Parent
Part of #4701 (Phase 1)
Summary
Add new fields to MCPRegistrySpec that allow users to pass registry server configuration as raw YAML, bypassing the operator's typed config generation. This decouples the CRD from the registry server's config format so config changes no longer require operator CRD updates.
New CRD Fields
configYAML (string) — complete registry server config.yaml content. The operator creates a ConfigMap from this string and mounts it at /config/config.yaml. No parsing or transformation.volumes ([]apiextensionsv1.JSON) — standard Kubernetes Volume objects as raw JSON. The operator appends them to the pod spec.volumeMounts ([]apiextensionsv1.JSON) — standard Kubernetes VolumeMount objects as raw JSON. The operator appends them to the registry-api container.pgpassSecretRef (*SecretKeySelector) — references a user-created Secret containing a pgpass file. The operator handles the init container + chmod 0600 permission plumbing invisibly (required because PostgreSQL's libpq rejects pgpass files that aren't mode 0600, and Kubernetes secret volumes mount as root-owned while the container runs as non-root UID 65532).
Operator Changes
- Code path branch in
ReconcileAPIService: if configYAML is set → new path, else → legacy path
- New
reconcileNewPath — creates ConfigMap from raw YAML, builds deployment with user volumes/mounts
- New
buildRegistryAPIDeploymentNewPath — no WithRegistrySourceMounts, WithGitAuthMount, or WithRegistryStorageMount
- New
WithPGPassSecretRefMount — takes user SecretKeySelector instead of generated secret name
- Shared
upsertDeployment and withPGPassMountFromVolume to eliminate duplication
- Mutual exclusivity validation (CEL + reconciler defense-in-depth)
- Reserved volume name and mount path collision detection
Deprecation
The existing typed fields (sources, registries, databaseConfig, authConfig, telemetryConfig) are marked deprecated in comments but remain fully functional. No code is removed.
Testing
- Unit tests for validation (mutual exclusivity, reserved names, mount path collisions, pgpassSecretRef validation)
- Unit tests for
RawConfigToConfigMap, WithPGPassSecretRefMount, ParseVolumes, ParseVolumeMounts
- End-to-end verified on Kind cluster with CNPG PostgreSQL and registry server v1.0.0 (single source, multi-source with ConfigMap + Git + Kubernetes)
PR
#4693
Parent
Part of #4701 (Phase 1)
Summary
Add new fields to MCPRegistrySpec that allow users to pass registry server configuration as raw YAML, bypassing the operator's typed config generation. This decouples the CRD from the registry server's config format so config changes no longer require operator CRD updates.
New CRD Fields
configYAML(string) — complete registry serverconfig.yamlcontent. The operator creates a ConfigMap from this string and mounts it at/config/config.yaml. No parsing or transformation.volumes([]apiextensionsv1.JSON) — standard Kubernetes Volume objects as raw JSON. The operator appends them to the pod spec.volumeMounts([]apiextensionsv1.JSON) — standard Kubernetes VolumeMount objects as raw JSON. The operator appends them to the registry-api container.pgpassSecretRef(*SecretKeySelector) — references a user-created Secret containing a pgpass file. The operator handles the init container +chmod 0600permission plumbing invisibly (required because PostgreSQL's libpq rejects pgpass files that aren't mode 0600, and Kubernetes secret volumes mount as root-owned while the container runs as non-root UID 65532).Operator Changes
ReconcileAPIService: ifconfigYAMLis set → new path, else → legacy pathreconcileNewPath— creates ConfigMap from raw YAML, builds deployment with user volumes/mountsbuildRegistryAPIDeploymentNewPath— noWithRegistrySourceMounts,WithGitAuthMount, orWithRegistryStorageMountWithPGPassSecretRefMount— takes user SecretKeySelector instead of generated secret nameupsertDeploymentandwithPGPassMountFromVolumeto eliminate duplicationDeprecation
The existing typed fields (
sources,registries,databaseConfig,authConfig,telemetryConfig) are marked deprecated in comments but remain fully functional. No code is removed.Testing
RawConfigToConfigMap,WithPGPassSecretRefMount,ParseVolumes,ParseVolumeMountsPR
#4693