update Lagoon appVersion to v2.16.0

Makefile

@@ -178,7 +178,7 @@ install-lagoon-core: install-minio
 		$$([ $(OVERRIDE_BUILD_DEPLOY_DIND_IMAGE) ] && echo '--set buildDeployImage.default.image=$(OVERRIDE_BUILD_DEPLOY_DIND_IMAGE)') \
 		$$([ $(DISABLE_CORE_HARBOR) ] && echo '--set api.additionalEnvs.DISABLE_CORE_HARBOR=$(DISABLE_CORE_HARBOR)') \
 		$$([ $(OPENSEARCH_INTEGRATION_ENABLED) ] && echo '--set api.additionalEnvs.OPENSEARCH_INTEGRATION_ENABLED=$(OPENSEARCH_INTEGRATION_ENABLED)') \
-		--set "keycloakAPIURL=http://lagoon-keycloak.$$($(KUBECTL) get nodes -o jsonpath='{.items[0].status.addresses[0].address}').nip.io:32080/auth" \
+		--set "keycloakFrontEndURL=http://lagoon-keycloak.$$($(KUBECTL) get nodes -o jsonpath='{.items[0].status.addresses[0].address}').nip.io:32080" \
 		--set "lagoonAPIURL=http://lagoon-api.$$($(KUBECTL) get nodes -o jsonpath='{.items[0].status.addresses[0].address}').nip.io:32080/graphql" \
 		--set actionsHandler.image.repository=$(IMAGE_REGISTRY)/actions-handler  \
 		--set api.image.repository=$(IMAGE_REGISTRY)/api \

charts/lagoon-core/Chart.yaml

@@ -21,13 +21,13 @@ type: application
 # time you make changes to the chart and its templates, including the app
 # version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 1.36.0
+version: 1.37.0
 
 # This is the version number of the application being deployed. This version
 # number should be incremented each time you make changes to the application.
 # Versions are not expected to follow Semantic Versioning. They should reflect
 # the version the application is using.
-appVersion: v2.15.4
+appVersion: v2.16.0
 
 dependencies:
 - name: nats
@@ -41,10 +41,12 @@ dependencies:
 annotations:
   artifacthub.io/changes: |
     - kind: changed
-      description: add additional metrics to broker
+      description: update Lagoon appVersion to v2.16.0
     - kind: changed
-      description: update lagoon-ssh-token and lagoon-ssh-portal-api to v0.30.1
+      description: add additional keycloak configuration options
     - kind: changed
-      description: update NATS chart dependency to v0.19.17
+      description: replace keycloakAPIURL with keycloakFrontEndURL
     - kind: changed
-      description: update Lagoon appVersion to v2.15.4
+      description: added lagoonWebhookURL to UI deployment
+    - kind: added
+      description: added "persistence" option to apiRedis

charts/lagoon-core/README.md

@@ -45,7 +45,7 @@ kind create cluster
 helm upgrade --install --create-namespace --namespace lagoon-core \
   --values ./charts/lagoon-core/ci/linter-values.yaml \
   --set lagoonAPIURL=http://localhost:7070/graphql \
-  --set keycloakAPIURL=http://localhost:8080/auth \
+  --set keycloakFrontEndURL=http://localhost:8080 \
   lagoon-core \
   ./charts/lagoon-core
 

charts/lagoon-core/ci/linter-values.yaml

@@ -20,8 +20,10 @@ lagoonWebhookURL: http://webhook:11213
 defaultIngressClassName: nginx
 
 # used in ui
-lagoonAPIURL: https://api.example.com/graphql
-keycloakAPIURL: https://keycloak.example.com/auth
+# lagoonAPIURL: https://api.example.com/graphql
+# keycloakFrontEndURL: https://keycloak.example.com
+
+keycloakAdminEmail: [email protected]
 
 api:
   replicaCount: 1
@@ -53,6 +55,22 @@ actionsHandler:
     repository: uselagoon/actions-handler
 
 keycloak:
+  keycloakFrontEndURL: https://keycloak.example.com
+  realmSettings:
+    enabled: true
+    options:
+      resetPasswordAllowed: true
+      rememberMe: true
+  email:
+    enabled: true
+    settings:
+      host: mailhog
+      port: '1025'
+      fromDisplayName: Lagoon
+      from: [email protected]
+      replyToDisplayName: Lagoon No-Reply
+      replyTo: [email protected]
+      envelopeFrom: [email protected]
   image:
     repository: uselagoon/keycloak
   resources:

charts/lagoon-core/templates/api-redis.deployment.yaml

@@ -36,13 +36,22 @@ spec:
             secretKeyRef:
               name: {{ include "lagoon-core.api.fullname" . }}
               key: REDIS_PASSWORD
+        {{- if .Values.apiRedis.persistence.enabled }}
+        - name: FLAVOR
+          value: persistent
+        {{- end }}
       {{- range $key, $val := .Values.apiRedis.additionalEnvs }}
         - name: {{ $key }}
           value: {{ $val | quote }}
       {{- end }}
         ports:
         - name: redis
           containerPort: 6379
+        {{- if .Values.apiRedis.persistence.enabled }}
+        volumeMounts:
+        - name: {{ include "lagoon-core.apiRedis.fullname" . }}-data
+          mountPath: /data
+        {{- end }}
         livenessProbe:
           tcpSocket:
             port: redis
@@ -51,6 +60,12 @@ spec:
             port: redis
         resources:
           {{- toYaml .Values.apiRedis.resources | nindent 10 }}
+      {{- if .Values.apiRedis.persistence.enabled }}
+      volumes:
+      - name: {{ include "lagoon-core.apiRedis.fullname" . }}-data
+        persistentVolumeClaim:
+          claimName: {{ include "lagoon-core.apiRedis.fullname" . }}-data
+      {{- end }}
       {{- with .Values.apiRedis.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}

charts/lagoon-core/templates/api-redis.pvc.yaml

@@ -0,0 +1,17 @@
+{{- if .Values.apiRedis.persistence.enabled -}}
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: {{ include "lagoon-core.apiRedis.fullname" . }}-data
+  labels:
+    {{- include "lagoon-core.apiRedis.labels" . | nindent 4 }}
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: {{ .Values.apiRedis.persistence.size | quote }}
+  {{- with .Values.apiRedis.persistence.storageClass }}
+  storageClassName: {{ . | quote }}
+  {{- end }}
+{{- end }}

charts/lagoon-core/templates/api.deployment.yaml

@@ -92,7 +92,13 @@ spec:
               name: {{ include "lagoon-core.keycloak.fullname" . }}
               key: KEYCLOAK_API_CLIENT_SECRET
         - name: KEYCLOAK_URL
+          {{- if .Values.keycloakFrontEndURL }}
+          value: {{ .Values.keycloakFrontEndURL }}
+          {{- else if .Values.keycloak.ingress.enabled }}
+          value: https://{{ index .Values.keycloak.ingress.hosts 0 "host" }}
+          {{- else }}
           value: http://{{ include "lagoon-core.keycloak.fullname" . }}:{{ .Values.keycloak.service.port }}
+          {{- end }}
         - name: KIBANA_URL
           value: {{ required "A valid .Values.kibanaURL required!" .Values.kibanaURL | quote }}
         - name: LAGOON_VERSION

charts/lagoon-core/templates/keycloak.configmap.yaml

@@ -0,0 +1,24 @@
+{{- if .Values.keycloak.email.enabled -}}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "lagoon-core.keycloak.fullname" . }}-smtp-settings
+  labels:
+    {{- include "lagoon-core.keycloak.labels" . | nindent 4 }}
+data:
+  keycloak-smtp-settings.json: |
+    {"smtpServer":{{ .Values.keycloak.email.settings | toJson }}}
+{{ end -}}
+{{- if .Values.keycloak.realmSettings.enabled -}}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "lagoon-core.keycloak.fullname" . }}-realm-settings
+  labels:
+    {{- include "lagoon-core.keycloak.labels" . | nindent 4 }}
+data:
+  keycloak-realm-settings.json: |
+    {{ .Values.keycloak.realmSettings.options | toJson }}
+{{ end -}}

