Prepare KEB for CN region (#850)

* Prepare KEB for CN

* wip

* wip

* wip

* wip

* wip

* wip

* wip

* wip

* missing new line

* wip

* wip

* wip

* Apply suggestions from code review

Co-authored-by: Iwona Langer <iwona.langer@sap.com>

* wip

* wip

* Update docs/README.md

Co-authored-by: Iwona Langer <iwona.langer@sap.com>

* Update docs/README.md

Co-authored-by: Iwona Langer <iwona.langer@sap.com>

---------

Co-authored-by: Iwona Langer <iwona.langer@sap.com>

cmd/broker/suite_test.go

@@ -491,7 +491,6 @@ func fixK8sResources(defaultKymaVersion string, additionalKymaVersions []string)
 			Namespace: "kcp-system",
 			Labels: map[string]string{
 				"keb-config": "true",
-				fmt.Sprintf("runtime-version-%s", defaultKymaVersion): "true",
 			},
 		},
 		Data: map[string]string{
@@ -511,12 +510,7 @@ kyma-template: |-
             customResourcePolicy: CreateAndDelete
           - name: keda
             channel: fast
-
-additional-components:
-  - name: "btp-operator"
-    namespace: "kyma-system"
-    source:
-      url: "https://btp-operator"`,
+`,
 		},
 	}
 

docs/README.md

@@ -42,4 +42,5 @@ For technical details of KEB, go to the `contributor` directory:
 * [Cleaning and Archiving](./contributor/08-10-cleaning-and-archiving.md)
 
 You can also read about:  
-* [Event Data Platform Tools](https://github.com/kyma-project/kyma-environment-broker/blob/main/utils/edp-registrator/README.md)
+* [Event Data Platform Tools](https://github.com/kyma-project/kyma-environment-broker/blob/main/utils/edp-registrator/README.md)
+* [Install KEB in the CN Region](../resources/cn/cn.md)

internal/config/provider_test.go

@@ -57,7 +57,7 @@ func TestConfigProvider(t *testing.T) {
 	t.Run("validator should return error indicating missing required fields", func(t *testing.T) {
 		// given
 		expectedMissingConfigKeys := []string{
-			"additional-components",
+			"kyma-template",
 		}
 		expectedErrMsg := fmt.Sprintf("missing required configuration entires: %s", strings.Join(expectedMissingConfigKeys, ","))
 		// when

internal/config/testdata/keb-config-expected.yaml

@@ -30,6 +30,17 @@ data:
         source:
           url: "https://test.local/artifacts/additional-component3-0.0.1.tgz"
   azure: |-
+    kyma-template: |-
+      apiVersion: operator.kyma-project.io/v1beta2
+      kind: Kyma
+      metadata:
+        name: tbd
+        namespace: kyma-system
+      spec:
+        sync:
+            strategy: secret
+        channel: stable
+        modules: []
     additional-components:
       - name: "additional-component1"
         namespace: "kyma-system"
@@ -41,6 +52,17 @@ data:
         source:
           url: "https://azure.domain/component/azure-component.git"
   gcp: |-
+    kyma-template: |-
+      apiVersion: operator.kyma-project.io/v1beta2
+      kind: Kyma
+      metadata:
+        name: tbd
+        namespace: kyma-system
+      spec:
+        sync:
+            strategy: secret
+        channel: stable
+        modules: []
     additional-components:
       - name: "additional-component1"
         namespace: "kyma-system"
@@ -54,6 +76,17 @@ data:
         source:
           url: "https://gcp.domain/component/gcp-component.git"
   trial: |-
+    kyma-template: |-
+      apiVersion: operator.kyma-project.io/v1beta2
+      kind: Kyma
+      metadata:
+        name: tbd
+        namespace: kyma-system
+      spec:
+        sync:
+            strategy: secret
+        channel: stable
+        modules: []
     additional-components:
       # no components
   wrong: |-

