From dbd2e200b32c58244cbcd43c5c2933470f21e654 Mon Sep 17 00:00:00 2001 From: shreddedbacon Date: Tue, 1 Aug 2023 11:17:36 +1000 Subject: [PATCH 01/17] feat: add additional keycloak options --- charts/lagoon-core/Chart.yaml | 10 ++----- charts/lagoon-core/ci/linter-values.yaml | 17 +++++++++++ .../templates/keycloak.configmap.yaml | 24 ++++++++++++++++ .../templates/keycloak.deployment.yaml | 28 +++++++++++++++++++ charts/lagoon-core/values.yaml | 25 +++++++++++++++++ 5 files changed, 96 insertions(+), 8 deletions(-) create mode 100644 charts/lagoon-core/templates/keycloak.configmap.yaml diff --git a/charts/lagoon-core/Chart.yaml b/charts/lagoon-core/Chart.yaml index 81aca95b..9865d5e6 100644 --- a/charts/lagoon-core/Chart.yaml +++ b/charts/lagoon-core/Chart.yaml @@ -21,7 +21,7 @@ type: application # time you make changes to the chart and its templates, including the app # version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 1.36.0 +version: 1.36.1 # This is the version number of the application being deployed. This version # number should be incremented each time you make changes to the application. @@ -41,10 +41,4 @@ dependencies: annotations: artifacthub.io/changes: | - kind: changed - description: add additional metrics to broker - - kind: changed - description: update lagoon-ssh-token and lagoon-ssh-portal-api to v0.30.1 - - kind: changed - description: update NATS chart dependency to v0.19.17 - - kind: changed - description: update Lagoon appVersion to v2.15.4 + description: add additional keycloak configuration options diff --git a/charts/lagoon-core/ci/linter-values.yaml b/charts/lagoon-core/ci/linter-values.yaml index 1c42e096..e9a38d7f 100644 --- a/charts/lagoon-core/ci/linter-values.yaml +++ b/charts/lagoon-core/ci/linter-values.yaml @@ -23,6 +23,8 @@ defaultIngressClassName: nginx lagoonAPIURL: https://api.example.com/graphql keycloakAPIURL: https://keycloak.example.com/auth +keycloakAdminEmail: admin@example.com + api: replicaCount: 1 image: @@ -53,6 +55,21 @@ actionsHandler: repository: uselagoon/actions-handler keycloak: + realmSettings: + enabled: true + realmSettings: + resetPasswordAllowed: true + rememberMe: true + email: + enabled: true + smtpServer: + envelopeFrom: lagoon@example.com + from: lagoon@example.com + fromDisplayName: Lagoon + host: mailhog + port: '1025' + replyTo: lagoon@example.com + replyToDisplayName: Lagoon No-Reply image: repository: uselagoon/keycloak resources: diff --git a/charts/lagoon-core/templates/keycloak.configmap.yaml b/charts/lagoon-core/templates/keycloak.configmap.yaml new file mode 100644 index 00000000..87d12c99 --- /dev/null +++ b/charts/lagoon-core/templates/keycloak.configmap.yaml @@ -0,0 +1,24 @@ +{{- if .Values.keycloak.email.enabled -}} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "lagoon-core.keycloak.fullname" . }}-smtp-settings + labels: + {{- include "lagoon-core.keycloak.labels" . | nindent 4 }} +data: + keycloak-smtp-settings.json: | + {"smtpServer":{{ .Values.keycloak.email.settings | toJson }}} +{{ end -}} +{{- if .Values.keycloak.realmSettings.enabled -}} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "lagoon-core.keycloak.fullname" . }}-realm-settings + labels: + {{- include "lagoon-core.keycloak.labels" . | nindent 4 }} +data: + keycloak-realm-settings.json: | + {{ .Values.keycloak.realmSettings.options | toJson }} +{{ end -}} \ No newline at end of file diff --git a/charts/lagoon-core/templates/keycloak.deployment.yaml b/charts/lagoon-core/templates/keycloak.deployment.yaml index ab2ed50c..6692842a 100644 --- a/charts/lagoon-core/templates/keycloak.deployment.yaml +++ b/charts/lagoon-core/templates/keycloak.deployment.yaml @@ -41,6 +41,10 @@ spec: value: {{ include "lagoon-core.keycloakDB.fullname" . }} - name: KEYCLOAK_ADMIN_USER value: {{ .Values.keycloakAdminUser | quote }} + {{- with .Values.keycloakAdminEmail }} + - name: KEYCLOAK_ADMIN_EMAIL + value: {{ . | quote }} + {{- end }} {{- range $key, $val := .Values.keycloak.additionalEnvs }} - name: {{ $key }} value: {{ $val | quote }} @@ -67,6 +71,17 @@ spec: - /tmp/keycloak-config-complete failureThreshold: 90 periodSeconds: 20 + volumeMounts: + {{- if .Values.keycloak.email.enabled }} + - mountPath: /lagoon/keycloak/keycloak-smtp-settings.json + name: {{ include "lagoon-core.keycloak.fullname" . }}-smtp-settings + subPath: keycloak-smtp-settings.json + {{- end }} + {{- if .Values.keycloak.realmSettings.enabled }} + - mountPath: /lagoon/keycloak/keycloak-realm-settings.json + name: {{ include "lagoon-core.keycloak.fullname" . }}-realm-settings + subPath: keycloak-realm-settings.json + {{- end }} resources: {{- toYaml .Values.keycloak.resources | nindent 10 }} {{- with .Values.keycloak.nodeSelector }} @@ -81,3 +96,16 @@ spec: tolerations: {{- toYaml . | nindent 8 }} {{- end }} + volumes: + {{- if .Values.keycloak.email.enabled }} + - configMap: + defaultMode: 420 + name: {{ include "lagoon-core.keycloak.fullname" . }}-smtp-settings + name: {{ include "lagoon-core.keycloak.fullname" . }}-smtp-settings + {{- end }} + {{- if .Values.keycloak.realmSettings.enabled }} + - configMap: + defaultMode: 420 + name: {{ include "lagoon-core.keycloak.fullname" . }}-realm-settings + name: {{ include "lagoon-core.keycloak.fullname" . }}-realm-settings + {{- end }} diff --git a/charts/lagoon-core/values.yaml b/charts/lagoon-core/values.yaml index 5850b605..b6d08f08 100644 --- a/charts/lagoon-core/values.yaml +++ b/charts/lagoon-core/values.yaml @@ -60,6 +60,8 @@ rabbitMQUsername: lagoon k8upS3Endpoint: "" keycloakAdminUser: admin +# this is required if email sending is to be enabled in keycloak +# keycloakAdminEmail: admin@example.com buildDeployImage: edge: @@ -207,6 +209,29 @@ apiRedis: port: 6379 keycloak: + # keycloak realm and email settings configuration + realmSettings: + enabled: false + # the full list of config settings is available TODO + options: + resetPasswordAllowed: true + rememberMe: true + email: + enabled: false + settings: + envelopeFrom: lagoon@example.com + from: lagoon@example.com + fromDisplayName: Lagoon + host: mailhog + port: '1025' + replyTo: lagoon@example.com + replyToDisplayName: Lagoon No-Reply + ssl: 'false' + starttls: 'false' + auth: 'false' + user: not-used-if-auth=false + password: not-used-if-auth=false + replicaCount: 1 image: repository: uselagoon/keycloak From a3c0b3e22dad93f7a0c4a2752d2a36ae05db1215 Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Fri, 4 Aug 2023 09:54:36 +1000 Subject: [PATCH 02/17] chore: update keycloak json defaults --- charts/lagoon-core/Chart.yaml | 2 +- charts/lagoon-core/ci/linter-values.yaml | 12 ++++++------ charts/lagoon-core/values.yaml | 8 ++------ 3 files changed, 9 insertions(+), 13 deletions(-) diff --git a/charts/lagoon-core/Chart.yaml b/charts/lagoon-core/Chart.yaml index 9865d5e6..5a06e1bb 100644 --- a/charts/lagoon-core/Chart.yaml +++ b/charts/lagoon-core/Chart.yaml @@ -21,7 +21,7 @@ type: application # time you make changes to the chart and its templates, including the app # version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 1.36.1 +version: 1.37.0 # This is the version number of the application being deployed. This version # number should be incremented each time you make changes to the application. diff --git a/charts/lagoon-core/ci/linter-values.yaml b/charts/lagoon-core/ci/linter-values.yaml index e9a38d7f..d390a2f0 100644 --- a/charts/lagoon-core/ci/linter-values.yaml +++ b/charts/lagoon-core/ci/linter-values.yaml @@ -57,19 +57,19 @@ actionsHandler: keycloak: realmSettings: enabled: true - realmSettings: + options: resetPasswordAllowed: true rememberMe: true email: enabled: true - smtpServer: - envelopeFrom: lagoon@example.com - from: lagoon@example.com - fromDisplayName: Lagoon + settings: host: mailhog port: '1025' - replyTo: lagoon@example.com + fromDisplayName: Lagoon + from: lagoon@example.com replyToDisplayName: Lagoon No-Reply + replyTo: lagoon@example.com + envelopeFrom: lagoon@example.com image: repository: uselagoon/keycloak resources: diff --git a/charts/lagoon-core/values.yaml b/charts/lagoon-core/values.yaml index b6d08f08..62d5a9ab 100644 --- a/charts/lagoon-core/values.yaml +++ b/charts/lagoon-core/values.yaml @@ -219,18 +219,14 @@ keycloak: email: enabled: false settings: - envelopeFrom: lagoon@example.com - from: lagoon@example.com - fromDisplayName: Lagoon host: mailhog port: '1025' + from: lagoon@example.com + fromDisplayName: Lagoon replyTo: lagoon@example.com - replyToDisplayName: Lagoon No-Reply ssl: 'false' starttls: 'false' auth: 'false' - user: not-used-if-auth=false - password: not-used-if-auth=false replicaCount: 1 image: From e3f232579e25647bda82be626e38f5bc550f8887 Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Wed, 9 Aug 2023 17:30:08 +1000 Subject: [PATCH 03/17] chore: add redis persistent for api-redis --- .../templates/api-redis.deployment.yaml | 16 ++++++++++++++++ charts/lagoon-core/templates/api-redis.pvc.yaml | 15 +++++++++++++++ charts/lagoon-core/values.yaml | 5 ++++- 3 files changed, 35 insertions(+), 1 deletion(-) create mode 100644 charts/lagoon-core/templates/api-redis.pvc.yaml diff --git a/charts/lagoon-core/templates/api-redis.deployment.yaml b/charts/lagoon-core/templates/api-redis.deployment.yaml index 5d618590..aa39d2e7 100644 --- a/charts/lagoon-core/templates/api-redis.deployment.yaml +++ b/charts/lagoon-core/templates/api-redis.deployment.yaml @@ -43,6 +43,9 @@ spec: ports: - name: redis containerPort: 6379 + volumeMounts: + - name: {{ include "lagoon-core.apiRedis.fullname" . }}-data + mountPath: /data livenessProbe: tcpSocket: port: redis @@ -51,6 +54,10 @@ spec: port: redis resources: {{- toYaml .Values.apiRedis.resources | nindent 10 }} + volumes: + - name: {{ include "lagoon-core.apiRedis.fullname" . }}-data + persistentVolumeClaim: + claimName: {{ include "lagoon-core.apiRedis.fullname" . }}-data {{- with .Values.apiRedis.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} @@ -63,3 +70,12 @@ spec: tolerations: {{- toYaml . | nindent 8 }} {{- end }} + volumeClaimTemplates: + - metadata: + name: {{ include "lagoon-core.apiRedis.fullname" . }}-data + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: {{ .Values.apiRedis.storageSize | quote }} diff --git a/charts/lagoon-core/templates/api-redis.pvc.yaml b/charts/lagoon-core/templates/api-redis.pvc.yaml new file mode 100644 index 00000000..a12b36c0 --- /dev/null +++ b/charts/lagoon-core/templates/api-redis.pvc.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ include "lagoon-core.apiRedis.fullname" . }}-data + labels: + {{- include "lagoon-core.apiRedis.labels" . | nindent 4 }} +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: {{ .Values.apiRedis.storage.size | quote }} + {{- with .Values.apiRedis.storage.className }} + storageClassName: {{ . | quote }} + {{- end }} diff --git a/charts/lagoon-core/values.yaml b/charts/lagoon-core/values.yaml index 62d5a9ab..6be135e3 100644 --- a/charts/lagoon-core/values.yaml +++ b/charts/lagoon-core/values.yaml @@ -202,7 +202,10 @@ apiRedis: cpu: "50m" additionalEnvs: - # FOO: Bar + FLAVOR: persistent + + storage: + size: 8Gi service: type: ClusterIP From be52f6541a9d6f088ad98e3bbbdbb7eb20f6024d Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Wed, 9 Aug 2023 18:19:50 +1000 Subject: [PATCH 04/17] chore: make api-redis persistence configurable --- charts/lagoon-core/templates/api-redis.deployment.yaml | 10 ++++++++++ charts/lagoon-core/templates/api-redis.pvc.yaml | 6 ++++-- charts/lagoon-core/values.yaml | 6 ++---- 3 files changed, 16 insertions(+), 6 deletions(-) diff --git a/charts/lagoon-core/templates/api-redis.deployment.yaml b/charts/lagoon-core/templates/api-redis.deployment.yaml index aa39d2e7..3865f746 100644 --- a/charts/lagoon-core/templates/api-redis.deployment.yaml +++ b/charts/lagoon-core/templates/api-redis.deployment.yaml @@ -36,6 +36,10 @@ spec: secretKeyRef: name: {{ include "lagoon-core.api.fullname" . }} key: REDIS_PASSWORD + {{- if .Values.apiRedis.persistence.enabled }} + - name: FLAVOR + value: persistent + {{- end }} {{- range $key, $val := .Values.apiRedis.additionalEnvs }} - name: {{ $key }} value: {{ $val | quote }} @@ -43,9 +47,11 @@ spec: ports: - name: redis containerPort: 6379 + {{- if .Values.apiRedis.persistence.enabled }} volumeMounts: - name: {{ include "lagoon-core.apiRedis.fullname" . }}-data mountPath: /data + {{- end }} livenessProbe: tcpSocket: port: redis @@ -54,10 +60,12 @@ spec: port: redis resources: {{- toYaml .Values.apiRedis.resources | nindent 10 }} + {{- if .Values.apiRedis.persistence.enabled }} volumes: - name: {{ include "lagoon-core.apiRedis.fullname" . }}-data persistentVolumeClaim: claimName: {{ include "lagoon-core.apiRedis.fullname" . }}-data + {{- end }} {{- with .Values.apiRedis.