kumahq · slonka · Feb 6, 2023 · Feb 3, 2023 · Feb 3, 2023 · Feb 3, 2023
@@ -210,6 +210,15 @@ var _ = Describe("kumactl install control-plane", func() {
 			},
 			goldenFile: "install-control-plane.global.golden.yaml",
 		}),
+		Entry("should generate Kubernetes resources for Global Universal mode", testCase{
+			extraArgs: []string{
+				"--mode",
+				"global",
+				"--set",
+				"controlPlane.environment=universal",
+			},
+			goldenFile: "install-control-plane.global-universal-on-k8s.golden.yaml",
+		}),
 		Entry("should generate Kubernetes resources for Zone", testCase{
 			extraArgs: []string{
 				"--mode", "zone",
@@ -303,6 +312,15 @@ controlPlane:
 			extraArgs: []string{"--mode", "test"},
 			errorMsg:  "controlPlane.mode invalid got:'test'",
 		}),
+		Entry("--mode is not global and environment is universal", errTestCase{
+			extraArgs: []string{
+				"--mode",
+				"zone",
+				"--set",
+				"controlPlane.environment=universal",
+			},
+			errorMsg: "You can only run universal mode on kubernetes in a global mode",
+		}),
 		Entry("--kds-global-address is missing when installing zone", errTestCase{
 			extraArgs: []string{"--mode", "zone", "--zone", "zone-1"},
 			errorMsg:  "controlPlane.kdsGlobalAddress can't be empty when controlPlane.mode=='zone'",

@@ -518,7 +518,7 @@ spec:
     metadata:
       annotations:
         checksum/config: fd9d1d8386f97f2bd49e50f476520816168a1c9f60bbc43dec1347a64d239155
-        checksum/tls-secrets: 86ea761718bf0f0e59a68251ac0eace6afa0a6f256acc3f738729980f77e310d
+        checksum/tls-secrets: ddb33b7fcab8de3c602ea6f29b5ac360033296f9d5c85ea54f718ff4fc0ae795
       labels: 
         app: kuma-control-plane
         app.kubernetes.io/name: kuma

@@ -536,7 +536,7 @@ spec:
     metadata:
       annotations:
         checksum/config: fd9d1d8386f97f2bd49e50f476520816168a1c9f60bbc43dec1347a64d239155
-        checksum/tls-secrets: 86ea761718bf0f0e59a68251ac0eace6afa0a6f256acc3f738729980f77e310d
+        checksum/tls-secrets: ddb33b7fcab8de3c602ea6f29b5ac360033296f9d5c85ea54f718ff4fc0ae795
       labels: 
         app: kuma-control-plane
         app.kubernetes.io/name: kuma

@@ -5229,7 +5229,7 @@ spec:
     metadata:
       annotations:
         checksum/config: fd9d1d8386f97f2bd49e50f476520816168a1c9f60bbc43dec1347a64d239155
-        checksum/tls-secrets: 86ea761718bf0f0e59a68251ac0eace6afa0a6f256acc3f738729980f77e310d
+        checksum/tls-secrets: ddb33b7fcab8de3c602ea6f29b5ac360033296f9d5c85ea54f718ff4fc0ae795
       labels: 
         app: kuma-control-plane
         app.kubernetes.io/name: kuma

@@ -18,6 +18,9 @@ installCrdsOnUpgrade:
   imagePullSecrets: []
 
 controlPlane:
+  # -- Environment that control plane is run in, useful when running universal global control plane on k8s
+  environment: "kubernetes"
+
   # -- Labels to add to resources in addition to default labels
   extraLabels: {}
 
@@ -699,6 +702,17 @@ experimental:
     # -- Path where compiled eBPF programs which will be installed can be found
     programsSourcePath: /kuma/ebpf
 
+# -- Postgres settings for universal control plane on k8s
+postgres:
+  # -- Postgres hostname
+  host:
+  # -- Postgres port
+  port: "5432"
+  # -- Postgres user
+  user:
+  # -- Postgres database
+  db:
+
 # @ignored for helm-docs
 plugins:
   policies:

@@ -5229,7 +5229,7 @@ spec:
     metadata:
       annotations:
         checksum/config: fd9d1d8386f97f2bd49e50f476520816168a1c9f60bbc43dec1347a64d239155
-        checksum/tls-secrets: 86ea761718bf0f0e59a68251ac0eace6afa0a6f256acc3f738729980f77e310d
+        checksum/tls-secrets: ddb33b7fcab8de3c602ea6f29b5ac360033296f9d5c85ea54f718ff4fc0ae795
       labels: 
         app: kuma-control-plane
         app.kubernetes.io/name: kuma

@@ -5383,7 +5383,7 @@ spec:
     metadata:
       annotations:
         checksum/config: fd9d1d8386f97f2bd49e50f476520816168a1c9f60bbc43dec1347a64d239155
-        checksum/tls-secrets: 86ea761718bf0f0e59a68251ac0eace6afa0a6f256acc3f738729980f77e310d
+        checksum/tls-secrets: ddb33b7fcab8de3c602ea6f29b5ac360033296f9d5c85ea54f718ff4fc0ae795
       labels: 
         app: kuma-control-plane
         app.kubernetes.io/name: kuma

