From 0a7c84b0f07994aa194fdc00816ba709f34d19a3 Mon Sep 17 00:00:00 2001 From: shreddedbacon Date: Sun, 20 Oct 2024 14:06:40 +1100 Subject: [PATCH] refactor: install isolated lagoon for upgradeability --- .github/workflows/test-suite.yaml | 5 +- Makefile | 282 ++++++++++++++++++++---------- 2 files changed, 191 insertions(+), 96 deletions(-) diff --git a/.github/workflows/test-suite.yaml b/.github/workflows/test-suite.yaml index 4e608d59..22241911 100644 --- a/.github/workflows/test-suite.yaml +++ b/.github/workflows/test-suite.yaml @@ -133,7 +133,9 @@ jobs: if: | (steps.list-changed.outputs.changed == 'true' && !contains(github.event.pull_request.labels.*.name, 'next-release')) || (contains(github.event.pull_request.labels.*.name, 'needs-testing')) - run: make -j8 -O fill-test-ci-values TESTS=[${{ matrix.test }}] + run: | + make install-lagoon + make -j8 -O fill-test-ci-values TESTS=[${{ matrix.test }}] - name: Helm-install the test fixtures and fill lagoon-test/ci/linter-values.yaml (next-release) if: | @@ -141,6 +143,7 @@ jobs: (contains(github.event.pull_request.labels.*.name, 'next-release')) run: | yq eval-all --inplace 'select(fileIndex == 0) * select(fileIndex == 1)' ./charts/lagoon-core/ci/linter-values.yaml ./charts/lagoon-core/ci/testlagoon-main-override.yaml + make install-lagoon IMAGE_REGISTRY=testlagoon IMAGE_TAG=main OVERRIDE_BUILD_DEPLOY_DIND_IMAGE=uselagoon/build-deploy-image:main OVERRIDE_ACTIVE_STANDBY_TASK_IMAGE=testlagoon/task-activestandby:main make -j8 -O fill-test-ci-values TESTS=[${{ matrix.test }}] IMAGE_REGISTRY=testlagoon IMAGE_TAG=main OVERRIDE_BUILD_DEPLOY_DIND_IMAGE=uselagoon/build-deploy-image:main OVERRIDE_ACTIVE_STANDBY_TASK_IMAGE=testlagoon/task-activestandby:main - name: Free up some disk space diff --git a/Makefile b/Makefile index 00b397b8..a726827b 100644 --- a/Makefile +++ b/Makefile @@ -47,6 +47,29 @@ CLEAR_API_DATA = false DOCKER_NETWORK = kind LAGOON_SSH_PORTAL_LOADBALANCER = +# install lagoon dependencies by default with the install-lagoon target +INSTALL_LAGOON_DEPENDENCIES = true + +# don't install stable charts by default +INSTALL_STABLE_CORE = false +INSTALL_STABLE_REMOTE = false +INSTALL_STABLE_BUILDDEPLOY = false + +# unset will install latest released chart version +STABLE_CORE_CHART_VERSION = +STABLE_REMOTE_CHART_VERSION = +STABLE_BUILDDEPLOY_CHART_VERSION = + +INSTALL_UNAUTHENTICATED_REGISTRY = false + +# don't install mailpit in charts ci +INSTALL_MAILPIT = false + +# install dbaas providers by default +INSTALL_MARIADB_PROVIDER = true +INSTALL_POSTGRES_PROVIDER = true +INSTALL_MONGODB_PROVIDER = true + TIMEOUT = 30m HELM = helm KUBECTL = kubectl @@ -66,13 +89,6 @@ fill-test-ci-values: && envsubst < $$valueTemplate.tpl > $$valueTemplate \ && cat $$valueTemplate -ifneq ($(SKIP_ALL_DEPS),true) -ifneq ($(SKIP_INSTALL_REGISTRY),true) -fill-test-ci-values: install-registry -endif -fill-test-ci-values: install-ingress install-lagoon-core install-lagoon-build-deploy install-bulk-storageclass -endif - # metallb is used to allow access to the ingress within kubernetes without having to specify a node port # it picks a small range from the end of the network used by the cluster .PHONY: install-metallb @@ -92,6 +108,7 @@ install-metallb: $(KUBECTL) apply -f test-suite.metallb-pool.yaml \ # cert-manager is used to allow self-signed certificates to be generated automatically by ingress in the same way lets-encrypt would +# this allows for the registry and other services to use certificates .PHONY: install-certmanager install-certmanager: install-metallb $(HELM) upgrade \ @@ -121,7 +138,7 @@ install-ingress: install-certmanager --set controller.service.type=LoadBalancer \ --set controller.service.nodePorts.http=32080 \ --set controller.service.nodePorts.https=32443 \ - --set controller.config.proxy-body-size=100m \ + --set controller.config.proxy-body-size=0 \ --set controller.config.hsts="false" \ --set controller.watchIngressWithoutClass=true \ --set controller.ingressClassResource.default=true \ @@ -130,7 +147,8 @@ install-ingress: install-certmanager ingress-nginx/ingress-nginx .PHONY: install-registry -install-registry: install-mailpit +ifeq ($(INSTALL_UNAUTHENTICATED_REGISTRY),false) +install-registry: install-ingress $(HELM) upgrade \ --install \ --create-namespace \ @@ -140,7 +158,7 @@ install-registry: install-mailpit --set expose.tls.enabled=true \ --set expose.tls.certSource=secret \ --set expose.tls.secret.secretName=harbor-ingress \ - --set "expose.ingress.annotations.kubernetes\.io\/ingress\.class=nginx" \ + --set expose.ingress.className=nginx \ --set-string expose.ingress.annotations.kubernetes\\.io/tls-acme=true \ --set "expose.ingress.hosts.core=registry.