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} @@ -70,6 +78,7 @@ spec: tolerations: {{- toYaml . | nindent 8 }} {{- end }} + {{- if .Values.apiRedis.persistence.enabled }} volumeClaimTemplates: - metadata: name: {{ include "lagoon-core.apiRedis.fullname" . }}-data @@ -79,3 +88,4 @@ spec: resources: requests: storage: {{ .Values.apiRedis.storageSize | quote }} + {{- end }} diff --git a/charts/lagoon-core/templates/api-redis.pvc.yaml b/charts/lagoon-core/templates/api-redis.pvc.yaml index a12b36c0..1952d882 100644 --- a/charts/lagoon-core/templates/api-redis.pvc.yaml +++ b/charts/lagoon-core/templates/api-redis.pvc.yaml @@ -1,3 +1,4 @@ +{{- if .Values.apiRedis.persistence.enabled -}} apiVersion: v1 kind: PersistentVolumeClaim metadata: @@ -9,7 +10,8 @@ spec: - ReadWriteOnce resources: requests: - storage: {{ .Values.apiRedis.storage.size | quote }} - {{- with .Values.apiRedis.storage.className }} + storage: {{ .Values.apiRedis.persistence.size | quote }} + {{- with .Values.apiRedis.persistence.className }} storageClassName: {{ . | quote }} {{- end }} +{{- end }} diff --git a/charts/lagoon-core/values.yaml b/charts/lagoon-core/values.yaml index 6be135e3..571f5b78 100644 --- a/charts/lagoon-core/values.yaml +++ b/charts/lagoon-core/values.yaml @@ -201,10 +201,8 @@ apiRedis: memory: "64Mi" cpu: "50m" - additionalEnvs: - FLAVOR: persistent - - storage: + persistence: + enabled: true size: 8Gi service: From 00dfff0723cacad937f4e1f85d2369b5b18492c3 Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Thu, 10 Aug 2023 14:42:42 +1000 Subject: [PATCH 05/17] chore: replace keycloakAPIURL with keycloakFrontEndURL --- charts/lagoon-core/Chart.yaml | 2 ++ charts/lagoon-core/README.md | 2 +- charts/lagoon-core/ci/linter-values.yaml | 4 +++- charts/lagoon-core/templates/api.deployment.yaml | 6 ++++++ charts/lagoon-core/templates/keycloak.deployment.yaml | 8 ++++++++ .../lagoon-core/templates/opensearch-sync.deployment.yaml | 6 ++++++ .../lagoon-core/templates/ssh-portal-api.deployment.yaml | 6 ++++++ charts/lagoon-core/templates/ui.deployment.yaml | 8 +++++--- charts/lagoon-core/values.yaml | 2 +- 9 files changed, 38 insertions(+), 6 deletions(-) diff --git a/charts/lagoon-core/Chart.yaml b/charts/lagoon-core/Chart.yaml index 5a06e1bb..a39e7566 100644 --- a/charts/lagoon-core/Chart.yaml +++ b/charts/lagoon-core/Chart.yaml @@ -42,3 +42,5 @@ annotations: artifacthub.io/changes: | - kind: changed description: add additional keycloak configuration options + - kind: changed + description: replace keycloakAPIURL with keycloakFrontEndURL diff --git a/charts/lagoon-core/README.md b/charts/lagoon-core/README.md index eb0451b2..672eefe0 100644 --- a/charts/lagoon-core/README.md +++ b/charts/lagoon-core/README.md @@ -45,7 +45,7 @@ kind create cluster helm upgrade --install --create-namespace --namespace lagoon-core \ --values ./charts/lagoon-core/ci/linter-values.yaml \ --set lagoonAPIURL=http://localhost:7070/graphql \ - --set keycloakAPIURL=http://localhost:8080/auth \ + --set keycloakFrontEndURL=http://localhost:8080 \ lagoon-core \ ./charts/lagoon-core diff --git a/charts/lagoon-core/ci/linter-values.yaml b/charts/lagoon-core/ci/linter-values.yaml index d390a2f0..dc10b53f 100644 --- a/charts/lagoon-core/ci/linter-values.yaml +++ b/charts/lagoon-core/ci/linter-values.yaml @@ -21,7 +21,7 @@ defaultIngressClassName: nginx # used in ui lagoonAPIURL: https://api.example.com/graphql -keycloakAPIURL: https://keycloak.example.com/auth +keycloakFrontEndURL: https://keycloak.example.com keycloakAdminEmail: admin@example.com @@ -55,6 +55,8 @@ actionsHandler: repository: uselagoon/actions-handler keycloak: + keycloakFrontEndURL: https://keycloak.example.com + realmSettings: enabled: true options: diff --git a/charts/lagoon-core/templates/api.deployment.yaml b/charts/lagoon-core/templates/api.deployment.yaml index 87bfdd46..5f469bf6 100644 --- a/charts/lagoon-core/templates/api.deployment.yaml +++ b/charts/lagoon-core/templates/api.deployment.yaml @@ -92,7 +92,13 @@ spec: name: {{ include "lagoon-core.keycloak.fullname" . }} key: KEYCLOAK_API_CLIENT_SECRET - name: KEYCLOAK_URL + {{- if .Values.keycloakFrontEndURL }} + value: {{ .Values.keycloakFrontEndURL }} + {{- else if .Values.keycloak.ingress.enabled }} + value: https://{{ index .Values.keycloak.ingress.hosts 0 "host" }} + {{- else }} value: http://{{ include "lagoon-core.keycloak.fullname" . }}:{{ .Values.keycloak.service.port }} + {{- end }} - name: KIBANA_URL value: {{ required "A valid .Values.kibanaURL required!" .Values.kibanaURL | quote }} - name: LAGOON_VERSION diff --git a/charts/lagoon-core/templates/keycloak.deployment.yaml b/charts/lagoon-core/templates/keycloak.deployment.yaml index 6692842a..dd334e2a 100644 --- a/charts/lagoon-core/templates/keycloak.deployment.yaml +++ b/charts/lagoon-core/templates/keycloak.deployment.yaml @@ -41,6 +41,14 @@ spec: value: {{ include "lagoon-core.keycloakDB.fullname" . }} - name: KEYCLOAK_ADMIN_USER value: {{ .Values.keycloakAdminUser | quote }} + - name: KEYCLOAK_FRONTEND_URL + {{- if .Values.keycloakFrontEndURL }} + value: {{ .Values.keycloakFrontEndURL }}/ + {{- else if .Values.keycloak.ingress.enabled }} + value: https://{{ index .Values.keycloak.ingress.hosts 0 "host" }}/ + {{- else }} + value: http://{{ include "lagoon-core.keycloak.fullname" . }}:{{ .Values.keycloak.service.port }}/ + {{- end }} {{- with .Values.keycloakAdminEmail }} - name: KEYCLOAK_ADMIN_EMAIL value: {{ . | quote }} diff --git a/charts/lagoon-core/templates/opensearch-sync.deployment.yaml b/charts/lagoon-core/templates/opensearch-sync.deployment.yaml index 6b6e7bc6..22a29d14 100644 --- a/charts/lagoon-core/templates/opensearch-sync.deployment.yaml +++ b/charts/lagoon-core/templates/opensearch-sync.deployment.yaml @@ -45,7 +45,13 @@ spec: name: {{ include "lagoon-core.apiDB.fullname" . }} key: API_DB_PASSWORD - name: KEYCLOAK_BASE_URL + {{- if .Values.keycloakFrontEndURL }} + value: {{ .Values.keycloakFrontEndURL }}/ + {{- else if .Values.keycloak.ingress.enabled }} + value: https://{{ index .Values.keycloak.ingress.hosts 0 "host" }}/ + {{- else }} value: http://{{ include "lagoon-core.keycloak.fullname" . }}:{{ .Values.keycloak.service.port }}/ + {{- end }} - name: KEYCLOAK_CLIENT_ID value: lagoon-opensearch-sync - name: KEYCLOAK_CLIENT_SECRET diff --git a/charts/lagoon-core/templates/ssh-portal-api.deployment.yaml b/charts/lagoon-core/templates/ssh-portal-api.deployment.yaml index cd114421..f9bd5695 100644 --- a/charts/lagoon-core/templates/ssh-portal-api.deployment.yaml +++ b/charts/lagoon-core/templates/ssh-portal-api.deployment.yaml @@ -48,7 +48,13 @@ spec: value: "true" {{- end }} - name: KEYCLOAK_BASE_URL + {{- if .Values.keycloakFrontEndURL }} + value: {{ .Values.keycloakFrontEndURL }}/ + {{- else if .Values.keycloak.ingress.enabled }} + value: https://{{ index .Values.keycloak.ingress.hosts 0 "host" }}/ + {{- else }} value: http://{{ include "lagoon-core.keycloak.fullname" . }}:{{ .Values.keycloak.service.port }}/ + {{- end }} - name: KEYCLOAK_SERVICE_API_CLIENT_SECRET valueFrom: secretKeyRef: diff --git a/charts/lagoon-core/templates/ui.deployment.yaml b/charts/lagoon-core/templates/ui.deployment.yaml index c475cb67..a3e60ee5 100644 --- a/charts/lagoon-core/templates/ui.deployment.yaml +++ b/charts/lagoon-core/templates/ui.deployment.yaml @@ -45,10 +45,12 @@ spec: value: https://{{ index .Values.api.ingress.hosts 0 "host" }}/graphql {{- end }} - name: KEYCLOAK_API - {{- if .Values.keycloakAPIURL }} - value: {{ .Values.keycloakAPIURL | quote }} - {{- else }} + {{- if .Values.keycloakFrontEndURL }} + value: {{ .Values.keycloakFrontEndURL }}/auth + {{- else if .Values.keycloak.ingress.enabled }} value: https://{{ index .Values.keycloak.ingress.hosts 0 "host" }}/auth + {{- else }} + value: http://{{ include "lagoon-core.keycloak.fullname" . }}:{{ .Values.keycloak.service.port }}/auth {{- end }} - name: LAGOON_VERSION value: {{ .Chart.AppVersion | replace "-" "." }} diff --git a/charts/lagoon-core/values.yaml b/charts/lagoon-core/values.yaml index 571f5b78..14ef0d17 100644 --- a/charts/lagoon-core/values.yaml +++ b/charts/lagoon-core/values.yaml @@ -28,7 +28,7 @@ # These values may be set on install, otherwise the chart tries to guess # sensible defaults. -# keycloakAPIURL: https://keycloak.example.com/auth +# keycloakFrontEndURL: https://keycloak.example.com # lagoonAPIURL: https://api.example.com/graphql # lagoonUIURL: https://ui.example.com # lagoonWebhookURL: https://webhook-handler.example.com From b164b04c3e3d44784d78295b7dc4e5040c475e58 Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Fri, 11 Aug 2023 10:55:31 +1000 Subject: [PATCH 06/17] unset keycloak values in linter --- charts/lagoon-core/ci/linter-values.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/lagoon-core/ci/linter-values.yaml b/charts/lagoon-core/ci/linter-values.yaml index dc10b53f..7e79362a 100644 --- a/charts/lagoon-core/ci/linter-values.yaml +++ b/charts/lagoon-core/ci/linter-values.yaml @@ -20,8 +20,8 @@ lagoonWebhookURL: http://webhook:11213 defaultIngressClassName: nginx # used in ui -lagoonAPIURL: https://api.example.com/graphql -keycloakFrontEndURL: https://keycloak.example.com +# lagoonAPIURL: https://api.example.com/graphql +# keycloakFrontEndURL: https://keycloak.example.com keycloakAdminEmail: admin@example.com From 33a9e88aaad68e84b60e4f8655db8af2e550a83a Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Fri, 11 Aug 2023 12:58:43 +1000 Subject: [PATCH 07/17] fix: more keycloakFrontendURL for localdev --- Makefile | 2 +- .../lagoon-core/templates/api-redis.deployment.yaml | 11 ----------- charts/lagoon-core/templates/keycloak.deployment.yaml | 6 +++--- .../lagoon-core/templates/ssh-token.deployment.yaml | 6 ++++++ 4 files changed, 10 insertions(+), 15 deletions(-) diff --git a/Makefile b/Makefile index a7ad4e5e..5f816c15 100644 --- a/Makefile +++ b/Makefile @@ -178,7 +178,7 @@ install-lagoon-core: install-minio $$([ $(OVERRIDE_BUILD_DEPLOY_DIND_IMAGE) ] && echo '--set buildDeployImage.default.image=$(OVERRIDE_BUILD_DEPLOY_DIND_IMAGE)') \ $$([ $(DISABLE_CORE_HARBOR) ] && echo '--set api.additionalEnvs.DISABLE_CORE_HARBOR=$(DISABLE_CORE_HARBOR)') \ $$([ $(OPENSEARCH_INTEGRATION_ENABLED) ] && echo '--set api.additionalEnvs.OPENSEARCH_INTEGRATION_ENABLED=$(OPENSEARCH_INTEGRATION_ENABLED)') \ - --set "keycloakAPIURL=http://lagoon-keycloak.$$($(KUBECTL) get nodes -o jsonpath='{.items[0].status.addresses[0].address}').nip.io:32080/auth" \ + --set "keycloakFrontEndURL=http://lagoon-keycloak.$$($(KUBECTL) get nodes -o jsonpath='{.items[0].status.addresses[0].address}').nip.io:32080" \ --set "lagoonAPIURL=http://lagoon-api.$$($(KUBECTL) get nodes -o jsonpath='{.items[0].status.addresses[0].address}').nip.io:32080/graphql" \ --set actionsHandler.image.repository=$(IMAGE_REGISTRY)/actions-handler \ --set api.image.repository=$(IMAGE_REGISTRY)/api \ diff --git a/charts/lagoon-core/templates/api-redis.deployment.yaml b/charts/lagoon-core/templates/api-redis.deployment.yaml index 3865f746..20f7369f 100644 --- a/charts/lagoon-core/templates/api-redis.deployment.yaml +++ b/charts/lagoon-core/templates/api-redis.deployment.yaml @@ -78,14 +78,3 @@ spec: tolerations: {{- toYaml . | nindent 8 }} {{- end }} - {{- if .Values.apiRedis.persistence.enabled }} - volumeClaimTemplates: - - metadata: - name: {{ include "lagoon-core.apiRedis.fullname" . }}-data - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: {{ .Values.apiRedis.storageSize | quote }} - {{- end }} diff --git a/charts/lagoon-core/templates/keycloak.deployment.yaml b/charts/lagoon-core/templates/keycloak.deployment.yaml index dd334e2a..fc044c04 100644 --- a/charts/lagoon-core/templates/keycloak.deployment.yaml +++ b/charts/lagoon-core/templates/keycloak.deployment.yaml @@ -43,11 +43,11 @@ spec: value: {{ .Values.keycloakAdminUser | quote }} - name: KEYCLOAK_FRONTEND_URL {{- if .Values.keycloakFrontEndURL }} - value: {{ .Values.keycloakFrontEndURL }}/ + value: {{ .Values.keycloakFrontEndURL }}/auth {{- else if .Values.keycloak.ingress.enabled }} - value: https://{{ index .Values.keycloak.ingress.hosts 0 "host" }}/ + value: https://{{ index .Values.keycloak.ingress.hosts 0 "host" }}/auth {{- else }} - value: http://{{ include "lagoon-core.keycloak.fullname" . }}:{{ .Values.keycloak.service.port }}/ + value: http://{{ include "lagoon-core.keycloak.fullname" . }}:{{ .Values.keycloak.service.port }}/auth {{- end }} {{- with .Values.keycloakAdminEmail }} - name: KEYCLOAK_ADMIN_EMAIL diff --git a/charts/lagoon-core/templates/ssh-token.deployment.yaml b/charts/lagoon-core/templates/ssh-token.deployment.yaml index 5df4197d..1f2c0891 100644 --- a/charts/lagoon-core/templates/ssh-token.deployment.yaml +++ b/charts/lagoon-core/templates/ssh-token.deployment.yaml @@ -43,7 +43,13 @@ spec: value: "true" {{- end }} - name: KEYCLOAK_BASE_URL + {{- if .Values.keycloakFrontEndURL }} + value: {{ .Values.keycloakFrontEndURL }}/ + {{- else if .Values.keycloak.ingress.enabled }} + value: https://{{ index .Values.keycloak.ingress.hosts 0 "host" }}/ + {{- else }} value: http://{{ include "lagoon-core.keycloak.fullname" . }}:{{ .Values.keycloak.service.port }}/ + {{- end }} - name: KEYCLOAK_AUTH_SERVER_CLIENT_SECRET valueFrom: secretKeyRef: From 10f6f9731f0c950e887df803be3bf3be179eb9f3 Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Fri, 18 Aug 2023 10:30:42 +1000 Subject: [PATCH 08/17] update lagoon-remote for insights and dockerhost --- charts/lagoon-remote/Chart.yaml | 6 ++--- .../templates/docker-host.deployment.yaml | 25 +++++++++++++------ .../insights-remote.clusterrole.yaml | 23 +++++++++++------ .../templates/insights-remote.deployment.yaml | 19 ++++++++++---- .../templates/insights-remote.secrets.yaml | 16 +++++++----- .../templates/insights-remote.service.yaml | 15 +++++++++++ charts/lagoon-remote/values.yaml | 21 ++++++++++++++-- 7 files changed, 94 insertions(+), 31 deletions(-) create mode 100644 charts/lagoon-remote/templates/insights-remote.service.yaml diff --git a/charts/lagoon-remote/Chart.yaml b/charts/lagoon-remote/Chart.yaml index b46d57ef..b12ff489 100644 --- a/charts/lagoon-remote/Chart.yaml +++ b/charts/lagoon-remote/Chart.yaml @@ -19,7 +19,7 @@ type: application # This is the chart version. This version number should be incremented each # time you make changes to the chart and its templates, including the app # version. -version: 0.81.0 +version: 0.82.0 dependencies: - name: lagoon-build-deploy @@ -45,6 +45,6 @@ dependencies: annotations: artifacthub.io/changes: | - kind: changed - description: update lagoon-ssh-portal to v0.30.1 + description: Added configuration for updated Docker Host and updated version to v4.0.0 - kind: changed - description: update NATS chart dependency to v0.19.17 + description: Added new Insights Remote Service and updated version to v0.0.7 diff --git a/charts/lagoon-remote/templates/docker-host.deployment.yaml b/charts/lagoon-remote/templates/docker-host.deployment.yaml index 3510cb1b..86679251 100644 --- a/charts/lagoon-remote/templates/docker-host.deployment.yaml +++ b/charts/lagoon-remote/templates/docker-host.deployment.yaml @@ -56,18 +56,27 @@ spec: value: {{ . | quote }} {{- end }} - name: DOCKER_HOST - value: localhost + value: tcp://localhost:2375 - name: REGISTRY value: {{ .Values.dockerHost.registry | quote }} - - name: REPOSITORY_TO_UPDATE - value: {{ .Values.dockerHost.repositoryToUpdate | quote }} + - name: REGISTRY_MIRROR + value: {{ .Values.dockerHost.registryMirror | quote }} + - name: REPOSITORIES_TO_UPDATE + value: {{ join "|" .Values.dockerHost.repositoriesToUpdate | quote }} - name: PRUNE_IMAGES_UNTIL value: {{ .Values.dockerHost.pruneImagesUntil | quote }} - - name: CRONJOBS - value: | - 22 1 * * * /lagoon/cronjob.sh "/prune-images.sh" - 22 */4 * * * /lagoon/cronjob.sh "/remove-exited.sh" - */15 * * * * /lagoon/cronjob.sh "/update-images.sh" + - name: PRUNE_SCHEDULE + value: {{ .Values.dockerHost.pruneImagesSchedule | quote }} + - name: REMOVE_EXITED_SCHEDULE + value: {{ .Values.dockerHost.removeExitedSchedule | quote }} + - name: UPDATE_IMAGES_SCHEDULE + value: {{ .Values.dockerHost.updateImagesSchedule | quote }} + - name: DANGLING_FILTER + value: {{ .Values.dockerHost.danglingFilter | quote }} + {{- range $key, $val := .Values.dockerHost.additionalEnvs }} + - name: {{ $key }} + value: {{ $val | quote }} + {{- end }} ports: - containerPort: 2375 protocol: TCP diff --git a/charts/lagoon-remote/templates/insights-remote.clusterrole.yaml b/charts/lagoon-remote/templates/insights-remote.clusterrole.yaml index ddab9fff..83430ea8 100644 --- a/charts/lagoon-remote/templates/insights-remote.clusterrole.yaml +++ b/charts/lagoon-remote/templates/insights-remote.clusterrole.yaml @@ -6,10 +6,19 @@ metadata: labels: {{- include "lagoon-remote.insightsRemote.labels" . | nindent 4 }} rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - "*" - {{- end }} \ No newline at end of file + - verbs: + - '*' + apiGroups: + - '' + resources: + - configmaps + - secrets + - verbs: + - get + - watch + - list + apiGroups: + - '' + resources: + - namespaces + {{- end }} diff --git a/charts/lagoon-remote/templates/insights-remote.deployment.yaml b/charts/lagoon-remote/templates/insights-remote.deployment.yaml index e450ae32..48bf7a43 100644 --- a/charts/lagoon-remote/templates/insights-remote.deployment.yaml +++ b/charts/lagoon-remote/templates/insights-remote.deployment.yaml @@ -47,15 +47,24 @@ spec: - name: RABBITMQ_PASSWORD valueFrom: secretKeyRef: - name: {{ include "lagoon-remote.insightsRemote.fullname" . }}-rabbitmqsecret - key: password + name: {{ include "lagoon-remote.insightsRemote.fullname" . }} + key: RABBITMQ_PASSWORD - name: RABBITMQ_USERNAME valueFrom: secretKeyRef: - name: {{ include "lagoon-remote.insightsRemote.fullname" . }}-rabbitmqsecret - key: username + name: {{ include "lagoon-remote.insightsRemote.fullname" . }} + key: RABBITMQ_USERNAME + - name: INSIGHTS_TOKEN_SECRET + valueFrom: + secretKeyRef: + name: {{ include "lagoon-remote.insightsRemote.fullname" . }} + key: INSIGHTS_TOKEN_SECRET resources: {{- toYaml .Values.insightsRemote.resources | nindent 12 }} + ports: + - name: insights-ws + containerPort: 8888 + protocol: TCP {{- with .Values.insightsRemote.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} @@ -68,4 +77,4 @@ spec: tolerations: {{- toYaml . | nindent 8 }} {{- end }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/lagoon-remote/templates/insights-remote.secrets.yaml b/charts/lagoon-remote/templates/insights-remote.secrets.yaml index c018d9ce..3bef7ee8 100644 --- a/charts/lagoon-remote/templates/insights-remote.secrets.yaml +++ b/charts/lagoon-remote/templates/insights-remote.secrets.yaml @@ -1,14 +1,18 @@ {{- if .Values.insightsRemote.enabled -}} - {{- $rabbitMQUsername := coalesce .Values.global.rabbitMQUsername .Values.insightsRemote.rabbitMQUsername }} {{- $rabbitMQPassword := coalesce .Values.global.rabbitMQPassword .Values.insightsRemote.rabbitMQPassword }} +{{- $data := index (lookup "v1" "Secret" .Release.Namespace (include "lagoon-remote.insightsRemote.fullname" .)) "data" | default dict }} +{{- $insightsTokenSecret := coalesce .Values.insightsRemote.insightsTokenSecret (ternary (randAlpha 32) (index $data "INSIGHTS_TOKEN_SECRET" | default "" | b64dec) (index $data "INSIGHTS_TOKEN_SECRET" | empty)) }} + apiVersion: v1 kind: Secret metadata: - name: {{ include "lagoon-remote.insightsRemote.fullname" . }}-rabbitmqsecret -type: kubernetes.io/basic-auth + name: {{ include "lagoon-remote.insightsRemote.fullname" . }} +type: Opaque stringData: - username: {{ required "A valid rabbitMQUsername required!" $rabbitMQUsername | quote }} - password: {{ required "A valid rabbitMQPassword required!" $rabbitMQPassword | quote }} -{{- end }} \ No newline at end of file + RABBITMQ_USERNAME: {{ required "A valid rabbitMQUsername required!" $rabbitMQUsername | quote }} + RABBITMQ_PASSWORD: {{ required "A valid rabbitMQPassword required!" $rabbitMQPassword | quote }} + INSIGHTS_TOKEN_SECRET: {{ $insightsTokenSecret | quote }} + +{{- end }} diff --git a/charts/lagoon-remote/templates/insights-remote.service.yaml b/charts/lagoon-remote/templates/insights-remote.service.yaml new file mode 100644 index 00000000..01f105dd --- /dev/null +++ b/charts/lagoon-remote/templates/insights-remote.service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "lagoon-remote.insightsRemote.fullname" . }} + labels: + {{- include "lagoon-remote.insightsRemote.labels" . | nindent 4 }} +spec: + type: {{ .Values.insightsRemote.service.type }} + ports: + - port: {{ .Values.insightsRemote.service.port }} + targetPort: 8888 + protocol: TCP + name: insights-ws + selector: + {{- include "lagoon-remote.insightsRemote.selectorLabels" . | nindent 4 }} diff --git a/charts/lagoon-remote/values.yaml b/charts/lagoon-remote/values.yaml index 9b0640b1..d426aaf5 100644 --- a/charts/lagoon-remote/values.yaml +++ b/charts/lagoon-remote/values.yaml @@ -33,10 +33,23 @@ dockerHost: registry: registry.lagoon.svc:5000 - repositoryToUpdate: amazeeio|lagoon + registryMirror: "" + + # Define a regex pattern for specified images to be updated during UPDATE_IMAGES_SCHEDULE + repositoriesToUpdate: + - "amazeeio/*:*" + - "*lagoon/*:*" pruneImagesUntil: 168h + danglingFilter: true + + pruneImagesSchedule: '22 1 * * *' + + removeExitedSchedule: '22 */4 * * *' + + updateImagesSchedule: '*/15 * * * *' + replicaCount: 1 ## proxy configuration @@ -212,7 +225,7 @@ insightsRemote: repository: uselagoon/insights-remote pullPolicy: Always # Overrides the image tag whose default is the chart appVersion. - tag: "v0.0.4" + tag: "v0.0.6" imagePullSecrets: [] nameOverride: "" @@ -283,6 +296,10 @@ insightsRemote: affinity: {} + service: + type: ClusterIP + port: 80 + # the nats chart is a subchart which is configured for use by lagoon-remote nats: enabled: false From d6a0cf897b8fbd6a7e69fc19897bb427f377f670 Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Fri, 18 Aug 2023 10:31:47 +1000 Subject: [PATCH 09/17] remove trailing spaces from linter file --- charts/lagoon-core/ci/linter-values.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/charts/lagoon-core/ci/linter-values.yaml b/charts/lagoon-core/ci/linter-values.yaml index 7e79362a..610c1ce0 100644 --- a/charts/lagoon-core/ci/linter-values.yaml +++ b/charts/lagoon-core/ci/linter-values.yaml @@ -56,7 +56,6 @@ actionsHandler: keycloak: keycloakFrontEndURL: https://keycloak.example.com - realmSettings: enabled: true options: From c1f3ba94db6cf1f4ddb446c2d7fe9bc9c195891c Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Fri, 18 Aug 2023 16:30:45 +1000 Subject: [PATCH 10/17] fix linter image tags --- charts/lagoon-remote/ci/linter-values.yaml | 6 +++++- charts/lagoon-remote/templates/docker-host.deployment.yaml | 2 +- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/charts/lagoon-remote/ci/linter-values.yaml b/charts/lagoon-remote/ci/linter-values.yaml index 9c7e7d9d..396a3a5f 100644 --- a/charts/lagoon-remote/ci/linter-values.yaml +++ b/charts/lagoon-remote/ci/linter-values.yaml @@ -16,7 +16,8 @@ lagoon-build-deploy: dockerHost: image: - repository: uselagoon/docker-host + repository: ghcr.io/uselagoon/docker-host + tag: "pr-25" storage: size: 50Gi @@ -27,6 +28,9 @@ dbaas-operator: insightsRemote: enabled: true + image: + repository: ghcr.io/uselagoon/insights-remote + tag: "feature-fix-secret-delete" mxoutHost: mxout1.example.com diff --git a/charts/lagoon-remote/templates/docker-host.deployment.yaml b/charts/lagoon-remote/templates/docker-host.deployment.yaml index 86679251..91d553b7 100644 --- a/charts/lagoon-remote/templates/docker-host.deployment.yaml +++ b/charts/lagoon-remote/templates/docker-host.deployment.yaml @@ -56,7 +56,7 @@ spec: value: {{ . | quote }} {{- end }} - name: DOCKER_HOST - value: tcp://localhost:2375 + value: {{ .Values.dockerHost.host | default "tcp://localhost:2375" }} - name: REGISTRY value: {{ .Values.dockerHost.registry | quote }} - name: REGISTRY_MIRROR From 1cb8164539a6c3a1543c3f3ed71b637e5eee1ef1 Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Thu, 31 Aug 2023 13:10:08 +1000 Subject: [PATCH 11/17] remove null registryMirror --- charts/lagoon-remote/values.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/charts/lagoon-remote/values.yaml b/charts/lagoon-remote/values.yaml index d426aaf5..96b6563e 100644 --- a/charts/lagoon-remote/values.yaml +++ b/charts/lagoon-remote/values.yaml @@ -33,8 +33,6 @@ dockerHost: registry: registry.lagoon.svc:5000 - registryMirror: "" - # Define a regex pattern for specified images to be updated during UPDATE_IMAGES_SCHEDULE repositoriesToUpdate: - "amazeeio/*:*" From 9c4ac1f7b8e2ccc28413aff70d1dc421075df439 Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Thu, 21 Sep 2023 11:27:43 +1000 Subject: [PATCH 12/17] remove lagoon-remote test updates --- charts/lagoon-remote/Chart.yaml | 6 ++--- charts/lagoon-remote/ci/linter-values.yaml | 3 +-- .../templates/docker-host.deployment.yaml | 25 ++++++------------- .../insights-remote.clusterrole.yaml | 21 +++++----------- .../templates/insights-remote.deployment.yaml | 17 +++---------- .../templates/insights-remote.secrets.yaml | 14 ++++------- .../templates/insights-remote.service.yaml | 15 ----------- charts/lagoon-remote/values.yaml | 19 ++------------ 8 files changed, 29 insertions(+), 91 deletions(-) delete mode 100644 charts/lagoon-remote/templates/insights-remote.service.yaml diff --git a/charts/lagoon-remote/Chart.yaml b/charts/lagoon-remote/Chart.yaml index b12ff489..b46d57ef 100644 --- a/charts/lagoon-remote/Chart.yaml +++ b/charts/lagoon-remote/Chart.yaml @@ -19,7 +19,7 @@ type: application # This is the chart version. This version number should be incremented each # time you make changes to the chart and its templates, including the app # version. -version: 0.82.0 +version: 0.81.0 dependencies: - name: lagoon-build-deploy @@ -45,6 +45,6 @@ dependencies: annotations: artifacthub.io/changes: | - kind: changed - description: Added configuration for updated Docker Host and updated version to v4.0.0 + description: update lagoon-ssh-portal to v0.30.1 - kind: changed - description: Added new Insights Remote Service and updated version to v0.0.7 + description: update NATS chart dependency to v0.19.17 diff --git a/charts/lagoon-remote/ci/linter-values.yaml b/charts/lagoon-remote/ci/linter-values.yaml index 396a3a5f..2ff34bd8 100644 --- a/charts/lagoon-remote/ci/linter-values.yaml +++ b/charts/lagoon-remote/ci/linter-values.yaml @@ -16,8 +16,7 @@ lagoon-build-deploy: dockerHost: image: - repository: ghcr.io/uselagoon/docker-host - tag: "pr-25" + repository: uselagoon/docker-host storage: size: 50Gi diff --git a/charts/lagoon-remote/templates/docker-host.deployment.yaml b/charts/lagoon-remote/templates/docker-host.deployment.yaml index 91d553b7..3510cb1b 100644 --- a/charts/lagoon-remote/templates/docker-host.deployment.yaml +++ b/charts/lagoon-remote/templates/docker-host.deployment.yaml @@ -56,27 +56,18 @@ spec: value: {{ . | quote }} {{- end }} - name: DOCKER_HOST - value: {{ .Values.dockerHost.host | default "tcp://localhost:2375" }} + value: localhost - name: REGISTRY value: {{ .Values.dockerHost.registry | quote }} - - name: REGISTRY_MIRROR - value: {{ .Values.dockerHost.registryMirror | quote }} - - name: REPOSITORIES_TO_UPDATE - value: {{ join "|" .Values.dockerHost.repositoriesToUpdate | quote }} + - name: REPOSITORY_TO_UPDATE + value: {{ .Values.dockerHost.repositoryToUpdate | quote }} - name: PRUNE_IMAGES_UNTIL value: {{ .Values.dockerHost.pruneImagesUntil | quote }} - - name: PRUNE_SCHEDULE - value: {{ .Values.dockerHost.pruneImagesSchedule | quote }} - - name: REMOVE_EXITED_SCHEDULE - value: {{ .Values.dockerHost.removeExitedSchedule | quote }} - - name: UPDATE_IMAGES_SCHEDULE - value: {{ .Values.dockerHost.updateImagesSchedule | quote }} - - name: DANGLING_FILTER - value: {{ .Values.dockerHost.danglingFilter | quote }} - {{- range $key, $val := .Values.dockerHost.additionalEnvs }} - - name: {{ $key }} - value: {{ $val | quote }} - {{- end }} + - name: CRONJOBS + value: | + 22 1 * * * /lagoon/cronjob.sh "/prune-images.sh" + 22 */4 * * * /lagoon/cronjob.sh "/remove-exited.sh" + */15 * * * * /lagoon/cronjob.sh "/update-images.sh" ports: - containerPort: 2375 protocol: TCP diff --git a/charts/lagoon-remote/templates/insights-remote.clusterrole.yaml b/charts/lagoon-remote/templates/insights-remote.clusterrole.yaml index 83430ea8..133d6062 100644 --- a/charts/lagoon-remote/templates/insights-remote.clusterrole.yaml +++ b/charts/lagoon-remote/templates/insights-remote.clusterrole.yaml @@ -6,19 +6,10 @@ metadata: labels: {{- include "lagoon-remote.insightsRemote.labels" . | nindent 4 }} rules: - - verbs: - - '*' - apiGroups: - - '' - resources: - - configmaps - - secrets - - verbs: - - get - - watch - - list - apiGroups: - - '' - resources: - - namespaces +- apiGroups: + - "" + resources: + - configmaps + verbs: + - "*" {{- end }} diff --git a/charts/lagoon-remote/templates/insights-remote.deployment.yaml b/charts/lagoon-remote/templates/insights-remote.deployment.yaml index 48bf7a43..e3c1e30b 100644 --- a/charts/lagoon-remote/templates/insights-remote.deployment.yaml +++ b/charts/lagoon-remote/templates/insights-remote.deployment.yaml @@ -47,24 +47,15 @@ spec: - name: RABBITMQ_PASSWORD valueFrom: secretKeyRef: - name: {{ include "lagoon-remote.insightsRemote.fullname" . }} - key: RABBITMQ_PASSWORD + name: {{ include "lagoon-remote.insightsRemote.fullname" . }}-rabbitmqsecret + key: password - name: RABBITMQ_USERNAME valueFrom: secretKeyRef: - name: {{ include "lagoon-remote.insightsRemote.fullname" . }} - key: RABBITMQ_USERNAME - - name: INSIGHTS_TOKEN_SECRET - valueFrom: - secretKeyRef: - name: {{ include "lagoon-remote.insightsRemote.fullname" . }} - key: INSIGHTS_TOKEN_SECRET + name: {{ include "lagoon-remote.insightsRemote.fullname" . }}-rabbitmqsecret + key: username resources: {{- toYaml .Values.insightsRemote.resources | nindent 12 }} - ports: - - name: insights-ws - containerPort: 8888 - protocol: TCP {{- with .Values.insightsRemote.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/charts/lagoon-remote/templates/insights-remote.secrets.yaml b/charts/lagoon-remote/templates/insights-remote.secrets.yaml index 3bef7ee8..dc44c130 100644 --- a/charts/lagoon-remote/templates/insights-remote.secrets.yaml +++ b/charts/lagoon-remote/templates/insights-remote.secrets.yaml @@ -1,18 +1,14 @@ {{- if .Values.insightsRemote.enabled -}} + {{- $rabbitMQUsername := coalesce .Values.global.rabbitMQUsername .Values.insightsRemote.rabbitMQUsername }} {{- $rabbitMQPassword := coalesce .Values.global.rabbitMQPassword .Values.insightsRemote.rabbitMQPassword }} -{{- $data := index (lookup "v1" "Secret" .Release.Namespace (include "lagoon-remote.insightsRemote.fullname" .)) "data" | default dict }} -{{- $insightsTokenSecret := coalesce .Values.insightsRemote.insightsTokenSecret (ternary (randAlpha 32) (index $data "INSIGHTS_TOKEN_SECRET" | default "" | b64dec) (index $data "INSIGHTS_TOKEN_SECRET" | empty)) }} - apiVersion: v1 kind: Secret metadata: - name: {{ include "lagoon-remote.insightsRemote.fullname" . }} -type: Opaque + name: {{ include "lagoon-remote.insightsRemote.fullname" . }}-rabbitmqsecret +type: kubernetes.io/basic-auth stringData: - RABBITMQ_USERNAME: {{ required "A valid rabbitMQUsername required!" $rabbitMQUsername | quote }} - RABBITMQ_PASSWORD: {{ required "A valid rabbitMQPassword required!" $rabbitMQPassword | quote }} - INSIGHTS_TOKEN_SECRET: {{ $insightsTokenSecret | quote }} - + username: {{ required "A valid rabbitMQUsername required!" $rabbitMQUsername | quote }} + password: {{ required "A valid rabbitMQPassword required!" $rabbitMQPassword | quote }} {{- end }} diff --git a/charts/lagoon-remote/templates/insights-remote.service.yaml b/charts/lagoon-remote/templates/insights-remote.service.yaml deleted file mode 100644 index 01f105dd..00000000 --- a/charts/lagoon-remote/templates/insights-remote.service.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "lagoon-remote.insightsRemote.fullname" . }} - labels: - {{- include "lagoon-remote.insightsRemote.labels" . | nindent 4 }} -spec: - type: {{ .Values.insightsRemote.service.type }} - ports: - - port: {{ .Values.insightsRemote.service.port }} - targetPort: 8888 - protocol: TCP - name: insights-ws - selector: - {{- include "lagoon-remote.insightsRemote.selectorLabels" . | nindent 4 }} diff --git a/charts/lagoon-remote/values.yaml b/charts/lagoon-remote/values.yaml index 96b6563e..9b0640b1 100644 --- a/charts/lagoon-remote/values.yaml +++ b/charts/lagoon-remote/values.yaml @@ -33,21 +33,10 @@ dockerHost: registry: registry.lagoon.svc:5000 - # Define a regex pattern for specified images to be updated during UPDATE_IMAGES_SCHEDULE - repositoriesToUpdate: - - "amazeeio/*:*" - - "*lagoon/*:*" + repositoryToUpdate: amazeeio|lagoon pruneImagesUntil: 168h - danglingFilter: true - - pruneImagesSchedule: '22 1 * * *' - - removeExitedSchedule: '22 */4 * * *' - - updateImagesSchedule: '*/15 * * * *' - replicaCount: 1 ## proxy configuration @@ -223,7 +212,7 @@ insightsRemote: repository: uselagoon/insights-remote pullPolicy: Always # Overrides the image tag whose default is the chart appVersion. - tag: "v0.0.6" + tag: "v0.0.4" imagePullSecrets: [] nameOverride: "" @@ -294,10 +283,6 @@ insightsRemote: affinity: {} - service: - type: ClusterIP - port: 80 - # the nats chart is a subchart which is configured for use by lagoon-remote nats: enabled: false From 9b2512e79286603082b71a38a6d1642611e3cce0 Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Thu, 21 Sep 2023 11:41:23 +1000 Subject: [PATCH 13/17] remove image and chomp --- charts/lagoon-remote/ci/linter-values.yaml | 3 --- .../lagoon-remote/templates/insights-remote.clusterrole.yaml | 2 +- charts/lagoon-remote/templates/insights-remote.deployment.yaml | 2 +- charts/lagoon-remote/templates/insights-remote.secrets.yaml | 2 +- 4 files changed, 3 insertions(+), 6 deletions(-) diff --git a/charts/lagoon-remote/ci/linter-values.yaml b/charts/lagoon-remote/ci/linter-values.yaml index 2ff34bd8..9c7e7d9d 100644 --- a/charts/lagoon-remote/ci/linter-values.yaml +++ b/charts/lagoon-remote/ci/linter-values.yaml @@ -27,9 +27,6 @@ dbaas-operator: insightsRemote: enabled: true - image: - repository: ghcr.io/uselagoon/insights-remote - tag: "feature-fix-secret-delete" mxoutHost: mxout1.example.com diff --git a/charts/lagoon-remote/templates/insights-remote.clusterrole.yaml b/charts/lagoon-remote/templates/insights-remote.clusterrole.yaml