install a
+* [minimal-kong-gd-controller.yaml](minimal-kong-gd-controller.yaml) and
+  [minimal-kong-gd-gateway.yaml](minimal-kong-gd-gateway.yaml) install a
   single controller and cluster of gateway instances. The controller release
   configuration must specify the names of the gateway proxy and admin
   Services. The examples use `gw` as the gateway release name. If you wish to
@@ -62,10 +62,11 @@ common Kong deployment scenarios on Kubernetes.
   `proxy.nameOverride=hydrogen-kong-proxy` and
   `ingressController.adminApiService.name=hydrogen-kong-admin`.
 
-* [minimal-kong-controller-konnect.yaml](minimal-kong-controller-konnect.yaml) installs Kong
-  open source with the ingress controller in DB-less mode, with Kong's Konnect sync feature
-  enabled. In order to make it work, `ingressController.konnect.runtimeGroupID` has to be
-  supplied.
+* [minimal-kong-gd-controller-konnect.yaml](minimal-kong-gd-controller-konnect.yaml) and
+  [minimal-kong-gd-gateway.yaml](minimal-kong-gd-gateway.yaml) install a single Ingress
+  Controller with Kong's Konnect sync feature enabled and a cluster of gateway instances.
+  In order to make it work, `ingressController.konnect.runtimeGroupID` has to be
+  supplied and a `konnect-client-tls` secret has to be created upfront.
 
 All Enterprise examples require some level of additional user configuration to
 install properly. Read the comments at the top of each file for instructions.

charts/kong/example-values/minimal-kong-sd-controller.yaml → charts/kong/example-values/minimal-kong-gd-controller-konnect.yaml

@@ -10,14 +10,15 @@ proxy:
 
 ingressController:
   enabled: true
-  ## This example creates a static 2-Pod Kong Igress Controller deployment
-  ## With service discovery enabled leader election will be enabled and only one
-  ## instance will ever talk to the accompanying Gateways.
-  replicaCount: 2
-  serviceDiscovery:
+
+  gatewayDiscovery:
     enabled: true
     adminApiService:
       ## This must match the gateway release's admin Service name.
       ## The Service name uses the pattern "<release name>-kong-admin".
       ## In this example, the companion gateway release is named "gw"
       name: gw-kong-admin
+
+  konnect:
+    enabled: true
+    runtimeGroupID: "00000000-0000-0000-0000-000000000000" # CHANGEME

charts/kong/example-values/minimal-kong-gd-controller.yaml

@@ -0,0 +1,20 @@
+deployment:
+  kong:
+    enabled: false
+
+proxy:
+  ## This must match the gateway release's proxy Service name.
+  ## The Service name uses the pattern "<release name>-kong-proxy".
+  ## In this example, the companion gateway release is named "gw"
+  nameOverride: gw-kong-proxy
+
+ingressController:
+  enabled: true
+
+  gatewayDiscovery:
+    enabled: true
+    adminApiService:
+      ## This must match the gateway release's admin Service name.
+      ## The Service name uses the pattern "<release name>-kong-admin".
+      ## In this example, the companion gateway release is named "gw"
+      name: gw-kong-admin

charts/kong/templates/_helpers.tpl

@@ -320,25 +320,25 @@ Create a single listen (IP+port+parameter combo)
 Return the admin API service name for service discovery
 */}}
 {{- define "kong.adminSvc" -}}
-{{- $serviceDiscovery := .Values.ingressController.serviceDiscovery -}}
-{{- if $serviceDiscovery.enabled -}}
-  {{- $adminApiService := $serviceDiscovery.adminApiService -}}
-  {{- $_ := required ".ingressController.serviceDiscovery.adminApiService has to be provided when .Values.ingressController.serviceDiscovery.enabled is set to true"  $adminApiService -}}
+{{- $gatewayDiscovery := .Values.ingressController.gatewayDiscovery -}}
+{{- if $gatewayDiscovery.enabled -}}
+  {{- $adminApiService := $gatewayDiscovery.adminApiService -}}
+  {{- $_ := required ".ingressController.gatewayDiscovery.adminApiService has to be provided when .Values.ingressController.gatewayDiscovery.enabled is set to true"  $adminApiService -}}
 
   {{- if (semverCompare "< 2.9.0" (include "kong.effectiveVersion" .Values.ingressController.image)) }}
-  {{- fail (printf "Admin API service discovery is available in controller versions 2.9 and up. Detected %s" (include "kong.effectiveVersion" .Values.ingressController.image)) }}
+  {{- fail (printf "Gateway discovery is available in controller versions 2.9 and up. Detected %s" (include "kong.effectiveVersion" .Values.ingressController.image)) }}
   {{- end }}
 
   {{- if .Values.deployment.kong.enabled }}
-  {{- fail "deployment.kong.enabled and ingressController.serviceDiscovery.enabled are mutually exclusive and cannot be enabled at once. Admin API service discovery requires a split release installation of Gateways and Ingress Controller." }}
+  {{- fail "deployment.kong.enabled and ingressController.gatewayDiscovery.enabled are mutually exclusive and cannot be enabled at once. Gateway discovery requires a split release installation of Gateways and Ingress Controller." }}
   {{- end }}
 
   {{- $namespace := $adminApiService.namespace | default ( include "kong.namespace" . ) -}}
   {{- $name := $adminApiService.name -}}
-  {{- $_ := required ".ingressController.serviceDiscovery.adminApiService.name has to be provided when .Values.ingressController.serviceDiscovery.enabled is set to true"  $name -}}
+  {{- $_ := required ".ingressController.gatewayDiscovery.adminApiService.name has to be provided when .Values.ingressController.gatewayDiscovery.enabled is set to true"  $name -}}
   {{- printf "%s/%s" $namespace $name -}}
 {{- else -}}
-  {{- fail "Can't use service discovery when .Values.ingressController.serviceDiscovery.enabled is set to false." -}}
+  {{- fail "Can't use gateway discovery when .Values.ingressController.gatewayDiscovery.enabled is set to false." -}}
 {{- end -}}
 {{- end -}}
 
@@ -412,7 +412,7 @@ The name of the service used for the ingress controller's validation webhook
     ====== ADMIN API CONFIGURATION ======
 */}}
 
-  {{- if .Values.ingressController.serviceDiscovery.enabled -}}
+  {{- if .Values.ingressController.gatewayDiscovery.enabled -}}
     {{- $_ := set $autoEnv "CONTROLLER_KONG_ADMIN_SVC" (include "kong.adminSvc" . ) -}}
   {{- else -}}
     {{- $_ := set $autoEnv "CONTROLLER_KONG_ADMIN_URL" (include "kong.adminLocalURL" .) -}}
@@ -427,6 +427,10 @@ The name of the service used for the ingress controller's validation webhook
   {{- fail (printf "Konnect sync is available in controller versions 2.9 and up. Detected %s" (include "kong.effectiveVersion" .Values.ingressController.image)) }}
   {{- end }}
 
+  {{- if not .Values.ingressController.gatewayDiscovery.enabled }}
+  {{- fail "ingressController.gatewayDiscovery.enabled has to be true when ingressController.konnect.enabled"}}
+  {{- end }}
+
   {{- $konnect := .Values.ingressController.konnect -}}
   {{- $_ := required "ingressController.konnect.runtimeGroupID is required when ingressController.konnect.enabled" $konnect.runtimeGroupID -}}
 

charts/kong/values.yaml

@@ -481,7 +481,7 @@ ingressController:
     effectiveSemver:
   args: []
 
-  serviceDiscovery:
+  gatewayDiscovery:
     enabled: false
     adminApiService:
       namespace: ""