Merge pull request #647 from uselagoon/prerelease/lagoon_v218

Lagoon-core appVersion v2.18.0

.github/workflows/lint-test-matrix.yaml

@@ -11,11 +11,12 @@ jobs:
       fail-fast: false
       matrix:
         kindest_node_version:
-        - v1.23.17@sha256:59c989ff8a517a93127d4a536e7014d28e235fb3529d9fba91b3951d461edfdb
-        - v1.24.15@sha256:7db4f8bea3e14b82d12e044e25e34bd53754b7f2b0e9d56df21774e6f66a70ab
-        - v1.25.11@sha256:227fa11ce74ea76a0474eeefb84cb75d8dad1b08638371ecf0e86259b35be0c8
-        - v1.26.6@sha256:6e2d8b28a5b601defe327b98bd1c2d1930b49e5d8c512e1895099e4504007adb
-        - v1.28.0@sha256:b7a4cad12c197af3ba43202d3efe03246b3f0793f162afb40a33c923952d5b31
+        - v1.23.17@sha256:14d0a9a892b943866d7e6be119a06871291c517d279aedb816a4b4bc0ec0a5b3
+        - v1.24.17@sha256:bad10f9b98d54586cba05a7eaa1b61c6b90bfc4ee174fdc43a7b75ca75c95e51
+        - v1.25.16@sha256:e8b50f8e06b44bb65a93678a65a26248fae585b3d3c2a669e5ca6c90c69dc519
+        - v1.26.14@sha256:5d548739ddef37b9318c70cb977f57bf3e5015e4552be4e27e57280a8cbb8e4f
+        - v1.27.11@sha256:681253009e68069b8e01aad36a1e0fa8cf18bb0ab3e5c4069b2e65cafdd70843
+        - v1.29.2@sha256:51a1434a5397193442f0be2a297b488b6c919ce8a3931be0ce822606ea5ca245
     steps:
     - name: Checkout
       uses: actions/checkout@v4
@@ -26,7 +27,7 @@ jobs:
       run: sudo apt-get -y install python3-wheel
 
     - name: Set up chart-testing
-      uses: helm/chart-testing-action@v2.6.0
+      uses: helm/chart-testing-action@v2.6.1
 
     - name: Run chart-testing (list-changed)
       id: list-changed
@@ -41,9 +42,9 @@ jobs:
       run: ct lint --config ./default.ct.yaml
 
     - name: Create kind cluster
-      uses: helm/kind-action@v1.8.0
+      uses: helm/kind-action@v1.9.0
       with:
-        version: v0.20.0
+        version: v0.22.0
         node_image: kindest/node:${{ matrix.kindest_node_version }}
       if: |
         (steps.list-changed.outputs.changed == 'true') ||

.github/workflows/lint-test.yaml

@@ -69,7 +69,7 @@ jobs:
       run: sudo apt-get -y install python3-wheel
 
     - name: Set up chart-testing
-      uses: helm/chart-testing-action@v2.6.0
+      uses: helm/chart-testing-action@v2.6.1
 
     - name: Run chart-testing (list-changed)
       id: list-changed
@@ -84,18 +84,23 @@ jobs:
       run: ct lint --config ./default.ct.yaml
 
     - name: Create kind cluster
-      uses: helm/kind-action@v1.8.0
+      uses: helm/kind-action@v1.9.0
       with:
-        version: v0.20.0
-        node_image: kindest/node:v1.27.3@sha256:3966ac761ae0136263ffdb6cfd4db23ef8a83cba8a463690e98317add2c9ba72
-        kubectl_version: v1.27.3
+        version: v0.22.0
+        node_image: kindest/node:v1.28.7@sha256:9bc6c451a289cf96ad0bbaf33d416901de6fd632415b076ab05f5fa7e4f65c58
+        kubectl_version: v1.28.7
       if: |
         (steps.list-changed.outputs.changed == 'true') ||
         (contains(github.event.pull_request.labels.*.name, 'needs-testing'))
 
     - name: Run chart-testing (install)
       run: ct install --config ./default.ct.yaml --helm-extra-args "--timeout 30m"
 
