From 135980d8afb84f722ea0a15b6fb6c11ea559d7bf Mon Sep 17 00:00:00 2001 From: shreddedbacon Date: Fri, 7 Oct 2022 13:46:03 +1100 Subject: [PATCH 01/71] chore: remove old kubernetes-build-deploy serviceaccount --- charts/lagoon-remote/Chart.yaml | 2 +- charts/lagoon-remote/templates/_helpers.tpl | 39 ------------------- ...netes-build-deploy.clusterrolebinding.yaml | 14 ------- ...ubernetes-build-deploy.serviceaccount.yaml | 10 ----- charts/lagoon-remote/values.yaml | 7 ---- 5 files changed, 1 insertion(+), 71 deletions(-) delete mode 100644 charts/lagoon-remote/templates/kubernetes-build-deploy.clusterrolebinding.yaml delete mode 100644 charts/lagoon-remote/templates/kubernetes-build-deploy.serviceaccount.yaml diff --git a/charts/lagoon-remote/Chart.yaml b/charts/lagoon-remote/Chart.yaml index 21a05c8ae..e8aeec2f1 100644 --- a/charts/lagoon-remote/Chart.yaml +++ b/charts/lagoon-remote/Chart.yaml @@ -19,7 +19,7 @@ type: application # This is the chart version. This version number should be incremented each # time you make changes to the chart and its templates, including the app # version. -version: 0.63.0 +version: 1.0.0 dependencies: - name: lagoon-build-deploy diff --git a/charts/lagoon-remote/templates/_helpers.tpl b/charts/lagoon-remote/templates/_helpers.tpl index 2597b3f1a..32b7d9142 100644 --- a/charts/lagoon-remote/templates/_helpers.tpl +++ b/charts/lagoon-remote/templates/_helpers.tpl @@ -83,45 +83,6 @@ app.kubernetes.io/component: {{ include "lagoon-remote.dockerHost.fullname" . }} app.kubernetes.io/instance: {{ .Release.Name }} {{- end }} - - -{{/* -Create the name of the service account to use for kubernetesBuildDeploy. -*/}} -{{- define "lagoon-remote.kubernetesBuildDeploy.serviceAccountName" -}} -{{- default (include "lagoon-remote.kubernetesBuildDeploy.fullname" .) .Values.kubernetesBuildDeploy.serviceAccount.name }} -{{- end }} - -{{/* -Create a default fully qualified app name for kubernetesBuildDeploy. -*/}} -{{- define "lagoon-remote.kubernetesBuildDeploy.fullname" -}} -{{- include "lagoon-remote.fullname" . }}-kubernetes-build-deploy -{{- end }} - -{{/* -Common labels kubernetesBuildDeploy. -*/}} -{{- define "lagoon-remote.kubernetesBuildDeploy.labels" -}} -helm.sh/chart: {{ include "lagoon-remote.chart" . }} -{{ include "lagoon-remote.kubernetesBuildDeploy.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels kubernetesBuildDeploy. -*/}} -{{- define "lagoon-remote.kubernetesBuildDeploy.selectorLabels" -}} -app.kubernetes.io/name: {{ include "lagoon-remote.name" . }} -app.kubernetes.io/component: {{ include "lagoon-remote.kubernetesBuildDeploy.fullname" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - - - {{/* Create the name of the service account to use for sshPortal. */}} diff --git a/charts/lagoon-remote/templates/kubernetes-build-deploy.clusterrolebinding.yaml b/charts/lagoon-remote/templates/kubernetes-build-deploy.clusterrolebinding.yaml deleted file mode 100644 index a7e08f518..000000000 --- a/charts/lagoon-remote/templates/kubernetes-build-deploy.clusterrolebinding.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ include "lagoon-remote.kubernetesBuildDeploy.fullname" . }} - labels: - {{- include "lagoon-remote.kubernetesBuildDeploy.labels" . | nindent 4 }} -subjects: -- kind: ServiceAccount - name: {{ include "lagoon-remote.kubernetesBuildDeploy.serviceAccountName" . }} - namespace: {{ .Release.Namespace | quote }} -roleRef: - kind: ClusterRole - name: cluster-admin - apiGroup: rbac.authorization.k8s.io diff --git a/charts/lagoon-remote/templates/kubernetes-build-deploy.serviceaccount.yaml b/charts/lagoon-remote/templates/kubernetes-build-deploy.serviceaccount.yaml deleted file mode 100644 index 01136b72e..000000000 --- a/charts/lagoon-remote/templates/kubernetes-build-deploy.serviceaccount.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "lagoon-remote.kubernetesBuildDeploy.serviceAccountName" . }} - labels: - {{- include "lagoon-remote.kubernetesBuildDeploy.labels" . | nindent 4 }} - {{- with .Values.kubernetesBuildDeploy.serviceAccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} diff --git a/charts/lagoon-remote/values.yaml b/charts/lagoon-remote/values.yaml index f91ee04b3..2bfdaab47 100644 --- a/charts/lagoon-remote/values.yaml +++ b/charts/lagoon-remote/values.yaml @@ -103,13 +103,6 @@ dockerHost: effect: PreferNoSchedule operator: Exists -# this account is used by the legacy Lagoon kubernetes build deploy system. -kubernetesBuildDeploy: - serviceAccount: - # The name of the service account to use. - # If not set, a name is generated using the fullname template. - name: - # sshPortal is an optional service providing low-latency SSH connectivity to # Lagoon environments. sshPortal: From ac51b9a0421e9b3f343b8a5318654175dc2bf014 Mon Sep 17 00:00:00 2001 From: shreddedbacon Date: Mon, 5 Jun 2023 13:14:29 +1000 Subject: [PATCH 02/71] chore: update artifactub change --- charts/lagoon-remote/Chart.yaml | 4 ++-- charts/lagoon-remote/templates/_helpers.tpl | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/lagoon-remote/Chart.yaml b/charts/lagoon-remote/Chart.yaml index caa4be1b2..fde1dacab 100644 --- a/charts/lagoon-remote/Chart.yaml +++ b/charts/lagoon-remote/Chart.yaml @@ -44,5 +44,5 @@ dependencies: # Valid supported kinds are added, changed, deprecated, removed, fixed and security annotations: artifacthub.io/changes: | - - kind: changed - description: update lagoon-build-deploy subchart to 0.22.0 + - kind: removed + description: removed old kubernetes build deploy references diff --git a/charts/lagoon-remote/templates/_helpers.tpl b/charts/lagoon-remote/templates/_helpers.tpl index 9da7dca50..a0fd1b6f2 100644 --- a/charts/lagoon-remote/templates/_helpers.tpl +++ b/charts/lagoon-remote/templates/_helpers.tpl @@ -98,7 +98,7 @@ Create a default fully qualified app name for storageCalculator. {{- end }} {{/* -Common labels storageCalculator.` +Common labels storageCalculator. */}} {{- define "lagoon-remote.storageCalculator.labels" -}} helm.sh/chart: {{ include "lagoon-remote.chart" . }} From afd5a7a478541648e538c5667f039f7f6baf72b2 Mon Sep 17 00:00:00 2001 From: shreddedbacon Date: Fri, 28 Jul 2023 09:35:28 +1000 Subject: [PATCH 03/71] chore: modify keycloak healthcheck endpoint for newer keycloak --- charts/lagoon-core/Chart.yaml | 4 ++-- charts/lagoon-core/templates/keycloak.deployment.yaml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/lagoon-core/Chart.yaml b/charts/lagoon-core/Chart.yaml index bde851a4c..339f832dd 100644 --- a/charts/lagoon-core/Chart.yaml +++ b/charts/lagoon-core/Chart.yaml @@ -21,7 +21,7 @@ type: application # time you make changes to the chart and its templates, including the app # version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 1.35.0 +version: 1.35.1 # This is the version number of the application being deployed. This version # number should be incremented each time you make changes to the application. @@ -41,4 +41,4 @@ dependencies: annotations: artifacthub.io/changes: | - kind: changed - description: update Lagoon appVersion to v2.15.3 + description: modify keycloak liveness and readiness endpoint diff --git a/charts/lagoon-core/templates/keycloak.deployment.yaml b/charts/lagoon-core/templates/keycloak.deployment.yaml index ab2ed50c9..2eabf6e23 100644 --- a/charts/lagoon-core/templates/keycloak.deployment.yaml +++ b/charts/lagoon-core/templates/keycloak.deployment.yaml @@ -53,11 +53,11 @@ spec: containerPort: 8080 livenessProbe: httpGet: - path: / + path: /auth port: http-8080 readinessProbe: httpGet: - path: / + path: /auth port: http-8080 startupProbe: exec: From 30159cb2f1b85afad809da3e4520acc0605ba0fa Mon Sep 17 00:00:00 2001 From: shreddedbacon Date: Tue, 14 Nov 2023 12:53:31 +1100 Subject: [PATCH 04/71] chore: remove dioscuri subchart from lagoon-remote --- charts/lagoon-remote/Chart.lock | 7 ++----- charts/lagoon-remote/Chart.yaml | 10 +++------- charts/lagoon-remote/values.yaml | 5 ----- 3 files changed, 5 insertions(+), 17 deletions(-) diff --git a/charts/lagoon-remote/Chart.lock b/charts/lagoon-remote/Chart.lock index 63327a5c1..af9c068d9 100644 --- a/charts/lagoon-remote/Chart.lock +++ b/charts/lagoon-remote/Chart.lock @@ -2,14 +2,11 @@ dependencies: - name: lagoon-build-deploy repository: https://uselagoon.github.io/lagoon-charts/ version: 0.26.2 -- name: dioscuri - repository: https://amazeeio.github.io/charts/ - version: 0.4.1 - name: dbaas-operator repository: https://amazeeio.github.io/charts/ version: 0.3.0 - name: nats repository: https://nats-io.github.io/k8s/helm/charts/ version: 0.19.17 -digest: sha256:98fadf31ddfe049c50ff4554a11732ec10a9cf8a41b8e0ce1c33a37af4f81de4 -generated: "2023-11-14T10:12:08.139505+11:00" +digest: sha256:6ae37f7602dc456b2b14c3ca650896f41d77a9476c1417cb4a35cb78c5ce5ee0 +generated: "2023-11-14T12:50:14.804764286+11:00" diff --git a/charts/lagoon-remote/Chart.yaml b/charts/lagoon-remote/Chart.yaml index 4c02e8e87..082ac49d1 100644 --- a/charts/lagoon-remote/Chart.yaml +++ b/charts/lagoon-remote/Chart.yaml @@ -19,17 +19,13 @@ type: application # This is the chart version. This version number should be incremented each # time you make changes to the chart and its templates, including the app # version. -version: 0.86.1 +version: 0.87.0 dependencies: - name: lagoon-build-deploy version: ~0.26.0 repository: https://uselagoon.github.io/lagoon-charts/ condition: lagoon-build-deploy.enabled -- name: dioscuri - version: ~0.4.0 - repository: https://amazeeio.github.io/charts/ - condition: dioscuri.enabled - name: dbaas-operator version: ~0.3.0 repository: https://amazeeio.github.io/charts/ @@ -44,5 +40,5 @@ dependencies: # Valid supported kinds are added, changed, deprecated, removed, fixed and security annotations: artifacthub.io/changes: | - - kind: changed - description: update lagoon-build-deploy to v0.26.2 with updated remote-controller + - kind: removed + description: removed dioscuri subchart, activestandby is handled via a Lagoon task directly now diff --git a/charts/lagoon-remote/values.yaml b/charts/lagoon-remote/values.yaml index 7781073c5..55d3720c5 100644 --- a/charts/lagoon-remote/values.yaml +++ b/charts/lagoon-remote/values.yaml @@ -188,11 +188,6 @@ lagoon-build-deploy: # See the parent chart for the full range of values that can be passed here to control builds # https://github.com/uselagoon/lagoon-charts/blob/main/charts/lagoon-build-deploy/values.yaml -# dioscuri is the operator which implements Lagoon active-standby. -# This subchart is enabled by default as this is a core Lagoon feature. -dioscuri: - enabled: true - # dbaas-operator provisions database-as-a-service accounts for projects. # Example provider configuration can be found in the dbaas-operator values.yaml # https://github.com/amazeeio/charts/blob/main/charts/dbaas-operator/values.yaml From 5bb3d45e8d8b517b625456294280161bfc08de25 Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Tue, 14 Nov 2023 14:30:18 +1100 Subject: [PATCH 05/71] add minio settings to api-data-watcher-pusher --- Makefile | 2 +- charts/lagoon-test/Chart.yaml | 4 ++-- .../templates/local-api-data-watcher-pusher.deployment.yaml | 6 ++++++ charts/lagoon-test/values.yaml | 3 +++ 4 files changed, 12 insertions(+), 3 deletions(-) diff --git a/Makefile b/Makefile index fa677c279..27e28b75c 100644 --- a/Makefile +++ b/Makefile @@ -158,7 +158,7 @@ install-minio: install-ingress --wait \ --timeout $(TIMEOUT) \ --set auth.rootUser=lagoonFilesAccessKey,auth.rootPassword=lagoonFilesSecretKey \ - --set defaultBuckets=lagoon-files \ + --set defaultBuckets='lagoon-files\,restores' \ --version=12.8.7 \ minio \ bitnami/minio diff --git a/charts/lagoon-test/Chart.yaml b/charts/lagoon-test/Chart.yaml index 836924dfb..cc055519b 100644 --- a/charts/lagoon-test/Chart.yaml +++ b/charts/lagoon-test/Chart.yaml @@ -15,7 +15,7 @@ type: application # time you make changes to the chart and its templates, including the app # version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.52.0 +version: 0.53.0 # This is the version number of the application being deployed. This version # number should be incremented each time you make changes to the application. @@ -29,4 +29,4 @@ appVersion: v2.16.0 annotations: artifacthub.io/changes: | - kind: changed - description: require minimum Kubernetes 1.23 + description: add minio settings to api-data-watcher-pusher diff --git a/charts/lagoon-test/templates/local-api-data-watcher-pusher.deployment.yaml b/charts/lagoon-test/templates/local-api-data-watcher-pusher.deployment.yaml index eadd3040a..bede06d4d 100644 --- a/charts/lagoon-test/templates/local-api-data-watcher-pusher.deployment.yaml +++ b/charts/lagoon-test/templates/local-api-data-watcher-pusher.deployment.yaml @@ -47,6 +47,12 @@ spec: secretKeyRef: name: {{ .Values.jwtSecretSecret | quote }} key: JWTSECRET + - name: MINIO_SERVER_URL + value: {{ .Values.minioURL | quote }} + - name: MINIO_ROOT_USER + value: {{ .Values.minioUser | quote }} + - name: MINIO_ROOT_PASSWORD + value: {{ .Values.minioPass | quote }} - name: TOKEN value: {{ required "A valid .Values.token required!" .Values.token | quote }} startupProbe: diff --git a/charts/lagoon-test/values.yaml b/charts/lagoon-test/values.yaml index 0bea382ce..491084455 100644 --- a/charts/lagoon-test/values.yaml +++ b/charts/lagoon-test/values.yaml @@ -8,6 +8,9 @@ gitAuthorizedKeys: > ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDEZlms5XsiyWjmnnUyhpt93VgHypse9Bl8kNkmZJTiM3Ex/wZAfwogzqd2LrTEiIOWSH1HnQazR+Cc9oHCmMyNxRrLkS/MEl0yZ38Q+GDfn37h/llCIZNVoHlSgYkqD0MQrhfGL5AulDUKIle93dA6qdCUlnZZjDPiR0vEXR36xGuX7QYAhK30aD2SrrBruTtFGvj87IP/0OEOvUZe8dcU9G/pCoqrTzgKqJRpqs/s5xtkqLkTIyR/SzzplO21A+pCKNax6csDDq3snS8zfx6iM8MwVfh8nvBW9seax1zBvZjHAPSTsjzmZXm4z32/ujAn/RhIkZw3ZgRKrxzryttGnWJJ8OFyF31JTJgwWWuPdH53G15PC83ZbmEgSV3win51RZRVppN4uQUuaqZWG9wwk2a6P5aen1RLCSLpTkd2mAEk9PlgmJrf8vITkiU9pF9n68ENCoo556qSdxW2pxnjrzKVPSqmqO1Xg5K4LOX4/9N4n4qkLEOiqnzzJClhFif3O28RW86RPxERGdPT81UI0oDAcU5euQr8Emz+Hd+PY1115UIld3CIHib5PYL9Ee0bFUKiWpR/acSe1fHB64mCoHP7hjFepGsq7inkvg2651wUDKBshGltpNkMj6+aZedNc0/rKYyjl80nT8g8QECgOSRzpmYp0zli2HpFoLOiWw== ansible-testing jwtSecretSecret: lagoon-core-secrets keycloakURL: http://lagoon-core-keycloak:8080 +minioURL: http://minio.minio.svc:9000 +minioUser: lagoonFilesAccessKey +minioPass: lagoonFilesSecretKey routeSuffixHTTPPort: 32080 routeSuffixHTTPSPort: 32443 sshHost: lagoon-core-ssh From ab1496673e71ccd97ecf50a5d5119c5b2abc2926 Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Tue, 14 Nov 2023 14:30:18 +1100 Subject: [PATCH 06/71] add minio settings to dwp and make into a helm test job --- charts/lagoon-test/Chart.yaml | 2 +- charts/lagoon-test/templates/_helpers.tpl | 6 ++-- ...=> local-api-data-watcher-pusher.job.yaml} | 32 ++++++------------- .../templates/tests/test-connection.yaml | 3 +- .../templates/tests/test-suite.yaml | 3 +- 5 files changed, 18 insertions(+), 28 deletions(-) rename charts/lagoon-test/templates/{local-api-data-watcher-pusher.deployment.yaml => local-api-data-watcher-pusher.job.yaml} (80%) diff --git a/charts/lagoon-test/Chart.yaml b/charts/lagoon-test/Chart.yaml index cc055519b..6a1cedbc7 100644 --- a/charts/lagoon-test/Chart.yaml +++ b/charts/lagoon-test/Chart.yaml @@ -29,4 +29,4 @@ appVersion: v2.16.0 annotations: artifacthub.io/changes: | - kind: changed - description: add minio settings to api-data-watcher-pusher + description: add minio settings to api-data-watcher-pusher and make into a helm test job diff --git a/charts/lagoon-test/templates/_helpers.tpl b/charts/lagoon-test/templates/_helpers.tpl index 3fe708435..e78106957 100644 --- a/charts/lagoon-test/templates/_helpers.tpl +++ b/charts/lagoon-test/templates/_helpers.tpl @@ -92,14 +92,14 @@ app.kubernetes.io/instance: {{ .Release.Name }} {{/* -Create a default fully qualified app name for local-git. +Create a default fully qualified app name for local-api-data-watcher-pusher. */}} {{- define "lagoon-test.localAPIDataWatcherPusher.fullname" -}} {{- include "lagoon-test.fullname" . }}-local-api-data-watcher-pusher {{- end }} {{/* -Common labels local-git. +Common labels local-api-data-watcher-pusher. */}} {{- define "lagoon-test.localAPIDataWatcherPusher.labels" -}} helm.sh/chart: {{ include "lagoon-test.chart" . }} @@ -111,7 +111,7 @@ app.kubernetes.io/managed-by: {{ .Release.Service }} {{- end }} {{/* -Selector labels local-git. +Selector labels local-api-data-watcher-pusher. */}} {{- define "lagoon-test.localAPIDataWatcherPusher.selectorLabels" -}} app.kubernetes.io/name: {{ include "lagoon-test.name" . }} diff --git a/charts/lagoon-test/templates/local-api-data-watcher-pusher.deployment.yaml b/charts/lagoon-test/templates/local-api-data-watcher-pusher.job.yaml similarity index 80% rename from charts/lagoon-test/templates/local-api-data-watcher-pusher.deployment.yaml rename to charts/lagoon-test/templates/local-api-data-watcher-pusher.job.yaml index bede06d4d..2efae436c 100644 --- a/charts/lagoon-test/templates/local-api-data-watcher-pusher.deployment.yaml +++ b/charts/lagoon-test/templates/local-api-data-watcher-pusher.job.yaml @@ -1,34 +1,29 @@ -apiVersion: apps/v1 -kind: Deployment +apiVersion: batch/v1 +kind: Job metadata: name: {{ include "lagoon-test.localAPIDataWatcherPusher.fullname" . }} labels: {{- include "lagoon-test.localAPIDataWatcherPusher.