chore: numaflow server start args in a configmap (#1311)

Signed-off-by: Derek Wang <[email protected]>
numaproj · Nov 1, 2023 · 3762992 · 3762992
1 parent 8ed52b3
commit 3762992
Show file tree

Hide file tree

Showing 14 changed files with 413 additions and 18 deletions.
diff --git a/cmd/commands/server-init.go b/cmd/commands/server-init.go
@@ -23,6 +23,8 @@ import (
 	"strings"
 
 	"github.com/spf13/cobra"
+
+	sharedutil "github.com/numaproj/numaflow/pkg/shared/util"
 )
 
 func NewServerInitCommand() *cobra.Command {
@@ -53,7 +55,7 @@ func NewServerInitCommand() *cobra.Command {
 		},
 	}
 
-	command.Flags().StringVar(&baseHref, "base-href", "/", "Base href for Numaflow server, defaults to '/'.")
+	command.Flags().StringVar(&baseHref, "base-href", sharedutil.LookupEnvStringOr("NUMAFLOW_SERVER_BASE_HREF", "/"), "Base href for Numaflow server, defaults to '/'.")
 	return command
 }
 

diff --git a/cmd/commands/server.go b/cmd/commands/server.go
@@ -61,13 +61,13 @@ func NewServerCommand() *cobra.Command {
 			server.Start()
 		},
 	}
-	command.Flags().BoolVar(&insecure, "insecure", false, "Whether to disable TLS, defaults to false.")
-	command.Flags().IntVarP(&port, "port", "p", 8443, "Port to listen on, defaults to 8443 or 8080 if insecure is set")
-	command.Flags().BoolVar(&namespaced, "namespaced", false, "Whether to run in namespaced scope, defaults to false.")
-	command.Flags().StringVar(&managedNamespace, "managed-namespace", sharedutil.LookupEnvStringOr("NAMESPACE", "numaflow-system"), "The namespace that the server watches when \"--namespaced\" is \"true\".")
-	command.Flags().StringVar(&baseHref, "base-href", "/", "Base href for Numaflow server, defaults to '/'.")
-	command.Flags().BoolVar(&disableAuth, "disable-auth", false, "Whether to disable authentication and authorization, defaults to false.")
-	command.Flags().StringVar(&dexServerAddr, "dex-server-addr", "http://numaflow-dex-server:5556/dex", "The actual address of the Dex server for the reverse proxy to target.")
-	command.Flags().StringVar(&serverAddr, "server-addr", "https://localhost:8443", "The address of the Numaflow server.")
+	command.Flags().BoolVar(&insecure, "insecure", sharedutil.LookupEnvBoolOr("NUMAFLOW_SERVER_INSECURE", false), "Whether to disable TLS, defaults to false.")
+	command.Flags().IntVarP(&port, "port", "p", sharedutil.LookupEnvIntOr("NUMAFLOW_SERVER_PORT_NUMBER", 8443), "Port to listen on, defaults to 8443 or 8080 if insecure is set")
+	command.Flags().BoolVar(&namespaced, "namespaced", sharedutil.LookupEnvBoolOr("NUMAFLOW_SERVER_NAMESPACED", false), "Whether to run in namespaced scope, defaults to false.")
+	command.Flags().StringVar(&managedNamespace, "managed-namespace", sharedutil.LookupEnvStringOr("NUMAFLOW_SERVER_MANAGED_NAMESPACE", sharedutil.LookupEnvStringOr("NAMESPACE", "numaflow-system")), "The namespace that the server watches when \"--namespaced\" is \"true\".")
+	command.Flags().StringVar(&baseHref, "base-href", sharedutil.LookupEnvStringOr("NUMAFLOW_SERVER_BASE_HREF", "/"), "Base href for Numaflow server, defaults to '/'.")
+	command.Flags().BoolVar(&disableAuth, "disable-auth", sharedutil.LookupEnvBoolOr("NUMAFLOW_SERVER_DISABLE_AUTH", false), "Whether to disable authentication and authorization, defaults to false.")
+	command.Flags().StringVar(&dexServerAddr, "dex-server-addr", sharedutil.LookupEnvStringOr("NUMAFLOW_SERVER_DEX_SERVER_ADDR", "http://numaflow-dex-server:5556/dex"), "The address of the Dex server.")
+	command.Flags().StringVar(&serverAddr, "server-addr", sharedutil.LookupEnvStringOr("NUMAFLOW_SERVER_ADDRESS", "https://localhost:8443"), "The external address of the Numaflow server.")
 	return command
 }
diff --git a/config/advanced-install/namespaced-numaflow-server.yaml b/config/advanced-install/namespaced-numaflow-server.yaml
@@ -83,6 +83,13 @@ subjects:
   name: numaflow-server-sa
 ---
 apiVersion: v1
+data:
+  server.disable.auth: "true"
+kind: ConfigMap
+metadata:
+  name: numaflow-server-cmd-params-config
+---
+apiVersion: v1
 data:
   rbac-conf.yaml: |
     policy.default: role:readonly
@@ -138,13 +145,60 @@ spec:
       containers:
       - args:
         - server
-        - --disable-auth=true
         - --namespaced
         env:
         - name: NAMESPACE
           valueFrom:
             fieldRef:
               fieldPath: metadata.namespace
+        - name: NUMAFLOW_SERVER_INSECURE
+          valueFrom:
+            configMapKeyRef:
+              key: server.insecure
+              name: numaflow-server-cmd-params-config
+              optional: true
+        - name: NUMAFLOW_SERVER_PORT_NUMBER
+          valueFrom:
+            configMapKeyRef:
+              key: server.port
+              name: numaflow-server-cmd-params-config
+              optional: true
+        - name: NUMAFLOW_SERVER_NAMESPACED
+          valueFrom:
+            configMapKeyRef:
+              key: server.namespaced
+              name: numaflow-server-cmd-params-config
+              optional: true
+        - name: NUMAFLOW_SERVER_MANAGED_NAMESPACE
+          valueFrom:
+            configMapKeyRef:
+              key: server.managed.namespace
+              name: numaflow-server-cmd-params-config
+              optional: true
+        - name: NUMAFLOW_SERVER_BASE_HREF
+          valueFrom:
+            configMapKeyRef:
+              key: server.base.href
+              name: numaflow-server-cmd-params-config
+              optional: true
+        - name: NUMAFLOW_SERVER_DISABLE_AUTH
+          valueFrom:
+            configMapKeyRef:
+              key: server.disable.auth
+              name: numaflow-server-cmd-params-config
+              optional: true
+        - name: NUMAFLOW_SERVER_DEX_SERVER_ADDR
+          valueFrom:
+            configMapKeyRef:
+              key: server.dex.server
+              name: numaflow-server-cmd-params-config
+              optional: true
+        - name: NUMAFLOW_SERVER_ADDRESS
+          valueFrom:
+            configMapKeyRef:
+              key: server.address
+              name: numaflow-server-cmd-params-config
+              optional: true
         image: quay.io/numaproj/numaflow:v1.0.0-rc1
         imagePullPolicy: Always
         livenessProbe:
@@ -174,6 +228,13 @@ spec:
       initContainers:
       - args:
         - server-init
+        env:
+        - name: NUMAFLOW_SERVER_BASE_HREF
+          valueFrom:
+            configMapKeyRef:
+              key: server.base.href
+              name: numaflow-server-cmd-params-config
+              optional: true
         image: quay.io/numaproj/numaflow:v1.0.0-rc1
         imagePullPolicy: Always
         name: server-init