@@ -0,0 +1,234 @@
+
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: kuma-system
+  labels:
+    kuma.io/system-namespace: "true"
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: kuma-control-plane
+  namespace: kuma-system
+  labels: 
+    app: kuma-control-plane
+    app.kubernetes.io/name: kuma
+    app.kubernetes.io/instance: kuma
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: kuma-control-plane-config
+  namespace: kuma-system
+  labels: 
+    app: kuma-control-plane
+    app.kubernetes.io/name: kuma
+    app.kubernetes.io/instance: kuma
+data:
+  config.yaml: |
+    # use this file to override default configuration of `kuma-cp`
+    #
+    # see conf/kuma-cp.conf.yml for available settings
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: kuma-global-zone-sync
+  namespace: kuma-system
+  annotations:
+  labels: 
+    app: kuma-control-plane
+    app.kubernetes.io/name: kuma
+    app.kubernetes.io/instance: kuma
+spec:
+  type: LoadBalancer
+  ports:
+    - port: 5685
+      name: global-zone-sync
+  selector:
+    app: kuma-control-plane
+
+    app.kubernetes.io/name: kuma
+    app.kubernetes.io/instance: kuma
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: kuma-control-plane
+  namespace: kuma-system
+  labels: 
+    app: kuma-control-plane
+    app.kubernetes.io/name: kuma
+    app.kubernetes.io/instance: kuma
+  annotations:
+    prometheus.io/scrape: "true"
+    prometheus.io/port: "5680"
+spec:
+  type: ClusterIP
+  ports:
+    - port: 5680
+      name: diagnostics
+    - port: 5681
+      name: http-api-server
+    - port: 5682
+      name: https-api-server
+    - port: 443
+      name: https-admission-server
+      targetPort: 5443
+  selector:
+    app: kuma-control-plane
+    app.kubernetes.io/name: kuma
+    app.kubernetes.io/instance: kuma
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: kuma-control-plane
+  namespace: kuma-system
+  labels: 
+    app: kuma-control-plane
+    app.kubernetes.io/name: kuma
+    app.kubernetes.io/instance: kuma
+spec:
+  replicas: 1
+  strategy:
+    rollingUpdate:
+      maxSurge: 1
+      maxUnavailable: 0
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: kuma
+      app.kubernetes.io/instance: kuma
+      app: kuma-control-plane
+  template:
+    metadata:
+      annotations:
+        checksum/config: fd9d1d8386f97f2bd49e50f476520816168a1c9f60bbc43dec1347a64d239155
+        checksum/tls-secrets: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
+      labels: 
+        app: kuma-control-plane
+        app.kubernetes.io/name: kuma
+        app.kubernetes.io/instance: kuma
+    spec:
+      affinity: 
+        podAntiAffinity:
+          preferredDuringSchedulingIgnoredDuringExecution:
+          - podAffinityTerm:
+              labelSelector:
+                matchExpressions:
+                - key: app.kubernetes.io/name
+                  operator: In
+                  values:
+                  - 'kuma'
+                - key: app.kubernetes.io/instance
+                  operator: In
+                  values:
+                  - 'kuma'
+                - key: app
+                  operator: In
+                  values:
+                  - 'kuma-control-plane'
+              topologyKey: kubernetes.io/hostname
+            weight: 100
+      serviceAccountName: kuma-control-plane
+      automountServiceAccountToken: true
+      nodeSelector:
+
+        kubernetes.io/os: linux
+      hostNetwork: false
+      terminationGracePeriodSeconds: 30
+      initContainers:
+        - name: migration
+          image: "docker.io/kumahq/kuma-cp:0.0.1"
+          imagePullPolicy: IfNotPresent
+          env:
+            - name: KUMA_DEFAULTS_SKIP_MESH_CREATION
+              value: "false"
+            - name: KUMA_ENVIRONMENT
+              value: "universal"
+            - name: KUMA_GENERAL_WORK_DIR
+              value: "/tmp/kuma"
+            - name: KUMA_MODE
+              value: "global"
+            - name: KUMA_STORE_POSTGRES_DB_NAME
+              value: ""
+            - name: KUMA_STORE_POSTGRES_HOST
+              value: ""
+            - name: KUMA_STORE_POSTGRES_PORT
+              value: "5432"
+            - name: KUMA_STORE_POSTGRES_USER
+              value: ""
+            - name: KUMA_STORE_TYPE
+              value: "postgres"
+          args:
+            - migrate
+            - up
+            - --log-level=info
+            - --config-file=/etc/kuma.io/kuma-control-plane/config.yaml
+          volumeMounts:
+            - name: kuma-control-plane-config
+              mountPath: /etc/kuma.io/kuma-control-plane
+              readOnly: true
+      containers:
+        - name: control-plane
+          image: "docker.io/kumahq/kuma-cp:0.0.1"
+          imagePullPolicy: IfNotPresent
+          env:
+            - name: KUMA_DEFAULTS_SKIP_MESH_CREATION
+              value: "false"
+            - name: KUMA_ENVIRONMENT
+              value: "universal"
+            - name: KUMA_GENERAL_WORK_DIR
+              value: "/tmp/kuma"
+            - name: KUMA_MODE
+              value: "global"
+            - name: KUMA_STORE_POSTGRES_DB_NAME
+              value: ""
+            - name: KUMA_STORE_POSTGRES_HOST
+              value: ""
+            - name: KUMA_STORE_POSTGRES_PORT
+              value: "5432"
+            - name: KUMA_STORE_POSTGRES_USER
+              value: ""
+            - name: KUMA_STORE_TYPE
+              value: "postgres"
+            - name: KUMA_INTER_CP_CATALOG_INSTANCE_ADDRESS
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+          args:
+            - run
+            - --log-level=info
+            - --config-file=/etc/kuma.io/kuma-control-plane/config.yaml
+          ports:
+            - containerPort: 5680
+              name: diagnostics
+              protocol: TCP
+            - containerPort: 5681
+            - containerPort: 5682
+            - containerPort: 5443
+          livenessProbe:
+            timeoutSeconds: 10
+            httpGet:
+              path: /healthy
+              port: 5680
+          readinessProbe:
+            timeoutSeconds: 10
+            httpGet:
+              path: /ready
+              port: 5680
+          resources:
+            requests:
+              cpu: 500m
+              memory: 256Mi
+
+          volumeMounts:
+            - name: kuma-control-plane-config
+              mountPath: /etc/kuma.io/kuma-control-plane
+              readOnly: true
+      volumes:
+        - name: kuma-control-plane-config
+          configMap:
+            name: kuma-control-plane-config
@@ -357,7 +357,7 @@ spec:
     metadata:
       annotations:
         checksum/config: fd9d1d8386f97f2bd49e50f476520816168a1c9f60bbc43dec1347a64d239155
-        checksum/tls-secrets: 7f15a049cce92f3c965fd34e12471da804ed4ccf2cc861e2c7b0f0dfa7a7115c
+        checksum/tls-secrets: 570dcd76bc13c0008614897b8a7148f4e71b1f65a92f0e0b38eef1eea78026e5
       labels: 
         app: kuma-control-plane
         app.kubernetes.io/name: kuma

