Kong · rainest · Jan 30, 2023 · Jan 30, 2023 · Jan 30, 2023
@@ -84,6 +84,10 @@ Adding a new version? You'll need three changes:
   a corresponding environment variable `CONTROLLER_KONG_ADMIN_URL` (which can
   specify multiple values separated by a comma).
   [#3268](https://github.com/Kong/kubernetes-ingress-controller/pull/3268)
+- Added a new `dbless-konnect` configuration variant to the manifests. It can
+  be used to deploy a DB-less variant of KIC that will also synchronise its
+  data-plane configuration with Konnect cloud.
+  [#3448](https://github.com/Kong/kubernetes-ingress-controller/pull/3448)
 
 ### Fixed
 

@@ -487,12 +487,26 @@ debug: install _ensure-namespace
 debug.connect:
 	XDG_CONFIG_HOME="$(PROJECT_DIR)/.config" $(DLV) connect localhost:40000
 
+SKAFFOLD_DEBUG_PROFILE ?= debug
+
 # This will port-forward 40000 from KIC's debugger to localhost. Connect to that
 # port with debugger/IDE of your choice
 .PHONY: debug.skaffold
 debug.skaffold: skaffold
 	TAG=$(TAG)-debug REPO_INFO=$(REPO_INFO) COMMIT=$(COMMIT) \
-		$(SKAFFOLD) debug --port-forward=pods --profile=debug $(SKAFFOLD_FLAGS)
+		CMD=debug SKAFFOLD_PROFILE=$(SKAFFOLD_DEBUG_PROFILE) \
+		$(MAKE) _skaffold
+
+# This will port-forward 40000 from KIC's debugger to localhost. Connect to that
+# port with debugger/IDE of your choice.
+#
+# To make it work with Konnect, you must provide following files under ./config/variants/konnect/debug:
+#   * `konnect.env` with CONTROLLER_KONNECT_RUNTIME_GROUP env variable set
+#     to the UUID of a Runtime Group you have created in Konnect.
+#   * `tls.crt` and `tls.key` with TLS client cerificate and its key (generated by Konnect).
+.PHONY: debug.skaffold.konnect
+debug.skaffold.konnect: skaffold
+	SKAFFOLD_DEBUG_PROFILE=debug-konnect $(MAKE) debug.skaffold
 
 # This will port-forward 40000 from KIC's debugger to localhost. Connect to that
 # port with debugger/IDE of your choice
@@ -501,9 +515,14 @@ debug.skaffold.sync: skaffold
 	@$(MAKE) debug.skaffold SKAFFOLD_FLAGS="--auto-build --auto-deploy --auto-sync"
 
 .PHONY: run.skaffold
-run.skaffold: skaffold
-	TAG=$(TAG)-debug REPO_INFO=$(REPO_INFO) COMMIT=$(COMMIT) \
-		$(SKAFFOLD) dev --port-forward=pods --profile=dev
+run.skaffold:
+	TAG=$(TAG) REPO_INFO=$(REPO_INFO) COMMIT=$(COMMIT) \
+		CMD=dev SKAFFOLD_PROFILE=$(SKAFFOLD_RUN_PROFILE) \
+		$(MAKE) _skaffold
+
+.PHONY: _skaffold
+_skaffold: skaffold
+	$(SKAFFOLD) $(CMD) --port-forward=pods --profile=$(SKAFFOLD_PROFILE) $(SKAFFOLD_FLAGS)
 
 .PHONY: run
 run: install _ensure-namespace

@@ -0,0 +1,8 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+- ../../../base
+
+patchesStrategicMerge:
+  - manager.yaml
@@ -0,0 +1,29 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: ingress-kong
+  namespace: kong
+spec:
+  template:
+    spec:
+      containers:
+      - name: ingress-controller
+        envFrom:
+          - configMapRef:
+              # konnect-config ConfigMap is expected to specify:
+              #   * CONTROLLER_KONNECT_RUNTIME_GROUP (required)
+              #   * CONTROLLER_KONNECT_ADDRESS (optional)
+              name: konnect-config
+        env:
+          - name: CONTROLLER_KONNECT_SYNC_ENABLED
+            value: "true"
+          - name: CONTROLLER_KONNECT_TLS_CLIENT_CERT
+            valueFrom:
+              secretKeyRef:
+                name: konnect-client-tls
+                key: tls.crt
+          - name: CONTROLLER_KONNECT_TLS_CLIENT_KEY
+            valueFrom:
+              secretKeyRef:
+                name: konnect-client-tls
+                key: tls.key
@@ -0,0 +1,3 @@
+tls.crt
+tls.key
+konnect.env
@@ -0,0 +1,24 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+- ../base
+
+patchesStrategicMerge:
+  - manager_debug.yaml
+
+generatorOptions:
+  disableNameSuffixHash: true
+
+secretGenerator:
+  - name: konnect-client-tls
+    namespace: kong
+    type: tls
+    files:
+      - tls.crt
+      - tls.key
+
+configMapGenerator:
+  - name: konnect-config
+    namespace: kong
+    envs: [konnect.env]
@@ -0,0 +1,32 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: ingress-kong
+  namespace: kong
+spec:
+  template:
+    spec:
+      containers:
+        - name: ingress-controller
+          command:
+            - /go/bin/dlv
+            - --continue
+            - --accept-multiclient
+            - --listen=:40000
+            - --check-go-version=false
+            - --headless=true
+            - --api-version=2
+            - --log=true
+            - --log-output=debugger,debuglineerr,gdbwire
+            - exec
+            - /manager-debug
+            - --
+          args:
+            - --feature-gates=GatewayAlpha=true
+            - --anonymous-reports=false
+          env:
+            - name: CONTROLLER_LOG_LEVEL
+              value: debug
+            - name: CONTROLLER_KONNECT_ADDRESS
+              value: https://us.kic.api.konghq.tech
+          image: kic-placeholder:placeholder