From 2fa66e081e5a14f98fd830a54cb8a7ea8f319b4a Mon Sep 17 00:00:00 2001 From: Ben Jackson Date: Mon, 5 Aug 2024 10:58:43 +1000 Subject: [PATCH] fix: additional templating and logic fixes (#346) * fix: no imagecache for pull through images if dockerhub credentials are provided * fix: add missing LAGOON_SSH_PRIVATE_KEY build arg * fix: fsgroup 0 on services that had it previously * fix: trim whitespace from cron * test: add test for rootless workload with cronjobs * test: add not enough and too many field checks for cronjobs with better error * fix: k8up newer version backup annotation on deployments --- cmd/identify_imagebuild_test.go | 106 ++++++++++++ cmd/template_lagoonservices_test.go | 41 +++-- internal/generator/build_data.go | 1 + internal/generator/buildvalues.go | 2 + internal/generator/container_registries.go | 1 + internal/generator/generator.go | 2 + internal/generator/services.go | 2 +- internal/helpers/helpers_cron.go | 5 +- internal/helpers/helpers_cron_test.go | 51 +++++- internal/servicetypes/elasticsearch.go | 4 + internal/servicetypes/solr.go | 4 + .../templating/services/templates_cronjob.go | 26 ++- .../services/templates_deployment.go | 16 +- .../services/templates_deployment_test.go | 81 ++++++--- internal/templating/services/templates_pvc.go | 1 + .../deployment/result-elasticsearch-1.yaml | 6 + .../deployment/result-mariadb-1.yaml | 4 +- .../deployment/result-mariadb-2.yaml | 97 +++++++++++ .../deployment/result-mongodb-1.yaml | 4 +- .../deployment/result-opensearch-1.yaml | 6 + .../deployment/result-postgres-1.yaml | 4 +- .../deployment/result-postgres-single-1.yaml | 3 + .../deployment/result-solr-1.yaml | 3 + .../complex/docker-compose.varnish3.yml | 160 ++++++++++++++++++ internal/testdata/complex/lagoon.varnish3.yml | 28 +++ .../service3/deployment-mariadb-10-5.yaml | 2 + .../service3/deployment-opensearch-2.yaml | 2 + .../service3/deployment-postgres-11.yaml | 2 + .../service3/deployment-solr-8.yaml | 2 + .../service4/deployment-mariadb-10-11.yaml | 2 + .../service4/deployment-mariadb-10-5.yaml | 2 + .../service4/deployment-mongo-4.yaml | 2 + .../service4/deployment-postgres-11.yaml | 2 + .../service4/deployment-postgres-15.yaml | 2 + .../cronjob-cronjob-cli-drush-cron2.yaml | 99 +++++++++++ .../service5/deployment-cli.yaml | 103 +++++++++++ .../service5/deployment-nginx-php.yaml | 155 +++++++++++++++++ .../service5/deployment-redis.yaml | 87 ++++++++++ .../service5/deployment-varnish.yaml | 90 ++++++++++ .../service5/pvc-nginx-php.yaml | 30 ++++ .../service5/service-nginx-php.yaml | 31 ++++ .../service5/service-redis.yaml | 31 ++++ .../service5/service-varnish.yaml | 35 ++++ internal/testdata/testdata.go | 9 + 44 files changed, 1282 insertions(+), 64 deletions(-) create mode 100644 internal/templating/services/test-resources/deployment/result-mariadb-2.yaml create mode 100644 internal/testdata/complex/docker-compose.varnish3.yml create mode 100644 internal/testdata/complex/lagoon.varnish3.yml create mode 100644 internal/testdata/complex/service-templates/service5/cronjob-cronjob-cli-drush-cron2.yaml create mode 100644 internal/testdata/complex/service-templates/service5/deployment-cli.yaml create mode 100644 internal/testdata/complex/service-templates/service5/deployment-nginx-php.yaml create mode 100644 internal/testdata/complex/service-templates/service5/deployment-redis.yaml create mode 100644 internal/testdata/complex/service-templates/service5/deployment-varnish.yaml create mode 100644 internal/testdata/complex/service-templates/service5/pvc-nginx-php.yaml create mode 100644 internal/testdata/complex/service-templates/service5/service-nginx-php.yaml create mode 100644 internal/testdata/complex/service-templates/service5/service-redis.yaml create mode 100644 internal/testdata/complex/service-templates/service5/service-varnish.yaml diff --git a/cmd/identify_imagebuild_test.go b/cmd/identify_imagebuild_test.go index 9878a805..f4db04e9 100644 --- a/cmd/identify_imagebuild_test.go +++ b/cmd/identify_imagebuild_test.go @@ -46,6 +46,7 @@ func TestImageBuildConfigurationIdentification(t *testing.T) { "LAGOON_GIT_SHA": "abcdefg123456", "LAGOON_GIT_BRANCH": "main", "NODE_IMAGE": "example-project-main-node", + "LAGOON_SSH_PRIVATE_KEY": "-----BEGIN OPENSSH PRIVATE KEY-----\nthisisafakekey\n-----END OPENSSH PRIVATE KEY-----", }, Images: []imageBuilds{ { @@ -85,6 +86,7 @@ func TestImageBuildConfigurationIdentification(t *testing.T) { "CLI_IMAGE": "example-project-main-cli", "NGINX_IMAGE": "example-project-main-nginx", "PHP_IMAGE": "example-project-main-php", + "LAGOON_SSH_PRIVATE_KEY": "-----BEGIN OPENSSH PRIVATE KEY-----\nthisisafakekey\n-----END OPENSSH PRIVATE KEY-----", }, Images: []imageBuilds{ { @@ -172,6 +174,7 @@ func TestImageBuildConfigurationIdentification(t *testing.T) { "NGINX_IMAGE": "example-project-main-nginx", "PHP_IMAGE": "example-project-main-php", "LAGOON_FEATURE_FLAG_IMAGECACHE_REGISTRY": "imagecache.example.com", + "LAGOON_SSH_PRIVATE_KEY": "-----BEGIN OPENSSH PRIVATE KEY-----\nthisisafakekey\n-----END OPENSSH PRIVATE KEY-----", }, Images: []imageBuilds{ { @@ -247,6 +250,7 @@ func TestImageBuildConfigurationIdentification(t *testing.T) { "LND_IMAGE": "example-project-main-lnd", "THUNDERHUB_IMAGE": "example-project-main-thunderhub", "TOR_IMAGE": "example-project-main-tor", + "LAGOON_SSH_PRIVATE_KEY": "-----BEGIN OPENSSH PRIVATE KEY-----\nthisisafakekey\n-----END OPENSSH PRIVATE KEY-----", }, Images: []imageBuilds{ { @@ -315,6 +319,7 @@ func TestImageBuildConfigurationIdentification(t *testing.T) { "LAGOON_GIT_BRANCH": "main", "LND_IMAGE": "example-project-main-lnd", "TOR_IMAGE": "example-project-main-tor", + "LAGOON_SSH_PRIVATE_KEY": "-----BEGIN OPENSSH PRIVATE KEY-----\nthisisafakekey\n-----END OPENSSH PRIVATE KEY-----", }, Images: []imageBuilds{ { @@ -358,6 +363,7 @@ func TestImageBuildConfigurationIdentification(t *testing.T) { "LAGOON_BUILD_TYPE": "promote", "LAGOON_GIT_SOURCE_REPOSITORY": "ssh://git@example.com/lagoon-demo.git", "LAGOON_KUBERNETES": "remote-cluster1", + "LAGOON_SSH_PRIVATE_KEY": "-----BEGIN OPENSSH PRIVATE KEY-----\nthisisafakekey\n-----END OPENSSH PRIVATE KEY-----", }, Images: []imageBuilds{ { @@ -406,6 +412,7 @@ func TestImageBuildConfigurationIdentification(t *testing.T) { "LAGOON_GIT_SOURCE_REPOSITORY": "ssh://git@example.com/lagoon-demo.git", "LAGOON_KUBERNETES": "remote-cluster1", "NODE_IMAGE": "example-project-pr-123-node", + "LAGOON_SSH_PRIVATE_KEY": "-----BEGIN OPENSSH PRIVATE KEY-----\nthisisafakekey\n-----END OPENSSH PRIVATE KEY-----", }, Images: []imageBuilds{ { @@ -441,6 +448,7 @@ func TestImageBuildConfigurationIdentification(t *testing.T) { "LAGOON_BUILD_TYPE": "promote", "LAGOON_GIT_SOURCE_REPOSITORY": "ssh://git@example.com/lagoon-demo.git", "LAGOON_KUBERNETES": "remote-cluster1", + "LAGOON_SSH_PRIVATE_KEY": "-----BEGIN OPENSSH PRIVATE KEY-----\nthisisafakekey\n-----END OPENSSH PRIVATE KEY-----", }, Images: []imageBuilds{ { @@ -510,6 +518,7 @@ func TestImageBuildConfigurationIdentification(t *testing.T) { "NGINX_IMAGE": "example-project-main-nginx", "PHP_IMAGE": "example-project-main-php", "LAGOON_FEATURE_FLAG_IMAGECACHE_REGISTRY": "imagecache.example.com", + "LAGOON_SSH_PRIVATE_KEY": "-----BEGIN OPENSSH PRIVATE KEY-----\nthisisafakekey\n-----END OPENSSH PRIVATE KEY-----", }, ContainerRegistries: []generator.ContainerRegistry{ { @@ -588,6 +597,7 @@ func TestImageBuildConfigurationIdentification(t *testing.T) { "LAGOON_GIT_BRANCH": "main", "NODE_IMAGE": "example-project-main-node", "LAGOON_CACHE_node": "harbor.example/example-project/main/node@sha256:e90daba405cbf33bab23fe8a021146811b2c258df5f2afe7dadc92c0778eef45", + "LAGOON_SSH_PRIVATE_KEY": "-----BEGIN OPENSSH PRIVATE KEY-----\nthisisafakekey\n-----END OPENSSH PRIVATE KEY-----", }, Images: []imageBuilds{ { @@ -602,6 +612,102 @@ func TestImageBuildConfigurationIdentification(t *testing.T) { }, }, }, + { + name: "test10 nginx-php external pull images from dockerhub", + args: testdata.GetSeedData( + testdata.TestData{ + Namespace: "example-project-main", + ProjectName: "example-project", + EnvironmentName: "main", + Branch: "main", + LagoonYAML: "internal/testdata/complex/lagoon.varnish3.yml", + ProjectVariables: []lagoon.EnvironmentVariable{ + { + Name: "LAGOON_FEATURE_FLAG_IMAGECACHE_REGISTRY", + Value: "imagecache.example.com", + Scope: "build", + }, + }, + }, true), + want: imageBuild{ + BuildKit: false, + BuildArguments: map[string]string{ + "LAGOON_BUILD_NAME": "lagoon-build-abcdefg", + "LAGOON_PROJECT": "example-project", + "LAGOON_ENVIRONMENT": "main", + "LAGOON_ENVIRONMENT_TYPE": "production", + "LAGOON_BUILD_TYPE": "branch", + "LAGOON_GIT_SOURCE_REPOSITORY": "ssh://git@example.com/lagoon-demo.git", + "LAGOON_KUBERNETES": "remote-cluster1", + "LAGOON_GIT_SHA": "0000000000000000000000000000000000000000", + "LAGOON_GIT_BRANCH": "main", + "CLI_IMAGE": "example-project-main-cli", + "NGINX_IMAGE": "example-project-main-nginx", + "PHP_IMAGE": "example-project-main-php", + "LAGOON_FEATURE_FLAG_IMAGECACHE_REGISTRY": "imagecache.example.com", + "LAGOON_SSH_PRIVATE_KEY": "-----BEGIN OPENSSH PRIVATE KEY-----\nthisisafakekey\n-----END OPENSSH PRIVATE KEY-----", + }, + ContainerRegistries: []generator.ContainerRegistry{ + { + Name: "my-custom-registry", + Username: "registry_user", + Password: "REGISTRY_PASSWORD", + SecretName: "lagoon-private-registry-my-custom-registry", + URL: "index.docker.io", + UsernameSource: ".lagoon.yml", + PasswordSource: ".lagoon.yml (we recommend using an environment variable, see the docs on container-registries for more information)", + }, + { + Name: "my-other-custom-registry", + Username: "registry_user2", + Password: "REGISTRY_PASSWORD2", + SecretName: "lagoon-private-registry-my-other-custom-registry", + URL: "registry1.example.com", + UsernameSource: ".lagoon.yml", + PasswordSource: ".lagoon.yml (we recommend using an environment variable, see the docs on container-registries for more information)", + }, + }, + Images: []imageBuilds{ + { + Name: "cli", + ImageBuild: generator.ImageBuild{ + BuildImage: "harbor.example/example-project/main/cli:latest", + Context: "internal/testdata/complex/docker", + DockerFile: ".docker/Dockerfile.cli", + TemporaryImage: "example-project-main-cli", + }, + }, { + Name: "nginx", + ImageBuild: generator.ImageBuild{ + BuildImage: "harbor.example/example-project/main/nginx:latest", + Context: "internal/testdata/complex/docker", + DockerFile: ".docker/Dockerfile.nginx-drupal", + TemporaryImage: "example-project-main-nginx", + }, + }, { + Name: "php", + ImageBuild: generator.ImageBuild{ + BuildImage: "harbor.example/example-project/main/php:latest", + Context: "internal/testdata/complex/docker", + DockerFile: ".docker/Dockerfile.php", + TemporaryImage: "example-project-main-php", + }, + }, { + Name: "redis", + ImageBuild: generator.ImageBuild{ + BuildImage: "harbor.example/example-project/main/redis:latest", + PullImage: "registry1.example.com/amazeeio/redis:latest", + }, + }, { + Name: "varnish", + ImageBuild: generator.ImageBuild{ + BuildImage: "harbor.example/example-project/main/varnish:latest", + PullImage: "uselagoon/varnish-5-drupal:latest", + }, + }, + }, + }, + }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { diff --git a/cmd/template_lagoonservices_test.go b/cmd/template_lagoonservices_test.go index 667491e1..3a6c29b7 100644 --- a/cmd/template_lagoonservices_test.go +++ b/cmd/template_lagoonservices_test.go @@ -126,6 +126,32 @@ func TestTemplateLagoonServices(t *testing.T) { templatePath: "testoutput", want: "internal/testdata/complex/service-templates/service2", }, + { + name: "test2b nginx-php deployment - rootless workloads enabled", + args: testdata.GetSeedData( + testdata.TestData{ + ProjectName: "example-project", + EnvironmentName: "main", + Branch: "main", + LagoonYAML: "internal/testdata/complex/lagoon.varnish.yml", + ImageReferences: map[string]string{ + "nginx": "harbor.example/example-project/main/nginx@sha256:b2001babafaa8128fe89aa8fd11832cade59931d14c3de5b3ca32e2a010fbaa8", + "php": "harbor.example/example-project/main/php@sha256:b2001babafaa8128fe89aa8fd11832cade59931d14c3de5b3ca32e2a010fbaa8", + "cli": "harbor.example/example-project/main/cli@sha256:b2001babafaa8128fe89aa8fd11832cade59931d14c3de5b3ca32e2a010fbaa8", + "redis": "harbor.example/example-project/main/redis@sha256:b2001babafaa8128fe89aa8fd11832cade59931d14c3de5b3ca32e2a010fbaa8", + "varnish": "harbor.example/example-project/main/varnish@sha256:b2001babafaa8128fe89aa8fd11832cade59931d14c3de5b3ca32e2a010fbaa8", + }, + ProjectVariables: []lagoon.EnvironmentVariable{ + { + Name: "LAGOON_FEATURE_FLAG_ROOTLESS_WORKLOAD", + Value: "enabled", + Scope: "build", + }, + }, + }, true), + templatePath: "testoutput", + want: "internal/testdata/complex/service-templates/service5", + }, { name: "test3 - funky pvcs", description: "only create pvcs of the requested persistent-name in the docker-compose file", @@ -283,21 +309,6 @@ func TestTemplateLagoonServices(t *testing.T) { templatePath: "testoutput", want: "internal/testdata/complex/service-templates/service4", }, - { - name: "test10 basic deployment polysite cronjobs", - args: testdata.GetSeedData( - testdata.TestData{ - ProjectName: "example-project", - EnvironmentName: "main", - Branch: "main", - LagoonYAML: "internal/testdata/basic/lagoon.polysite-cronjobs.yml", - ImageReferences: map[string]string{ - "node": "harbor.example/example-project/main/node@sha256:b2001babafaa8128fe89aa8fd11832cade59931d14c3de5b3ca32e2a010fbaa8", - }, - }, true), - templatePath: "testoutput", - want: "internal/testdata/basic/service-templates/service7", - }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { diff --git a/internal/generator/build_data.go b/internal/generator/build_data.go index 433939ff..efdbb67c 100644 --- a/internal/generator/build_data.go +++ b/internal/generator/build_data.go @@ -85,5 +85,6 @@ func collectImageBuildArguments(buildValues BuildValues) map[string]string { for _, icba := range buildValues.ImageCacheBuildArguments { buildArgs[fmt.Sprintf("LAGOON_CACHE_%s", icba.Name)] = icba.Image } + buildArgs["LAGOON_SSH_PRIVATE_KEY"] = buildValues.SSHPrivateKey return buildArgs } diff --git a/internal/generator/buildvalues.go b/internal/generator/buildvalues.go index 9063ffd3..7708a709 100644 --- a/internal/generator/buildvalues.go +++ b/internal/generator/buildvalues.go @@ -78,6 +78,8 @@ type BuildValues struct { BackupsEnabled bool `json:"backupsEnabled"` RouteQuota *int `json:"routeQuota"` ImageCacheBuildArguments []ImageCacheBuildArguments `json:"imageCacheBuildArgs"` + IgnoreImageCache bool `json:"ignoreImageCache"` + SSHPrivateKey string `json:"sshPrivateKey"` } type Resources struct { diff --git a/internal/generator/container_registries.go b/internal/generator/container_registries.go index 1ca72fd1..37ea2992 100644 --- a/internal/generator/container_registries.go +++ b/internal/generator/container_registries.go @@ -68,6 +68,7 @@ func configureContainerRegistries(buildValues *BuildValues) error { } if cr.URL == "" { cr.URL = "index.docker.io" + buildValues.IgnoreImageCache = true } eru := cr.URL u, _ := url.Parse(eru) diff --git a/internal/generator/generator.go b/internal/generator/generator.go index 5dabae92..e84f5f44 100644 --- a/internal/generator/generator.go +++ b/internal/generator/generator.go @@ -65,6 +65,7 @@ type GeneratorInput struct { DynamicSecrets []string DynamicDBaaSSecrets []string ImageCacheBuildArgsJSON string + SSHPrivateKey string } func NewGenerator( @@ -110,6 +111,7 @@ func NewGenerator( dynamicSecrets := helpers.GetEnv("DYNAMIC_SECRETS", strings.Join(generator.DynamicSecrets, ","), generator.Debug) dynamicDBaaSSecrets := helpers.GetEnv("DYNAMIC_DBAAS_SECRETS", strings.Join(generator.DynamicDBaaSSecrets, ","), generator.Debug) imageCacheBuildArgsJSON := helpers.GetEnv("LAGOON_CACHE_BUILD_ARGS", generator.ImageCacheBuildArgsJSON, generator.Debug) + buildValues.SSHPrivateKey = helpers.GetEnv("SSH_PRIVATE_KEY", generator.SSHPrivateKey, generator.Debug) // this is used by CI systems to influence builds, it is rarely used and should probably be abandoned buildValues.IsCI = helpers.GetEnvBool("CI", generator.CI, generator.Debug) diff --git a/internal/generator/services.go b/internal/generator/services.go index 5c5461a3..79d50179 100644 --- a/internal/generator/services.go +++ b/internal/generator/services.go @@ -532,7 +532,7 @@ func composeToServiceValues( } if !ContainsRegistry(buildValues.ContainerRegistry, pullImage) { // if the image isn't in dockerhub, then the imagecache can't be used - if buildValues.ImageCache != "" && strings.Count(pullImage, "/") == 1 { + if buildValues.ImageCache != "" && strings.Count(pullImage, "/") == 1 && !buildValues.IgnoreImageCache { imageBuild.PullImage = fmt.Sprintf("%s%s", buildValues.ImageCache, imageBuild.PullImage) } } diff --git a/internal/helpers/helpers_cron.go b/internal/helpers/helpers_cron.go index 54c0a97a..b49f685b 100644 --- a/internal/helpers/helpers_cron.go +++ b/internal/helpers/helpers_cron.go @@ -16,7 +16,7 @@ func ConvertCrontab(namespace, cron string) (string, error) { // namespace, so will not change after a deployment for a given namespace. seed := cksum.Cksum([]byte(fmt.Sprintf("%s\n", namespace))) var minutes, hours, days, months, dayweek string - splitCron := strings.Split(cron, " ") + splitCron := strings.Split(strings.Trim(cron, " "), " ") // check the provided cron splits into 5 if len(splitCron) == 5 { for idx, val := range splitCron { @@ -215,6 +215,9 @@ func ConvertCrontab(namespace, cron string) (string, error) { } return fmt.Sprintf("%v %v %v %v %v", minutes, hours, days, months, dayweek), nil } + if len(splitCron) < 5 && len(splitCron) > 0 || len(splitCron) > 5 { + return "", fmt.Errorf("cron definition '%s' is invalid, %d fields provided, required 5", cron, len(splitCron)) + } return "", fmt.Errorf("cron definition '%s' is invalid", cron) } diff --git a/internal/helpers/helpers_cron_test.go b/internal/helpers/helpers_cron_test.go index 0137077d..d5466ec0 100644 --- a/internal/helpers/helpers_cron_test.go +++ b/internal/helpers/helpers_cron_test.go @@ -1,6 +1,7 @@ package helpers import ( + "strings" "testing" ) @@ -10,10 +11,11 @@ func TestConvertCrontab(t *testing.T) { cron string } tests := []struct { - name string - args args - want string - wantErr bool + name string + args args + want string + wantErrMsg string + wantErr bool }{ { name: "test1", @@ -61,7 +63,8 @@ func TestConvertCrontab(t *testing.T) { namespace: "example-com-main", cron: "M/H5 H(22-2) * * *", }, - wantErr: true, + wantErrMsg: "cron definition 'M/H5 H(22-2) * * *' is invalid, unable to determine minutes value", + wantErr: true, }, { name: "test7 - invalid hour definiton", @@ -69,7 +72,8 @@ func TestConvertCrontab(t *testing.T) { namespace: "example-com-main", cron: "M/15 H(H2-2) * * *", }, - wantErr: true, + wantErrMsg: "cron definition 'M/15 H(H2-2) * * *' is invalid, unable to determine hours value", + wantErr: true, }, { name: "test8", @@ -93,7 +97,8 @@ func TestConvertCrontab(t *testing.T) { namespace: "example-com-main", cron: "M/15 H(22-2) * * 1-8", }, - wantErr: true, + wantErrMsg: "cron definition 'M/15 H(22-2) * * 1-8' is invalid, unable to determine day(week) value", + wantErr: true, }, { name: "test11", @@ -117,7 +122,8 @@ func TestConvertCrontab(t *testing.T) { namespace: "example-com-main", cron: "15 * 1-32 * *", }, - wantErr: true, + wantErrMsg: "cron definition '15 * 1-32 * *' is invalid, unable to determine days value", + wantErr: true, }, { name: "test14 - set hours", @@ -159,6 +165,32 @@ func TestConvertCrontab(t *testing.T) { }, want: "31 1,7,13,19 * JAN MON", }, + { + name: "test19 - whitespace", + args: args{ + namespace: "example-com-main", + cron: "M * * * * ", + }, + want: "31 * * * *", + }, + { + name: "test20 - not enough fields", + args: args{ + namespace: "example-com-main", + cron: "*/1 * * *", + }, + wantErrMsg: "cron definition '*/1 * * *' is invalid, 4 fields provided, required 5", + wantErr: true, + }, + { + name: "test21 - too many fields", + args: args{ + namespace: "example-com-main", + cron: "*/1 * * * * 7", + }, + wantErrMsg: "cron definition '*/1 * * * * 7' is invalid, 6 fields provided, required 5", + wantErr: true, + }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { @@ -167,6 +199,9 @@ func TestConvertCrontab(t *testing.T) { if !tt.wantErr { t.Errorf("ConvertCrontab() error = %v, wantErr %v", err, tt.wantErr) } + if !strings.Contains(err.Error(), tt.wantErrMsg) { + t.Errorf("ConvertCrontab() error = %v, wantErr %v", err.Error(), tt.wantErrMsg) + } } if got != tt.want { if !tt.wantErr { diff --git a/internal/servicetypes/elasticsearch.go b/internal/servicetypes/elasticsearch.go index ba777c56..8999dfd7 100644 --- a/internal/servicetypes/elasticsearch.go +++ b/internal/servicetypes/elasticsearch.go @@ -93,6 +93,10 @@ fi`, }, }, }, + PodSecurityContext: ServicePodSecurityContext{ + HasDefault: true, + FSGroup: 0, + }, Strategy: appsv1.DeploymentStrategy{ Type: appsv1.RecreateDeploymentStrategyType, }, diff --git a/internal/servicetypes/solr.go b/internal/servicetypes/solr.go index 0eecff10..0857bc1a 100644 --- a/internal/servicetypes/solr.go +++ b/internal/servicetypes/solr.go @@ -71,6 +71,10 @@ var solr = ServiceType{ }, }, }, + PodSecurityContext: ServicePodSecurityContext{ + HasDefault: true, + FSGroup: 0, + }, Strategy: appsv1.DeploymentStrategy{ Type: appsv1.RecreateDeploymentStrategyType, }, diff --git a/internal/templating/services/templates_cronjob.go b/internal/templating/services/templates_cronjob.go index 4f941b8f..fdedbebe 100644 --- a/internal/templating/services/templates_cronjob.go +++ b/internal/templating/services/templates_cronjob.go @@ -72,12 +72,20 @@ func GenerateCronjobTemplate( serviceValues, serviceTypeValues, } - if serviceTypeValues.Volumes.BackupConfiguration.Command != "" { - bc := servicetypes.BackupConfiguration{} - helpers.TemplateThings(tpld, serviceTypeValues.Volumes.BackupConfiguration, &bc) - templateAnnotations["k8up.syn.tools/backupcommand"] = bc.Command - templateAnnotations["k8up.syn.tools/file-extension"] = bc.FileExtension - } + + // cronjobs don't need backups + // if serviceTypeValues.Volumes.BackupConfiguration.Command != "" { + // bc := servicetypes.BackupConfiguration{} + // helpers.TemplateThings(tpld, serviceTypeValues.Volumes.BackupConfiguration, &bc) + // switch buildValues.Backup.K8upVersion { + // case "v2": + // templateAnnotations["k8up.io/backupcommand"] = bc.Command + // templateAnnotations["k8up.io/file-extension"] = bc.FileExtension + // default: + // templateAnnotations["k8up.syn.tools/backupcommand"] = bc.Command + // templateAnnotations["k8up.syn.tools/file-extension"] = bc.FileExtension + // } + // } cronjob := &batchv1.CronJob{ TypeMeta: metav1.TypeMeta{ @@ -205,6 +213,12 @@ func GenerateCronjobTemplate( FSGroup: helpers.Int64Ptr(buildValues.PodSecurityContext.FsGroup), } } + // some services have a fsgroup override + if serviceTypeValues.PodSecurityContext.HasDefault { + cronjob.Spec.JobTemplate.Spec.Template.Spec.SecurityContext = &corev1.PodSecurityContext{ + FSGroup: helpers.Int64Ptr(serviceTypeValues.PodSecurityContext.FSGroup), + } + } if buildValues.PodSecurityContext.OnRootMismatch { fsGroupChangePolicy := corev1.FSGroupChangeOnRootMismatch if cronjob.Spec.JobTemplate.Spec.Template.Spec.SecurityContext != nil { diff --git a/internal/templating/services/templates_deployment.go b/internal/templating/services/templates_deployment.go index 8decc1b2..c9ed2490 100644 --- a/internal/templating/services/templates_deployment.go +++ b/internal/templating/services/templates_deployment.go @@ -75,8 +75,14 @@ func GenerateDeploymentTemplate( if serviceTypeValues.Volumes.BackupConfiguration.Command != "" { bc := servicetypes.BackupConfiguration{} helpers.TemplateThings(tpld, serviceTypeValues.Volumes.BackupConfiguration, &bc) - templateAnnotations["k8up.syn.tools/backupcommand"] = bc.Command - templateAnnotations["k8up.syn.tools/file-extension"] = bc.FileExtension + switch buildValues.Backup.K8upVersion { + case "v2": + templateAnnotations["k8up.io/backupcommand"] = bc.Command + templateAnnotations["k8up.io/file-extension"] = bc.FileExtension + default: + templateAnnotations["k8up.syn.tools/backupcommand"] = bc.Command + templateAnnotations["k8up.syn.tools/file-extension"] = bc.FileExtension + } } // create the initial deployment spec @@ -202,6 +208,12 @@ func GenerateDeploymentTemplate( FSGroup: helpers.Int64Ptr(buildValues.PodSecurityContext.FsGroup), } } + // some services have a fsgroup override + if serviceTypeValues.PodSecurityContext.HasDefault { + deployment.Spec.Template.Spec.SecurityContext = &corev1.PodSecurityContext{ + FSGroup: helpers.Int64Ptr(serviceTypeValues.PodSecurityContext.FSGroup), + } + } if buildValues.PodSecurityContext.OnRootMismatch { fsGroupChangePolicy := corev1.FSGroupChangeOnRootMismatch if deployment.Spec.Template.Spec.SecurityContext != nil { diff --git a/internal/templating/services/templates_deployment_test.go b/internal/templating/services/templates_deployment_test.go index 2665af26..824a46f5 100644 --- a/internal/templating/services/templates_deployment_test.go +++ b/internal/templating/services/templates_deployment_test.go @@ -226,9 +226,12 @@ func TestGenerateDeploymentTemplate(t *testing.T) { BuildType: "branch", LagoonVersion: "v2.x.x", Kubernetes: "generator.local", - Branch: "environment-name", - GitSHA: "0", - ConfigMapSha: "32bf1359ac92178c8909f0ef938257b477708aa0d78a5a15ad7c2d7919adf273", + PodSecurityContext: generator.PodSecurityContext{ + OnRootMismatch: true, + }, + Branch: "environment-name", + GitSHA: "0", + ConfigMapSha: "32bf1359ac92178c8909f0ef938257b477708aa0d78a5a15ad7c2d7919adf273", ImageReferences: map[string]string{ "myservice": "harbor.example.com/example-project/environment-name/myservice@latest", }, @@ -255,9 +258,12 @@ func TestGenerateDeploymentTemplate(t *testing.T) { BuildType: "branch", LagoonVersion: "v2.x.x", Kubernetes: "generator.local", - Branch: "environment-name", - GitSHA: "0", - ConfigMapSha: "32bf1359ac92178c8909f0ef938257b477708aa0d78a5a15ad7c2d7919adf273", + PodSecurityContext: generator.PodSecurityContext{ + OnRootMismatch: true, + }, + Branch: "environment-name", + GitSHA: "0", + ConfigMapSha: "32bf1359ac92178c8909f0ef938257b477708aa0d78a5a15ad7c2d7919adf273", ImageReferences: map[string]string{ "myservice": "harbor.example.com/example-project/environment-name/myservice@latest", "myservice-size": "harbor.example.com/example-project/environment-name/myservice-size@latest", @@ -293,9 +299,12 @@ func TestGenerateDeploymentTemplate(t *testing.T) { BuildType: "branch", LagoonVersion: "v2.x.x", Kubernetes: "generator.local", - Branch: "environment-name", - GitSHA: "0", - ConfigMapSha: "32bf1359ac92178c8909f0ef938257b477708aa0d78a5a15ad7c2d7919adf273", + PodSecurityContext: generator.PodSecurityContext{ + OnRootMismatch: true, + }, + Branch: "environment-name", + GitSHA: "0", + ConfigMapSha: "32bf1359ac92178c8909f0ef938257b477708aa0d78a5a15ad7c2d7919adf273", ImageReferences: map[string]string{ "myservice": "harbor.example.com/example-project/environment-name/myservice@latest", "myservice-size": "harbor.example.com/example-project/environment-name/myservice-size@latest", @@ -378,9 +387,12 @@ func TestGenerateDeploymentTemplate(t *testing.T) { BuildType: "branch", LagoonVersion: "v2.x.x", Kubernetes: "generator.local", - Branch: "environment-name", - GitSHA: "0", - ConfigMapSha: "32bf1359ac92178c8909f0ef938257b477708aa0d78a5a15ad7c2d7919adf273", + PodSecurityContext: generator.PodSecurityContext{ + OnRootMismatch: true, + }, + Branch: "environment-name", + GitSHA: "0", + ConfigMapSha: "32bf1359ac92178c8909f0ef938257b477708aa0d78a5a15ad7c2d7919adf273", ImageReferences: map[string]string{ "solr": "harbor.example.com/example-project/environment-name/solr@latest", }, @@ -718,7 +730,7 @@ func TestGenerateDeploymentTemplate(t *testing.T) { want: "test-resources/deployment/result-redis-1.yaml", }, { - name: "test17 - mariadb", + name: "test17a - mariadb", args: args{ buildValues: generator.BuildValues{ Project: "example-project", @@ -730,9 +742,6 @@ func TestGenerateDeploymentTemplate(t *testing.T) { Kubernetes: "generator.local", Branch: "environment-name", PodSecurityContext: generator.PodSecurityContext{ - RunAsGroup: 0, - RunAsUser: 10000, - FsGroup: 10001, OnRootMismatch: true, }, GitSHA: "0", @@ -751,6 +760,40 @@ func TestGenerateDeploymentTemplate(t *testing.T) { }, want: "test-resources/deployment/result-mariadb-1.yaml", }, + { + name: "test17b - mariadb k8upv2", + args: args{ + buildValues: generator.BuildValues{ + Project: "example-project", + Environment: "environment-name", + EnvironmentType: "production", + Namespace: "example-project-environment-name", + BuildType: "branch", + LagoonVersion: "v2.x.x", + Kubernetes: "generator.local", + Branch: "environment-name", + PodSecurityContext: generator.PodSecurityContext{ + OnRootMismatch: true, + }, + GitSHA: "0", + ConfigMapSha: "32bf1359ac92178c8909f0ef938257b477708aa0d78a5a15ad7c2d7919adf273", + ImageReferences: map[string]string{ + "mariadb": "harbor.example.com/example-project/environment-name/mariadb@latest", + }, + Backup: generator.BackupConfiguration{ + K8upVersion: "v2", + }, + Services: []generator.ServiceValues{ + { + Name: "mariadb", + OverrideName: "mariadb", + Type: "mariadb-single", + }, + }, + }, + }, + want: "test-resources/deployment/result-mariadb-2.yaml", + }, { name: "test18 - mongodb", args: args{ @@ -764,9 +807,6 @@ func TestGenerateDeploymentTemplate(t *testing.T) { Kubernetes: "generator.local", Branch: "environment-name", PodSecurityContext: generator.PodSecurityContext{ - RunAsGroup: 0, - RunAsUser: 10000, - FsGroup: 10001, OnRootMismatch: true, }, GitSHA: "0", @@ -798,9 +838,6 @@ func TestGenerateDeploymentTemplate(t *testing.T) { Kubernetes: "generator.local", Branch: "environment-name", PodSecurityContext: generator.PodSecurityContext{ - RunAsGroup: 0, - RunAsUser: 10000, - FsGroup: 10001, OnRootMismatch: true, }, GitSHA: "0", diff --git a/internal/templating/services/templates_pvc.go b/internal/templating/services/templates_pvc.go index 601c6152..a12bb396 100644 --- a/internal/templating/services/templates_pvc.go +++ b/internal/templating/services/templates_pvc.go @@ -77,6 +77,7 @@ func GeneratePVCTemplate( additionalLabels["lagoon.sh/service"] = serviceValues.OverrideName additionalLabels["lagoon.sh/service-type"] = serviceType.Name + // this does both k8up v1 and v2 support additionalAnnotations["k8up.syn.tools/backup"] = strconv.FormatBool(serviceTypeValues.Volumes.Backup) additionalAnnotations["k8up.io/backup"] = strconv.FormatBool(serviceTypeValues.Volumes.Backup) diff --git a/internal/templating/services/test-resources/deployment/result-elasticsearch-1.yaml b/internal/templating/services/test-resources/deployment/result-elasticsearch-1.yaml index 0bb0ab98..8ce8c68c 100644 --- a/internal/templating/services/test-resources/deployment/result-elasticsearch-1.yaml +++ b/internal/templating/services/test-resources/deployment/result-elasticsearch-1.yaml @@ -105,6 +105,9 @@ spec: privileged: true runAsUser: 0 priorityClassName: lagoon-priority-production + securityContext: + fsGroup: 0 + fsGroupChangePolicy: OnRootMismatch volumes: - name: myservice persistentVolumeClaim: @@ -217,6 +220,9 @@ spec: privileged: true runAsUser: 0 priorityClassName: lagoon-priority-production + securityContext: + fsGroup: 0 + fsGroupChangePolicy: OnRootMismatch volumes: - name: myservice-size persistentVolumeClaim: diff --git a/internal/templating/services/test-resources/deployment/result-mariadb-1.yaml b/internal/templating/services/test-resources/deployment/result-mariadb-1.yaml index 36dd765c..2c0de445 100644 --- a/internal/templating/services/test-resources/deployment/result-mariadb-1.yaml +++ b/internal/templating/services/test-resources/deployment/result-mariadb-1.yaml @@ -89,10 +89,8 @@ spec: - name: lagoon-internal-registry-secret priorityClassName: lagoon-priority-production securityContext: - fsGroup: 10001 + fsGroup: 0 fsGroupChangePolicy: OnRootMismatch - runAsGroup: 0 - runAsUser: 10000 volumes: - name: mariadb persistentVolumeClaim: diff --git a/internal/templating/services/test-resources/deployment/result-mariadb-2.yaml b/internal/templating/services/test-resources/deployment/result-mariadb-2.yaml new file mode 100644 index 00000000..ffddb32f --- /dev/null +++ b/internal/templating/services/test-resources/deployment/result-mariadb-2.yaml @@ -0,0 +1,97 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + lagoon.sh/branch: environment-name + lagoon.sh/version: v2.x.x + creationTimestamp: null + labels: + app.kubernetes.io/instance: mariadb + app.kubernetes.io/managed-by: build-deploy-tool + app.kubernetes.io/name: mariadb-single + lagoon.sh/buildType: branch + lagoon.sh/environment: environment-name + lagoon.sh/environmentType: production + lagoon.sh/project: example-project + lagoon.sh/service: mariadb + lagoon.sh/service-type: mariadb-single + lagoon.sh/template: mariadb-single-0.1.0 + name: mariadb +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: mariadb + app.kubernetes.io/name: mariadb-single + strategy: + type: Recreate + template: + metadata: + annotations: + k8up.io/backupcommand: /bin/sh -c 'mysqldump --max-allowed-packet=1G --events + --routines --quick --add-locks --no-autocommit --single-transaction --all-databases' + k8up.io/file-extension: .mariadb.sql + lagoon.sh/branch: environment-name + lagoon.sh/configMapSha: 32bf1359ac92178c8909f0ef938257b477708aa0d78a5a15ad7c2d7919adf273 + lagoon.sh/version: v2.x.x + creationTimestamp: null + labels: + app.kubernetes.io/instance: mariadb + app.kubernetes.io/managed-by: build-deploy-tool + app.kubernetes.io/name: mariadb-single + lagoon.sh/buildType: branch + lagoon.sh/environment: environment-name + lagoon.sh/environmentType: production + lagoon.sh/project: example-project + lagoon.sh/service: mariadb + lagoon.sh/service-type: mariadb-single + lagoon.sh/template: mariadb-single-0.1.0 + spec: + containers: + - env: + - name: LAGOON_GIT_SHA + value: "0" + - name: CRONJOBS + - name: SERVICE_NAME + value: mariadb + envFrom: + - configMapRef: + name: lagoon-env + image: harbor.example.com/example-project/environment-name/mariadb@latest + imagePullPolicy: Always + livenessProbe: + initialDelaySeconds: 120 + periodSeconds: 5 + tcpSocket: + port: 3306 + name: mariadb-single + ports: + - containerPort: 3306 + name: 3306-tcp + protocol: TCP + readinessProbe: + initialDelaySeconds: 1 + tcpSocket: + port: 3306 + timeoutSeconds: 1 + resources: + requests: + cpu: 10m + memory: 10Mi + securityContext: {} + volumeMounts: + - mountPath: /var/lib/mysql + name: mariadb + enableServiceLinks: true + imagePullSecrets: + - name: lagoon-internal-registry-secret + priorityClassName: lagoon-priority-production + securityContext: + fsGroup: 0 + fsGroupChangePolicy: OnRootMismatch + volumes: + - name: mariadb + persistentVolumeClaim: + claimName: mariadb +status: {} diff --git a/internal/templating/services/test-resources/deployment/result-mongodb-1.yaml b/internal/templating/services/test-resources/deployment/result-mongodb-1.yaml index c1499331..c443b1bc 100644 --- a/internal/templating/services/test-resources/deployment/result-mongodb-1.yaml +++ b/internal/templating/services/test-resources/deployment/result-mongodb-1.yaml @@ -88,10 +88,8 @@ spec: - name: lagoon-internal-registry-secret priorityClassName: lagoon-priority-production securityContext: - fsGroup: 10001 + fsGroup: 0 fsGroupChangePolicy: OnRootMismatch - runAsGroup: 0 - runAsUser: 10000 volumes: - name: mongodb persistentVolumeClaim: diff --git a/internal/templating/services/test-resources/deployment/result-opensearch-1.yaml b/internal/templating/services/test-resources/deployment/result-opensearch-1.yaml index 5970eaf8..d24c1acf 100644 --- a/internal/templating/services/test-resources/deployment/result-opensearch-1.yaml +++ b/internal/templating/services/test-resources/deployment/result-opensearch-1.yaml @@ -105,6 +105,9 @@ spec: privileged: true runAsUser: 0 priorityClassName: lagoon-priority-production + securityContext: + fsGroup: 0 + fsGroupChangePolicy: OnRootMismatch volumes: - name: myservice persistentVolumeClaim: @@ -217,6 +220,9 @@ spec: privileged: true runAsUser: 0 priorityClassName: lagoon-priority-production + securityContext: + fsGroup: 0 + fsGroupChangePolicy: OnRootMismatch volumes: - name: myservice-size persistentVolumeClaim: diff --git a/internal/templating/services/test-resources/deployment/result-postgres-1.yaml b/internal/templating/services/test-resources/deployment/result-postgres-1.yaml index b051f0a4..93060c38 100644 --- a/internal/templating/services/test-resources/deployment/result-postgres-1.yaml +++ b/internal/templating/services/test-resources/deployment/result-postgres-1.yaml @@ -89,10 +89,8 @@ spec: - name: lagoon-internal-registry-secret priorityClassName: lagoon-priority-production securityContext: - fsGroup: 10001 + fsGroup: 0 fsGroupChangePolicy: OnRootMismatch - runAsGroup: 0 - runAsUser: 10000 volumes: - name: postgres persistentVolumeClaim: diff --git a/internal/templating/services/test-resources/deployment/result-postgres-single-1.yaml b/internal/templating/services/test-resources/deployment/result-postgres-single-1.yaml index be3e011a..33ec20a5 100644 --- a/internal/templating/services/test-resources/deployment/result-postgres-single-1.yaml +++ b/internal/templating/services/test-resources/deployment/result-postgres-single-1.yaml @@ -88,6 +88,9 @@ spec: imagePullSecrets: - name: lagoon-internal-registry-secret priorityClassName: lagoon-priority-production + securityContext: + fsGroup: 0 + fsGroupChangePolicy: OnRootMismatch volumes: - name: myservice persistentVolumeClaim: diff --git a/internal/templating/services/test-resources/deployment/result-solr-1.yaml b/internal/templating/services/test-resources/deployment/result-solr-1.yaml index b2329ea0..9558ea01 100644 --- a/internal/templating/services/test-resources/deployment/result-solr-1.yaml +++ b/internal/templating/services/test-resources/deployment/result-solr-1.yaml @@ -88,6 +88,9 @@ spec: imagePullSecrets: - name: lagoon-internal-registry-secret priorityClassName: lagoon-priority-production + securityContext: + fsGroup: 0 + fsGroupChangePolicy: OnRootMismatch volumes: - name: solr persistentVolumeClaim: diff --git a/internal/testdata/complex/docker-compose.varnish3.yml b/internal/testdata/complex/docker-compose.varnish3.yml new file mode 100644 index 00000000..82054ccb --- /dev/null +++ b/internal/testdata/complex/docker-compose.varnish3.yml @@ -0,0 +1,160 @@ +version: '2.3' + +x-example-image-version: + &example-image-version ${EXAMPLE_IMAGE_VERSION:-4.x} + +x-project: + &project ${PROJECT_NAME:-mysite} + +x-volumes: + &default-volumes + volumes: + - .:/app:${VOLUME_FLAGS:-delegated} ### Local overrides to mount host filesystem. Automatically removed in CI and PROD. + - ./docroot/sites/default/files:/app/docroot/sites/default/files:${VOLUME_FLAGS:-delegated} ### Local overrides to mount host filesystem. Automatically removed in CI and PROD. + +x-environment: + &default-environment + LAGOON_PROJECT: *project + DRUPAL_HASH_SALT: fakehashsaltfakehashsaltfakehashsalt + LAGOON_LOCALDEV_URL: ${LOCALDEV_URL:-http://mysite.docker.amazee.io} + LAGOON_ROUTE: ${LOCALDEV_URL:-http://mysite.docker.amazee.io} + GITHUB_TOKEN: ${GITHUB_TOKEN:-} + EXAMPLE_KEY: ${EXAMPLE_KEY:-} + EXAMPLE_IMAGE_VERSION: ${EXAMPLE_IMAGE_VERSION:-latest} + LAGOON_ENVIRONMENT_TYPE: ${LAGOON_ENVIRONMENT_TYPE:-local} + DRUPAL_REFRESH_SEARCHAPI: ${DRUPAL_REFRESH_SEARCHAPI:-} + EXAMPLE_INGRESS_PSK: ${EXAMPLE_INGRESS_PSK:-} + EXAMPLE_INGRESS_HEADER: ${EXAMPLE_INGRESS_HEADER:-} + EXAMPLE_INGRESS_ENABLED: ${EXAMPLE_INGRESS_ENABLED:-} + REDIS_CACHE_PREFIX: "tide_" + DB_ALIAS: ${DB_ALIAS:-bay.production} + + +services: + + cli: + build: + context: internal/testdata/complex/docker + dockerfile: .docker/Dockerfile.cli + args: + COMPOSER: ${COMPOSER:-composer.json} + EXAMPLE_IMAGE_VERSION: *example-image-version + image: *project + environment: + << : *default-environment + << : *default-volumes + volumes_from: ### Local overrides to mount host SSH keys. Automatically removed in CI. + - container:amazeeio-ssh-agent ### Local overrides to mount host SSH keys. Automatically removed in CI. + labels: + lagoon.type: cli-persistent + lagoon.persistent: /app/docroot/sites/default/files/ + lagoon.persistent.name: nginx-php + lagoon.persistent.size: 5Gi + + nginx: + build: + context: internal/testdata/complex/docker + dockerfile: .docker/Dockerfile.nginx-drupal + args: + CLI_IMAGE: *project + EXAMPLE_IMAGE_VERSION: *example-image-version + << : *default-volumes + environment: + << : *default-environment + depends_on: + - cli + networks: + - amazeeio-network + - default + labels: + lagoon.type: nginx-php-persistent + lagoon.persistent: /app/docroot/sites/default/files/ + lagoon.persistent.size: 5Gi + lagoon.name: nginx-php + expose: + - "8080" + php: + build: + context: internal/testdata/complex/docker + dockerfile: .docker/Dockerfile.php + args: + CLI_IMAGE: *project + EXAMPLE_IMAGE_VERSION: *example-image-version + environment: + << : *default-environment + << : *default-volumes + depends_on: + - cli + labels: + lagoon.type: nginx-php-persistent + lagoon.persistent: /app/docroot/sites/default/files/ + lagoon.persistent.size: 5Gi + lagoon.name: nginx-php + + mariadb: + image: amazeeio/mariadb-drupal + environment: + << : *default-environment + ports: + - "3306" # Find port on host with `ahoy info` or `docker-compose port mariadb 3306` + labels: + lagoon.type: mariadb + + redis: + image: registry1.example.com/amazeeio/redis:latest + labels: + lagoon.type: redis + + elasticsearch: + build: + context: internal/testdata/complex/docker + dockerfile: .docker/Dockerfile.elasticsearch + args: + - ES_TPL=${ES_TPL:-elasticsearch.yml} + environment: + - discovery.type=single-node + labels: + lagoon.type: none + + chrome: + image: selenium/standalone-chrome:3.141.59-oxygen + shm_size: '1gb' + environment: + << : *default-environment + << : *default-volumes + depends_on: + - cli + labels: + lagoon.type: none + + clamav: + image: clamav/clamav:${EXAMPLE_IMAGE_VERSION:-4.x} + environment: + << : *default-environment + ports: + - "3310" + labels: + lagoon.type: none + + varnish: + image: uselagoon/varnish-5-drupal:latest + labels: + lagoon.type: varnish + lando.type: varnish-drupal + links: + - nginx # links varnish to the nginx in this docker-compose project, or it would try to connect to any nginx running in docker + environment: + << : *default-environment + VARNISH_BYPASS: "true" # by default we bypass varnish, change to 'false' or remove in order to tell varnish to cache if possible + networks: + - amazeeio-network + - default + + +networks: + amazeeio-network: + external: true + +volumes: + app: {} + files: {} \ No newline at end of file diff --git a/internal/testdata/complex/lagoon.varnish3.yml b/internal/testdata/complex/lagoon.varnish3.yml new file mode 100644 index 00000000..094e0e4b --- /dev/null +++ b/internal/testdata/complex/lagoon.varnish3.yml @@ -0,0 +1,28 @@ +--- +docker-compose-yaml: internal/testdata/complex/docker-compose.varnish3.yml + +project: example-com + +container-registries: + my-custom-registry: + username: registry_user + password: REGISTRY_PASSWORD + my-other-custom-registry: + username: registry_user2 + password: REGISTRY_PASSWORD2 + url: registry1.example.com + +environments: + main: + routes: + - nginx: + - example.com + cronjobs: + - name: drush cron + schedule: "*/15 * * * *" + command: drush cron + service: cli + - name: drush cron2 + schedule: "*/30 * * * *" + command: drush cron + service: cli \ No newline at end of file diff --git a/internal/testdata/complex/service-templates/service3/deployment-mariadb-10-5.yaml b/internal/testdata/complex/service-templates/service3/deployment-mariadb-10-5.yaml index bf281550..bfdef32a 100644 --- a/internal/testdata/complex/service-templates/service3/deployment-mariadb-10-5.yaml +++ b/internal/testdata/complex/service-templates/service3/deployment-mariadb-10-5.yaml @@ -88,6 +88,8 @@ spec: imagePullSecrets: - name: lagoon-internal-registry-secret priorityClassName: lagoon-priority-production + securityContext: + fsGroup: 0 volumes: - name: mariadb-10-5 persistentVolumeClaim: diff --git a/internal/testdata/complex/service-templates/service3/deployment-opensearch-2.yaml b/internal/testdata/complex/service-templates/service3/deployment-opensearch-2.yaml index 9046eef9..5c4a4108 100644 --- a/internal/testdata/complex/service-templates/service3/deployment-opensearch-2.yaml +++ b/internal/testdata/complex/service-templates/service3/deployment-opensearch-2.yaml @@ -105,6 +105,8 @@ spec: privileged: true runAsUser: 0 priorityClassName: lagoon-priority-production + securityContext: + fsGroup: 0 volumes: - name: opensearch-2 persistentVolumeClaim: diff --git a/internal/testdata/complex/service-templates/service3/deployment-postgres-11.yaml b/internal/testdata/complex/service-templates/service3/deployment-postgres-11.yaml index 797edcb0..4830e706 100644 --- a/internal/testdata/complex/service-templates/service3/deployment-postgres-11.yaml +++ b/internal/testdata/complex/service-templates/service3/deployment-postgres-11.yaml @@ -88,6 +88,8 @@ spec: imagePullSecrets: - name: lagoon-internal-registry-secret priorityClassName: lagoon-priority-production + securityContext: + fsGroup: 0 volumes: - name: postgres-11 persistentVolumeClaim: diff --git a/internal/testdata/complex/service-templates/service3/deployment-solr-8.yaml b/internal/testdata/complex/service-templates/service3/deployment-solr-8.yaml index 208edd30..ed987ec7 100644 --- a/internal/testdata/complex/service-templates/service3/deployment-solr-8.yaml +++ b/internal/testdata/complex/service-templates/service3/deployment-solr-8.yaml @@ -88,6 +88,8 @@ spec: imagePullSecrets: - name: lagoon-internal-registry-secret priorityClassName: lagoon-priority-production + securityContext: + fsGroup: 0 volumes: - name: solr-8 persistentVolumeClaim: diff --git a/internal/testdata/complex/service-templates/service4/deployment-mariadb-10-11.yaml b/internal/testdata/complex/service-templates/service4/deployment-mariadb-10-11.yaml index bb9bfb2e..a06d7e09 100644 --- a/internal/testdata/complex/service-templates/service4/deployment-mariadb-10-11.yaml +++ b/internal/testdata/complex/service-templates/service4/deployment-mariadb-10-11.yaml @@ -88,6 +88,8 @@ spec: imagePullSecrets: - name: lagoon-internal-registry-secret priorityClassName: lagoon-priority-production + securityContext: + fsGroup: 0 volumes: - name: mariadb-10-11 persistentVolumeClaim: diff --git a/internal/testdata/complex/service-templates/service4/deployment-mariadb-10-5.yaml b/internal/testdata/complex/service-templates/service4/deployment-mariadb-10-5.yaml index 40a69f51..ffe813fe 100644 --- a/internal/testdata/complex/service-templates/service4/deployment-mariadb-10-5.yaml +++ b/internal/testdata/complex/service-templates/service4/deployment-mariadb-10-5.yaml @@ -88,6 +88,8 @@ spec: imagePullSecrets: - name: lagoon-internal-registry-secret priorityClassName: lagoon-priority-production + securityContext: + fsGroup: 0 volumes: - name: mariadb-10-5 persistentVolumeClaim: diff --git a/internal/testdata/complex/service-templates/service4/deployment-mongo-4.yaml b/internal/testdata/complex/service-templates/service4/deployment-mongo-4.yaml index eccf956c..ab6a6678 100644 --- a/internal/testdata/complex/service-templates/service4/deployment-mongo-4.yaml +++ b/internal/testdata/complex/service-templates/service4/deployment-mongo-4.yaml @@ -87,6 +87,8 @@ spec: imagePullSecrets: - name: lagoon-internal-registry-secret priorityClassName: lagoon-priority-production + securityContext: + fsGroup: 0 volumes: - name: mongo-4 persistentVolumeClaim: diff --git a/internal/testdata/complex/service-templates/service4/deployment-postgres-11.yaml b/internal/testdata/complex/service-templates/service4/deployment-postgres-11.yaml index 8aea61ba..37d2360b 100644 --- a/internal/testdata/complex/service-templates/service4/deployment-postgres-11.yaml +++ b/internal/testdata/complex/service-templates/service4/deployment-postgres-11.yaml @@ -88,6 +88,8 @@ spec: imagePullSecrets: - name: lagoon-internal-registry-secret priorityClassName: lagoon-priority-production + securityContext: + fsGroup: 0 volumes: - name: postgres-11 persistentVolumeClaim: diff --git a/internal/testdata/complex/service-templates/service4/deployment-postgres-15.yaml b/internal/testdata/complex/service-templates/service4/deployment-postgres-15.yaml index 61880eae..40799a7d 100644 --- a/internal/testdata/complex/service-templates/service4/deployment-postgres-15.yaml +++ b/internal/testdata/complex/service-templates/service4/deployment-postgres-15.yaml @@ -88,6 +88,8 @@ spec: imagePullSecrets: - name: lagoon-internal-registry-secret priorityClassName: lagoon-priority-production + securityContext: + fsGroup: 0 volumes: - name: postgres-15 persistentVolumeClaim: diff --git a/internal/testdata/complex/service-templates/service5/cronjob-cronjob-cli-drush-cron2.yaml b/internal/testdata/complex/service-templates/service5/cronjob-cronjob-cli-drush-cron2.yaml new file mode 100644 index 00000000..ec22e6b2 --- /dev/null +++ b/internal/testdata/complex/service-templates/service5/cronjob-cronjob-cli-drush-cron2.yaml @@ -0,0 +1,99 @@ +--- +apiVersion: batch/v1 +kind: CronJob +metadata: + annotations: + lagoon.sh/branch: main + lagoon.sh/version: v2.7.x + creationTimestamp: null + labels: + app.kubernetes.io/managed-by: build-deploy-tool + lagoon.sh/buildType: branch + lagoon.sh/environment: main + lagoon.sh/environmentType: production + lagoon.sh/project: example-project + lagoon.sh/service: cli + lagoon.sh/service-type: cli-persistent + lagoon.sh/template: cli-persistent-0.1.0 + name: cronjob-cli-drush-cron2 +spec: + concurrencyPolicy: Forbid + failedJobsHistoryLimit: 1 + jobTemplate: + metadata: + creationTimestamp: null + spec: + template: + metadata: + annotations: + lagoon.sh/branch: main + lagoon.sh/configMapSha: abcdefg1234567890 + lagoon.sh/version: v2.7.x + creationTimestamp: null + labels: + app.kubernetes.io/managed-by: build-deploy-tool + lagoon.sh/buildType: branch + lagoon.sh/environment: main + lagoon.sh/environmentType: production + lagoon.sh/project: example-project + lagoon.sh/service: cli + lagoon.sh/service-type: cli-persistent + lagoon.sh/template: cli-persistent-0.1.0 + spec: + containers: + - command: + - /lagoon/cronjob.sh + - drush cron + env: + - name: LAGOON_GIT_SHA + value: "0000000000000000000000000000000000000000" + - name: SERVICE_NAME + value: cli + envFrom: + - configMapRef: + name: lagoon-env + image: harbor.example/example-project/main/cli@sha256:b2001babafaa8128fe89aa8fd11832cade59931d14c3de5b3ca32e2a010fbaa8 + imagePullPolicy: Always + name: cronjob-cli-drush-cron2 + resources: + requests: + cpu: 10m + memory: 10Mi + securityContext: {} + volumeMounts: + - mountPath: /var/run/secrets/lagoon/sshkey/ + name: lagoon-sshkey + readOnly: true + - mountPath: /app/docroot/sites/default/files//php + name: nginx-php-twig + - mountPath: /app/docroot/sites/default/files/ + name: nginx-php + dnsConfig: + options: + - name: timeout + value: "60" + - name: attempts + value: "10" + enableServiceLinks: false + imagePullSecrets: + - name: lagoon-internal-registry-secret + priorityClassName: lagoon-priority-production + restartPolicy: Never + securityContext: + fsGroup: 10001 + runAsGroup: 0 + runAsUser: 10000 + volumes: + - name: lagoon-sshkey + secret: + defaultMode: 420 + secretName: lagoon-sshkey + - emptyDir: {} + name: nginx-php-twig + - name: nginx-php + persistentVolumeClaim: + claimName: nginx-php + schedule: 18,48 * * * * + startingDeadlineSeconds: 240 + successfulJobsHistoryLimit: 0 +status: {} diff --git a/internal/testdata/complex/service-templates/service5/deployment-cli.yaml b/internal/testdata/complex/service-templates/service5/deployment-cli.yaml new file mode 100644 index 