From 018ff2403bfe243968e488995c70380fedc15eb1 Mon Sep 17 00:00:00 2001 From: shreddedbacon Date: Sun, 20 Oct 2024 14:06:40 +1100 Subject: [PATCH] refactor: install isolated lagoon for upgradeability --- .github/workflows/test-suite.yaml | 7 +- Makefile | 206 ++++++++++++++++++------------ 2 files changed, 133 insertions(+), 80 deletions(-) diff --git a/.github/workflows/test-suite.yaml b/.github/workflows/test-suite.yaml index dd99a5f6..a485f77f 100644 --- a/.github/workflows/test-suite.yaml +++ b/.github/workflows/test-suite.yaml @@ -133,7 +133,10 @@ jobs: if: | (steps.list-changed.outputs.changed == 'true' && !contains(github.event.pull_request.labels.*.name, 'next-release')) || (contains(github.event.pull_request.labels.*.name, 'needs-testing')) - run: make -j8 -O fill-test-ci-values TESTS=[${{ matrix.test }}] + run: | + make install-lagoon-dependencies + make install-lagoon + make -j8 -O fill-test-ci-values TESTS=[${{ matrix.test }}] - name: Helm-install the test fixtures and fill lagoon-test/ci/linter-values.yaml (next-release) if: | @@ -141,6 +144,8 @@ jobs: (contains(github.event.pull_request.labels.*.name, 'next-release')) run: | yq eval-all --inplace 'select(fileIndex == 0) * select(fileIndex == 1)' ./charts/lagoon-core/ci/linter-values.yaml ./charts/lagoon-core/ci/testlagoon-main-override.yaml + make install-lagoon-dependencies IMAGE_REGISTRY=testlagoon IMAGE_TAG=main OVERRIDE_BUILD_DEPLOY_DIND_IMAGE=uselagoon/build-deploy-image:main OVERRIDE_ACTIVE_STANDBY_TASK_IMAGE=testlagoon/task-activestandby:main + make install-lagoon IMAGE_REGISTRY=testlagoon IMAGE_TAG=main OVERRIDE_BUILD_DEPLOY_DIND_IMAGE=uselagoon/build-deploy-image:main OVERRIDE_ACTIVE_STANDBY_TASK_IMAGE=testlagoon/task-activestandby:main make -j8 -O fill-test-ci-values TESTS=[${{ matrix.test }}] IMAGE_REGISTRY=testlagoon IMAGE_TAG=main OVERRIDE_BUILD_DEPLOY_DIND_IMAGE=uselagoon/build-deploy-image:main OVERRIDE_ACTIVE_STANDBY_TASK_IMAGE=testlagoon/task-activestandby:main - name: Free up some disk space diff --git a/Makefile b/Makefile index 00b397b8..14ab4b71 100644 --- a/Makefile +++ b/Makefile @@ -47,6 +47,21 @@ CLEAR_API_DATA = false DOCKER_NETWORK = kind LAGOON_SSH_PORTAL_LOADBALANCER = +# don't install stable charts by default +INSTALL_STABLE_CORE = false +INSTALL_STABLE_REMOTE = false +INSTALL_STABLE_BUILDDEPLOY = false + +# unset will install latest released chart version +STABLE_CORE_CHART_VERSION = +STABLE_REMOTE_CHART_VERSION = +STABLE_BUILDDEPLOY_CHART_VERSION = + +# install dbaas providers by default +INSTALL_MARIADB_PROVIDER = true +INSTALL_POSTGRES_PROVIDER = true +INSTALL_MONGODB_PROVIDER = true + TIMEOUT = 30m HELM = helm KUBECTL = kubectl @@ -66,13 +81,6 @@ fill-test-ci-values: && envsubst < $$valueTemplate.tpl > $$valueTemplate \ && cat $$valueTemplate -ifneq ($(SKIP_ALL_DEPS),true) -ifneq ($(SKIP_INSTALL_REGISTRY),true) -fill-test-ci-values: install-registry -endif -fill-test-ci-values: install-ingress install-lagoon-core install-lagoon-build-deploy install-bulk-storageclass -endif - # metallb is used to allow access to the ingress within kubernetes without having to specify a node port # it picks a small range from the end of the network used by the cluster .PHONY: install-metallb @@ -140,7 +148,7 @@ install-registry: install-mailpit --set expose.tls.enabled=true \ --set expose.tls.certSource=secret \ --set expose.tls.secret.secretName=harbor-ingress \ - --set "expose.ingress.annotations.kubernetes\.io\/ingress\.class=nginx" \ + --set expose.ingress.className=nginx \ --set-string expose.ingress.annotations.kubernetes\\.io/tls-acme=true \ --set "expose.ingress.hosts.core=registry.