Skip to content

Commit

Permalink
Merge branch 'main' into dependabot/github_actions/helm/kind-action-1…
Browse files Browse the repository at this point in the history 
….11.0
  • Loading branch information
@tobybellwood
tobybellwood authored Dec 19, 2024
2 parents f348c19 + 12f8e44 commit d34e445
Show file tree
Hide file tree
Showing 16 changed files with 246 additions and 21 deletions.
6 changes: 6 additions & 0 deletions charts/lagoon-core/Chart.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,3 +42,9 @@ annotations:
artifacthub.io/changes: |
- kind: changed
description: add KEYCLOAK_ADMIN_API_CLIENT_SECRET variable to keycloak and api deployment
- kind: changed
description: update uselagoon/lagoon-ssh-portal/ssh-portal-api from v0.41.3 to v0.41.4
- kind: changed
description: update uselagoon/lagoon-ssh-portal/ssh-token from v0.41.3 to v0.41.4
- kind: changed
description: update uselagoon/lagoon-opensearch-sync from v0.8.0 to v0.8.1
6 changes: 3 additions & 3 deletions charts/lagoon-core/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -965,7 +965,7 @@ sshPortalAPI:
repository: ghcr.io/uselagoon/lagoon-ssh-portal/ssh-portal-api
pullPolicy: IfNotPresent
# Overrides the image tag whose default is the chart appVersion.
tag: "v0.41.3"
tag: "v0.41.4"

podAnnotations: {}

Expand Down Expand Up @@ -1008,7 +1008,7 @@ opensearchSync:
repository: ghcr.io/uselagoon/lagoon-opensearch-sync
pullPolicy: IfNotPresent
# Overrides the image tag whose default is the chart appVersion.
tag: "v0.8.0"
tag: "v0.8.1"

# debug logging toggle
debug: false
Expand Down Expand Up @@ -1038,7 +1038,7 @@ sshToken:
repository: ghcr.io/uselagoon/lagoon-ssh-portal/ssh-token
pullPolicy: IfNotPresent
# Overrides the image tag whose default is the chart appVersion.
tag: "v0.41.3"
tag: "v0.41.4"

podAnnotations: {}

Expand Down
8 changes: 4 additions & 4 deletions charts/lagoon-remote/Chart.lock
View file
Original file line number Diff line number Diff line change
@@ -1,12 +1,12 @@
dependencies:
- name: lagoon-build-deploy
repository: https://uselagoon.github.io/lagoon-charts/
version: 0.30.3
version: 0.31.0
- name: dbaas-operator
repository: https://amazeeio.github.io/charts/
version: 0.3.1
- name: nats
repository: https://nats-io.github.io/k8s/helm/charts/
version: 1.2.6
digest: sha256:ab9e60f2db483076396e667ae914b934d435091a6798865d39f8abce93ba353e
generated: "2024-12-10T09:55:32.7354587+11:00"
version: 1.2.8
digest: sha256:9814199e2380bbb6f3bb972a0c961b6078a22a363b9ab2b72a1817358690497c
generated: "2024-12-18T23:16:59.119513362Z"
12 changes: 11 additions & 1 deletion charts/lagoon-remote/Chart.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ version: 0.95.1

dependencies:
- name: lagoon-build-deploy
version: ~0.30.0
version: ~0.31.0
repository: https://uselagoon.github.io/lagoon-charts/
condition: lagoon-build-deploy.enabled
- name: dbaas-operator
Expand All @@ -42,3 +42,13 @@ annotations:
artifacthub.io/changes: |
- kind: changed
description: update dbaas-operator chart dependency to 0.3.1
- kind: changed
description: update build-deploy chart dependency to 0.31.0
- kind: changed
description: update NATS chart dependency to 1.2.8
- kind: added
description: daemonset to manage node sysctl changes
- kind: changed
description: update uselagoon/lagoon-ssh-portal/ssh-portal from v0.41.3 to v0.41.4
- kind: changed
description: update storage-calculator to v0.7.0 and adjust metrics endpoint
36 changes: 36 additions & 0 deletions charts/lagoon-remote/templates/_helpers.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -273,3 +273,39 @@ app.kubernetes.io/name: {{ include "lagoon-remote.name" . }}
app.kubernetes.io/component: {{ include "lagoon-remote.insightsRemote.fullname" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}


{{/*
Create the name of the service account to use for sysctlConfigure.
*/}}
{{- define "lagoon-remote.sysctlConfigure.serviceAccountName" -}}
{{- default (include "lagoon-remote.sysctlConfigure.fullname" .) .Values.sysctlConfigure.serviceAccount.name }}
{{- end }}

{{/*
Create a default fully qualified app name for sysctlConfigure.
*/}}
{{- define "lagoon-remote.sysctlConfigure.fullname" -}}
{{- include "lagoon-remote.fullname" . }}-sysctl-configure
{{- end }}

{{/*
Common labels sysctlConfigure.
*/}}
{{- define "lagoon-remote.sysctlConfigure.labels" -}}
helm.sh/chart: {{ include "lagoon-remote.chart" . }}
{{ include "lagoon-remote.sysctlConfigure.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}

{{/*
Selector labels sysctlConfigure.
*/}}
{{- define "lagoon-remote.sysctlConfigure.selectorLabels" -}}
app.kubernetes.io/name: {{ include "lagoon-remote.name" . }}
app.kubernetes.io/component: {{ include "lagoon-remote.sysctlConfigure.fullname" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
16 changes: 16 additions & 0 deletions charts/lagoon-remote/templates/storage-calculator.clusterrolebinding.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
{{- if .Values.storageCalculator.enabled -}}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ include "lagoon-remote.storageCalculator.fullname" . }}
labels:
{{- include "lagoon-remote.storageCalculator.labels" . | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ include "lagoon-remote.storageCalculator.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ include "lagoon-remote.storageCalculator.serviceAccountName" . }}
namespace: {{ .Release.Namespace | quote }}
{{- end }}
7 changes: 4 additions & 3 deletions charts/lagoon-remote/templates/storage-calculator.deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,14 +35,15 @@ spec:
command:
- /manager
args:
- "--metrics-bind-address=0.0.0.0:8080"
- "--metrics-bind-address=:8443"
- "--leader-elect=true"
- "--prometheus-metrics=true"
{{- with .Values.storageCalculator.extraArgs }}
{{- toYaml . | nindent 8 }}
{{- end }}
ports:
- name: metrics
containerPort: 8080
- containerPort: 8443
name: https
env:
{{- range $name, $value := .Values.storageCalculator.extraEnvs }}
- name: {{ .name }}
Expand Down
40 changes: 40 additions & 0 deletions charts/lagoon-remote/templates/storage-calculator.role.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
{{- if .Values.storageCalculator.enabled -}}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ include "lagoon-remote.storageCalculator.fullname" . }}-leader-election
labels:
{{- include "lagoon-remote.storageCalculator.labels" . | nindent 4 }}
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
{{- end }}
8 changes: 4 additions & 4 deletions charts/lagoon-remote/templates/storage-calculator.rolebinding.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,14 +1,14 @@
{{- if .Values.storageCalculator.enabled -}}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
kind: RoleBinding
metadata:
name: {{ include "lagoon-remote.storageCalculator.fullname" . }}
name: {{ include "lagoon-remote.storageCalculator.fullname" . }}-leader-election
labels:
{{- include "lagoon-remote.storageCalculator.labels" . | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ include "lagoon-remote.storageCalculator.fullname" . }}
kind: Role
name: {{ include "lagoon-remote.storageCalculator.fullname" . }}-leader-election
subjects:
- kind: ServiceAccount
name: {{ include "lagoon-remote.storageCalculator.serviceAccountName" . }}
Expand Down
5 changes: 3 additions & 2 deletions charts/lagoon-remote/templates/storage-calculator.service.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,8 +10,9 @@ spec:
type: {{ .Values.storageCalculator.metricsService.type }}
ports:
- port: {{ .Values.storageCalculator.metricsService.ports.metrics }}
targetPort: metrics
name: metrics
targetPort: https
protocol: TCP
name: https
selector:
{{- include "lagoon-remote.storageCalculator.selectorLabels" . | nindent 4 }}
{{- end }}
2 changes: 1 addition & 1 deletion charts/lagoon-remote/templates/storage-calculator.servicemonitor.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ metadata:
{{- include "lagoon-remote.storageCalculator.labels" . | nindent 4 }}
spec:
endpoints:
- port: metrics
- port: https
namespaceSelector:
matchNames:
- {{ .Release.Namespace }}
Expand Down
16 changes: 16 additions & 0 deletions charts/lagoon-remote/templates/sysctl-configure.clusterrole.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
{{- if .Values.sysctlConfigure.enabled -}}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ include "lagoon-remote.sysctlConfigure.fullname" . }}
labels:
{{- include "lagoon-remote.sysctlConfigure.labels" . | nindent 4 }}
rules:
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- patch
{{- end }}
16 changes: 16 additions & 0 deletions charts/lagoon-remote/templates/sysctl-configure.clusterrolebinding.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
{{- if .Values.sysctlConfigure.enabled -}}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ include "lagoon-remote.sysctlConfigure.fullname" . }}
labels:
{{- include "lagoon-remote.sysctlConfigure.labels" . | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ include "lagoon-remote.sysctlConfigure.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ include "lagoon-remote.sysctlConfigure.serviceAccountName" . }}
namespace: {{ .Release.Namespace | quote }}
{{- end }}
53 changes: 53 additions & 0 deletions charts/lagoon-remote/templates/sysctl-configure.daemonset.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
{{- if .Values.sysctlConfigure.enabled -}}
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: {{ include "lagoon-remote.sysctlConfigure.fullname" . }}
labels:
{{- include "lagoon-remote.sysctlConfigure.labels" . | nindent 4 }}
spec:
selector:
matchLabels:
{{- include "lagoon-remote.sysctlConfigure.selectorLabels" . | nindent 6 }}
template:
metadata:
name: {{ include "lagoon-remote.sysctlConfigure.fullname" . }}
labels:
{{- include "lagoon-remote.sysctlConfigure.selectorLabels" . | nindent 8 }}
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: k8s.lagoon.sh/sysctl-configured
operator: DoesNotExist
serviceAccount: {{ include "lagoon-remote.sysctlConfigure.serviceAccountName" . }}
containers:
- name: sysctl
image: "{{ .Values.sysctlConfigure.image.repository }}:{{ .Values.sysctlConfigure.image.tag | default .Chart.AppVersion}}"
imagePullPolicy: {{ .Values.sysctlConfigure.image.pullPolicy }}
command:
env:
- name: THIS_NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
command:
- sh
- -c
- |
set -xe
{{- $index := 0 }}
{{- range $sys, $value := .Values.sysctlConfigure.sysctl }}
CURRENT{{ $index }}=$(sysctl -n {{ $sys }})
if [ "{{ $value }}" -gt "$CURRENT{{ $index }}" ]; then
sysctl -w {{ $sys }}={{ $value }}
fi
{{- $index = add $index 1 }}
{{- end }}
kubectl label node "$THIS_NODE_NAME" k8s.lagoon.sh/sysctl-configured=$(date +%s)
securityContext:
runAsUser: 0
privileged: true
{{- end }}
8 changes: 8 additions & 0 deletions charts/lagoon-remote/templates/sysctl-configure.serviceaccount.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
{{- if .Values.sysctlConfigure.enabled -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "lagoon-remote.sysctlConfigure.serviceAccountName" . }}
labels:
{{- include "lagoon-remote.sysctlConfigure.labels" . | nindent 4 }}
{{- end }}
28 changes: 25 additions & 3 deletions charts/lagoon-remote/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -126,7 +126,7 @@ sshPortal:
repository: ghcr.io/uselagoon/lagoon-ssh-portal/ssh-portal
pullPolicy: IfNotPresent
# Overrides the image tag whose default is the chart appVersion.
tag: "v0.41.3"
tag: "v0.41.4"

service:
type: LoadBalancer
Expand Down Expand Up @@ -439,7 +439,7 @@ storageCalculator:
metricsService:
type: ClusterIP
ports:
metrics: 9912
metrics: 8443

serviceMonitor:
enabled: true
Expand All @@ -448,4 +448,26 @@ storageCalculator:
repository: uselagoon/remote-calculator
pullPolicy: IfNotPresent
# Overrides the image tag whose default is the chart appVersion.
tag: v0.6.0
tag: v0.7.0

# sysctlConfigure is used to configure sysctl options on nodes for use by elasticsearch/opensearch pods used in lagoon
# https://github.com/uselagoon/lagoon/issues/2588
# the elasticsearch/opensearch templates in the `build-deploy-tool` currently run a privileged init container
# https://github.com/uselagoon/build-deploy-tool/blob/d2508efa74871cabe4c477e44bbe87e339d99f5d/internal/servicetypes/opensearch.go#L75-L96
# which will be removed in a future release
sysctlConfigure:
enabled: false
serviceAccount:
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname
# template
name:

# this is only used for the max_map_count, but could support more
sysctl:
vm.max_map_count: 262144

image:
repository: alpine/k8s
pullPolicy: IfNotPresent
tag: 1.25.3

0 comments on commit d34e445

Please sign in to comment.