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test + "helm.sh/hook-weight": "10" spec: - selector: - matchLabels: - {{- include "lagoon-test.localAPIDataWatcherPusher.selectorLabels" . | nindent 6 }} + backoffLimit: 2 template: metadata: - {{- with .Values.localAPIDataWatcherPusher.podAnnotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} labels: {{- include "lagoon-test.localAPIDataWatcherPusher.selectorLabels" . | nindent 8 }} spec: - {{- with .Values.localAPIDataWatcherPusher.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} + restartPolicy: Never securityContext: {{- toYaml .Values.localAPIDataWatcherPusher.podSecurityContext | nindent 8 }} + terminationGracePeriodSeconds: 120 containers: - name: api-data-watcher-pusher - securityContext: - {{- toYaml .Values.localAPIDataWatcherPusher.securityContext | nindent 10 }} image: "{{ .Values.localAPIDataWatcherPusher.image.repository }}:{{ coalesce .Values.localAPIDataWatcherPusher.image.tag .Values.imageTag .Chart.AppVersion }}" imagePullPolicy: {{ .Values.localAPIDataWatcherPusher.image.pullPolicy }} + securityContext: + {{- toYaml .Values.localAPIDataWatcherPusher.securityContext | nindent 10 }} env: - name: API_HOST value: {{ .Values.apiHost | quote }} @@ -55,13 +50,6 @@ spec: value: {{ .Values.minioPass | quote }} - name: TOKEN value: {{ required "A valid .Values.token required!" .Values.token | quote }} - startupProbe: - exec: - command: - - test - - -f - - /tmp/api-data-pushed - failureThreshold: 90 resources: {{- toYaml .Values.localAPIDataWatcherPusher.resources | nindent 10 }} {{- with .Values.localAPIDataWatcherPusher.nodeSelector }} diff --git a/charts/lagoon-test/templates/tests/test-connection.yaml b/charts/lagoon-test/templates/tests/test-connection.yaml index cba025e59..ddaa44b1b 100644 --- a/charts/lagoon-test/templates/tests/test-connection.yaml +++ b/charts/lagoon-test/templates/tests/test-connection.yaml @@ -5,7 +5,8 @@ metadata: labels: {{- include "lagoon-test.labels" . | nindent 4 }} annotations: - "helm.sh/hook": test-success + "helm.sh/hook": test + "helm.sh/hook-weight": "30" spec: containers: - name: nc diff --git a/charts/lagoon-test/templates/tests/test-suite.yaml b/charts/lagoon-test/templates/tests/test-suite.yaml index e83d858bd..546051bc7 100644 --- a/charts/lagoon-test/templates/tests/test-suite.yaml +++ b/charts/lagoon-test/templates/tests/test-suite.yaml @@ -6,7 +6,8 @@ metadata: labels: {{- include "lagoon-test.labels" . | nindent 4 }} annotations: - "helm.sh/hook": test-success + "helm.sh/hook": test + "helm.sh/hook-weight": "50" spec: serviceAccountName: {{ include "lagoon-test.serviceAccountName" . }} containers: From 939f6ad60186fc54b6f0155746356cede6e6a42a Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Tue, 14 Nov 2023 14:30:18 +1100 Subject: [PATCH 07/71] use testlagoon/main for test-suite --- .github/workflows/test-suite.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/test-suite.yaml b/.github/workflows/test-suite.yaml index 0e8a526ee..76a1c4ae8 100644 --- a/.github/workflows/test-suite.yaml +++ b/.github/workflows/test-suite.yaml @@ -123,8 +123,8 @@ jobs: if: | (steps.list-changed.outputs.changed == 'true') || (contains(github.event.pull_request.labels.*.name, 'needs-testing')) - # run: make -j8 -O fill-test-ci-values TESTS=[${{ matrix.test }}] IMAGE_REGISTRY=testlagoon IMAGE_TAG=main - run: make -j8 -O fill-test-ci-values TESTS=[${{ matrix.test }}] + run: make -j8 -O fill-test-ci-values TESTS=[${{ matrix.test }}] IMAGE_REGISTRY=testlagoon IMAGE_TAG=main + # run: make -j8 -O fill-test-ci-values TESTS=[${{ matrix.test }}] - name: Free up some disk space if: | From fbefeaf92400bad6d82b1681711131b88607b61b Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Tue, 21 Nov 2023 13:13:02 +1100 Subject: [PATCH 08/71] add CLEAR_API_DATA env to dwp --- Makefile | 5 ++++- charts/lagoon-test/ci/linter-values.yaml.tpl | 2 ++ .../templates/local-api-data-watcher-pusher.job.yaml | 4 ++++ charts/lagoon-test/values.yaml | 3 +++ 4 files changed, 13 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 27e28b75c..64088fcf0 100644 --- a/Makefile +++ b/Makefile @@ -41,6 +41,9 @@ SKIP_ALL_DEPS = DISABLE_CORE_HARBOR = # Set to `true` to enable the elements of lagoon-core that talk to OpenSearch installs OPENSEARCH_INTEGRATION_ENABLED = false +# Ordinarily we shouldn't need to clear the API data as it's usually a first run. Set this +# variable on a test run to clear (what's clearable) first +CLEAR_API_DATA = false TIMEOUT = 30m HELM = helm @@ -56,7 +59,7 @@ fill-test-ci-values: && export token="$$($(KUBECTL) -n lagoon create token lagoon-build-deploy --duration 3h)" \ && export $$([ $(IMAGE_TAG) ] && echo imageTag='$(IMAGE_TAG)' || echo imageTag='latest') \ && export webhookHandler="lagoon-core-webhook-handler" \ - && export tests='$(TESTS)' imageRegistry='$(IMAGE_REGISTRY)' \ + && export tests='$(TESTS)' imageRegistry='$(IMAGE_REGISTRY)' clearApiData='$(CLEAR_API_DATA)' \ && valueTemplate=charts/lagoon-test/ci/linter-values.yaml \ && envsubst < $$valueTemplate.tpl > $$valueTemplate \ && cat $$valueTemplate diff --git a/charts/lagoon-test/ci/linter-values.yaml.tpl b/charts/lagoon-test/ci/linter-values.yaml.tpl index 221725a56..d2f94f447 100644 --- a/charts/lagoon-test/ci/linter-values.yaml.tpl +++ b/charts/lagoon-test/ci/linter-values.yaml.tpl @@ -14,6 +14,8 @@ localGit: localAPIDataWatcherPusher: image: repository: ${imageRegistry}/local-api-data-watcher-pusher + additonalEnvs: + CLEAR_API_DATA: ${clearApiData} tests: image: diff --git a/charts/lagoon-test/templates/local-api-data-watcher-pusher.job.yaml b/charts/lagoon-test/templates/local-api-data-watcher-pusher.job.yaml index 2efae436c..0b35d6922 100644 --- a/charts/lagoon-test/templates/local-api-data-watcher-pusher.job.yaml +++ b/charts/lagoon-test/templates/local-api-data-watcher-pusher.job.yaml @@ -50,6 +50,10 @@ spec: value: {{ .Values.minioPass | quote }} - name: TOKEN value: {{ required "A valid .Values.token required!" .Values.token | quote }} + {{- range $key, $val := .Values.localAPIDataWatcherPusher.additionalEnvs }} + - name: {{ $key }} + value: {{ $val | quote }} + {{- end }} resources: {{- toYaml .Values.localAPIDataWatcherPusher.resources | nindent 10 }} {{- with .Values.localAPIDataWatcherPusher.nodeSelector }} diff --git a/charts/lagoon-test/values.yaml b/charts/lagoon-test/values.yaml index 491084455..1a29b857e 100644 --- a/charts/lagoon-test/values.yaml +++ b/charts/lagoon-test/values.yaml @@ -119,6 +119,9 @@ localAPIDataWatcherPusher: # Overrides the image tag whose default is the chart appVersion. tag: "" + additionalEnvs: + # CLEAR_API_DATA: true + podSecurityContext: {} securityContext: {} From 66e7268b38f24025439f2981debe503cb122c4ad Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Tue, 28 Nov 2023 09:18:07 +1100 Subject: [PATCH 09/71] remove insights-remote service if not enabled --- charts/lagoon-remote/Chart.yaml | 4 ++-- charts/lagoon-remote/templates/insights-remote.service.yaml | 2 ++ 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/charts/lagoon-remote/Chart.yaml b/charts/lagoon-remote/Chart.yaml index 4c02e8e87..da2a29c38 100644 --- a/charts/lagoon-remote/Chart.yaml +++ b/charts/lagoon-remote/Chart.yaml @@ -19,7 +19,7 @@ type: application # This is the chart version. This version number should be incremented each # time you make changes to the chart and its templates, including the app # version. -version: 0.86.1 +version: 0.87.0 dependencies: - name: lagoon-build-deploy @@ -45,4 +45,4 @@ dependencies: annotations: artifacthub.io/changes: | - kind: changed - description: update lagoon-build-deploy to v0.26.2 with updated remote-controller + description: remove insights-remote service if not enabled diff --git a/charts/lagoon-remote/templates/insights-remote.service.yaml b/charts/lagoon-remote/templates/insights-remote.service.yaml index 01f105dd3..981022e12 100644 --- a/charts/lagoon-remote/templates/insights-remote.service.yaml +++ b/charts/lagoon-remote/templates/insights-remote.service.yaml @@ -1,3 +1,4 @@ +{{- if .Values.insightsRemote.enabled -}} apiVersion: v1 kind: Service metadata: @@ -13,3 +14,4 @@ spec: name: insights-ws selector: {{- include "lagoon-remote.insightsRemote.selectorLabels" . | nindent 4 }} +{{- end }} From bf52e937293a9285e8bb4d2a0824864d779f8f32 Mon Sep 17 00:00:00 2001 From: rashed-k Date: Tue, 28 Nov 2023 09:35:08 +1100 Subject: [PATCH 10/71] fixed insightsRemote service bug --- charts/lagoon-remote/templates/insights-remote.service.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/charts/lagoon-remote/templates/insights-remote.service.yaml b/charts/lagoon-remote/templates/insights-remote.service.yaml index 01f105dd3..dac317aef 100644 --- a/charts/lagoon-remote/templates/insights-remote.service.yaml +++ b/charts/lagoon-remote/templates/insights-remote.service.yaml @@ -1,3 +1,4 @@ +{{- if .Values.insightsRemote.enabled -}} apiVersion: v1 kind: Service metadata: @@ -13,3 +14,4 @@ spec: name: insights-ws selector: {{- include "lagoon-remote.insightsRemote.selectorLabels" . | nindent 4 }} +{{- end }} \ No newline at end of file From ca39ac004a350a537a81666ab332876ca87c44b0 Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Wed, 6 Dec 2023 14:29:22 +1100 Subject: [PATCH 11/71] insights updates --- charts/lagoon-core/Chart.yaml | 4 ++++ charts/lagoon-core/values.yaml | 2 +- charts/lagoon-remote/Chart.yaml | 2 ++ charts/lagoon-remote/values.yaml | 2 +- 4 files changed, 8 insertions(+), 2 deletions(-) diff --git a/charts/lagoon-core/Chart.yaml b/charts/lagoon-core/Chart.yaml index 0db0900cf..a9e6ce47c 100644 --- a/charts/lagoon-core/Chart.yaml +++ b/charts/lagoon-core/Chart.yaml @@ -42,3 +42,7 @@ annotations: artifacthub.io/changes: | - kind: changed description: bump lagoon-opensearch-sync version to v0.7.1 + - kind: changed + description: updated to insights-handler:v0.0.2 + - kind: changed + description: pinned insights to trivy:0.48.0 diff --git a/charts/lagoon-core/values.yaml b/charts/lagoon-core/values.yaml index 25798e4fe..f37eea9a0 100644 --- a/charts/lagoon-core/values.yaml +++ b/charts/lagoon-core/values.yaml @@ -620,7 +620,7 @@ insightsHandler: enabled: false image: repository: aquasec/trivy - tag: latest + tag: 0.48.0 service: type: ClusterIP port: 4954 diff --git a/charts/lagoon-remote/Chart.yaml b/charts/lagoon-remote/Chart.yaml index 566f04395..09b9be81e 100644 --- a/charts/lagoon-remote/Chart.yaml +++ b/charts/lagoon-remote/Chart.yaml @@ -48,3 +48,5 @@ annotations: description: remove insights-remote service if not enabled - kind: removed description: removed old kubernetes build deploy references + - kind: changed + description: updated to insights-remote:v0.0.8 diff --git a/charts/lagoon-remote/values.yaml b/charts/lagoon-remote/values.yaml index 185057b6b..866f1871b 100644 --- a/charts/lagoon-remote/values.yaml +++ b/charts/lagoon-remote/values.yaml @@ -220,7 +220,7 @@ insightsRemote: repository: uselagoon/insights-remote pullPolicy: Always # Overrides the image tag whose default is the chart appVersion. - tag: "v0.0.7" + tag: "v0.0.8" imagePullSecrets: [] nameOverride: "" From 274d92c9f0a6e558ae4948130018cd96f119b985 Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Wed, 6 Dec 2023 14:31:53 +1100 Subject: [PATCH 12/71] bump chart version to 1.41.0 --- charts/lagoon-core/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/lagoon-core/Chart.yaml b/charts/lagoon-core/Chart.yaml index a9e6ce47c..b09e5fc7d 100644 --- a/charts/lagoon-core/Chart.yaml +++ b/charts/lagoon-core/Chart.yaml @@ -21,7 +21,7 @@ type: application # time you make changes to the chart and its templates, including the app # version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 1.40.0 +version: 1.41.0 # This is the version number of the application being deployed. This version # number should be incremented each time you make changes to the application. From 2eb0675acfd7f80c45819cd3c6b17a3fc96f51a7 Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Wed, 6 Dec 2023 15:52:06 +1100 Subject: [PATCH 13/71] override task and bd images --- .github/workflows/test-suite.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test-suite.yaml b/.github/workflows/test-suite.yaml index 76a1c4ae8..b91e17b45 100644 --- a/.github/workflows/test-suite.yaml +++ b/.github/workflows/test-suite.yaml @@ -123,7 +123,7 @@ jobs: if: | (steps.list-changed.outputs.changed == 'true') || (contains(github.event.pull_request.labels.*.name, 'needs-testing')) - run: make -j8 -O fill-test-ci-values TESTS=[${{ matrix.test }}] IMAGE_REGISTRY=testlagoon IMAGE_TAG=main + run: make -j8 -O fill-test-ci-values TESTS=[${{ matrix.test }}] IMAGE_REGISTRY=testlagoon IMAGE_TAG=main OVERRIDE_BUILD_DEPLOY_DIND_IMAGE=uselagoon/build-deploy-image:main OVERRIDE_ACTIVE_STANDBY_TASK_IMAGE=testlagoon/task-activestandby:main # run: make -j8 -O fill-test-ci-values TESTS=[${{ matrix.test }}] - name: Free up some disk space From 791d52022d42890065ffc5f3975bc44fe3d242dc Mon Sep 17 00:00:00 2001 From: shreddedbacon Date: Thu, 7 Dec 2023 10:58:02 +1100 Subject: [PATCH 14/71] chore: add clusterroles for tasks and builds to admin and edit --- charts/lagoon-build-deploy/Chart.yaml | 4 +-- .../templates/clusterrolebinding.yaml | 28 +++++++++++++++++++ 2 files changed, 30 insertions(+), 2 deletions(-) diff --git a/charts/lagoon-build-deploy/Chart.yaml b/charts/lagoon-build-deploy/Chart.yaml index b639ef5ec..4ce5c1603 100644 --- a/charts/lagoon-build-deploy/Chart.yaml +++ b/charts/lagoon-build-deploy/Chart.yaml @@ -16,11 +16,11 @@ kubeVersion: ">= 1.23.0-0" type: application -version: 0.26.2 +version: 0.26.3 appVersion: v0.15.4 annotations: artifacthub.io/changes: | - kind: changed - description: update remote-controller to v0.15.4 + description: added clusterroles for tasks and builds diff --git a/charts/lagoon-build-deploy/templates/clusterrolebinding.yaml b/charts/lagoon-build-deploy/templates/clusterrolebinding.yaml index 5684f5a5b..a07e45b24 100644 --- a/charts/lagoon-build-deploy/templates/clusterrolebinding.yaml +++ b/charts/lagoon-build-deploy/templates/clusterrolebinding.yaml @@ -12,3 +12,31 @@ roleRef: kind: ClusterRole name: cluster-admin apiGroup: rbac.authorization.k8s.io +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ include "lagoon-build-deploy.fullname" . }}-builds + labels: + {{- include "lagoon-build-deploy.labels" . | nindent 4 }} + # Add these permissions to the "admin" and "edit" default roles. + rbac.authorization.k8s.io/aggregate-to-admin: "true" + rbac.authorization.k8s.io/aggregate-to-edit: "true" +rules: +- apiGroups: ["crd.lagoon.sh"] + resources: ["lagoonbuilds"] + verbs: ["*"] +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ include "lagoon-build-deploy.fullname" . }}-tasks + labels: + {{- include "lagoon-build-deploy.labels" . | nindent 4 }} + # Add these permissions to the "admin" and "edit" default roles. + rbac.authorization.k8s.io/aggregate-to-admin: "true" + rbac.authorization.k8s.io/aggregate-to-edit: "true" +rules: +- apiGroups: ["crd.lagoon.sh"] + resources: ["lagoontasks"] + verbs: ["*"] From 70b1d5663def39313df79791d1431c88ca05f79b Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Fri, 8 Dec 2023 13:19:16 +1100 Subject: [PATCH 15/71] chore: update lagoon-build-deploy chart to v0.26.3 --- charts/lagoon-remote/Chart.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/lagoon-remote/Chart.lock b/charts/lagoon-remote/Chart.lock index 63327a5c1..cf4d68082 100644 --- a/charts/lagoon-remote/Chart.lock +++ b/charts/lagoon-remote/Chart.lock @@ -1,7 +1,7 @@ dependencies: - name: lagoon-build-deploy repository: https://uselagoon.github.io/lagoon-charts/ - version: 0.26.2 + version: 0.26.3 - name: dioscuri repository: https://amazeeio.github.io/charts/ version: 0.4.1 @@ -11,5 +11,5 @@ dependencies: - name: nats repository: https://nats-io.github.io/k8s/helm/charts/ version: 0.19.17 -digest: sha256:98fadf31ddfe049c50ff4554a11732ec10a9cf8a41b8e0ce1c33a37af4f81de4 -generated: "2023-11-14T10:12:08.139505+11:00" +digest: sha256:1f873430b35bd44722954a1f02699e32c5e7468a9a77a135e5df3ca3766a8ed2 +generated: "2023-12-08T13:18:21.18121865+11:00" From 21c00668c3c3259fd2b9ea16006fe999af10e82d Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Thu, 14 Dec 2023 16:43:17 +1100 Subject: [PATCH 16/71] update lagoon appVersion to v2.17.0 --- .github/workflows/test-suite.yaml | 4 ++-- charts/lagoon-core/Chart.yaml | 4 +++- charts/lagoon-remote/Chart.yaml | 2 ++ charts/lagoon-test/Chart.yaml | 4 +++- 4 files changed, 10 insertions(+), 4 deletions(-) diff --git a/.github/workflows/test-suite.yaml b/.github/workflows/test-suite.yaml index b91e17b45..b20396844 100644 --- a/.github/workflows/test-suite.yaml +++ b/.github/workflows/test-suite.yaml @@ -123,8 +123,8 @@ jobs: if: | (steps.list-changed.outputs.changed == 'true') || (contains(github.event.pull_request.labels.