+    - name: Run chart-testing (needs-testing)
+      run: ct install --config ./default.ct.yaml  --helm-extra-args "--timeout 30m" --all
+      if: |
+        (contains(github.event.pull_request.labels.*.name, 'needs-testing'))
+
   artifacthub-changelog:
     runs-on: ubuntu-latest
     steps:

.github/workflows/release.yaml

@@ -19,13 +19,6 @@ jobs:
         git config user.name "$GITHUB_ACTOR"
         git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
 
-    # See https://github.com/helm/chart-releaser-action/issues/6
-    - name: Install Helm
-      run: |
-        curl -fsSLo get_helm.sh https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3
-        chmod 700 get_helm.sh
-        ./get_helm.sh
-
     - name: Add dependency chart repos
       run: |
         helm repo add banzaicloud-stable https://kubernetes-charts.banzaicloud.com
@@ -35,6 +28,6 @@ jobs:
         helm repo add kube-logging https://kube-logging.github.io/helm-charts
 
     - name: Run chart-releaser
-      uses: helm/chart-releaser-action@v1.5.0
+      uses: helm/chart-releaser-action@v1.6.0
       env:
         CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"

.github/workflows/test-suite.yaml

@@ -5,7 +5,7 @@ on: pull_request
 jobs:
   # runs for lagoon-core, lagoon-remote, lagoon-test
   test-suite:
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-latest
     strategy:
       fail-fast: false
       matrix:
@@ -48,7 +48,7 @@ jobs:
       run: sudo apt-get -y install python3-wheel
 
     - name: Set up chart-testing
-      uses: helm/chart-testing-action@v2.6.0
+      uses: helm/chart-testing-action@v2.6.1
 
     - name: Run chart-testing (list-changed)
       id: list-changed
@@ -69,14 +69,14 @@ jobs:
         envsubst < test-suite.kind-config.yaml.tpl > test-suite.kind-config.yaml
 
     - name: Create kind cluster
-      uses: helm/kind-action@v1.8.0
+      uses: helm/kind-action@v1.9.0
       if: |
         (steps.list-changed.outputs.changed == 'true') ||
         (contains(github.event.pull_request.labels.*.name, 'needs-testing'))
       with:
-        version: v0.20.0
-        node_image: kindest/node:v1.27.3@sha256:3966ac761ae0136263ffdb6cfd4db23ef8a83cba8a463690e98317add2c9ba72
-        kubectl_version: v1.27.3
+        version: v0.22.0
+        node_image: kindest/node:v1.28.7@sha256:9bc6c451a289cf96ad0bbaf33d416901de6fd632415b076ab05f5fa7e4f65c58
+        kubectl_version: v1.28.7
         config: test-suite.kind-config.yaml
 
     - name: Check node IP matches kind configuration

Makefile

@@ -79,14 +79,15 @@ install-ingress:
 		--namespace ingress-nginx \
 		--wait \
 		--timeout $(TIMEOUT) \
+		--set controller.allowSnippetAnnotations=true \
 		--set controller.service.type=NodePort \
 		--set controller.service.nodePorts.http=32080 \
 		--set controller.service.nodePorts.https=32443 \
 		--set controller.config.proxy-body-size=100m \
 		--set controller.config.hsts="false" \
 		--set controller.watchIngressWithoutClass=true \
 		--set controller.ingressClassResource.default=true \
-		--version=4.7.2 \
+		--version=4.9.1 \
 		ingress-nginx \
 		ingress-nginx/ingress-nginx
 
@@ -106,7 +107,7 @@ install-registry: install-ingress
 		--set clair.enabled=false \
 		--set notary.enabled=false \
 		--set trivy.enabled=false \
-		--version=1.13.0 \
+		--version=1.14.0 \
 		registry \
 		harbor/harbor
 
@@ -162,7 +163,7 @@ install-minio: install-ingress
 		--timeout $(TIMEOUT) \
 		--set auth.rootUser=lagoonFilesAccessKey,auth.rootPassword=lagoonFilesSecretKey \
 		--set defaultBuckets='lagoon-files\,restores' \
-		--version=12.8.7 \
+		--version=13.6.2 \
 		minio \
 		bitnami/minio
 