diff --git a/config/advanced-install/numaflow-server.yaml b/config/advanced-install/numaflow-server.yaml
@@ -85,6 +85,14 @@ subjects:
   namespace: numaflow-system
 ---
 apiVersion: v1
+data:
+  server.disable.auth: "true"
+kind: ConfigMap
+metadata:
+  name: numaflow-server-cmd-params-config
+  namespace: numaflow-system
+---
+apiVersion: v1
 data:
   rbac-conf.yaml: |
     policy.default: role:readonly
@@ -148,6 +156,54 @@ spec:
           valueFrom:
             fieldRef:
               fieldPath: metadata.namespace
+        - name: NUMAFLOW_SERVER_INSECURE
+          valueFrom:
+            configMapKeyRef:
+              key: server.insecure
+              name: numaflow-server-cmd-params-config
+              optional: true
+        - name: NUMAFLOW_SERVER_PORT_NUMBER
+          valueFrom:
+            configMapKeyRef:
+              key: server.port
+              name: numaflow-server-cmd-params-config
+              optional: true
+        - name: NUMAFLOW_SERVER_NAMESPACED
+          valueFrom:
+            configMapKeyRef:
+              key: server.namespaced
+              name: numaflow-server-cmd-params-config
+              optional: true
+        - name: NUMAFLOW_SERVER_MANAGED_NAMESPACE
+          valueFrom:
+            configMapKeyRef:
+              key: server.managed.namespace
+              name: numaflow-server-cmd-params-config
+              optional: true
+        - name: NUMAFLOW_SERVER_BASE_HREF
+          valueFrom:
+            configMapKeyRef:
+              key: server.base.href
+              name: numaflow-server-cmd-params-config
+              optional: true
+        - name: NUMAFLOW_SERVER_DISABLE_AUTH
+          valueFrom:
+            configMapKeyRef:
+              key: server.disable.auth
+              name: numaflow-server-cmd-params-config
+              optional: true
+        - name: NUMAFLOW_SERVER_DEX_SERVER_ADDR
+          valueFrom:
+            configMapKeyRef:
+              key: server.dex.server
+              name: numaflow-server-cmd-params-config
+              optional: true
+        - name: NUMAFLOW_SERVER_ADDRESS
+          valueFrom:
+            configMapKeyRef:
+              key: server.address
+              name: numaflow-server-cmd-params-config
+              optional: true
         image: quay.io/numaproj/numaflow:v1.0.0-rc1
         imagePullPolicy: Always
         livenessProbe:
@@ -177,6 +233,13 @@ spec:
       initContainers:
       - args:
         - server-init
+        env:
+        - name: NUMAFLOW_SERVER_BASE_HREF
+          valueFrom:
+            configMapKeyRef:
+              key: server.base.href
+              name: numaflow-server-cmd-params-config
+              optional: true
         image: quay.io/numaproj/numaflow:v1.0.0-rc1
         imagePullPolicy: Always
         name: server-init

