diff --git a/.github/workflows/lint-test-matrix.yaml b/.github/workflows/lint-test-matrix.yaml index e5ed6588..7e63c08a 100644 --- a/.github/workflows/lint-test-matrix.yaml +++ b/.github/workflows/lint-test-matrix.yaml @@ -11,11 +11,12 @@ jobs: fail-fast: false matrix: kindest_node_version: - - v1.23.17@sha256:59c989ff8a517a93127d4a536e7014d28e235fb3529d9fba91b3951d461edfdb - - v1.24.15@sha256:7db4f8bea3e14b82d12e044e25e34bd53754b7f2b0e9d56df21774e6f66a70ab - - v1.25.11@sha256:227fa11ce74ea76a0474eeefb84cb75d8dad1b08638371ecf0e86259b35be0c8 - - v1.26.6@sha256:6e2d8b28a5b601defe327b98bd1c2d1930b49e5d8c512e1895099e4504007adb - - v1.28.0@sha256:b7a4cad12c197af3ba43202d3efe03246b3f0793f162afb40a33c923952d5b31 + - v1.23.17@sha256:14d0a9a892b943866d7e6be119a06871291c517d279aedb816a4b4bc0ec0a5b3 + - v1.24.17@sha256:bad10f9b98d54586cba05a7eaa1b61c6b90bfc4ee174fdc43a7b75ca75c95e51 + - v1.25.16@sha256:e8b50f8e06b44bb65a93678a65a26248fae585b3d3c2a669e5ca6c90c69dc519 + - v1.26.14@sha256:5d548739ddef37b9318c70cb977f57bf3e5015e4552be4e27e57280a8cbb8e4f + - v1.27.11@sha256:681253009e68069b8e01aad36a1e0fa8cf18bb0ab3e5c4069b2e65cafdd70843 + - v1.29.2@sha256:51a1434a5397193442f0be2a297b488b6c919ce8a3931be0ce822606ea5ca245 steps: - name: Checkout uses: actions/checkout@v4 @@ -26,7 +27,7 @@ jobs: run: sudo apt-get -y install python3-wheel - name: Set up chart-testing - uses: helm/chart-testing-action@v2.6.0 + uses: helm/chart-testing-action@v2.6.1 - name: Run chart-testing (list-changed) id: list-changed @@ -41,9 +42,9 @@ jobs: run: ct lint --config ./default.ct.yaml - name: Create kind cluster - uses: helm/kind-action@v1.8.0 + uses: helm/kind-action@v1.9.0 with: - version: v0.20.0 + version: v0.22.0 node_image: kindest/node:${{ matrix.kindest_node_version }} if: | (steps.list-changed.outputs.changed == 'true') || diff --git a/.github/workflows/lint-test.yaml b/.github/workflows/lint-test.yaml index a16a362c..76d6e383 100644 --- a/.github/workflows/lint-test.yaml +++ b/.github/workflows/lint-test.yaml @@ -69,7 +69,7 @@ jobs: run: sudo apt-get -y install python3-wheel - name: Set up chart-testing - uses: helm/chart-testing-action@v2.6.0 + uses: helm/chart-testing-action@v2.6.1 - name: Run chart-testing (list-changed) id: list-changed @@ -84,11 +84,11 @@ jobs: run: ct lint --config ./default.ct.yaml - name: Create kind cluster - uses: helm/kind-action@v1.8.0 + uses: helm/kind-action@v1.9.0 with: - version: v0.20.0 - node_image: kindest/node:v1.27.3@sha256:3966ac761ae0136263ffdb6cfd4db23ef8a83cba8a463690e98317add2c9ba72 - kubectl_version: v1.27.3 + version: v0.22.0 + node_image: kindest/node:v1.28.7@sha256:9bc6c451a289cf96ad0bbaf33d416901de6fd632415b076ab05f5fa7e4f65c58 + kubectl_version: v1.28.7 if: | (steps.list-changed.outputs.changed == 'true') || (contains(github.event.pull_request.labels.*.name, 'needs-testing')) @@ -96,6 +96,11 @@ jobs: - name: Run chart-testing (install) run: ct install --config ./default.ct.yaml --helm-extra-args "--timeout 30m" + - name: Run chart-testing (needs-testing) + run: ct install --config ./default.ct.yaml --helm-extra-args "--timeout 30m" --all + if: | + (contains(github.event.pull_request.labels.*.name, 'needs-testing')) + artifacthub-changelog: runs-on: ubuntu-latest steps: diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 522bb8ac..b03949dc 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -19,13 +19,6 @@ jobs: git config user.name "$GITHUB_ACTOR" git config user.email "$GITHUB_ACTOR@users.noreply.github.com" - # See https://github.com/helm/chart-releaser-action/issues/6 - - name: Install Helm - run: | - curl -fsSLo get_helm.sh https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 - chmod 700 get_helm.sh - ./get_helm.sh - - name: Add dependency chart repos run: | helm repo add banzaicloud-stable