00000000..ac370e98 --- /dev/null +++ b/internal/testdata/complex/service-templates/service5/deployment-cli.yaml @@ -0,0 +1,103 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + lagoon.sh/branch: main + lagoon.sh/version: v2.7.x + creationTimestamp: null + labels: + app.kubernetes.io/instance: cli + app.kubernetes.io/managed-by: build-deploy-tool + app.kubernetes.io/name: cli-persistent + lagoon.sh/buildType: branch + lagoon.sh/environment: main + lagoon.sh/environmentType: production + lagoon.sh/project: example-project + lagoon.sh/service: cli + lagoon.sh/service-type: cli-persistent + lagoon.sh/template: cli-persistent-0.1.0 + name: cli +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: cli + app.kubernetes.io/name: cli-persistent + strategy: {} + template: + metadata: + annotations: + lagoon.sh/branch: main + lagoon.sh/configMapSha: abcdefg1234567890 + lagoon.sh/version: v2.7.x + creationTimestamp: null + labels: + app.kubernetes.io/instance: cli + app.kubernetes.io/managed-by: build-deploy-tool + app.kubernetes.io/name: cli-persistent + lagoon.sh/buildType: branch + lagoon.sh/environment: main + lagoon.sh/environmentType: production + lagoon.sh/project: example-project + lagoon.sh/service: cli + lagoon.sh/service-type: cli-persistent + lagoon.sh/template: cli-persistent-0.1.0 + spec: + containers: + - env: + - name: LAGOON_GIT_SHA + value: "0000000000000000000000000000000000000000" + - name: CRONJOBS + value: | + 3,18,33,48 * * * * drush cron + - name: SERVICE_NAME + value: cli + envFrom: + - configMapRef: + name: lagoon-env + image: harbor.example/example-project/main/cli@sha256:b2001babafaa8128fe89aa8fd11832cade59931d14c3de5b3ca32e2a010fbaa8 + imagePullPolicy: Always + name: cli + readinessProbe: + exec: + command: + - /bin/sh + - -c + - if [ -x /bin/entrypoint-readiness ]; then /bin/entrypoint-readiness; + fi + failureThreshold: 3 + initialDelaySeconds: 5 + periodSeconds: 2 + resources: + requests: + cpu: 10m + memory: 10Mi + securityContext: {} + volumeMounts: + - mountPath: /var/run/secrets/lagoon/sshkey/ + name: lagoon-sshkey + readOnly: true + - mountPath: /app/docroot/sites/default/files//php + name: nginx-php-twig + - mountPath: /app/docroot/sites/default/files/ + name: nginx-php + enableServiceLinks: false + imagePullSecrets: + - name: lagoon-internal-registry-secret + priorityClassName: lagoon-priority-production + securityContext: + fsGroup: 10001 + runAsGroup: 0 + runAsUser: 10000 + volumes: + - name: lagoon-sshkey + secret: + defaultMode: 420 + secretName: lagoon-sshkey + - emptyDir: {} + name: nginx-php-twig + - name: nginx-php + persistentVolumeClaim: + claimName: nginx-php +status: {} diff --git a/internal/testdata/complex/service-templates/service5/deployment-nginx-php.yaml b/internal/testdata/complex/service-templates/service5/deployment-nginx-php.yaml new file mode 100644 index 00000000..72990ae0 --- /dev/null +++ b/internal/testdata/complex/service-templates/service5/deployment-nginx-php.yaml @@ -0,0 +1,155 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + lagoon.sh/branch: main + lagoon.sh/version: v2.7.x + creationTimestamp: null + labels: + app.kubernetes.io/instance: nginx-php + app.kubernetes.io/managed-by: build-deploy-tool + app.kubernetes.io/name: nginx-php-persistent + lagoon.sh/buildType: branch + lagoon.sh/environment: main + lagoon.sh/environmentType: production + lagoon.sh/project: example-project + lagoon.sh/service: nginx-php + lagoon.sh/service-type: nginx-php-persistent + lagoon.sh/template: nginx-php-persistent-0.1.0 + name: nginx-php +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: nginx-php + app.kubernetes.io/name: nginx-php-persistent + strategy: {} + template: + metadata: + annotations: + lagoon.sh/branch: main + lagoon.sh/configMapSha: abcdefg1234567890 + lagoon.sh/version: v2.7.x + creationTimestamp: null + labels: + app.kubernetes.io/instance: nginx-php + app.kubernetes.io/managed-by: build-deploy-tool + app.kubernetes.io/name: nginx-php-persistent + lagoon.sh/buildType: branch + lagoon.sh/environment: main + lagoon.sh/environmentType: production + lagoon.sh/project: example-project + lagoon.sh/service: nginx-php + lagoon.sh/service-type: nginx-php-persistent + lagoon.sh/template: nginx-php-persistent-0.1.0 + spec: + containers: + - env: + - name: NGINX_FASTCGI_PASS + value: 127.0.0.1 + - name: LAGOON_GIT_SHA + value: "0000000000000000000000000000000000000000" + - name: CRONJOBS + - name: SERVICE_NAME + value: nginx-php + envFrom: + - configMapRef: + name: lagoon-env + image: harbor.example/example-project/main/nginx@sha256:b2001babafaa8128fe89aa8fd11832cade59931d14c3de5b3ca32e2a010fbaa8 + imagePullPolicy: Always + livenessProbe: + failureThreshold: 5 + httpGet: + path: /nginx_status + port: 50000 + initialDelaySeconds: 900 + timeoutSeconds: 3 + name: nginx + ports: + - containerPort: 8080 + name: http + protocol: TCP + readinessProbe: + httpGet: + path: /nginx_status + port: 50000 + initialDelaySeconds: 1 + timeoutSeconds: 3 + resources: + requests: + cpu: 10m + memory: 10Mi + securityContext: {} + volumeMounts: + - mountPath: /app/docroot/sites/default/files/ + name: nginx-php + - env: + - name: NGINX_FASTCGI_PASS + value: 127.0.0.1 + - name: LAGOON_GIT_SHA + value: "0000000000000000000000000000000000000000" + - name: SERVICE_NAME + value: nginx-php + envFrom: + - configMapRef: + name: lagoon-env + image: harbor.example/example-project/main/php@sha256:b2001babafaa8128fe89aa8fd11832cade59931d14c3de5b3ca32e2a010fbaa8 + imagePullPolicy: Always + livenessProbe: + initialDelaySeconds: 60 + periodSeconds: 10 + tcpSocket: + port: 9000 + name: php + ports: + - containerPort: 9000 + name: http + protocol: TCP + readinessProbe: + initialDelaySeconds: 2 + periodSeconds: 10 + tcpSocket: + port: 9000 + resources: + requests: + cpu: 10m + memory: 100Mi + securityContext: {} + volumeMounts: + - mountPath: /app/docroot/sites/default/files/ + name: nginx-php + - mountPath: /app/docroot/sites/default/files//php + name: nginx-php-twig + enableServiceLinks: false + imagePullSecrets: + - name: lagoon-internal-registry-secret + initContainers: + - command: + - sh + - -c + - "set -e\nSENTINEL=\"/storage/.lagoon-rootless-migration-complete\"\nif ! + [ -f \"$SENTINEL\" ]; then\n\tfind /storage -exec chown 10000:0 {} +\n\tfind + /storage -exec chmod a+r,u+w {} +\n\tfind /storage -type d -exec chmod a+x + {} +\n\ttouch \"$SENTINEL\"\nfi" + image: library/busybox:musl + imagePullPolicy: IfNotPresent + name: fix-storage-permissions + resources: {} + securityContext: + runAsUser: 0 + volumeMounts: + - mountPath: /storage + name: nginx-php + priorityClassName: lagoon-priority-production + securityContext: + fsGroup: 10001 + runAsGroup: 0 + runAsUser: 10000 + volumes: + - name: nginx-php + persistentVolumeClaim: + claimName: nginx-php + - emptyDir: {} + name: nginx-php-twig +status: {} diff --git a/internal/testdata/complex/service-templates/service5/deployment-redis.yaml b/internal/testdata/complex/service-templates/service5/deployment-redis.yaml new file mode 100644 index 00000000..605ae453 --- /dev/null +++ b/internal/testdata/complex/service-templates/service5/deployment-redis.yaml @@ -0,0 +1,87 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + lagoon.sh/branch: main + lagoon.sh/version: v2.7.x + creationTimestamp: null + labels: + app.kubernetes.io/instance: redis + app.kubernetes.io/managed-by: build-deploy-tool + app.kubernetes.io/name: redis + lagoon.sh/buildType: branch + lagoon.sh/environment: main + lagoon.sh/environmentType: production + lagoon.sh/project: example-project + lagoon.sh/service: redis + lagoon.sh/service-type: redis + lagoon.sh/template: redis-0.1.0 + name: redis +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: redis + app.kubernetes.io/name: redis + strategy: {} + template: + metadata: + annotations: + lagoon.sh/branch: main + lagoon.sh/configMapSha: abcdefg1234567890 + lagoon.sh/version: v2.7.x + creationTimestamp: null + labels: + app.kubernetes.io/instance: redis + app.kubernetes.io/managed-by: build-deploy-tool + app.kubernetes.io/name: redis + lagoon.sh/buildType: branch + lagoon.sh/environment: main + lagoon.sh/environmentType: production + lagoon.sh/project: example-project + lagoon.sh/service: redis + lagoon.sh/service-type: redis + lagoon.sh/template: redis-0.1.0 + spec: + containers: + - env: + - name: LAGOON_GIT_SHA + value: "0000000000000000000000000000000000000000" + - name: CRONJOBS + - name: SERVICE_NAME + value: redis + envFrom: + - configMapRef: + name: lagoon-env + image: harbor.example/example-project/main/redis@sha256:b2001babafaa8128fe89aa8fd11832cade59931d14c3de5b3ca32e2a010fbaa8 + imagePullPolicy: Always + livenessProbe: + initialDelaySeconds: 120 + tcpSocket: + port: 6379 + timeoutSeconds: 1 + name: redis + ports: + - containerPort: 6379 + name: 6379-tcp + protocol: TCP + readinessProbe: + initialDelaySeconds: 1 + tcpSocket: + port: 6379 + timeoutSeconds: 1 + resources: + requests: + cpu: 10m + memory: 10Mi + securityContext: {} + enableServiceLinks: false + imagePullSecrets: + - name: lagoon-internal-registry-secret + priorityClassName: lagoon-priority-production + securityContext: + fsGroup: 10001 + runAsGroup: 0 + runAsUser: 10000 +status: {} diff --git a/internal/testdata/complex/service-templates/service5/deployment-varnish.yaml b/internal/testdata/complex/service-templates/service5/deployment-varnish.yaml new file mode 100644 index 00000000..a1f2743d --- /dev/null +++ b/internal/testdata/complex/service-templates/service5/deployment-varnish.yaml @@ -0,0 +1,90 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + lagoon.sh/branch: main + lagoon.sh/version: v2.7.x + creationTimestamp: null + labels: + app.kubernetes.io/instance: varnish + app.kubernetes.io/managed-by: build-deploy-tool + app.kubernetes.io/name: varnish + lagoon.sh/buildType: branch + lagoon.sh/environment: main + lagoon.sh/environmentType: production + lagoon.sh/project: example-project + lagoon.sh/service: varnish + lagoon.sh/service-type: varnish + lagoon.sh/template: varnish-0.1.0 + name: varnish +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: varnish + app.kubernetes.io/name: varnish + strategy: {} + template: + metadata: + annotations: + lagoon.sh/branch: main + lagoon.sh/configMapSha: abcdefg1234567890 + lagoon.sh/version: v2.7.x + creationTimestamp: null + labels: + app.kubernetes.io/instance: varnish + app.kubernetes.io/managed-by: build-deploy-tool + app.kubernetes.io/name: varnish + lagoon.sh/buildType: branch + lagoon.sh/environment: main + lagoon.sh/environmentType: production + lagoon.sh/project: example-project + lagoon.sh/service: varnish + lagoon.sh/service-type: varnish + lagoon.sh/template: varnish-0.1.0 + spec: + containers: + - env: + - name: LAGOON_GIT_SHA + value: "0000000000000000000000000000000000000000" + - name: CRONJOBS + - name: SERVICE_NAME + value: varnish + envFrom: + - configMapRef: + name: lagoon-env + image: harbor.example/example-project/main/varnish@sha256:b2001babafaa8128fe89aa8fd11832cade59931d14c3de5b3ca32e2a010fbaa8 + imagePullPolicy: Always + livenessProbe: + initialDelaySeconds: 60 + tcpSocket: + port: 8080 + timeoutSeconds: 10 + name: varnish + ports: + - containerPort: 8080 + name: http + protocol: TCP + - containerPort: 6082 + name: controlport + protocol: TCP + readinessProbe: + initialDelaySeconds: 1 + tcpSocket: + port: 8080 + timeoutSeconds: 1 + resources: + requests: + cpu: 10m + memory: 10Mi + securityContext: {} + enableServiceLinks: false + imagePullSecrets: + - name: lagoon-internal-registry-secret + priorityClassName: lagoon-priority-production + securityContext: + fsGroup: 10001 + runAsGroup: 0 + runAsUser: 10000 +status: {} diff --git a/internal/testdata/complex/service-templates/service5/pvc-nginx-php.yaml b/internal/testdata/complex/service-templates/service5/pvc-nginx-php.yaml new file mode 100644 index 00000000..9705d159 --- /dev/null +++ b/internal/testdata/complex/service-templates/service5/pvc-nginx-php.yaml @@ -0,0 +1,30 @@ +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + annotations: + k8up.io/backup: "true" + k8up.syn.tools/backup: "true" + lagoon.sh/branch: main + lagoon.sh/version: v2.7.x + creationTimestamp: null + labels: + app.kubernetes.io/instance: nginx-php + app.kubernetes.io/managed-by: build-deploy-tool + app.kubernetes.io/name: nginx-php-persistent + lagoon.sh/buildType: branch + lagoon.sh/environment: main + lagoon.sh/environmentType: production + lagoon.sh/project: example-project + lagoon.sh/service: nginx-php + lagoon.sh/service-type: nginx-php-persistent + lagoon.sh/template: nginx-php-persistent-0.1.0 + name: nginx-php +spec: + accessModes: + - ReadWriteMany + resources: + requests: + storage: 5Gi + storageClassName: bulk +status: {} diff --git a/internal/testdata/complex/service-templates/service5/service-nginx-php.yaml b/internal/testdata/complex/service-templates/service5/service-nginx-php.yaml new file mode 100644 index 00000000..0e8aba6e --- /dev/null +++ b/internal/testdata/complex/service-templates/service5/service-nginx-php.yaml @@ -0,0 +1,31 @@ +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + lagoon.sh/branch: main + lagoon.sh/version: v2.7.x + creationTimestamp: null + labels: + app.kubernetes.io/instance: nginx-php + app.kubernetes.io/managed-by: build-deploy-tool + app.kubernetes.io/name: nginx-php-persistent + lagoon.sh/buildType: branch + lagoon.sh/environment: main + lagoon.sh/environmentType: production + lagoon.sh/project: example-project + lagoon.sh/service: nginx-php + lagoon.sh/service-type: nginx-php-persistent + lagoon.sh/template: nginx-php-persistent-0.1.0 + name: nginx-php +spec: + ports: + - name: http + port: 8080 + protocol: TCP + targetPort: http + selector: + app.kubernetes.io/instance: nginx-php + app.kubernetes.io/name: nginx-php-persistent +status: + loadBalancer: {} diff --git a/internal/testdata/complex/service-templates/service5/service-redis.yaml b/internal/testdata/complex/service-templates/service5/service-redis.yaml new file mode 100644 index 00000000..e0c26762 --- /dev/null +++ b/internal/testdata/complex/service-templates/service5/service-redis.yaml @@ -0,0 +1,31 @@ +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + lagoon.sh/branch: main + lagoon.sh/version: v2.7.x + creationTimestamp: null + labels: + app.kubernetes.io/instance: redis + app.kubernetes.io/managed-by: build-deploy-tool + app.kubernetes.io/name: redis + lagoon.sh/buildType: branch + lagoon.sh/environment: main + lagoon.sh/environmentType: production + lagoon.sh/project: example-project + lagoon.sh/service: redis + lagoon.sh/service-type: redis + lagoon.sh/template: redis-0.1.0 + name: redis +spec: + ports: + - name: 6379-tcp + port: 6379 + protocol: TCP + targetPort: 6379 + selector: + app.kubernetes.io/instance: redis + app.kubernetes.io/name: redis +status: + loadBalancer: {} diff --git a/internal/testdata/complex/service-templates/service5/service-varnish.yaml b/internal/testdata/complex/service-templates/service5/service-varnish.yaml new file mode 100644 index 00000000..9a9ae6c8 --- /dev/null +++ b/internal/testdata/complex/service-templates/service5/service-varnish.yaml @@ -0,0 +1,35 @@ +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + lagoon.sh/branch: main + lagoon.sh/version: v2.7.x + creationTimestamp: null + labels: + app.kubernetes.io/instance: varnish + app.kubernetes.io/managed-by: build-deploy-tool + app.kubernetes.io/name: varnish + lagoon.sh/buildType: branch + lagoon.sh/environment: main + lagoon.sh/environmentType: production + lagoon.sh/project: example-project + lagoon.sh/service: varnish + lagoon.sh/service-type: varnish + lagoon.sh/template: varnish-0.1.0 + name: varnish +spec: + ports: + - name: http + port: 8080 + protocol: TCP + targetPort: http + - name: controlport + port: 6082 + protocol: TCP + targetPort: controlport + selector: + app.kubernetes.io/instance: varnish + app.kubernetes.io/name: varnish +status: + loadBalancer: {} diff --git a/internal/testdata/testdata.go b/internal/testdata/testdata.go index 37ef18d4..ac05adea 100644 --- a/internal/testdata/testdata.go +++ b/internal/testdata/testdata.go @@ -58,6 +58,7 @@ type TestData struct { DynamicSecrets []string DynamicDBaaSSecrets []string ImageCacheBuildArgsJSON string + SSHPrivateKey string } // helper function to set up all the environment variables from provided testdata @@ -192,6 +193,10 @@ func SetupEnvironment(rootCmd cobra.Command, templatePath string, t TestData) (g if err != nil { return generator.GeneratorInput{}, err } + err = os.Setenv("SSH_PRIVATE_KEY", t.SSHPrivateKey) + if err != nil { + return generator.GeneratorInput{}, err + } generator, err := generator.GenerateInput(rootCmd, false) if err != nil { @@ -238,6 +243,7 @@ func GetSeedData(t TestData, defaultProjectVariables bool) TestData { SourceRepository: "ssh://git@example.com/lagoon-demo.git", Kubernetes: "remote-cluster1", GitSHA: "abcdefg123456", + SSHPrivateKey: "-----BEGIN OPENSSH PRIVATE KEY-----\nthisisafakekey\n-----END OPENSSH PRIVATE KEY-----", } if t.ProjectName != "" { rt.ProjectName = t.ProjectName @@ -335,5 +341,8 @@ func GetSeedData(t TestData, defaultProjectVariables bool) TestData { if t.ImageCacheBuildArgsJSON != "" { rt.ImageCacheBuildArgsJSON = t.ImageCacheBuildArgsJSON } + if t.SSHPrivateKey != "" { + rt.SSHPrivateKey = t.SSHPrivateKey + } return rt }