$$($(KUBECTL) -n ingress-nginx get services ingress-nginx-controller -o jsonpath='{.status.loadBalancer.ingress[0].ip}').nip.io" \ --set "externalURL=https://registry.$$($(KUBECTL) -n ingress-nginx get services ingress-nginx-controller -o jsonpath='{.status.loadBalancer.ingress[0].ip}').nip.io" \ @@ -148,12 +166,31 @@ install-registry: install-mailpit --set clair.enabled=false \ --set notary.enabled=false \ --set trivy.enabled=false \ - --version=1.14.0 \ + --version=1.14.3 \ registry \ harbor/harbor +else +# install an unauthenticated registry (https://helm.twun.io) instead of harbor +# useful for arm based systems until harbor supports arm +install-registry: install-ingress + $(HELM) upgrade \ + --install \ + --create-namespace \ + --namespace registry \ + --wait \ + --timeout $(TIMEOUT) \ + --set ingress.enabled=true \ + --set-string ingress.annotations.kubernetes\\.io/tls-acme=true \ + --set "ingress.hosts[0]=registry.$$($(KUBECTL) -n ingress-nginx get services ingress-nginx-controller -o jsonpath='{.status.loadBalancer.ingress[0].ip}').nip.io" \ + --set ingress.path="/" \ + --set persistence.enabled=true \ + --version=2.2.3 \ + registry \ + twuni/docker-registry +endif .PHONY: install-mailpit -install-mailpit: install-ingress +install-mailpit: $(HELM) upgrade \ --install \ --create-namespace \ @@ -163,7 +200,7 @@ install-mailpit: install-ingress --set ingress.enabled=true \ --set-string ingress.annotations.kubernetes\\.io/tls-acme=true \ --set "ingress.hostname=mailpit.$$($(KUBECTL) -n ingress-nginx get services ingress-nginx-controller -o jsonpath='{.status.loadBalancer.ingress[0].ip}').nip.io" \ - --version=0.15.3 \ + --version=0.18.6 \ mailpit \ jouve/mailpit @@ -184,14 +221,17 @@ install-mariadb: .PHONY: install-postgresql install-postgresql: # root password is required on upgrade if the chart is already installed + # use postgres 14.15.0 image because 15+ have some permission issue + # 14.15.0-debian-12-r1 is multiarch though $(HELM) upgrade \ --install \ --create-namespace \ --namespace postgresql \ --wait \ --timeout $(TIMEOUT) \ + --set image.tag="14.15.0-debian-12-r1" \ $$($(KUBECTL) get ns postgresql > /dev/null 2>&1 && echo --set auth.postgresPassword=$$($(KUBECTL) get secret --namespace postgresql postgresql -o json | $(JQ) -r '.data."postgres-password" | @base64d')) \ - --version=11.9.13 \ + --version=16.2.3 \ postgresql \ bitnami/postgresql @@ -209,6 +249,7 @@ install-mongodb: mongodb \ bitnami/mongodb + .PHONY: install-minio install-minio: install-ingress $(HELM) upgrade \ @@ -225,48 +266,81 @@ install-minio: install-ingress minio \ bitnami/minio + +.PHONY: install-lagoon-dependencies +# this will install all the Lagoon dependencies prior to anything related to Lagoon being installed +# this allows for only Lagoon core, remote, or the build-deploy chart to be installed or upgraded without having +# to re-run all the initial dependencies +install-lagoon-dependencies: install-registry install-minio install-bulk-storageclass +ifeq ($(INSTALL_MAILPIT),true) +install-lagoon-dependencies: install-mailpit +endif +ifeq ($(INSTALL_MARIADB_PROVIDER),true) +install-lagoon-dependencies: install-mariadb +endif +ifeq ($(INSTALL_POSTGRES_PROVIDER),true) +install-lagoon-dependencies: install-postgresql +endif +ifeq ($(INSTALL_MONGODB_PROVIDER),true) +install-lagoon-dependencies: install-mongodb +endif + +# this installs lagoon-core, lagoon-remote, and lagoon-build-deploy, and if dependencies required will install them too +.PHONY: install-lagoon +ifeq ($(INSTALL_LAGOON_DEPENDENCIES),true) +install-lagoon: install-lagoon-dependencies +endif +install-lagoon: install-lagoon-core install-lagoon-remote install-lagoon-build-deploy + .PHONY: install-lagoon-core -install-lagoon-core: install-minio +install-lagoon-core: +ifneq ($(INSTALL_STABLE_CORE),true) $(HELM) dependency build ./charts/lagoon-core/ +else +ifeq (,$(subst ",,$(STABLE_CORE_CHART_VERSION))) + $(eval STABLE_CORE_CHART_VERSION = $(shell $(HELM) search repo lagoon/lagoon-core -o json | $(JQ) -r '.[]|.version')) +endif +endif $(HELM) upgrade \ --install \ --create-namespace \ --namespace lagoon-core \ --wait \ --timeout $(TIMEOUT) \ - --values ./charts/lagoon-core/ci/linter-values.yaml \ - $$([ $(IMAGE_TAG) ] && echo '--set imageTag=$(IMAGE_TAG)') \ - $$([ $(OVERRIDE_ACTIVE_STANDBY_TASK_IMAGE) ] && echo '--set overwriteActiveStandbyTaskImage=$(OVERRIDE_ACTIVE_STANDBY_TASK_IMAGE)') \ - $$([ $(OVERRIDE_BUILD_DEPLOY_DIND_IMAGE) ] && echo '--set buildDeployImage.default.image=$(OVERRIDE_BUILD_DEPLOY_DIND_IMAGE)') \ + $$([ $(INSTALL_STABLE_CORE) = true ] && [ $(STABLE_CORE_CHART_VERSION) ] && echo '--version=$(STABLE_CORE_CHART_VERSION)') \ + $$(if [ $(INSTALL_STABLE_CORE) = true ]; then echo '--values https://raw.githubusercontent.com/uselagoon/lagoon-charts/refs/tags/lagoon-core-$(STABLE_CORE_CHART_VERSION)/charts/lagoon-core/ci/linter-values.yaml'; else echo '--values ./charts/lagoon-core/ci/linter-values.yaml'; fi) \ + $$([ $(IMAGE_TAG) ] && [ $(INSTALL_STABLE_CORE) != true ] && echo '--set imageTag=$(IMAGE_TAG)') \ + $$([ $(OVERRIDE_ACTIVE_STANDBY_TASK_IMAGE) ] && [ $(INSTALL_STABLE_CORE) != true ] && echo '--set overwriteActiveStandbyTaskImage=$(OVERRIDE_ACTIVE_STANDBY_TASK_IMAGE)') \ + $$([ $(OVERRIDE_BUILD_DEPLOY_DIND_IMAGE) ] && [ $(INSTALL_STABLE_CORE) != true ] && echo '--set buildDeployImage.default.image=$(OVERRIDE_BUILD_DEPLOY_DIND_IMAGE)') \ $$([ $(DISABLE_CORE_HARBOR) ] && echo '--set api.additionalEnvs.DISABLE_CORE_HARBOR=$(DISABLE_CORE_HARBOR)') \ $$([ $(OPENSEARCH_INTEGRATION_ENABLED) ] && echo '--set api.additionalEnvs.OPENSEARCH_INTEGRATION_ENABLED=$(OPENSEARCH_INTEGRATION_ENABLED)') \ --set "keycloakFrontEndURL=http://lagoon-keycloak.$$($(KUBECTL) -n ingress-nginx get services ingress-nginx-controller -o jsonpath='{.status.loadBalancer.ingress[0].ip}').nip.io" \ --set "lagoonAPIURL=http://lagoon-api.$$($(KUBECTL) -n ingress-nginx get services ingress-nginx-controller -o jsonpath='{.status.loadBalancer.ingress[0].ip}').nip.io/graphql" \ --set "lagoonUIURL=http://lagoon-ui.$$($(KUBECTL) -n ingress-nginx get services ingress-nginx-controller -o jsonpath='{.status.loadBalancer.ingress[0].ip}').nip.io" \ --set "lagoonWebhookURL=http://lagoon-webhook.$$($(KUBECTL) -n ingress-nginx get services ingress-nginx-controller -o jsonpath='{.status.loadBalancer.ingress[0].ip}').nip.io" \ - --set actionsHandler.image.repository=$(IMAGE_REGISTRY)/actions-handler \ - --set api.image.repository=$(IMAGE_REGISTRY)/api \ - --set apiDB.image.repository=$(IMAGE_REGISTRY)/api-db \ - --set apiRedis.image.repository=$(IMAGE_REGISTRY)/api-redis \ - --set authServer.image.repository=$(IMAGE_REGISTRY)/auth-server \ + $$([ $(IMAGE_REGISTRY) ] && [ $(INSTALL_STABLE_CORE) != true ] && echo '--set actionsHandler.image.repository=$(IMAGE_REGISTRY)/actions-handler') \ + $$([ $(IMAGE_REGISTRY) ] && [ $(INSTALL_STABLE_CORE) != true ] && echo '--set api.image.repository=$(IMAGE_REGISTRY)/api') \ + $$([ $(IMAGE_REGISTRY) ] && [ $(INSTALL_STABLE_CORE) != true ] && echo '--set apiDB.image.repository=$(IMAGE_REGISTRY)/api-db') \ + $$([ $(IMAGE_REGISTRY) ] && [ $(INSTALL_STABLE_CORE) != true ] && echo '--set apiRedis.image.repository=$(IMAGE_REGISTRY)/api-redis') \ + $$([ $(IMAGE_REGISTRY) ] && [ $(INSTALL_STABLE_CORE) != true ] && echo '--set authServer.image.repository=$(IMAGE_REGISTRY)/auth-server') \ --set autoIdler.enabled=false \ --set backupHandler.enabled=false \ - --set broker.image.repository=$(IMAGE_REGISTRY)/broker \ - --set apiSidecarHandler.image.repository=$(IMAGE_REGISTRY)/api-sidecar-handler \ + $$([ $(IMAGE_REGISTRY) ] && [ $(INSTALL_STABLE_CORE) != true ] && echo '--set broker.image.repository=$(IMAGE_REGISTRY)/broker') \ + $$([ $(IMAGE_REGISTRY) ] && [ $(INSTALL_STABLE_CORE) != true ] && echo '--set apiSidecarHandler.image.repository=$(IMAGE_REGISTRY)/api-sidecar-handler') \ --set insightsHandler.enabled=false \ - --set keycloak.image.repository=$(IMAGE_REGISTRY)/keycloak \ - --set keycloakDB.image.repository=$(IMAGE_REGISTRY)/keycloak-db \ - --set logs2notifications.image.repository=$(IMAGE_REGISTRY)/logs2notifications \ - --set logs2notifications.additionalEnvs.EMAIL_HOST="mailpit-smtp.mailpit.svc" \ - --set logs2notifications.additionalEnvs.EMAIL_PORT="25" \ + $$([ $(IMAGE_REGISTRY) ] && [ $(INSTALL_STABLE_CORE) != true ] && echo '--set keycloak.image.repository=$(IMAGE_REGISTRY)/keycloak') \ + $$([ $(IMAGE_REGISTRY) ] && [ $(INSTALL_STABLE_CORE) != true ] && echo '--set keycloakDB.image.repository=$(IMAGE_REGISTRY)/keycloak-db') \ + $$([ $(IMAGE_REGISTRY) ] && [ $(INSTALL_STABLE_CORE) != true ] && echo '--set logs2notifications.image.repository=$(IMAGE_REGISTRY)/logs2notifications') \ + $$([ $(INSTALL_MAILPIT) = true ] && echo '--set logs2notifications.additionalEnvs.EMAIL_HOST=mailpit-smtp.mailpit.svc') \ + $$([ $(INSTALL_MAILPIT) = true ] && echo '--set logs2notifications.additionalEnvs.EMAIL_PORT="25"') \ --set logs2notifications.logs2email.disabled=false \ --set logs2notifications.logs2microsoftteams.disabled=true \ --set logs2notifications.logs2rocketchat.disabled=true \ --set logs2notifications.logs2slack.disabled=true \ --set logs2notifications.logs2webhooks.disabled=true \ - --set ssh.image.repository=$(IMAGE_REGISTRY)/ssh \ - --set webhookHandler.image.repository=$(IMAGE_REGISTRY)/webhook-handler \ - --set webhooks2tasks.image.repository=$(IMAGE_REGISTRY)/webhooks2tasks \ + $$([ $(IMAGE_REGISTRY) ] && [ $(INSTALL_STABLE_CORE) != true ] && echo '--set ssh.image.repository=$(IMAGE_REGISTRY)/ssh') \ + $$([ $(IMAGE_REGISTRY) ] && [ $(INSTALL_STABLE_CORE) != true ] && echo '--set webhookHandler.image.repository=$(IMAGE_REGISTRY)/webhook-handler') \ + $$([ $(IMAGE_REGISTRY) ] && [ $(INSTALL_STABLE_CORE) != true ] && echo '--set webhooks2tasks.image.repository=$(IMAGE_REGISTRY)/webhooks2tasks') \ --set s3FilesAccessKeyID=lagoonFilesAccessKey \ --set s3FilesSecretAccessKey=lagoonFilesSecretKey \ --set s3FilesBucket=lagoon-files \ @@ -286,87 +360,101 @@ install-lagoon-core: install-minio --set broker.ingress.enabled=true \ --set broker.ingress.hosts[0].host="lagoon-broker.$$($(KUBECTL) -n ingress-nginx get services ingress-nginx-controller -o jsonpath='{.status.loadBalancer.ingress[0].ip}').nip.io" \ --set broker.ingress.hosts[0].paths[0]="/" \ - --set workflows.image.repository=$(IMAGE_REGISTRY)/workflows \ - --set keycloak.email.enabled=true \ - --set keycloak.email.settings.host=mailpit-smtp.mailpit.svc \ - --set keycloak.email.settings.port=25 \ + $$([ $(IMAGE_REGISTRY) ] && [ $(INSTALL_STABLE_CORE) != true ] && echo '--set workflows.image.repository=$(IMAGE_REGISTRY)/workflows') \ + $$([ $(INSTALL_MAILPIT) = true ] && echo '--set keycloak.email.enabled=true') \ + $$([ $(INSTALL_MAILPIT) = true ] && echo '--set keycloak.email.settings.host=mailpit-smtp.mailpit.svc') \ + $$([ $(INSTALL_MAILPIT) = true ] && echo '--set keycloak.email.settings.port=25') \ $$([ $(LAGOON_SSH_PORTAL_LOADBALANCER) ] && echo '--set sshToken.service.type=LoadBalancer') \ $$([ $(LAGOON_SSH_PORTAL_LOADBALANCER) ] && echo '--set sshToken.service.ports.sshserver=2223') \ $$([ $(LAGOON_SSH_PORTAL_LOADBALANCER) ] && echo '--set ssh.service.type=LoadBalancer') \ $$([ $(LAGOON_SSH_PORTAL_LOADBALANCER) ] && echo '--set ssh.service.port=2020') \ lagoon-core \ - ./charts/lagoon-core + $$(if [ $(INSTALL_STABLE_CORE) = true ]; then echo 'lagoon/lagoon-core'; else echo './charts/lagoon-core'; fi) + $(KUBECTL) -n lagoon-core patch deployment lagoon-core-api -p '{"spec":{"template":{"spec":{"containers":[{"name":"api","env":[{"name":"SSH_TOKEN_ENDPOINT","value":"lagoon-token.'$$($(KUBECTL) -n lagoon-core get services lagoon-core-ssh-token -o jsonpath='{.status.loadBalancer.ingress[0].ip}')'.nip.io"}]}]}}}}' .PHONY: install-lagoon-remote -install-lagoon-remote: install-mariadb install-postgresql install-mongodb install-lagoon-core +install-lagoon-remote: +ifneq ($(INSTALL_STABLE_REMOTE),true) $(HELM) dependency build ./charts/lagoon-remote/ +else +ifeq (,$(subst ",,$(STABLE_REMOTE_CHART_VERSION))) + $(eval STABLE_REMOTE_CHART_VERSION := $(shell $(HELM) search repo lagoon/lagoon-remote -o json | $(JQ) -r '.