$$($(KUBECTL) -n ingress-nginx get services ingress-nginx-controller -o jsonpath='{.status.loadBalancer.ingress[0].ip}').nip.io" \ --set "externalURL=https://registry.$$($(KUBECTL) -n ingress-nginx get services ingress-nginx-controller -o jsonpath='{.status.loadBalancer.ingress[0].ip}').nip.io" \ @@ -148,7 +156,7 @@ install-registry: install-mailpit --set clair.enabled=false \ --set notary.enabled=false \ --set trivy.enabled=false \ - --version=1.14.0 \ + --version=1.14.3 \ registry \ harbor/harbor @@ -169,6 +177,7 @@ install-mailpit: install-ingress .PHONY: install-mariadb install-mariadb: +ifeq ($(INSTALL_MARIADB_PROVIDER),true) # root password is required on upgrade if the chart is already installed $(HELM) upgrade \ --install \ @@ -180,9 +189,11 @@ install-mariadb: --version=12.2.9 \ mariadb \ bitnami/mariadb +endif .PHONY: install-postgresql install-postgresql: +ifeq ($(INSTALL_POSTGRES_PROVIDER),true) # root password is required on upgrade if the chart is already installed $(HELM) upgrade \ --install \ @@ -194,9 +205,11 @@ install-postgresql: --version=11.9.13 \ postgresql \ bitnami/postgresql +endif .PHONY: install-mongodb install-mongodb: +ifeq ($(INSTALL_MONGODB_PROVIDER),true) $(HELM) upgrade \ --install \ --create-namespace \ @@ -208,6 +221,7 @@ install-mongodb: --version=12.1.31 \ mongodb \ bitnami/mongodb +endif .PHONY: install-minio install-minio: install-ingress @@ -225,38 +239,55 @@ install-minio: install-ingress minio \ bitnami/minio +# this will install all the Lagoon dependencies prior to anything related to Lagoon being installed +# this allows for only Lagoon core, remote, or the build-deploy chart to be installed or upgraded without having +# to re-run all the initial dependencies +.PHONY: install-lagoon-dependencies +install-lagoon-dependencies: install-registry install-minio install-mariadb install-postgresql install-mongodb install-bulk-storageclass + +# this installs lagoon-core, lagoon-remote, and lagoon-build-deploy +.PHONY: install-lagoon +install-lagoon: install-lagoon-core install-lagoon-remote install-lagoon-build-deploy + .PHONY: install-lagoon-core -install-lagoon-core: install-minio +install-lagoon-core: +ifneq ($(INSTALL_STABLE_CORE),true) $(HELM) dependency build ./charts/lagoon-core/ +else +ifeq (,$(subst ",,$(STABLE_CORE_CHART_VERSION))) + $(eval STABLE_CORE_CHART_VERSION = $(shell $(HELM) search repo lagoon/lagoon-core -o json | $(JQ) -r '.[]|.version')) +endif +endif $(HELM) upgrade \ --install \ --create-namespace \ --namespace lagoon-core \ --wait \ --timeout $(TIMEOUT) \ - --values ./charts/lagoon-core/ci/linter-values.yaml \ - $$([ $(IMAGE_TAG) ] && echo '--set imageTag=$(IMAGE_TAG)') \ - $$([ $(OVERRIDE_ACTIVE_STANDBY_TASK_IMAGE) ] && echo '--set overwriteActiveStandbyTaskImage=$(OVERRIDE_ACTIVE_STANDBY_TASK_IMAGE)') \ - $$([ $(OVERRIDE_BUILD_DEPLOY_DIND_IMAGE) ] && echo '--set buildDeployImage.default.image=$(OVERRIDE_BUILD_DEPLOY_DIND_IMAGE)') \ + $$([ $(INSTALL_STABLE_CORE) = true ] && [ $(STABLE_CORE_CHART_VERSION) ] && echo '--version=$(STABLE_CORE_CHART_VERSION)') \ + $$(if [ $(INSTALL_STABLE_CORE) = true ]; then echo '--values https://raw.githubusercontent.com/uselagoon/lagoon-charts/refs/tags/lagoon-core-$(STABLE_CORE_CHART_VERSION)/charts/lagoon-core/ci/linter-values.yaml'; else echo '--values ./charts/lagoon-core/ci/linter-values.yaml'; fi) \ + $$([ $(IMAGE_TAG) ] && [ $(INSTALL_STABLE_CORE) != true ] && echo '--set imageTag=$(IMAGE_TAG)') \ + $$([ $(OVERRIDE_ACTIVE_STANDBY_TASK_IMAGE) ] && [ $(INSTALL_STABLE_CORE) != true ] && echo '--set overwriteActiveStandbyTaskImage=$(OVERRIDE_ACTIVE_STANDBY_TASK_IMAGE)') \ + $$([ $(OVERRIDE_BUILD_DEPLOY_DIND_IMAGE) ] && [ $(INSTALL_STABLE_CORE) != true ] && echo '--set buildDeployImage.default.image=$(OVERRIDE_BUILD_DEPLOY_DIND_IMAGE)') \ $$([ $(DISABLE_CORE_HARBOR) ] && echo '--set api.additionalEnvs.DISABLE_CORE_HARBOR=$(DISABLE_CORE_HARBOR)') \ $$([ $(OPENSEARCH_INTEGRATION_ENABLED) ] && echo '--set api.additionalEnvs.OPENSEARCH_INTEGRATION_ENABLED=$(OPENSEARCH_INTEGRATION_ENABLED)') \ --set "keycloakFrontEndURL=http://lagoon-keycloak.$$($(KUBECTL) -n ingress-nginx get services ingress-nginx-controller -o jsonpath='{.status.loadBalancer.ingress[0].ip}').nip.io" \ --set "lagoonAPIURL=http://lagoon-api.$$($(KUBECTL) -n ingress-nginx get services ingress-nginx-controller -o jsonpath='{.status.loadBalancer.ingress[0].ip}').nip.io/graphql" \ --set "lagoonUIURL=http://lagoon-ui.$$($(KUBECTL) -n ingress-nginx get services ingress-nginx-controller -o jsonpath='{.status.loadBalancer.ingress[0].ip}').nip.io" \ --set "lagoonWebhookURL=http://lagoon-webhook.$$($(KUBECTL) -n ingress-nginx get services ingress-nginx-controller -o jsonpath='{.status.loadBalancer.ingress[0].ip}').nip.io" \ - --set actionsHandler.image.repository=$(IMAGE_REGISTRY)/actions-handler \ - --set api.image.repository=$(IMAGE_REGISTRY)/api \ - --set apiDB.image.repository=$(IMAGE_REGISTRY)/api-db \ - --set apiRedis.image.repository=$(IMAGE_REGISTRY)/api-redis \ - --set authServer.image.repository=$(IMAGE_REGISTRY)/auth-server \ + $$([ $(IMAGE_REGISTRY) ] && [ $(INSTALL_STABLE_CORE) != true ] && echo '--set actionsHandler.image.repository=$(IMAGE_REGISTRY)/actions-handler') \ + $$([ $(IMAGE_REGISTRY) ] && [ $(INSTALL_STABLE_CORE) != true ] && echo '--set api.image.repository=$(IMAGE_REGISTRY)/api') \ + $$([ $(IMAGE_REGISTRY) ] && [ $(INSTALL_STABLE_CORE) != true ] && echo '--set apiDB.image.repository=$(IMAGE_REGISTRY)/api-db') \ + $$([ $(IMAGE_REGISTRY) ] && [ $(INSTALL_STABLE_CORE) != true ] && echo '--set apiRedis.image.repository=$(IMAGE_REGISTRY)/api-redis') \ + $$([ $(IMAGE_REGISTRY) ] && [ $(INSTALL_STABLE_CORE) != true ] && echo '--set authServer.image.repository=$(IMAGE_REGISTRY)/auth-server') \ --set autoIdler.enabled=false \ --set backupHandler.enabled=false \ - --set broker.image.repository=$(IMAGE_REGISTRY)/broker \ - --set apiSidecarHandler.image.repository=$(IMAGE_REGISTRY)/api-sidecar-handler \ + $$([ $(IMAGE_REGISTRY) ] && [ $(INSTALL_STABLE_CORE) != true ] && echo '--set broker.image.repository=$(IMAGE_REGISTRY)/broker') \ + $$([ $(IMAGE_REGISTRY) ] && [ $(INSTALL_STABLE_CORE) != true ] && echo '--set apiSidecarHandler.image.repository=$(IMAGE_REGISTRY)/api-sidecar-handler') \ --set insightsHandler.enabled=false \ - --set keycloak.image.repository=$(IMAGE_REGISTRY)/keycloak \ - --set keycloakDB.image.repository=$(IMAGE_REGISTRY)/keycloak-db \ - --set logs2notifications.image.repository=$(IMAGE_REGISTRY)/logs2notifications \ + $$([ $(IMAGE_REGISTRY) ] && [ $(INSTALL_STABLE_CORE) != true ] && echo '--set keycloak.image.repository=$(IMAGE_REGISTRY)/keycloak') \ + $$([ $(IMAGE_REGISTRY) ] && [ $(INSTALL_STABLE_CORE) != true ] && echo '--set keycloakDB.image.repository=$(IMAGE_REGISTRY)/keycloak-db') \ + $$([ $(IMAGE_REGISTRY) ] && [ $(INSTALL_STABLE_CORE) != true ] && echo '--set logs2notifications.image.repository=$(IMAGE_REGISTRY)/logs2notifications') \ --set logs2notifications.additionalEnvs.EMAIL_HOST="mailpit-smtp.mailpit.svc" \ --set