Merge pull request #189 from cloudogu/feature/tool-upgrades

GOP Tools upgrade
cloudogu · Apr 26, 2024 · 9e28e51 · 9e28e51
2 parents 8465bab + 138ec22
commit 9e28e51
Show file tree

Hide file tree

Showing 11 changed files with 145 additions and 85 deletions.
diff --git a/applications/cluster-resources/monitoring/prometheus-stack-helm-values.ftl.yaml b/applications/cluster-resources/monitoring/prometheus-stack-helm-values.ftl.yaml
@@ -5,7 +5,13 @@ defaultRules:
     alertmanager: true
     etcd: false
     general: true
-    k8s: false
+    k8sContainerCpuUsageSecondsTotal: false
+    k8sContainerMemoryCache: false
+    k8sContainerMemoryRss: false
+    k8sContainerMemorySwap: false
+    k8sContainerResource: false
+    k8sContainerMemoryWorkingSetBytes: false
+    k8sPodOwner: false
     kubeApiserver: false
     kubeApiserverAvailability: false
     kubeApiserverBurnrate: false
@@ -28,6 +34,7 @@ defaultRules:
     nodeExporterRecording: false
     prometheus: true
     prometheusOperator: true
+    windows: false
 kubeStateMetrics:
   enabled: false
 nodeExporter:
@@ -76,11 +83,7 @@ grafana:
     enabled: true
     hosts: [${monitoring.grafana.host}]
 </#if>
-  containerSecurityContext:
-    allowPrivilegeEscalation: false
   sidecar:
-    securityContext:
-      allowPrivilegeEscalation: false
     dashboards:
       #this needs to be added so that the label will become 'label: grafana_dashboards: "1"'
       labelValue: 1

diff --git a/docs/developers.md b/docs/developers.md
@@ -211,7 +211,7 @@ The GitOps Playground comprises a lot of software components. The versions of so
 repository so need to be upgraded regularly.
 
 * Kubernetes [in Terraform](../terraform/vars.tf) and locally [k3d](../scripts/init-cluster.sh),
-* [k3d](../scripts/init-cluster.sh), [Upgrade to v5 WIP](https://github.com/cloudogu/gitops-playground/tree/feature/k3d-version5) 
+* [k3d](../scripts/init-cluster.sh)
 * [Groovy libs](../pom.xml) + [Maven](../.mvn/wrapper/maven-wrapper.properties)
 * Installed components
   * Jenkins 
@@ -223,11 +223,11 @@ repository so need to be upgraded regularly.
     * Agent Image
   * SCM-Manager Helm Chart + Plugins
   * Docker Registry Helm Chart
-  * GitOps Operators
-    * ArgoCD Helm Chart
-    * Flux v2 Helm Charts
+  * ArgoCD Helm Chart
   * Grafana + Prometheus [Helm Charts](../src/main/groovy/com/cloudogu/gitops/ApplicationConfigurator.groovy)
   * Vault + ExternalSerets Operator [Helm Charts](../src/main/groovy/com/cloudogu/gitops/ApplicationConfigurator.groovy)
+  * Ingress-nginx [Helm Charts](https://artifacthub.io/packages/helm/ingress-nginx/ingress-nginx)
+  * Mailhog
 * Applications
   * GitOps-build-lib + `buildImages`
   * ces-build-lib

diff --git a/scm-manager/values.ftl.yaml b/scm-manager/values.ftl.yaml
@@ -0,0 +1,22 @@
+persistence:
+  size: 1Gi
+
+extraEnv: |
+    - name: SCM_WEBAPP_INITIALUSER
+      value: "${username}"
+    - name: SCM_WEBAPP_INITIALPASSWORD
+      value: "${password}"
+
+<#if !remote>
+service:
+  nodePort: 9091
+  type: NodePort
+</#if>
+
+<#if host?has_content>
+ingress:
+  enabled: true
+  path: /
+  hosts:
+    - ${host}
+</#if>
diff --git a/scm-manager/values.yaml b/scm-manager/values.yaml
diff --git a/scripts/scm-manager/init-scmm.sh b/scripts/scm-manager/init-scmm.sh
@@ -22,10 +22,6 @@ function initSCMM() {
 