*.name, 'needs-testing')) - run: make -j8 -O fill-test-ci-values TESTS=[${{ matrix.test }}] IMAGE_REGISTRY=testlagoon IMAGE_TAG=main OVERRIDE_BUILD_DEPLOY_DIND_IMAGE=uselagoon/build-deploy-image:main OVERRIDE_ACTIVE_STANDBY_TASK_IMAGE=testlagoon/task-activestandby:main - # run: make -j8 -O fill-test-ci-values TESTS=[${{ matrix.test }}] + # run: make -j8 -O fill-test-ci-values TESTS=[${{ matrix.test }}] IMAGE_REGISTRY=testlagoon IMAGE_TAG=main OVERRIDE_BUILD_DEPLOY_DIND_IMAGE=uselagoon/build-deploy-image:main OVERRIDE_ACTIVE_STANDBY_TASK_IMAGE=testlagoon/task-activestandby:main + run: make -j8 -O fill-test-ci-values TESTS=[${{ matrix.test }}] - name: Free up some disk space if: | diff --git a/charts/lagoon-core/Chart.yaml b/charts/lagoon-core/Chart.yaml index b09e5fc7d..0b1d71bb3 100644 --- a/charts/lagoon-core/Chart.yaml +++ b/charts/lagoon-core/Chart.yaml @@ -27,7 +27,7 @@ version: 1.41.0 # number should be incremented each time you make changes to the application. # Versions are not expected to follow Semantic Versioning. They should reflect # the version the application is using. -appVersion: v2.16.0 +appVersion: v2.17.0 dependencies: - name: nats @@ -46,3 +46,5 @@ annotations: description: updated to insights-handler:v0.0.2 - kind: changed description: pinned insights to trivy:0.48.0 + - kind: changed + description: update lagoon appVersion to v2.17.0 diff --git a/charts/lagoon-remote/Chart.yaml b/charts/lagoon-remote/Chart.yaml index 09b9be81e..26141057e 100644 --- a/charts/lagoon-remote/Chart.yaml +++ b/charts/lagoon-remote/Chart.yaml @@ -50,3 +50,5 @@ annotations: description: removed old kubernetes build deploy references - kind: changed description: updated to insights-remote:v0.0.8 + - kind: changed + description: updated lagoon-build-deploy chart to v0.26.3 diff --git a/charts/lagoon-test/Chart.yaml b/charts/lagoon-test/Chart.yaml index 6a1cedbc7..a766f179c 100644 --- a/charts/lagoon-test/Chart.yaml +++ b/charts/lagoon-test/Chart.yaml @@ -21,7 +21,7 @@ version: 0.53.0 # number should be incremented each time you make changes to the application. # Versions are not expected to follow Semantic Versioning. They should reflect # the version the application is using. -appVersion: v2.16.0 +appVersion: v2.17.0 # This section is used to collect a changelog for artifacthub.io # It should be started afresh for each release @@ -30,3 +30,5 @@ annotations: artifacthub.io/changes: | - kind: changed description: add minio settings to api-data-watcher-pusher and make into a helm test job + - kind: changed + description: update lagoon appVersion to v2.17.0 From 258225b67a320d3b32937b8598588eda2c886b21 Mon Sep 17 00:00:00 2001 From: Scott Leggett Date: Thu, 14 Dec 2023 13:54:39 +0800 Subject: [PATCH 17/71] fix: avoid installing the registry multiple times While the fill-test-ci-values target's dependency on install-registry was correctly manipulated by the SKIP_INSTALL_REGISTRY variable, the install-lagoon-build-deploy target had a hard-coded dependency on install-registry. The result was that the registry would get installed multiple times anyway via the fill-test-ci-values target via an indirect dependency. Fix that by removing the dependency that install-lagoon-build-deploy has on install-registry when SKIP_INSTALL_REGISTRY=true. --- Makefile | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 64088fcf0..16c8ea975 100644 --- a/Makefile +++ b/Makefile @@ -261,7 +261,7 @@ install-lagoon-remote: install-lagoon-build-deploy install-lagoon-core install-m # Do not install without lagoon-core # .PHONY: install-lagoon-build-deploy -install-lagoon-build-deploy: install-lagoon-core install-registry +install-lagoon-build-deploy: install-lagoon-core $(HELM) dependency build ./charts/lagoon-build-deploy/ $(HELM) upgrade \ --install \ @@ -288,6 +288,11 @@ install-lagoon-build-deploy: install-lagoon-core install-registry lagoon-build-deploy \ ./charts/lagoon-build-deploy +# allow skipping registry install for install-lagoon-remote target +ifneq ($(SKIP_INSTALL_REGISTRY),true) +install-lagoon-build-deploy: install-registry +endif + # # The following targets facilitate local development only and aren't used in CI. # From dd6c1dad40007c067c7ff1288112e7aff0f868a0 Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Fri, 15 Dec 2023 14:34:49 +1100 Subject: [PATCH 18/71] chore: use 1.28 as default k8s --- .github/workflows/lint-test-matrix.yaml | 1 + .github/workflows/lint-test.yaml | 4 ++-- .github/workflows/test-suite.yaml | 4 ++-- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/.github/workflows/lint-test-matrix.yaml b/.github/workflows/lint-test-matrix.yaml index e5ed6588f..2171946fa 100644 --- a/.github/workflows/lint-test-matrix.yaml +++ b/.github/workflows/lint-test-matrix.yaml @@ -15,6 +15,7 @@ jobs: - v1.24.15@sha256:7db4f8bea3e14b82d12e044e25e34bd53754b7f2b0e9d56df21774e6f66a70ab - v1.25.11@sha256:227fa11ce74ea76a0474eeefb84cb75d8dad1b08638371ecf0e86259b35be0c8 - v1.26.6@sha256:6e2d8b28a5b601defe327b98bd1c2d1930b49e5d8c512e1895099e4504007adb + - v1.27.3@sha256:3966ac761ae0136263ffdb6cfd4db23ef8a83cba8a463690e98317add2c9ba72 - v1.28.0@sha256:b7a4cad12c197af3ba43202d3efe03246b3f0793f162afb40a33c923952d5b31 steps: - name: Checkout diff --git a/.github/workflows/lint-test.yaml b/.github/workflows/lint-test.yaml index a16a362cf..7a344d964 100644 --- a/.github/workflows/lint-test.yaml +++ b/.github/workflows/lint-test.yaml @@ -87,8 +87,8 @@ jobs: uses: helm/kind-action@v1.8.0 with: version: v0.20.0 - node_image: kindest/node:v1.27.3@sha256:3966ac761ae0136263ffdb6cfd4db23ef8a83cba8a463690e98317add2c9ba72 - kubectl_version: v1.27.3 + node_image: kindest/node:v1.28.0@sha256:b7a4cad12c197af3ba43202d3efe03246b3f0793f162afb40a33c923952d5b31 + kubectl_version: v1.28.0 if: | (steps.list-changed.outputs.changed == 'true') || (contains(github.event.pull_request.labels.*.name, 'needs-testing')) diff --git a/.github/workflows/test-suite.yaml b/.github/workflows/test-suite.yaml index b20396844..881bcc1ce 100644 --- a/.github/workflows/test-suite.yaml +++ b/.github/workflows/test-suite.yaml @@ -75,8 +75,8 @@ jobs: (contains(github.event.pull_request.labels.*.name, 'needs-testing')) with: version: v0.20.0 - node_image: kindest/node:v1.27.3@sha256:3966ac761ae0136263ffdb6cfd4db23ef8a83cba8a463690e98317add2c9ba72 - kubectl_version: v1.27.3 + node_image: kindest/node:v1.28.0@sha256:b7a4cad12c197af3ba43202d3efe03246b3f0793f162afb40a33c923952d5b31 + kubectl_version: v1.28.0 config: test-suite.kind-config.yaml - name: Check node IP matches kind configuration From 744a18ac4f568dea58a547d5a95dd769e8d70695 Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Fri, 15 Dec 2023 14:35:17 +1100 Subject: [PATCH 19/71] chore: add 1.29 to test-matrix --- .github/workflows/lint-test-matrix.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/lint-test-matrix.yaml b/.github/workflows/lint-test-matrix.yaml index 2171946fa..aeeb20819 100644 --- a/.github/workflows/lint-test-matrix.yaml +++ b/.github/workflows/lint-test-matrix.yaml @@ -16,7 +16,7 @@ jobs: - v1.25.11@sha256:227fa11ce74ea76a0474eeefb84cb75d8dad1b08638371ecf0e86259b35be0c8 - v1.26.6@sha256:6e2d8b28a5b601defe327b98bd1c2d1930b49e5d8c512e1895099e4504007adb - v1.27.3@sha256:3966ac761ae0136263ffdb6cfd4db23ef8a83cba8a463690e98317add2c9ba72 - - v1.28.0@sha256:b7a4cad12c197af3ba43202d3efe03246b3f0793f162afb40a33c923952d5b31 + - v1.29.0@sha256:eaa1450915475849a73a9227b8f201df25e55e268e5d619312131292e324d570 steps: - name: Checkout uses: actions/checkout@v4 From 195669ccc5780e52fb21926d35728a4ae0c9f822 Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Fri, 15 Dec 2023 15:20:06 +1100 Subject: [PATCH 20/71] force action run From 93efcafb10253d1464890d56ac36022bc4d78e46 Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Fri, 15 Dec 2023 18:48:02 +1100 Subject: [PATCH 21/71] ensure chart-testing runs on needs-testing --- .github/workflows/lint-test.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/lint-test.yaml b/.github/workflows/lint-test.yaml index 7a344d964..4b09a8e49 100644 --- a/.github/workflows/lint-test.yaml +++ b/.github/workflows/lint-test.yaml @@ -96,6 +96,11 @@ jobs: - name: Run chart-testing (install) run: ct install --config ./default.ct.yaml --helm-extra-args "--timeout 30m" + - name: Run chart-testing (needs-testing) + run: ct install --config ./default.ct.yaml --helm-extra-args "--timeout 30m" --all + if: | + (contains(github.event.pull_request.labels.*.name, 'needs-testing')) + artifacthub-changelog: runs-on: ubuntu-latest steps: From 479de771d54a4e0062ef740d015594c28dd88a16 Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Wed, 7 Feb 2024 16:50:07 +1100 Subject: [PATCH 22/71] use main branch images to test --- .github/workflows/test-suite.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/test-suite.yaml b/.github/workflows/test-suite.yaml index b20396844..b91e17b45 100644 --- a/.github/workflows/test-suite.yaml +++ b/.github/workflows/test-suite.yaml @@ -123,8 +123,8 @@ jobs: if: | (steps.list-changed.outputs.changed == 'true') || (contains(github.event.pull_request.labels.*.name, 'needs-testing')) - # run: make -j8 -O fill-test-ci-values TESTS=[${{ matrix.test }}] IMAGE_REGISTRY=testlagoon IMAGE_TAG=main OVERRIDE_BUILD_DEPLOY_DIND_IMAGE=uselagoon/build-deploy-image:main OVERRIDE_ACTIVE_STANDBY_TASK_IMAGE=testlagoon/task-activestandby:main - run: make -j8 -O fill-test-ci-values TESTS=[${{ matrix.test }}] + run: make -j8 -O fill-test-ci-values TESTS=[${{ matrix.test }}] IMAGE_REGISTRY=testlagoon IMAGE_TAG=main OVERRIDE_BUILD_DEPLOY_DIND_IMAGE=uselagoon/build-deploy-image:main OVERRIDE_ACTIVE_STANDBY_TASK_IMAGE=testlagoon/task-activestandby:main + # run: make -j8 -O fill-test-ci-values TESTS=[${{ matrix.test }}] - name: Free up some disk space if: | From 261eac63f192e39c4373db5d3cd522d636f40833 Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Wed, 7 Feb 2024 17:55:15 +1100 Subject: [PATCH 23/71] force actions run From 5ce0953c2394dc4aa8b8f12a839cc1f9671eb5fc Mon Sep 17 00:00:00 2001 From: shreddedbacon Date: Thu, 15 Feb 2024 10:06:42 +1100 Subject: [PATCH 24/71] chore: bump chart version --- charts/lagoon-remote/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/lagoon-remote/Chart.yaml b/charts/lagoon-remote/Chart.yaml index 082ac49d1..7cdf7d674 100644 --- a/charts/lagoon-remote/Chart.yaml +++ b/charts/lagoon-remote/Chart.yaml @@ -19,7 +19,7 @@ type: application # This is the chart version. This version number should be incremented each # time you make changes to the chart and its templates, including the app # version. -version: 0.87.0 +version: 0.88.0 dependencies: - name: lagoon-build-deploy From af3363743d64de1ad5e015d4c32701506f9a2602 Mon Sep 17 00:00:00 2001 From: Scott Leggett Date: Thu, 15 Feb 2024 13:34:29 +0800 Subject: [PATCH 25/71] chore: add test case for CDN service annotations --- .../tests/cdn-service-annotations.yaml | 45 +++++++++++++++++++ 1 file changed, 45 insertions(+) create mode 100644 charts/lagoon-logging/templates/tests/cdn-service-annotations.yaml diff --git a/charts/lagoon-logging/templates/tests/cdn-service-annotations.yaml b/charts/lagoon-logging/templates/tests/cdn-service-annotations.yaml new file mode 100644 index 000000000..2cdfc5533 --- /dev/null +++ b/charts/lagoon-logging/templates/tests/cdn-service-annotations.yaml @@ -0,0 +1,45 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: service-reader +rules: +- apiGroups: [""] # "" indicates the core API group + resources: ["services"] + verbs: ["get", "watch", "list"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: read-services +subjects: +- kind: Group + name: system:serviceaccounts # all serviceaccounts + apiGroup: rbac.authorization.k8s.io +roleRef: + kind: Role + name: service-reader + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: v1 +kind: Pod +metadata: + name: {{ include "lagoon-logging.logsDispatcher.fullname" . }}-test-cdn-service-annotations + labels: + {{- include "lagoon-logging.logsDispatcher.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test +spec: + containers: + - name: kubectl + image: alpine:latest + command: + - sh + args: + - "-c" + - | + set -eu + apk add --no-cache kubectl jq + kubectl get svc -o json {{ include "lagoon-logging.cdnLogsCollector.fullname" . }} | + jq -e '.metadata.annotations["sh.lagoon.chart.testKey"] == "lagoonTestValue"' + restartPolicy: Never From 35e52e1947e81300a8bc164ac079d31674982f52 Mon Sep 17 00:00:00 2001 From: Scott Leggett Date: Thu, 15 Feb 2024 13:46:50 +0800 Subject: [PATCH 26/71] chore: bump lagoon-logging chart version --- charts/lagoon-logging/Chart.yaml | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/charts/lagoon-logging/Chart.yaml b/charts/lagoon-logging/Chart.yaml index e218bd32f..b05b58eb4 100644 --- a/charts/lagoon-logging/Chart.yaml +++ b/charts/lagoon-logging/Chart.yaml @@ -19,7 +19,7 @@ type: application # time you make changes to the chart and its templates, including the app # version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.80.0 +version: 0.81.0 dependencies: - name: logging-operator @@ -32,9 +32,5 @@ dependencies: # Valid supported kinds are added, changed, deprecated, removed, fixed and security annotations: artifacthub.io/changes: | - - kind: changed - description: update uselagoon/logs-dispatcher image to v3.4.0 - kind: added - description: schedule Logging Pods also on infra nodes - - kind: added - description: ability to configure toleration/affinity on FluentD deployment + description: support for annotations on the CDN service From 6549adf97b937c2235de542279eb4aa14843a640 Mon Sep 17 00:00:00 2001 From: Scott Leggett Date: Thu, 15 Feb 2024 13:34:45 +0800 Subject: [PATCH 27/71] feat: add option to set annotations on CDN logs service --- charts/lagoon-logging/ci/linter-values.yaml | 5 ++++- .../templates/cdn-logs-collector.service.yaml | 6 +++++- charts/lagoon-logging/values.yaml | 4 +++- 3 files changed, 12 insertions(+), 3 deletions(-) diff --git a/charts/lagoon-logging/ci/linter-values.yaml b/charts/lagoon-logging/ci/linter-values.yaml index b2722e90a..68e9640e1 100644 --- a/charts/lagoon-logging/ci/linter-values.yaml +++ b/charts/lagoon-logging/ci/linter-values.yaml @@ -68,7 +68,10 @@ cdnLogsCollector: buffer: storageClassName: standard size: 1Gi - serviceType: ClusterIP + service: + type: ClusterIP + annotations: + sh.lagoon.chart.testKey: lagoonTestValue tls: caCert: |- -----BEGIN CERTIFICATE----- diff --git a/charts/lagoon-logging/templates/cdn-logs-collector.service.yaml b/charts/lagoon-logging/templates/cdn-logs-collector.service.yaml index 9daad1f51..201f5c6be 100644 --- a/charts/lagoon-logging/templates/cdn-logs-collector.service.yaml +++ b/charts/lagoon-logging/templates/cdn-logs-collector.service.yaml @@ -5,8 +5,12 @@ metadata: name: {{ include "lagoon-logging.cdnLogsCollector.fullname" . }} labels: {{- include "lagoon-logging.cdnLogsCollector.labels" . | nindent 4 }} + {{- with .Values.cdnLogsCollector.service.