https://kubernetes-charts.banzaicloud.com @@ -35,6 +28,6 @@ jobs: helm repo add kube-logging https://kube-logging.github.io/helm-charts - name: Run chart-releaser - uses: helm/chart-releaser-action@v1.5.0 + uses: helm/chart-releaser-action@v1.6.0 env: CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" diff --git a/.github/workflows/test-suite.yaml b/.github/workflows/test-suite.yaml index 0e8a526e..69cbea3c 100644 --- a/.github/workflows/test-suite.yaml +++ b/.github/workflows/test-suite.yaml @@ -5,7 +5,7 @@ on: pull_request jobs: # runs for lagoon-core, lagoon-remote, lagoon-test test-suite: - runs-on: ubuntu-20.04 + runs-on: ubuntu-latest strategy: fail-fast: false matrix: @@ -48,7 +48,7 @@ jobs: run: sudo apt-get -y install python3-wheel - name: Set up chart-testing - uses: helm/chart-testing-action@v2.6.0 + uses: helm/chart-testing-action@v2.6.1 - name: Run chart-testing (list-changed) id: list-changed @@ -69,14 +69,14 @@ jobs: envsubst < test-suite.kind-config.yaml.tpl > test-suite.kind-config.yaml - name: Create kind cluster - uses: helm/kind-action@v1.8.0 + uses: helm/kind-action@v1.9.0 if: | (steps.list-changed.outputs.changed == 'true') || (contains(github.event.pull_request.labels.*.name, 'needs-testing')) with: - version: v0.20.0 - node_image: kindest/node:v1.27.3@sha256:3966ac761ae0136263ffdb6cfd4db23ef8a83cba8a463690e98317add2c9ba72 - kubectl_version: v1.27.3 + version: v0.22.0 + node_image: kindest/node:v1.28.7@sha256:9bc6c451a289cf96ad0bbaf33d416901de6fd632415b076ab05f5fa7e4f65c58 + kubectl_version: v1.28.7 config: test-suite.kind-config.yaml - name: Check node IP matches kind configuration @@ -123,8 +123,8 @@ jobs: if: | (steps.list-changed.outputs.changed == 'true') || (contains(github.event.pull_request.labels.*.name, 'needs-testing')) - # run: make -j8 -O fill-test-ci-values TESTS=[${{ matrix.test }}] IMAGE_REGISTRY=testlagoon IMAGE_TAG=main - run: make -j8 -O fill-test-ci-values TESTS=[${{ matrix.test }}] + run: make -j8 -O fill-test-ci-values TESTS=[${{ matrix.test }}] IMAGE_REGISTRY=testlagoon IMAGE_TAG=main OVERRIDE_BUILD_DEPLOY_DIND_IMAGE=uselagoon/build-deploy-image:main OVERRIDE_ACTIVE_STANDBY_TASK_IMAGE=testlagoon/task-activestandby:main + # run: make -j8 -O fill-test-ci-values TESTS=[${{ matrix.test }}] - name: Free up some disk space if: | diff --git a/Makefile b/Makefile index fa677c27..79278339 100644 --- a/Makefile +++ b/Makefile @@ -41,6 +41,9 @@ SKIP_ALL_DEPS = DISABLE_CORE_HARBOR = # Set to `true` to enable the elements of lagoon-core that talk to OpenSearch installs OPENSEARCH_INTEGRATION_ENABLED = false +# Ordinarily we shouldn't need to clear the API data as it's usually a first run. Set this +# variable on a test run to clear (what's clearable) first +CLEAR_API_DATA = false TIMEOUT = 30m HELM = helm @@ -56,7 +59,7 @@ fill-test-ci-values: && export token="$$($(KUBECTL) -n lagoon create token lagoon-build-deploy --duration 3h)" \ && export $$([ $(IMAGE_TAG) ] && echo imageTag='$(IMAGE_TAG)' || echo imageTag='latest') \ && export webhookHandler="lagoon-core-webhook-handler" \ - && export tests='$(TESTS)' imageRegistry='$(IMAGE_REGISTRY)' \ + && export tests='$(TESTS)' imageRegistry='$(IMAGE_REGISTRY)' clearApiData='$(CLEAR_API_DATA)' \ && valueTemplate=charts/lagoon-test/ci/linter-values.yaml \ && envsubst < $$valueTemplate.tpl > $$valueTemplate \ && cat $$valueTemplate @@ -70,6 +73,7 @@ endif .PHONY: install-ingress install-ingress: + # Using 4.7.x because server snippets https://github.com/kubernetes/ingress-nginx/issues/10543 $(HELM) upgrade \ --install \ --create-namespace \ @@ -83,7 +87,7 @@ install-ingress: --set controller.config.hsts="false" \ --set controller.watchIngressWithoutClass=true \ --set controller.ingressClassResource.default=true \ - --version=4.7.2 \ + --version=4.7.5 \ ingress-nginx \ ingress-nginx/ingress-nginx @@ -103,7 +107,7 @@ install-registry: install-ingress --set clair.enabled=false \ --set notary.enabled=false \ --set trivy.enabled=false \ - --version=1.13.0 \ + --version=1.14.0 \ registry \ harbor/harbor @@ -158,8 +162,8 @@ install-minio: install-ingress --wait \ --timeout $(TIMEOUT) \ --set auth.rootUser=lagoonFilesAccessKey,auth.rootPassword=lagoonFilesSecretKey \ - --set defaultBuckets=lagoon-files \ - --version=12.8.7 \ + --set defaultBuckets='lagoon-files\,restores' \ + --version=13.6.2 \ minio \ bitnami/minio @@ -258,7 +262,7 @@ install-lagoon-remote: install-lagoon-build-deploy install-lagoon-core install-m # Do not install without lagoon-core # .PHONY: install-lagoon-build-deploy -install-lagoon-build-deploy: install-lagoon-core install-registry +install-lagoon-build-deploy: install-lagoon-core $(HELM) dependency build ./charts/lagoon-build-deploy/ $(HELM) upgrade \ --install \ @@ -285,6 +289,11 @@ install-lagoon-build-deploy: install-lagoon-core install-registry lagoon-build-deploy \ ./charts/lagoon-build-deploy +# allow skipping registry install for install-lagoon-remote target +ifneq ($(SKIP_INSTALL_REGISTRY),true) +install-lagoon-build-deploy: install-registry +endif + # # The following targets facilitate local development only and aren't used in CI. # diff --git a/README.md b/README.md index 9f9aeb1d..d93ba536 100644 --- a/README.md +++ b/README.md @@ -42,7 +42,18 @@ Documentation on probes for pod startup is [here](https://kubernetes.io/docs/con ### Run chart-testing (lint) locally +```bash +docker run --rm --interactive --detach --network host --name ct "--volume=$(pwd):/workdir" "--workdir=/workdir" --volume=$(pwd)/default.ct.yaml:/etc/ct/ct.yaml quay.io/helmpack/chart-testing:latest cat +docker exec ct git config --global --add safe.directory /workdir +docker exec ct ct lint ``` -$ docker run --rm --interactive --detach --network host --name ct "--volume=$(pwd):/workdir" "--workdir=/workdir" --volume=$(pwd)/default.ct.yaml:/etc/ct/ct.yaml quay.io/helmpack/chart-testing:latest cat -$ docker exec ct ct lint + +### Run chart-testing (install) locally + +Prerequisite: install [ct](https://github.com/helm/chart-testing). + +```bash +kind create cluster -n chart-testing +ct install --charts=charts/lagoon-logging +kind delete cluster -n chart-testing ``` diff --git a/charts/lagoon-build-deploy/Chart.yaml b/charts/lagoon-build-deploy/Chart.yaml index b639ef5e..4ce5c160 100644 --- a/charts/lagoon-build-deploy/Chart.yaml +++ b/charts/lagoon-build-deploy/Chart.yaml @@ -16,11 +16,11 @@ kubeVersion: ">= 1.23.0-0" type: application -version: 0.26.2 +version: 0.26.3 appVersion: v0.15.4 annotations: artifacthub.io/changes: | - kind: changed - description: update remote-controller to v0.15.4 + description: added clusterroles for tasks and builds diff --git a/charts/lagoon-build-deploy/templates/clusterrolebinding.yaml b/charts/lagoon-build-deploy/templates/clusterrolebinding.yaml index 5684f5a5..a07e45b2 100644 --- a/charts/lagoon-build-deploy/templates/clusterrolebinding.yaml +++ b/charts/lagoon-build-deploy/templates/clusterrolebinding.yaml @@ -12,3 +12,31 @@ roleRef: kind: ClusterRole name: cluster-admin apiGroup: rbac.authorization.k8s.io +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ include "lagoon-build-deploy.fullname" . }}-builds + labels: + {{- include "lagoon-build-deploy.labels" . | nindent 4 }} + # Add these permissions to the "admin" and "edit" default roles. + rbac.authorization.k8s.io/aggregate-to-admin: "true" + rbac.authorization.k8s.io/aggregate-to-edit: "true" +rules: +- apiGroups: ["crd.lagoon.sh"] + resources: ["lagoonbuilds"] + verbs: ["*"] +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ include "lagoon-build-deploy.fullname" . }}-tasks + labels: + {{- include "lagoon-build-deploy.labels" . | nindent 4 }} + # Add these permissions to the "admin" and "edit" default roles. + rbac.authorization.k8s.io/aggregate-to-admin: "true" + rbac.authorization.k8s.io/aggregate-to-edit: "true" +rules: +- apiGroups: ["crd.lagoon.sh"] + resources: ["lagoontasks"] + verbs: ["*"] diff --git a/charts/lagoon-core/Chart.yaml b/charts/lagoon-core/Chart.yaml index 0db0900c..6adb32bd 100644 --- a/charts/lagoon-core/Chart.yaml +++ b/charts/lagoon-core/Chart.yaml @@ -21,13 +21,13 @@ type: application # time you make changes to the chart and its templates, including the app # version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 1.40.0 +version: 1.42.0 # This is the version number of the application being deployed. This version # number should be incremented each time you make changes to the application. # Versions are not expected to follow Semantic Versioning. They should reflect # the version the application is using. -appVersion: v2.16.0 +appVersion: v2.17.0 dependencies: - name: nats @@ -41,4 +41,4 @@ dependencies: annotations: artifacthub.io/changes: | - kind: changed - description: bump lagoon-opensearch-sync version to v0.7.1 + description: modify keycloak liveness and readiness endpoint diff --git a/charts/lagoon-core/templates/keycloak.deployment.yaml b/charts/lagoon-core/templates/keycloak.deployment.yaml index fc044c04..a6820658 100644 --- a/charts/lagoon-core/templates/keycloak.deployment.yaml +++ b/charts/lagoon-core/templates/keycloak.deployment.yaml @@ -65,11 +65,11 @@ spec: containerPort: 8080 livenessProbe: httpGet: - path: / + path: /auth port: http-8080 readinessProbe: httpGet: - path: / + path: /auth port: http-8080 startupProbe: exec: diff --git a/charts/lagoon-core/values.yaml b/charts/lagoon-core/values.yaml index 25798e4f..f37eea9a 100644 --- a/charts/lagoon-core/values.yaml +++ b/charts/lagoon-core/values.yaml @@ -620,7 +620,7 @@ insightsHandler: enabled: false image: repository: aquasec/trivy - tag: latest + tag: 0.48.0 service: type: ClusterIP port: 4954 diff --git a/charts/lagoon-logging/Chart.yaml b/charts/lagoon-logging/Chart.yaml index e218bd32..1072bdf3 100644 --- a/charts/lagoon-logging/Chart.yaml +++ b/charts/lagoon-logging/Chart.yaml @@ -19,7 +19,7 @@ type: application # time you make changes to the chart and its templates, including the app # version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.80.0 +version: 0.81.1 dependencies: - name: logging-operator @@ -31,10 +31,7 @@ dependencies: # It should be started afresh for each release # Valid supported kinds are added, changed, deprecated, removed, fixed and security annotations: + artifacthub.io/containsSecurityUpdates: "true" artifacthub.io/changes: | - - kind: changed - description: update uselagoon/logs-dispatcher image to v3.4.0 - - kind: added - description: schedule Logging Pods also on infra nodes - - kind: added - description: ability to configure toleration/affinity on FluentD deployment + - kind: security + description: avoid test role and rolebinding being wrongly installed diff --git a/charts/lagoon-logging/ci/linter-values.yaml b/charts/lagoon-logging/ci/linter-values.yaml index b2722e90..68e9640e 100644 --- a/charts/lagoon-logging/ci/linter-values.yaml +++ b/charts/lagoon-logging/ci/linter-values.yaml @@ -68,7 +68,10 @@ cdnLogsCollector: buffer: storageClassName: standard size: 1Gi - serviceType: ClusterIP + service: + type: ClusterIP + annotations: + sh.lagoon.chart.testKey: lagoonTestValue tls: caCert: |- -----BEGIN CERTIFICATE----- diff --git a/charts/lagoon-logging/templates/cdn-logs-collector.service.yaml b/charts/lagoon-logging/templates/cdn-logs-collector.service.yaml index 9daad1f5..201f5c6b 100644 --- a/charts/lagoon-logging/templates/cdn-logs-collector.service.yaml +++ b/charts/lagoon-logging/templates/cdn-logs-collector.service.yaml @@ -5,8 +5,12 @@ metadata: name: {{ include "lagoon-logging.cdnLogsCollector.fullname" . }} labels: {{- include "lagoon-logging.cdnLogsCollector.labels" . | nindent 4 }} + {{- with .Values.cdnLogsCollector.service.