diff --git a/.github/workflows/lint-test-matrix.yaml b/.github/workflows/lint-test-matrix.yaml index e5ed6588..7e63c08a 100644 --- a/.github/workflows/lint-test-matrix.yaml +++ b/.github/workflows/lint-test-matrix.yaml @@ -11,11 +11,12 @@ jobs: fail-fast: false matrix: kindest_node_version: - - v1.23.17@sha256:59c989ff8a517a93127d4a536e7014d28e235fb3529d9fba91b3951d461edfdb - - v1.24.15@sha256:7db4f8bea3e14b82d12e044e25e34bd53754b7f2b0e9d56df21774e6f66a70ab - - v1.25.11@sha256:227fa11ce74ea76a0474eeefb84cb75d8dad1b08638371ecf0e86259b35be0c8 - - v1.26.6@sha256:6e2d8b28a5b601defe327b98bd1c2d1930b49e5d8c512e1895099e4504007adb - - v1.28.0@sha256:b7a4cad12c197af3ba43202d3efe03246b3f0793f162afb40a33c923952d5b31 + - v1.23.17@sha256:14d0a9a892b943866d7e6be119a06871291c517d279aedb816a4b4bc0ec0a5b3 + - v1.24.17@sha256:bad10f9b98d54586cba05a7eaa1b61c6b90bfc4ee174fdc43a7b75ca75c95e51 + - v1.25.16@sha256:e8b50f8e06b44bb65a93678a65a26248fae585b3d3c2a669e5ca6c90c69dc519 + - v1.26.14@sha256:5d548739ddef37b9318c70cb977f57bf3e5015e4552be4e27e57280a8cbb8e4f + - v1.27.11@sha256:681253009e68069b8e01aad36a1e0fa8cf18bb0ab3e5c4069b2e65cafdd70843 + - v1.29.2@sha256:51a1434a5397193442f0be2a297b488b6c919ce8a3931be0ce822606ea5ca245 steps: - name: Checkout uses: actions/checkout@v4 @@ -26,7 +27,7 @@ jobs: run: sudo apt-get -y install python3-wheel - name: Set up chart-testing - uses: helm/chart-testing-action@v2.6.0 + uses: helm/chart-testing-action@v2.6.1 - name: Run chart-testing (list-changed) id: list-changed @@ -41,9 +42,9 @@ jobs: run: ct lint --config ./default.ct.yaml - name: Create kind cluster - uses: helm/kind-action@v1.8.0 + uses: helm/kind-action@v1.9.0 with: - version: v0.20.0 + version: v0.22.0 node_image: kindest/node:${{ matrix.kindest_node_version }} if: | (steps.list-changed.outputs.changed == 'true') || diff --git a/.github/workflows/lint-test.yaml b/.github/workflows/lint-test.yaml index a16a362c..76d6e383 100644 --- a/.github/workflows/lint-test.yaml +++ b/.github/workflows/lint-test.yaml @@ -69,7 +69,7 @@ jobs: run: sudo apt-get -y install python3-wheel - name: Set up chart-testing - uses: helm/chart-testing-action@v2.6.0 + uses: helm/chart-testing-action@v2.6.1 - name: Run chart-testing (list-changed) id: list-changed @@ -84,11 +84,11 @@ jobs: run: ct lint --config ./default.ct.yaml - name: Create kind cluster - uses: helm/kind-action@v1.8.0 + uses: helm/kind-action@v1.9.0 with: - version: v0.20.0 - node_image: kindest/node:v1.27.3@sha256:3966ac761ae0136263ffdb6cfd4db23ef8a83cba8a463690e98317add2c9ba72 - kubectl_version: v1.27.3 + version: v0.22.0 + node_image: kindest/node:v1.28.7@sha256:9bc6c451a289cf96ad0bbaf33d416901de6fd632415b076ab05f5fa7e4f65c58 + kubectl_version: v1.28.7 if: | (steps.list-changed.outputs.changed == 'true') || (contains(github.event.pull_request.labels.*.name, 'needs-testing')) @@ -96,6 +96,11 @@ jobs: - name: Run chart-testing (install) run: ct install --config ./default.ct.yaml --helm-extra-args "--timeout 30m" + - name: Run chart-testing (needs-testing) + run: ct install --config ./default.ct.yaml --helm-extra-args "--timeout 30m" --all + if: | + (contains(github.event.pull_request.labels.*.name, 'needs-testing')) + artifacthub-changelog: runs-on: ubuntu-latest steps: diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 522bb8ac..b03949dc 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -19,13 +19,6 @@ jobs: git config user.name "$GITHUB_ACTOR" git config user.email "$GITHUB_ACTOR@users.noreply.github.com" - # See https://github.com/helm/chart-releaser-action/issues/6 - - name: Install Helm - run: | - curl -fsSLo get_helm.sh https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 - chmod 700 get_helm.sh - ./get_helm.sh - - name: Add dependency chart repos run: | helm repo add banzaicloud-stable https://kubernetes-charts.banzaicloud.com @@ -35,6 +28,6 @@ jobs: helm repo add kube-logging https://kube-logging.github.io/helm-charts - name: Run chart-releaser - uses: helm/chart-releaser-action@v1.5.0 + uses: helm/chart-releaser-action@v1.6.0 env: CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" diff --git a/.github/workflows/test-suite.yaml b/.github/workflows/test-suite.yaml index b2039684..73a03daa 100644 --- a/.github/workflows/test-suite.yaml +++ b/.github/workflows/test-suite.yaml @@ -5,7 +5,7 @@ on: pull_request jobs: # runs for lagoon-core, lagoon-remote, lagoon-test test-suite: - runs-on: ubuntu-20.04 + runs-on: ubuntu-latest strategy: fail-fast: false matrix: @@ -48,7 +48,7 @@ jobs: run: sudo apt-get -y install python3-wheel - name: Set up chart-testing - uses: helm/chart-testing-action@v2.6.0 + uses: helm/chart-testing-action@v2.6.1 - name: Run chart-testing (list-changed) id: list-changed @@ -69,14 +69,14 @@ jobs: envsubst < test-suite.kind-config.yaml.tpl > test-suite.kind-config.yaml - name: Create kind cluster - uses: helm/kind-action@v1.8.0 + uses: helm/kind-action@v1.9.0 if: | (steps.list-changed.outputs.changed == 'true') || (contains(github.event.pull_request.labels.*.name, 'needs-testing')) with: - version: v0.20.0 - node_image: kindest/node:v1.27.3@sha256:3966ac761ae0136263ffdb6cfd4db23ef8a83cba8a463690e98317add2c9ba72 - kubectl_version: v1.27.3 + version: v0.22.0 + node_image: kindest/node:v1.28.7@sha256:9bc6c451a289cf96ad0bbaf33d416901de6fd632415b076ab05f5fa7e4f65c58 + kubectl_version: v1.28.7 config: test-suite.kind-config.yaml - name: Check node IP matches kind configuration diff --git a/Makefile b/Makefile index 64088fcf..45f64657 100644 --- a/Makefile +++ b/Makefile @@ -79,6 +79,7 @@ install-ingress: --namespace ingress-nginx \ --wait \ --timeout $(TIMEOUT) \ + --set controller.allowSnippetAnnotations=true \ --set controller.service.type=NodePort \ --set controller.service.nodePorts.http=32080 \ --set controller.service.nodePorts.https=32443 \ @@ -86,7 +87,7 @@ install-ingress: --set controller.config.hsts="false" \ --set controller.watchIngressWithoutClass=true \ --set controller.ingressClassResource.default=true \ - --version=4.7.2 \ + --version=4.9.1 \ ingress-nginx \ ingress-nginx/ingress-nginx @@ -106,7 +107,7 @@ install-registry: install-ingress --set clair.enabled=false \ --set notary.enabled=false \ --set trivy.enabled=false \ - --version=1.13.0 \ + --version=1.14.0 \ registry \ harbor/harbor @@ -162,7 +163,7 @@ install-minio: install-ingress --timeout $(TIMEOUT) \ --set auth.rootUser=lagoonFilesAccessKey,auth.rootPassword=lagoonFilesSecretKey \ --set defaultBuckets='lagoon-files\,restores' \ - --version=12.8.7 \ + --version=13.6.2 \ minio \ bitnami/minio @@ -261,7 +262,7 @@ install-lagoon-remote: install-lagoon-build-deploy install-lagoon-core install-m # Do not install without lagoon-core # .PHONY: install-lagoon-build-deploy -install-lagoon-build-deploy: install-lagoon-core install-registry +install-lagoon-build-deploy: install-lagoon-core $(HELM) dependency build ./charts/lagoon-build-deploy/ $(HELM) upgrade \ --install \ @@ -288,6 +289,11 @@ install-lagoon-build-deploy: install-lagoon-core install-registry lagoon-build-deploy \ ./charts/lagoon-build-deploy +# allow skipping registry install for install-lagoon-remote target +ifneq ($(SKIP_INSTALL_REGISTRY),true) +install-lagoon-build-deploy: install-registry +endif + # # The following targets facilitate local development only and aren't used in CI. # diff --git a/charts/lagoon-core/Chart.yaml b/charts/lagoon-core/Chart.yaml index 0b1d71bb..9b18aa85 100644 --- a/charts/lagoon-core/Chart.yaml +++ b/charts/lagoon-core/Chart.yaml @@ -21,13 +21,13 @@ type: application # time you make changes to the chart and its templates, including the app # version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 1.41.0 +version: 1.42.0 # This is the version number of the application being deployed. This version # number should be incremented each time you make changes to the application. # Versions are not expected to follow Semantic Versioning. They should reflect # the version the application is using. -appVersion: v2.17.0 +appVersion: v2.18.0 dependencies: - name: nats @@ -41,10 +41,22 @@ dependencies: annotations: artifacthub.io/changes: | - kind: changed - description: bump lagoon-opensearch-sync version to v0.7.1 + description: update Lagoon appVersion to v2.18.0 - kind: changed - description: updated to insights-handler:v0.0.2 + description: remove unused legacy registry setting from core - kind: changed - description: pinned insights to trivy:0.48.0 + description: modify keycloak liveness and readiness endpoint - kind: changed - description: update lagoon appVersion to v2.17.0 + description: added initcontainer to api to handle keycloak migrations + - kind: changed + description: updated insights-handler to v0.0.4 + - kind: fixed + description: apiDB livenessProbe access denied + - kind: added + description: apiDB readinessProbe uses sql query + - kind: added + description: apiDB startupProbe waits for init completion + - kind: added + description: apiDB configurable terminationGracePeriodSeconds + - kind: added + description: keycloakDB aligns to apiDB diff --git a/charts/lagoon-core/ci/linter-values.yaml b/charts/lagoon-core/ci/linter-values.yaml index 610c1ce0..387372c6 100644 --- a/charts/lagoon-core/ci/linter-values.yaml +++ b/charts/lagoon-core/ci/linter-values.yaml @@ -3,7 +3,6 @@ # To be deprecated - see uselagoon/lagoon#2907 harborURL: http://disabled-only-use-harbor-via-deploy-controller.invalid harborAdminPassword: not-needed -registry: disabled-only-use-harbor-via-deploy-controller.invalid # used in api elasticsearchURL: http://opendistro-es-client-service.opendistro-es.svc.cluster.local:9200 @@ -48,7 +47,6 @@ apiRedis: requests: cpu: "10m" -# TODO - update repo/tag before v2.11 release actionsHandler: replicaCount: 1 image: @@ -76,6 +74,9 @@ keycloak: resources: requests: cpu: "10m" + ingress: + annotations: + nginx.ingress.kubernetes.io/proxy-buffer-size: "128k" keycloakDB: image: diff --git a/charts/lagoon-core/templates/api-db.statefulset.yaml b/charts/lagoon-core/templates/api-db.statefulset.yaml index a52cb755..2b497996 100644 --- a/charts/lagoon-core/templates/api-db.statefulset.yaml +++ b/charts/lagoon-core/templates/api-db.statefulset.yaml @@ -49,9 +49,10 @@ spec: volumeMounts: - name: {{ include "lagoon-core.apiDB.fullname" . }}-data mountPath: /var/lib/mysql + {{- with .Values.apiDB.readinessProbe }} readinessProbe: - tcpSocket: - port: mariadb + {{- toYaml . | nindent 10 }} + {{- end }} {{- with .Values.apiDB.livenessProbe }} livenessProbe: {{- toYaml . | nindent 10 }} @@ -78,6 +79,10 @@ spec: tolerations: {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.apiDB.