[]|.version')) +endif +endif $(HELM) upgrade \ --install \ --create-namespace \ --namespace lagoon \ --wait \ --timeout $(TIMEOUT) \ - --values ./charts/lagoon-remote/ci/linter-values.yaml \ + $$([ $(INSTALL_STABLE_REMOTE) = true ] && [ $(STABLE_REMOTE_CHART_VERSION) ] && echo '--version=$(STABLE_REMOTE_CHART_VERSION)') \ + $$(if [ $(INSTALL_STABLE_REMOTE) = true ]; then echo '--values https://raw.githubusercontent.com/uselagoon/lagoon-charts/refs/tags/lagoon-remote-$(STABLE_REMOTE_CHART_VERSION)/charts/lagoon-remote/ci/linter-values.yaml'; else echo '--values ./charts/lagoon-remote/ci/linter-values.yaml'; fi) \ --set "lagoon-build-deploy.enabled=false" \ --set "dockerHost.registry=registry.$$($(KUBECTL) -n ingress-nginx get services ingress-nginx-controller -o jsonpath='{.status.loadBalancer.ingress[0].ip}').nip.io" \ - --set "dbaas-operator.mariadbProviders.development.environment=development" \ - --set "dbaas-operator.mariadbProviders.development.hostname=mariadb.mariadb.svc.cluster.local" \ - --set "dbaas-operator.mariadbProviders.development.password=$$($(KUBECTL) get secret --namespace mariadb mariadb -o json | $(JQ) -r '.data."mariadb-root-password" | @base64d')" \ - --set "dbaas-operator.mariadbProviders.development.port=3306" \ - --set "dbaas-operator.mariadbProviders.development.user=root" \ - --set "dbaas-operator.mariadbProviders.production.environment=production" \ - --set "dbaas-operator.mariadbProviders.production.hostname=mariadb.mariadb.svc.cluster.local" \ - --set "dbaas-operator.mariadbProviders.production.password=$$($(KUBECTL) get secret --namespace mariadb mariadb -o json | $(JQ) -r '.data."mariadb-root-password" | @base64d')" \ - --set "dbaas-operator.mariadbProviders.production.port=3306" \ - --set "dbaas-operator.mariadbProviders.production.user=root" \ - --set "dbaas-operator.postgresqlProviders.development.environment=development" \ - --set "dbaas-operator.postgresqlProviders.development.hostname=postgresql.postgresql.svc.cluster.local" \ - --set "dbaas-operator.postgresqlProviders.development.password=$$($(KUBECTL) get secret --namespace postgresql postgresql -o json | $(JQ) -r '.data."postgres-password" | @base64d')" \ - --set "dbaas-operator.postgresqlProviders.development.port=5432" \ - --set "dbaas-operator.postgresqlProviders.development.user=postgres" \ - --set "dbaas-operator.postgresqlProviders.production.environment=production" \ - --set "dbaas-operator.postgresqlProviders.production.hostname=postgresql.postgresql.svc.cluster.local" \ - --set "dbaas-operator.postgresqlProviders.production.password=$$($(KUBECTL) get secret --namespace postgresql postgresql -o json | $(JQ) -r '.data."postgres-password" | @base64d')" \ - --set "dbaas-operator.postgresqlProviders.production.port=5432" \ - --set "dbaas-operator.postgresqlProviders.production.user=postgres" \ - --set "dbaas-operator.mongodbProviders.development.environment=development" \ - --set "dbaas-operator.mongodbProviders.development.hostname=mongodb.mongodb.svc.cluster.local" \ - --set "dbaas-operator.mongodbProviders.development.password=$$($(KUBECTL) get secret --namespace mongodb mongodb -o json | $(JQ) -r '.data."mongodb-root-password" | @base64d')" \ - --set "dbaas-operator.mongodbProviders.development.port=27017" \ - --set "dbaas-operator.mongodbProviders.development.user=root" \ - --set "dbaas-operator.mongodbProviders.development.auth.mechanism=SCRAM-SHA-1" \ - --set "dbaas-operator.mongodbProviders.development.auth.source=admin" \ - --set "dbaas-operator.mongodbProviders.development.auth.tls=false" \ - --set "dbaas-operator.mongodbProviders.production.environment=production" \ - --set "dbaas-operator.mongodbProviders.production.hostname=mongodb.mongodb.svc.cluster.local" \ - --set "dbaas-operator.mongodbProviders.production.password=$$($(KUBECTL) get secret --namespace mongodb mongodb -o json | $(JQ) -r '.data."mongodb-root-password" | @base64d')" \ - --set "dbaas-operator.mongodbProviders.production.port=27017" \ - --set "dbaas-operator.mongodbProviders.production.user=root" \ - --set "dbaas-operator.mongodbProviders.production.auth.mechanism=SCRAM-SHA-1" \ - --set "dbaas-operator.mongodbProviders.production.auth.source=admin" \ - --set "dbaas-operator.mongodbProviders.production.auth.tls=false" \ - --set "sshCore.enaled=true" \ - --set "mxoutHost=mailpit-smtp.mailpit.svc.cluster.local" \ - $$([ $(IMAGE_TAG) ] && echo '--set imageTag=$(IMAGE_TAG)') \ + $$([ $(INSTALL_MARIADB_PROVIDER) = true ] && echo '--set dbaas-operator.mariadbProviders.development.environment=development') \ + $$([ $(INSTALL_MARIADB_PROVIDER) = true ] && echo '--set dbaas-operator.mariadbProviders.development.hostname=mariadb.mariadb.svc.cluster.local') \ + $$([ $(INSTALL_MARIADB_PROVIDER) = true ] && echo '--set dbaas-operator.mariadbProviders.development.password='$$($(KUBECTL) get secret --namespace mariadb mariadb -o json | $(JQ) -r '.data."mariadb-root-password" | @base64d')'') \ + $$([ $(INSTALL_MARIADB_PROVIDER) = true ] && echo '--set dbaas-operator.mariadbProviders.development.port=3306') \ + $$([ $(INSTALL_MARIADB_PROVIDER) = true ] && echo '--set dbaas-operator.mariadbProviders.development.user=root') \ + $$([ $(INSTALL_MARIADB_PROVIDER) = true ] && echo '--set dbaas-operator.mariadbProviders.production.environment=production') \ + $$([ $(INSTALL_MARIADB_PROVIDER) = true ] && echo '--set dbaas-operator.mariadbProviders.production.hostname=mariadb.mariadb.svc.cluster.local') \ + $$([ $(INSTALL_MARIADB_PROVIDER) = true ] && echo '--set dbaas-operator.mariadbProviders.production.password='$$($(KUBECTL) get secret --namespace mariadb mariadb -o json | $(JQ) -r '.data."mariadb-root-password" | @base64d')'') \ + $$([ $(INSTALL_MARIADB_PROVIDER) = true ] && echo '--set dbaas-operator.mariadbProviders.production.port=3306') \ + $$([ $(INSTALL_MARIADB_PROVIDER) = true ] && echo '--set dbaas-operator.mariadbProviders.production.user=root') \ + $$([ $(INSTALL_POSTGRES_PROVIDER) = true ] && echo '--set dbaas-operator.postgresqlProviders.development.environment=development') \ + $$([ $(INSTALL_POSTGRES_PROVIDER) = true ] && echo '--set dbaas-operator.postgresqlProviders.development.hostname=postgresql.postgresql.svc.cluster.local') \ + $$([ $(INSTALL_POSTGRES_PROVIDER) = true ] && echo '--set dbaas-operator.postgresqlProviders.development.password='$$($(KUBECTL) get secret --namespace postgresql postgresql -o json | $(JQ) -r '.data."postgres-password" | @base64d')'') \ + $$([ $(INSTALL_POSTGRES_PROVIDER) = true ] && echo '--set dbaas-operator.postgresqlProviders.development.port=5432') \ + $$([ $(INSTALL_POSTGRES_PROVIDER) = true ] && echo '--set dbaas-operator.postgresqlProviders.development.user=postgres') \ + $$([ $(INSTALL_POSTGRES_PROVIDER) = true ] && echo '--set dbaas-operator.postgresqlProviders.production.environment=production') \ + $$([ $(INSTALL_POSTGRES_PROVIDER) = true ] && echo '--set dbaas-operator.postgresqlProviders.production.hostname=postgresql.postgresql.svc.cluster.local') \ + $$([ $(INSTALL_POSTGRES_PROVIDER) = true ] && echo '--set dbaas-operator.postgresqlProviders.production.password='$$($(KUBECTL) get secret --namespace postgresql postgresql -o json | $(JQ) -r '.data."postgres-password" | @base64d')'') \ + $$([ $(INSTALL_POSTGRES_PROVIDER) = true ] && echo '--set dbaas-operator.postgresqlProviders.production.port=5432') \ + $$([ $(INSTALL_POSTGRES_PROVIDER) = true ] && echo '--set dbaas-operator.postgresqlProviders.production.user=postgres') \ + $$([ $(INSTALL_MONGODB_PROVIDER) = true ] && echo '--set dbaas-operator.mongodbProviders.development.environment=development') \ + $$([ $(INSTALL_MONGODB_PROVIDER) = true ] && echo '--set dbaas-operator.mongodbProviders.development.hostname=mongodb.mongodb.svc.cluster.local') \ + $$([ $(INSTALL_MONGODB_PROVIDER) = true ] && echo '--set dbaas-operator.mongodbProviders.development.password='$$($(KUBECTL) get secret --namespace mongodb mongodb -o json | $(JQ) -r '.data."mongodb-root-password" | @base64d')'') \ + $$([ $(INSTALL_MONGODB_PROVIDER) = true ] && echo '--set dbaas-operator.mongodbProviders.development.port=27017') \ + $$([ $(INSTALL_MONGODB_PROVIDER) = true ] && echo '--set dbaas-operator.mongodbProviders.development.user=root') \ + $$([ $(INSTALL_MONGODB_PROVIDER) = true ] && echo '--set dbaas-operator.mongodbProviders.development.auth.mechanism=SCRAM-SHA-1') \ + $$([ $(INSTALL_MONGODB_PROVIDER) = true ] && echo '--set dbaas-operator.mongodbProviders.development.auth.source=admin') \ + $$([ $(INSTALL_MONGODB_PROVIDER) = true ] && echo '--set dbaas-operator.mongodbProviders.development.auth.tls=false') \ + $$([ $(INSTALL_MONGODB_PROVIDER) = true ] && echo '--set dbaas-operator.mongodbProviders.production.environment=production') \ + $$([ $(INSTALL_MONGODB_PROVIDER) = true ] && echo '--set dbaas-operator.mongodbProviders.production.hostname=mongodb.mongodb.svc.cluster.local') \ + $$([ $(INSTALL_MONGODB_PROVIDER) = true ] && echo '--set dbaas-operator.mongodbProviders.production.password='$$($(KUBECTL) get secret --namespace mongodb mongodb -o json | $(JQ) -r '.data."mongodb-root-password" | @base64d')'') \ + $$([ $(INSTALL_MONGODB_PROVIDER) = true ] && echo '--set dbaas-operator.mongodbProviders.production.port=27017') \ + $$([ $(INSTALL_MONGODB_PROVIDER) = true ] && echo '--set dbaas-operator.mongodbProviders.production.user=root') \ + $$([ $(INSTALL_MONGODB_PROVIDER) = true ] && echo '--set dbaas-operator.mongodbProviders.production.auth.mechanism=SCRAM-SHA-1') \ + $$([ $(INSTALL_MONGODB_PROVIDER) = true ] && echo '--set dbaas-operator.mongodbProviders.production.auth.source=admin') \ + $$([ $(INSTALL_MONGODB_PROVIDER) = true ] && echo '--set dbaas-operator.mongodbProviders.production.auth.tls=false') \ + --set "sshCore.enabled=true" \ + $$([ $(INSTALL_MAILPIT) = true ] && echo '--set mxoutHost=mailpit-smtp.mailpit.svc.cluster.local') \ + $$([ $(IMAGE_TAG) ] && [ $(INSTALL_STABLE_REMOTE) != true ] && echo '--set imageTag=$(IMAGE_TAG)') \ $$([ $(LAGOON_SSH_PORTAL_LOADBALANCER) ] && echo '--set sshPortal.service.type=LoadBalancer') \ $$([ $(LAGOON_SSH_PORTAL_LOADBALANCER) ] && echo '--set sshPortal.service.ports.sshserver=2222') \ lagoon-remote \ - ./charts/lagoon-remote - $(KUBECTL) -n lagoon-core patch deployment lagoon-core-api -p '{"spec":{"template":{"spec":{"containers":[{"name":"api","env":[{"name":"SSH_TOKEN_ENDPOINT_PORT","value":"'$$($(KUBECTL) -n lagoon get services lagoon-remote-ssh-portal -o jsonpath='{.spec.ports[0].port}')'"},{"name":"SSH_TOKEN_ENDPOINT","value":"'$$($(KUBECTL) -n lagoon get services lagoon-remote-ssh-portal -o jsonpath='{.status.loadBalancer.ingress[0].ip}')'"}]}]}}}}' + $$(if [ $(INSTALL_STABLE_REMOTE) = true ]; then echo 'lagoon/lagoon-remote'; else echo './charts/lagoon-remote'; fi) # The following target should only be called as a dependency of lagoon-remote # Do not install without lagoon-core # .PHONY: install-lagoon-build-deploy -install-lagoon-build-deploy: install-lagoon-remote install-bulk-storageclass +install-lagoon-build-deploy: +ifneq ($(INSTALL_STABLE_BUILDDEPLOY),true) $(HELM) dependency build ./charts/lagoon-build-deploy/ +else +ifeq (,$(subst ",,$(STABLE_BUILDDEPLOY_CHART_VERSION))) + $(eval STABLE_BUILDDEPLOY_CHART_VERSION := $(shell $(HELM) search repo lagoon/lagoon-build-deploy -o json | $(JQ) -r '.[]|.version')) +endif +endif $(HELM) upgrade \ --install \ --create-namespace \ --namespace lagoon \ --wait \ --timeout $(TIMEOUT) \ - --values ./charts/lagoon-build-deploy/ci/linter-values.yaml \ + $$([ $(INSTALL_STABLE_BUILDDEPLOY) = true ] && [ $(STABLE_BUILDDEPLOY_CHART_VERSION) ] && echo '--version=$(STABLE_BUILDDEPLOY_CHART_VERSION)') \ + $$(if [ $(INSTALL_STABLE_BUILDDEPLOY) = true ]; then echo '--values https://raw.githubusercontent.com/uselagoon/lagoon-charts/refs/tags/lagoon-build-deploy-$(STABLE_BUILDDEPLOY_CHART_VERSION)/charts/lagoon-build-deploy/ci/linter-values.yaml'; else echo '--values ./charts/lagoon-build-deploy/ci/linter-values.yaml'; fi) \ --set "rabbitMQPassword=$$($(KUBECTL) -n lagoon-core get secret lagoon-core-broker -o json | $(JQ) -r '.data.RABBITMQ_PASSWORD | @base64d')" \ --set "rabbitMQHostname=lagoon-core-broker.lagoon-core.svc" \ --set "lagoonFeatureFlagEnableQoS=true" \ @@ -375,19 +463,26 @@ install-lagoon-build-deploy: install-lagoon-remote install-bulk-storageclass $$([ $(LAGOON_SSH_PORTAL_LOADBALANCER) ] && echo "--set lagoonTokenHost=$$($(KUBECTL) -n lagoon-core get services lagoon-core-ssh-token -o jsonpath='{.status.loadBalancer.ingress[0].ip}')") \ $$([ $(LAGOON_SSH_PORTAL_LOADBALANCER) ] && echo "--set lagoonTokenPort=$$($(KUBECTL) -n lagoon-core get services lagoon-core-ssh-token -o jsonpath='{.spec.ports[0].port}')") \ --set "QoSMaxBuilds=5" \ - --set "harbor.enabled=true" \ - --set "harbor.adminPassword=Harbor12345" \ - --set "harbor.adminUser=admin" \ - --set "harbor.host=https://registry.$$($(KUBECTL) -n ingress-nginx get services ingress-nginx-controller -o jsonpath='{.status.loadBalancer.ingress[0].ip}').nip.io" \ - $$([ $(OVERRIDE_BUILD_DEPLOY_DIND_IMAGE) ] && echo '--set overrideBuildDeployImage=$(OVERRIDE_BUILD_DEPLOY_DIND_IMAGE)') \ - $$([ $(OVERRIDE_BUILD_DEPLOY_CONTROLLER_IMAGETAG) ] && echo '--set image.tag=$(OVERRIDE_BUILD_DEPLOY_CONTROLLER_IMAGETAG)') \ - $$([ $(OVERRIDE_BUILD_DEPLOY_CONTROLLER_IMAGE_REPOSITORY) ] && echo '--set image.repository=$(OVERRIDE_BUILD_DEPLOY_CONTROLLER_IMAGE_REPOSITORY)') \ + $$([ $(INSTALL_UNAUTHENTICATED_REGISTRY) = false ] && echo --set "harbor.enabled=true") \ + $$([ $(INSTALL_UNAUTHENTICATED_REGISTRY) = false ] && echo --set "harbor.adminPassword=Harbor12345") \ + $$([ $(INSTALL_UNAUTHENTICATED_REGISTRY) = false ] && echo --set "harbor.adminUser=admin") \ + $$([ $(INSTALL_UNAUTHENTICATED_REGISTRY) = false ] && echo --set "harbor.host=https://registry.$$($(KUBECTL) -n ingress-nginx get services ingress-nginx-controller -o jsonpath='{.status.loadBalancer.ingress[0].ip}').nip.io") \ + $$([ $(INSTALL_UNAUTHENTICATED_REGISTRY) = true ] && echo --set "unauthenticatedRegistry=registry.$$($(KUBECTL) -n ingress-nginx get services ingress-nginx-controller -o jsonpath='{.status.loadBalancer.ingress[0].ip}').nip.io") \ + $$([ $(OVERRIDE_BUILD_DEPLOY_DIND_IMAGE) ] && [ ! $(INSTALL_STABLE_BUILDDEPLOY) ] && echo '--set overrideBuildDeployImage=$(OVERRIDE_BUILD_DEPLOY_DIND_IMAGE)') \ + $$([ $(OVERRIDE_BUILD_DEPLOY_CONTROLLER_IMAGETAG) ] && [ ! $(INSTALL_STABLE_BUILDDEPLOY) ] && echo '--set image.tag=$(OVERRIDE_BUILD_DEPLOY_CONTROLLER_IMAGETAG)') \ + $$([ $(OVERRIDE_BUILD_DEPLOY_CONTROLLER_IMAGE_REPOSITORY) ] && [ ! $(INSTALL_STABLE_BUILDDEPLOY) ] && echo '--set image.repository=$(OVERRIDE_BUILD_DEPLOY_CONTROLLER_IMAGE_REPOSITORY)') \ $$([ $(BUILD_DEPLOY_CONTROLLER_ROOTLESS_BUILD_PODS) ] && echo '--set rootlessBuildPods=true') \ $$([ $(LAGOON_FEATURE_FLAG_DEFAULT_ROOTLESS_WORKLOAD) ] && echo '--set lagoonFeatureFlagDefaultRootlessWorkload=$(LAGOON_FEATURE_FLAG_DEFAULT_ROOTLESS_WORKLOAD)') \ $$([ $(LAGOON_FEATURE_FLAG_DEFAULT_ISOLATION_NETWORK_POLICY) ] && echo '--set lagoonFeatureFlagDefaultIsolationNetworkPolicy=$(LAGOON_FEATURE_FLAG_DEFAULT_ISOLATION_NETWORK_POLICY)') \ $$([ $(LAGOON_FEATURE_FLAG_DEFAULT_RWX_TO_RWO) ] && echo '--set lagoonFeatureFlagDefaultRWX2RWO=$(LAGOON_FEATURE_FLAG_DEFAULT_RWX_TO_RWO)') \ lagoon-build-deploy \ - ./charts/lagoon-build-deploy + $$(if [ $(INSTALL_STABLE_BUILDDEPLOY) = true ]; then echo 'lagoon/lagoon-build-deploy'; else echo './charts/lagoon-build-deploy'; fi) +ifeq ($(INSTALL_STABLE_BUILDDEPLOY),true) + $(HELM) show crds lagoon/lagoon-build-deploy $$([ $(STABLE_BUILDDEPLOY_CHART_VERSION) ] && echo '--version=$(STABLE_BUILDDEPLOY_CHART_VERSION)') | $(KUBECTL) apply -f - +else + $(KUBECTL) apply -f ./charts/lagoon-build-deploy/crds/crd.lagoon.sh_lagoonbuilds.yaml + $(KUBECTL) apply -f ./charts/lagoon-build-deploy/crds/crd.lagoon.sh_lagoontasks.yaml +endif # allow skipping registry install for install-lagoon-remote target ifneq ($(SKIP_INSTALL_REGISTRY),true) @@ -435,9 +530,6 @@ endif .PHONY: install-test-cluster install-test-cluster: install-ingress install-registry install-bulk-storageclass install-mariadb install-postgresql install-mongodb install-minio -.PHONY: install-lagoon -install-lagoon: install-lagoon-core install-lagoon-remote - .PHONY: get-admin-creds get-admin-creds: @echo "\nLagoon UI URL: " \