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} spec: - type: {{ .Values.cdnLogsCollector.serviceType }} + type: {{ .Values.cdnLogsCollector.service.type }} selector: {{- include "lagoon-logging.cdnLogsCollector.selectorLabels" . | nindent 4 }} ports: diff --git a/charts/lagoon-logging/templates/tests/cdn-service-annotations.yaml b/charts/lagoon-logging/templates/tests/cdn-service-annotations.yaml new file mode 100644 index 00000000..9bbfa400 --- /dev/null +++ b/charts/lagoon-logging/templates/tests/cdn-service-annotations.yaml @@ -0,0 +1,55 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: service-reader + annotations: + "helm.sh/hook": test + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + "helm.sh/hook-weight": "-2" +rules: +- apiGroups: [""] # "" indicates the core API group + resources: ["services"] + verbs: ["get", "watch", "list"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: read-services + annotations: + "helm.sh/hook": test + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + "helm.sh/hook-weight": "-1" +subjects: +- kind: Group + name: system:serviceaccounts # all serviceaccounts + apiGroup: rbac.authorization.k8s.io +roleRef: + kind: Role + name: service-reader + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: v1 +kind: Pod +metadata: + name: {{ include "lagoon-logging.logsDispatcher.fullname" . }}-test-cdn-service-annotations + labels: + {{- include "lagoon-logging.logsDispatcher.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + "helm.sh/hook-weight": "0" +spec: + containers: + - name: kubectl + image: alpine:latest + command: + - sh + args: + - "-c" + - | + set -eu + apk add --no-cache kubectl jq + kubectl get svc -o json {{ include "lagoon-logging.cdnLogsCollector.fullname" . }} | + jq -e '.metadata.annotations["sh.lagoon.chart.testKey"] == "lagoonTestValue"' + restartPolicy: Never diff --git a/charts/lagoon-logging/templates/tests/test-connection.yaml b/charts/lagoon-logging/templates/tests/test-connection.yaml index f22e9440..d91456f8 100644 --- a/charts/lagoon-logging/templates/tests/test-connection.yaml +++ b/charts/lagoon-logging/templates/tests/test-connection.yaml @@ -6,6 +6,7 @@ metadata: {{- include "lagoon-logging.logsDispatcher.labels" . | nindent 4 }} annotations: "helm.sh/hook": test + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded spec: containers: - name: nc diff --git a/charts/lagoon-logging/values.yaml b/charts/lagoon-logging/values.yaml index 6616f1c0..f1045c88 100644 --- a/charts/lagoon-logging/values.yaml +++ b/charts/lagoon-logging/values.yaml @@ -144,7 +144,9 @@ cdnLogsCollector: size: 8Gi storageClassName: "" - serviceType: LoadBalancer + service: + type: LoadBalancer + annotations: {} # TLS configuration is required # These should be server certificates, and the CDN should be configured to diff --git a/charts/lagoon-remote/Chart.lock b/charts/lagoon-remote/Chart.lock index 63327a5c..cf4d6808 100644 --- a/charts/lagoon-remote/Chart.lock +++ b/charts/lagoon-remote/Chart.lock @@ -1,7 +1,7 @@ dependencies: - name: lagoon-build-deploy repository: https://uselagoon.github.io/lagoon-charts/ - version: 0.26.2 + version: 0.26.3 - name: dioscuri repository: https://amazeeio.github.io/charts/ version: 0.4.1 @@ -11,5 +11,5 @@ dependencies: - name: nats repository: https://nats-io.github.io/k8s/helm/charts/ version: 0.19.17 -digest: sha256:98fadf31ddfe049c50ff4554a11732ec10a9cf8a41b8e0ce1c33a37af4f81de4 -generated: "2023-11-14T10:12:08.139505+11:00" +digest: sha256:1f873430b35bd44722954a1f02699e32c5e7468a9a77a135e5df3ca3766a8ed2 +generated: "2023-12-08T13:18:21.18121865+11:00" diff --git a/charts/lagoon-remote/Chart.yaml b/charts/lagoon-remote/Chart.yaml index 4c02e8e8..26141057 100644 --- a/charts/lagoon-remote/Chart.yaml +++ b/charts/lagoon-remote/Chart.yaml @@ -19,7 +19,7 @@ type: application # This is the chart version. This version number should be incremented each # time you make changes to the chart and its templates, including the app # version. -version: 0.86.1 +version: 0.87.0 dependencies: - name: lagoon-build-deploy @@ -45,4 +45,10 @@ dependencies: annotations: artifacthub.io/changes: | - kind: changed - description: update lagoon-build-deploy to v0.26.2 with updated remote-controller + description: remove insights-remote service if not enabled + - kind: removed + description: removed old kubernetes build deploy references + - kind: changed + description: updated to insights-remote:v0.0.8 + - kind: changed + description: updated lagoon-build-deploy chart to v0.26.3 diff --git a/charts/lagoon-remote/templates/insights-remote.service.yaml b/charts/lagoon-remote/templates/insights-remote.service.yaml index dac317ae..981022e1 100644 --- a/charts/lagoon-remote/templates/insights-remote.service.yaml +++ b/charts/lagoon-remote/templates/insights-remote.service.yaml @@ -14,4 +14,4 @@ spec: name: insights-ws selector: {{- include "lagoon-remote.insightsRemote.selectorLabels" . | nindent 4 }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/lagoon-remote/templates/kubernetes-build-deploy.clusterrolebinding.yaml b/charts/lagoon-remote/templates/kubernetes-build-deploy.clusterrolebinding.yaml deleted file mode 100644 index a7e08f51..00000000 --- a/charts/lagoon-remote/templates/kubernetes-build-deploy.clusterrolebinding.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ include "lagoon-remote.kubernetesBuildDeploy.fullname" . }} - labels: - {{- include "lagoon-remote.kubernetesBuildDeploy.labels" . | nindent 4 }} -subjects: -- kind: ServiceAccount - name: {{ include "lagoon-remote.kubernetesBuildDeploy.serviceAccountName" . }} - namespace: {{ .Release.Namespace | quote }} -roleRef: - kind: ClusterRole - name: cluster-admin - apiGroup: rbac.authorization.k8s.io diff --git a/charts/lagoon-remote/templates/kubernetes-build-deploy.serviceaccount.yaml b/charts/lagoon-remote/templates/kubernetes-build-deploy.serviceaccount.yaml deleted file mode 100644 index 01136b72..00000000 --- a/charts/lagoon-remote/templates/kubernetes-build-deploy.serviceaccount.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "lagoon-remote.kubernetesBuildDeploy.serviceAccountName" . }} - labels: - {{- include "lagoon-remote.kubernetesBuildDeploy.labels" . | nindent 4 }} - {{- with .Values.kubernetesBuildDeploy.serviceAccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} diff --git a/charts/lagoon-remote/values.yaml b/charts/lagoon-remote/values.yaml index 7781073c..866f1871 100644 --- a/charts/lagoon-remote/values.yaml +++ b/charts/lagoon-remote/values.yaml @@ -106,13 +106,6 @@ dockerHost: effect: PreferNoSchedule operator: Exists -# this account is used by the legacy Lagoon kubernetes build deploy system. -kubernetesBuildDeploy: - serviceAccount: - # The name of the service account to use. - # If not set, a name is generated using the fullname template. - name: - # sshCore creates a restricted, non-expiring ServiceAccount token for use by # lagoon-core. sshCore: @@ -227,7 +220,7 @@ insightsRemote: repository: uselagoon/insights-remote pullPolicy: Always # Overrides the image tag whose default is the chart appVersion. - tag: "v0.0.7" + tag: "v0.0.8" imagePullSecrets: [] nameOverride: "" diff --git a/charts/lagoon-test/Chart.yaml b/charts/lagoon-test/Chart.yaml index 836924df..a766f179 100644 --- a/charts/lagoon-test/Chart.yaml +++ b/charts/lagoon-test/Chart.yaml @@ -15,13 +15,13 @@ type: application # time you make