forked from uselagoon/lagoon-charts
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathMakefile
352 lines (329 loc) · 16.4 KB
/
Makefile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
TESTS = [api]
# IMAGE_TAG controls the tag used for container images in the lagoon-core,
# lagoon-remote, and lagoon-test charts. If IMAGE_TAG is not set, it will fall
# back to the version set in the CI values file, then to the chart default.
IMAGE_TAG =
# IMAGE_REGISTRY controls the registry used for container images in the
# lagoon-core, lagoon-remote, and lagoon-test charts. If IMAGE_REGISTRY is not
# set, it will fall back to the version set in the chart values files. This
# only affects lagoon-core, lagoon-remote, and the fill-test-ci-values target.
IMAGE_REGISTRY = uselagoon
# if OVERRIDE_BUILD_DEPLOY_DIND_IMAGE is not set, it will fall back to the
# controller default (uselagoon/kubectl-build-deploy-dind:latest).
OVERRIDE_BUILD_DEPLOY_DIND_IMAGE =
# Overrides the image tag for amazeeio/lagoon-builddeploy whose default is
# the lagoon-build-deploy chart appVersion.
OVERRIDE_BUILD_DEPLOY_CONTROLLER_IMAGETAG =
# Overrides the image repository for amazeeio/lagoon-builddeploy whose default
# is the amazeeio/lagoon-builddeploy.
OVERRIDE_BUILD_DEPLOY_CONTROLLER_IMAGE_REPOSITORY =
# If set, sets the lagoon-build-deploy chart .Value.rootless=true.
BUILD_DEPLOY_CONTROLLER_ROOTLESS_BUILD_PODS =
# Control the feature flags on the lagoon-build-deploy chart. Valid values: `enabled` or `disabled`.
LAGOON_FEATURE_FLAG_DEFAULT_ROOTLESS_WORKLOAD =
LAGOON_FEATURE_FLAG_DEFAULT_ISOLATION_NETWORK_POLICY =
# Set to `true` to use the Calico CNI plugin instead of the default kindnet. This
# is useful for testing network policies.
USE_CALICO_CNI =
# Set to `true` to assume that `make install-registry` has been run manually.
# This avoids running install-registry twice in uselagoon/lagoon CI when
# invoking fill-test-ci-values.
SKIP_INSTALL_REGISTRY =
# Set to `true` to assume that all dependencies have already been installed.
# This allows updating the fill-test-ci-values template only, without
# installing any chart dependencies.
SKIP_ALL_DEPS =
TIMEOUT = 30m
HELM = helm
KUBECTL = kubectl
JQ = jq
.PHONY: fill-test-ci-values
fill-test-ci-values:
export ingressIP="$$($(KUBECTL) get nodes -o jsonpath='{.items[0].status.addresses[0].address}')" \
&& export keycloakAuthServerClientSecret="$$($(KUBECTL) -n lagoon get secret lagoon-core-keycloak -o json | $(JQ) -r '.data.KEYCLOAK_AUTH_SERVER_CLIENT_SECRET | @base64d')" \
&& export routeSuffixHTTP="$$($(KUBECTL) get nodes -o jsonpath='{.items[0].status.addresses[0].address}').nip.io" \
&& export routeSuffixHTTPS="$$($(KUBECTL) get nodes -o jsonpath='{.items[0].status.addresses[0].address}').nip.io" \
&& export token="$$($(KUBECTL) -n lagoon get secret -o json | $(JQ) -r '.items[] | select(.metadata.name | match("lagoon-build-deploy-token")) | .data.token | @base64d')" \
&& export $$([ $(IMAGE_TAG) ] && echo imageTag='$(IMAGE_TAG)' || echo imageTag='latest') \
&& export webhookHandler="lagoon-core-webhook-handler" \
&& export tests='$(TESTS)' imageRegistry='$(IMAGE_REGISTRY)' \
&& valueTemplate=charts/lagoon-test/ci/linter-values.yaml \
&& envsubst < $$valueTemplate.tpl > $$valueTemplate
ifneq ($(SKIP_ALL_DEPS),true)
ifneq ($(SKIP_INSTALL_REGISTRY),true)
fill-test-ci-values: install-registry
endif
