feat(konnect): add manifests for konnect config variant

CHANGELOG.md

@@ -84,6 +84,10 @@ Adding a new version? You'll need three changes:
   a corresponding environment variable `CONTROLLER_KONG_ADMIN_URL` (which can
   specify multiple values separated by a comma).
   [#3268](https://github.com/Kong/kubernetes-ingress-controller/pull/3268)
+- Added a new `dbless-konnect` configuration variant to the manifests. It can
+  be used to deploy a DB-less variant of KIC that will also synchronise its
+  data-plane configuration with Konnect cloud.
+  [#3448](https://github.com/Kong/kubernetes-ingress-controller/pull/3448)
 
 ### Fixed
 

Makefile

@@ -494,6 +494,18 @@ debug.skaffold: skaffold
 	TAG=$(TAG)-debug REPO_INFO=$(REPO_INFO) COMMIT=$(COMMIT) \
 		$(SKAFFOLD) debug --port-forward=pods --profile=debug $(SKAFFOLD_FLAGS)
 
+# This will port-forward 40000 from KIC's debugger to localhost. Connect to that
+# port with debugger/IDE of your choice.
+#
+# To make it work with Konnect, you must provide following files under ./config/variants/konnect/debug:
+#   * `konnect.env` with CONTROLLER_KONNECT_RUNTIME_GROUP env variable set
+#     to the UUID of a Runtime Group you have created in Konnect.
+#   * `tls.crt` and `tls.key` with TLS client cerificate and its key (generated by Konnect).
+.PHONY: debug.konnect.skaffold
+debug.konnect.skaffold: skaffold
+	TAG=$(TAG)-debug REPO_INFO=$(REPO_INFO) COMMIT=$(COMMIT) \
+		$(SKAFFOLD) debug --port-forward=pods --profile=debug-konnect $(SKAFFOLD_FLAGS)
+
 # This will port-forward 40000 from KIC's debugger to localhost. Connect to that
 # port with debugger/IDE of your choice
 .PHONY: debug.skaffold.sync

config/variants/konnect/base/kustomization.yaml

@@ -0,0 +1,8 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+- ../../../base
+
+patchesStrategicMerge:
+  - manager.yaml

config/variants/konnect/base/manager.yaml

@@ -0,0 +1,29 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: ingress-kong
+  namespace: kong
+spec:
+  template:
+    spec:
+      containers:
+      - name: ingress-controller
+        envFrom:
+          - configMapRef:
+              # konnect-config ConfigMap is expected to specify:
+              #   * CONTROLLER_KONNECT_RUNTIME_GROUP (required)
+              #   * CONTROLLER_KONNECT_ADDRESS (optional)
+              name: konnect-config
+        env:
+          - name: CONTROLLER_KONNECT_SYNC_ENABLED
+            value: "true"
+          - name: CONTROLLER_KONNECT_TLS_CLIENT_CERT
+            valueFrom:
+              secretKeyRef:
+                name: konnect-client-tls
+                key: tls.crt
+          - name: CONTROLLER_KONNECT_TLS_CLIENT_KEY
+            valueFrom:
+              secretKeyRef:
+                name: konnect-client-tls
+                key: tls.key

config/variants/konnect/debug/.gitignore

@@ -0,0 +1,3 @@
+tls.crt
+tls.key
+konnect.env

config/variants/konnect/debug/kustomization.yaml

@@ -0,0 +1,24 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+- ../base
+
+patchesStrategicMerge:
+  - manager_debug.yaml
+
+generatorOptions:
+  disableNameSuffixHash: true
+
+secretGenerator:
+  - name: konnect-client-tls
+    namespace: kong
+    type: tls
+    files:
+      - tls.crt
+      - tls.key
+
+configMapGenerator:
+  - name: konnect-config
+    namespace: kong
+    envs: [konnect.env]

config/variants/konnect/debug/manager_debug.yaml

@@ -0,0 +1,32 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: ingress-kong
+  namespace: kong
+spec:
+  template:
+    spec:
+      containers:
+        - name: ingress-controller
+          command:
+            - /go/bin/dlv
+            - --continue
+            - --accept-multiclient
+            - --listen=:40000
+            - --check-go-version=false
+            - --headless=true
+            - --api-version=2
+            - --log=true
+            - --log-output=debugger,debuglineerr,gdbwire
+            - exec
+            - /manager-debug
+            - --
+          args:
+            - --feature-gates=GatewayAlpha=true
+            - --anonymous-reports=false
+          env:
+            - name: CONTROLLER_LOG_LEVEL
+              value: debug
+            - name: CONTROLLER_KONNECT_ADDRESS
+              value: https://us.kic.api.konghq.tech
+          image: kic-placeholder:placeholder