internal/config/testdata/keb-config.yaml

@@ -30,6 +30,17 @@ data:
         source:
           url: "https://test.local/artifacts/additional-component3-0.0.1.tgz"
   azure: |-
+    kyma-template: |-
+      apiVersion: operator.kyma-project.io/v1beta2
+      Kind: Kyma
+      metadata:
+        name: tbd
+        namespace: kyma-system
+      spec:
+        sync:
+            strategy: secret
+        channel: stable
+        modules: []
     additional-components:
       - name: "additional-component1"
         namespace: "kyma-system"
@@ -41,6 +52,17 @@ data:
         source:
           url: "https://azure.domain/component/azure-component.git"
   gcp: |-
+    kyma-template: |-
+      apiVersion: operator.kyma-project.io/v1beta2
+      Kind: Kyma
+      metadata:
+        name: tbd
+        namespace: kyma-system
+      spec:
+        sync:
+            strategy: secret
+        channel: stable
+        modules: []
     additional-components:
       - name: "additional-component1"
         namespace: "kyma-system"
@@ -54,6 +76,17 @@ data:
         source:
           url: "https://gcp.domain/component/gcp-component.git"
   trial: |-
+    kyma-template: |-
+      apiVersion: operator.kyma-project.io/v1beta2
+      Kind: Kyma
+      metadata:
+        name: tbd
+        namespace: kyma-system
+      spec:
+        sync:
+            strategy: secret
+        channel: stable
+        modules: []
     additional-components:
       # no components
   wrong: |-

internal/config/validator.go

@@ -9,7 +9,7 @@ import (
 )
 
 // comma separated list of required fields
-const requiredFields = "additional-components"
+const requiredFields = "kyma-template"
 
 type ConfigMapKeysValidator struct{}
 

internal/config/validator_test.go

@@ -9,7 +9,7 @@ import (
 )
 
 const (
-	additionalComponentsConfigKey = "additional-components"
+	kymaTemplateConfigKey = "kyma-template"
 )
 
 func TestValidate(t *testing.T) {
@@ -18,10 +18,7 @@ func TestValidate(t *testing.T) {
 
 	t.Run("should validate whether config contains required fields", func(t *testing.T) {
 		// given
-		cfgString := `additional-components:
-  - name: "additional-component1"
-    namespace: "kyma-system"
-optional-field: "optional"`
+		cfgString := `kyma-template: ""`
 
 		// when
 		err := cfgValidator.Validate(cfgString)
@@ -39,6 +36,6 @@ optional-field: "optional"`
 
 		// then
 		require.Error(t, err)
-		assert.Contains(t, err.Error(), additionalComponentsConfigKey)
+		assert.Contains(t, err.Error(), kymaTemplateConfigKey)
 	})
 }

internal/process/provisioning/create_runtime_for_own_cluster_step_test.go

@@ -172,10 +172,7 @@ func fixConfigMap(defaultKymaVersion string) k8sruntime.Object {
 			},
 		},
 		Data: map[string]string{
-			"default": `additional-components:
-  - name: "additional-component1"
-    namespace: "kyma-system"`,
-		},
+			"default": `kyma-template: "---"`},
 	}
 
 	return kebCfg

resources/cn/cn.md

@@ -0,0 +1,37 @@
+# Install KEB in the CN Region
+
+This guide will help you install KEB in the CN region.
+
+## Prerequisites
+
+- All necessary images pushed to the proper Docker registry.
+- Istio installed on the cluster.
+
+## Installation
+
+1. Set the proper values in the `sql.yaml`, especially the database password.
+
+2. Prepare a Secret with a kubeconfig to the Gardener project:
+
+   ```shell
+   KCFG=`cat <file with kubeconfig>`
+   kubectl create secret generic gardener-credentials --from-literal=kubeconfig=$KCFG -n kcp-system
+   ```
+
+3. Prepare a Secret with credentials for the Docker registry.
+
+   ```shell
+   kubectl create secret docker-registry k8s-ecr-login-renew-docker-secret --docker-server=<registry> --docker-username=<username> --docker-password=<password> --docker-email=<email> -n kcp-system
+   ```
+
+4. Apply the following YAML file to install KEB:
+
+   ```shell
+   kubectl apply -f sql.yaml
+   ```
+
+5. Install the KEB chart:
+
+   ```shell
+   helm install keb ../keb --namespace kcp-system -f values.yaml
+   ```

resources/cn/sql.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: kcp-postgresql
+  namespace: kcp-system
+stringData:
+  postgresql-broker-username: "postgres"
+  postgresql-broker-password: <password>
+  postgresql-broker-db-name: "postgres"
+  postgresql-serviceName: "keb-database.cluster-cbakie0uyuvu.rds.cn-northwest-1.amazonaws.com.cn"
+  postgresql-servicePort: "5432"
+  postgresql-sslMode: disable