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} spec: - type: {{ .Values.cdnLogsCollector.serviceType }} + type: {{ .Values.cdnLogsCollector.service.type }} selector: {{- include "lagoon-logging.cdnLogsCollector.selectorLabels" . | nindent 4 }} ports: diff --git a/charts/lagoon-logging/values.yaml b/charts/lagoon-logging/values.yaml index 6616f1c06..f1045c884 100644 --- a/charts/lagoon-logging/values.yaml +++ b/charts/lagoon-logging/values.yaml @@ -144,7 +144,9 @@ cdnLogsCollector: size: 8Gi storageClassName: "" - serviceType: LoadBalancer + service: + type: LoadBalancer + annotations: {} # TLS configuration is required # These should be server certificates, and the CDN should be configured to From e6bc77f4228a10b7f60c256628e25f6cc07ab470 Mon Sep 17 00:00:00 2001 From: Scott Leggett Date: Thu, 15 Feb 2024 13:46:35 +0800 Subject: [PATCH 28/71] chore: update local linting/testing instructions in README The `ct lint` instructions had bitrotted, and the `ct install` procedure was not actually documented. --- README.md | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 9f9aeb1da..d93ba536d 100644 --- a/README.md +++ b/README.md @@ -42,7 +42,18 @@ Documentation on probes for pod startup is [here](https://kubernetes.io/docs/con ### Run chart-testing (lint) locally +```bash +docker run --rm --interactive --detach --network host --name ct "--volume=$(pwd):/workdir" "--workdir=/workdir" --volume=$(pwd)/default.ct.yaml:/etc/ct/ct.yaml quay.io/helmpack/chart-testing:latest cat +docker exec ct git config --global --add safe.directory /workdir +docker exec ct ct lint ``` -$ docker run --rm --interactive --detach --network host --name ct "--volume=$(pwd):/workdir" "--workdir=/workdir" --volume=$(pwd)/default.ct.yaml:/etc/ct/ct.yaml quay.io/helmpack/chart-testing:latest cat -$ docker exec ct ct lint + +### Run chart-testing (install) locally + +Prerequisite: install [ct](https://github.com/helm/chart-testing). + +```bash +kind create cluster -n chart-testing +ct install --charts=charts/lagoon-logging +kind delete cluster -n chart-testing ``` From 4db14258a82abfd525a0f26868e7c775af132f86 Mon Sep 17 00:00:00 2001 From: Scott Leggett Date: Wed, 21 Feb 2024 14:18:24 +0800 Subject: [PATCH 29/71] fix: add missing helm hook annotations to test objects Previously the test role and rolebinding were being installed unconditionally. With this change they are only installed when running helm test and then removed. Having the role and rolebinding installed unconditionally would mean that any serviceaccount (including the default) would be able to view service objects in the lagoon-logging namespace. This is an unnecessary elevation of privilege, but these service objects do not contain anything sensitive. --- .../templates/tests/cdn-service-annotations.yaml | 7 +++++++ charts/lagoon-logging/templates/tests/test-connection.yaml | 1 + 2 files changed, 8 insertions(+) diff --git a/charts/lagoon-logging/templates/tests/cdn-service-annotations.yaml b/charts/lagoon-logging/templates/tests/cdn-service-annotations.yaml index 2cdfc5533..b8300b5ce 100644 --- a/charts/lagoon-logging/templates/tests/cdn-service-annotations.yaml +++ b/charts/lagoon-logging/templates/tests/cdn-service-annotations.yaml @@ -3,6 +3,9 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: service-reader + annotations: + "helm.sh/hook": test + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded rules: - apiGroups: [""] # "" indicates the core API group resources: ["services"] @@ -12,6 +15,9 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: read-services + annotations: + "helm.sh/hook": test + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded subjects: - kind: Group name: system:serviceaccounts # all serviceaccounts @@ -29,6 +35,7 @@ metadata: {{- include "lagoon-logging.logsDispatcher.labels" . | nindent 4 }} annotations: "helm.sh/hook": test + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded spec: containers: - name: kubectl diff --git a/charts/lagoon-logging/templates/tests/test-connection.yaml b/charts/lagoon-logging/templates/tests/test-connection.yaml index f22e9440e..d91456f8d 100644 --- a/charts/lagoon-logging/templates/tests/test-connection.yaml +++ b/charts/lagoon-logging/templates/tests/test-connection.yaml @@ -6,6 +6,7 @@ metadata: {{- include "lagoon-logging.logsDispatcher.labels" . | nindent 4 }} annotations: "helm.sh/hook": test + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded spec: containers: - name: nc From 5bbf46c60587558e0441e6647c07550f41fa7732 Mon Sep 17 00:00:00 2001 From: Scott Leggett Date: Wed, 21 Feb 2024 14:25:07 +0800 Subject: [PATCH 30/71] chore: bump lagoon-logging chart version --- charts/lagoon-logging/Chart.yaml | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/charts/lagoon-logging/Chart.yaml b/charts/lagoon-logging/Chart.yaml index b05b58eb4..ad549cde9 100644 --- a/charts/lagoon-logging/Chart.yaml +++ b/charts/lagoon-logging/Chart.yaml @@ -19,7 +19,7 @@ type: application # time you make changes to the chart and its templates, including the app # version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.81.0 +version: 0.81.1 dependencies: - name: logging-operator @@ -31,6 +31,16 @@ dependencies: # It should be started afresh for each release # Valid supported kinds are added, changed, deprecated, removed, fixed and security annotations: + artifacthub.io/containsSecurityUpdates: "true" artifacthub.io/changes: | - - kind: added - description: support for annotations on the CDN service + - kind: security + description: > + Previously the test role and rolebinding were being installed + unconditionally. With this change they are only installed when running + helm test and then removed. + + Having the role and rolebinding installed unconditionally would mean + that any serviceaccount (including the default) would be able to view + service objects in the lagoon-logging namespace. This is an unnecessary + elevation of privilege, but these service objects do not contain + anything sensitive. From 9d53479fc452eebbf529513a5cec411f9d91a86a Mon Sep 17 00:00:00 2001 From: Scott Leggett Date: Wed, 21 Feb 2024 16:54:18 +0800 Subject: [PATCH 31/71] chore: reduce artifacthub changelog entry to one line --- charts/lagoon-logging/Chart.yaml | 11 +---------- 1 file changed, 1 insertion(+), 10 deletions(-) diff --git a/charts/lagoon-logging/Chart.yaml b/charts/lagoon-logging/Chart.yaml index ad549cde9..1072bdf34 100644 --- a/charts/lagoon-logging/Chart.yaml +++ b/charts/lagoon-logging/Chart.yaml @@ -34,13 +34,4 @@ annotations: artifacthub.io/containsSecurityUpdates: "true" artifacthub.io/changes: | - kind: security - description: > - Previously the test role and rolebinding were being installed - unconditionally. With this change they are only installed when running - helm test and then removed. - - Having the role and rolebinding installed unconditionally would mean - that any serviceaccount (including the default) would be able to view - service objects in the lagoon-logging namespace. This is an unnecessary - elevation of privilege, but these service objects do not contain - anything sensitive. + description: avoid test role and rolebinding being wrongly installed From fda8f2802da3952cc4921b17a48bcf9d5c52c440 Mon Sep 17 00:00:00 2001 From: Scott Leggett Date: Thu, 22 Feb 2024 09:48:12 +0800 Subject: [PATCH 32/71] chore: ensure test objects are installed in the correct order --- .../templates/tests/cdn-service-annotations.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/charts/lagoon-logging/templates/tests/cdn-service-annotations.yaml b/charts/lagoon-logging/templates/tests/cdn-service-annotations.yaml index b8300b5ce..9bbfa4000 100644 --- a/charts/lagoon-logging/templates/tests/cdn-service-annotations.yaml +++ b/charts/lagoon-logging/templates/tests/cdn-service-annotations.yaml @@ -6,6 +6,7 @@ metadata: annotations: "helm.sh/hook": test "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + "helm.sh/hook-weight": "-2" rules: - apiGroups: [""] # "" indicates the core API group resources: ["services"] @@ -18,6 +19,7 @@ metadata: annotations: "helm.sh/hook": test "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + "helm.sh/hook-weight": "-1" subjects: - kind: Group name: system:serviceaccounts # all serviceaccounts @@ -36,6 +38,7 @@ metadata: annotations: "helm.sh/hook": test "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + "helm.sh/hook-weight": "0" spec: containers: - name: kubectl From 4f2f2a31fbf679a3118f533078e8bafe0eaabff5 Mon Sep 17 00:00:00 2001 From: shreddedbacon Date: Thu, 15 Feb 2024 12:40:39 +1100 Subject: [PATCH 33/71] chore: update storage-calcluator and add metrics monitor --- charts/lagoon-remote/Chart.yaml | 10 +++------- charts/lagoon-remote/ci/linter-values.yaml | 2 ++ .../storage-calculator.deployment.yaml | 6 +++++- .../templates/storage-calculator.service.yaml | 17 +++++++++++++++++ .../storage-calculator.servicemonitor.yaml | 18 ++++++++++++++++++ charts/lagoon-remote/values.yaml | 10 +++++++++- 6 files changed, 54 insertions(+), 9 deletions(-) create mode 100644 charts/lagoon-remote/templates/storage-calculator.service.yaml create mode 100644 charts/lagoon-remote/templates/storage-calculator.servicemonitor.yaml diff --git a/charts/lagoon-remote/Chart.yaml b/charts/lagoon-remote/Chart.yaml index 26141057e..e69c70bbf 100644 --- a/charts/lagoon-remote/Chart.yaml +++ b/charts/lagoon-remote/Chart.yaml @@ -19,7 +19,7 @@ type: application # This is the chart version. This version number should be incremented each # time you make changes to the chart and its templates, including the app # version. -version: 0.87.0 +version: 0.88.0 dependencies: - name: lagoon-build-deploy @@ -45,10 +45,6 @@ dependencies: annotations: artifacthub.io/changes: | - kind: changed - description: remove insights-remote service if not enabled - - kind: removed - description: removed old kubernetes build deploy references + description: update storage-calculator to v0.5.1 - kind: changed - description: updated to insights-remote:v0.0.8 - - kind: changed - description: updated lagoon-build-deploy chart to v0.26.3 + description: added metrics to storage-calculator diff --git a/charts/lagoon-remote/ci/linter-values.yaml b/charts/lagoon-remote/ci/linter-values.yaml index 9c7e7d9d3..fcb911714 100644 --- a/charts/lagoon-remote/ci/linter-values.yaml +++ b/charts/lagoon-remote/ci/linter-values.yaml @@ -98,3 +98,5 @@ sshPortal: storageCalculator: enabled: true + serviceMonitor: + enabled: false diff --git a/charts/lagoon-remote/templates/storage-calculator.deployment.yaml b/charts/lagoon-remote/templates/storage-calculator.deployment.yaml index f4cc3ecf9..49dcd6dfb 100644 --- a/charts/lagoon-remote/templates/storage-calculator.deployment.yaml +++ b/charts/lagoon-remote/templates/storage-calculator.deployment.yaml @@ -35,10 +35,14 @@ spec: command: - /manager args: - - "--metrics-bind-address=127.0.0.1:8080" + - "--metrics-bind-address=0.0.0.0:8080" + - "--prometheus-metrics=true" {{- with .Values.storageCalculator.extraArgs }} {{- toYaml . | nindent 8 }} {{- end }} + ports: + - name: metrics + containerPort: 8080 env: {{- range $name, $value := .Values.storageCalculator.extraEnvs }} - name: {{ .name }} diff --git a/charts/lagoon-remote/templates/storage-calculator.service.yaml b/charts/lagoon-remote/templates/storage-calculator.service.yaml new file mode 100644 index 000000000..8a73bfdf9 --- /dev/null +++ b/charts/lagoon-remote/templates/storage-calculator.service.yaml @@ -0,0 +1,17 @@ +{{- if .Values.storageCalculator.enabled -}} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "lagoon-remote.storageCalculator.fullname" . }}-metrics + labels: + metrics-only: "true" + {{- include "lagoon-remote.storageCalculator.labels" . | nindent 4 }} +spec: + type: {{ .Values.storageCalculator.metricsService.type }} + ports: + - port: {{ .Values.storageCalculator.metricsService.ports.metrics }} + targetPort: metrics + name: metrics + selector: + {{- include "lagoon-remote.storageCalculator.selectorLabels" . | nindent 4 }} +{{- end }} diff --git a/charts/lagoon-remote/templates/storage-calculator.servicemonitor.yaml b/charts/lagoon-remote/templates/storage-calculator.servicemonitor.yaml new file mode 100644 index 000000000..fc339b513 --- /dev/null +++ b/charts/lagoon-remote/templates/storage-calculator.servicemonitor.yaml @@ -0,0 +1,18 @@ +{{- if and .Values.storageCalculator.enabled .Values.storageCalculator.serviceMonitor.enabled -}} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "lagoon-remote.storageCalculator.fullname" . }} + labels: + {{- include "lagoon-remote.storageCalculator.labels" . | nindent 4 }} +spec: + endpoints: + - port: metrics + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + selector: + matchLabels: + metrics-only: "true" + {{- include "lagoon-remote.storageCalculator.selectorLabels" . | nindent 6 }} +{{- end }} diff --git a/charts/lagoon-remote/values.yaml b/charts/lagoon-remote/values.yaml index 866f1871b..e301cb5e0 100644 --- a/charts/lagoon-remote/values.yaml +++ b/charts/lagoon-remote/values.yaml @@ -362,8 +362,16 @@ storageCalculator: # template name: + metricsService: + type: ClusterIP + ports: + metrics: 9912 + + serviceMonitor: + enabled: true + image: repository: uselagoon/remote-calculator pullPolicy: IfNotPresent # Overrides the image tag whose default is the chart appVersion. - tag: v0.2.3 + tag: v0.5.1 From c2ad08a5e44a1c1426d959cae75dc005baf5aa0a Mon Sep 17 00:00:00 2001 From: shreddedbacon Date: Fri, 23 Feb 2024 15:14:51 +1100 Subject: [PATCH 34/71] chore: add legacy registry passthrough support --- charts/lagoon-build-deploy/Chart.yaml | 6 +++--- charts/lagoon-build-deploy/templates/deployment.yaml | 3 +++ charts/lagoon-build-deploy/values.yaml | 4 ++++ 3 files changed, 10 insertions(+), 3 deletions(-) diff --git a/charts/lagoon-build-deploy/Chart.yaml b/charts/lagoon-build-deploy/Chart.yaml index 4ce5c1603..53b8caad2 100644 --- a/charts/lagoon-build-deploy/Chart.yaml +++ b/charts/lagoon-build-deploy/Chart.yaml @@ -16,11 +16,11 @@ kubeVersion: ">= 1.23.0-0" type: application -version: 0.26.3 +version: 0.26.4 -appVersion: v0.15.4 +appVersion: v0.15.5 annotations: artifacthub.io/changes: | - kind: changed - description: added clusterroles for tasks and builds + description: added legacy registry passthrough support diff --git a/charts/lagoon-build-deploy/templates/deployment.yaml b/charts/lagoon-build-deploy/templates/deployment.yaml index 75d678e66..2f6cd49dc 100644 --- a/charts/lagoon-build-deploy/templates/deployment.yaml +++ b/charts/lagoon-build-deploy/templates/deployment.yaml @@ -167,6 +167,9 @@ spec: {{- with .Values.timeoutForLongRunningTaskPods }} - "--timeout-longrunning-task-pod-cleanup={{ . }}" {{- end }} + {{- with .Values.unauthenticatedRegistry }} + - "--unauthenticated-registry={{ . }}" + {{- end }} {{- with .Values.extraArgs }} {{- toYaml . | nindent 8 }} {{- end }} diff --git a/charts/lagoon-build-deploy/values.yaml b/charts/lagoon-build-deploy/values.yaml index ed1d28712..742b34e29 100644 --- a/charts/lagoon-build-deploy/values.yaml +++ b/charts/lagoon-build-deploy/values.yaml @@ -6,6 +6,10 @@ rabbitMQHostname: "" rabbitMQPassword: "" rabbitMQUsername: "" +# This is here due to the removal of the passthrough from core https://github.com/uselagoon/lagoon/pull/3659 +# if you leveraged this value in your core, you should ensure you update your remotes with this value to reflect what you previously had provided in core +# unauthenticatedRegistry: registry.lagoon.svc:5000 + # NOTE!! lagoon api/host/port values if left empty fall back to the task api/host/port values # taskSSHHost/lagoonTokenHost is the hostname for the lagoon token service # taskSSHHost will be deprecated in favor of lagoonTokenHost From 489381212bcc54743c90e77136c91a577e9da407 Mon Sep 17 00:00:00 2001 From: shreddedbacon Date: Fri, 23 Feb 2024 15:18:29 +1100 Subject: [PATCH 35/71] chore: remove legacy registry passthrough from core --- charts/lagoon-core/Chart.yaml | 10 ++-------- charts/lagoon-core/ci/linter-values.yaml | 1 - charts/lagoon-core/templates/api.deployment.yaml | 2 -- .../templates/webhooks2tasks.deployment.yaml | 2 -- charts/lagoon-core/values.yaml | 1 - 5 files changed, 2 insertions(+), 14 deletions(-) diff --git a/charts/lagoon-core/Chart.yaml b/charts/lagoon-core/Chart.yaml index 0b1d71bb3..8c149371c 100644 --- a/charts/lagoon-core/Chart.yaml +++ b/charts/lagoon-core/Chart.yaml @@ -21,7 +21,7 @@ type: application # time you make changes to the chart and its templates, including the app # version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 1.41.0 +version: 1.41.1 # This is the version number of the application being deployed. This version # number should be incremented each time you make changes to the application. @@ -41,10 +41,4 @@ dependencies: annotations: artifacthub.io/changes: | - kind: changed - description: bump lagoon-opensearch-sync version to v0.7.1 - - kind: changed - description: updated to insights-handler:v0.0.2 - - kind: changed - description: pinned insights to trivy:0.48.0 - - kind: changed - description: update lagoon appVersion to v2.17.0 + description: remove unused legacy registry setting from core diff --git a/charts/lagoon-core/ci/linter-values.yaml b/charts/lagoon-core/ci/linter-values.yaml index 610c1ce0d..5278a7eb5 100644 --- a/charts/lagoon-core/ci/linter-values.yaml +++ b/charts/lagoon-core/ci/linter-values.yaml @@ -3,7 +3,6 @@ # To be deprecated - see uselagoon/lagoon#2907 harborURL: http://disabled-only-use-harbor-via-deploy-controller.invalid harborAdminPassword: not-needed -registry: disabled-only-use-harbor-via-deploy-controller.invalid # used in api elasticsearchURL: http://opendistro-es-client-service.opendistro-es.svc.cluster.local:9200 diff --git a/charts/lagoon-core/templates/api.deployment.yaml b/charts/lagoon-core/templates/api.deployment.yaml index 5f469bf6d..482721db1 100644 --- a/charts/lagoon-core/templates/api.deployment.yaml +++ b/charts/lagoon-core/templates/api.deployment.yaml @@ -126,8 +126,6 @@ spec: key: RABBITMQ_USERNAME - name: REDIS_HOST value: {{ include "lagoon-core.apiRedis.fullname" . }} - - name: REGISTRY - value: {{ required "A valid .Values.registry required!" .Values.registry | quote }} - name: S3_FILES_BUCKET value: {{ required "A valid .Values.s3FilesBucket required!" .Values.s3FilesBucket | quote }} - name: S3_FILES_HOST diff --git a/charts/lagoon-core/templates/webhooks2tasks.deployment.yaml b/charts/lagoon-core/templates/webhooks2tasks.deployment.yaml index 9efabf37b..d9ee07a5d 100644 --- a/charts/lagoon-core/templates/webhooks2tasks.deployment.yaml +++ b/charts/lagoon-core/templates/webhooks2tasks.deployment.yaml @@ -94,8 +94,6 @@ spec: secretKeyRef: name: {{ include "lagoon-core.broker.fullname" . }} key: RABBITMQ_USERNAME - - name: REGISTRY - value: {{ required "A valid .Values.registry required!" .Values.registry | quote }} {{- range $key, $val := .Values.webhooks2tasks.additionalEnvs }} - name: {{ $key }} value: {{ $val | quote }} diff --git a/charts/lagoon-core/values.yaml b/charts/lagoon-core/values.yaml index f37eea9a0..9b1b167db 100644 --- a/charts/lagoon-core/values.yaml +++ b/charts/lagoon-core/values.yaml @@ -4,7 +4,6 @@ # elasticsearchURL: # harborURL: # kibanaURL: -# registry: # s3BAASSecretAccessKey: # s3BAASAccessKeyID: # s3FilesAccessKeyID: From 6a972118742bef11294be743ad0762445fb06353 Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Fri, 23 Feb 2024 16:53:51 +1100 Subject: [PATCH 36/71] update actions and build dependencies --- .github/workflows/lint-test-matrix.yaml | 18 +++++++++--------- .github/workflows/lint-test.yaml | 10 +++++----- .github/workflows/release.yaml | 9 +-------- .github/workflows/test-suite.yaml | 12 ++++++------ Makefile | 6 +++--- 5 files changed, 24 insertions(+), 31 deletions(-) diff --git a/.github/workflows/lint-test-matrix.yaml b/.github/workflows/lint-test-matrix.yaml index aeeb20819..7e63c08ab 100644 --- a/.github/workflows/lint-test-matrix.yaml +++ b/.github/workflows/lint-test-matrix.yaml @@ -11,12 +11,12 @@ jobs: fail-fast: false matrix: kindest_node_version: - - v1.23.17@sha256:59c989ff8a517a93127d4a536e7014d28e235fb3529d9fba91b3951d461edfdb - - v1.24.15@sha256:7db4f8bea3e14b82d12e044e25e34bd53754b7f2b0e9d56df21774e6f66a70ab - - v1.25.11@sha256:227fa11ce74ea76a0474eeefb84cb75d8dad1b08638371ecf0e86259b35be0c8 - - v1.26.6@sha256:6e2d8b28a5b601defe327b98bd1c2d1930b49e5d8c512e1895099e4504007adb - - v1.27.3@sha256:3966ac761ae0136263ffdb6cfd4db23ef8a83cba8a463690e98317add2c9ba72 - - v1.29.0@sha256:eaa1450915475849a73a9227b8f201df25e55e268e5d619312131292e324d570 + - v1.23.17@sha256:14d0a9a892b943866d7e6be119a06871291c517d279aedb816a4b4bc0ec0a5b3 + - v1.24.17@sha256:bad10f9b98d54586cba05a7eaa1b61c6b90bfc4ee174fdc43a7b75ca75c95e51 + - v1.25.16@sha256:e8b50f8e06b44bb65a93678a65a26248fae585b3d3c2a669e5ca6c90c69dc519 + - v1.26.14@sha256:5d548739ddef37b9318c70cb977f57bf3e5015e4552be4e27e57280a8cbb8e4f + - v1.27.11@sha256:681253009e68069b8e01aad36a1e0fa8cf18bb0ab3e5c4069b2e65cafdd70843 + - v1.29.2@sha256:51a1434a5397193442f0be2a297b488b6c919ce8a3931be0ce822606ea5ca245 steps: - name: Checkout uses: actions/checkout@v4 @@ -27,7 +27,7 @@ jobs: run: sudo apt-get -y install python3-wheel - name: Set up chart-testing - uses: helm/chart-testing-action@v2.6.0 + uses: helm/chart-testing-action@v2.6.1 - name: Run chart-testing (list-changed) id: list-changed @@ -42,9 +42,9 @@ jobs: run: ct lint --config ./default.ct.yaml - name: Create kind cluster - uses: helm/kind-action@v1.8.0 + uses: helm/kind-action@v1.9.0 with: - version: v0.20.0 + version: v0.22.0 node_image: kindest/node:${{ matrix.kindest_node_version }} if: | (steps.list-changed.outputs.changed == 'true') || diff --git a/.github/workflows/lint-test.yaml b/.github/workflows/lint-test.yaml index 4b09a8e49..76d6e3831 100644 --- a/.github/workflows/lint-test.yaml +++ b/.github/workflows/lint-test.yaml @@ -69,7 +69,7 @@ jobs: run: sudo apt-get -y install python3-wheel - name: Set up chart-testing - uses: helm/chart-testing-action@v2.6.0 + uses: helm/chart-testing-action@v2.6.1 - name: Run chart-testing (list-changed) id: list-changed @@ -84,11 +84,11 @@ jobs: run: ct lint --config ./default.ct.yaml - name: Create kind cluster - uses: helm/kind-action@v1.8.0 + uses: helm/kind-action@v1.9.0 with: - version: v0.20.0 - node_image: kindest/node:v1.28.0@sha256:b7a4cad12c197af3ba43202d3efe03246b3f0793f162afb40a33c923952d5b31 - kubectl_version: v1.28.0 + version: v0.22.0 + node_image: kindest/node:v1.28.7@sha256:9bc6c451a289cf96ad0bbaf33d416901de6fd632415b076ab05f5fa7e4f65c58 + kubectl_version: v1.28.7 if: | (steps.list-changed.outputs.changed == 'true') || (contains(github.event.pull_request.labels.*.name, 'needs-testing')) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 522bb8ac2..b03949dcb 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -19,13 +19,6 @@ jobs: git config user.name "$GITHUB_ACTOR" git config user.email "$GITHUB_ACTOR@users.noreply.github.com" - # See https://github.com/helm/chart-releaser-action/issues/6 - - name: Install Helm - run: | - curl -fsSLo get_helm.sh https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 - chmod 700 get_helm.sh - ./get_helm.sh - - name: Add dependency chart repos run: | helm repo add banzaicloud-stable https://kubernetes-charts.banzaicloud.com @@ -35,6 +28,6 @@ jobs: helm repo add kube-logging https://kube-logging.github.io/helm-charts - name: Run chart-releaser - uses: helm/chart-releaser-action@v1.5.0 + uses: helm/chart-releaser-action@v1.6.0 env: CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" diff --git a/.github/workflows/test-suite.yaml b/.github/workflows/test-suite.yaml index a500058b7..69cbea3ce 100644 --- a/.github/workflows/test-suite.yaml +++ b/.github/workflows/test-suite.yaml @@ -5,7 +5,7 @@ on: pull_request jobs: # runs for lagoon-core, lagoon-remote, lagoon-test test-suite: - runs-on: ubuntu-20.04 + runs-on: ubuntu-latest strategy: fail-fast: false matrix: @@ -48,7 +48,7 @@ jobs: run: sudo apt-get -y install python3-wheel - name: Set up chart-testing - uses: helm/chart-testing-action@v2.6.0 + uses: helm/chart-testing-action@v2.6.1 - name: Run chart-testing (list-changed) id: list-changed @@ -69,14 +69,14 @@ jobs: envsubst < test-suite.kind-config.yaml.tpl > test-suite.kind-config.yaml - name: Create kind cluster - uses: helm/kind-action@v1.8.0 + uses: helm/kind-action@v1.9.0 if: | (steps.list-changed.outputs.changed == 'true') || (contains(github.event.pull_request.labels.*.name, 'needs-testing')) with: - version: v0.20.0 - node_image: kindest/node:v1.28.0@sha256:b7a4cad12c197af3ba43202d3efe03246b3f0793f162afb40a33c923952d5b31 - kubectl_version: v1.28.0 + version: v0.22.0 + node_image: kindest/node:v1.28.7@sha256:9bc6c451a289cf96ad0bbaf33d416901de6fd632415b076ab05f5fa7e4f65c58 + kubectl_version: v1.28.7 config: test-suite.kind-config.yaml - name: Check node IP matches kind configuration diff --git a/Makefile b/Makefile index 16c8ea975..8cb1713e5 100644 --- a/Makefile +++ b/Makefile @@ -86,7 +86,7 @@ install-ingress: --set controller.config.hsts="false" \ --set controller.watchIngressWithoutClass=true \ --set controller.ingressClassResource.default=true \ - --version=4.7.2 \ + --version=4.9.1 \ ingress-nginx \ ingress-nginx/ingress-nginx @@ -106,7 +106,7 @@ install-registry: install-ingress --set clair.enabled=false \ --set notary.enabled=false \ --set trivy.enabled=false \ - --version=1.13.0 \ + --version=1.14.0 \ registry \ harbor/harbor @@ -162,7 +162,7 @@ install-minio: install-ingress --timeout $(TIMEOUT) \ --set auth.rootUser=lagoonFilesAccessKey,auth.rootPassword=lagoonFilesSecretKey \ --set defaultBuckets='lagoon-files\,restores' \ - --version=12.8.7 \ + --version=13.6.2 \ minio \ bitnami/minio From b1a008c762d6cea9ba2fa698ab0c41f1c3ac2e0f Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Fri, 23 Feb 2024 17:40:13 +1100 Subject: [PATCH 37/71] use ingress-nginx 4.7.5 to allow server-snippets --- Makefile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 8cb1713e5..792783398 100644 --- a/Makefile +++ b/Makefile @@ -73,6 +73,7 @@ endif .PHONY: install-ingress install-ingress: + # Using 4.7.x because server snippets https://github.com/kubernetes/ingress-nginx/issues/10543 $(HELM) upgrade \ --install \ --create-namespace \ @@ -86,7 +87,7 @@ install-ingress: --set controller.config.hsts="false" \ --set controller.watchIngressWithoutClass=true \ --set controller.ingressClassResource.default=true \ - --version=4.9.1 \ + --version=4.7.5 \ ingress-nginx \ ingress-nginx/ingress-nginx From a8ea19e301cb83ec0726a3ab6143ccdabb5474c4 Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Mon, 26 Feb 2024 16:16:45 +1100 Subject: [PATCH 38/71] chore: upgrade ingress-nginx and allowSnippetAnnotations --- Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index 792783398..45f64657e 100644 --- a/Makefile +++ b/Makefile @@ -73,13 +73,13 @@ endif .PHONY: install-ingress install-ingress: - # Using 4.7.x because server snippets https://github.com/kubernetes/ingress-nginx/issues/10543 $(HELM) upgrade \ --install \ --create-namespace \ --namespace ingress-nginx \ --wait \ --timeout $(TIMEOUT) \ + --set controller.allowSnippetAnnotations=true \ --set controller.service.type=NodePort \ --set controller.service.nodePorts.http=32080 \ --set controller.service.nodePorts.https=32443 \ @@ -87,7 +87,7 @@ install-ingress: --set controller.config.hsts="false" \ --set controller.watchIngressWithoutClass=true \ --set controller.ingressClassResource.default=true \ - --version=4.7.5 \ + --version=4.9.1 \ ingress-nginx \ ingress-nginx/ingress-nginx From 898f50c2a48ab5fc58af1f514e654fac03319d24 Mon Sep 17 00:00:00 2001 From: Scott Leggett Date: Fri, 23 Feb 2024 22:07:16 +0800 Subject: [PATCH 39/71] feat: add support for logs access via SSH --- .../templates/ssh-portal.clusterrole.yaml | 15 +++++++++++++++ .../templates/ssh-portal.deployment.yaml | 4 ++++ charts/lagoon-remote/values.yaml | 6 +++++- 3 files changed, 24 insertions(+), 1 deletion(-) diff --git a/charts/lagoon-remote/templates/ssh-portal.clusterrole.yaml b/charts/lagoon-remote/templates/ssh-portal.clusterrole.yaml index f3070b64d..276d53782 100644 --- a/charts/lagoon-remote/templates/ssh-portal.clusterrole.yaml +++ b/charts/lagoon-remote/templates/ssh-portal.clusterrole.yaml @@ -42,4 +42,19 @@ rules: - pods/exec verbs: - create +{{- if .Values.sshPortal.logAccessEnabled }} +# k8s.Logs +- apiGroups: + - "" + resources: + - pods/log + verbs: + - get +- apiGroups: + - "" + resources: + - pods + verbs: + - watch +{{- end }} {{- end }} diff --git a/charts/lagoon-remote/templates/ssh-portal.deployment.yaml b/charts/lagoon-remote/templates/ssh-portal.deployment.yaml index 4caa2e455..3b49dfecf 100644 --- a/charts/lagoon-remote/templates/ssh-portal.deployment.yaml +++ b/charts/lagoon-remote/templates/ssh-portal.deployment.yaml @@ -37,6 +37,10 @@ spec: - name: DEBUG value: "true" {{- end }} + {{- if .Values.sshPortal.logAccessEnabled }} + - name: LOG_ACCESS_ENABLED + value: "true" + {{- end }} - name: NATS_URL value: nats://{{ include "lagoon-remote.fullname" . }}-nats {{- range $key, $val := .Values.sshPortal.additionalEnvs }} diff --git a/charts/lagoon-remote/values.yaml b/charts/lagoon-remote/values.yaml index 866f1871b..afa4123db 100644 --- a/charts/lagoon-remote/values.yaml +++ b/charts/lagoon-remote/values.yaml @@ -126,7 +126,7 @@ sshPortal: repository: ghcr.io/uselagoon/lagoon-ssh-portal/ssh-portal pullPolicy: IfNotPresent # Overrides the image tag whose default is the chart appVersion. - tag: "v0.30.1" + tag: "v0.34.0" service: type: LoadBalancer @@ -163,6 +163,10 @@ sshPortal: ed25519: "" rsa: "" + # Log access via SSH is disabled by default. + # Uncomment this line to enable log access via SSH. + # logAccessEnabled: true + # This subchart is disabled by default until this build-deploy type is in # widespread use. lagoon-build-deploy: From f0341ae7dc28b04c06515509500f2714d6c1697e Mon Sep 17 00:00:00 2001 From: Scott Leggett Date: Fri, 23 Feb 2024 22:07:51 +0800 Subject: [PATCH 40/71] chore: bump lagoon-remote chart version --- charts/lagoon-remote/Chart.yaml | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/charts/lagoon-remote/Chart.yaml b/charts/lagoon-remote/Chart.yaml index 26141057e..ad732f939 100644 --- a/charts/lagoon-remote/Chart.yaml +++ b/charts/lagoon-remote/Chart.yaml @@ -19,7 +19,7 @@ type: application # This is the chart version. This version number should be incremented each # time you make changes to the chart and its templates, including the app # version. -version: 0.87.0 +version: 0.88.0 dependencies: - name: lagoon-build-deploy @@ -45,10 +45,6 @@ dependencies: annotations: artifacthub.io/changes: | - kind: changed - description: remove insights-remote service if not enabled - - kind: removed - description: removed old kubernetes build deploy references - - kind: changed - description: updated to insights-remote:v0.0.8 - - kind: changed - description: updated lagoon-build-deploy chart to v0.26.3 + description: update ssh-portal to v0.34.0 + - kind: added + description: add support for logs access via SSH From 36079e8ceef22632db2516a2df3fc6d1a7fef1d2 Mon Sep 17 00:00:00 2001 From: Scott Leggett Date: Fri, 23 Feb 2024 22:09:15 +0800 Subject: [PATCH 41/71] chore: enable log access in ci values --- charts/lagoon-remote/ci/linter-values.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/charts/lagoon-remote/ci/linter-values.yaml b/charts/lagoon-remote/ci/linter-values.yaml index 9c7e7d9d3..b377b7b4e 100644 --- a/charts/lagoon-remote/ci/linter-values.yaml +++ b/charts/lagoon-remote/ci/linter-values.yaml @@ -96,5 +96,7 @@ sshPortal: 6lnrpkhPYdpdKnF3PCEyAAAAAAECAwQF -----END OPENSSH PRIVATE KEY----- + logAccessEnabled: true + storageCalculator: enabled: true From 3120b26b57d35cb0e1ab9a39e42ce6963347caff Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Wed, 28 Feb 2024 10:43:04 +1100 Subject: [PATCH 42/71] chore: update storage-calculator to v0.5.2 --- charts/lagoon-remote/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/lagoon-remote/values.yaml b/charts/lagoon-remote/values.yaml index 0c0399469..cd747e329 100644 --- a/charts/lagoon-remote/values.yaml +++ b/charts/lagoon-remote/values.yaml @@ -369,4 +369,4 @@ storageCalculator: repository: uselagoon/remote-calculator pullPolicy: IfNotPresent # Overrides the image tag whose default is the chart appVersion. - tag: v0.5.1 + tag: v0.5.2 From 90dca494d0a654c3a53ab8c87c963156174b4c98 Mon Sep 17 00:00:00 2001 From: Blaize M Kaye Date: Tue, 5 Mar 2024 07:46:22 +1100 Subject: [PATCH 43/71] Updates insights handler and remote versions --- charts/lagoon-core/values.yaml | 2 +- charts/lagoon-remote/values.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/lagoon-core/values.yaml b/charts/lagoon-core/values.yaml index 9b1b167db..c1a75219d 100644 --- a/charts/lagoon-core/values.yaml +++ b/charts/lagoon-core/values.yaml @@ -595,7 +595,7 @@ insightsHandler: repository: uselagoon/insights-handler pullPolicy: Always # Overrides the image tag whose default is the chart appVersion. - tag: main + tag: "v0.0.4" podAnnotations: {} diff --git a/charts/lagoon-remote/values.yaml b/charts/lagoon-remote/values.yaml index cd747e329..ce97adbf8 100644 --- a/charts/lagoon-remote/values.yaml +++ b/charts/lagoon-remote/values.yaml @@ -215,7 +215,7 @@ insightsRemote: repository: uselagoon/insights-remote pullPolicy: Always # Overrides the image tag whose default is the chart appVersion. - tag: "v0.0.8" + tag: "v0.0.9" imagePullSecrets: [] nameOverride: "" From 5da09faae905c8ef13a5b4a372acd87b787a255d Mon Sep 17 00:00:00 2001 From: Blaize M Kaye Date: Tue, 5 Mar 2024 07:47:29 +1100 Subject: [PATCH 44/71] Adds artifacthub changelog --- charts/lagoon-core/Chart.yaml | 2 ++ charts/lagoon-remote/Chart.yaml | 4 +++- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/charts/lagoon-core/Chart.yaml b/charts/lagoon-core/Chart.yaml index 84795f4da..29ebb0a6b 100644 --- a/charts/lagoon-core/Chart.yaml +++ b/charts/lagoon-core/Chart.yaml @@ -44,3 +44,5 @@ annotations: description: remove unused legacy registry setting from core - kind: changed description: modify keycloak liveness and readiness endpoint + - kind: changed + description: updated insights-handler to v0.0.4 diff --git a/charts/lagoon-remote/Chart.yaml b/charts/lagoon-remote/Chart.yaml index 470526647..7b2b3eeb2 100644 --- a/charts/lagoon-remote/Chart.yaml +++ b/charts/lagoon-remote/Chart.yaml @@ -41,8 +41,10 @@ dependencies: annotations: artifacthub.io/changes: | - kind: changed - description: update storage-calculator to v0.5.1 + description: update storage-calculator to v0.5.2 - kind: changed description: added metrics to storage-calculator - kind: removed description: removed dioscuri subchart, activestandby is handled via a Lagoon task directly now + - kind: changed + description: updated insights-remote version to v0.0.9 From 5ea4cdf4e58e1bd74bc1f2562428bb558b3576cc Mon Sep 17 00:00:00 2001 From: shreddedbacon Date: Tue, 12 Mar 2024 08:04:13 +1100 Subject: [PATCH 45/71] chore: add migration init container --- charts/lagoon-core/templates/api.deployment.yaml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/charts/lagoon-core/templates/api.deployment.yaml b/charts/lagoon-core/templates/api.deployment.yaml index 482721db1..6ae9bb807 100644 --- a/charts/lagoon-core/templates/api.deployment.yaml +++ b/charts/lagoon-core/templates/api.deployment.yaml @@ -30,6 +30,12 @@ spec: {{- end }} securityContext: {{- toYaml (coalesce .Values.api.podSecurityContext .Values.podSecurityContext) | nindent 8 }} + initContainers: + - command: + - "node -r dotenv-extended/config dist/migrations/lagoon/migration.js" + image: "{{ .Values.api.image.repository }}:{{ coalesce .Values.api.image.tag .Values.imageTag .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.api.image.pullPolicy }} + name: migrations containers: - name: api securityContext: From 7d554433f4a4c247d94b6f1ea3df74da9b4686ea Mon Sep 17 00:00:00 2001 From: shreddedbacon Date: Tue, 12 Mar 2024 08:04:13 +1100 Subject: [PATCH 46/71] chore: fix entry command --- charts/lagoon-core/templates/api.deployment.