@@ -340,7 +340,7 @@ spec:
     metadata:
       annotations:
         checksum/config: fd9d1d8386f97f2bd49e50f476520816168a1c9f60bbc43dec1347a64d239155
-        checksum/tls-secrets: 86ea761718bf0f0e59a68251ac0eace6afa0a6f256acc3f738729980f77e310d
+        checksum/tls-secrets: ddb33b7fcab8de3c602ea6f29b5ac360033296f9d5c85ea54f718ff4fc0ae795
       labels: 
         app: kuma-control-plane
         app.kubernetes.io/name: kuma

@@ -342,7 +342,7 @@ spec:
     metadata:
       annotations:
         checksum/config: 154c47a95fc93687dd1e825cea7f843d0fe8c450f82014d27cd7eb1a49f3bd35
-        checksum/tls-secrets: 5d2e5c960fb74f8c761d1ee6872f3d2191471346dae3dfe6acb70ea9b73f1231
+        checksum/tls-secrets: 993ba4160a7ee5a5ae0d7716a0cbca49437913a3fd6ab02b3d6e3d2837da426f
       labels: 
         app: kuma-control-plane
         app.kubernetes.io/name: kuma

@@ -340,7 +340,7 @@ spec:
     metadata:
       annotations:
         checksum/config: fd9d1d8386f97f2bd49e50f476520816168a1c9f60bbc43dec1347a64d239155
-        checksum/tls-secrets: 86ea761718bf0f0e59a68251ac0eace6afa0a6f256acc3f738729980f77e310d
+        checksum/tls-secrets: ddb33b7fcab8de3c602ea6f29b5ac360033296f9d5c85ea54f718ff4fc0ae795
       labels: 
         app: kuma-control-plane
         app.kubernetes.io/name: kuma

@@ -340,7 +340,7 @@ spec:
     metadata:
       annotations:
         checksum/config: fd9d1d8386f97f2bd49e50f476520816168a1c9f60bbc43dec1347a64d239155
-        checksum/tls-secrets: 86ea761718bf0f0e59a68251ac0eace6afa0a6f256acc3f738729980f77e310d
+        checksum/tls-secrets: ddb33b7fcab8de3c602ea6f29b5ac360033296f9d5c85ea54f718ff4fc0ae795
       labels: 
         app: kuma-control-plane
         app.kubernetes.io/name: kuma

@@ -371,7 +371,7 @@ spec:
     metadata:
       annotations:
         checksum/config: fd9d1d8386f97f2bd49e50f476520816168a1c9f60bbc43dec1347a64d239155
-        checksum/tls-secrets: 86ea761718bf0f0e59a68251ac0eace6afa0a6f256acc3f738729980f77e310d
+        checksum/tls-secrets: ddb33b7fcab8de3c602ea6f29b5ac360033296f9d5c85ea54f718ff4fc0ae795
       labels: 
         app: kuma-control-plane
         app.kubernetes.io/name: kuma