resources/cn/values.yaml

@@ -0,0 +1,119 @@
+# This file contains values for KEB chart needed to install it in CN region.
+
+global:
+  images:
+    cloudsql_proxy_image: "europe-docker.pkg.dev/kyma-project/prod/tpi/cloudsql-docker/gce-proxy:v1.33.16-133356bc"
+    container_registry:
+      path: 113663649212.dkr.ecr.cn-northwest-1.amazonaws.com.cn/kcp-cn
+    schema_migrator:
+      dir: ""
+      version: "v20240307-f250dc83" # do not update along with the other images
+    kyma_environment_broker:
+      dir:
+      version: "1.8.2"
+    database:
+      cloudsqlproxy:
+        enabled: false
+
+archiving:
+    enabled: true
+    dryRun: false
+cleaning:
+    enabled: true
+    dryRun: false
+
+avs:
+  disabled: true
+
+broker:
+  events:
+    enabled: true
+binding:
+    enabled: false
+
+
+dashboardConfig:
+    enabled: true
+    landscapeURL: https://dashboard.kyma.cloud.sap # **CN**
+
+edp:
+    disabled: true
+
+enableKubeconfigURLLabel: true
+
+enablePlans: azure,gcp,azure_lite,aws,trial,free,sap-converged-cloud
+
+ias:
+    disabled: true
+
+includeAdditionalParamsInSchema: true
+
+# must be configured
+kubeconfig:
+    allowOrigins: https://dashboard.kyma.cloud.sap
+    clientID: client-id-to-set
+    issuerURL: https://kyma.accounts.ondemand.com
+
+kymaVersion: 2.20.0
+lifecycleManager:
+    disabled: true
+
+infrastructureManager:
+    disabled: true
+
+
+oidc:
+    client: client-id-to-set
+    issuer: https://kyma.accounts.ondemand.com
+    keysURL: https://kyma.accounts.ondemand.com/oauth2/certs
+
+osbUpdateProcessingEnabled: true
+provisioner:
+    dumpRequests: false
+    gardenerClusterStepTimeout: 3m
+runtimeAllowedPrincipals: |-
+    - cluster.local/ns/kcp-system/sa/kcp-kyma-metrics-collector
+    - cluster.local/ns/monitoring-system/sa/mop-agent
+serviceAccount:
+    annotations:
+      iam.gke.io/gcp-service-account: proxy-user@sap-ti-dx-kyma-mps-prod.iam.gserviceaccount.com
+serviceManager:
+    overrideMode: "Always"
+
+showTrialExpirationInfo: true
+
+subaccountCleanup:
+    enabled: false
+subaccountsIdsToShowTrialExpirationInfo: all
+
+
+trialCleanup:
+    enabled: false
+freeCleanup:
+    enabled: false
+runtimeReconciler:
+    enabled: false
+deprovisionRetrigger:
+    enabled: false
+
+subaccountSync:
+    enabled: false
+
+metricsv2:
+    enabled: true
+    operationResultRetentionPeriod: 336h
+    operationResultPoolingInterval: 1m
+    operationStatsPoolingInterval: 1m
+onlyOneFreePerGA: true
+freemiumWhitelistedGlobalAccountIds: |-
+    whitelist:
+      - d9994f8f-7e46-42a8-b2c1-1bfff8d2fe05
+showFreeExpirationInfo: true
+freeDocsURL:
+    https://help.sap.com/docs/btp/sap-business-technology-platform/available-plans-in-kyma-environment
+
+
+serviceMonitor:
+  enabled: false
+
+imagePullSecret: "k8s-ecr-login-renew-docker-secret"

resources/keb/templates/deployment.yaml

@@ -20,6 +20,10 @@ spec:
       annotations:
         checksum/config: {{ include (print $.Template.BasePath "/app-config.yaml") . | sha256sum }}
     spec:
+      {{- if ne .Values.imagePullSecret "" }}
+      imagePullSecrets:
+        - name: {{ .Values.imagePullSecret }}
+      {{- end }}
       {{ if .Values.global.isLocalEnv }}
       # HostAliases are used by Pod to resolve kyma.local domain
       hostAliases: