Skip to content

Commit

Permalink
Merge branch 'main' into lagoon-logging-nov2024
Browse files Browse the repository at this point in the history
  • Loading branch information
tobybellwood authored Nov 21, 2024
2 parents 3b97713 + 5cfd83c commit 4d4cefd
Show file tree
Hide file tree
Showing 27 changed files with 405 additions and 208 deletions.
8 changes: 4 additions & 4 deletions .github/workflows/lint-test.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -95,10 +95,10 @@ jobs:
ct install --config ./default.ct.yaml --helm-extra-args "--timeout 30m"
if: ${{ contains(github.event.pull_request.labels.*.name, 'next-release') }}

- name: Run chart-testing (upgrade changed next-release only)
run: |
ct install --upgrade --config ./default.ct.yaml --helm-extra-args "--timeout 30m"
if: ${{ contains(github.event.pull_request.labels.*.name, 'next-release') }}
# - name: Run chart-testing (upgrade changed next-release only)
# run: |
# ct install --upgrade --config ./default.ct.yaml --helm-extra-args "--timeout 30m"
# if: ${{ contains(github.event.pull_request.labels.*.name, 'next-release') }}

- name: Run chart-testing (install all charts when required)
run: ct install --config ./default.ct.yaml --helm-extra-args "--timeout 30m" --all
Expand Down
14 changes: 9 additions & 5 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -219,6 +219,8 @@ install-minio: install-ingress
--timeout $(TIMEOUT) \
--set auth.rootUser=lagoonFilesAccessKey,auth.rootPassword=lagoonFilesSecretKey \
--set defaultBuckets='lagoon-files\,restores' \
--set ingress.enabled=true \
--set ingress.hostname=minio.$$($(KUBECTL) -n ingress-nginx get services ingress-nginx-controller -o jsonpath='{.status.loadBalancer.ingress[0].ip}').nip.io \
--version=13.6.2 \
minio \
bitnami/minio
Expand Down Expand Up @@ -255,11 +257,13 @@ install-lagoon-core: install-minio
--set keycloak.image.repository=$(IMAGE_REGISTRY)/keycloak \
--set keycloakDB.image.repository=$(IMAGE_REGISTRY)/keycloak-db \
--set logs2notifications.image.repository=$(IMAGE_REGISTRY)/logs2notifications \
--set logs2notifications.email.disabled=true \
--set logs2notifications.microsoftteams.disabled=true \
--set logs2notifications.rocketchat.disabled=true \
--set logs2notifications.slack.disabled=true \
--set logs2notifications.webhooks.disabled=true \
--set logs2notifications.additionalEnvs.EMAIL_HOST="mailpit-smtp.mailpit.svc" \
--set logs2notifications.additionalEnvs.EMAIL_PORT="25" \
--set logs2notifications.logs2email.disabled=false \
--set logs2notifications.logs2microsoftteams.disabled=true \
--set logs2notifications.logs2rocketchat.disabled=true \
--set logs2notifications.logs2slack.disabled=true \
--set logs2notifications.logs2webhooks.disabled=true \
--set ssh.image.repository=$(IMAGE_REGISTRY)/ssh \
--set webhookHandler.image.repository=$(IMAGE_REGISTRY)/webhook-handler \
--set webhooks2tasks.image.repository=$(IMAGE_REGISTRY)/webhooks2tasks \
Expand Down
6 changes: 3 additions & 3 deletions charts/lagoon-core/Chart.lock
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
dependencies:
- name: nats
repository: https://nats-io.github.io/k8s/helm/charts/
version: 0.19.17
digest: sha256:9c58fc4ddeec7b86f5ef2cf1996a48a7e09d9bd4aa149971e2525a6f05649bf8
generated: "2023-07-28T09:49:46.220986689+08:00"
version: 1.2.6
digest: sha256:24c6920de2d5cbfef7fc8299fbd64000db7f8627bbaf306d917496394f349d3b
generated: "2024-10-25T11:54:08.923100292+11:00"
27 changes: 11 additions & 16 deletions charts/lagoon-core/Chart.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -21,17 +21,17 @@ type: application
# time you make changes to the chart and its templates, including the app
# version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 1.48.0
version: 1.49.0

# This is the version number of the application being deployed. This version
# number should be incremented each time you make changes to the application.
# Versions are not expected to follow Semantic Versioning. They should reflect
# the version the application is using.
appVersion: v2.21.0
appVersion: v2.22.0

dependencies:
- name: nats
version: ~0.19.0
version: ~1.2.0
repository: https://nats-io.github.io/k8s/helm/charts/
condition: nats.enabled

Expand All @@ -41,21 +41,16 @@ dependencies:
annotations:
artifacthub.io/changes: |
- kind: changed
description: update Lagoon appVersion to v2.21.0
description: update lagoon AppVersion to v2.22.0
links:
- name: lagoon-core v2.21.0 release
url: https://github.com/uselagoon/lagoon/releases/tag/v2.21.0
- name: lagoon releases
url: https://github.com/uselagoon/lagoon/releases/tag/v2.22.0
- kind: changed
description: update insights-handler to v0.0.6
description: update ssh-portal-api and ssh-token to v0.41.3
links:
- name: insights-remote v0.0.6 release
url: https://github.com/uselagoon/insights-handler/releases/tag/v0.0.6
- name: lagoon-ssh-portal releases
url: https://github.com/uselagoon/lagoon-ssh-portal/releases
- kind: changed
description: update ssh-portal and ssh-token to v0.37.2
links:
- name: ssh-portal v0.37.2 release
url: https://github.com/uselagoon/lagoon-ssh-portal/releases/tag/v0.37.2
- kind: changed
description: add broker-flag-enable pre-upgrade job
description: update NATS chart dependency to v1.2.x
- kind: changed
description: add KEYCLOAK_FRONTEND_URL variable to api deployment
description: add KEYCLOAK_LAGOON_UI_OIDC_CLIENT_SECRET variable to keycloak and ui deployment
11 changes: 6 additions & 5 deletions charts/lagoon-core/ci/linter-values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -267,9 +267,10 @@ workflows:
# enable nats cluster (and optionally natsbox debugger)
nats:
enabled: true
cluster:
name: lagoon-core-ci-example
# natsbox:
config:
cluster:
name: lagoon-core-ci-example
# natsBox:
# enabled: true
# # additional labels are required due to the network policy
# additionalLabels:
Expand Down Expand Up @@ -297,7 +298,7 @@ natsConfig:
iYmI+nuDxvSE7s/u5hhmh+wCIQDXoxiQvQuokI06j6W1K5UgR6h9dUoKeTFQIqXp
uKPLhg==
-----END CERTIFICATE-----
server.crt: |
tls.crt: |
-----BEGIN CERTIFICATE-----
MIICGDCCAb6gAwIBAgIUJC6a9n2zJYl7nOZ2AutYhyjVmQswCgYIKoZIzj0EAwIw
HjEcMBoGA1UEAxMTbmF0cy1jYS5leGFtcGxlLmNvbTAeFw0yNDA0MTUwNDA4MDBa
Expand All @@ -312,7 +313,7 @@ natsConfig:
CaKsntUSiMDTZSYvEtLb+ZxOn71RnDYP4JUCIG6TZVFfMiYPZ0gGLMRMf666E3bB
0U5vgRqQhghJPbpM
-----END CERTIFICATE-----
server.key: |
tls.key: |
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEIBqSIJXbR9H4WChftIW2QwJmGD+5QjlfwBCkspRBcsSHoAoGCCqGSM49
AwEHoUQDQgAENf2wtlM9sSu330UXgZTkAOZBRkH2V6YZG7rB/7pTtO0yKQmIfr+l
Expand Down
5 changes: 3 additions & 2 deletions charts/lagoon-core/templates/_helpers.tpl
Original file line number Diff line number Diff line change
Expand Up @@ -622,10 +622,11 @@ app.kubernetes.io/instance: {{ .Release.Name }}


{{/*
Create a default fully qualified app name for the nats subchart.
Create a definition that matches the fully qualified app name for the nats
subchart.
*/}}
{{- define "lagoon-core.nats.fullname" -}}
{{- include "lagoon-core.fullname" . }}-nats
{{- include "lagoon-core.fullname" . }}-{{ .Values.nats.nameOverride | default "nats" }}
{{- end }}


