From 4e9e9f31424ea4101e623b9c77fd90d23cda3571 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 5 Sep 2023 00:29:00 +0000 Subject: [PATCH 1/9] chore(deps): bump actions/checkout from 3 to 4 Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v3...v4) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/lint-test-matrix.yaml | 2 +- .github/workflows/lint-test.yaml | 6 +++--- .github/workflows/release.yaml | 2 +- .github/workflows/test-suite.yaml | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/lint-test-matrix.yaml b/.github/workflows/lint-test-matrix.yaml index 0e085941..84d9b17e 100644 --- a/.github/workflows/lint-test-matrix.yaml +++ b/.github/workflows/lint-test-matrix.yaml @@ -19,7 +19,7 @@ jobs: - v1.27.3@sha256:3966ac761ae0136263ffdb6cfd4db23ef8a83cba8a463690e98317add2c9ba72 steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: "0" diff --git a/.github/workflows/lint-test.yaml b/.github/workflows/lint-test.yaml index ea28a138..4721000b 100644 --- a/.github/workflows/lint-test.yaml +++ b/.github/workflows/lint-test.yaml @@ -7,7 +7,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Install Helm run: | cd /tmp @@ -61,7 +61,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: "0" @@ -100,7 +100,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: "0" diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 3726cbab..522bb8ac 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -10,7 +10,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: "0" diff --git a/.github/workflows/test-suite.yaml b/.github/workflows/test-suite.yaml index 9599fb08..5e4be252 100644 --- a/.github/workflows/test-suite.yaml +++ b/.github/workflows/test-suite.yaml @@ -40,7 +40,7 @@ jobs: continue-on-error: true - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: "0" From ce9d44309d1ed4e14c99067d44410e85b2ca83d3 Mon Sep 17 00:00:00 2001 From: Brandon Williams Date: Tue, 12 Sep 2023 16:34:12 -0500 Subject: [PATCH 2/9] feat: Add lagoon-remote-ssh-core resources --- charts/lagoon-remote/Chart.yaml | 8 ++-- charts/lagoon-remote/templates/_helpers.tpl | 37 +++++++++++++++++++ .../templates/ssh-core.clusterrole.yaml | 36 ++++++++++++++++++ .../ssh-core.clusterrolebinding.yaml | 16 ++++++++ .../templates/ssh-core.secret.yaml | 11 ++++++ .../templates/ssh-core.serviceaccount.yaml | 12 ++++++ charts/lagoon-remote/values.yaml | 11 ++++++ 7 files changed, 126 insertions(+), 5 deletions(-) create mode 100644 charts/lagoon-remote/templates/ssh-core.clusterrole.yaml create mode 100644 charts/lagoon-remote/templates/ssh-core.clusterrolebinding.yaml create mode 100644 charts/lagoon-remote/templates/ssh-core.secret.yaml create mode 100644 charts/lagoon-remote/templates/ssh-core.serviceaccount.yaml diff --git a/charts/lagoon-remote/Chart.yaml b/charts/lagoon-remote/Chart.yaml index b46d57ef..e050a684 100644 --- a/charts/lagoon-remote/Chart.yaml +++ b/charts/lagoon-remote/Chart.yaml @@ -19,7 +19,7 @@ type: application # This is the chart version. This version number should be incremented each # time you make changes to the chart and its templates, including the app # version. -version: 0.81.0 +version: 0.82.0 dependencies: - name: lagoon-build-deploy @@ -44,7 +44,5 @@ dependencies: # Valid supported kinds are added, changed, deprecated, removed, fixed and security annotations: artifacthub.io/changes: | - - kind: changed - description: update lagoon-ssh-portal to v0.30.1 - - kind: changed - description: update NATS chart dependency to v0.19.17 + - kind: added + description: add lagoon-remote-ssh-core resources diff --git a/charts/lagoon-remote/templates/_helpers.tpl b/charts/lagoon-remote/templates/_helpers.tpl index a0fd1b6f..56cd7263 100644 --- a/charts/lagoon-remote/templates/_helpers.tpl +++ b/charts/lagoon-remote/templates/_helpers.tpl @@ -155,6 +155,43 @@ app.kubernetes.io/instance: {{ .Release.Name }} +{{/* +Create the name of the service account to use for sshCore. +*/}} +{{- define "lagoon-remote.sshCore.serviceAccountName" -}} +{{- default (include "lagoon-remote.sshCore.fullname" .) .Values.sshCore.serviceAccount.name }} +{{- end }} + +{{/* +Create a default fully qualified app name for sshCore. +*/}} +{{- define "lagoon-remote.sshCore.fullname" -}} +{{- include "lagoon-remote.fullname" . }}-ssh-core +{{- end }} + +{{/* +Common labels sshCore. +*/}} +{{- define "lagoon-remote.sshCore.labels" -}} +helm.sh/chart: {{ include "lagoon-remote.chart" . }} +{{ include "lagoon-remote.sshCore.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels sshCore. +*/}} +{{- define "lagoon-remote.sshCore.selectorLabels" -}} +app.kubernetes.io/name: {{ include "lagoon-remote.name" . }} +app.kubernetes.io/component: {{ include "lagoon-remote.sshCore.fullname" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + + + {{/* Create the name of the service account to use for sshPortal. */}} diff --git a/charts/lagoon-remote/templates/ssh-core.clusterrole.yaml b/charts/lagoon-remote/templates/ssh-core.clusterrole.yaml new file mode 100644 index 00000000..97250394 --- /dev/null +++ b/charts/lagoon-remote/templates/ssh-core.clusterrole.yaml @@ -0,0 +1,36 @@ +{{- if .Values.sshCore.enabled -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "lagoon-remote.sshCore.fullname" . }} + labels: + {{- include "lagoon-remote.sshCore.labels" . | nindent 4 }} +rules: +- apiGroups: + - apps + resources: + - deployments/scale + verbs: + - get + - update +- apiGroups: + - apps + resources: + - deployments + verbs: + - get + - list +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list +- apiGroups: + - "" + resources: + - pods/exec + verbs: + - create +{{- end }} diff --git a/charts/lagoon-remote/templates/ssh-core.clusterrolebinding.yaml b/charts/lagoon-remote/templates/ssh-core.clusterrolebinding.yaml new file mode 100644 index 00000000..bb48fb8d --- /dev/null +++ b/charts/lagoon-remote/templates/ssh-core.clusterrolebinding.yaml @@ -0,0 +1,16 @@ +{{- if .Values.sshCore.enabled -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "lagoon-remote.sshCore.fullname" . }} + labels: + {{- include "lagoon-remote.sshCore.labels" . | nindent 4 }} +subjects: +- kind: ServiceAccount + name: {{ include "lagoon-remote.sshCore.serviceAccountName" . }} + namespace: {{ .Release.Namespace | quote }} +roleRef: + kind: ClusterRole + name: {{ include "lagoon-remote.sshCore.fullname" . }} + apiGroup: rbac.authorization.k8s.io +{{- end }} diff --git a/charts/lagoon-remote/templates/ssh-core.secret.yaml b/charts/lagoon-remote/templates/ssh-core.secret.yaml new file mode 100644 index 00000000..750190e8 --- /dev/null +++ b/charts/lagoon-remote/templates/ssh-core.secret.yaml @@ -0,0 +1,11 @@ +{{- if .Values.sshCore.enabled -}} +apiVersion: v1 +kind: Secret +type: kubernetes.io/service-account-token +metadata: + name: {{ include "lagoon-remote.sshCore.serviceAccountName" . }}-token + labels: + {{- include "lagoon-remote.sshCore.labels" . | nindent 4 }} + annotations: + kubernetes.io/service-account.name: {{ include "lagoon-remote.sshCore.serviceAccountName" . }} +{{- end }} diff --git a/charts/lagoon-remote/templates/ssh-core.serviceaccount.yaml b/charts/lagoon-remote/templates/ssh-core.serviceaccount.yaml new file mode 100644 index 00000000..a8d2f6bb --- /dev/null +++ b/charts/lagoon-remote/templates/ssh-core.serviceaccount.yaml @@ -0,0 +1,12 @@ +{{- if .Values.sshCore.enabled -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "lagoon-remote.sshCore.serviceAccountName" . }} + labels: + {{- include "lagoon-remote.sshCore.labels" . | nindent 4 }} + {{- with .Values.sshCore.