Support multi-cluster deployments (Central + SecuredCluster on separate clusters)

[AlexVulaj]

Summary

Roxie currently assumes Central and SecuredCluster are deployed on the same Kubernetes cluster. Many ACS customers and internal teams run a hub + spoke architecture where Central lives on one cluster and one or more SecuredClusters are deployed to separate clusters. This PR adds multi-cluster support so that roxie can deploy a SecuredCluster that points to a Central running on a different cluster.

Users set the SecuredCluster CR's centralEndpoint directly via config file:

# spoke-config.yaml
securedCluster:
  spec:
    centralEndpoint: "central.example.com:443"

ROX_ADMIN_PASSWORD=<admin-password> \
ROX_CA_CERT_FILE=<path-to-ca-cert> \
roxie deploy secured-cluster -t 4.9.2 -c spoke-config.yaml

When spec.centralEndpoint is provided, roxie preserves it. When it is not set, roxie defaults to the internal central.<namespace>.svc:443 endpoint, preserving full backward compatibility. Authentication to Central for CRS generation uses the existing ROX_ADMIN_PASSWORD and ROX_CA_CERT_FILE environment variables.

Testing

• Single-cluster deploy on GKE (regression test): verified default behavior is unchanged
• Multi-cluster deploy on GKE (new feature): Central on cluster A, SecuredCluster on cluster B with spec.centralEndpoint pointing to cluster A — both deployed and connected successfully, sensor logs confirmed connection to remote Central

Closes #99

[davdhacs]

This will be very helpful for Infra and e2e testing. In Infra/Automation, we've had a long-term todo of adding multi-cluster capability to the demo (ansible scripts) and repeated asks/investigations on various teams have looked at multi-cluster deploys for automated testing.
+1

[AlexVulaj]

Holding this PR until we can have further discussions around the UX of the feature.

[AlexVulaj]

Ready for re-review @porridge @mclasmeier

[mclasmeier]

I'm not sure about this kind of validation.

I have always thought that roxie just takes what it needs from the provided config. Even if it has a full configuration for component A and only deployment of component B is requested, the config should be usable unmodified.

This validation step would prevent the user from using a single, merged configuration, no?

[AlexVulaj]

Fair point here, a single merged config should be usable regardless of which component is being deployed. I'll drop this validation.

[mclasmeier]

Thought about this since yesterday and I keep coming back to the question: why not simply use spec["centralEndpoint"]? This is already a field in the CR and if we want to keep roxie a relative light-weight layer on top of our operator-based installation, we could naturally just use the existing spec field.

[AlexVulaj]

Good call - let's just use the spec.centralEndpoint field and I'll adjust ConfigureSpec to only set the internal default when spec.centralEndpoint isn't already provided.

[mclasmeier]

For the (new) docs, I think we should prever roxie deploy -t <version> over MAIN_IMAGE_TAG, which was primarily added for backwards compat reasons with deployment scripts.

[mclasmeier]

The external endpoint is also contained in some environment variable written by roxie, right?

[AlexVulaj]

Yep! roxie sets API_ENDPOINT (along with a few others) in the subshell environment.

[mclasmeier]

Ah, there it comes.

Maybe move this a bit up, because the above instructions as written direct the user to this mode?

Maybe also mention that for some use cases (automation), --envrc might be the better fit?

[porridge]

FTR I don't have anything to add over what @mclasmeier wrote.

[coderabbitai]

📝 Walkthrough

Walkthrough

This PR enables hub-and-spoke multi-cluster deployments by allowing an explicit centralEndpoint to be specified when deploying SecuredCluster to a separate cluster. The configuration logic respects user-provided values while supplying internal defaults, test coverage validates the precedence rules, and user documentation explains the deployment pattern.

Changes

Multi-cluster deployment support

Layer / File(s)	Summary
Central endpoint configuration and validation internal/deployer/config.go, internal/deployer/central_endpoint_test.go	SecuredClusterConfig.ConfigureSpec now conditionally sets spec.centralEndpoint only when absent, preserving any user-provided value; test cases validate default construction, namespace customization, user-input preservation, and precedence behavior.
Summary display and user documentation internal/deployer/deployer.go, README.md	Deployment summary conditionally prints the Central Endpoint when a non-default value is configured; README documents the hub-and-spoke workflow with step-by-step instructions for deploying Central and SecuredCluster on separate clusters.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Poem

🐰 A hub speaks to spokes across the lands so far,
Where Central shines bright like a guiding star.
No longer one cluster holds all the weight—
Multi-cluster deployments now seal their fate!
Your endpoint now carries the message with care. ✨

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The pull request title clearly and concisely summarizes the main change—adding support for multi-cluster deployments where Central and SecuredCluster run on separate clusters, which is the primary objective of this changeset.
Linked Issues check	✅ Passed	The pull request fully addresses the requirements from issue #99: it enables multi-cluster deployments via a configurable centralEndpoint property, supports hub-and-spoke topology, and maintains backward compatibility when the property is not set.
Out of Scope Changes check	✅ Passed	All changes are directly related to implementing multi-cluster deployment support: README documentation for hub-and-spoke setup, config logic to handle centralEndpoint, tests validating the behavior, and deployment summary updates—no out-of-scope modifications detected.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch multi-cluster-support

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}