@@ -261,7 +262,7 @@ install-lagoon-remote: install-lagoon-build-deploy install-lagoon-core install-m
 # Do not install without lagoon-core
 #
 .PHONY: install-lagoon-build-deploy
-install-lagoon-build-deploy: install-lagoon-core install-registry
+install-lagoon-build-deploy: install-lagoon-core
 	$(HELM) dependency build ./charts/lagoon-build-deploy/
 	$(HELM) upgrade \
 		--install \
@@ -288,6 +289,11 @@ install-lagoon-build-deploy: install-lagoon-core install-registry
 		lagoon-build-deploy \
 		./charts/lagoon-build-deploy
 
+# allow skipping registry install for install-lagoon-remote target
+ifneq ($(SKIP_INSTALL_REGISTRY),true)
+install-lagoon-build-deploy: install-registry
+endif
+
 #
 # The following targets facilitate local development only and aren't used in CI.
 #

charts/lagoon-core/Chart.yaml

@@ -21,13 +21,13 @@ type: application
 # time you make changes to the chart and its templates, including the app
 # version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 1.41.0
+version: 1.42.0
 
 # This is the version number of the application being deployed. This version
 # number should be incremented each time you make changes to the application.
 # Versions are not expected to follow Semantic Versioning. They should reflect
 # the version the application is using.
-appVersion: v2.17.0
+appVersion: v2.18.0
 
 dependencies:
 - name: nats
@@ -41,10 +41,22 @@ dependencies:
 annotations:
   artifacthub.io/changes: |
     - kind: changed
-      description: bump lagoon-opensearch-sync version to v0.7.1
+      description: update Lagoon appVersion to v2.18.0
     - kind: changed
-      description: updated to insights-handler:v0.0.2
+      description: remove unused legacy registry setting from core
     - kind: changed
-      description: pinned insights to trivy:0.48.0
+      description: modify keycloak liveness and readiness endpoint
     - kind: changed
-      description: update lagoon appVersion to v2.17.0
+      description: added initcontainer to api to handle keycloak migrations
+    - kind: changed
+      description: updated insights-handler to v0.0.4
+    - kind: fixed
+      description: apiDB livenessProbe access denied
+    - kind: added
+      description: apiDB readinessProbe uses sql query
+    - kind: added
+      description: apiDB startupProbe waits for init completion
+    - kind: added
+      description: apiDB configurable terminationGracePeriodSeconds
+    - kind: added
+      description: keycloakDB aligns to apiDB

charts/lagoon-core/ci/linter-values.yaml

@@ -3,7 +3,6 @@
 # To be deprecated - see uselagoon/lagoon#2907
 harborURL: http://disabled-only-use-harbor-via-deploy-controller.invalid
 harborAdminPassword: not-needed
-registry: disabled-only-use-harbor-via-deploy-controller.invalid
 
 # used in api
 elasticsearchURL: http://opendistro-es-client-service.opendistro-es.svc.cluster.local:9200
@@ -48,7 +47,6 @@ apiRedis:
     requests:
       cpu: "10m"
 
-# TODO - update repo/tag before v2.11 release
 actionsHandler:
   replicaCount: 1
   image:
@@ -76,6 +74,9 @@ keycloak:
   resources:
     requests:
       cpu: "10m"
+  ingress:
+    annotations:
+      nginx.ingress.kubernetes.io/proxy-buffer-size: "128k"
 
 keycloakDB:
   image:

charts/lagoon-core/templates/api-db.statefulset.yaml

@@ -49,9 +49,10 @@ spec:
         volumeMounts:
         - name: {{ include "lagoon-core.apiDB.fullname" . }}-data
           mountPath: /var/lib/mysql
+      {{- with .Values.apiDB.readinessProbe }}
         readinessProbe:
-          tcpSocket:
-            port: mariadb
+          {{- toYaml . | nindent 10 }}
+      {{- end }}
       {{- with .Values.apiDB.livenessProbe }}
         livenessProbe:
           {{- toYaml . | nindent 10 }}
@@ -78,6 +79,10 @@ spec:
       tolerations:
         {{- toYaml . | nindent 8 }}
       {{- end }}
+      {{- with .Values.apiDB.terminationGracePeriodSeconds }}
+      terminationGracePeriodSeconds:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
   volumeClaimTemplates:
   - metadata:
       name: {{ include "lagoon-core.apiDB.fullname" . }}-data