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: + {{- toYaml . | nindent 8 }} + {{- end }} volumeClaimTemplates: - metadata: name: {{ include "lagoon-core.apiDB.fullname" . }}-data diff --git a/charts/lagoon-core/templates/api.deployment.yaml b/charts/lagoon-core/templates/api.deployment.yaml index 5f469bf6..2ef50a39 100644 --- a/charts/lagoon-core/templates/api.deployment.yaml +++ b/charts/lagoon-core/templates/api.deployment.yaml @@ -30,6 +30,47 @@ spec: {{- end }} securityContext: {{- toYaml (coalesce .Values.api.podSecurityContext .Values.podSecurityContext) | nindent 8 }} + initContainers: + - command: + - "sh" + - "-c" + - "node -r dotenv-extended/config dist/migrations/lagoon/migration.js" + image: "{{ .Values.api.image.repository }}:{{ coalesce .Values.api.image.tag .Values.imageTag .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.api.image.pullPolicy }} + name: migrations + env: + - name: API_DB_HOST + value: {{ include "lagoon-core.apiDB.fullname" . }} + - name: API_DB_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "lagoon-core.apiDB.fullname" . }} + key: API_DB_PASSWORD + - name: KEYCLOAK_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "lagoon-core.keycloak.fullname" . }} + key: KEYCLOAK_ADMIN_PASSWORD + - name: KEYCLOAK_ADMIN_USER + value: {{ .Values.keycloakAdminUser | quote }} + - name: KEYCLOAK_API_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: {{ include "lagoon-core.keycloak.fullname" . }} + key: KEYCLOAK_API_CLIENT_SECRET + - name: KEYCLOAK_URL + {{- if .Values.keycloakFrontEndURL }} + value: {{ .Values.keycloakFrontEndURL }} + {{- else if .Values.keycloak.ingress.enabled }} + value: https://{{ index .Values.keycloak.ingress.hosts 0 "host" }} + {{- else }} + value: http://{{ include "lagoon-core.keycloak.fullname" . }}:{{ .Values.keycloak.service.port }} + {{- end }} + - name: REDIS_HOST + value: {{ include "lagoon-core.apiRedis.fullname" . }} + envFrom: + - secretRef: + name: {{ include "lagoon-core.api.fullname" . }} containers: - name: api securityContext: @@ -126,8 +167,6 @@ spec: key: RABBITMQ_USERNAME - name: REDIS_HOST value: {{ include "lagoon-core.apiRedis.fullname" . }} - - name: REGISTRY - value: {{ required "A valid .Values.registry required!" .Values.registry | quote }} - name: S3_FILES_BUCKET value: {{ required "A valid .Values.s3FilesBucket required!" .Values.s3FilesBucket | quote }} - name: S3_FILES_HOST diff --git a/charts/lagoon-core/templates/keycloak-db.statefulset.yaml b/charts/lagoon-core/templates/keycloak-db.statefulset.yaml index 3465debc..eedf9351 100644 --- a/charts/lagoon-core/templates/keycloak-db.statefulset.yaml +++ b/charts/lagoon-core/templates/keycloak-db.statefulset.yaml @@ -49,12 +49,14 @@ spec: volumeMounts: - name: {{ include "lagoon-core.keycloakDB.fullname" . }}-data mountPath: /var/lib/mysql - livenessProbe: - tcpSocket: - port: mariadb + {{- with .Values.keycloakDB.readinessProbe }} readinessProbe: - tcpSocket: - port: mariadb + {{- toYaml . | nindent 10 }} + {{- end }} + {{- with .Values.keycloakDB.livenessProbe }} + livenessProbe: + {{- toYaml . | nindent 10 }} + {{- end }} {{- with .Values.keycloakDB.startupProbe }} startupProbe: {{- toYaml . | nindent 10 }} @@ -77,6 +79,10 @@ spec: tolerations: {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.keycloakDB.