chore(kuma-cp): config cleanup

app/kumactl/cmd/install/testdata/install-control-plane.cni-experimental-enabled.golden.yaml

@@ -2098,16 +2098,12 @@ spec:
               value: "false"
             - name: KUMA_API_SERVER_READ_ONLY
               value: "true"
-            - name: KUMA_CNI_APP
-              value: "kuma-cni"
             - name: KUMA_DEFAULTS_SKIP_MESH_CREATION
               value: "false"
             - name: KUMA_DP_SERVER_HDS_ENABLED
               value: "false"
             - name: KUMA_ENVIRONMENT
               value: "kubernetes"
-            - name: KUMA_EXPERIMENTAL_CNI
-              value: "true"
             - name: KUMA_GENERAL_TLS_CERT_FILE
               value: "/var/run/secrets/kuma.io/tls-cert/tls.crt"
             - name: KUMA_GENERAL_TLS_KEY_FILE
@@ -2128,6 +2124,10 @@ spec:
               value: "true"
             - name: KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_IMAGE
               value: "docker.io/kumahq/kuma-dp:0.0.1"
+            - name: KUMA_RUNTIME_KUBERNETES_NODE_TAINT_CONTROLLER_CNI_APP
+              value: "kuma-cni"
+            - name: KUMA_RUNTIME_KUBERNETES_NODE_TAINT_CONTROLLER_ENABLED
+              value: "true"
             - name: KUMA_RUNTIME_KUBERNETES_SERVICE_ACCOUNT_NAME
               value: "system:serviceaccount:kuma-system:kuma-control-plane"
             - name: KUMA_STORE_KUBERNETES_SYSTEM_NAMESPACE

deployments/charts/kuma/templates/_helpers.tpl

@@ -274,9 +274,9 @@ env:
   value: "true"
 {{- end }}
 {{- if .Values.experimental.cni }}
-- name: KUMA_EXPERIMENTAL_CNI
+- name: KUMA_RUNTIME_KUBERNETES_NODE_TAINT_CONTROLLER_ENABLED
   value: "true"
-- name: KUMA_CNI_APP
+- name: KUMA_RUNTIME_KUBERNETES_NODE_TAINT_CONTROLLER_CNI_APP
   value: "{{ include "kuma.name" . }}-cni"
 {{- end }}
 {{- end }}

pkg/config/app/kuma-cp/config.go

@@ -13,7 +13,6 @@ import (
 	"github.com/kumahq/kuma/pkg/config/diagnostics"
 	dns_server "github.com/kumahq/kuma/pkg/config/dns-server"
 	dp_server "github.com/kumahq/kuma/pkg/config/dp-server"
-	gui_server "github.com/kumahq/kuma/pkg/config/gui-server"
 	"github.com/kumahq/kuma/pkg/config/mads"
 	"github.com/kumahq/kuma/pkg/config/multizone"
 	"github.com/kumahq/kuma/pkg/config/plugins/runtime"
@@ -26,10 +25,11 @@ var _ config.Config = &Config{}
 var _ config.Config = &Defaults{}
 