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/lagoon-remote/values.yaml b/charts/lagoon-remote/values.yaml index 9b0640b1..084cdac2 100644 --- a/charts/lagoon-remote/values.yaml +++ b/charts/lagoon-remote/values.yaml @@ -113,6 +113,17 @@ kubernetesBuildDeploy: # If not set, a name is generated using the fullname template. name: +# sshCore creates a restricted, non-expiring ServiceAccount token for use by +# lagoon-core. +sshCore: + enabled: false + serviceAccount: + annotations: {} + # The name of the service account to use. + # If not set, a name is generated using the fullname + # template + name: "" + # sshPortal is an optional service providing low-latency SSH connectivity to # Lagoon environments. sshPortal: From beb090492f014ec138b12b854a61590f06fba74c Mon Sep 17 00:00:00 2001 From: Scott Leggett Date: Tue, 19 Sep 2023 11:46:02 +0800 Subject: [PATCH 3/9] fix: upgrade mariadb chart to fix upgrade bug This change allows `make install-lagoon-remote` to be run more than once. Previously we would hit https://github.com/bitnami/charts/issues/15093. The specific chart version that this PR upgrades to is the latest version of the chart which still uses MariaDB 10.11.x (the LTS minor version of v10). Later versions of the chart upgrade to MariaDB 11, which is outside the scope of this bugfix. --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index a7ad4e5e..ad11a559 100644 --- a/Makefile +++ b/Makefile @@ -117,7 +117,7 @@ install-mariadb: --wait \ --timeout $(TIMEOUT) \ $$($(KUBECTL) get ns mariadb > /dev/null 2>&1 && echo --set auth.rootPassword=$$($(KUBECTL) get secret --namespace mariadb mariadb -o json | $(JQ) -r '.data."mariadb-root-password" | @base64d')) \ - --version=11.5.7 \ + --version=12.2.9 \ mariadb \ bitnami/mariadb From b088bc7c0d7eba543335b3491d4a665aae11fa01 Mon Sep 17 00:00:00 2001 From: shreddedbacon Date: Wed, 20 Sep 2023 13:44:11 +1000 Subject: [PATCH 4/9] chore: bump remote-controller to v0.15.0 --- charts/lagoon-build-deploy/Chart.yaml | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/charts/lagoon-build-deploy/Chart.yaml b/charts/lagoon-build-deploy/Chart.yaml index 61c58b79..11649826 100644 --- a/charts/lagoon-build-deploy/Chart.yaml +++ b/charts/lagoon-build-deploy/Chart.yaml @@ -16,13 +16,11 @@ kubeVersion: ">= 1.21.0-0" type: application -version: 0.24.0 +version: 0.25.0 -appVersion: v0.14.0 +appVersion: v0.15.0 annotations: artifacthub.io/changes: | - kind: changed - description: update remote-controller appVersion to v0.14.0 - - kind: changed - description: updated lagoontask crd, will require crds to be re-applied + description: update remote-controller appVersion to v0.15.0 From a4df662324f7afccc01d7fcd921e70c64f124626 Mon Sep 17 00:00:00 2001 From: shreddedbacon Date: Wed, 20 Sep 2023 15:21:12 +1000 Subject: [PATCH 5/9] chore: update lagoon-build-deploy to v0.25.0 --- charts/lagoon-remote/Chart.lock | 6 +++--- charts/lagoon-remote/Chart.yaml | 8 ++++---- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/charts/lagoon-remote/Chart.lock b/charts/lagoon-remote/Chart.lock index 5bd1617b..a4dd02e0 100644 --- a/charts/lagoon-remote/Chart.lock +++ b/charts/lagoon-remote/Chart.lock @@ -1,7 +1,7 @@ dependencies: - name: lagoon-build-deploy repository: https://uselagoon.github.io/lagoon-charts/ - version: 0.24.0 + version: 0.25.0 - name: dioscuri repository: https://amazeeio.github.io/charts/ version: 0.4.1 @@ -11,5 +11,5 @@ dependencies: - name: nats repository: https://nats-io.github.io/k8s/helm/charts/ version: 0.19.17 -digest: sha256:5bf74bd117c2e5ae31d4084a588c52dd9408bbcc54cd0c86abf763d35f583412 -generated: "2023-07-28T09:49:56.393491706+08:00" +digest: sha256:f5484f77cfe25d079752ea3a19b1a93edb3c93e1262c4f310e149843359ff2c1 +generated: "2023-09-20T15:20:44.302630522+10:00" diff --git a/charts/lagoon-remote/Chart.yaml b/charts/lagoon-remote/Chart.yaml index e050a684..309b8f8f 100644 --- a/charts/lagoon-remote/Chart.yaml +++ b/charts/lagoon-remote/Chart.yaml @@ -19,11 +19,11 @@ type: application # This is the chart version. This version number should be incremented each # time you make changes to the chart and its templates, including the app # version. -version: 0.82.0 +version: 0.83.0 dependencies: - name: lagoon-build-deploy - version: ~0.24.0 + version: ~0.25.0 repository: https://uselagoon.github.io/lagoon-charts/ condition: lagoon-build-deploy.enabled - name: dioscuri @@ -44,5 +44,5 @@ dependencies: # Valid supported kinds are added, changed, deprecated, removed, fixed and security annotations: artifacthub.io/changes: | - - kind: added - description: add lagoon-remote-ssh-core resources + - kind: changed + description: update lagoon-build-deploy to v0.25.0 From 08b1f043d6d132b677ce0756bd2ff01c5d10243e Mon Sep 17 00:00:00 2001 From: shreddedbacon Date: Wed, 4 Oct 2023 11:13:52 +1100 Subject: [PATCH 6/9] chore: bump remote-controller to v0.15.1 --- charts/lagoon-build-deploy/Chart.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/lagoon-build-deploy/Chart.yaml b/charts/lagoon-build-deploy/Chart.yaml index 11649826..395d734b 100644 --- a/charts/lagoon-build-deploy/Chart.yaml +++ b/charts/lagoon-build-deploy/Chart.yaml @@ -16,11 +16,11 @@ kubeVersion: ">= 1.21.0-0" type: application -version: 0.25.0 +version: 0.25.1 -appVersion: v0.15.0 +appVersion: v0.15.1 annotations: artifacthub.io/changes: | - kind: changed - description: update remote-controller appVersion to v0.15.0 + description: update remote-controller appVersion to v0.15.1 From 8ab5e0152ed289eb3736e417c03dcf9b41baffb9 Mon Sep 17 00:00:00 2001 From: shreddedbacon Date: Wed, 4 Oct 2023 15:54:05 +1100 Subject: [PATCH 7/9] chore: bump lagoon-build-deploy subchart to v0.25.1 --- charts/lagoon-remote/Chart.lock | 6 +++--- charts/lagoon-remote/Chart.yaml | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/charts/lagoon-remote/Chart.lock b/charts/lagoon-remote/Chart.lock index a4dd02e0..f2117b14 100644 --- a/charts/lagoon-remote/Chart.lock +++ b/charts/lagoon-remote/Chart.lock @@ -1,7 +1,7 @@ dependencies: - name: lagoon-build-deploy repository: https://uselagoon.github.io/lagoon-charts/ - version: 0.25.0 + version: 0.25.1 - name: dioscuri repository: https://amazeeio.github.io/charts/ version: 0.4.1 @@ -11,5 +11,5 @@ dependencies: - name: nats repository: https://nats-io.github.io/k8s/helm/charts/ version: 0.19.17 -digest: sha256:f5484f77cfe25d079752ea3a19b1a93edb3c93e1262c4f310e149843359ff2c1 -generated: "2023-09-20T15:20:44.302630522+10:00" +digest: sha256:15cf7820f99a3b67bc9a83db2444f54cc08669616616fb684ef39d0318f2698b +generated: "2023-10-04T15:53:27.449884473+11:00" diff --git a/charts/lagoon-remote/Chart.yaml b/charts/lagoon-remote/Chart.yaml index 309b8f8f..d6063977 100644 --- a/charts/lagoon-remote/Chart.yaml +++ b/charts/lagoon-remote/Chart.yaml @@ -19,7 +19,7 @@ type: application # This is the chart version. This version number should be incremented each # time you make changes to the chart and its templates, including the app # version. -version: 0.83.0 +version: 0.83.1 dependencies: - name: lagoon-build-deploy @@ -45,4 +45,4 @@ dependencies: annotations: artifacthub.io/changes: | - kind: changed - description: update lagoon-build-deploy to v0.25.0 + description: update lagoon-build-deploy to v0.25.1 From 419ea3f3e765bdc09045abbceae7406c481971fb Mon Sep 17 00:00:00 2001 From: shreddedbacon Date: Fri, 6 Oct 2023 10:45:07 +1100 Subject: [PATCH 8/9] chore: update remote-controller to v0.15.2 --- charts/lagoon-build-deploy/Chart.yaml | 8 +++++--- charts/lagoon-build-deploy/templates/deployment.yaml | 3 +++ charts/lagoon-build-deploy/values.yaml | 1 + 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/charts/lagoon-build-deploy/Chart.yaml b/charts/lagoon-build-deploy/Chart.yaml index 395d734b..d4262503 100644 --- a/charts/lagoon-build-deploy/Chart.yaml +++ b/charts/lagoon-build-deploy/Chart.yaml @@ -16,11 +16,13 @@ kubeVersion: ">= 1.21.0-0" type: application -version: 0.25.1 +version: 0.25.2 -appVersion: v0.15.1 +appVersion: v0.15.2 annotations: artifacthub.io/changes: | - kind: changed - description: update remote-controller appVersion to v0.15.1 + description: update remote-controller appVersion to v0.15.2 + - kind: changed + description: added flag support for enabling k8up v2 support diff --git a/charts/lagoon-build-deploy/templates/deployment.yaml b/charts/lagoon-build-deploy/templates/deployment.yaml index 67cad38b..75d678e6 100644 --- a/charts/lagoon-build-deploy/templates/deployment.yaml +++ b/charts/lagoon-build-deploy/templates/deployment.yaml @@ -119,6 +119,9 @@ spec: {{- with .Values.lagoonFeatureFlagBackupWeeklyRandom }} - "--lagoon-feature-flag-backup-weekly-random={{ . }}" {{- end }} + {{- with .Values.lagoonFeatureFlagSupportK8upV2 }} + - "--lagoon-feature-flag-support-k8upv2={{ . }}" + {{- end }} {{- with .Values.lagoonBackupDefaultSchedule }} - "--backup-default-schedule={{ . }}" {{- end }} diff --git a/charts/lagoon-build-deploy/values.yaml b/charts/lagoon-build-deploy/values.yaml index 684974f4..ed1d2871 100644 --- a/charts/lagoon-build-deploy/values.yaml +++ b/charts/lagoon-build-deploy/values.yaml @@ -48,6 +48,7 @@ namespacePrefix: "" # lagoonFeatureFlagDefaultInsights: disabled # lagoonFeatureFlagForceRWX2RWO: disabled # lagoonFeatureFlagDefaultRWX2RWO: disabled +# lagoonFeatureFlagSupportK8upV2: false # It is also possible to define feature flags using `extraEnvs` by defining them like so # this method is useful for enabling features on the fly, ones that might not have built in support From ca4b60e649bf115464af7858b9867851260ca7ee Mon Sep 17 00:00:00 2001 From: shreddedbacon Date: Fri, 6 Oct 2023 10:50:05 +1100 Subject: [PATCH 9/9] chore: update lagoon-build-deploy to v0.25.2 --- charts/lagoon-remote/Chart.lock | 6 +++--- charts/lagoon-remote/Chart.yaml | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/charts/lagoon-remote/Chart.lock b/charts/lagoon-remote/Chart.lock index f2117b14..8d13133e 100644 --- a/charts/lagoon-remote/Chart.lock +++ b/charts/lagoon-remote/Chart.lock @@ -1,7 +1,7 @@ dependencies: - name: lagoon-build-deploy repository: https://uselagoon.github.io/lagoon-charts/ - version: 0.25.1 + version: 0.25.2 - name: dioscuri repository: https://amazeeio.github.io/charts/ version: 0.4.1 @@ -11,5 +11,5 @@ dependencies: - name: nats repository: https://nats-io.github.io/k8s/helm/charts/ version: 0.19.17 -digest: sha256:15cf7820f99a3b67bc9a83db2444f54cc08669616616fb684ef39d0318f2698b -generated: "2023-10-04T15:53:27.449884473+11:00" +digest: sha256:8ca3385f69f64eed0be9276ea4fb5b59e13e0caac5777e50bfae80fd6fd29cb0 +generated: "2023-10-06T10:49:35.479733592+11:00" diff --git a/charts/lagoon-remote/Chart.yaml b/charts/lagoon-remote/Chart.yaml index d6063977..56b01e09 100644 --- a/charts/lagoon-remote/Chart.yaml +++ b/charts/lagoon-remote/Chart.yaml @@ -19,7 +19,7 @@ type: application # This is the chart version. This version number should be incremented each # time you make changes to the chart and its templates, including the app # version. -version: 0.83.1 +version: 0.83.2 dependencies: - name: lagoon-build-deploy @@ -45,4 +45,4 @@ dependencies: annotations: artifacthub.io/changes: | - kind: changed - description: update lagoon-build-deploy to v0.25.1 + description: update lagoon-build-deploy to v0.25.2