Skip to content

Commit

Permalink
do not attempt to mount a cluster secret if none were provided. (#774)
Browse files Browse the repository at this point in the history 
also, deprecated features_flags.clustering is removed

fixes: kiali/kiali#7187
  • Loading branch information
@jmazzitelli
jmazzitelli authored Jun 12, 2024
1 parent 7086c54 commit 7f4f845
Show file tree
Hide file tree
Showing 4 changed files with 5 additions and 61 deletions.
6 changes: 0 additions & 6 deletions crd-docs/cr/kiali.io_v1alpha1_kiali.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -399,12 +399,6 @@ spec:
secrets:
- "cacerts"
- "istio-ca-secret"
clustering:
autodetect_secrets:
enabled: true
label: "kiali.io/multiCluster=true"
clusters: []
kiali_urls: []
disabled_features: []
istio_annotation_action: true
istio_injection_action: true
Expand Down
44 changes: 0 additions & 44 deletions crd-docs/crd/kiali.io_kialis.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1081,50 +1081,6 @@ spec:
type: array
items:
type: string
clustering:
description: "Multi-cluster related features."
type: object
properties:
autodetect_secrets:
description: "Settings to allow cluster secrets to be auto-detected. Secrets must exist in the Kiali deployment namespace."
type: object
properties:
enabled:
description: "If true then remote cluster secrets will be autodetected during the installation of the Kiali Server Deployment. Any remote cluster secrets found in the Kiali deployment namespace will be mounted to the Kiali Server's file system. If false, you can still manually specify the remote cluster secret information in the 'clusters' setting if you wish to utilize multicluster features."
type: boolean
label:
description: "The name and value of a label that exists on all remote cluster secrets. Default is 'kiali.io/multiCluster=true'."
type: string
clusters:
description: "A list of clusters that the Kiali Server can access. You need to specify the remote clusters here if 'autodetect_secrets.enabled' is false."
type: array
items:
type: object
properties:
name:
description: "The name of the cluster."
type: string
secret_name:
description: "The name of the secret that contains the credentials necessary to connect to the remote cluster. This secret must exist in the Kiali deployment namespace. If a secret name is not provided then it's assumed that the cluster is inaccessible."
type: string
kiali_urls:
description: "A map between cluster name, instance name and namespace to a Kiali URL. Will be used showing the Mesh page's Kiali URLs. The Kiali service's 'kiali.io/external-url' annotation will be overridden when this property is set."
type: array
items:
type: object
properties:
cluster_name:
description: "The name of the cluster."
type: string
instance_name:
description: "The instance name of this Kiali installation. This should be the value used in `deployment.instance_name` for Kiali resource name."
type: string
namespace:
description: "The namespace into which Kiali is installed."
type: string
url:
description: "The URL of Kiali in the cluster."
type: string
disabled_features:
description: "There may be some features that admins do not want to be accessible to users (even in 'view only' mode). In this case, this setting allows you to disable one or more of those features entirely."
type: array
Expand Down
6 changes: 0 additions & 6 deletions roles/default/kiali-deploy/defaults/main.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -260,12 +260,6 @@ kiali_defaults:
secrets:
- cacerts
- istio-ca-secret
clustering:
autodetect_secrets:
enabled: true
label: "kiali.io/multiCluster=true"
clusters: []
kiali_urls: []
disabled_features: []
istio_annotation_action: true
istio_injection_action: true
Expand Down
10 changes: 5 additions & 5 deletions roles/default/kiali-deploy/tasks/main.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -707,19 +707,19 @@

- name: Autodetect remote cluster secrets within the Kiali deployment namespace
vars:
all_remote_cluster_secrets: "{{ query(k8s_plugin, namespace=kiali_vars.deployment.namespace, api_version='v1', kind='Secret', label_selector=kiali_vars.kiali_feature_flags.clustering.autodetect_secrets.label) }}"
all_remote_cluster_secrets: "{{ query(k8s_plugin, namespace=kiali_vars.deployment.namespace, api_version='v1', kind='Secret', label_selector=kiali_vars.clustering.autodetect_secrets.label) }}"
loop: "{{ all_remote_cluster_secrets }}"
set_fact:
kiali_deployment_remote_cluster_secret_volumes: "{{ kiali_deployment_remote_cluster_secret_volumes | combine({ item.metadata.annotations['kiali.io/cluster']|default(item.metadata.name): {'secret_name': item.metadata.name }}) }}"
when:
- kiali_vars.kiali_feature_flags.clustering.autodetect_secrets.enabled
- kiali_vars.clustering.autodetect_secrets.enabled

- name: Prepare the manually declared remote clusters
loop: "{{ kiali_vars.kiali_feature_flags.clustering.clusters }}"
loop: "{{ kiali_vars.clustering.clusters }}"
set_fact:
kiali_deployment_remote_cluster_secret_volumes: "{{ kiali_deployment_remote_cluster_secret_volumes | combine({ item.name: {'secret_name': item.secret_name }}) }}"
kiali_deployment_remote_cluster_secret_volumes: "{{ kiali_deployment_remote_cluster_secret_volumes | combine(({ item.name: {'secret_name': item.secret_name }}) if (item.secret_name is defined and item.secret_name | length > 0) else {}) }}"
when:
- kiali_vars.kiali_feature_flags.clustering.clusters | length > 0
- kiali_vars.clustering.clusters | length > 0

# The following few tasks read the current Kiali configmap (if one exists) in order to figure out what
# namespaces are no longer accessible. Those namespaces will have their Kiali roles removed.
Expand Down

0 comments on commit 7f4f845

Please sign in to comment.