changes to the chart and its templates, including the app # version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.52.0 +version: 0.53.0 # This is the version number of the application being deployed. This version # number should be incremented each time you make changes to the application. # Versions are not expected to follow Semantic Versioning. They should reflect # the version the application is using. -appVersion: v2.16.0 +appVersion: v2.17.0 # This section is used to collect a changelog for artifacthub.io # It should be started afresh for each release @@ -29,4 +29,6 @@ appVersion: v2.16.0 annotations: artifacthub.io/changes: | - kind: changed - description: require minimum Kubernetes 1.23 + description: add minio settings to api-data-watcher-pusher and make into a helm test job + - kind: changed + description: update lagoon appVersion to v2.17.0 diff --git a/charts/lagoon-test/ci/linter-values.yaml.tpl b/charts/lagoon-test/ci/linter-values.yaml.tpl index 221725a5..d2f94f44 100644 --- a/charts/lagoon-test/ci/linter-values.yaml.tpl +++ b/charts/lagoon-test/ci/linter-values.yaml.tpl @@ -14,6 +14,8 @@ localGit: localAPIDataWatcherPusher: image: repository: ${imageRegistry}/local-api-data-watcher-pusher + additonalEnvs: + CLEAR_API_DATA: ${clearApiData} tests: image: diff --git a/charts/lagoon-test/templates/_helpers.tpl b/charts/lagoon-test/templates/_helpers.tpl index 3fe70843..e7810695 100644 --- a/charts/lagoon-test/templates/_helpers.tpl +++ b/charts/lagoon-test/templates/_helpers.tpl @@ -92,14 +92,14 @@ app.kubernetes.io/instance: {{ .Release.Name }} {{/* -Create a default fully qualified app name for local-git. +Create a default fully qualified app name for local-api-data-watcher-pusher. */}} {{- define "lagoon-test.localAPIDataWatcherPusher.fullname" -}} {{- include "lagoon-test.fullname" . }}-local-api-data-watcher-pusher {{- end }} {{/* -Common labels local-git. +Common labels local-api-data-watcher-pusher. */}} {{- define "lagoon-test.localAPIDataWatcherPusher.labels" -}} helm.sh/chart: {{ include "lagoon-test.chart" . }} @@ -111,7 +111,7 @@ app.kubernetes.io/managed-by: {{ .Release.Service }} {{- end }} {{/* -Selector labels local-git. +Selector labels local-api-data-watcher-pusher. */}} {{- define "lagoon-test.localAPIDataWatcherPusher.selectorLabels" -}} app.kubernetes.io/name: {{ include "lagoon-test.name" . }} diff --git a/charts/lagoon-test/templates/local-api-data-watcher-pusher.deployment.yaml b/charts/lagoon-test/templates/local-api-data-watcher-pusher.job.yaml similarity index 79% rename from charts/lagoon-test/templates/local-api-data-watcher-pusher.deployment.yaml rename to charts/lagoon-test/templates/local-api-data-watcher-pusher.job.yaml index eadd3040..0b35d692 100644 --- a/charts/lagoon-test/templates/local-api-data-watcher-pusher.deployment.yaml +++ b/charts/lagoon-test/templates/local-api-data-watcher-pusher.job.yaml @@ -1,34 +1,29 @@ -apiVersion: apps/v1 -kind: Deployment +apiVersion: batch/v1 +kind: Job metadata: name: {{ include "lagoon-test.localAPIDataWatcherPusher.fullname" . }} labels: {{- include "lagoon-test.localAPIDataWatcherPusher.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test + "helm.sh/hook-weight": "10" spec: - selector: - matchLabels: - {{- include "lagoon-test.localAPIDataWatcherPusher.selectorLabels" . | nindent 6 }} + backoffLimit: 2 template: metadata: - {{- with .Values.localAPIDataWatcherPusher.podAnnotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} labels: {{- include "lagoon-test.localAPIDataWatcherPusher.selectorLabels" . | nindent 8 }} spec: - {{- with .Values.localAPIDataWatcherPusher.