   SCMM_HOST=$(getHost "${SCMM_URL}")
   SCMM_PROTOCOL=$(getProtocol "${SCMM_URL}")
-
-  if [[ ${INTERNAL_SCMM} == true ]]; then
-    deployLocalScmmManager "${REMOTE_CLUSTER}" "${SCMM_USERNAME}" "${SCMM_PASSWORD}" "${BASE_URL}"
-  fi
 
   setExternalHostnameIfNecessary 'SCMM' 'scmm-scm-manager' 'default'
   [[ "${SCMM_URL}" != *scm ]] && SCMM_URL=${SCMM_URL}/scm
@@ -34,7 +30,7 @@ function initSCMM() {
   # they contain repository URLs created with SCMM_BASE_URL. Jenkins uses the internal URL for repos. So match is only
   # successful, when SCM also sends the Repo URLs using the internal URL
   configureScmmManager "${SCMM_USERNAME}" "${SCMM_PASSWORD}" "${SCMM_URL}" "${JENKINS_URL_FOR_SCMM}" \
-    "${SCMM_URL_FOR_JENKINS}" "${INTERNAL_SCMM}" "${INSTALL_ARGOCD}"
+    "${SCMM_URL_FOR_JENKINS}" "${INSTALL_ARGOCD}"
 
   pushHelmChartRepo "3rd-party-dependencies/spring-boot-helm-chart"
   pushHelmChartRepoWithDependency "3rd-party-dependencies/spring-boot-helm-chart-with-dependency"
@@ -128,27 +124,6 @@ function setDefaultBranch() {
     "${SCMM_PROTOCOL}://${SCMM_USERNAME}:${SCMM_PASSWORD}@${SCMM_HOST}/api/v2/config/git/${TARGET_REPO_SCMM}"
 }
 
-function deployLocalScmmManager() {
-
-  helm repo add scm-manager https://packages.scm-manager.org/repository/helm-v2-releases/
-  helm repo update scm-manager
-  helm upgrade -i scmm --values scm-manager/values.yaml \
-    $(scmmHelmSettingsForRemoteCluster) $(scmmIngress)\
-    --version ${SCMM_HELM_CHART_VERSION} scm-manager/scm-manager -n default \
-    --set extraArgs="{-Dscm.initialPassword=${SCMM_PASSWORD},-Dscm.initialUser=${SCMM_USERNAME}}"
-}
-
-function scmmIngress() {
-    if [[ -n "${BASE_URL}" ]]; then
-      if [[ $URL_SEPARATOR_HYPHEN == true ]]; then
-        local scmmHost="scmm-$(extractHost "${BASE_URL}")"
-      else
-        local scmmHost="scmm.$(extractHost "${BASE_URL}")"
-      fi
-    echo "--set ingress.enabled=true --set ingress.path=/ --set ingress.hosts[0]=${scmmHost}"
-    fi
-}
-
 function configureScmmManager() {
   ADMIN_USERNAME=${1}
   ADMIN_PASSWORD=${2}
@@ -159,8 +134,7 @@ function configureScmmManager() {
   # They contain Repository URLs create with SCMM_BASE_URL. Jenkins uses the internal URL for repos. So match is only
   # successful, when SCM also sends the Repo URLs using the internal URL
   SCMM_BASE_URL=${5}
-  IS_LOCAL=${6}
-  INSTALL_ARGOCD="${7}"
+  INSTALL_ARGOCD="${6}"
 
   GITOPS_USERNAME="${NAME_PREFIX}gitops"
   GITOPS_PASSWORD=${ADMIN_PASSWORD}
@@ -365,16 +339,6 @@ function configJenkins() {
   printStatus "${STATUS}"
 }
 
-function scmmHelmSettingsForRemoteCluster() {
-  if [[ $REMOTE_CLUSTER == true ]]; then
-    # Default clusters don't allow for node ports < 30.000, so just unset nodePort.
-    # A defined nodePort is not needed for remote cluster, where the externalIp is used for accessing SCMM
-    echo "--set service.nodePort="
-  else
-    echo "--set service.type=NodePort"
-  fi
-}
-
 function waitForScmManager() {
   echo -n "Waiting for Scmm to become available at ${SCMM_PROTOCOL}://${SCMM_HOST}/api/v2"
 

diff --git a/src/main/groovy/com/cloudogu/gitops/config/ApplicationConfigurator.groovy b/src/main/groovy/com/cloudogu/gitops/config/ApplicationConfigurator.groovy
@@ -68,10 +68,11 @@ class ApplicationConfigurator {
                     urlForJenkins : 'http://scmm-scm-manager/scm', // set dynamically
                     host : '', // Set dynamically
                     protocol : '', // Set dynamically
+                    ingress : '', // Set dynamically
                     helm  : [
-                            //chart  : 'scm-manager',
-                            //repoURL: 'https://packages.scm-manager.org/repository/helm-v2-releases/',
-                            version: '2.47.0'
+                            chart  : 'scm-manager',
+                            repoURL: 'https://packages.scm-manager.org/repository/helm-v2-releases/',
+                            version: '3.1.0'
                     ]
             ],
             application: [
@@ -154,7 +155,7 @@ class ApplicationConfigurator {
                                         helm template prometheus-community/kube-prometheus-stack --version XYZ --include-crds */
                                     chart  : 'kube-prometheus-stack',
                                     repoURL: 'https://prometheus-community.github.io/helm-charts',
-                                    version: '42.0.3',
+                                    version: '58.2.1',
                                     grafanaImage: '',
                                     grafanaSidecarImage: '',
                                     prometheusImage: '',
@@ -168,7 +169,7 @@ class ApplicationConfigurator {
                                     helm: [
                                             chart  : 'external-secrets',
                                             repoURL: 'https://charts.external-secrets.io',
-                                            version: '0.6.1',
+                                            version: '0.9.16',
                                             image  : '',
                                             certControllerImage: '',
                                             webhookImage: ''
@@ -180,7 +181,7 @@ class ApplicationConfigurator {
                                     helm: [
                                             chart  : 'vault',
                                             repoURL: 'https://helm.releases.hashicorp.com',
-                                            version: '0.22.1',
+                                            version: '0.25.0',
                                             image: '',
                                     ]
                             ]
@@ -317,7 +318,7 @@ class ApplicationConfigurator {
             newConfig.scmm["url"] = networkingUtils.createUrl("scmm-scm-manager.default.svc.cluster.local", "80", "/scm")
         } else {
             log.debug("Setting internal scmm configs")
-            def port = fileSystemUtils.getLineFromFile(fileSystemUtils.getRootDir() + "/scm-manager/values.yaml", "nodePort:").findAll(/\d+/)*.toString().get(0)
+            def port = fileSystemUtils.getLineFromFile(fileSystemUtils.getRootDir() + "/scm-manager/values.ftl.yaml", "nodePort:").findAll(/\d+/)*.toString().get(0)
             String cba = newConfig.application["clusterBindAddress"]
             newConfig.scmm["url"] = networkingUtils.createUrl(cba, port, "/scm")
         }
@@ -326,6 +327,12 @@ class ApplicationConfigurator {
         log.debug("Getting host and protocol from scmmUrl: " + scmmUrl)
         newConfig.scmm["host"] = networkingUtils.getHost(scmmUrl)
         newConfig.scmm["protocol"] = networkingUtils.getProtocol(scmmUrl)
+
+        // We probably could get rid of some of the complexity by refactoring url, host and ingress into a single var
+        if (newConfig.application['baseUrl']) {
+            newConfig.scmm['ingress'] = new URL(injectSubdomain('scmm', 
+                    newConfig.application['baseUrl'] as String, newConfig.application['urlSeparatorHyphen'] as Boolean)).host
+        }
     }
 
     private void addJenkinsConfig(Map newConfig) {

diff --git a/src/main/groovy/com/cloudogu/gitops/features/ScmManager.groovy b/src/main/groovy/com/cloudogu/gitops/features/ScmManager.groovy
@@ -2,8 +2,11 @@ package com.cloudogu.gitops.features
 
 import com.cloudogu.gitops.Feature
 import com.cloudogu.gitops.config.Configuration
+import com.cloudogu.gitops.features.deployment.DeploymentStrategy
+import com.cloudogu.gitops.features.deployment.HelmStrategy
 import com.cloudogu.gitops.utils.CommandExecutor
 import com.cloudogu.gitops.utils.FileSystemUtils
+import com.cloudogu.gitops.utils.TemplatingEngine
 import groovy.util.logging.Slf4j
 import io.micronaut.core.annotation.Order
 import jakarta.inject.Singleton
@@ -13,18 +16,24 @@ import jakarta.inject.Singleton
 @Order(80)
 class ScmManager extends Feature {
 
+    static final String HELM_VALUES_PATH = "scm-manager/values.ftl.yaml"
+
     private Map config
     private CommandExecutor commandExecutor
     private FileSystemUtils fileSystemUtils
+    private DeploymentStrategy deployer
 
     ScmManager(
             Configuration config,
             CommandExecutor commandExecutor,
-            FileSystemUtils fileSystemUtils
+            FileSystemUtils fileSystemUtils,
+            // For now we deploy imperatively using helm to avoid order problems. In future we could deploy via argocd.
+            HelmStrategy deployer
     ) {
         this.config = config.getConfig()
         this.commandExecutor = commandExecutor
         this.fileSystemUtils = fileSystemUtils
+        this.deployer = deployer
     }
 
     @Override
@@ -35,6 +44,27 @@ class ScmManager extends Feature {
     @Override
     void enable() {
 
+        if (config.scmm['internal']) {
+            def helmConfig = config['scmm']['helm']
+
+            def tmpHelmValues = new TemplatingEngine().replaceTemplate(fileSystemUtils.copyToTempDir(HELM_VALUES_PATH).toFile(), [
+                    host  : config.scmm['ingress'],
+                    remote: config.application['remote'],
+                    username:  config.scmm['username'],
+                    password: config.scmm['password']
+            ]).toPath()
+
+            deployer.deployFeature(
+                    helmConfig['repoURL'] as String,
+                    'scm-manager',
+                    helmConfig['chart'] as String,
+                    helmConfig['version'] as String,
+                    'default',
+                    'scmm',
+                    tmpHelmValues
+            )
+        }
+
         commandExecutor.execute("${fileSystemUtils.rootDir}/scripts/scm-manager/init-scmm.sh", [
 
                 GIT_COMMITTER_NAME           : config.application['gitName'],
@@ -46,20 +76,17 @@ class ScmManager extends Feature {
                 SCMM_USERNAME                : config.scmm['username'],
                 SCMM_PASSWORD                : config.scmm['password'],
                 JENKINS_URL                  : config.jenkins['url'],
-                INTERNAL_SCMM                : config.scmm['internal'],
                 JENKINS_URL_FOR_SCMM         : config.jenkins['urlForScmm'],
                 SCMM_URL_FOR_JENKINS         : config.scmm['urlForJenkins'],
+                // Used indirectly in utils.sh 😬
                 REMOTE_CLUSTER               : config.application['remote'],
-                BASE_URL                     : config.application['baseUrl'] ? config.application['baseUrl'] : '',
                 INSTALL_ARGOCD               : config.features['argocd']['active'],
-                SCMM_HELM_CHART_VERSION      : config.scmm['helm']['version'],
                 SPRING_BOOT_HELM_CHART_COMMIT: config.repositories['springBootHelmChart']['ref'],
                 SPRING_BOOT_HELM_CHART_REPO  : config.repositories['springBootHelmChart']['url'],
                 GITOPS_BUILD_LIB_REPO        : config.repositories['gitopsBuildLib']['url'],
                 CES_BUILD_LIB_REPO           : config.repositories['cesBuildLib']['url'],
                 NAME_PREFIX                  : config.application['namePrefix'],
                 INSECURE                     : config.application['insecure'],
-                URL_SEPARATOR_HYPHEN         : config.application['urlSeparatorHyphen']
         ])
     }
 }
diff --git a/src/main/groovy/com/cloudogu/gitops/features/argocd/ArgoCD.groovy b/src/main/groovy/com/cloudogu/gitops/features/argocd/ArgoCD.groovy
@@ -21,7 +21,6 @@ class ArgoCD extends Feature {
     static final String HELM_VALUES_PATH = 'argocd/values.yaml'
     static final String CHART_YAML_PATH = 'argocd/Chart.yaml'
     static final String SCMM_URL_INTERNAL = "http://scmm-scm-manager.default.svc.cluster.local/scm"
-    static final String SERVICE_MONITOR_CRD = 'applications/cluster-resources/monitoring/crd-servicemonitors.yaml'
     private Map config
     private List<RepoInitializationAction> gitRepos = []
 
