diff --git a/.github/workflows/test-suite.yaml b/.github/workflows/test-suite.yaml index 0e8a526e..b2039684 100644 --- a/.github/workflows/test-suite.yaml +++ b/.github/workflows/test-suite.yaml @@ -123,7 +123,7 @@ jobs: if: | (steps.list-changed.outputs.changed == 'true') || (contains(github.event.pull_request.labels.*.name, 'needs-testing')) - # run: make -j8 -O fill-test-ci-values TESTS=[${{ matrix.test }}] IMAGE_REGISTRY=testlagoon IMAGE_TAG=main + # run: make -j8 -O fill-test-ci-values TESTS=[${{ matrix.test }}] IMAGE_REGISTRY=testlagoon IMAGE_TAG=main OVERRIDE_BUILD_DEPLOY_DIND_IMAGE=uselagoon/build-deploy-image:main OVERRIDE_ACTIVE_STANDBY_TASK_IMAGE=testlagoon/task-activestandby:main run: make -j8 -O fill-test-ci-values TESTS=[${{ matrix.test }}] - name: Free up some disk space diff --git a/Makefile b/Makefile index fa677c27..64088fcf 100644 --- a/Makefile +++ b/Makefile @@ -41,6 +41,9 @@ SKIP_ALL_DEPS = DISABLE_CORE_HARBOR = # Set to `true` to enable the elements of lagoon-core that talk to OpenSearch installs OPENSEARCH_INTEGRATION_ENABLED = false +# Ordinarily we shouldn't need to clear the API data as it's usually a first run. Set this +# variable on a test run to clear (what's clearable) first +CLEAR_API_DATA = false TIMEOUT = 30m HELM = helm @@ -56,7 +59,7 @@ fill-test-ci-values: && export token="$$($(KUBECTL) -n lagoon create token lagoon-build-deploy --duration 3h)" \ && export $$([ $(IMAGE_TAG) ] && echo imageTag='$(IMAGE_TAG)' || echo imageTag='latest') \ && export webhookHandler="lagoon-core-webhook-handler" \ - && export tests='$(TESTS)' imageRegistry='$(IMAGE_REGISTRY)' \ + && export tests='$(TESTS)' imageRegistry='$(IMAGE_REGISTRY)' clearApiData='$(CLEAR_API_DATA)' \ && valueTemplate=charts/lagoon-test/ci/linter-values.yaml \ && envsubst < $$valueTemplate.tpl > $$valueTemplate \ && cat $$valueTemplate @@ -158,7 +161,7 @@ install-minio: install-ingress --wait \ --timeout $(TIMEOUT) \ --set auth.rootUser=lagoonFilesAccessKey,auth.rootPassword=lagoonFilesSecretKey \ - --set defaultBuckets=lagoon-files \ + --set defaultBuckets='lagoon-files\,restores' \ --version=12.8.7 \ minio \ bitnami/minio diff --git a/charts/lagoon-core/Chart.yaml b/charts/lagoon-core/Chart.yaml index 0db0900c..0b1d71bb 100644 --- a/charts/lagoon-core/Chart.yaml +++ b/charts/lagoon-core/Chart.yaml @@ -21,13 +21,13 @@ type: application # time you make changes to the chart and its templates, including the app # version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 1.40.0 +version: 1.41.0 # This is the version number of the application being deployed. This version # number should be incremented each time you make changes to the application. # Versions are not expected to follow Semantic Versioning. They should reflect # the version the application is using. -appVersion: v2.16.0 +appVersion: v2.17.0 dependencies: - name: nats @@ -42,3 +42,9 @@ annotations: artifacthub.io/changes: | - kind: changed description: bump lagoon-opensearch-sync version to v0.7.1 + - kind: changed + description: updated to insights-handler:v0.0.2 + - kind: changed + description: pinned insights to trivy:0.48.0 + - kind: changed + description: update lagoon appVersion to v2.17.0 diff --git a/charts/lagoon-core/values.yaml b/charts/lagoon-core/values.yaml index 25798e4f..f37eea9a 100644 --- a/charts/lagoon-core/values.yaml +++ b/charts/lagoon-core/values.yaml @@ -620,7 +620,7 @@ insightsHandler: enabled: false image: repository: aquasec/trivy - tag: latest + tag: 0.48.0 service: type: ClusterIP port: 4954 diff --git a/charts/lagoon-remote/Chart.lock b/charts/lagoon-remote/Chart.lock index 63327a5c..cf4d6808 100644 --- a/charts/lagoon-remote/Chart.lock +++ b/charts/lagoon-remote/Chart.lock @@ -1,7 +1,7 @@ dependencies: - name: lagoon-build-deploy repository: https://uselagoon.github.io/lagoon-charts/ - version: 0.26.2 + version: 0.26.3 - name: dioscuri repository: https://amazeeio.github.io/charts/ version: 0.4.1 @@ -11,5 +11,5 @@ dependencies: - name: nats repository: https://nats-io.github.io/k8s/helm/charts/ version: 0.19.17 -digest: sha256:98fadf31ddfe049c50ff4554a11732ec10a9cf8a41b8e0ce1c33a37af4f81de4 -generated: "2023-11-14T10:12:08.139505+11:00" +digest: sha256:1f873430b35bd44722954a1f02699e32c5e7468a9a77a135e5df3ca3766a8ed2 +generated: "2023-12-08T13:18:21.18121865+11:00" diff --git a/charts/lagoon-remote/Chart.yaml b/charts/lagoon-remote/Chart.yaml index 4c02e8e8..26141057 100644 --- a/charts/lagoon-remote/Chart.yaml +++ b/charts/lagoon-remote/Chart.yaml @@ -19,7 +19,7 @@ type: application # This is the chart version. This version number should be incremented each # time you make changes to the chart and its templates, including the app # version. -version: 0.86.1 +version: 0.87.0 dependencies: - name: lagoon-build-deploy @@ -45,4 +45,10 @@ dependencies: annotations: artifacthub.io/changes: | - kind: changed - description: update lagoon-build-deploy to v0.26.2 with updated remote-controller + description: remove insights-remote service if not enabled + - kind: removed + description: removed old kubernetes build deploy references + - kind: changed + description: updated to insights-remote:v0.0.8 + - kind: changed + description: updated lagoon-build-deploy chart to v0.26.3 diff --git a/charts/lagoon-remote/templates/insights-remote.service.yaml b/charts/lagoon-remote/templates/insights-remote.service.yaml index 01f105dd..981022e1 100644 --- a/charts/lagoon-remote/templates/insights-remote.service.yaml +++ b/charts/lagoon-remote/templates/insights-remote.service.yaml @@ -1,3 +1,4 @@ +{{- if .Values.insightsRemote.enabled -}} apiVersion: v1 kind: Service metadata: @@ -13,3 +14,4 @@ spec: name: insights-ws selector: {{- include "lagoon-remote.insightsRemote.selectorLabels" . | nindent 4 }} +{{- end }} diff --git a/charts/lagoon-remote/templates/kubernetes-build-deploy.clusterrolebinding.yaml b/charts/lagoon-remote/templates/kubernetes-build-deploy.clusterrolebinding.yaml deleted file mode 100644 index a7e08f51..00000000 --- a/charts/lagoon-remote/templates/kubernetes-build-deploy.clusterrolebinding.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ include "lagoon-remote.kubernetesBuildDeploy.fullname" . }} - labels: - {{- include "lagoon-remote.kubernetesBuildDeploy.labels" . | nindent 4 }} -subjects: -- kind: ServiceAccount - name: {{ include "lagoon-remote.kubernetesBuildDeploy.serviceAccountName" . }} - namespace: {{ .Release.Namespace | quote }} -roleRef: - kind: ClusterRole - name: cluster-admin - apiGroup: rbac.authorization.k8s.io diff --git a/charts/lagoon-remote/templates/kubernetes-build-deploy.serviceaccount.yaml b/charts/lagoon-remote/templates/kubernetes-build-deploy.serviceaccount.yaml deleted file mode 100644 index 01136b72..00000000 --- a/charts/lagoon-remote/templates/kubernetes-build-deploy.serviceaccount.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "lagoon-remote.kubernetesBuildDeploy.serviceAccountName" . }} - labels: - {{- include "lagoon-remote.kubernetesBuildDeploy.labels" . | nindent 4 }} - {{- with .Values.kubernetesBuildDeploy.serviceAccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} diff --git a/charts/lagoon-remote/values.yaml b/charts/lagoon-remote/values.yaml index 7781073c..866f1871 100644 --- a/charts/lagoon-remote/values.yaml +++ b/charts/lagoon-remote/values.yaml @@ -106,13 +106,6 @@ dockerHost: effect: PreferNoSchedule operator: Exists -# this account is used by the legacy Lagoon kubernetes build deploy system. -kubernetesBuildDeploy: - serviceAccount: - # The name of the service account to use. - # If not set, a name is generated using the fullname template. - name: - # sshCore creates a restricted, non-expiring ServiceAccount token for use by # lagoon-core. sshCore: @@ -227,7 +220,7 @@ insightsRemote: repository: uselagoon/insights-remote pullPolicy: Always # Overrides the image tag whose default is the chart appVersion. - tag: "v0.0.7" + tag: "v0.0.8" imagePullSecrets: [] nameOverride: "" diff --git a/charts/lagoon-test/Chart.yaml b/charts/lagoon-test/Chart.yaml index 836924df..a766f179 100644 --- a/charts/lagoon-test/Chart.yaml +++ b/charts/lagoon-test/Chart.yaml @@ -15,13 +15,13 @@ type: application # time you make changes to the chart and its templates, including the app # version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.52.0 +version: 0.53.0 # This is the version number of the application being deployed. This version # number should be incremented each time you make changes to the application. # Versions are not expected to follow Semantic Versioning. They should reflect # the version the application is using. -appVersion: v2.16.0 +appVersion: v2.17.0 # This section is used to collect a changelog for artifacthub.io # It should be started afresh for each release @@ -29,4 +29,6 @@ appVersion: v2.16.0 annotations: artifacthub.io/changes: | - kind: changed - description: require minimum Kubernetes 1.23 + description: add minio settings to api-data-watcher-pusher and make into a helm test job + - kind: changed + description: update lagoon appVersion to v2.17.0 diff --git a/charts/lagoon-test/ci/linter-values.yaml.tpl b/charts/lagoon-test/ci/linter-values.yaml.tpl index 221725a5..d2f94f44 100644 --- a/charts/lagoon-test/ci/linter-values.yaml.tpl +++ b/charts/lagoon-test/ci/linter-values.yaml.tpl @@ -14,6 +14,8 @@ localGit: localAPIDataWatcherPusher: image: repository: ${imageRegistry}/local-api-data-watcher-pusher + additonalEnvs: + CLEAR_API_DATA: ${clearApiData} tests: image: diff --git a/charts/lagoon-test/templates/_helpers.tpl b/charts/lagoon-test/templates/_helpers.tpl index 3fe70843..e7810695 100644 --- a/charts/lagoon-test/templates/_helpers.tpl +++ b/charts/lagoon-test/templates/_helpers.tpl @@ -92,14 +92,14 @@ app.kubernetes.io/instance: {{ .Release.Name }} {{/* -Create a default fully qualified app name for local-git. +Create a default fully qualified app name for local-api-data-watcher-pusher. */}} {{- define "lagoon-test.localAPIDataWatcherPusher.fullname" -}} {{- include "lagoon-test.fullname" . }}-local-api-data-watcher-pusher {{- end }} {{/* -Common labels local-git. +Common labels local-api-data-watcher-pusher. */}} {{- define "lagoon-test.localAPIDataWatcherPusher.labels" -}} helm.sh/chart: {{ include "lagoon-test.chart" . }} @@ -111,7 +111,7 @@ app.kubernetes.io/managed-by: {{ .Release.Service }} {{- end }} {{/* -Selector labels local-git. +Selector labels local-api-data-watcher-pusher. */}} {{- define "lagoon-test.localAPIDataWatcherPusher.selectorLabels" -}} app.kubernetes.io/name: {{ include "lagoon-test.name" . }} diff --git a/charts/lagoon-test/templates/local-api-data-watcher-pusher.deployment.yaml b/charts/lagoon-test/templates/local-api-data-watcher-pusher.job.yaml similarity index 79% rename from charts/lagoon-test/templates/local-api-data-watcher-pusher.deployment.yaml rename to charts/lagoon-test/templates/local-api-data-watcher-pusher.job.yaml index eadd3040..0b35d692 100644 --- a/charts/lagoon-test/templates/local-api-data-watcher-pusher.deployment.yaml +++ b/charts/lagoon-test/templates/local-api-data-watcher-pusher.job.yaml @@ -1,34 +1,29 @@ -apiVersion: apps/v1 -kind: Deployment +apiVersion: batch/v1 +kind: Job metadata: name: {{ include "lagoon-test.localAPIDataWatcherPusher.fullname" . }} labels: {{- include "lagoon-test.localAPIDataWatcherPusher.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test + "helm.sh/hook-weight": "10" spec: - selector: - matchLabels: - {{- include "lagoon-test.localAPIDataWatcherPusher.selectorLabels" . | nindent 6 }} + backoffLimit: 2 template: metadata: - {{- with .Values.localAPIDataWatcherPusher.podAnnotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} labels: {{- include "lagoon-test.localAPIDataWatcherPusher.selectorLabels" . | nindent 8 }} spec: - {{- with .Values.localAPIDataWatcherPusher.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} + restartPolicy: Never securityContext: {{- toYaml .Values.localAPIDataWatcherPusher.podSecurityContext | nindent 8 }} + terminationGracePeriodSeconds: 120 containers: - name: api-data-watcher-pusher - securityContext: - {{- toYaml .Values.localAPIDataWatcherPusher.securityContext | nindent 10 }} image: "{{ .Values.localAPIDataWatcherPusher.image.repository }}:{{ coalesce .Values.localAPIDataWatcherPusher.image.tag .Values.imageTag .Chart.AppVersion }}" imagePullPolicy: {{ .Values.localAPIDataWatcherPusher.image.pullPolicy }} + securityContext: + {{- toYaml .Values.localAPIDataWatcherPusher.securityContext | nindent 10 }} env: - name: API_HOST value: {{ .Values.apiHost | quote }} @@ -47,15 +42,18 @@ spec: secretKeyRef: name: {{ .Values.jwtSecretSecret | quote }} key: JWTSECRET + - name: MINIO_SERVER_URL + value: {{ .Values.minioURL | quote }} + - name: MINIO_ROOT_USER + value: {{ .Values.minioUser | quote }} + - name: MINIO_ROOT_PASSWORD + value: {{ .Values.minioPass | quote }} - name: TOKEN value: {{ required "A valid .Values.token required!" .Values.token | quote }} - startupProbe: - exec: - command: - - test - - -f - - /tmp/api-data-pushed - failureThreshold: 90 + {{- range $key, $val := .Values.localAPIDataWatcherPusher.additionalEnvs }} + - name: {{ $key }} + value: {{ $val | quote }} + {{- end }} resources: {{- toYaml .Values.localAPIDataWatcherPusher.resources | nindent 10 }} {{- with .Values.localAPIDataWatcherPusher.nodeSelector }} diff --git a/charts/lagoon-test/templates/tests/test-connection.yaml b/charts/lagoon-test/templates/tests/test-connection.yaml index cba025e5..ddaa44b1 100644 --- a/charts/lagoon-test/templates/tests/test-connection.yaml +++ b/charts/lagoon-test/templates/tests/test-connection.yaml @@ -5,7 +5,8 @@ metadata: labels: {{- include "lagoon-test.labels" . | nindent 4 }} annotations: - "helm.sh/hook": test-success + "helm.sh/hook": test + "helm.sh/hook-weight": "30" spec: containers: - name: nc diff --git a/charts/lagoon-test/templates/tests/test-suite.yaml b/charts/lagoon-test/templates/tests/test-suite.yaml index e83d858b..546051bc 100644 --- a/charts/lagoon-test/templates/tests/test-suite.yaml +++ b/charts/lagoon-test/templates/tests/test-suite.yaml @@ -6,7 +6,8 @@ metadata: labels: {{- include "lagoon-test.labels" . | nindent 4 }} annotations: - "helm.sh/hook": test-success + "helm.sh/hook": test + "helm.sh/hook-weight": "50" spec: serviceAccountName: {{ include "lagoon-test.serviceAccountName" . }} containers: diff --git a/charts/lagoon-test/values.yaml b/charts/lagoon-test/values.yaml index 0bea382c..1a29b857 100644 --- a/charts/lagoon-test/values.yaml +++ b/charts/lagoon-test/values.yaml @@ -8,6 +8,9 @@ gitAuthorizedKeys: > ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDEZlms5XsiyWjmnnUyhpt93VgHypse9Bl8kNkmZJTiM3Ex/wZAfwogzqd2LrTEiIOWSH1HnQazR+Cc9oHCmMyNxRrLkS/MEl0yZ38Q+GDfn37h/llCIZNVoHlSgYkqD0MQrhfGL5AulDUKIle93dA6qdCUlnZZjDPiR0vEXR36xGuX7QYAhK30aD2SrrBruTtFGvj87IP/0OEOvUZe8dcU9G/pCoqrTzgKqJRpqs/s5xtkqLkTIyR/SzzplO21A+pCKNax6csDDq3snS8zfx6iM8MwVfh8nvBW9seax1zBvZjHAPSTsjzmZXm4z32/ujAn/RhIkZw3ZgRKrxzryttGnWJJ8OFyF31JTJgwWWuPdH53G15PC83ZbmEgSV3win51RZRVppN4uQUuaqZWG9wwk2a6P5aen1RLCSLpTkd2mAEk9PlgmJrf8vITkiU9pF9n68ENCoo556qSdxW2pxnjrzKVPSqmqO1Xg5K4LOX4/9N4n4qkLEOiqnzzJClhFif3O28RW86RPxERGdPT81UI0oDAcU5euQr8Emz+Hd+PY1115UIld3CIHib5PYL9Ee0bFUKiWpR/acSe1fHB64mCoHP7hjFepGsq7inkvg2651wUDKBshGltpNkMj6+aZedNc0/rKYyjl80nT8g8QECgOSRzpmYp0zli2HpFoLOiWw== ansible-testing jwtSecretSecret: lagoon-core-secrets keycloakURL: http://lagoon-core-keycloak:8080 +minioURL: http://minio.minio.svc:9000 +minioUser: lagoonFilesAccessKey +minioPass: lagoonFilesSecretKey routeSuffixHTTPPort: 32080 routeSuffixHTTPSPort: 32443 sshHost: lagoon-core-ssh @@ -116,6 +119,9 @@ localAPIDataWatcherPusher: # Overrides the image tag whose default is the chart appVersion. tag: "" + additionalEnvs: + # CLEAR_API_DATA: true + podSecurityContext: {} securityContext: {}