fill-test-ci-values: install-ingress install-lagoon-core install-lagoon-remote install-nfs-server-provisioner
endif
.PHONY: install-ingress
install-ingress:
$(HELM) upgrade \
--install \
--create-namespace \
--namespace ingress-nginx \
--wait \
--timeout $(TIMEOUT) \
--set controller.service.type=NodePort \
--set controller.service.nodePorts.http=32080 \
--set controller.service.nodePorts.https=32443 \
--set controller.config.proxy-body-size=100m \
--version=3.31.0 \
ingress-nginx \
ingress-nginx/ingress-nginx
.PHONY: install-registry
install-registry: install-ingress
$(HELM) upgrade \
--install \
--create-namespace \
--namespace registry \
--wait \
--timeout $(TIMEOUT) \
--set expose.tls.enabled=false \
--set "expose.ingress.annotations.kubernetes\.io\/ingress\.class=nginx" \
--set "expose.ingress.hosts.core=registry.$$($(KUBECTL) get nodes -o jsonpath='{.items[0].status.addresses[0].address}').nip.io" \
--set "externalURL=http://registry.$$($(KUBECTL) get nodes -o jsonpath='{.items[0].status.addresses[0].address}').nip.io:32080" \
--set chartmuseum.enabled=false \
--set clair.enabled=false \
--set notary.enabled=false \
--set trivy.enabled=false \
--version=1.5.5 \
registry \
harbor/harbor
.PHONY: install-nfs-server-provisioner
install-nfs-server-provisioner:
$(HELM) upgrade \
--install \
--create-namespace \
--namespace nfs-server-provisioner \
--wait \
--timeout $(TIMEOUT) \
--set storageClass.name=bulk \
--version=1.1.3 \
nfs-server-provisioner \
stable/nfs-server-provisioner
.PHONY: install-mariadb
install-mariadb:
# root password is required on upgrade if the chart is already installed
$(HELM) upgrade \
--install \
--create-namespace \
--namespace mariadb \
--wait \
--timeout $(TIMEOUT) \
$$($(KUBECTL) get ns mariadb > /dev/null 2>&1 && echo --set auth.rootPassword=$$($(KUBECTL) get secret --namespace mariadb mariadb -o json | $(JQ) -r '.data."mariadb-root-password" | @base64d')) \
--version=9.3.13 \
mariadb \
bitnami/mariadb
.PHONY: install-postgresql
install-postgresql:
# root password is required on upgrade if the chart is already installed
$(HELM) upgrade \
--install \
--create-namespace \
--namespace postgresql \
--wait \
--timeout $(TIMEOUT) \
$$($(KUBECTL) get ns postgresql > /dev/null 2>&1 && echo --set postgresqlPassword=$$($(KUBECTL) get secret --namespace postgresql postgresql -o json | $(JQ) -r '.data."postgresql-password" | @base64d')) \
--version=10.4.8 \
postgresql \
bitnami/postgresql
.PHONY: install-mongodb
install-mongodb:
$(HELM) upgrade \
--install \
--create-namespace \
--namespace mongodb \
--wait \
--timeout $(TIMEOUT) \
$$($(KUBECTL) get ns mongodb > /dev/null 2>&1 && echo --set auth.rootPassword=$$($(KUBECTL) get secret --namespace mongodb mongodb -o json | $(JQ) -r '.data."mongodb-root-password" | @base64d')) \
--set tls.enabled=false \
--version=10.16.4 \
mongodb \
bitnami/mongodb
.PHONY: install-minio
install-minio: install-ingress
$(HELM) upgrade \
--install \
--create-namespace \
--namespace minio \
--wait \
--timeout $(TIMEOUT) \
--set accessKey.password=lagoonFilesAccessKey,secretKey.password=lagoonFilesSecretKey \
--set defaultBuckets=lagoon-files \
--version=8.1.9 \
minio \
bitnami/minio
.PHONY: install-lagoon-core
install-lagoon-core: install-minio
$(HELM) upgrade \
--install \
--create-namespace \
--namespace lagoon \
--wait \
--timeout $(TIMEOUT) \
--values ./charts/lagoon-core/ci/linter-values.yaml \
$$([ $(IMAGE_TAG) ] && echo '--set imageTag=$(IMAGE_TAG)') \