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/charts/lagoon-core/templates/api.deployment.yaml b/charts/lagoon-core/templates/api.deployment.yaml index 6ae9bb807..e2d7d3308 100644 --- a/charts/lagoon-core/templates/api.deployment.yaml +++ b/charts/lagoon-core/templates/api.deployment.yaml @@ -32,6 +32,8 @@ spec: {{- toYaml (coalesce .Values.api.podSecurityContext .Values.podSecurityContext) | nindent 8 }} initContainers: - command: + - "sh" + - "-c" - "node -r dotenv-extended/config dist/migrations/lagoon/migration.js" image: "{{ .Values.api.image.repository }}:{{ coalesce .Values.api.image.tag .Values.imageTag .Chart.AppVersion }}" imagePullPolicy: {{ .Values.api.image.pullPolicy }} From 0c4a5c3bdf1f2e38bc5ea1a94f177a2767149382 Mon Sep 17 00:00:00 2001 From: shreddedbacon Date: Tue, 12 Mar 2024 08:04:13 +1100 Subject: [PATCH 47/71] chore: add missing vars secret --- .../lagoon-core/templates/api.deployment.yaml | 33 +++++++++++++++++++ .../templates/keycloak.deployment.yaml | 13 ++++++++ 2 files changed, 46 insertions(+) diff --git a/charts/lagoon-core/templates/api.deployment.yaml b/charts/lagoon-core/templates/api.deployment.yaml index e2d7d3308..9e80c2243 100644 --- a/charts/lagoon-core/templates/api.deployment.yaml +++ b/charts/lagoon-core/templates/api.deployment.yaml @@ -38,6 +38,39 @@ spec: image: "{{ .Values.api.image.repository }}:{{ coalesce .Values.api.image.tag .Values.imageTag .Chart.AppVersion }}" imagePullPolicy: {{ .Values.api.image.pullPolicy }} name: migrations + env: + - name: API_DB_HOST + value: {{ include "lagoon-core.apiDB.fullname" . }} + - name: API_DB_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "lagoon-core.apiDB.fullname" . }} + key: API_DB_PASSWORD + - name: KEYCLOAK_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "lagoon-core.keycloak.fullname" . }} + key: KEYCLOAK_ADMIN_PASSWORD + - name: KEYCLOAK_ADMIN_USER + value: {{ .Values.keycloakAdminUser | quote }} + - name: KEYCLOAK_API_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: {{ include "lagoon-core.keycloak.fullname" . }} + key: KEYCLOAK_API_CLIENT_SECRET + - name: KEYCLOAK_URL + {{- if .Values.keycloakFrontEndURL }} + value: {{ .Values.keycloakFrontEndURL }} + {{- else if .Values.keycloak.ingress.enabled }} + value: https://{{ index .Values.keycloak.ingress.hosts 0 "host" }} + {{- else }} + value: http://{{ include "lagoon-core.keycloak.fullname" . }}:{{ .Values.keycloak.service.port }} + {{- end }} + - name: REDIS_HOST + value: {{ include "lagoon-core.apiRedis.fullname" . }} + envFrom: + - secretRef: + name: {{ include "lagoon-core.api.fullname" . }} containers: - name: api securityContext: diff --git a/charts/lagoon-core/templates/keycloak.deployment.yaml b/charts/lagoon-core/templates/keycloak.deployment.yaml index a68206586..5392589e7 100644 --- a/charts/lagoon-core/templates/keycloak.deployment.yaml +++ b/charts/lagoon-core/templates/keycloak.deployment.yaml @@ -53,6 +53,19 @@ spec: - name: KEYCLOAK_ADMIN_EMAIL value: {{ . | quote }} {{- end }} + - name: LAGOON_DB_HOST + value: {{ include "lagoon-core.apiDB.fullname" . }} + - name: LAGOON_DB_VENDOR + value: mariadb + - name: LAGOON_DB_USER + value: api + - name: LAGOON_DB_DATABASE + value: infrastructure + - name: LAGOON_DB_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "lagoon-core.apiDB.fullname" . }} + key: API_DB_PASSWORD {{- range $key, $val := .Values.keycloak.additionalEnvs }} - name: {{ $key }} value: {{ $val | quote }} From 165445418c901d12077cbe3af7f1866c4ee6c2d0 Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Tue, 12 Mar 2024 08:09:20 +1100 Subject: [PATCH 48/71] chore: add artifacthub changelog --- charts/lagoon-remote/Chart.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/charts/lagoon-remote/Chart.yaml b/charts/lagoon-remote/Chart.yaml index 7b2b3eeb2..1ce3a916c 100644 --- a/charts/lagoon-remote/Chart.yaml +++ b/charts/lagoon-remote/Chart.yaml @@ -48,3 +48,5 @@ annotations: description: removed dioscuri subchart, activestandby is handled via a Lagoon task directly now - kind: changed description: updated insights-remote version to v0.0.9 + - kind: changed + description: added initcontainer to api to handle keycloak migrations From 4279733214d84e11b6052ed3ddd7b2a9b206167a Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Wed, 13 Mar 2024 07:56:36 +1100 Subject: [PATCH 49/71] chore: fix consistent indent-sequence YAML --- .../lagoon-core/templates/api.deployment.yaml | 80 +++++++++---------- 1 file changed, 40 insertions(+), 40 deletions(-) diff --git a/charts/lagoon-core/templates/api.deployment.yaml b/charts/lagoon-core/templates/api.deployment.yaml index 9e80c2243..2ef50a39c 100644 --- a/charts/lagoon-core/templates/api.deployment.yaml +++ b/charts/lagoon-core/templates/api.deployment.yaml @@ -31,46 +31,46 @@ spec: securityContext: {{- toYaml (coalesce .Values.api.podSecurityContext .Values.podSecurityContext) | nindent 8 }} initContainers: - - command: - - "sh" - - "-c" - - "node -r dotenv-extended/config dist/migrations/lagoon/migration.js" - image: "{{ .Values.api.image.repository }}:{{ coalesce .Values.api.image.tag .Values.imageTag .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.api.image.pullPolicy }} - name: migrations - env: - - name: API_DB_HOST - value: {{ include "lagoon-core.apiDB.fullname" . }} - - name: API_DB_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "lagoon-core.apiDB.fullname" . }} - key: API_DB_PASSWORD - - name: KEYCLOAK_ADMIN_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "lagoon-core.keycloak.fullname" . }} - key: KEYCLOAK_ADMIN_PASSWORD - - name: KEYCLOAK_ADMIN_USER - value: {{ .Values.keycloakAdminUser | quote }} - - name: KEYCLOAK_API_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: {{ include "lagoon-core.keycloak.fullname" . }} - key: KEYCLOAK_API_CLIENT_SECRET - - name: KEYCLOAK_URL - {{- if .Values.keycloakFrontEndURL }} - value: {{ .Values.keycloakFrontEndURL }} - {{- else if .Values.keycloak.ingress.enabled }} - value: https://{{ index .Values.keycloak.ingress.hosts 0 "host" }} - {{- else }} - value: http://{{ include "lagoon-core.keycloak.fullname" . }}:{{ .Values.keycloak.service.port }} - {{- end }} - - name: REDIS_HOST - value: {{ include "lagoon-core.apiRedis.fullname" . }} - envFrom: - - secretRef: - name: {{ include "lagoon-core.api.fullname" . }} + - command: + - "sh" + - "-c" + - "node -r dotenv-extended/config dist/migrations/lagoon/migration.js" + image: "{{ .Values.api.image.repository }}:{{ coalesce .Values.api.image.tag .Values.imageTag .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.api.image.pullPolicy }} + name: migrations + env: + - name: API_DB_HOST + value: {{ include "lagoon-core.apiDB.fullname" . }} + - name: API_DB_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "lagoon-core.apiDB.fullname" . }} + key: API_DB_PASSWORD + - name: KEYCLOAK_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "lagoon-core.keycloak.fullname" . }} + key: KEYCLOAK_ADMIN_PASSWORD + - name: KEYCLOAK_ADMIN_USER + value: {{ .Values.keycloakAdminUser | quote }} + - name: KEYCLOAK_API_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: {{ include "lagoon-core.keycloak.fullname" . }} + key: KEYCLOAK_API_CLIENT_SECRET + - name: KEYCLOAK_URL + {{- if .Values.keycloakFrontEndURL }} + value: {{ .Values.keycloakFrontEndURL }} + {{- else if .Values.keycloak.ingress.enabled }} + value: https://{{ index .Values.keycloak.ingress.hosts 0 "host" }} + {{- else }} + value: http://{{ include "lagoon-core.keycloak.fullname" . }}:{{ .Values.keycloak.service.port }} + {{- end }} + - name: REDIS_HOST + value: {{ include "lagoon-core.apiRedis.fullname" . }} + envFrom: + - secretRef: + name: {{ include "lagoon-core.api.fullname" . }} containers: - name: api securityContext: From d2da4b4fd6adf0b4b82104263265b07683c3fd21 Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Wed, 13 Mar 2024 07:56:49 +1100 Subject: [PATCH 50/71] test: use image overrides in linter --- charts/lagoon-core/ci/linter-values.yaml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/charts/lagoon-core/ci/linter-values.yaml b/charts/lagoon-core/ci/linter-values.yaml index 5278a7eb5..99663c60e 100644 --- a/charts/lagoon-core/ci/linter-values.yaml +++ b/charts/lagoon-core/ci/linter-values.yaml @@ -27,7 +27,9 @@ keycloakAdminEmail: admin@example.com api: replicaCount: 1 image: - repository: uselagoon/api +# TODO - update repo/tag before v2.18 release + repository: testlagoon/api + tag: main resources: requests: cpu: "10m" @@ -47,7 +49,6 @@ apiRedis: requests: cpu: "10m" -# TODO - update repo/tag before v2.11 release actionsHandler: replicaCount: 1 image: @@ -71,7 +72,9 @@ keycloak: replyTo: lagoon@example.com envelopeFrom: lagoon@example.com image: - repository: uselagoon/keycloak +# TODO - update repo/tag before v2.18 release + repository: testlagoon/keycloak + tag: main resources: requests: cpu: "10m" From 7bf57b2905a493ceb7933a098b781e401feb89b2 Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Wed, 13 Mar 2024 13:00:59 +1100 Subject: [PATCH 51/71] chore: update lagoon-build-deploy to 0.26.4 --- charts/lagoon-remote/Chart.lock | 6 +++--- charts/lagoon-remote/Chart.yaml | 2 ++ charts/lagoon-remote/README.md | 4 ++-- 3 files changed, 7 insertions(+), 5 deletions(-) diff --git a/charts/lagoon-remote/Chart.lock b/charts/lagoon-remote/Chart.lock index 9f4c93aa0..3def3a558 100644 --- a/charts/lagoon-remote/Chart.lock +++ b/charts/lagoon-remote/Chart.lock @@ -1,12 +1,12 @@ dependencies: - name: lagoon-build-deploy repository: https://uselagoon.github.io/lagoon-charts/ - version: 0.26.3 + version: 0.26.4 - name: dbaas-operator repository: https://amazeeio.github.io/charts/ version: 0.3.0 - name: nats repository: https://nats-io.github.io/k8s/helm/charts/ version: 0.19.17 -digest: sha256:19d026667151fe980c86b856f5e061d89bd669afaef89e1e88a69b8730950bb5 -generated: "2024-02-15T10:02:47.025667985+11:00" +digest: sha256:474fd1780a647f467a7120a0ad75fc1cd02bb3e6a7b964a75a4c5bbaefb4344b +generated: "2024-03-13T12:56:47.068393312+11:00" diff --git a/charts/lagoon-remote/Chart.yaml b/charts/lagoon-remote/Chart.yaml index 1ce3a916c..27372ec70 100644 --- a/charts/lagoon-remote/Chart.yaml +++ b/charts/lagoon-remote/Chart.yaml @@ -50,3 +50,5 @@ annotations: description: updated insights-remote version to v0.0.9 - kind: changed description: added initcontainer to api to handle keycloak migrations + - kind: changed + description: update lagoon-build-deploy to 0.26.4 diff --git a/charts/lagoon-remote/README.md b/charts/lagoon-remote/README.md index 6cec937f0..aa18e3201 100644 --- a/charts/lagoon-remote/README.md +++ b/charts/lagoon-remote/README.md @@ -12,7 +12,7 @@ This is outside the scope of this README. ## Install -*NOTE:* This chart must be installed into the `lagoon` namespace because software that consumes lagoon services inside the cluster asumes that services are available at `*.lagoon.svc`. +*NOTE:* This chart must be installed into the `lagoon` namespace because software that consumes lagoon services inside the cluster assumes that services are available at `*.lagoon.svc`. ``` helm upgrade --install --create-namespace --namespace lagoon lagoon-remote ./charts/lagoon-remote @@ -20,7 +20,7 @@ helm upgrade --install --create-namespace --namespace lagoon lagoon-remote ./cha ### OpenShift -the included docker-host needs `priviledged` permissions: +the included docker-host needs `privileged` permissions: ``` oc -n lagoon adm policy add-scc-to-user privileged -z lagoon-remote-docker-host From e085450c4f7e2c6c381dc4a96878ea1020fce23a Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Wed, 13 Mar 2024 17:08:02 +1100 Subject: [PATCH 52/71] test: add image.tag overrides for api and keycloak --- Makefile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Makefile b/Makefile index 45f64657e..108fce7ee 100644 --- a/Makefile +++ b/Makefile @@ -186,6 +186,7 @@ install-lagoon-core: install-minio --set "lagoonAPIURL=http://lagoon-api.$$($(KUBECTL) get nodes -o jsonpath='{.items[0].status.addresses[0].address}').nip.io:32080/graphql" \ --set actionsHandler.image.repository=$(IMAGE_REGISTRY)/actions-handler \ --set api.image.repository=$(IMAGE_REGISTRY)/api \ + --set api.image.tag=$(IMAGE_TAG) \ --set apiDB.image.repository=$(IMAGE_REGISTRY)/api-db \ --set apiRedis.image.repository=$(IMAGE_REGISTRY)/api-redis \ --set authServer.image.repository=$(IMAGE_REGISTRY)/auth-server \ @@ -194,6 +195,7 @@ install-lagoon-core: install-minio --set broker.image.repository=$(IMAGE_REGISTRY)/broker \ --set insightsHandler.enabled=false \ --set keycloak.image.repository=$(IMAGE_REGISTRY)/keycloak \ + --set keycloak.image.tag=$(IMAGE_TAG) \ --set keycloakDB.image.repository=$(IMAGE_REGISTRY)/keycloak-db \ --set logs2notifications.image.repository=$(IMAGE_REGISTRY)/logs2notifications \ --set logs2notifications.email.disabled=true \ From 1935823681e6611445a5e87afdeb6fbd6e1e4e0e Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Wed, 20 Mar 2024 15:27:36 +1100 Subject: [PATCH 53/71] chore: add keycloak ingress buffer size --- charts/lagoon-core/ci/linter-values.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/charts/lagoon-core/ci/linter-values.yaml b/charts/lagoon-core/ci/linter-values.yaml index 99663c60e..0229354ca 100644 --- a/charts/lagoon-core/ci/linter-values.yaml +++ b/charts/lagoon-core/ci/linter-values.yaml @@ -78,6 +78,9 @@ keycloak: resources: requests: cpu: "10m" + ingress: + annotations: + nginx.ingress.kubernetes.io/proxy-buffer-size: "128k" keycloakDB: image: From 9b4a77c7d82c6dc6556c8fbed6011b3ed9583fb8 Mon Sep 17 00:00:00 2001 From: Brandon Williams Date: Thu, 21 Mar 2024 11:10:56 -0500 Subject: [PATCH 54/71] fix: apiDB livenessProbe access denied Using `localhost` and port `3306` forces mysqladmin to connect to `127.0.0.1` via TCP, instead of via socket. The uselagoon/mariadb images only set a root password for `localhost`, so the attempt to authenticate via `127.0.0.1` fails. --- charts/lagoon-core/values.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/charts/lagoon-core/values.yaml b/charts/lagoon-core/values.yaml index f37eea9a0..7f77386b2 100644 --- a/charts/lagoon-core/values.yaml +++ b/charts/lagoon-core/values.yaml @@ -180,8 +180,6 @@ apiDB: exec: command: - mysqladmin - - --host=localhost - - --port=3306 - --connect-timeout=4 - ping From e60f4c2abba35070d1fe6fc4d25ac17b65c78cdd Mon Sep 17 00:00:00 2001 From: Brandon Williams Date: Thu, 21 Mar 2024 11:10:57 -0500 Subject: [PATCH 55/71] feat: apiDB readinessProbe uses SQL query for test The current TCP based readiness probe causes an `Aborted connection` log for each check. Changing it to the `readiness-probe.sh` script removes the log and also ensures that mysqld is able to serve SQL requests, not just that it can open a socket. --- charts/lagoon-core/templates/api-db.statefulset.yaml | 5 +++-- charts/lagoon-core/values.yaml | 5 +++++ 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/charts/lagoon-core/templates/api-db.statefulset.yaml b/charts/lagoon-core/templates/api-db.statefulset.yaml index a52cb7559..3214fa424 100644 --- a/charts/lagoon-core/templates/api-db.statefulset.yaml +++ b/charts/lagoon-core/templates/api-db.statefulset.yaml @@ -49,9 +49,10 @@ spec: volumeMounts: - name: {{ include "lagoon-core.apiDB.fullname" . }}-data mountPath: /var/lib/mysql + {{- with .Values.apiDB.readinessProbe }} readinessProbe: - tcpSocket: - port: mariadb + {{- toYaml . | nindent 10 }} + {{- end }} {{- with .Values.apiDB.livenessProbe }} livenessProbe: {{- toYaml . | nindent 10 }} diff --git a/charts/lagoon-core/values.yaml b/charts/lagoon-core/values.yaml index 7f77386b2..dad80d0a1 100644 --- a/charts/lagoon-core/values.yaml +++ b/charts/lagoon-core/values.yaml @@ -183,6 +183,11 @@ apiDB: - --connect-timeout=4 - ping + readinessProbe: + exec: + command: + - /usr/share/container-scripts/mysql/readiness-probe.sh + apiRedis: image: repository: uselagoon/api-redis From fd3521d5191904381c78a402f05f17e6c4476441 Mon Sep 17 00:00:00 2001 From: Brandon Williams Date: Thu, 21 Mar 2024 11:10:57 -0500 Subject: [PATCH 56/71] feat: apiDB startupProbe waits for maraidb init script to complete The mariadb init script starts mysqld multiple times, so a TCP check will signal startup is complete before the init is actually finished. --- charts/lagoon-core/values.yaml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/charts/lagoon-core/values.yaml b/charts/lagoon-core/values.yaml index dad80d0a1..335593622 100644 --- a/charts/lagoon-core/values.yaml +++ b/charts/lagoon-core/values.yaml @@ -173,8 +173,11 @@ apiDB: startupProbe: # 60*10s period = 10 minutes failureThreshold: 60 - tcpSocket: - port: mariadb + exec: + command: + - test + - -f + - /tmp/mariadb-init-complete livenessProbe: exec: From df0524182e487d7e7de81711950015da0d479e25 Mon Sep 17 00:00:00 2001 From: Brandon Williams Date: Thu, 21 Mar 2024 11:10:58 -0500 Subject: [PATCH 57/71] feat: apiDB configurable terminationGracePeriodSeconds --- charts/lagoon-core/templates/api-db.statefulset.yaml | 4 ++++ charts/lagoon-core/values.yaml | 2 ++ 2 files changed, 6 insertions(+) diff --git a/charts/lagoon-core/templates/api-db.statefulset.yaml b/charts/lagoon-core/templates/api-db.statefulset.yaml index 3214fa424..2b4979966 100644 --- a/charts/lagoon-core/templates/api-db.statefulset.yaml +++ b/charts/lagoon-core/templates/api-db.statefulset.yaml @@ -79,6 +79,10 @@ spec: tolerations: {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.apiDB.