@@ -197,8 +196,8 @@ class ArgoCD extends Feature {
         log.debug("Creating namespace for monitoring, so argocd can add its service monitors there")
         k8sClient.createNamespace('monitoring')
         log.debug("Applying ServiceMonitor CRD; Argo CD fails if it is not there. Chicken-egg-problem.")
-        k8sClient.applyYaml("https://raw.githubusercontent.com/prometheus-community/helm-charts/kube-prometheus-stack-${config['features']['monitoring']['helm']['version']}/charts/kube-prometheus-stack/crds/crd-servicemonitors.yaml")
-        
+        k8sClient.applyYaml("https://raw.githubusercontent.com/prometheus-community/helm-charts/kube-prometheus-stack-${config['features']['monitoring']['helm']['version']}/charts/kube-prometheus-stack/charts/crds/crds/crd-servicemonitors.yaml")
+
         log.debug("Creating repo credential secret that is used by argocd to access repos in SCM-Manager")
         // Create secret imperatively here instead of values.yaml, because we don't want it to show in git repo 
         def repoTemplateSecretName = 'argocd-repo-creds-scmm'

diff --git a/src/test/groovy/com/cloudogu/gitops/ApplicationConfiguratorTest.groovy b/src/test/groovy/com/cloudogu/gitops/ApplicationConfiguratorTest.groovy
@@ -74,7 +74,7 @@ class ApplicationConfiguratorTest {
         applicationConfigurator = new ApplicationConfigurator(networkingUtils, fileSystemUtils, new JsonSchemaValidator(new JsonSchemaGenerator()))
         testLogger = new TestLogger(applicationConfigurator.getClass())
         when(fileSystemUtils.getRootDir()).thenReturn("/test")
-        when(fileSystemUtils.getLineFromFile("/test/scm-manager/values.yaml", "nodePort:")).thenReturn("nodePort: 9091")
+        when(fileSystemUtils.getLineFromFile("/test/scm-manager/values.ftl.yaml", "nodePort:")).thenReturn("nodePort: 9091")
         when(fileSystemUtils.getLineFromFile("/test/jenkins/values.yaml", "nodePort:")).thenReturn("nodePort: 9090")
 
         when(networkingUtils.createUrl(anyString(), anyString(), anyString())).thenCallRealMethod()
@@ -246,6 +246,7 @@ images:
         assertThat(actualConfig.features['secrets']['vault']['url']).isEqualTo("http://vault.localhost")
         assertThat(actualConfig.features['exampleApps']['petclinic']['baseDomain']).isEqualTo("petclinic.localhost")
         assertThat(actualConfig.features['exampleApps']['nginx']['baseDomain']).isEqualTo("nginx.localhost")
+        assertThat(actualConfig.scmm['ingress']).isEqualTo("scmm.localhost")
     }
 
     @Test
@@ -266,6 +267,7 @@ images:
         assertThat(actualConfig.features['secrets']['vault']['url']).isEqualTo("http://vault-localhost")
         assertThat(actualConfig.features['exampleApps']['petclinic']['baseDomain']).isEqualTo("petclinic-localhost")
         assertThat(actualConfig.features['exampleApps']['nginx']['baseDomain']).isEqualTo("nginx-localhost")
+        assertThat(actualConfig.scmm['ingress']).isEqualTo("scmm-localhost")
     }
 
     @Test