 type Defaults struct {
+	// If true, it skips creating the default Mesh
 	SkipMeshCreation bool `yaml:"skipMeshCreation" envconfig:"kuma_defaults_skip_mesh_creation"`
 	// If true, instead of providing inbound clusters with address of dataplane, generates cluster with localhost.
 	// Enabled can cause security threat by exposing application listing on localhost. This configuration is going to
-	// removed.
+	// be removed in the future.
 	// TODO: https://github.com/kumahq/kuma/issues/4772
 	EnableLocalhostInboundClusters bool `yaml:"enableLocalhostInboundClusters" envconfig:"kuma_defaults_enable_localhost_inbound_clusters"`
 }
@@ -114,7 +114,7 @@ type Config struct {
 	General *GeneralConfig `yaml:"general,omitempty"`
 	// Environment Type, can be either "kubernetes" or "universal"
 	Environment core.EnvironmentType `yaml:"environment,omitempty" envconfig:"kuma_environment"`
-	// Mode
+	// Mode in which Kuma CP is running. Available values are: "standalone", "global", "zone"
 	Mode core.CpMode `yaml:"mode" envconfig:"kuma_mode"`
 	// Resource Store configuration
 	Store *store.StoreConfig `yaml:"store,omitempty"`
@@ -134,8 +134,6 @@ type Config struct {
 	Metrics *Metrics `yaml:"metrics,omitempty"`
 	// Reports configuration
 	Reports *Reports `yaml:"reports,omitempty"`
-	// GUI Server Config
-	GuiServer *gui_server.GuiServerConfig `yaml:"guiServer,omitempty"`
 	// Multizone Config
 	Multizone *multizone.MultizoneConfig `yaml:"multizone,omitempty"`
 	// DNS Server Config
@@ -162,7 +160,6 @@ func (c *Config) Sanitize() {
 	c.Runtime.Sanitize()
 	c.Metrics.Sanitize()
 	c.Defaults.Sanitize()
-	c.GuiServer.Sanitize()
 	c.DNSServer.Sanitize()
 	c.Multizone.Sanitize()
 	c.Diagnostics.Sanitize()
@@ -200,7 +197,6 @@ var DefaultConfig = func() Config {
 			Enabled: false,
 		},
 		General:     DefaultGeneralConfig(),
-		GuiServer:   gui_server.DefaultGuiServerConfig(),
 		DNSServer:   dns_server.DefaultDNSServerConfig(),
 		Multizone:   multizone.DefaultMultizoneConfig(),
 		Diagnostics: diagnostics.DefaultDiagnosticsConfig(),
@@ -220,16 +216,10 @@ func (c *Config) Validate() error {
 	}
 	switch c.Mode {
 	case core.Global:
-		if err := c.GuiServer.Validate(); err != nil {
-			return errors.Wrap(err, "GuiServer validation failed")
-		}
 		if err := c.Multizone.Global.Validate(); err != nil {
 			return errors.Wrap(err, "Multizone Global validation failed")
 		}
 	case core.Standalone:
-		if err := c.GuiServer.Validate(); err != nil {
-			return errors.Wrap(err, "GuiServer validation failed")
-		}
 		if err := c.XdsServer.Validate(); err != nil {
 			return errors.Wrap(err, "Xds Server validation failed")
 		}
@@ -300,6 +290,8 @@ type GeneralConfig struct {
 	// TlsKeyFile defines a path to a file with PEM-encoded TLS key that will be used across all the Kuma Servers.
 	TlsKeyFile string `yaml:"tlsKeyFile" envconfig:"kuma_general_tls_key_file"`
 	// WorkDir defines a path to the working directory
+	// Kuma stores in this directory autogenerated entities like certificates.
+	// If empty then the working directory is $HOME/.kuma
 	WorkDir string `yaml:"workDir" envconfig:"kuma_general_work_dir"`
 }
 
@@ -331,11 +323,6 @@ type ExperimentalConfig struct {
 	// If true, instead of embedding kubernetes outbounds into Dataplane object, they are persisted next to VIPs in ConfigMap
 	// This can improve performance, but it should be enabled only after all instances are migrated to version that supports this config
 	KubeOutboundsAsVIPs bool `yaml:"kubeOutboundsAsVIPs" envconfig:"KUMA_EXPERIMENTAL_KUBE_OUTBOUNDS_AS_VIPS"`
-
-	// If true, new experimental CNI taint controller is enabled
-	Cni bool `yaml:"cni" envconfig:"KUMA_EXPERIMENTAL_CNI"`
-	// Name of the CNI pod
-	CniApp string `yaml:"cniApp" envconfig:"KUMA_CNI_APP"`
 }
 
 func (e ExperimentalConfig) Validate() error {

pkg/config/app/kuma-cp/kuma-cp.defaults.yaml

@@ -1,10 +1,11 @@
-# Environment Type, can be either "kubernetes" or "universal"
+# Environment type. Available values are: "kubernetes" or "universal"
 environment: universal # ENV: KUMA_ENVIRONMENT
-mode: standalone # ENV: KUMA_MODE By default autoconfigured to standalone
+# Mode in which Kuma CP is running. Available values are: "standalone", "global", "zone"
+mode: standalone # ENV: KUMA_MODE
 