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: + {{- toYaml . | nindent 8 }} + {{- end }} volumeClaimTemplates: - metadata: name: {{ include "lagoon-core.keycloakDB.fullname" . }}-data diff --git a/charts/lagoon-core/templates/keycloak.deployment.yaml b/charts/lagoon-core/templates/keycloak.deployment.yaml index fc044c04..5392589e 100644 --- a/charts/lagoon-core/templates/keycloak.deployment.yaml +++ b/charts/lagoon-core/templates/keycloak.deployment.yaml @@ -53,6 +53,19 @@ spec: - name: KEYCLOAK_ADMIN_EMAIL value: {{ . | quote }} {{- end }} + - name: LAGOON_DB_HOST + value: {{ include "lagoon-core.apiDB.fullname" . }} + - name: LAGOON_DB_VENDOR + value: mariadb + - name: LAGOON_DB_USER + value: api + - name: LAGOON_DB_DATABASE + value: infrastructure + - name: LAGOON_DB_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "lagoon-core.apiDB.fullname" . }} + key: API_DB_PASSWORD {{- range $key, $val := .Values.keycloak.additionalEnvs }} - name: {{ $key }} value: {{ $val | quote }} @@ -65,11 +78,11 @@ spec: containerPort: 8080 livenessProbe: httpGet: - path: / + path: /auth port: http-8080 readinessProbe: httpGet: - path: / + path: /auth port: http-8080 startupProbe: exec: diff --git a/charts/lagoon-core/templates/webhooks2tasks.deployment.yaml b/charts/lagoon-core/templates/webhooks2tasks.deployment.yaml index 9efabf37..d9ee07a5 100644 --- a/charts/lagoon-core/templates/webhooks2tasks.deployment.yaml +++ b/charts/lagoon-core/templates/webhooks2tasks.deployment.yaml @@ -94,8 +94,6 @@ spec: secretKeyRef: name: {{ include "lagoon-core.broker.fullname" . }} key: RABBITMQ_USERNAME - - name: REGISTRY - value: {{ required "A valid .Values.registry required!" .Values.registry | quote }} {{- range $key, $val := .Values.webhooks2tasks.additionalEnvs }} - name: {{ $key }} value: {{ $val | quote }} diff --git a/charts/lagoon-core/values.yaml b/charts/lagoon-core/values.yaml index f37eea9a..862a6515 100644 --- a/charts/lagoon-core/values.yaml +++ b/charts/lagoon-core/values.yaml @@ -4,7 +4,6 @@ # elasticsearchURL: # harborURL: # kibanaURL: -# registry: # s3BAASSecretAccessKey: # s3BAASAccessKeyID: # s3FilesAccessKeyID: @@ -170,21 +169,29 @@ apiDB: storageSize: 128Gi + terminationGracePeriodSeconds: 30 + startupProbe: # 60*10s period = 10 minutes failureThreshold: 60 - tcpSocket: - port: mariadb + exec: + command: + - test + - -f + - /tmp/mariadb-init-complete livenessProbe: exec: command: - mysqladmin - - --host=localhost - - --port=3306 - --connect-timeout=4 - ping + readinessProbe: + exec: + command: + - /usr/share/container-scripts/mysql/readiness-probe.sh + apiRedis: image: repository: uselagoon/api-redis @@ -296,12 +303,26 @@ keycloakDB: additionalEnvs: # FOO: Bar + terminationGracePeriodSeconds: 30 + startupProbe: # 60*10s period = 10 minutes failureThreshold: 60 tcpSocket: port: mariadb + livenessProbe: + exec: + command: + - mysqladmin + - --connect-timeout=4 + - ping + + readinessProbe: + exec: + command: + - /usr/share/container-scripts/mysql/readiness-probe.sh + broker: replicaCount: 3 image: @@ -596,7 +617,7 @@ insightsHandler: repository: uselagoon/insights-handler pullPolicy: Always # Overrides the image tag whose default is the chart appVersion. - tag: main + tag: "v0.0.4" podAnnotations: {} diff --git a/charts/lagoon-remote/Chart.lock b/charts/lagoon-remote/Chart.lock index cf4d6808..3def3a55 100644 --- a/charts/lagoon-remote/Chart.lock +++ b/charts/lagoon-remote/Chart.lock @@ -1,15 +1,12 @@ dependencies: - name: lagoon-build-deploy repository: https://uselagoon.github.io/lagoon-charts/ - version: 0.26.3 -- name: dioscuri - repository: https://amazeeio.github.io/charts/ - version: 0.4.1 + version: 0.26.4 - name: dbaas-operator repository: https://amazeeio.github.io/charts/ version: 0.3.0 - name: nats repository: https://nats-io.github.io/k8s/helm/charts/ version: 0.19.17 -digest: sha256:1f873430b35bd44722954a1f02699e32c5e7468a9a77a135e5df3ca3766a8ed2 -generated: "2023-12-08T13:18:21.18121865+11:00" +digest: sha256:474fd1780a647f467a7120a0ad75fc1cd02bb3e6a7b964a75a4c5bbaefb4344b +generated: "2024-03-13T12:56:47.068393312+11:00" diff --git a/charts/lagoon-remote/Chart.yaml b/charts/lagoon-remote/Chart.yaml index 26141057..520119d1 100644 --- a/charts/lagoon-remote/Chart.yaml +++ b/charts/lagoon-remote/Chart.yaml @@ -19,17 +19,13 @@ type: application # This is the chart version. This version number should be incremented each # time you make changes to the chart and its templates, including the app # version. -version: 0.87.0 +version: 0.88.0 dependencies: - name: lagoon-build-deploy version: ~0.26.0 repository: https://uselagoon.github.io/lagoon-charts/ condition: lagoon-build-deploy.enabled -- name: dioscuri - version: ~0.4.0 - repository: https://amazeeio.github.io/charts/ - condition: dioscuri.enabled - name: dbaas-operator version: ~0.3.0 repository: https://amazeeio.github.io/charts/ @@ -45,10 +41,16 @@ dependencies: annotations: artifacthub.io/changes: | - kind: changed - description: remove insights-remote service if not enabled + description: update storage-calculator to v0.5.2 + - kind: changed + description: added metrics to storage-calculator - kind: removed - description: removed old kubernetes build deploy references + description: removed dioscuri subchart, activestandby is handled via a Lagoon task directly now + - kind: changed + description: updated insights-remote version to v0.0.9 - kind: changed - description: updated to insights-remote:v0.0.8 + description: update lagoon-build-deploy to 0.26.4 - kind: changed - description: updated lagoon-build-deploy chart to v0.26.3 + description: update ssh-portal to v0.34.0 + - kind: added + description: add support for logs access via SSH diff --git a/charts/lagoon-remote/README.md b/charts/lagoon-remote/README.md index 6cec937f..aa18e320 100644 --- a/charts/lagoon-remote/README.md +++ b/charts/lagoon-remote/README.md @@ -12,7 +12,7 @@ This is outside the scope of this README. ## Install -*NOTE:* This chart must be installed into the `lagoon` namespace because software that consumes lagoon services inside the cluster asumes that services are available at `*.lagoon.svc`. +*NOTE:* This chart must be installed into the `lagoon` namespace because software that consumes lagoon services inside the cluster assumes that services are available at `*.lagoon.svc`. ``` helm upgrade --install --create-namespace --namespace lagoon lagoon-remote ./charts/lagoon-remote @@ -20,7 +20,7 @@ helm upgrade --install --create-namespace --namespace lagoon lagoon-remote ./cha ### OpenShift -the included docker-host needs `priviledged` permissions: +the included docker-host needs `privileged` permissions: ``` oc -n lagoon adm policy add-scc-to-user privileged -z lagoon-remote-docker-host diff --git a/charts/lagoon-remote/ci/linter-values.yaml