Expand Down
2 changes: 2 additions & 0 deletions charts/lagoon-core/templates/keycloak.secret.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ This somewhat complex logic is intended to:
{{- $keycloakAPIClientSecret := coalesce .Values.keycloakAPIClientSecret (ternary uuidv4 (index $data "KEYCLOAK_API_CLIENT_SECRET" | default "" | b64dec) (index $data "KEYCLOAK_API_CLIENT_SECRET" | empty)) }}
{{- $keycloakAuthServerClientSecret := coalesce .Values.keycloakAuthServerClientSecret (ternary uuidv4 (index $data "KEYCLOAK_AUTH_SERVER_CLIENT_SECRET" | default "" | b64dec) (index $data "KEYCLOAK_AUTH_SERVER_CLIENT_SECRET" | empty)) }}
{{- $keycloakServiceAPIClientSecret := coalesce .Values.keycloakServiceAPIClientSecret (ternary uuidv4 (index $data "KEYCLOAK_SERVICE_API_CLIENT_SECRET" | default "" | b64dec) (index $data "KEYCLOAK_SERVICE_API_CLIENT_SECRET" | empty)) }}
{{- $keycloakLagoonUIOIDCClientSecret := coalesce .Values.keycloakLagoonUIOIDCClientSecret (ternary uuidv4 (index $data "KEYCLOAK_LAGOON_UI_OIDC_CLIENT_SECRET" | default "" | b64dec) (index $data "KEYCLOAK_LAGOON_UI_OIDC_CLIENT_SECRET" | empty)) }}
{{- $keycloakLagoonOpensearchSyncClientSecret := coalesce .Values.keycloakLagoonOpensearchSyncClientSecret (ternary uuidv4 (index $data "KEYCLOAK_LAGOON_OPENSEARCH_SYNC_CLIENT_SECRET" | default "" | b64dec) (index $data "KEYCLOAK_LAGOON_OPENSEARCH_SYNC_CLIENT_SECRET" | empty)) }}
{{- $keycloakLagoonAdminPassword := coalesce .Values.keycloakLagoonAdminPassword (ternary (randAlpha 32) (index $data "KEYCLOAK_LAGOON_ADMIN_PASSWORD" | default "" | b64dec) (index $data "KEYCLOAK_LAGOON_ADMIN_PASSWORD" | empty)) }}
{{/* set the variable globally for access in NOTES */}}
Expand All @@ -27,5 +28,6 @@ stringData:
KEYCLOAK_API_CLIENT_SECRET: {{ $keycloakAPIClientSecret }}
KEYCLOAK_AUTH_SERVER_CLIENT_SECRET: {{ $keycloakAuthServerClientSecret | quote }}
KEYCLOAK_SERVICE_API_CLIENT_SECRET: {{ $keycloakServiceAPIClientSecret | quote }}
KEYCLOAK_LAGOON_UI_OIDC_CLIENT_SECRET: {{ $keycloakLagoonUIOIDCClientSecret | quote }}
KEYCLOAK_LAGOON_OPENSEARCH_SYNC_CLIENT_SECRET: {{ $keycloakLagoonOpensearchSyncClientSecret | quote }}
KEYCLOAK_LAGOON_ADMIN_PASSWORD: {{ $keycloakLagoonAdminPassword | quote }}
Original file line number Diff line number Diff line change
Expand Up @@ -13,5 +13,5 @@ spec:
protocol: TCP
targetPort: 7422
selector:
app.kubernetes.io/name: nats
app.kubernetes.io/name: {{ .Values.nats.nameOverride | default "nats" | quote }}
{{- end }}
34 changes: 12 additions & 22 deletions charts/lagoon-core/templates/nats.secret.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ metadata:
labels:
{{- include "lagoon-core.labels" . | nindent 4 }}
stringData:
lagoon-core.conf: |
accounts.conf: |
accounts: {
lagoonRemote: {
LAGOON_REMOTE = {
Expand All @@ -56,26 +56,16 @@ stringData:
}
}
no_auth_user: "lagoon-core-local"
leafnodes: {
listen: "0.0.0.0:7422"
no_advertise: true
authorization: {
users: [
{{- range .Values.natsConfig.users.lagoonRemote }}
{
user: {{ .user | quote }}
password: {{ .password | quote }}
account: lagoonRemote
},
{{- end }}
]
}
tls: {
{{- if .Values.natsConfig.tls.secretData }}
ca_file: "/etc/lagoon-core-nats-tls/ca.crt"
{{- end }}
cert_file: "/etc/lagoon-core-nats-tls/server.crt"
key_file: "/etc/lagoon-core-nats-tls/server.key"
}
leafnodesAuthorization.conf: |
authorization: {
users: [
{{- range .Values.natsConfig.users.lagoonRemote }}
{
user: {{ .user | quote }}
password: {{ .password | quote }}
account: lagoonRemote
},
{{- end }}
]
}
{{- end }}
4 changes: 2 additions & 2 deletions charts/lagoon-core/templates/ssh-portal-api.deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ spec:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{ include "lagoon-core.fullname" . }}-nats-client: "true"
lagoon-core-nats-client: "true"
{{- include "lagoon-core.sshPortalAPI.selectorLabels" . | nindent 8 }}
spec:
securityContext:
Expand Down Expand Up @@ -61,7 +61,7 @@ spec:
name: {{ include "lagoon-core.keycloak.fullname" . }}
key: KEYCLOAK_SERVICE_API_CLIENT_SECRET
- name: NATS_URL
value: nats://{{ include "lagoon-core.fullname" . }}-nats
value: nats://{{ include "lagoon-core.nats.fullname" . }}
- name: API_DB_ADDRESS
value: {{ include "lagoon-core.apiDB.fullname" . }}
- name: API_DB_PASSWORD
Expand Down
5 changes: 5 additions & 0 deletions charts/lagoon-core/templates/ui.deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,11 @@ spec:
{{- else }}
value: http://{{ include "lagoon-core.keycloak.fullname" . }}:{{ .Values.keycloak.service.port }}/auth
{{- end }}
- name: KEYCLOAK_LAGOON_UI_OIDC_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: {{ include "lagoon-core.keycloak.fullname" . }}
key: KEYCLOAK_LAGOON_UI_OIDC_CLIENT_SECRET
- name: WEBHOOK_URL
{{- if .Values.lagoonWebhookURL }}
value: {{ .Values.lagoonWebhookURL | quote }}
Expand Down
Loading

0 comments on commit 4d4cefd

Please sign in to comment.