 # Resource Store configuration
 store:
-  # Type of Store used in the Control Plane. Can be either "kubernetes", "postgres" or "memory"
+  # Type of Store used in the Control Plane. Available values are: "kubernetes", "postgres" or "memory"
   type: memory # ENV: KUMA_STORE_TYPE
 
   # Kubernetes Store configuration (used when store.type=kubernetes)
@@ -34,7 +35,7 @@ store:
     maxIdleConnections: 50  # ENV: KUMA_STORE_POSTGRES_MAX_IDLE_CONNECTIONS
     # TLS settings
     tls:
-      # Mode of TLS connection. Available values (disable, verifyNone, verifyCa, verifyFull)
+      # Mode of TLS connection. Available values are: "disable", "verifyNone", "verifyCa", "verifyFull"
       mode: disable # ENV: KUMA_STORE_POSTGRES_TLS_MODE
       # Path to TLS Certificate of the client. Used in verifyCa and verifyFull modes
       certPath: # ENV: KUMA_STORE_POSTGRES_TLS_CERT_PATH
@@ -59,9 +60,9 @@ store:
     # Expiration time for elements in cache.
     expirationTime: 1s # ENV: KUMA_STORE_CACHE_EXPIRATION_TIME
 
-  # Upsert configuration
+  # Upsert (get and update) configuration
   upsert:
-    # Base time for exponential backoff on upsert (get and update) operations when retry is enabled
+    # Base time for exponential backoff on upsert operations when retry is enabled
     conflictRetryBaseBackoff: 100ms # ENV: KUMA_STORE_UPSERT_CONFLICT_RETRY_BASE_BACKOFF
     # Max retries on upsert (get and update) operation when retry is enabled
     conflictRetryMaxTimes: 5 # ENV: KUMA_STORE_UPSERT_CONFLICT_RETRY_MAX_TIMES
@@ -72,8 +73,6 @@ store:
 
 # Configuration of Bootstrap Server, which provides bootstrap config to Dataplanes
 bootstrapServer:
-  # The version of Envoy API (available: "v3")
-  apiVersion: v3
   # Parameters of bootstrap configuration
   params:
     # Address of Envoy Admin
@@ -84,7 +83,7 @@ bootstrapServer:
     adminAccessLogPath: /dev/null # ENV: KUMA_BOOTSTRAP_SERVER_PARAMS_ADMIN_ACCESS_LOG_PATH
     # Host of XDS Server. By default it is the same host as the one used by kuma-dp to connect to the control plane
     xdsHost: "" # ENV: KUMA_BOOTSTRAP_SERVER_PARAMS_XDS_HOST
-    # Port of XDS Server. By default it is autoconfigured from KUMA_XDS_SERVER_GRPC_PORT
+    # Port of XDS Server. By default it is autoconfigured from KUMA_DP_SERVER_PORT
     xdsPort: 0 # ENV: KUMA_BOOTSTRAP_SERVER_PARAMS_XDS_PORT
     # Connection timeout to the XDS Server
     xdsConnectTimeout: 1s # ENV: KUMA_BOOTSTRAP_SERVER_PARAMS_XDS_CONNECT_TIMEOUT
@@ -94,8 +93,7 @@ monitoringAssignmentServer:
   # Port of a gRPC server that serves Monitoring Assignment Discovery Service (MADS).
   port: 5676 # ENV: KUMA_MONITORING_ASSIGNMENT_SERVER_PORT
   # Which MADS API versions to serve
-  apiVersions: # ENV: KUMA_MONITORING_ASSIGNMENT_SERVER_API_VERSIONS
-    - v1
+  apiVersions: ["v1"] # ENV: KUMA_MONITORING_ASSIGNMENT_SERVER_API_VERSIONS
   # Interval for re-generating monitoring assignments for clients connected to the Control Plane.
   assignmentRefreshInterval: 1s # ENV: KUMA_MONITORING_ASSIGNMENT_SERVER_ASSIGNMENT_REFRESH_INTERVAL
   # The default timeout for a single fetch-based discovery request, if not specified
@@ -166,8 +164,12 @@ runtime:
     controlPlaneServiceName: kuma-control-plane # ENV: KUMA_RUNTIME_KUBERNETES_CONTROL_PLANE_SERVICE_NAME
     # Name of Service Account that is used to run the Control Plane
     serviceAccountName: "system:serviceaccount:kuma-system:kuma-control-plane" # ENV: KUMA_RUNTIME_KUBERNETES_SERVICE_ACCOUNT_NAME
-    # Enables taint controller that prevents applications from scheduling until experimental CNI is ready.
-    nodeTaintControllerEnabled: true
+    # Taint controller that prevents applications from scheduling until CNI is ready.
+    nodeTaintController:
+      # If true enables the taint controller.
+      enabled: false # ENV: KUMA_RUNTIME_KUBERNETES_NODE_TAINT_CONTROLLER_ENABLED
+      # Value of app label on CNI pod that indicates if node can be ready.
+      cniApp: "" # ENV: KUMA_RUNTIME_KUBERNETES_NODE_TAINT_CONTROLLER_CNI_APP
     # Admission WebHook Server configuration
     admissionServer:
       # Address the Admission WebHook Server should be listening on
@@ -278,7 +280,11 @@ runtime:
 