charts/lagoon-core/templates/keycloak.deployment.yaml

@@ -41,6 +41,18 @@ spec:
           value: {{ include "lagoon-core.keycloakDB.fullname" . }}
         - name: KEYCLOAK_ADMIN_USER
           value: {{ .Values.keycloakAdminUser | quote }}
+        - name: KEYCLOAK_FRONTEND_URL
+          {{- if .Values.keycloakFrontEndURL }}
+          value: {{ .Values.keycloakFrontEndURL }}/auth
+          {{- else if .Values.keycloak.ingress.enabled }}
+          value: https://{{ index .Values.keycloak.ingress.hosts 0 "host" }}/auth
+          {{- else }}
+          value: http://{{ include "lagoon-core.keycloak.fullname" . }}:{{ .Values.keycloak.service.port }}/auth
+          {{- end }}
+        {{- with .Values.keycloakAdminEmail }}
+        - name: KEYCLOAK_ADMIN_EMAIL
+          value: {{ . | quote }}
+        {{- end }}
       {{- range $key, $val := .Values.keycloak.additionalEnvs }}
         - name: {{ $key }}
           value: {{ $val | quote }}
@@ -67,6 +79,17 @@ spec:
             - /tmp/keycloak-config-complete
           failureThreshold: 90
           periodSeconds: 20
+        volumeMounts:
+        {{- if .Values.keycloak.email.enabled }}
+        - mountPath: /lagoon/keycloak/keycloak-smtp-settings.json
+          name: {{ include "lagoon-core.keycloak.fullname" . }}-smtp-settings
+          subPath: keycloak-smtp-settings.json
+        {{- end }}
+        {{- if .Values.keycloak.realmSettings.enabled }}
+        - mountPath: /lagoon/keycloak/keycloak-realm-settings.json
+          name: {{ include "lagoon-core.keycloak.fullname" . }}-realm-settings
+          subPath: keycloak-realm-settings.json
+        {{- end }}
         resources:
           {{- toYaml .Values.keycloak.resources | nindent 10 }}
       {{- with .Values.keycloak.nodeSelector }}
@@ -81,3 +104,16 @@ spec:
       tolerations:
         {{- toYaml . | nindent 8 }}
       {{- end }}
+      volumes:
+      {{- if .Values.keycloak.email.enabled }}
+      - configMap:
+          defaultMode: 420
+          name: {{ include "lagoon-core.keycloak.fullname" . }}-smtp-settings
+        name: {{ include "lagoon-core.keycloak.fullname" . }}-smtp-settings
+      {{- end }}
+      {{- if .Values.keycloak.realmSettings.enabled }}
+      - configMap:
+          defaultMode: 420
+          name: {{ include "lagoon-core.keycloak.fullname" . }}-realm-settings
+        name: {{ include "lagoon-core.keycloak.fullname" . }}-realm-settings
+      {{- end }}

charts/lagoon-core/templates/opensearch-sync.deployment.yaml

@@ -45,7 +45,13 @@ spec:
               name: {{ include "lagoon-core.apiDB.fullname" . }}
               key: API_DB_PASSWORD
         - name: KEYCLOAK_BASE_URL
+          {{- if .Values.keycloakFrontEndURL }}
+          value: {{ .Values.keycloakFrontEndURL }}/
+          {{- else if .Values.keycloak.ingress.enabled }}
+          value: https://{{ index .Values.keycloak.ingress.hosts 0 "host" }}/
+          {{- else }}
           value: http://{{ include "lagoon-core.keycloak.fullname" . }}:{{ .Values.keycloak.service.port }}/
+          {{- end }}
         - name: KEYCLOAK_CLIENT_ID
           value: lagoon-opensearch-sync
         - name: KEYCLOAK_CLIENT_SECRET

charts/lagoon-core/templates/ssh-portal-api.deployment.yaml

@@ -48,7 +48,13 @@ spec:
           value: "true"
         {{- end }}
         - name: KEYCLOAK_BASE_URL
+          {{- if .Values.keycloakFrontEndURL }}
+          value: {{ .Values.keycloakFrontEndURL }}/
+          {{- else if .Values.keycloak.ingress.enabled }}
+          value: https://{{ index .Values.keycloak.ingress.hosts 0 "host" }}/
+          {{- else }}
           value: http://{{ include "lagoon-core.keycloak.fullname" . }}:{{ .Values.keycloak.service.port }}/
+          {{- end }}
         - name: KEYCLOAK_SERVICE_API_CLIENT_SECRET
           valueFrom:
             secretKeyRef:

charts/lagoon-core/templates/ssh-token.deployment.yaml

@@ -43,7 +43,13 @@ spec:
           value: "true"
         {{- end }}
         - name: KEYCLOAK_BASE_URL
+          {{- if .Values.keycloakFrontEndURL }}
+          value: {{ .Values.keycloakFrontEndURL }}/
+          {{- else if .Values.keycloak.ingress.enabled }}
+          value: https://{{ index .Values.keycloak.ingress.hosts 0 "host" }}/
+          {{- else }}
           value: http://{{ include "lagoon-core.keycloak.fullname" . }}:{{ .Values.keycloak.service.port }}/
+          {{- end }}
         - name: KEYCLOAK_AUTH_SERVER_CLIENT_SECRET
           valueFrom:
             secretKeyRef:

charts/lagoon-core/templates/ui.deployment.yaml

@@ -45,10 +45,18 @@ spec:
           value: https://{{ index .Values.api.ingress.hosts 0 "host" }}/graphql
           {{- end }}
         - name: KEYCLOAK_API
-          {{- if .Values.keycloakAPIURL }}
-          value: {{ .Values.keycloakAPIURL | quote }}
-          {{- else }}
+          {{- if .Values.keycloakFrontEndURL }}
+          value: {{ .Values.keycloakFrontEndURL }}/auth
+          {{- else if .Values.keycloak.ingress.enabled }}
           value: https://{{ index .Values.keycloak.ingress.hosts 0 "host" }}/auth
+          {{- else }}
+          value: http://{{ include "lagoon-core.keycloak.fullname" . }}:{{ .Values.keycloak.service.port }}/auth
+          {{- end }}
+        - name: WEBHOOK_URL
+          {{- if .Values.lagoonWebhookURL }}
+          value: {{ .Values.lagoonWebhookURL | quote }}
+          {{- else }}
+          value: https://{{ index .Values.webhookHandler.ingress.hosts 0 "host" }}
           {{- end }}
         - name: LAGOON_VERSION
           value: {{ .Chart.AppVersion | replace "-" "." }}

charts/lagoon-core/values.yaml

@@ -28,7 +28,7 @@
 # These values may be set on install, otherwise the chart tries to guess
 # sensible defaults.
 
-# keycloakAPIURL: https://keycloak.example.com/auth
+# keycloakFrontEndURL: https://keycloak.example.com
 # lagoonAPIURL: https://api.example.com/graphql
 # lagoonUIURL: https://ui.example.com
 # lagoonWebhookURL: https://webhook-handler.example.com
@@ -60,6 +60,8 @@ rabbitMQUsername: lagoon
 k8upS3Endpoint: ""
 
 keycloakAdminUser: admin
+# this is required if email sending is to be enabled in keycloak
+# keycloakAdminEmail: [email protected]
 
 buildDeployImage:
   edge:
@@ -202,11 +204,34 @@ apiRedis:
   additionalEnvs:
   #   FOO: Bar
 
+  persistence:
+    enabled: false
+    size: 100Mi
+
   service:
     type: ClusterIP
     port: 6379
 
 keycloak:
+  # keycloak realm and email settings configuration
+  realmSettings:
+    enabled: false
+    # the full list of config settings is available TODO
+    options:
+      resetPasswordAllowed: true
+      rememberMe: true
+  email:
+    enabled: false
+    settings:
+      host: mailhog
+      port: '1025'
+      from: [email protected]
+      fromDisplayName: Lagoon
+      replyTo: [email protected]
+      ssl: 'false'
+      starttls: 'false'
+      auth: 'false'
+
   replicaCount: 1
   image:
     repository: uselagoon/keycloak

charts/lagoon-test/Chart.yaml

@@ -15,18 +15,18 @@ type: application
 # time you make changes to the chart and its templates, including the app
 # version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.50.0
+version: 0.51.0
 
 # This is the version number of the application being deployed. This version
 # number should be incremented each time you make changes to the application.
 # Versions are not expected to follow Semantic Versioning. They should reflect
 # the version the application is using.
-appVersion: v2.15.4
+appVersion: v2.16.0
 
 # This section is used to collect a changelog for artifacthub.io
 # It should be started afresh for each release
 # Valid supported kinds are added, changed, deprecated, removed, fixed and security
 annotations:
   artifacthub.io/changes: |
     - kind: changed
-      description: update Lagoon appVersion to v2.15.4
+      description: update Lagoon appVersion to v2.16.0