index 133d6062..ddab9fff 100644 --- a/charts/lagoon-remote/templates/insights-remote.clusterrole.yaml +++ b/charts/lagoon-remote/templates/insights-remote.clusterrole.yaml @@ -12,4 +12,4 @@ rules: - configmaps verbs: - "*" - {{- end }} + {{- end }} \ No newline at end of file diff --git a/charts/lagoon-remote/templates/insights-remote.deployment.yaml b/charts/lagoon-remote/templates/insights-remote.deployment.yaml index e3c1e30b..e450ae32 100644 --- a/charts/lagoon-remote/templates/insights-remote.deployment.yaml +++ b/charts/lagoon-remote/templates/insights-remote.deployment.yaml @@ -68,4 +68,4 @@ spec: tolerations: {{- toYaml . | nindent 8 }} {{- end }} -{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/lagoon-remote/templates/insights-remote.secrets.yaml b/charts/lagoon-remote/templates/insights-remote.secrets.yaml index dc44c130..c018d9ce 100644 --- a/charts/lagoon-remote/templates/insights-remote.secrets.yaml +++ b/charts/lagoon-remote/templates/insights-remote.secrets.yaml @@ -11,4 +11,4 @@ type: kubernetes.io/basic-auth stringData: username: {{ required "A valid rabbitMQUsername required!" $rabbitMQUsername | quote }} password: {{ required "A valid rabbitMQPassword required!" $rabbitMQPassword | quote }} -{{- end }} +{{- end }} \ No newline at end of file From 93db8ce28116a6d568338d2685dd25277fa8ae6a Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Thu, 21 Sep 2023 16:38:03 +1000 Subject: [PATCH 14/17] add lagoonWebhookURL to UI --- charts/lagoon-core/Chart.yaml | 2 ++ charts/lagoon-core/templates/ui.deployment.yaml | 6 ++++++ 2 files changed, 8 insertions(+) diff --git a/charts/lagoon-core/Chart.yaml b/charts/lagoon-core/Chart.yaml index a39e7566..b1b5e521 100644 --- a/charts/lagoon-core/Chart.yaml +++ b/charts/lagoon-core/Chart.yaml @@ -44,3 +44,5 @@ annotations: description: add additional keycloak configuration options - kind: changed description: replace keycloakAPIURL with keycloakFrontEndURL + - kind: changed + description: added lagoonWebhookURL to UI deployment diff --git a/charts/lagoon-core/templates/ui.deployment.yaml b/charts/lagoon-core/templates/ui.deployment.yaml index a3e60ee5..f3779290 100644 --- a/charts/lagoon-core/templates/ui.deployment.yaml +++ b/charts/lagoon-core/templates/ui.deployment.yaml @@ -52,6 +52,12 @@ spec: {{- else }} value: http://{{ include "lagoon-core.keycloak.fullname" . }}:{{ .Values.keycloak.service.port }}/auth {{- end }} + - name: WEBHOOK_URL + {{- if .Values.lagoonWebhookURL }} + value: {{ .Values.lagoonWebhookURL | quote }} + {{- else }} + value: https://{{ index .Values.webhookHandler.ingress.hosts 0 "host" }} + {{- end }} - name: LAGOON_VERSION value: {{ .Chart.AppVersion | replace "-" "." }} {{- range $key, $val := .Values.ui.additionalEnvs }} From 0534e9d897256cc2fa57b5828fa28f3a86c9e6e6 Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Fri, 13 Oct 2023 12:29:06 +1100 Subject: [PATCH 15/17] minor change to apiredis.persistence disabled --- charts/lagoon-core/templates/api-redis.pvc.yaml | 2 +- charts/lagoon-core/values.yaml | 7 +++++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/charts/lagoon-core/templates/api-redis.pvc.yaml b/charts/lagoon-core/templates/api-redis.pvc.yaml index 1952d882..0b615321 100644 --- a/charts/lagoon-core/templates/api-redis.pvc.yaml +++ b/charts/lagoon-core/templates/api-redis.pvc.yaml @@ -11,7 +11,7 @@ spec: resources: requests: storage: {{ .Values.apiRedis.persistence.size | quote }} - {{- with .Values.apiRedis.persistence.className }} + {{- with .Values.apiRedis.persistence.storageClass }} storageClassName: {{ . | quote }} {{- end }} {{- end }} diff --git a/charts/lagoon-core/values.yaml b/charts/lagoon-core/values.yaml index 14ef0d17..6b0886e7 100644 --- a/charts/lagoon-core/values.yaml +++ b/charts/lagoon-core/values.yaml @@ -201,9 +201,12 @@ apiRedis: memory: "64Mi" cpu: "50m" + additionalEnvs: + # FOO: Bar + persistence: - enabled: true - size: 8Gi + enabled: false + size: 100Mi service: type: ClusterIP From 890a18228e148cd1901e0e130e7072c227393947 Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Mon, 16 Oct 2023 16:45:52 +1100 Subject: [PATCH 16/17] update Lagoon appVersion to v2.16.0 --- charts/lagoon-core/Chart.yaml | 4 +++- charts/lagoon-test/Chart.yaml | 6 +++--- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/charts/lagoon-core/Chart.yaml b/charts/lagoon-core/Chart.yaml index b1b5e521..374e5f11 100644 --- a/charts/lagoon-core/Chart.yaml +++ b/charts/lagoon-core/Chart.yaml @@ -27,7 +27,7 @@ version: 1.37.0 # number should be incremented each time you make changes to the application. # Versions are not expected to follow Semantic Versioning. They should reflect # the version the application is using. -appVersion: v2.15.4 +appVersion: v2.16.0 dependencies: - name: nats @@ -40,6 +40,8 @@ dependencies: # Valid supported kinds are added, changed, deprecated, removed, fixed and security annotations: artifacthub.io/changes: | + - kind: changed + description: update Lagoon appVersion to v2.16.0 - kind: changed description: add additional keycloak configuration options - kind: changed diff --git a/charts/lagoon-test/Chart.yaml b/charts/lagoon-test/Chart.yaml index 076b6886..4a554260 100644 --- a/charts/lagoon-test/Chart.yaml +++ b/charts/lagoon-test/Chart.yaml @@ -15,13 +15,13 @@ type: application # time you make changes to the chart and its templates, including the app # version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.50.0 +version: 0.51.0 # This is the version number of the application being deployed. This version # number should be incremented each time you make changes to the application. # Versions are not expected to follow Semantic Versioning. They should reflect # the version the application is using. -appVersion: v2.15.4 +appVersion: v2.16.0 # This section is used to collect a changelog for artifacthub.io # It should be started afresh for each release @@ -29,4 +29,4 @@ appVersion: v2.15.4 annotations: artifacthub.io/changes: | - kind: changed - description: update Lagoon appVersion to v2.15.4 + description: update Lagoon appVersion to v2.16.0 From 67f8bf7239e302b3c0c0b3e648627d435f862474 Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Tue, 17 Oct 2023 07:30:52 +1100 Subject: [PATCH 17/17] Update Chart.yaml --- charts/lagoon-core/Chart.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/charts/lagoon-core/Chart.yaml b/charts/lagoon-core/Chart.yaml index 374e5f11..e78ae75f 100644 --- a/charts/lagoon-core/Chart.yaml +++ b/charts/lagoon-core/Chart.yaml @@ -48,3 +48,5 @@ annotations: description: replace keycloakAPIURL with keycloakFrontEndURL - kind: changed description: added lagoonWebhookURL to UI deployment + - kind: added + description: added "persistence" option to apiRedis