RHCLOUD-35503 updates defaults and adds config pkg

[tonytheleg]

PR Template:

Describe your changes

• Adds config pkg that will:
  • update config options based on values in ClowdApp Appconfig (when enabled)
  • provides debug output of configuration settings for testing
• updates some of the defaults defined in NewOptions calls to production like settings, reducing the number of settings that need explicit defining in config files or startup commands
• updates deployment manifest
  • removes any settings from configmap that are default or are expected to be captured by Clowder
  • adds optionalDependency of relations-api to capture config data
• updates server address in some default config files
• fixes typo with enable-oidc-auth setting as it was invalid
• updates README for how to deploy via ephemeral

Note: I also tested local deployment methods (docker compose, make run) and these changes did not seem to impact any of it
This has also been tested in ephemeral

Validation:

$ oc get pods | grep kessel
kessel-inventory-api-5d5b8f6c7-9tf4g                             2/2     Running   0             8m12s
kessel-inventory-db-85c7b796f9-nr5wh                             1/1     Running   0             8m12s
kessel-relations-api-686c994969-xzwhf                            2/2     Running   0             16m

$ oc logs kessel-inventory-api-5d5b8f6c7-9tf4g
Defaulted container "kessel-inventory-api" out of: kessel-inventory-api, crcauth, migration-init (init)
INFO msg=Using config file: /inventory/inventory-api-config.yaml
Log Level is set to: debug
DEBUG msg=Server Configuration: Public URL: http://localhost:8000, HTTP Listener: 0.0.0.0:8000, GRPC Listener: 0.0.0.0:9000
DEBUG msg=Storage Configuration: Host: kessel-inventory-db.ephemeral-uezpid.svc, DB: kessel-inventory, Port: 5432
DEBUG msg=Authz Configuration: URL: kessel-relations-api.ephemeral-uezpid.svc:9000, Insecure?: true, OIDC?: false
INFO msg=Using config file: /inventory/inventory-api-config.yaml
INFO ts=2024-10-02T17:48:40Z caller=log/log.go:30 service.name=inventory-api service.version=0.1.0 trace.id= span.id= subsystem=storage msg=Using backing storage: postgres
INFO ts=2024-10-02T17:48:40Z caller=log/log.go:30 service.name=inventory-api service.version=0.1.0 trace.id= span.id= subsystem=authn msg=Will check for client certs
INFO ts=2024-10-02T17:48:40Z caller=log/log.go:30 service.name=inventory-api service.version=0.1.0 trace.id= span.id= subsystem=authn msg=Loading pre-shared-keys from /psks/psks.yaml
INFO ts=2024-10-02T17:48:40Z caller=log/log.go:30 service.name=inventory-api service.version=0.1.0 trace.id= span.id= subsystem=authz msg=Using authorizer: kessel
INFO ts=2024-10-02T17:48:40Z caller=log/log.go:30 service.name=inventory-api service.version=0.1.0 trace.id= span.id= subsystem=eventing msg=Using eventing: stdout
INFO ts=2024-10-02T17:48:40Z caller=log/log.go:30 service.name=inventory-api service.version=0.1.0 trace.id= span.id= service.id=kessel-inventory-api-5d5b8f6c7-9tf4g msg=[HTTP] server listening on: [::]:8000
INFO ts=2024-10-02T17:48:40Z caller=log/log.go:30 service.name=inventory-api service.version=0.1.0 trace.id= span.id= service.id=kessel-inventory-api-5d5b8f6c7-9tf4g msg=[gRPC] server listening on: [::]:9000
INFO ts=2024-10-02T17:48:41Z caller=log/log.go:30 service.name=inventory-api service.version=0.1.0 trace.id= span.id= service.id=kessel-inventory-api-5d5b8f6c7-9tf4g msg=Readyz logs disabled
INFO ts=2024-10-02T17:48:41Z caller=log/log.go:30 service.name=inventory-api service.version=0.1.0 trace.id= span.id= service.id=kessel-inventory-api-5d5b8f6c7-9tf4g msg=Livez logs disabled

$ curl 127.0.0.1:8000/api/inventory/v1/readyz && echo ""
{"status":"STORAGE postgres and RELATIONS-API", "code":200}

Some Notes:

• based on testing, the order of precedence is
  Config File --> CLI flags/explicit option setting (what the ClowderInjection code does) --> Default options
• Settings defined in any of these fashions that are non-duplicative are merged together; any settings overlap, the precedence takes place

Example:
authz.kessel.insecure-client is set by default as false in default options
authz.kessel.insecure-client is set to true in the inventory configmap in deployment yaml
The insecure setting from the config overrides the default flag or any explicit option settings
This means anything we wish to override can be set at config file without code changes and it will take precedence

Ticket reference (if applicable)

For RHCLOUD-35503

Checklist

• Are the agreed upon acceptance criteria fulfilled?

• Was the 4-eye-principle applied? (async PR review, pairing, ensembling)

• Do your changes have passing automated tests and sufficient observability?

• Are the work steps you introduced repeatable by others, either through automation or documentation?

  • If automation is possible but not done due to other constraints, a ticket to the tech debt sprint is added
  • An SOP (Standard Operating Procedure) was created

• The Changes were automatically built, tested, and - if needed, behind a feature flag - deployed to our production environment. (Please check this when the new deployment is done and you could verify it.)

• Are the agreed upon coding/architectural practices applied?

• Are security needs fullfilled? (e.g. no internal URL)

• Is the corresponding Ticket in the right state? (should be on "review" now, put to done when this change made it to production)

• For changes to the public API / code dependencies: Was the whole team (or a sufficient amount of ppl) able to review?

[tonytheleg]

found some minor issues that need to be fixed before merging
Setting to draft to hold

[akoserwal]

Here Kessel Refers to relations-api

[tonytheleg]

The reason for adding the RelationsAPI = "kessel-relations" const is just so that i can reference that specific value HERE instead of hardcording "kessel-relations" in that method as this is the expected name of the relations ClowdApp that shows up in appconfig. This way if it ever changes, we just change the const

Similar to how the authz.impl config has a Kessel const which i use to set the impl value to 'kessel' in

inventory-api/internal/config/config.go

Line 82 in f8d5a3c

o.Authz.Authz = authz.Kessel

[akoserwal]

I would suggest changing the Kessel to RelationsAPI. authz.Kessel and RelationsAPI both are referring to "kessel-relations"

[tonytheleg]

PR set back to ready, validated the changes i made are still working in ephemeral.