Support edge clusters which already have Flux (#353)

Most obviously, we want to deploy an edge cluster onto the same cluster
as our central cluster, to support the F+ 'soft gateway' concept. Our
central cluster is already managed with Flux and Sealed Secrets, so the
edge cluster bootstrap script must not attempt to install them again.

Also:
* Deploy the cluster manager service entries from service-setup.
* Deploy the cluster manager account via krbkeys, meaning it no longer
has a fixed UUID.
* Make the cluster bootstrap script a little friendlier.

acs-cluster-manager/lib/actions.js

@@ -4,6 +4,7 @@
  * Copyright 2023 AMRC
  */
 
+import jmp from "json-merge-patch";
 import rx from "rxjs";
 import yaml from "yaml";
 
@@ -169,8 +170,9 @@ export class Update extends Action {
 
         /* Build the cluster helm chart template */
         const cluster = cluster_template({ uuid, name });
+        const values = jmp.merge(cluster.values, spec.values ?? {});
         /* Build the cluster HelmRelease manifest */
-        const helm = template.helm({ uuid, ...cluster }).template;
+        const helm = template.helm({ ...cluster, uuid, values }).template;
         helm.metadata.namespace = spec.namespace;
         /* Build the initial repo contents */
         const flux = template.flux({
@@ -182,6 +184,9 @@ export class Update extends Action {
             },
         });
 
+        if (spec.bare)
+            delete flux["flux-system.yaml"];
+
         return flux;
     }
 }

acs-cluster-manager/lib/clusters.js

@@ -69,11 +69,14 @@ export class Clusters {
             .subscribe(() => process.exit(0));
 
         this.config = await cdb.get_config(
-            UUIDs.App.ServiceConfig, Edge.Service.EdgeDeployment);
+            UUIDs.App.ServiceConfig, Edge.Service.EdgeDeployment)
+            .catch(() => null);
 
-        /* If we have no SS config, wait 10 minutes and then exit */
+        /* If we have no SS config, wait 2 minutes and then exit */
         if (!this.config) {
-            await timers.setTimeout(10*60*1000);
+            this.log("No SS config, restarting in 2 minutes...");
+            await timers.setTimeout(2*60*1000);
+            this.log("Restarting to reload SS config");
             process.exit(0);
         }
     }

acs-cluster-manager/package.json

@@ -6,7 +6,6 @@
   "type": "module",
   "scripts": {
     "start": "node bin/edge-deployment.js",
-    "convert-dumps": "node bin/convert-dumps.js",
     "test": "echo \"Error: no test specified\" && exit 1"
   },
   "keywords": [],

acs-manager/app/Domain/EdgeClusters/Actions/CreateEdgeClusterAction.php

@@ -18,7 +18,7 @@ class CreateEdgeClusterAction
      * This action creates a new edge cluster
      **/
 
-    public function execute(string $name, string $chart)
+    public function execute(string $name, string $chart, bool $bare)
     {
         // =========================
         // Validate User Permissions
@@ -42,12 +42,20 @@ public function execute(string $name, string $chart)
             "name" => $name,
         ]);
 
-        // Create an entry in the Edge Cluster Configuration app
-        $configDB->putConfig(App::EdgeClusterConfiguration, $uuid, [
-            'chart' => $chart,
+        $cconf = [
+            "chart" => $chart,
             "name" => $name,
-            "namespace" => 'fplus-edge',
-        ]);
+            "namespace" => "fplus-edge",
+        ];
+        if ($bare) {
+            $cconf["bare"] = true;
+            $cconf["values"] = [
+                "sealedSecrets" => ["enabled" => false],
+            ];
+        } 
+
+        // Create an entry in the Edge Cluster Configuration app
+        $configDB->putConfig(App::EdgeClusterConfiguration, $uuid, $cconf);
 
         return action_success();
     }

acs-manager/app/Http/Controllers/EdgeClusterController.php

@@ -23,7 +23,11 @@ public function create(CreateEdgeClusterRequest $request)
         $validated = $request->validated();
 
         return process_action(
-            (new CreateEdgeClusterAction())->execute(name: $validated['name'], chart: $validated['chart'])
+            (new CreateEdgeClusterAction())->execute(
+                name: $validated['name'],
+                chart: $validated['chart'],
+                bare: $validated['bare'],
+            )
         );
     }
 

acs-manager/app/Http/Requests/CreateEdgeClusterRequest.php

@@ -38,6 +38,17 @@ public function rules()
                 'uuid',
                 'string',
             ],
+            'bare' => [
+                'boolean',
+            ],
         ];
     }
+
+    public function prepareForValidation(): void
+    {
+        $bare = $this->input("bare");
+        $this->merge([
+            "bare" => ($bare == "true"),
+        ]);
+    }
 }

acs-manager/resources/js/components/EdgeClusters/NewEdgeClusterOverlay.vue

@@ -98,6 +98,11 @@ export default {
               dataType: 'static',
               data: null,
             },
+            bare: {
+              dataType: 'collected',
+              dataSource: ['clusterConfiguration', 'controls', 'bare', 'value'],
+              data: false,
+            },
           },
         },
         clusterConfiguration: {
@@ -127,7 +132,18 @@ export default {
               disabled: false,
               initialValue: '',
               value: '',
-            }
+            },
+            bare: {
+              name: 'Bare deployment',
+              description: 'We already have Flux and Sealed Secrets deployed.',
+              type: 'checkbox',
+              validations: {
+                required: helpers.withMessage('Please choose', required),
+              },
+              disabled: false,
+              initialValue: false,
+              value: false,
+            },
           },
           buttons: [
             {