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: + {{- toYaml . | nindent 8 }} + {{- end }} volumeClaimTemplates: - metadata: name: {{ include "lagoon-core.apiDB.fullname" . }}-data diff --git a/charts/lagoon-core/values.yaml b/charts/lagoon-core/values.yaml index 335593622..adb5cd7c2 100644 --- a/charts/lagoon-core/values.yaml +++ b/charts/lagoon-core/values.yaml @@ -170,6 +170,8 @@ apiDB: storageSize: 128Gi + terminationGracePeriodSeconds: 30 + startupProbe: # 60*10s period = 10 minutes failureThreshold: 60 From 5172590a2ad05189cff18796bc6edd6d6f0f8dec Mon Sep 17 00:00:00 2001 From: Brandon Williams Date: Thu, 21 Mar 2024 11:10:59 -0500 Subject: [PATCH 58/71] feat: align keycloakDB template with apiDB - livenessProbe access denied warnings - readinessProbe aborted connection warnings - startupProbe waits for mariadb init to complete - add configurable terminationGracePeriod --- .../templates/keycloak-db.statefulset.yaml | 16 +++++++++++----- charts/lagoon-core/values.yaml | 14 ++++++++++++++ 2 files changed, 25 insertions(+), 5 deletions(-) diff --git a/charts/lagoon-core/templates/keycloak-db.statefulset.yaml b/charts/lagoon-core/templates/keycloak-db.statefulset.yaml index 3465debc3..eedf93518 100644 --- a/charts/lagoon-core/templates/keycloak-db.statefulset.yaml +++ b/charts/lagoon-core/templates/keycloak-db.statefulset.yaml @@ -49,12 +49,14 @@ spec: volumeMounts: - name: {{ include "lagoon-core.keycloakDB.fullname" . }}-data mountPath: /var/lib/mysql - livenessProbe: - tcpSocket: - port: mariadb + {{- with .Values.keycloakDB.readinessProbe }} readinessProbe: - tcpSocket: - port: mariadb + {{- toYaml . | nindent 10 }} + {{- end }} + {{- with .Values.keycloakDB.livenessProbe }} + livenessProbe: + {{- toYaml . | nindent 10 }} + {{- end }} {{- with .Values.keycloakDB.startupProbe }} startupProbe: {{- toYaml . | nindent 10 }} @@ -77,6 +79,10 @@ spec: tolerations: {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.keycloakDB.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: + {{- toYaml . | nindent 8 }} + {{- end }} volumeClaimTemplates: - metadata: name: {{ include "lagoon-core.keycloakDB.fullname" . }}-data diff --git a/charts/lagoon-core/values.yaml b/charts/lagoon-core/values.yaml index adb5cd7c2..7fc4908fe 100644 --- a/charts/lagoon-core/values.yaml +++ b/charts/lagoon-core/values.yaml @@ -304,12 +304,26 @@ keycloakDB: additionalEnvs: # FOO: Bar + terminationGracePeriodSeconds: 30 + startupProbe: # 60*10s period = 10 minutes failureThreshold: 60 tcpSocket: port: mariadb + livenessProbe: + exec: + command: + - mysqladmin + - --connect-timeout=4 + - ping + + readinessProbe: + exec: + command: + - /usr/share/container-scripts/mysql/readiness-probe.sh + broker: replicaCount: 3 image: From 01863ac25714ec938d742df8fb86fbd1955efdbe Mon Sep 17 00:00:00 2001 From: Brandon Williams Date: Thu, 21 Mar 2024 11:10:59 -0500 Subject: [PATCH 59/71] chore: lagoon-core chart version bump and artifacthub changelog --- charts/lagoon-core/Chart.yaml | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/charts/lagoon-core/Chart.yaml b/charts/lagoon-core/Chart.yaml index 0b1d71bb3..b8758d3b7 100644 --- a/charts/lagoon-core/Chart.yaml +++ b/charts/lagoon-core/Chart.yaml @@ -21,7 +21,7 @@ type: application # time you make changes to the chart and its templates, including the app # version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 1.41.0 +version: 1.42.0 # This is the version number of the application being deployed. This version # number should be incremented each time you make changes to the application. @@ -40,11 +40,13 @@ dependencies: # Valid supported kinds are added, changed, deprecated, removed, fixed and security annotations: artifacthub.io/changes: | - - kind: changed - description: bump lagoon-opensearch-sync version to v0.7.1 - - kind: changed - description: updated to insights-handler:v0.0.2 - - kind: changed - description: pinned insights to trivy:0.48.0 - - kind: changed - description: update lagoon appVersion to v2.17.0 + - kind: fixed + description: apiDB livenessProbe access denied + - kind: added + description: apiDB readinessProbe uses sql query + - kind: added + description: apiDB startupProbe waits for init completion + - kind: added + description: apiDB configurable terminationGracePeriodSeconds + - kind: added + description: keycloakDB aligns to apiDB From e0135037d0c0205ca20c8e260b126b692eb45720 Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Fri, 22 Mar 2024 08:47:35 +1100 Subject: [PATCH 60/71] test: point testing DB images to temp images --- Makefile | 2 ++ charts/lagoon-core/ci/linter-values.yaml | 8 ++++++-- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index 108fce7ee..168476288 100644 --- a/Makefile +++ b/Makefile @@ -188,6 +188,7 @@ install-lagoon-core: install-minio --set api.image.repository=$(IMAGE_REGISTRY)/api \ --set api.image.tag=$(IMAGE_TAG) \ --set apiDB.image.repository=$(IMAGE_REGISTRY)/api-db \ + --set apiDB.image.tag=testing-updated-db-images \ --set apiRedis.image.repository=$(IMAGE_REGISTRY)/api-redis \ --set authServer.image.repository=$(IMAGE_REGISTRY)/auth-server \ --set autoIdler.enabled=false \ @@ -197,6 +198,7 @@ install-lagoon-core: install-minio --set keycloak.image.repository=$(IMAGE_REGISTRY)/keycloak \ --set keycloak.image.tag=$(IMAGE_TAG) \ --set keycloakDB.image.repository=$(IMAGE_REGISTRY)/keycloak-db \ + --set keycloakDB.image.tag=testing-updated-db-images \ --set logs2notifications.image.repository=$(IMAGE_REGISTRY)/logs2notifications \ --set logs2notifications.email.disabled=true \ --set logs2notifications.microsoftteams.disabled=true \ diff --git a/charts/lagoon-core/ci/linter-values.yaml b/charts/lagoon-core/ci/linter-values.yaml index 0229354ca..12184c78f 100644 --- a/charts/lagoon-core/ci/linter-values.yaml +++ b/charts/lagoon-core/ci/linter-values.yaml @@ -36,7 +36,9 @@ api: apiDB: image: - repository: uselagoon/api-db +# TODO - update repo/tag before v2.18 release + repository: testlagoon/api-db + tag: testing-updated-db-images storageSize: 16Gi resources: requests: @@ -84,7 +86,9 @@ keycloak: keycloakDB: image: - repository: uselagoon/keycloak-db +# TODO - update repo/tag before v2.18 release + repository: testlagoon/keycloak-db + tag: testing-updated-db-images resources: requests: cpu: "10m" From 1255a5a5dd0a3a71f433f83ffebd49491f462cac Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Mon, 25 Mar 2024 08:31:44 +1100 Subject: [PATCH 61/71] chore: use published images in CI --- Makefile | 4 ++-- charts/lagoon-core/ci/linter-values.yaml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Makefile b/Makefile index 168476288..e07a1f6aa 100644 --- a/Makefile +++ b/Makefile @@ -188,7 +188,7 @@ install-lagoon-core: install-minio --set api.image.repository=$(IMAGE_REGISTRY)/api \ --set api.image.tag=$(IMAGE_TAG) \ --set apiDB.image.repository=$(IMAGE_REGISTRY)/api-db \ - --set apiDB.image.tag=testing-updated-db-images \ + --set apiDB.image.tag=$(IMAGE_TAG) \ --set apiRedis.image.repository=$(IMAGE_REGISTRY)/api-redis \ --set authServer.image.repository=$(IMAGE_REGISTRY)/auth-server \ --set autoIdler.enabled=false \ @@ -198,7 +198,7 @@ install-lagoon-core: install-minio --set keycloak.image.repository=$(IMAGE_REGISTRY)/keycloak \ --set keycloak.image.tag=$(IMAGE_TAG) \ --set keycloakDB.image.repository=$(IMAGE_REGISTRY)/keycloak-db \ - --set keycloakDB.image.tag=testing-updated-db-images \ + --set keycloakDB.image.tag=$(IMAGE_TAG) \ --set logs2notifications.image.repository=$(IMAGE_REGISTRY)/logs2notifications \ --set logs2notifications.email.disabled=true \ --set logs2notifications.microsoftteams.disabled=true \ diff --git a/charts/lagoon-core/ci/linter-values.yaml b/charts/lagoon-core/ci/linter-values.yaml index 12184c78f..908cdfb47 100644 --- a/charts/lagoon-core/ci/linter-values.yaml +++ b/charts/lagoon-core/ci/linter-values.yaml @@ -38,7 +38,7 @@ apiDB: image: # TODO - update repo/tag before v2.18 release repository: testlagoon/api-db - tag: testing-updated-db-images + tag: main storageSize: 16Gi resources: requests: @@ -88,7 +88,7 @@ keycloakDB: image: # TODO - update repo/tag before v2.18 release repository: testlagoon/keycloak-db - tag: testing-updated-db-images + tag: main resources: requests: cpu: "10m" From 4b96a4724a530887d072a5bdba49398c08a65811 Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Tue, 2 Apr 2024 12:54:04 +1100 Subject: [PATCH 62/71] fix: remove overrides used in testing --- .github/workflows/test-suite.yaml | 4 ++-- Makefile | 4 ---- charts/lagoon-core/ci/linter-values.yaml | 16 ++++------------ 3 files changed, 6 insertions(+), 18 deletions(-) diff --git a/.github/workflows/test-suite.yaml b/.github/workflows/test-suite.yaml index 69cbea3ce..73a03daaa 100644 --- a/.github/workflows/test-suite.yaml +++ b/.github/workflows/test-suite.yaml @@ -123,8 +123,8 @@ jobs: if: | (steps.list-changed.outputs.changed == 'true') || (contains(github.event.pull_request.labels.*.name, 'needs-testing')) - run: make -j8 -O fill-test-ci-values TESTS=[${{ matrix.test }}] IMAGE_REGISTRY=testlagoon IMAGE_TAG=main OVERRIDE_BUILD_DEPLOY_DIND_IMAGE=uselagoon/build-deploy-image:main OVERRIDE_ACTIVE_STANDBY_TASK_IMAGE=testlagoon/task-activestandby:main - # run: make -j8 -O fill-test-ci-values TESTS=[${{ matrix.test }}] + # run: make -j8 -O fill-test-ci-values TESTS=[${{ matrix.test }}] IMAGE_REGISTRY=testlagoon IMAGE_TAG=main OVERRIDE_BUILD_DEPLOY_DIND_IMAGE=uselagoon/build-deploy-image:main OVERRIDE_ACTIVE_STANDBY_TASK_IMAGE=testlagoon/task-activestandby:main + run: make -j8 -O fill-test-ci-values TESTS=[${{ matrix.test }}] - name: Free up some disk space if: | diff --git a/Makefile b/Makefile index e07a1f6aa..45f64657e 100644 --- a/Makefile +++ b/Makefile @@ -186,9 +186,7 @@ install-lagoon-core: install-minio --set "lagoonAPIURL=http://lagoon-api.$$($(KUBECTL) get nodes -o jsonpath='{.items[0].status.addresses[0].address}').nip.io:32080/graphql" \ --set actionsHandler.image.repository=$(IMAGE_REGISTRY)/actions-handler \ --set api.image.repository=$(IMAGE_REGISTRY)/api \ - --set api.image.tag=$(IMAGE_TAG) \ --set apiDB.image.repository=$(IMAGE_REGISTRY)/api-db \ - --set apiDB.image.tag=$(IMAGE_TAG) \ --set apiRedis.image.repository=$(IMAGE_REGISTRY)/api-redis \ --set authServer.image.repository=$(IMAGE_REGISTRY)/auth-server \ --set autoIdler.enabled=false \ @@ -196,9 +194,7 @@ install-lagoon-core: install-minio --set broker.image.repository=$(IMAGE_REGISTRY)/broker \ --set insightsHandler.enabled=false \ --set keycloak.image.repository=$(IMAGE_REGISTRY)/keycloak \ - --set keycloak.image.tag=$(IMAGE_TAG) \ --set keycloakDB.image.repository=$(IMAGE_REGISTRY)/keycloak-db \ - --set keycloakDB.image.tag=$(IMAGE_TAG) \ --set logs2notifications.image.repository=$(IMAGE_REGISTRY)/logs2notifications \ --set logs2notifications.email.disabled=true \ --set logs2notifications.microsoftteams.disabled=true \ diff --git a/charts/lagoon-core/ci/linter-values.yaml b/charts/lagoon-core/ci/linter-values.yaml index 908cdfb47..387372c6c 100644 --- a/charts/lagoon-core/ci/linter-values.yaml +++ b/charts/lagoon-core/ci/linter-values.yaml @@ -27,18 +27,14 @@ keycloakAdminEmail: admin@example.com api: replicaCount: 1 image: -# TODO - update repo/tag before v2.18 release - repository: testlagoon/api - tag: main + repository: uselagoon/api resources: requests: cpu: "10m" apiDB: image: -# TODO - update repo/tag before v2.18 release - repository: testlagoon/api-db - tag: main + repository: uselagoon/api-db storageSize: 16Gi resources: requests: @@ -74,9 +70,7 @@ keycloak: replyTo: lagoon@example.com envelopeFrom: lagoon@example.com image: -# TODO - update repo/tag before v2.18 release - repository: testlagoon/keycloak - tag: main + repository: uselagoon/keycloak resources: requests: cpu: "10m" @@ -86,9 +80,7 @@ keycloak: keycloakDB: image: -# TODO - update repo/tag before v2.18 release - repository: testlagoon/keycloak-db - tag: main + repository: uselagoon/keycloak-db resources: requests: cpu: "10m" From bc27e10185b74e326b5d5409c024ba6957f6b00b Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Tue, 2 Apr 2024 14:00:18 +1100 Subject: [PATCH 63/71] fix: update chart.yaml for v2.18.0 release --- charts/lagoon-core/Chart.yaml | 6 +++++- charts/lagoon-remote/Chart.yaml | 2 -- charts/lagoon-test/Chart.yaml | 8 +++----- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/charts/lagoon-core/Chart.yaml b/charts/lagoon-core/Chart.yaml index 9d5ff73f1..9b18aa856 100644 --- a/charts/lagoon-core/Chart.yaml +++ b/charts/lagoon-core/Chart.yaml @@ -27,7 +27,7 @@ version: 1.42.0 # number should be incremented each time you make changes to the application. # Versions are not expected to follow Semantic Versioning. They should reflect # the version the application is using. -appVersion: v2.17.0 +appVersion: v2.18.0 dependencies: - name: nats @@ -40,10 +40,14 @@ dependencies: # Valid supported kinds are added, changed, deprecated, removed, fixed and security annotations: artifacthub.io/changes: | + - kind: changed + description: update Lagoon appVersion to v2.18.0 - kind: changed description: remove unused legacy registry setting from core - kind: changed description: modify keycloak liveness and readiness endpoint + - kind: changed + description: added initcontainer to api to handle keycloak migrations - kind: changed description: updated insights-handler to v0.0.4 - kind: fixed diff --git a/charts/lagoon-remote/Chart.yaml b/charts/lagoon-remote/Chart.yaml index 39015826d..520119d1a 100644 --- a/charts/lagoon-remote/Chart.yaml +++ b/charts/lagoon-remote/Chart.yaml @@ -48,8 +48,6 @@ annotations: description: removed dioscuri subchart, activestandby is handled via a Lagoon task directly now - kind: changed description: updated insights-remote version to v0.0.9 - - kind: changed - description: added initcontainer to api to handle keycloak migrations - kind: changed description: update lagoon-build-deploy to 0.26.4 - kind: changed diff --git a/charts/lagoon-test/Chart.yaml b/charts/lagoon-test/Chart.yaml index a766f179c..b4bb6cdf9 100644 --- a/charts/lagoon-test/Chart.yaml +++ b/charts/lagoon-test/Chart.yaml @@ -15,13 +15,13 @@ type: application # time you make changes to the chart and its templates, including the app # version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.53.0 +version: 0.54.0 # This is the version number of the application being deployed. This version # number should be incremented each time you make changes to the application. # Versions are not expected to follow Semantic Versioning. They should reflect # the version the application is using. -appVersion: v2.17.0 +appVersion: v2.18.0 # This section is used to collect a changelog for artifacthub.io # It should be started afresh for each release @@ -29,6 +29,4 @@ appVersion: v2.17.0 annotations: artifacthub.io/changes: | - kind: changed - description: add minio settings to api-data-watcher-pusher and make into a helm test job - - kind: changed - description: update lagoon appVersion to v2.17.0 + description: update Lagoon appVersion to v2.18.0 From ad632c83d4bf3ec9ab072b9469a92ff25d8c91f1 Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Fri, 5 Apr 2024 15:16:30 +1100 Subject: [PATCH 64/71] chore: set broker replicas to 1 --- charts/lagoon-core/Chart.yaml | 22 ++-------------------- charts/lagoon-core/values.yaml | 2 +- 2 files changed, 3 insertions(+), 21 deletions(-) diff --git a/charts/lagoon-core/Chart.yaml b/charts/lagoon-core/Chart.yaml index 9b18aa856..5f6dcfcc8 100644 --- a/charts/lagoon-core/Chart.yaml +++ b/charts/lagoon-core/Chart.yaml @@ -21,7 +21,7 @@ type: application # time you make changes to the chart and its templates, including the app # version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 1.42.0 +version: 1.43.0 # This is the version number of the application being deployed. This version # number should be incremented each time you make changes to the application. @@ -41,22 +41,4 @@ dependencies: annotations: artifacthub.io/changes: | - kind: changed - description: update Lagoon appVersion to v2.18.0 - - kind: changed - description: remove unused legacy registry setting from core - - kind: changed - description: modify keycloak liveness and readiness endpoint - - kind: changed - description: added initcontainer to api to handle keycloak migrations - - kind: changed - description: updated insights-handler to v0.0.4 - - kind: fixed - description: apiDB livenessProbe access denied - - kind: added - description: apiDB readinessProbe uses sql query - - kind: added - description: apiDB startupProbe waits for init completion - - kind: added - description: apiDB configurable terminationGracePeriodSeconds - - kind: added - description: keycloakDB aligns to apiDB + description: reduce default replicas for broker to 1 diff --git a/charts/lagoon-core/values.yaml