$$([ $(OVERRIDE_BUILD_DEPLOY_DIND_IMAGE) ] && echo '--set overwriteKubectlBuildDeployDindImage=$(OVERRIDE_BUILD_DEPLOY_DIND_IMAGE)') \
--set "harborAdminPassword=Harbor12345" \
--set "harborURL=http://registry.$$($(KUBECTL) get nodes -o jsonpath='{.items[0].status.addresses[0].address}').nip.io:32080" \
--set "keycloakAPIURL=http://lagoon-keycloak.$$($(KUBECTL) get nodes -o jsonpath='{.items[0].status.addresses[0].address}').nip.io:32080/auth" \
--set "lagoonAPIURL=http://lagoon-api.$$($(KUBECTL) get nodes -o jsonpath='{.items[0].status.addresses[0].address}').nip.io:32080/graphql" \
--set "registry=registry.$$($(KUBECTL) get nodes -o jsonpath='{.items[0].status.addresses[0].address}').nip.io:32080" \
--set api.image.repository=$(IMAGE_REGISTRY)/api \
--set apiDB.image.repository=$(IMAGE_REGISTRY)/api-db \
--set apiRedis.image.repository=$(IMAGE_REGISTRY)/api-redis \
--set authServer.image.repository=$(IMAGE_REGISTRY)/auth-server \
--set autoIdler.enabled=false \
--set backupHandler.enabled=false \
--set broker.image.repository=$(IMAGE_REGISTRY)/broker \
--set controllerhandler.image.repository=$(IMAGE_REGISTRY)/controllerhandler \
--set drushAlias.image.repository=$(IMAGE_REGISTRY)/drush-alias \
--set keycloak.image.repository=$(IMAGE_REGISTRY)/keycloak \
--set keycloakDB.image.repository=$(IMAGE_REGISTRY)/keycloak-db \
--set logs2s3.image.repository=$(IMAGE_REGISTRY)/logs2s3 \
--set logs2email.enabled=false \
--set logs2microsoftteams.enabled=false \
--set logs2rocketchat.enabled=false \
--set logs2slack.enabled=false \
--set logs2webhook.enabled=false \
--set ssh.image.repository=$(IMAGE_REGISTRY)/ssh \
--set sshPortal.enabled=false \
--set storageCalculator.enabled=false \
--set ui.image.repository=$(IMAGE_REGISTRY)/ui \
--set webhookHandler.image.repository=$(IMAGE_REGISTRY)/webhook-handler \
--set webhooks2tasks.image.repository=$(IMAGE_REGISTRY)/webhooks2tasks \
--set s3FilesAccessKeyID=lagoonFilesAccessKey \
--set s3FilesSecretAccessKey=lagoonFilesSecretKey \
--set s3FilesBucket=lagoon-files \
--set s3FilesHost=http://minio.minio.svc:9000 \
--set api.ingress.enabled=true \
--set api.ingress.hosts[0].host="lagoon-api.$$($(KUBECTL) get nodes -o jsonpath='{.items[0].status.addresses[0].address}').nip.io" \
--set api.ingress.hosts[0].paths[0]="/" \
--set ui.ingress.enabled=true \
--set ui.ingress.hosts[0].host="lagoon-ui.$$($(KUBECTL) get nodes -o jsonpath='{.items[0].status.addresses[0].address}').nip.io" \
--set ui.ingress.hosts[0].paths[0]="/" \
--set keycloak.ingress.enabled=true \
--set keycloak.ingress.hosts[0].host="lagoon-keycloak.$$($(KUBECTL) get nodes -o jsonpath='{.items[0].status.addresses[0].address}').nip.io" \
--set keycloak.ingress.hosts[0].paths[0]="/" \
--set broker.ingress.enabled=true \
--set broker.ingress.hosts[0].host="lagoon-broker.$$($(KUBECTL) get nodes -o jsonpath='{.items[0].status.addresses[0].address}').nip.io" \
--set broker.ingress.hosts[0].paths[0]="/" \
lagoon-core \
./charts/lagoon-core
.PHONY: install-lagoon-remote
install-lagoon-remote: install-lagoon-build-deploy install-lagoon-core install-mariadb install-postgresql install-mongodb
$(HELM) dependency build ./charts/lagoon-remote/
$(HELM) upgrade \
--install \
--create-namespace \
--namespace lagoon \
--wait \
--timeout $(TIMEOUT) \
--values ./charts/lagoon-remote/ci/linter-values.yaml \
--set dockerHost.image.repository=$(IMAGE_REGISTRY)/docker-host \
--set "lagoon-build-deploy.enabled=false" \
--set "dockerHost.registry=registry.$$($(KUBECTL) get nodes -o jsonpath='{.items[0].status.addresses[0].address}').nip.io:32080" \
--set "dbaas-operator.mariadbProviders.development.environment=development" \
--set "dbaas-operator.mariadbProviders.development.hostname=mariadb.mariadb.svc.cluster.local" \
--set "dbaas-operator.mariadbProviders.development.password=$$($(KUBECTL) get secret --namespace mariadb mariadb -o json | $(JQ) -r '.data."mariadb-root-password" | @base64d')" \
--set "dbaas-operator.mariadbProviders.development.port=3306" \
--set "dbaas-operator.mariadbProviders.development.user=root" \
--set "dbaas-operator.postgresqlProviders.development.environment=development" \
--set "dbaas-operator.postgresqlProviders.development.hostname=postgresql.postgresql.svc.cluster.local" \
--set "dbaas-operator.postgresqlProviders.development.password=$$($(KUBECTL) get secret --namespace postgresql postgresql -o json | $(JQ) -r '.data."postgresql-password" | @base64d')" \
--set "dbaas-operator.postgresqlProviders.development.port=5432" \
--set "dbaas-operator.postgresqlProviders.development.user=postgres" \
--set "dbaas-operator.mongodbProviders.development.environment=development" \
--set "dbaas-operator.mongodbProviders.development.hostname=mongodb.mongodb.svc.cluster.local" \
--set "dbaas-operator.mongodbProviders.development.password=$$($(KUBECTL) get secret --namespace mongodb mongodb -o json | $(JQ) -r '.data."mongodb-root-password" | @base64d')" \
--set "dbaas-operator.mongodbProviders.development.port=27017" \
--set "dbaas-operator.mongodbProviders.development.user=root" \
--set "dbaas-operator.mongodbProviders.development.auth.mechanism=SCRAM-SHA-1" \
--set "dbaas-operator.mongodbProviders.development.auth.source=admin" \
--set "dbaas-operator.mongodbProviders.development.auth.tls=false" \
$$([ $(IMAGE_TAG) ] && echo '--set imageTag=$(IMAGE_TAG)') \
lagoon-remote \
./charts/lagoon-remote
# The following target should only be called as a dependency of lagoon-remote
# Do not install without lagoon-core
#
.PHONY: install-lagoon-build-deploy
install-lagoon-build-deploy: install-lagoon-core
$(HELM) dependency build ./charts/lagoon-build-deploy/
$(HELM) upgrade \
--install \
--create-namespace \
--namespace lagoon \
--wait \
--timeout $(TIMEOUT) \
--values ./charts/lagoon-build-deploy/ci/linter-values.yaml \
--set "rabbitMQPassword=$$($(KUBECTL) -n lagoon get secret lagoon-core-broker -o json | $(JQ) -r '.data.RABBITMQ_PASSWORD | @base64d')" \
--set "rabbitMQHostname=lagoon-core-broker" \
$$([ $(OVERRIDE_BUILD_DEPLOY_DIND_IMAGE) ] && echo '--set overrideBuildDeployImage=$(OVERRIDE_BUILD_DEPLOY_DIND_IMAGE)') \
$$([ $(OVERRIDE_BUILD_DEPLOY_CONTROLLER_IMAGETAG) ] && echo '--set image.tag=$(OVERRIDE_BUILD_DEPLOY_CONTROLLER_IMAGETAG)') \
$$([ $(OVERRIDE_BUILD_DEPLOY_CONTROLLER_IMAGE_REPOSITORY) ] && echo '--set image.repository=$(OVERRIDE_BUILD_DEPLOY_CONTROLLER_IMAGE_REPOSITORY)') \
$$([ $(BUILD_DEPLOY_CONTROLLER_ROOTLESS_BUILD_PODS) ] && echo '--set rootlessBuildPods=true') \
$$([ $(LAGOON_FEATURE_FLAG_DEFAULT_ROOTLESS_WORKLOAD) ] && echo '--set lagoonFeatureFlagDefaultRootlessWorkload=$(LAGOON_FEATURE_FLAG_DEFAULT_ROOTLESS_WORKLOAD)') \
$$([ $(LAGOON_FEATURE_FLAG_DEFAULT_ISOLATION_NETWORK_POLICY) ] && echo '--set lagoonFeatureFlagDefaultIsolationNetworkPolicy=$(LAGOON_FEATURE_FLAG_DEFAULT_ISOLATION_NETWORK_POLICY)') \
lagoon-build-deploy \
./charts/lagoon-build-deploy
#
# The following targets facilitate local development only and aren't used in CI.
#
.PHONY: create-kind-cluster
create-kind-cluster:
docker network inspect kind >/dev/null || docker network create kind \
&& export KIND_NODE_IP=$$(docker run --network kind --rm alpine ip -o addr show eth0 | sed -nE 's/.* ([0-9.]{7,})\/.*/\1/p') \
&& envsubst < test-suite.kind-config.yaml.tpl > test-suite.kind-config.yaml \
&& envsubst < test-suite.kind-config.calico.yaml.tpl > test-suite.kind-config.calico.yaml
ifeq ($(USE_CALICO_CNI),true)
kind create cluster --wait=60s --config=test-suite.kind-config.calico.yaml \
&& kubectl apply -f ./ci/calico/tigera-operator.yaml \
&& kubectl apply -f ./ci/calico/custom-resources.yaml
.PHONY: install-calico
install-calico:
$(KUBECTL) apply -f ./ci/calico/tigera-operator.yaml \
&& $(KUBECTL) apply -f ./ci/calico/custom-resources.yaml
# add dependencies to ensure calico gets installed in the correct order
install-ingress: install-calico
install-registry: install-calico
install-nfs-server-provisioner: install-calico
install-mariadb: install-calico
install-postgresql: install-calico
install-mongodb: install-calico
install-lagoon-core: install-calico
install-lagoon-remote: install-calico
else
kind create cluster --wait=60s --config=test-suite.kind-config.yaml
endif
.PHONY: install-test-cluster
install-test-cluster: install-ingress install-registry install-nfs-server-provisioner install-mariadb install-postgresql install-mongodb install-minio
.PHONY: install-lagoon
install-lagoon: install-lagoon-core install-lagoon-remote
.PHONY: get-admin-creds
get-admin-creds:
echo "\nGraphQL admin token: \n$$(docker run \
-e JWTSECRET="$$($(KUBECTL) get secret -n lagoon lagoon-core-secrets -o jsonpath="{.data.JWTSECRET}" | base64 --decode)" \
-e JWTAUDIENCE=api.dev \
-e JWTUSER=localadmin \
uselagoon/tests \
python3 /ansible/tasks/api/admin_token.py)" \
&& echo "Keycloak admin password: " \
&& $(KUBECTL) get secret -n lagoon lagoon-core-keycloak -o jsonpath="{.data.KEYCLOAK_ADMIN_PASSWORD}" | base64 --decode \
&& echo "\nKeycloak password for lagoonadmin user: " \
&& $(KUBECTL) get secret -n lagoon lagoon-core-keycloak -o jsonpath="{.data.KEYCLOAK_LAGOON_ADMIN_PASSWORD}" | base64 --decode \
&& echo "\n"
.PHONY: pf-keycloak pf-api pf-ssh pf-ui
pf-keycloak:
$(KUBECTL) port-forward -n lagoon svc/lagoon-core-keycloak 8080 2>/dev/null &
pf-api:
$(KUBECTL) port-forward -n lagoon svc/lagoon-core-api 7070:80 2>/dev/null &
pf-ssh:
$(KUBECTL) port-forward -n lagoon svc/lagoon-core-ssh 2020 2>/dev/null &
pf-ui:
$(KUBECTL) port-forward -n lagoon svc/lagoon-core-ui 6060:3000 2>/dev/null &
.PHONY: port-forwards
port-forwards: pf-keycloak pf-api pf-ssh pf-ui
.PHONY: run-tests
run-tests:
$(HELM) test --namespace lagoon --timeout 30m lagoon-test