Conversation
Signed-off-by: Zzde <zhangxh1997@gmail.com>
Contributor
There was a problem hiding this comment.
Pull request overview
Introduces a config-file–driven configuration mode (via KITE_CONFIG_FILE) that applies clusters/OAuth/LDAP/RBAC/superUser settings on startup, marks those sections as “managed” (read-only) in the UI, and blocks write APIs for managed sections.
Changes:
- Add backend config loader (
internal/config.go) + managed-sections tracking/exposure (GET /api/v1/managed-sections) and enforce403on writes to managed sections. - Update Settings UI pages to detect managed sections and hide edit/create/delete actions with a shared “managed” banner.
- Update Helm chart values/templates and documentation to support providing the YAML config via Secret or inline values.
Reviewed changes
Copilot reviewed 29 out of 29 changed files in this pull request and generated 7 comments.
Show a summary per file
| File | Description |
|---|---|
| ui/src/lib/api/system.ts | Adds managed-sections API hook for the UI |
| ui/src/components/settings/rbac-management.tsx | Disables RBAC mutations in UI when managed |
| ui/src/components/settings/oauth-provider-management.tsx | Disables OAuth provider mutations in UI when managed |
| ui/src/components/settings/cluster-management.tsx | Disables cluster mutations in UI when managed |
| ui/src/components/settings/authentication-management.tsx | Disables LDAP edits when managed; avoids calling LDAP update when managed |
| ui/src/components/settings/managed-banner.tsx | Adds shared read-only banner component |
| scripts/e2e-start-app.sh | Adjusts e2e startup env handling |
| routes.go | Adds /api/v1/managed-sections route |
| pkg/handlers/overview_handler.go | Implements managed-sections handler + init_check tweak for managed clusters |
| pkg/common/common.go | Adds ConfigFilePath, ManagedSections, and managed-section helpers/constants |
| pkg/cluster/cluster_handler.go | Blocks cluster write endpoints when clusters are managed |
| pkg/auth/oauth_provider_handler.go | Blocks OAuth provider write endpoints when oauth is managed |
| pkg/auth/ldap_setting_handler.go | Blocks LDAP updates when ldap is managed |
| pkg/rbac/handler.go | Blocks RBAC write endpoints when rbac is managed |
| internal/load.go | Skips env migration for sections managed by config file |
| internal/config.go | New: YAML config parsing + DB apply logic for managed sections |
| internal/config_test.go | New: end-to-end tests for config-file apply and managed-sections/init behavior |
| docs/config/env.md + docs/zh/config/env.md | Documents KITE_CONFIG_FILE env var |
| docs/config/config-file.md + docs/zh/config/config-file.md | New docs for config file format/behavior |
| docs/config/chart-values.md | Documents new chart values for config mode |
| docs/.vitepress/config.mts | Adds nav entries for config-file docs |
| charts/kite/values.yaml | Adds config: values; removes old superUser env-based block |
| charts/kite/templates/secret.yaml | Removes KITE_USERNAME/KITE_PASSWORD injection |
| charts/kite/templates/secret-config.yaml | New: renders inline config into a Secret |
| charts/kite/templates/deployment.yaml | Mounts config Secret and sets KITE_CONFIG_FILE when enabled |
| app.go | Loads config from file before env migration |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Signed-off-by: Zzde <zhangxh1997@gmail.com>
Signed-off-by: Zzde <zhangxh1997@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
closes: #226 #360 #233 #441