Skip to content

Validate the configuration as part of a pre-flight check #13168

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Sep 22, 2022
Merged

Validate the configuration as part of a pre-flight check #13168

merged 3 commits into from
Sep 22, 2022

Conversation

mrsimonemms
Copy link
Contributor

@mrsimonemms mrsimonemms commented Sep 21, 2022
edited
Loading

Description

Enable validation of the configuration in KOTS in a preflight check.

This also pushes the result of the installation script to a configmap for users to easily read the logs. The reason for the "push to configmap" is because we cannot output dynamic data in an error message (or, at least, there's no documented example from Replicated). This has been noted on the "limitations of Replicated" page as one of the things to solve in the future.

This also removes the serviceaccount/clusterrolebinding that we define in favour of the KOTS RBAC configuration - this was not available when we first did it. We need this change because we need a serviceaccount BEFORE the application is deployed.

Limitations

This tests every piece of data that is not stored in a secret. Currently, that is just the merging of the custom image pull secrets. Because the preflight checks are run BEFORE anything is deployed, we cannot deploy secrets until AFTER they're deployed - there is a ticket open with Replicated that would solve this limitation, although there has been little traction on this as yet.

Theoretically, we could store the config values in plain text in the config map, but this would make them visible in the KOTS dashboard so I have elected to not do this. I'm happy to have discussions on this however.

The refactoring work has reduced this gap from pretty-much everything to a very specific limitation.

Related Issue(s)

Fixes #12015

How to test

  1. Deploy your application
  2. Set your configuration
  3. Start the preflight checks
  4. Check that it's valid/invalid as per your test
  5. Get the config map (kubectl get configmaps -n gitpod gitpod-installation-status -o jsonpath="{.data.gitpod-installer\.log}") and check the logs are "correct" as per your test

Adding a config patch as the following is a good way of enforcing a failure

domain: ""

Release Notes

Validate the configuration as part of a pre-flight check

Documentation

Werft options:

  • /werft with-preview
  • /werft with-integration-tests=all
    Valid options are all, workspace, webapp, ide

@mrsimonemms mrsimonemms changed the title [installer]: bash script allows dry run and pushes logs to configmap Validate the configuration as part of a pre-flight check Sep 21, 2022
@mrsimonemms mrsimonemms force-pushed the sje/kots-config-validate branch 8 times, most recently from 2a8e95e to d2dc67d Compare September 21, 2022 19:47
@mrsimonemms mrsimonemms marked this pull request as ready for review September 21, 2022 19:50
@mrsimonemms mrsimonemms requested a review from a team September 21, 2022 19:50
@github-actions github-actions bot added the team: delivery Issue belongs to the self-hosted team label Sep 21, 2022
@mrsimonemms mrsimonemms force-pushed the sje/kots-config-validate branch from d2dc67d to 946c0d6 Compare September 22, 2022 07:20
@mrsimonemms
Copy link
Contributor Author

/hold

Pothulapati
Pothulapati approved these changes Sep 22, 2022
View reviewed changes
Copy link
Contributor

@Pothulapati Pothulapati left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code looks good, and it works well as expected!

Tried setting observability.logLevel to a random value

this may overwrite all settings: observability:\n  logLevel: random\n"
time="2022-09-22T08:35:52Z" level=info msg="File written to /tmp/gitpod-config.yaml"
Gitpod: Validate config
{
  "valid": false,
  "fatal": [
    "Field 'Config.Observability.LogLevel' failed log_level validation"
  ]
}
Error: configuration invalid
Usage:

image

And, Fixing it made the tests pass!

Really excited for all the useful validation checks to show up in kots now! 🚀

@mrsimonemms mrsimonemms force-pushed the sje/kots-config-validate branch from 946c0d6 to ac0e0d7 Compare September 22, 2022 09:19
@mrsimonemms
Copy link
Contributor Author

/unhold

@roboquat roboquat merged commit 535c4fa into main Sep 22, 2022
@roboquat roboquat deleted the sje/kots-config-validate branch September 22, 2022 09:25
This was referenced Sep 26, 2022
Closed
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Pothulapati Pothulapati Pothulapati approved these changes

Assignees
No one assigned
Labels
release-note size/XL team: delivery Issue belongs to the self-hosted team
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Validate gitpod config patch, rendered gitpod installer YAML in preflight checks
3 participants
@mrsimonemms @Pothulapati @roboquat