b/charts/lagoon-remote/ci/linter-values.yaml index 9c7e7d9d..9baf1745 100644 --- a/charts/lagoon-remote/ci/linter-values.yaml +++ b/charts/lagoon-remote/ci/linter-values.yaml @@ -96,5 +96,9 @@ sshPortal: 6lnrpkhPYdpdKnF3PCEyAAAAAAECAwQF -----END OPENSSH PRIVATE KEY----- + logAccessEnabled: true + storageCalculator: enabled: true + serviceMonitor: + enabled: false diff --git a/charts/lagoon-remote/templates/ssh-portal.clusterrole.yaml b/charts/lagoon-remote/templates/ssh-portal.clusterrole.yaml index f3070b64..276d5378 100644 --- a/charts/lagoon-remote/templates/ssh-portal.clusterrole.yaml +++ b/charts/lagoon-remote/templates/ssh-portal.clusterrole.yaml @@ -42,4 +42,19 @@ rules: - pods/exec verbs: - create +{{- if .Values.sshPortal.logAccessEnabled }} +# k8s.Logs +- apiGroups: + - "" + resources: + - pods/log + verbs: + - get +- apiGroups: + - "" + resources: + - pods + verbs: + - watch +{{- end }} {{- end }} diff --git a/charts/lagoon-remote/templates/ssh-portal.deployment.yaml b/charts/lagoon-remote/templates/ssh-portal.deployment.yaml index 4caa2e45..3b49dfec 100644 --- a/charts/lagoon-remote/templates/ssh-portal.deployment.yaml +++ b/charts/lagoon-remote/templates/ssh-portal.deployment.yaml @@ -37,6 +37,10 @@ spec: - name: DEBUG value: "true" {{- end }} + {{- if .Values.sshPortal.logAccessEnabled }} + - name: LOG_ACCESS_ENABLED + value: "true" + {{- end }} - name: NATS_URL value: nats://{{ include "lagoon-remote.fullname" . }}-nats {{- range $key, $val := .Values.sshPortal.additionalEnvs }} diff --git a/charts/lagoon-remote/templates/storage-calculator.deployment.yaml b/charts/lagoon-remote/templates/storage-calculator.deployment.yaml index f4cc3ecf..49dcd6df 100644 --- a/charts/lagoon-remote/templates/storage-calculator.deployment.yaml +++ b/charts/lagoon-remote/templates/storage-calculator.deployment.yaml @@ -35,10 +35,14 @@ spec: command: - /manager args: - - "--metrics-bind-address=127.0.0.1:8080" + - "--metrics-bind-address=0.0.0.0:8080" + - "--prometheus-metrics=true" {{- with .Values.storageCalculator.extraArgs }} {{- toYaml . | nindent 8 }} {{- end }} + ports: + - name: metrics + containerPort: 8080 env: {{- range $name, $value := .Values.storageCalculator.extraEnvs }} - name: {{ .name }} diff --git a/charts/lagoon-remote/templates/storage-calculator.service.yaml b/charts/lagoon-remote/templates/storage-calculator.service.yaml new file mode 100644 index 00000000..8a73bfdf --- /dev/null +++ b/charts/lagoon-remote/templates/storage-calculator.service.yaml @@ -0,0 +1,17 @@ +{{- if .Values.storageCalculator.enabled -}} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "lagoon-remote.storageCalculator.fullname" . }}-metrics + labels: + metrics-only: "true" + {{- include "lagoon-remote.storageCalculator.labels" . | nindent 4 }} +spec: + type: {{ .Values.storageCalculator.metricsService.type }} + ports: + - port: {{ .Values.storageCalculator.metricsService.ports.metrics }} + targetPort: metrics + name: metrics + selector: + {{- include "lagoon-remote.storageCalculator.selectorLabels" . | nindent 4 }} +{{- end }} diff --git a/charts/lagoon-remote/templates/storage-calculator.servicemonitor.yaml b/charts/lagoon-remote/templates/storage-calculator.servicemonitor.yaml new file mode 100644 index 00000000..fc339b51 --- /dev/null +++ b/charts/lagoon-remote/templates/storage-calculator.servicemonitor.yaml @@ -0,0 +1,18 @@ +{{- if and .Values.storageCalculator.enabled .Values.storageCalculator.serviceMonitor.enabled -}} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "lagoon-remote.storageCalculator.fullname" . }} + labels: + {{- include "lagoon-remote.storageCalculator.labels" . | nindent 4 }} +spec: + endpoints: + - port: metrics + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + selector: + matchLabels: + metrics-only: "true" + {{- include "lagoon-remote.storageCalculator.selectorLabels" . | nindent 6 }} +{{- end }} diff --git a/charts/lagoon-remote/values.yaml b/charts/lagoon-remote/values.yaml index 866f1871..d0678541 100644 --- a/charts/lagoon-remote/values.yaml +++ b/charts/lagoon-remote/values.yaml @@ -126,7 +126,7 @@ sshPortal: repository: ghcr.io/uselagoon/lagoon-ssh-portal/ssh-portal pullPolicy: IfNotPresent # Overrides the image tag whose default is the chart appVersion. - tag: "v0.30.1" + tag: "v0.34.0" service: type: LoadBalancer @@ -163,6 +163,10 @@ sshPortal: ed25519: "" rsa: "" + # Log access via SSH is disabled by default. + # Uncomment this line to enable log access via SSH. + # logAccessEnabled: true + # This subchart is disabled by default until this build-deploy type is in # widespread use. lagoon-build-deploy: @@ -181,11 +185,6 @@ lagoon-build-deploy: # See the parent chart for the full range of values that can be passed here to control builds # https://github.com/uselagoon/lagoon-charts/blob/main/charts/lagoon-build-deploy/values.yaml -# dioscuri is the operator which implements Lagoon active-standby. -# This subchart is enabled by default as this is a core Lagoon feature. -dioscuri: - enabled: true - # dbaas-operator provisions database-as-a-service accounts for projects. # Example provider configuration can be found in the dbaas-operator values.yaml # https://github.com/amazeeio/charts/blob/main/charts/dbaas-operator/values.yaml @@ -220,7 +219,7 @@ insightsRemote: repository: uselagoon/insights-remote pullPolicy: Always # Overrides the image tag whose default is the chart appVersion. - tag: "v0.0.8" + tag: "v0.0.9" imagePullSecrets: [] nameOverride: "" @@ -362,8 +361,16 @@ storageCalculator: # template name: + metricsService: + type: ClusterIP + ports: + metrics: 9912 + + serviceMonitor: + enabled: true + image: repository: uselagoon/remote-calculator pullPolicy: IfNotPresent # Overrides the image tag whose default is the chart appVersion. - tag: v0.2.3 + tag: v0.5.2 diff --git a/charts/lagoon-test/Chart.yaml b/charts/lagoon-test/Chart.yaml index a766f179..b4bb6cdf 100644 --- a/charts/lagoon-test/Chart.yaml +++ b/charts/lagoon-test/Chart.yaml @@ -15,13 +15,13 @@ type: application # time you make changes to the chart and its templates, including the app # version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.53.0 +version: 0.54.0 # This is the version number of the application being deployed. This version # number should be incremented each time you make changes to the application. # Versions are not expected to follow Semantic Versioning. They should reflect # the version the application is using. -appVersion: v2.17.0 +appVersion: v2.18.0 # This section is used to collect a changelog for artifacthub.io # It should be started afresh for each release @@ -29,6 +29,4 @@ appVersion: v2.17.0 annotations: artifacthub.io/changes: | - kind: changed - description: add minio settings to api-data-watcher-pusher and make into a helm test job - - kind: changed - description: update lagoon appVersion to v2.17.0 + description: update Lagoon appVersion to v2.18.0