 # Default Kuma entities configuration
 defaults:
+  # If true, it skips creating the default Mesh
   skipMeshCreation: false # ENV: KUMA_DEFAULTS_SKIP_MESH_CREATION
+  # If true, instead of providing inbound clusters with address of dataplane, generates cluster with localhost.
+  # Enabled can cause security threat by exposing application listing on localhost. This configuration is going to
+  # be removed in the future.
   enableLocalhostInboundClusters: false #ENV: KUMA_DEFAULTS_ENABLE_LOCALHOST_INBOUND_CLUSTERS
 
 # Metrics configuration
@@ -316,12 +322,10 @@ general:
   tlsCertFile: # ENV: KUMA_GENERAL_TLS_CERT_FILE
   # TlsKeyFile defines a path to a file with PEM-encoded TLS key that will be used across all the Kuma Servers.
   tlsKeyFile: # ENV: KUMA_GENERAL_TLS_KEY_FILE
-  workDir: ""
-
-# Web GUI Server configuration
-guiServer:
-  # URL of the Api Server
-  apiServerUrl: # ENV: KUMA_GUI_SERVER_API_SERVER_URL
+  # WorkDir defines a path to the working directory
+  # Kuma stores in this directory autogenerated entities like certificates.
+  # If empty then the working directory is $HOME/.kuma
+  workDir: "" # ENV: KUMA_GENERAL_WORK_DIR
 
 # DNS Server configuration
 dnsServer:

pkg/config/loader_test.go

@@ -141,7 +141,8 @@ var _ = Describe("Config loader", func() {
 
 			Expect(cfg.Runtime.Kubernetes.ControlPlaneServiceName).To(Equal("custom-control-plane"))
 			Expect(cfg.Runtime.Kubernetes.ServiceAccountName).To(Equal("custom-sa"))
-			Expect(cfg.Runtime.Kubernetes.NodeTaintControllerEnabled).To(BeFalse())
+			Expect(cfg.Runtime.Kubernetes.NodeTaintController.Enabled).To(BeTrue())
+			Expect(cfg.Runtime.Kubernetes.NodeTaintController.CniApp).To(Equal("kuma-cni"))
 
 			Expect(cfg.Runtime.Kubernetes.AdmissionServer.Address).To(Equal("127.0.0.2"))
 			Expect(cfg.Runtime.Kubernetes.AdmissionServer.Port).To(Equal(uint32(9443)))
@@ -191,7 +192,6 @@ var _ = Describe("Config loader", func() {
 			Expect(cfg.General.DNSCacheTTL).To(Equal(19 * time.Second))
 			Expect(cfg.General.WorkDir).To(Equal("/custom/work/dir"))
 
-			Expect(cfg.GuiServer.ApiServerUrl).To(Equal("http://localhost:1234"))
 			Expect(cfg.Mode).To(Equal(config_core.Zone))
 			Expect(cfg.Multizone.Zone.Name).To(Equal("zone-1"))
 
@@ -259,8 +259,6 @@ var _ = Describe("Config loader", func() {
 			Expect(cfg.Access.Static.ViewClusters.Groups).To(Equal([]string{"zt-group1", "zt-group2"}))
 
