support image digests for disconnected environments

[jmazzitelli]

fixes kiali/kiali#4392

[jmazzitelli]

How to test:

I tested all this on minikube but you don't have to if you prefer to test on some other environment (just tweak the commands below to fit your cluster env). You need the operator PR kiali/kiali-operator#429, too.

I first created and pushed the kiali and kiali operator images to minikube (using make -e CLUSTER_TYPE=minikube build cluster-push). I then installed normally, just so I could get the SHAs of the images (so if you make -e CLUSTER_TYPE=minikube operator-create kiali-create you will deploy the operator and the server - then look at each pod's yaml and look for status.containerStatuses[*].imageID to get the sha). Then uninstall everything so you can begin the testing (i.e. make operator-delete).

To install the operator using helm:

cd <kiali-helm-chart repo directory> && make clean build-helm-charts

helm install \
  --create-namespace \
  --set image.repo=localhost:5000/kiali/kiali-operator \
  --set image.tag=<valid sha for the operator> \
  --set image.digest=sha256 \
  --set allowAdHocKialiImage=true \
  -n kiali-operator \
  kiali-operator \
  _output/charts/kiali-operator-*.tgz

At this point, you should have the operator running. Confirm it is using the pinned image (pinned to the sha you specified) by looking at the operator pod's spec.containers[*].image and ensuring it has the @sha256.

Now you install a Kiali CR with the Kiali Server's image with a sha. So the Kiali CR should have this:

spec:
   deployment:
    image_name: localhost:5000/kiali/kiali
    image_version: <valid sha for server>
    image_digest: sha256

Once the Kiali CR is created, wait for the server to be deployed, and then check the kiali server pod yaml and ensure the container has the @sha256 in it just like how you checked the operator pod.

Now that you confirmed the operator helm chart and the operator itself work, uninstall everything so you can test the server helm chart:

kubectl delete kiali kiali -n <the namespace where you installed the Kiali CR>

helm uninstall -n kiali-operator kiali-operator

With everything uninstalled, you can now test the server helm chart (this assumes Istio is in the istio-system namespace):

helm install \
  -n istio-system \
  --set deployment.image_name=localhost:5000/kiali/kiali \
  --set deployment.image_version=<valid sha for the server> \
  --set deployment.image_digest=sha256 \
  kiali-server \
  _output/charts/kiali-server-*.tgz

At this point, the kiali server should be deployed. Check the kiali server pod yaml and ensure the container has the @sha256 in it just like how you checked the pods before.