logs2notifications.additionalEnvs.EMAIL_PORT="25" \ --set logs2notifications.logs2email.disabled=false \ @@ -264,9 +295,9 @@ install-lagoon-core: install-minio --set logs2notifications.logs2rocketchat.disabled=true \ --set logs2notifications.logs2slack.disabled=true \ --set logs2notifications.logs2webhooks.disabled=true \ - --set ssh.image.repository=$(IMAGE_REGISTRY)/ssh \ - --set webhookHandler.image.repository=$(IMAGE_REGISTRY)/webhook-handler \ - --set webhooks2tasks.image.repository=$(IMAGE_REGISTRY)/webhooks2tasks \ + $$([ $(IMAGE_REGISTRY) ] && [ $(INSTALL_STABLE_CORE) != true ] && echo '--set ssh.image.repository=$(IMAGE_REGISTRY)/ssh') \ + $$([ $(IMAGE_REGISTRY) ] && [ $(INSTALL_STABLE_CORE) != true ] && echo '--set webhookHandler.image.repository=$(IMAGE_REGISTRY)/webhook-handler') \ + $$([ $(IMAGE_REGISTRY) ] && [ $(INSTALL_STABLE_CORE) != true ] && echo '--set webhooks2tasks.image.repository=$(IMAGE_REGISTRY)/webhooks2tasks') \ --set s3FilesAccessKeyID=lagoonFilesAccessKey \ --set s3FilesSecretAccessKey=lagoonFilesSecretKey \ --set s3FilesBucket=lagoon-files \ @@ -286,7 +317,7 @@ install-lagoon-core: install-minio --set broker.ingress.enabled=true \ --set broker.ingress.hosts[0].host="lagoon-broker.$$($(KUBECTL) -n ingress-nginx get services ingress-nginx-controller -o jsonpath='{.status.loadBalancer.ingress[0].ip}').nip.io" \ --set broker.ingress.hosts[0].paths[0]="/" \ - --set workflows.image.repository=$(IMAGE_REGISTRY)/workflows \ + $$([ $(IMAGE_REGISTRY) ] && [ $(INSTALL_STABLE_CORE) != true ] && echo '--set workflows.image.repository=$(IMAGE_REGISTRY)/workflows') \ --set keycloak.email.enabled=true \ --set keycloak.email.settings.host=mailpit-smtp.mailpit.svc \ --set keycloak.email.settings.port=25 \ @@ -295,78 +326,92 @@ install-lagoon-core: install-minio $$([ $(LAGOON_SSH_PORTAL_LOADBALANCER) ] && echo '--set ssh.service.type=LoadBalancer') \ $$([ $(LAGOON_SSH_PORTAL_LOADBALANCER) ] && echo '--set ssh.service.port=2020') \ lagoon-core \ - ./charts/lagoon-core + $$(if [ $(INSTALL_STABLE_CORE) = true ]; then echo 'lagoon/lagoon-core'; else echo './charts/lagoon-core'; fi) + $(KUBECTL) -n lagoon-core patch deployment lagoon-core-api -p '{"spec":{"template":{"spec":{"containers":[{"name":"api","env":[{"name":"SSH_TOKEN_ENDPOINT","value":"lagoon-token.'$$($(KUBECTL) -n lagoon-core get services lagoon-core-ssh-token -o jsonpath='{.status.loadBalancer.ingress[0].ip}')'.nip.io"}]}]}}}}' .PHONY: install-lagoon-remote -install-lagoon-remote: install-mariadb install-postgresql install-mongodb install-lagoon-core +install-lagoon-remote: +ifneq ($(INSTALL_STABLE_REMOTE),true) $(HELM) dependency build ./charts/lagoon-remote/ +else +ifeq (,$(subst ",,$(STABLE_REMOTE_CHART_VERSION))) + $(eval STABLE_REMOTE_CHART_VERSION := $(shell $(HELM) search repo lagoon/lagoon-remote -o json | $(JQ) -r '.[]|.version')) +endif +endif $(HELM) upgrade \ --install \ --create-namespace \ --namespace lagoon \ --wait \ --timeout $(TIMEOUT) \ - --values ./charts/lagoon-remote/ci/linter-values.yaml \ + $$([ $(INSTALL_STABLE_REMOTE) = true ] && [ $(STABLE_REMOTE_CHART_VERSION) ] && echo '--version=$(STABLE_REMOTE_CHART_VERSION)') \ + $$(if [ $(INSTALL_STABLE_REMOTE) = true ]; then echo '--values https://raw.githubusercontent.com/uselagoon/lagoon-charts/refs/tags/lagoon-remote-$(STABLE_REMOTE_CHART_VERSION)/charts/lagoon-remote/ci/linter-values.yaml'; else echo '--values ./charts/lagoon-remote/ci/linter-values.yaml'; fi) \ --set "lagoon-build-deploy.enabled=false" \ --set "dockerHost.registry=registry.