 			Expect(cfg.Experimental.GatewayAPI).To(BeTrue())
-			Expect(cfg.Experimental.Cni).To(BeTrue())
-			Expect(cfg.Experimental.CniApp).To(Equal("kuma-cni"))
 			Expect(cfg.Experimental.KubeOutboundsAsVIPs).To(BeTrue())
 
 			Expect(cfg.Proxy.Gateway.GlobalDownstreamMaxConnections).To(BeNumerically("==", 1))
@@ -338,7 +336,9 @@ runtime:
   kubernetes:
     serviceAccountName: custom-sa
     controlPlaneServiceName: custom-control-plane
-    nodeTaintControllerEnabled: false
+    nodeTaintController:
+      enabled: true
+      cniApp: kuma-cni
     admissionServer:
       address: 127.0.0.2
       port: 9443
@@ -403,8 +403,6 @@ general:
   tlsCertFile: /tmp/cert
   dnsCacheTTL: 19s
   workDir: /custom/work/dir
-guiServer:
-  apiServerUrl: http://localhost:1234
 mode: zone
 multizone:
   global:
@@ -490,7 +488,6 @@ access:
 experimental:
   gatewayAPI: true
   kubeOutboundsAsVIPs: true
-  cni: true
   cniApp: "kuma-cni"
 proxy:
   gateway:
@@ -548,7 +545,8 @@ proxy:
 				"KUMA_REPORTS_ENABLED":                                                                     "false",
 				"KUMA_RUNTIME_KUBERNETES_CONTROL_PLANE_SERVICE_NAME":                                       "custom-control-plane",
 				"KUMA_RUNTIME_KUBERNETES_SERVICE_ACCOUNT_NAME":                                             "custom-sa",
-				"KUMA_RUNTIME_KUBERNETES_NODE_TAINT_CONTROLLER_ENABLED":                                    "false",
+				"KUMA_RUNTIME_KUBERNETES_NODE_TAINT_CONTROLLER_ENABLED":                                    "true",
+				"KUMA_RUNTIME_KUBERNETES_NODE_TAINT_CONTROLLER_CNI_APP":                                    "kuma-cni",
 				"KUMA_RUNTIME_KUBERNETES_ADMISSION_SERVER_ADDRESS":                                         "127.0.0.2",
 				"KUMA_RUNTIME_KUBERNETES_ADMISSION_SERVER_PORT":                                            "9443",
 				"KUMA_RUNTIME_KUBERNETES_ADMISSION_SERVER_CERT_DIR":                                        "/var/run/secrets/kuma.io/kuma-admission-server/tls-cert",
@@ -592,7 +590,6 @@ proxy:
 				"KUMA_GENERAL_DNS_CACHE_TTL":                                                               "19s",
 				"KUMA_GENERAL_WORK_DIR":                                                                    "/custom/work/dir",
 				"KUMA_API_SERVER_CORS_ALLOWED_DOMAINS":                                                     "https://kuma,https://someapi",
-				"KUMA_GUI_SERVER_API_SERVER_URL":                                                           "http://localhost:1234",
 				"KUMA_DNS_SERVER_DOMAIN":                                                                   "test-domain",
 				"KUMA_DNS_SERVER_CIDR":                                                                     "127.1.0.0/16",
 				"KUMA_DNS_SERVER_SERVICE_VIP_ENABLED":                                                      "false",
@@ -651,8 +648,6 @@ proxy:
 				"KUMA_ACCESS_STATIC_VIEW_CLUSTERS_USERS":                                                   "zt-admin1,zt-admin2",
 				"KUMA_ACCESS_STATIC_VIEW_CLUSTERS_GROUPS":                                                  "zt-group1,zt-group2",
 				"KUMA_EXPERIMENTAL_GATEWAY_API":                                                            "true",
-				"KUMA_EXPERIMENTAL_CNI":                                                                    "true",
-				"KUMA_CNI_APP":                                                                             "kuma-cni",
 				"KUMA_EXPERIMENTAL_KUBE_OUTBOUNDS_AS_VIPS":                                                 "true",
 				"KUMA_PROXY_GATEWAY_GLOBAL_DOWNSTREAM_MAX_CONNECTIONS":                                     "1",
 			},