b/charts/lagoon-core/values.yaml index 862a65159..ead42778b 100644 --- a/charts/lagoon-core/values.yaml +++ b/charts/lagoon-core/values.yaml @@ -324,7 +324,7 @@ keycloakDB: - /usr/share/container-scripts/mysql/readiness-probe.sh broker: - replicaCount: 3 + replicaCount: 1 image: repository: uselagoon/broker pullPolicy: Always From 8e14d54499ca44da7b03cf0f7aba7f114941464e Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Fri, 5 Apr 2024 15:17:01 +1100 Subject: [PATCH 65/71] chore: update Lagoon appVersion to v2.18.1 --- charts/lagoon-core/Chart.yaml | 4 +++- charts/lagoon-test/Chart.yaml | 6 +++--- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/charts/lagoon-core/Chart.yaml b/charts/lagoon-core/Chart.yaml index 5f6dcfcc8..ce02597bf 100644 --- a/charts/lagoon-core/Chart.yaml +++ b/charts/lagoon-core/Chart.yaml @@ -27,7 +27,7 @@ version: 1.43.0 # number should be incremented each time you make changes to the application. # Versions are not expected to follow Semantic Versioning. They should reflect # the version the application is using. -appVersion: v2.18.0 +appVersion: v2.18.1 dependencies: - name: nats @@ -42,3 +42,5 @@ annotations: artifacthub.io/changes: | - kind: changed description: reduce default replicas for broker to 1 + - kind: changed + description: update Lagoon appVersion to v2.18.1 diff --git a/charts/lagoon-test/Chart.yaml b/charts/lagoon-test/Chart.yaml index b4bb6cdf9..9e95cea05 100644 --- a/charts/lagoon-test/Chart.yaml +++ b/charts/lagoon-test/Chart.yaml @@ -15,13 +15,13 @@ type: application # time you make changes to the chart and its templates, including the app # version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.54.0 +version: 0.55.0 # This is the version number of the application being deployed. This version # number should be incremented each time you make changes to the application. # Versions are not expected to follow Semantic Versioning. They should reflect # the version the application is using. -appVersion: v2.18.0 +appVersion: v2.18.1 # This section is used to collect a changelog for artifacthub.io # It should be started afresh for each release @@ -29,4 +29,4 @@ appVersion: v2.18.0 annotations: artifacthub.io/changes: | - kind: changed - description: update Lagoon appVersion to v2.18.0 + description: update Lagoon appVersion to v2.18.1 From 0f9f431a63c55cfd9c832009b3bd77a114f76d3e Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Fri, 12 Apr 2024 14:21:56 +1000 Subject: [PATCH 66/71] chore: add SSH_ENDPOINT vars to api service --- charts/lagoon-core/Chart.yaml | 4 ++-- charts/lagoon-core/ci/linter-values.yaml | 2 ++ charts/lagoon-core/templates/api.deployment.yaml | 10 ++++++++++ charts/lagoon-core/values.yaml | 8 +++++++- 4 files changed, 21 insertions(+), 3 deletions(-) diff --git a/charts/lagoon-core/Chart.yaml b/charts/lagoon-core/Chart.yaml index ce02597bf..9b084754f 100644 --- a/charts/lagoon-core/Chart.yaml +++ b/charts/lagoon-core/Chart.yaml @@ -21,7 +21,7 @@ type: application # time you make changes to the chart and its templates, including the app # version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 1.43.0 +version: 1.44.0 # This is the version number of the application being deployed. This version # number should be incremented each time you make changes to the application. @@ -41,6 +41,6 @@ dependencies: annotations: artifacthub.io/changes: | - kind: changed - description: reduce default replicas for broker to 1 + description: add SSH_ENDPOINT vars to api service - kind: changed description: update Lagoon appVersion to v2.18.1 diff --git a/charts/lagoon-core/ci/linter-values.yaml b/charts/lagoon-core/ci/linter-values.yaml index 387372c6c..f252d1a74 100644 --- a/charts/lagoon-core/ci/linter-values.yaml +++ b/charts/lagoon-core/ci/linter-values.yaml @@ -18,6 +18,8 @@ lagoonUIURL: http://ui:9101 lagoonWebhookURL: http://webhook:11213 defaultIngressClassName: nginx +sshTokenEndpoint: ssh-token.example.com + # used in ui # lagoonAPIURL: https://api.example.com/graphql # keycloakFrontEndURL: https://keycloak.example.com diff --git a/charts/lagoon-core/templates/api.deployment.yaml b/charts/lagoon-core/templates/api.deployment.yaml index 2ef50a39c..2e4dec379 100644 --- a/charts/lagoon-core/templates/api.deployment.yaml +++ b/charts/lagoon-core/templates/api.deployment.yaml @@ -175,6 +175,16 @@ spec: - name: S3_FILES_REGION value: {{ . | quote }} {{- end }} + {{- if .Values.sshTokenEndpoint }} + - name: SSH_TOKEN_ENDPOINT + value: {{ .Values.sshTokenEndpoint | quote }} + {{- end }} + - name: SSH_TOKEN_ENDPOINT_PORT + {{- if .Values.sshToken.enabled }} + value: {{ .Values.sshToken.service.ports.sshserver | quote }} + {{- else }} + value: {{ .Values.ssh.service.port | quote }} + {{- end }} - name: UI_URL {{- if .Values.lagoonUIURL }} value: {{ .Values.lagoonUIURL | quote }} diff --git a/charts/lagoon-core/values.yaml b/charts/lagoon-core/values.yaml index ead42778b..c86774e88 100644 --- a/charts/lagoon-core/values.yaml +++ b/charts/lagoon-core/values.yaml @@ -12,9 +12,15 @@ # s3FilesSecretAccessKey: # These values are optional. - # overwriteActiveStandbyTaskImage: +# appspecific discovery.json settings +# This should point to the publicly accessible ssh endpoint as a schema-less +# URI (either domain or IP) for the ssh-token (or fallback ssh) service +# e.g. ssh-token.example.com, ssh.example.com or 192.168.0.100 +# The port will be read from the sshToken (or ssh) port value +# sshTokenEndpoint: + # These values are optional depending on the services Lagoon is integrated with # in your environment. From b2fdafa70f9786e808d572bbc021140044b7b7b7 Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Fri, 12 Apr 2024 14:22:45 +1000 Subject: [PATCH 67/71] build: update storage-calculator to v0.5.3 --- charts/lagoon-remote/Chart.yaml | 16 ++-------------- charts/lagoon-remote/values.yaml | 2 +- 2 files changed, 3 insertions(+), 15 deletions(-) diff --git a/charts/lagoon-remote/Chart.yaml b/charts/lagoon-remote/Chart.yaml index 520119d1a..d5f5fba20 100644 --- a/charts/lagoon-remote/Chart.yaml +++ b/charts/lagoon-remote/Chart.yaml @@ -19,7 +19,7 @@ type: application # This is the chart version. This version number should be incremented each # time you make changes to the chart and its templates, including the app # version. -version: 0.88.0 +version: 0.88.1 dependencies: - name: lagoon-build-deploy @@ -41,16 +41,4 @@ dependencies: annotations: artifacthub.io/changes: | - kind: changed - description: update storage-calculator to v0.5.2 - - kind: changed - description: added metrics to storage-calculator - - kind: removed - description: removed dioscuri subchart, activestandby is handled via a Lagoon task directly now - - kind: changed - description: updated insights-remote version to v0.0.9 - - kind: changed - description: update lagoon-build-deploy to 0.26.4 - - kind: changed - description: update ssh-portal to v0.34.0 - - kind: added - description: add support for logs access via SSH + description: update storage-calculator to v0.5.3 diff --git a/charts/lagoon-remote/values.yaml b/charts/lagoon-remote/values.yaml index d06785412..6a211e75f 100644 --- a/charts/lagoon-remote/values.yaml +++ b/charts/lagoon-remote/values.yaml @@ -373,4 +373,4 @@ storageCalculator: repository: uselagoon/remote-calculator pullPolicy: IfNotPresent # Overrides the image tag whose default is the chart appVersion. - tag: v0.5.2 + tag: v0.5.3 From 35bef406ea7faaf3dc97522d0a862a59bf466ab9 Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Fri, 12 Apr 2024 14:23:03 +1000 Subject: [PATCH 68/71] build: update Lagoon appVersion to v2.18.2 --- charts/lagoon-core/Chart.yaml | 4 ++-- charts/lagoon-test/Chart.yaml | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/charts/lagoon-core/Chart.yaml b/charts/lagoon-core/Chart.yaml index 9b084754f..95ebb6dd9 100644 --- a/charts/lagoon-core/Chart.yaml +++ b/charts/lagoon-core/Chart.yaml @@ -27,7 +27,7 @@ version: 1.44.0 # number should be incremented each time you make changes to the application. # Versions are not expected to follow Semantic Versioning. They should reflect # the version the application is using. -appVersion: v2.18.1 +appVersion: v2.18.2 dependencies: - name: nats @@ -43,4 +43,4 @@ annotations: - kind: changed description: add SSH_ENDPOINT vars to api service - kind: changed - description: update Lagoon appVersion to v2.18.1 + description: update Lagoon appVersion to v2.18.2 diff --git a/charts/lagoon-test/Chart.yaml b/charts/lagoon-test/Chart.yaml index 9e95cea05..256f3eabd 100644 --- a/charts/lagoon-test/Chart.yaml +++ b/charts/lagoon-test/Chart.yaml @@ -15,13 +15,13 @@ type: application # time you make changes to the chart and its templates, including the app # version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.55.0 +version: 0.56.0 # This is the version number of the application being deployed. This version # number should be incremented each time you make changes to the application. # Versions are not expected to follow Semantic Versioning. They should reflect # the version the application is using. -appVersion: v2.18.1 +appVersion: v2.18.2 # This section is used to collect a changelog for artifacthub.io # It should be started afresh for each release @@ -29,4 +29,4 @@ appVersion: v2.18.1 annotations: artifacthub.io/changes: | - kind: changed - description: update Lagoon appVersion to v2.18.1 + description: update Lagoon appVersion to v2.18.2 From 37d8e4bc958bf33f4c00a0df3c1b8d3f7c90fa7a Mon Sep 17 00:00:00 2001 From: Tobi Nehrlich Date: Thu, 18 Apr 2024 15:03:10 +0200 Subject: [PATCH 69/71] chore: Use dedicated service for metrics When the main service is used as a load balancer service to allow public access through mTLS, the metrics should not be exposed on the same service. --- charts/lagoon-logs-concentrator/Chart.yaml | 4 ++-- .../templates/metrics-service.yaml | 22 +++++++++++++++++++ .../templates/service.yaml | 4 ---- .../templates/servicemonitor.yaml | 1 + .../templates/statefulset.yaml | 2 ++ charts/lagoon-logs-concentrator/values.yaml | 8 +++++++ 6 files changed, 35 insertions(+), 6 deletions(-) create mode 100644 charts/lagoon-logs-concentrator/templates/metrics-service.yaml diff --git a/charts/lagoon-logs-concentrator/Chart.yaml b/charts/lagoon-logs-concentrator/Chart.yaml index 5ceac6a41..6476e9fe4 100644 --- a/charts/lagoon-logs-concentrator/Chart.yaml +++ b/charts/lagoon-logs-concentrator/Chart.yaml @@ -19,7 +19,7 @@ type: application # time you make changes to the chart and its templates, including the app # version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.47.0 +version: 0.48.0 # This section is used to collect a changelog for artifacthub.io # It should be started afresh for each release @@ -27,4 +27,4 @@ version: 0.47.0 annotations: artifacthub.io/changes: | - kind: changed - description: update uselagoon/logs-concentrator image to v3.2.0 + description: use dedicated service for metrics diff --git a/charts/lagoon-logs-concentrator/templates/metrics-service.yaml b/charts/lagoon-logs-concentrator/templates/metrics-service.yaml new file mode 100644 index 000000000..8c4c92fb6 --- /dev/null +++ b/charts/lagoon-logs-concentrator/templates/metrics-service.yaml @@ -0,0 +1,22 @@ +{{- if .Values.metrics.enabled }} +apiVersion: v1 +kind: Service +metadata: +{{- with .Values.metrics.service.annotations }} + annotations: + {{- toYaml . | nindent 4 }} +{{- end }} + name: {{ include "lagoon-logs-concentrator.fullname" . }}-metrics + labels: + metrics-only: "true" + {{- include "lagoon-logs-concentrator.labels" . | nindent 4 }} +spec: + type: {{ .Values.metrics.service.type }} + ports: + - port: {{ .Values.metrics.service.port }} + targetPort: metrics + protocol: TCP + name: metrics + selector: + {{- include "lagoon-logs-concentrator.selectorLabels" . | nindent 4 }} +{{- end }} diff --git a/charts/lagoon-logs-concentrator/templates/service.yaml b/charts/lagoon-logs-concentrator/templates/service.yaml index cdf01c590..ffaaa3cc9 100644 --- a/charts/lagoon-logs-concentrator/templates/service.yaml +++ b/charts/lagoon-logs-concentrator/templates/service.yaml @@ -15,9 +15,5 @@ spec: targetPort: forward protocol: TCP name: forward - - port: 24231 - targetPort: metrics - protocol: TCP - name: metrics selector: {{- include "lagoon-logs-concentrator.selectorLabels" . | nindent 4 }} diff --git a/charts/lagoon-logs-concentrator/templates/servicemonitor.yaml b/charts/lagoon-logs-concentrator/templates/servicemonitor.yaml index 2fe51e19f..5a07e01b5 100644 --- a/charts/lagoon-logs-concentrator/templates/servicemonitor.yaml +++ b/charts/lagoon-logs-concentrator/templates/servicemonitor.yaml @@ -17,5 +17,6 @@ spec: - {{ .Release.Namespace }} selector: matchLabels: + metrics-only: "true" {{- include "lagoon-logs-concentrator.selectorLabels" . | nindent 6 }} {{- end }} diff --git a/charts/lagoon-logs-concentrator/templates/statefulset.yaml b/charts/lagoon-logs-concentrator/templates/statefulset.yaml index f9784dd39..096f303ba 100644 --- a/charts/lagoon-logs-concentrator/templates/statefulset.yaml +++ b/charts/lagoon-logs-concentrator/templates/statefulset.yaml @@ -54,9 +54,11 @@ spec: - name: forward containerPort: 24224 protocol: TCP + {{- if .Values.metrics.enabled }} - name: metrics containerPort: 24231 protocol: TCP + {{- end }} livenessProbe: tcpSocket: port: forward diff --git a/charts/lagoon-logs-concentrator/values.yaml b/charts/lagoon-logs-concentrator/values.yaml index 8757ae40a..ad515551b 100644 --- a/charts/lagoon-logs-concentrator/values.yaml +++ b/charts/lagoon-logs-concentrator/values.yaml @@ -46,6 +46,14 @@ service: # Annotations to add to the service annotations: {} +metrics: + enabled: true + service: + type: ClusterIP + port: 24231 + # annotations to add to the metrics service + annotations: {} + serviceMonitor: enabled: true From e6928b33412d6ee112b301ec415e5ddaf05a2605 Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Fri, 17 May 2024 12:13:12 +1000 Subject: [PATCH 70/71] chore: update uselagoon/logs-concentrator from v3.2.0 to v3.4.0 --- charts/lagoon-logs-concentrator/Chart.yaml | 4 ++-- charts/lagoon-logs-concentrator/values.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/lagoon-logs-concentrator/Chart.yaml b/charts/lagoon-logs-concentrator/Chart.yaml index 6476e9fe4..3e5d43a7d 100644 --- a/charts/lagoon-logs-concentrator/Chart.yaml +++ b/charts/lagoon-logs-concentrator/Chart.yaml @@ -19,7 +19,7 @@ type: application # time you make changes to the chart and its templates, including the app # version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.48.0 +version: 0.49.0 # This section is used to collect a changelog for artifacthub.io # It should be started afresh for each release @@ -27,4 +27,4 @@ version: 0.48.0 annotations: artifacthub.io/changes: | - kind: changed - description: use dedicated service for metrics + description: update uselagoon/logs-concentrator from v3.2.0 to v3.4.0 diff --git a/charts/lagoon-logs-concentrator/values.yaml b/charts/lagoon-logs-concentrator/values.yaml index ad515551b..ea3e842a0 100644 --- a/charts/lagoon-logs-concentrator/values.yaml +++ b/charts/lagoon-logs-concentrator/values.yaml @@ -12,7 +12,7 @@ image: repository: uselagoon/logs-concentrator pullPolicy: IfNotPresent # Overrides the image tag whose default is "latest". - tag: "v3.2.0" + tag: "v3.4.0" imagePullSecrets: [] nameOverride: "" From 588190fb19a00ab5acdb13bf092c499515cf7f02 Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Fri, 17 May 2024 12:13:29 +1000 Subject: [PATCH 71/71] chore: update uselagoon/logs-dispatcher from v3.4.0 to v3.6.0 --- charts/lagoon-logging/Chart.yaml | 6 +++--- charts/lagoon-logging/values.yaml | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/charts/lagoon-logging/Chart.yaml b/charts/lagoon-logging/Chart.yaml index 1072bdf34..6aeb1ebf9 100644 --- a/charts/lagoon-logging/Chart.yaml +++ b/charts/lagoon-logging/Chart.yaml @@ -19,7 +19,7 @@ type: application # time you make changes to the chart and its templates, including the app # version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.81.1 +version: 0.82.0 dependencies: - name: logging-operator @@ -33,5 +33,5 @@ dependencies: annotations: artifacthub.io/containsSecurityUpdates: "true" artifacthub.io/changes: | - - kind: security - description: avoid test role and rolebinding being wrongly installed + - kind: changed + description: update uselagoon/logs-dispatcher from v3.4.0 to v3.6.0 diff --git a/charts/lagoon-logging/values.yaml b/charts/lagoon-logging/values.yaml index f1045c884..7ea91ae5b 100644 --- a/charts/lagoon-logging/values.yaml +++ b/charts/lagoon-logging/values.yaml @@ -19,7 +19,7 @@ logsDispatcher: repository: uselagoon/logs-dispatcher pullPolicy: IfNotPresent # Overrides the image tag whose default is "latest". - tag: "v3.4.0" + tag: "v3.6.0" serviceAccount: # Specifies whether a service account should be created @@ -121,7 +121,7 @@ cdnLogsCollector: repository: uselagoon/logs-dispatcher pullPolicy: IfNotPresent # Overrides the image tag whose default is "latest". - tag: "v3.4.0" + tag: "v3.6.0" podAnnotations: {}