$$($(KUBECTL) -n ingress-nginx get services ingress-nginx-controller -o jsonpath='{.status.loadBalancer.ingress[0].ip}').nip.io" \ - --set "dbaas-operator.mariadbProviders.development.environment=development" \ - --set "dbaas-operator.mariadbProviders.development.hostname=mariadb.mariadb.svc.cluster.local" \ - --set "dbaas-operator.mariadbProviders.development.password=$$($(KUBECTL) get secret --namespace mariadb mariadb -o json | $(JQ) -r '.data."mariadb-root-password" | @base64d')" \ - --set "dbaas-operator.mariadbProviders.development.port=3306" \ - --set "dbaas-operator.mariadbProviders.development.user=root" \ - --set "dbaas-operator.mariadbProviders.production.environment=production" \ - --set "dbaas-operator.mariadbProviders.production.hostname=mariadb.mariadb.svc.cluster.local" \ - --set "dbaas-operator.mariadbProviders.production.password=$$($(KUBECTL) get secret --namespace mariadb mariadb -o json | $(JQ) -r '.data."mariadb-root-password" | @base64d')" \ - --set "dbaas-operator.mariadbProviders.production.port=3306" \ - --set "dbaas-operator.mariadbProviders.production.user=root" \ - --set "dbaas-operator.postgresqlProviders.development.environment=development" \ - --set "dbaas-operator.postgresqlProviders.development.hostname=postgresql.postgresql.svc.cluster.local" \ - --set "dbaas-operator.postgresqlProviders.development.password=$$($(KUBECTL) get secret --namespace postgresql postgresql -o json | $(JQ) -r '.data."postgres-password" | @base64d')" \ - --set "dbaas-operator.postgresqlProviders.development.port=5432" \ - --set "dbaas-operator.postgresqlProviders.development.user=postgres" \ - --set "dbaas-operator.postgresqlProviders.production.environment=production" \ - --set "dbaas-operator.postgresqlProviders.production.hostname=postgresql.postgresql.svc.cluster.local" \ - --set "dbaas-operator.postgresqlProviders.production.password=$$($(KUBECTL) get secret --namespace postgresql postgresql -o json | $(JQ) -r '.data."postgres-password" | @base64d')" \ - --set "dbaas-operator.postgresqlProviders.production.port=5432" \ - --set "dbaas-operator.postgresqlProviders.production.user=postgres" \ - --set "dbaas-operator.mongodbProviders.development.environment=development" \ - --set "dbaas-operator.mongodbProviders.development.hostname=mongodb.mongodb.svc.cluster.local" \ - --set "dbaas-operator.mongodbProviders.development.password=$$($(KUBECTL) get secret --namespace mongodb mongodb -o json | $(JQ) -r '.data."mongodb-root-password" | @base64d')" \ - --set "dbaas-operator.mongodbProviders.development.port=27017" \ - --set "dbaas-operator.mongodbProviders.development.user=root" \ - --set "dbaas-operator.mongodbProviders.development.auth.mechanism=SCRAM-SHA-1" \ - --set "dbaas-operator.mongodbProviders.development.auth.source=admin" \ - --set "dbaas-operator.mongodbProviders.development.auth.tls=false" \ - --set "dbaas-operator.mongodbProviders.production.environment=production" \ - --set "dbaas-operator.mongodbProviders.production.hostname=mongodb.mongodb.svc.cluster.local" \ - --set "dbaas-operator.mongodbProviders.production.password=$$($(KUBECTL) get secret --namespace mongodb mongodb -o json | $(JQ) -r '.data."mongodb-root-password" | @base64d')" \ - --set "dbaas-operator.mongodbProviders.production.port=27017" \ - --set "dbaas-operator.mongodbProviders.production.user=root" \ - --set "dbaas-operator.mongodbProviders.production.auth.mechanism=SCRAM-SHA-1" \ - --set "dbaas-operator.mongodbProviders.production.auth.source=admin" \ - --set "dbaas-operator.mongodbProviders.production.auth.tls=false" \ + $$([ $(INSTALL_MARIADB_PROVIDER) = true ] && echo '--set dbaas-operator.mariadbProviders.development.environment=development') \ + $$([ $(INSTALL_MARIADB_PROVIDER) = true ] && echo '--set dbaas-operator.mariadbProviders.development.hostname=mariadb.mariadb.svc.cluster.local') \ + $$([ $(INSTALL_MARIADB_PROVIDER) = true ] && echo '--set dbaas-operator.mariadbProviders.development.password='$$($(KUBECTL) get secret --namespace mariadb mariadb -o json | $(JQ) -r '.data."mariadb-root-password" | @base64d')'') \ + $$([ $(INSTALL_MARIADB_PROVIDER) = true ] && echo '--set dbaas-operator.mariadbProviders.development.port=3306') \ + $$([ $(INSTALL_MARIADB_PROVIDER) = true ] && echo '--set dbaas-operator.mariadbProviders.development.user=root') \ + $$([ $(INSTALL_MARIADB_PROVIDER) = true ] && echo '--set dbaas-operator.mariadbProviders.production.environment=production') \ + $$([ $(INSTALL_MARIADB_PROVIDER) = true ] && echo '--set dbaas-operator.mariadbProviders.production.hostname=mariadb.mariadb.svc.cluster.local') \ + $$([ $(INSTALL_MARIADB_PROVIDER) = true ] && echo '--set dbaas-operator.mariadbProviders.production.password='$$($(KUBECTL) get secret --namespace mariadb mariadb -o json | $(JQ) -r '.data."mariadb-root-password" | @base64d')'') \ + $$([ $(INSTALL_MARIADB_PROVIDER) = true ] && echo '--set dbaas-operator.mariadbProviders.production.port=3306') \ + $$([ $(INSTALL_MARIADB_PROVIDER) = true ] && echo '--set dbaas-operator.mariadbProviders.production.user=root') \ + $$([ $(INSTALL_POSTGRES_PROVIDER) = true ] && echo '--set dbaas-operator.postgresqlProviders.development.environment=development') \ + $$([ $(INSTALL_POSTGRES_PROVIDER) = true ] && echo '--set dbaas-operator.postgresqlProviders.development.hostname=postgresql.postgresql.svc.cluster.local') \ + $$([ $(INSTALL_POSTGRES_PROVIDER) = true ] && echo '--set dbaas-operator.postgresqlProviders.development.password='$$($(KUBECTL) get secret --namespace postgresql postgresql -o json | $(JQ) -r '.data."postgres-password" | @base64d')'') \ + $$([ $(INSTALL_POSTGRES_PROVIDER) = true ] && echo '--set dbaas-operator.postgresqlProviders.development.port=5432') \ + $$([ $(INSTALL_POSTGRES_PROVIDER) = true ] && echo '--set dbaas-operator.postgresqlProviders.development.user=postgres') \ + $$([ $(INSTALL_POSTGRES_PROVIDER) = true ] && echo '--set dbaas-operator.postgresqlProviders.production.environment=production') \ + $$([ $(INSTALL_POSTGRES_PROVIDER) = true ] && echo '--set dbaas-operator.postgresqlProviders.production.hostname=postgresql.postgresql.svc.cluster.local') \ + $$([ $(INSTALL_POSTGRES_PROVIDER) = true ] && echo '--set dbaas-operator.postgresqlProviders.production.password='$$($(KUBECTL) get secret --namespace postgresql postgresql -o json | $(JQ) -r '.data."postgres-password" | @base64d')'') \ + $$([ $(INSTALL_POSTGRES_PROVIDER) = true ] && echo '--set dbaas-operator.postgresqlProviders.production.port=5432') \ + $$([ $(INSTALL_POSTGRES_PROVIDER) = true ] && echo '--set dbaas-operator.postgresqlProviders.production.user=postgres') \ + $$([ $(INSTALL_MONGODB_PROVIDER) = true ] && echo '--set dbaas-operator.mongodbProviders.development.environment=development') \ + $$([ $(INSTALL_MONGODB_PROVIDER) = true ] && echo '--set dbaas-operator.mongodbProviders.development.hostname=mongodb.mongodb.svc.cluster.local') \ + $$([ $(INSTALL_MONGODB_PROVIDER) = true ] && echo '--set dbaas-operator.mongodbProviders.development.password='$$($(KUBECTL) get secret --namespace mongodb mongodb -o json | $(JQ) -r '.data."mongodb-root-password" | @base64d')'') \ + $$([ $(INSTALL_MONGODB_PROVIDER) = true ] && echo '--set dbaas-operator.mongodbProviders.development.port=27017') \ + $$([ $(INSTALL_MONGODB_PROVIDER) = true ] && echo '--set dbaas-operator.mongodbProviders.development.user=root') \ + $$([ $(INSTALL_MONGODB_PROVIDER) = true ] && echo '--set dbaas-operator.mongodbProviders.development.auth.mechanism=SCRAM-SHA-1') \ + $$([ $(INSTALL_MONGODB_PROVIDER) = true ] && echo '--set dbaas-operator.mongodbProviders.development.auth.source=admin') \ + $$([ $(INSTALL_MONGODB_PROVIDER) = true ] && echo '--set dbaas-operator.mongodbProviders.development.auth.tls=false') \ + $$([ $(INSTALL_MONGODB_PROVIDER) = true ] && echo '--set dbaas-operator.mongodbProviders.production.environment=production') \ + $$([ $(INSTALL_MONGODB_PROVIDER) = true ] && echo '--set dbaas-operator.mongodbProviders.production.hostname=mongodb.mongodb.svc.cluster.local') \ + $$([ $(INSTALL_MONGODB_PROVIDER) = true ] && echo '--set dbaas-operator.mongodbProviders.production.password='$$($(KUBECTL) get secret --namespace mongodb mongodb -o json | $(JQ) -r '.data."mongodb-root-password" | @base64d')'') \ + $$([ $(INSTALL_MONGODB_PROVIDER) = true ] && echo '--set dbaas-operator.mongodbProviders.production.port=27017') \ + $$([ $(INSTALL_MONGODB_PROVIDER) = true ] && echo '--set dbaas-operator.mongodbProviders.production.user=root') \ + $$([ $(INSTALL_MONGODB_PROVIDER) = true ] && echo '--set dbaas-operator.mongodbProviders.production.auth.mechanism=SCRAM-SHA-1') \ + $$([ $(INSTALL_MONGODB_PROVIDER) = true ] && echo '--set dbaas-operator.mongodbProviders.production.auth.source=admin') \ + $$([ $(INSTALL_MONGODB_PROVIDER) = true ] && echo '--set dbaas-operator.mongodbProviders.production.auth.tls=false') \ --set "sshCore.enaled=true" \ --set "mxoutHost=mailpit-smtp.mailpit.svc.cluster.local" \ - $$([ $(IMAGE_TAG) ] && echo '--set imageTag=$(IMAGE_TAG)') \ + $$([ $(IMAGE_TAG) ] && [ $(INSTALL_STABLE_REMOTE) != true ] && echo '--set imageTag=$(IMAGE_TAG)') \ $$([ $(LAGOON_SSH_PORTAL_LOADBALANCER) ] && echo '--set sshPortal.service.type=LoadBalancer') \ $$([ $(LAGOON_SSH_PORTAL_LOADBALANCER) ] && echo '--set sshPortal.service.ports.sshserver=2222') \ lagoon-remote \ - ./charts/lagoon-remote - $(KUBECTL) -n lagoon-core patch deployment lagoon-core-api -p '{"spec":{"template":{"spec":{"containers":[{"name":"api","env":[{"name":"SSH_TOKEN_ENDPOINT_PORT","value":"'$$($(KUBECTL) -n lagoon get services lagoon-remote-ssh-portal -o jsonpath='{.spec.ports[0].port}')'"},{"name":"SSH_TOKEN_ENDPOINT","value":"'$$($(KUBECTL) -n lagoon get services lagoon-remote-ssh-portal -o jsonpath='{.status.loadBalancer.ingress[0].ip}')'"}]}]}}}}' + $$(if [ $(INSTALL_STABLE_REMOTE) = true ]; then echo 'lagoon/lagoon-remote'; else echo './charts/lagoon-remote'; fi) # The following target should only be called as a dependency of lagoon-remote # Do not install without lagoon-core # .PHONY: install-lagoon-build-deploy -install-lagoon-build-deploy: install-lagoon-remote install-bulk-storageclass +install-lagoon-build-deploy: +ifneq ($(INSTALL_STABLE_BUILDDEPLOY),true) $(HELM) dependency build ./charts/lagoon-build-deploy/ +else +ifeq (,$(subst ",,$(STABLE_BUILDDEPLOY_CHART_VERSION))) + $(eval STABLE_BUILDDEPLOY_CHART_VERSION := $(shell $(HELM) search repo lagoon/lagoon-build-deploy -o json | $(JQ) -r '.