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} + restartPolicy: Never securityContext: {{- toYaml .Values.localAPIDataWatcherPusher.podSecurityContext | nindent 8 }} + terminationGracePeriodSeconds: 120 containers: - name: api-data-watcher-pusher - securityContext: - {{- toYaml .Values.localAPIDataWatcherPusher.securityContext | nindent 10 }} image: "{{ .Values.localAPIDataWatcherPusher.image.repository }}:{{ coalesce .Values.localAPIDataWatcherPusher.image.tag .Values.imageTag .Chart.AppVersion }}" imagePullPolicy: {{ .Values.localAPIDataWatcherPusher.image.pullPolicy }} + securityContext: + {{- toYaml .Values.localAPIDataWatcherPusher.securityContext | nindent 10 }} env: - name: API_HOST value: {{ .Values.apiHost | quote }} @@ -47,15 +42,18 @@ spec: secretKeyRef: name: {{ .Values.jwtSecretSecret | quote }} key: JWTSECRET + - name: MINIO_SERVER_URL + value: {{ .Values.minioURL | quote }} + - name: MINIO_ROOT_USER + value: {{ .Values.minioUser | quote }} + - name: MINIO_ROOT_PASSWORD + value: {{ .Values.minioPass | quote }} - name: TOKEN value: {{ required "A valid .Values.token required!" .Values.token | quote }} - startupProbe: - exec: - command: - - test - - -f - - /tmp/api-data-pushed - failureThreshold: 90 + {{- range $key, $val := .Values.localAPIDataWatcherPusher.additionalEnvs }} + - name: {{ $key }} + value: {{ $val | quote }} + {{- end }} resources: {{- toYaml .Values.localAPIDataWatcherPusher.resources | nindent 10 }} {{- with .Values.localAPIDataWatcherPusher.nodeSelector }} diff --git a/charts/lagoon-test/templates/tests/test-connection.yaml b/charts/lagoon-test/templates/tests/test-connection.yaml index cba025e5..ddaa44b1 100644 --- a/charts/lagoon-test/templates/tests/test-connection.yaml +++ b/charts/lagoon-test/templates/tests/test-connection.yaml @@ -5,7 +5,8 @@ metadata: labels: {{- include "lagoon-test.labels" . | nindent 4 }} annotations: - "helm.sh/hook": test-success + "helm.sh/hook": test + "helm.sh/hook-weight": "30" spec: containers: - name: nc diff --git a/charts/lagoon-test/templates/tests/test-suite.yaml b/charts/lagoon-test/templates/tests/test-suite.yaml index e83d858b..546051bc 100644 --- a/charts/lagoon-test/templates/tests/test-suite.yaml +++ b/charts/lagoon-test/templates/tests/test-suite.yaml @@ -6,7 +6,8 @@ metadata: labels: {{- include "lagoon-test.labels" . | nindent 4 }} annotations: - "helm.sh/hook": test-success + "helm.sh/hook": test + "helm.sh/hook-weight": "50" spec: serviceAccountName: {{ include "lagoon-test.serviceAccountName" . }} containers: diff --git a/charts/lagoon-test/values.yaml b/charts/lagoon-test/values.yaml index 0bea382c..1a29b857 100644 --- a/charts/lagoon-test/values.yaml +++ b/charts/lagoon-test/values.yaml @@ -8,6 +8,9 @@ gitAuthorizedKeys: > ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDEZlms5XsiyWjmnnUyhpt93VgHypse9Bl8kNkmZJTiM3Ex/wZAfwogzqd2LrTEiIOWSH1HnQazR+Cc9oHCmMyNxRrLkS/MEl0yZ38Q+GDfn37h/llCIZNVoHlSgYkqD0MQrhfGL5AulDUKIle93dA6qdCUlnZZjDPiR0vEXR36xGuX7QYAhK30aD2SrrBruTtFGvj87IP/0OEOvUZe8dcU9G/pCoqrTzgKqJRpqs/s5xtkqLkTIyR/SzzplO21A+pCKNax6csDDq3snS8zfx6iM8MwVfh8nvBW9seax1zBvZjHAPSTsjzmZXm4z32/ujAn/RhIkZw3ZgRKrxzryttGnWJJ8OFyF31JTJgwWWuPdH53G15PC83ZbmEgSV3win51RZRVppN4uQUuaqZWG9wwk2a6P5aen1RLCSLpTkd2mAEk9PlgmJrf8vITkiU9pF9n68ENCoo556qSdxW2pxnjrzKVPSqmqO1Xg5K4LOX4/9N4n4qkLEOiqnzzJClhFif3O28RW86RPxERGdPT81UI0oDAcU5euQr8Emz+Hd+PY1115UIld3CIHib5PYL9Ee0bFUKiWpR/acSe1fHB64mCoHP7hjFepGsq7inkvg2651wUDKBshGltpNkMj6+aZedNc0/rKYyjl80nT8g8QECgOSRzpmYp0zli2HpFoLOiWw== ansible-testing jwtSecretSecret: lagoon-core-secrets keycloakURL: http://lagoon-core-keycloak:8080 +minioURL: http://minio.minio.svc:9000 +minioUser: lagoonFilesAccessKey +minioPass: lagoonFilesSecretKey routeSuffixHTTPPort: 32080 routeSuffixHTTPSPort: 32443 sshHost: lagoon-core-ssh @@ -116,6 +119,9 @@ localAPIDataWatcherPusher: # Overrides the image tag whose default is the chart appVersion. tag: "" + additionalEnvs: + # CLEAR_API_DATA: true + podSecurityContext: {} securityContext: {}