feat(zone-sync): review adjustments

Signed-off-by: slonka <slonka@users.noreply.github.com>
kumahq · Feb 28, 2023 · 7178e21 · 7178e21
1 parent 9c187a3
commit 7178e21
Show file tree

Hide file tree

Showing 6 changed files with 9 additions and 8 deletions.
diff --git a/app/kumactl/cmd/install/install_control_plane_test.go b/app/kumactl/cmd/install/install_control_plane_test.go
@@ -361,7 +361,7 @@ controlPlane:
 		}),
 		Entry("--kds-global-address has no grpcs/grpc scheme", errTestCase{
 			extraArgs: []string{"--kds-global-address", "http://192.168.0.1:1234", "--mode", "zone", "--zone", "zone-1"},
-			errorMsg:  "controlPlane.kdsGlobalAddress must be a url with scheme grpcs:// got:'http://192.168.0.1:1234'",
+			errorMsg:  "controlPlane.kdsGlobalAddress must be a url with scheme grpcs:// or grpc:// got:'http://192.168.0.1:1234'",
 		}),
 		Entry("--kds-global-address is used with standalone", errTestCase{
 			extraArgs: []string{"--kds-global-address", "192.168.0.1:1234", "--mode", "standalone"},

diff --git a/deployments/charts/kuma/templates/_helpers.tpl b/deployments/charts/kuma/templates/_helpers.tpl
@@ -189,7 +189,7 @@ returns: formatted image string
   {{ else }}
     {{ $url := urlParse .Values.controlPlane.kdsGlobalAddress }}
     {{ if not (or (eq $url.scheme "grpcs") (eq $url.scheme "grpc")) }}
-      {{ $msg := printf "controlPlane.kdsGlobalAddress must be a url with scheme grpcs:// got:'%s'" .Values.controlPlane.kdsGlobalAddress }}
+      {{ $msg := printf "controlPlane.kdsGlobalAddress must be a url with scheme grpcs:// or grpc:// got:'%s'" .Values.controlPlane.kdsGlobalAddress }}
       {{ fail $msg }}
     {{ end }}
   {{ end }}

diff --git a/pkg/config/loader_test.go b/pkg/config/loader_test.go
@@ -228,7 +228,7 @@ var _ = Describe("Config loader", func() {
 			Expect(cfg.Multizone.Global.KDS.TlsMinVersion).To(Equal("TLSv1_3"))
 			Expect(cfg.Multizone.Global.KDS.TlsMaxVersion).To(Equal("TLSv1_3"))
 			Expect(cfg.Multizone.Global.KDS.TlsCipherSuites).To(Equal([]string{"TLS_RSA_WITH_AES_128_CBC_SHA", "TLS_AES_256_GCM_SHA384"}))
-			Expect(cfg.Multizone.Global.KDS.TlsDisable).To(Equal(true))
+			Expect(cfg.Multizone.Global.KDS.TlsEnabled).To(Equal(false))
 			Expect(cfg.Multizone.Global.KDS.TlsCertFile).To(Equal("/cert"))
 			Expect(cfg.Multizone.Global.KDS.TlsKeyFile).To(Equal("/key"))
 			Expect(cfg.Multizone.Global.KDS.MaxMsgSize).To(Equal(uint32(1)))
@@ -501,7 +501,7 @@ multizone:
       grpcPort: 1234
       refreshInterval: 2s
       zoneInsightFlushInterval: 5s
-      tlsDisable: true
+      tlsEnabled: false
       tlsCertFile: /cert
       tlsKeyFile: /key
       tlsMinVersion: TLSv1_3
@@ -758,7 +758,7 @@ proxy:
 				"KUMA_MODE":                                                                                "zone",
 				"KUMA_MULTIZONE_GLOBAL_KDS_GRPC_PORT":                                                      "1234",
 				"KUMA_MULTIZONE_GLOBAL_KDS_REFRESH_INTERVAL":                                               "2s",
-				"KUMA_MULTIZONE_GLOBAL_KDS_TLS_DISABLE":                                                    "true",
+				"KUMA_MULTIZONE_GLOBAL_KDS_TLS_ENABLED":                                                    "false",
 				"KUMA_MULTIZONE_GLOBAL_KDS_TLS_CERT_FILE":                                                  "/cert",
 				"KUMA_MULTIZONE_GLOBAL_KDS_TLS_KEY_FILE":                                                   "/key",
 				"KUMA_MULTIZONE_GLOBAL_KDS_TLS_MIN_VERSION":                                                "TLSv1_3",

diff --git a/pkg/config/multizone/kds.go b/pkg/config/multizone/kds.go
@@ -16,7 +16,8 @@ type KdsServerConfig struct {
 	// Interval for flushing Zone Insights (stats of multi-zone communication)
 	ZoneInsightFlushInterval config_types.Duration `json:"zoneInsightFlushInterval" envconfig:"kuma_multizone_global_kds_zone_insight_flush_interval"`
 	// TlsDisable turns off TLS for KDS
-	TlsDisable bool `json:"tlsDisable" envconfig:"kuma_multizone_global_kds_tls_disable"`
+
+	TlsEnabled bool `json:"tlsEnabled" envconfig:"kuma_multizone_global_kds_tls_enabled" default:"true"`
 	// TlsCertFile defines a path to a file with PEM-encoded TLS cert.
 	TlsCertFile string `json:"tlsCertFile" envconfig:"kuma_multizone_global_kds_tls_cert_file"`
 	// TlsKeyFile defines a path to a file with PEM-encoded TLS key.

diff --git a/pkg/kds/mux/server.go b/pkg/kds/mux/server.go
@@ -88,7 +88,7 @@ func (s *server) Start(stop <-chan struct{}) error {
 		grpc.MaxSendMsgSize(int(s.config.MaxMsgSize)),
 	}
 	grpcOptions = append(grpcOptions, s.metrics.GRPCServerInterceptors()...)
-	if s.config.TlsCertFile != "" && !s.config.TlsDisable {
+	if s.config.TlsCertFile != "" && s.config.TlsEnabled {
 		cert, err := tls.LoadX509KeyPair(s.config.TlsCertFile, s.config.TlsKeyFile)
 		if err != nil {
 			return errors.Wrap(err, "failed to load TLS certificate")

diff --git a/test/e2e/helm/kuma_helm_deploy_global_universal_mode_and_zone.go b/test/e2e/helm/kuma_helm_deploy_global_universal_mode_and_zone.go
@@ -66,7 +66,7 @@ stringData:
 				WithHelmReleaseName(releaseName),
 				WithCPReplicas(2),
 				WithHelmOpt("controlPlane.environment", "universal"),
-				WithHelmOpt("controlPlane.envVars.KUMA_MULTIZONE_GLOBAL_KDS_TLS_DISABLE", "true"),
+				WithHelmOpt("controlPlane.envVars.KUMA_MULTIZONE_GLOBAL_KDS_TLS_ENABLED", "false"),
 				WithHelmOpt("controlPlane.envVars.KUMA_STORE_POSTGRES_HOST", "postgres-release-postgresql"),
 				WithHelmOpt("controlPlane.envVars.KUMA_STORE_POSTGRES_PORT", "5432"),
 				WithHelmOpt("controlPlane.envVars.KUMA_STORE_POSTGRES_USER", "mesh"),