[]|.version')) +endif +endif $(HELM) upgrade \ --install \ --create-namespace \ --namespace lagoon \ --wait \ --timeout $(TIMEOUT) \ - --values ./charts/lagoon-build-deploy/ci/linter-values.yaml \ + $$([ $(INSTALL_STABLE_BUILDDEPLOY) = true ] && [ $(STABLE_BUILDDEPLOY_CHART_VERSION) ] && echo '--version=$(STABLE_BUILDDEPLOY_CHART_VERSION)') \ + $$(if [ $(INSTALL_STABLE_BUILDDEPLOY) = true ]; then echo '--values https://raw.githubusercontent.com/uselagoon/lagoon-charts/refs/tags/lagoon-build-deploy-$(STABLE_BUILDDEPLOY_CHART_VERSION)/charts/lagoon-build-deploy/ci/linter-values.yaml'; else echo '--values ./charts/lagoon-build-deploy/ci/linter-values.yaml'; fi) \ --set "rabbitMQPassword=$$($(KUBECTL) -n lagoon-core get secret lagoon-core-broker -o json | $(JQ) -r '.data.RABBITMQ_PASSWORD | @base64d')" \ --set "rabbitMQHostname=lagoon-core-broker.lagoon-core.svc" \ --set "lagoonFeatureFlagEnableQoS=true" \ @@ -379,15 +424,21 @@ install-lagoon-build-deploy: install-lagoon-remote install-bulk-storageclass --set "harbor.adminPassword=Harbor12345" \ --set "harbor.adminUser=admin" \ --set "harbor.host=https://registry.$$($(KUBECTL) -n ingress-nginx get services ingress-nginx-controller -o jsonpath='{.status.loadBalancer.ingress[0].ip}').nip.io" \ - $$([ $(OVERRIDE_BUILD_DEPLOY_DIND_IMAGE) ] && echo '--set overrideBuildDeployImage=$(OVERRIDE_BUILD_DEPLOY_DIND_IMAGE)') \ - $$([ $(OVERRIDE_BUILD_DEPLOY_CONTROLLER_IMAGETAG) ] && echo '--set image.tag=$(OVERRIDE_BUILD_DEPLOY_CONTROLLER_IMAGETAG)') \ - $$([ $(OVERRIDE_BUILD_DEPLOY_CONTROLLER_IMAGE_REPOSITORY) ] && echo '--set image.repository=$(OVERRIDE_BUILD_DEPLOY_CONTROLLER_IMAGE_REPOSITORY)') \ + $$([ $(OVERRIDE_BUILD_DEPLOY_DIND_IMAGE) ] && [ ! $(INSTALL_STABLE_BUILDDEPLOY) ] && echo '--set overrideBuildDeployImage=$(OVERRIDE_BUILD_DEPLOY_DIND_IMAGE)') \ + $$([ $(OVERRIDE_BUILD_DEPLOY_CONTROLLER_IMAGETAG) ] && [ ! $(INSTALL_STABLE_BUILDDEPLOY) ] && echo '--set image.tag=$(OVERRIDE_BUILD_DEPLOY_CONTROLLER_IMAGETAG)') \ + $$([ $(OVERRIDE_BUILD_DEPLOY_CONTROLLER_IMAGE_REPOSITORY) ] && [ ! $(INSTALL_STABLE_BUILDDEPLOY) ] && echo '--set image.repository=$(OVERRIDE_BUILD_DEPLOY_CONTROLLER_IMAGE_REPOSITORY)') \ $$([ $(BUILD_DEPLOY_CONTROLLER_ROOTLESS_BUILD_PODS) ] && echo '--set rootlessBuildPods=true') \ $$([ $(LAGOON_FEATURE_FLAG_DEFAULT_ROOTLESS_WORKLOAD) ] && echo '--set lagoonFeatureFlagDefaultRootlessWorkload=$(LAGOON_FEATURE_FLAG_DEFAULT_ROOTLESS_WORKLOAD)') \ $$([ $(LAGOON_FEATURE_FLAG_DEFAULT_ISOLATION_NETWORK_POLICY) ] && echo '--set lagoonFeatureFlagDefaultIsolationNetworkPolicy=$(LAGOON_FEATURE_FLAG_DEFAULT_ISOLATION_NETWORK_POLICY)') \ $$([ $(LAGOON_FEATURE_FLAG_DEFAULT_RWX_TO_RWO) ] && echo '--set lagoonFeatureFlagDefaultRWX2RWO=$(LAGOON_FEATURE_FLAG_DEFAULT_RWX_TO_RWO)') \ lagoon-build-deploy \ - ./charts/lagoon-build-deploy + $$(if [ $(INSTALL_STABLE_BUILDDEPLOY) = true ]; then echo 'lagoon/lagoon-build-deploy'; else echo './charts/lagoon-build-deploy'; fi) +ifeq ($(INSTALL_STABLE_BUILDDEPLOY),true) + $(HELM) show crds lagoon/lagoon-build-deploy $$([ $(STABLE_BUILDDEPLOY_CHART_VERSION) ] && echo '--version=$(STABLE_BUILDDEPLOY_CHART_VERSION)') | $(KUBECTL) apply -f - +else + $(KUBECTL) apply -f ./charts/lagoon-build-deploy/crds/crd.lagoon.sh_lagoonbuilds.yaml + $(KUBECTL) apply -f ./charts/lagoon-build-deploy/crds/crd.lagoon.sh_lagoontasks.yaml +endif # allow skipping registry install for install-lagoon-remote target ifneq ($(SKIP_INSTALL_REGISTRY),true) @@ -435,9 +486,6 @@ endif .PHONY: install-test-cluster install-test-cluster: install-ingress install-registry install-bulk-storageclass install-mariadb install-postgresql install-mongodb install-minio -.PHONY: install-lagoon -install-lagoon: install-lagoon-core install-lagoon-remote - .PHONY: get-admin-creds get-admin-creds: @echo "\nLagoon UI URL: " \