diff --git a/config/base/numaflow-server/kustomization.yaml b/config/base/numaflow-server/kustomization.yaml
@@ -4,5 +4,6 @@ kind: Kustomization
 resources:
   - numaflow-server-sa.yaml
   - numaflow-server-rbac-config.yaml
+  - numaflow-server-cmd-params-config.yaml
   - numaflow-server-deployment.yaml
   - numaflow-server-service.yaml
diff --git a/config/base/numaflow-server/numaflow-server-cmd-params-config.yaml b/config/base/numaflow-server/numaflow-server-cmd-params-config.yaml
@@ -0,0 +1,27 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: numaflow-server-cmd-params-config
+data:
+  ### Whether to disable TLS.
+  # server.insecure: "false"
+  #
+  ### Port to listen on, defaults to 8443 or 8080 if insecure is set.
+  # server.port: "8443"
+  #
+  ### Whether to run in namespaced scope, defaults to false.
+  # server.namespaced: "false"
+  #
+  ### The namespace that the server watches when "server.namespaced" is true.
+  # server.managed.namespace=numaflow-system
+  ### Base href for Numaflow server, defaults to '/'.
+  # server.base.href: "/"
+  #
+  ### Whether to disable authentication and authorization, defaults to false.
+  server.disable.auth: "true"
+  #
+  ### The address of the Dex server for authentication.
+  # server.dex.server: http://numaflow-dex-server:5556/dex
+  #
+  ### The external address of the Numaflow server. This is needed when using Dex for authentication.
+  # server.address=https://localhost:8443
diff --git a/config/base/numaflow-server/numaflow-server-deployment.yaml b/config/base/numaflow-server/numaflow-server-deployment.yaml
@@ -32,6 +32,13 @@ spec:
         args:
         - "server-init"
         imagePullPolicy: Always
+        env:
+        - name: NUMAFLOW_SERVER_BASE_HREF
+          valueFrom:
+            configMapKeyRef:
+              name: numaflow-server-cmd-params-config
+              key: server.base.href
+              optional: true
         volumeMounts:
         - mountPath: /opt/numaflow
           name: env-volume
@@ -40,8 +47,6 @@ spec:
           image: quay.io/numaproj/numaflow:latest
           args:
           - "server"
-          # By default, turn off authentication and authorization.
-          - "--disable-auth=true"
           imagePullPolicy: Always
           volumeMounts:
           - mountPath: /ui/build/runtime-env.js
@@ -53,10 +58,58 @@ spec:
           - mountPath: /etc/numaflow
             name: rbac-config
           env:
-            - name: NAMESPACE
-              valueFrom:
-                fieldRef:
-                  fieldPath: metadata.namespace
+          - name: NAMESPACE
+            valueFrom:
+              fieldRef:
+                fieldPath: metadata.namespace
+          - name: NUMAFLOW_SERVER_INSECURE
+            valueFrom:
+              configMapKeyRef:
+                name: numaflow-server-cmd-params-config
+                key: server.insecure
+                optional: true
+          - name: NUMAFLOW_SERVER_PORT_NUMBER
+            valueFrom:
+              configMapKeyRef:
+                name: numaflow-server-cmd-params-config
+                key: server.port
+                optional: true
+          - name: NUMAFLOW_SERVER_NAMESPACED
+            valueFrom:
+              configMapKeyRef:
+                name: numaflow-server-cmd-params-config
+                key: server.namespaced
+                optional: true
+          - name: NUMAFLOW_SERVER_MANAGED_NAMESPACE
+            valueFrom:
+              configMapKeyRef:
+                name: numaflow-server-cmd-params-config
+                key: server.managed.namespace
+                optional: true
+          - name: NUMAFLOW_SERVER_BASE_HREF
+            valueFrom:
+              configMapKeyRef:
+                name: numaflow-server-cmd-params-config
+                key: server.base.href
+                optional: true
+          - name: NUMAFLOW_SERVER_DISABLE_AUTH
+            valueFrom:
+              configMapKeyRef:
+                name: numaflow-server-cmd-params-config
+                key: server.disable.auth
+                optional: true
+          - name: NUMAFLOW_SERVER_DEX_SERVER_ADDR
+            valueFrom:
+              configMapKeyRef:
+                name: numaflow-server-cmd-params-config
+                key: server.dex.server
+                optional: true
+          - name: NUMAFLOW_SERVER_ADDRESS
+            valueFrom:
+              configMapKeyRef:
+                name: numaflow-server-cmd-params-config
+                key: server.address
+                optional: true
           resources:
             limits:
               cpu: 500m