local deploy without secrets

Author: davdhacs

DEPLOYMENT.md

@@ -116,6 +116,12 @@ Use the environment variable `TEST_MODE` to disable certain infra service behavi
 
 This is used in the infra PR clusters to set the login referer and disable telemetry.
 
+#### Deployments for testing only (no secrets)
+
+For test clusters (such as a local KinD/Colima), you can use the deploy-local make target to skip loading secrets. The flavor provisioning actions that require secrets will no be accessible, and integrations such as with Slack will be disabled.
+
+`make deploy-local`
+
 ### Rollback
 
 Use `helm rollback infra-server <REVISION>`.

Makefile

@@ -253,6 +253,10 @@ helm-deploy: pre-check helm-dependency-update create-namespaces
 helm-diff: pre-check helm-dependency-update create-namespaces
 	@./scripts/deploy/helm.sh diff $(VERSION) $(ENVIRONMENT) $(SECRET_VERSION)
 
+## Deploy to local cluster (e.g., Colima) without GCP Secret Manager
+.PHONY: deploy-local
+deploy-local: helm-dependency-update create-namespaces
+	TEST_MODE=true ./scripts/deploy/helm.sh deploy-local $(shell make tag) local
 ## Bounce pods
 .PHONY: bounce-infra-pods
 bounce-infra-pods:

chart/infra-server/configuration/local-values.yaml

@@ -0,0 +1,33 @@
+environment: local
+
+# Disable Auth0 for local development - allow anonymous access
+auth0:
+  clientID: ""
+  tenant: ""
+
+# Set local deploy mode to true for local development
+localDeploy: true
+
+# Enable test mode for faster cluster resume intervals
+testMode: true
+
+# Use local Docker images instead of pulling from registry
+imagePullPolicy: Never
+
+# Pull secrets for container registries - dummy values for local development
+pullSecrets:
+  docker:
+    registry: "docker.io"
+    username: "dummy"
+    password: "dummy"
+  quay:
+    registry: "quay.io"
+    username: "dummy"
+    password: "dummy"
+  stackrox:
+    registry: "stackrox.io"
+    username: "dummy"
+    password: "dummy"
+
+# Alertmanager configuration
+alertmanagerSlackTeam: "dummy-team"

chart/infra-server/templates/argo/secrets.yaml

@@ -1,3 +1,4 @@
+{{- if not .Values.localDeploy }}
 ---
 apiVersion: v1
 kind: Secret
@@ -7,3 +8,4 @@ metadata:
 data:
   credentials.json: |-
     {{ required ".Values.google_credentials_json is undefined" .Values.google_credentials_json }}
+{{- end }}

chart/infra-server/templates/aro/secrets.yaml

@@ -1,3 +1,4 @@
+{{- if not .Values.localDeploy }}
 ---
 apiVersion: v1
 kind: Secret
@@ -16,3 +17,4 @@ data:
     {{ .Values.aroClusterManager.azureSPSecretVal | b64enc }}
   REDHAT_PULL_SECRET_BASE64: |-
     {{ .Values.aroClusterManager.redHatPullSecretBase64 | b64enc }}
+{{- end }}

chart/infra-server/templates/aws/secrets.yaml

@@ -1,3 +1,4 @@
+{{- if not .Values.localDeploy }}
 ---
 apiVersion: v1
 kind: Secret
@@ -10,3 +11,4 @@ data:
     {{ .Values.aws.accessKeyId | b64enc }}
   AWS_SECRET_ACCESS_KEY: |-
     {{ .Values.aws.secretAccessKey | b64enc }}
+{{- end }}

chart/infra-server/templates/azure/secrets.yaml

@@ -1,3 +1,4 @@
+{{- if not .Values.localDeploy }}
 
 ---
 
@@ -18,3 +19,4 @@ data:
     {{ .Values.azure.sp_tenant | b64enc }}
   ACR_TO_ATTACH: |-
     {{ .Values.azure.aks_attached_acr | b64enc }}
+{{- end }}

chart/infra-server/templates/demo/secrets.yaml

@@ -1,3 +1,4 @@
+{{- if not .Values.localDeploy }}
 ---
 
 apiVersion: v1
@@ -90,3 +91,4 @@ data:
   .dockerconfigjson: {{ template "pull-secret" .Values.pullSecrets.quay }}
 
 ---
+{{- end }}

chart/infra-server/templates/deployment.yaml

@@ -27,8 +27,12 @@ spec:
         - name: infra-server
           image: quay.io/rhacs-eng/infra-server:{{ required "A valid .Values.tag entry is required!" .Values.tag }}
           env:
+{{- if not .Values.localDeploy }}
             - name: GOOGLE_APPLICATION_CREDENTIALS
               value: /configuration/google-credentials.json
+{{- end }}
+            - name: LOCAL_DEPLOY
+              value: "{{ .Values.localDeploy }}"
             - name: TEST_MODE
               value: "{{ .Values.testMode }}"
           readinessProbe:
@@ -47,7 +51,7 @@ spec:
               containerPort: 8443
             - name: metrics
               containerPort: 9101
-          imagePullPolicy: Always
+          imagePullPolicy: {{ .Values.imagePullPolicy | default "Always" }}
           volumeMounts:
             - mountPath: /configuration
               name: configuration

chart/infra-server/templates/gke/secrets.yaml

@@ -1,3 +1,4 @@
+{{- if not .Values.localDeploy }}
 ---
 
 apiVersion: v1
@@ -13,3 +14,4 @@ data:
     {{ required ".Values.gke__gke_provisioner_json is undefined" .Values.gke__gke_provisioner_json }}
 
 ---
+{{- end }}