charts/lagoon-core/templates/api.deployment.yaml

@@ -30,6 +30,47 @@ spec:
       {{- end }}
       securityContext:
         {{- toYaml (coalesce .Values.api.podSecurityContext .Values.podSecurityContext) | nindent 8 }}
+      initContainers:
+      - command:
+        - "sh"
+        - "-c"
+        - "node -r dotenv-extended/config dist/migrations/lagoon/migration.js"
+        image: "{{ .Values.api.image.repository }}:{{ coalesce .Values.api.image.tag .Values.imageTag .Chart.AppVersion }}"
+        imagePullPolicy: {{ .Values.api.image.pullPolicy }}
+        name: migrations
+        env:
+        - name: API_DB_HOST
+          value: {{ include "lagoon-core.apiDB.fullname" . }}
+        - name: API_DB_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: {{ include "lagoon-core.apiDB.fullname" . }}
+              key: API_DB_PASSWORD
+        - name: KEYCLOAK_ADMIN_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: {{ include "lagoon-core.keycloak.fullname" . }}
+              key: KEYCLOAK_ADMIN_PASSWORD
+        - name: KEYCLOAK_ADMIN_USER
+          value: {{ .Values.keycloakAdminUser | quote }}
+        - name: KEYCLOAK_API_CLIENT_SECRET
+          valueFrom:
+            secretKeyRef:
+              name: {{ include "lagoon-core.keycloak.fullname" . }}
+              key: KEYCLOAK_API_CLIENT_SECRET
+        - name: KEYCLOAK_URL
+          {{- if .Values.keycloakFrontEndURL }}
+          value: {{ .Values.keycloakFrontEndURL }}
+          {{- else if .Values.keycloak.ingress.enabled }}
+          value: https://{{ index .Values.keycloak.ingress.hosts 0 "host" }}
+          {{- else }}
+          value: http://{{ include "lagoon-core.keycloak.fullname" . }}:{{ .Values.keycloak.service.port }}
+          {{- end }}
+        - name: REDIS_HOST
+          value: {{ include "lagoon-core.apiRedis.fullname" . }}
+        envFrom:
+        - secretRef:
+            name: {{ include "lagoon-core.api.fullname" . }}
       containers:
       - name: api
         securityContext:
@@ -126,8 +167,6 @@ spec:
               key: RABBITMQ_USERNAME
         - name: REDIS_HOST
           value: {{ include "lagoon-core.apiRedis.fullname" . }}
-        - name: REGISTRY
-          value: {{ required "A valid .Values.registry required!" .Values.registry | quote }}
         - name: S3_FILES_BUCKET
           value: {{ required "A valid .Values.s3FilesBucket required!" .Values.s3FilesBucket | quote }}
         - name: S3_FILES_HOST

charts/lagoon-core/templates/keycloak-db.statefulset.yaml

@@ -49,12 +49,14 @@ spec:
         volumeMounts:
         - name: {{ include "lagoon-core.keycloakDB.fullname" . }}-data
           mountPath: /var/lib/mysql
-        livenessProbe:
-          tcpSocket:
-            port: mariadb
+      {{- with .Values.keycloakDB.readinessProbe }}
         readinessProbe:
-          tcpSocket:
-            port: mariadb
+          {{- toYaml . | nindent 10 }}
+      {{- end }}
+      {{- with .Values.keycloakDB.livenessProbe }}
+        livenessProbe:
+          {{- toYaml . | nindent 10 }}
+      {{- end }}
       {{- with .Values.keycloakDB.startupProbe }}
         startupProbe:
           {{- toYaml . | nindent 10 }}
@@ -77,6 +79,10 @@ spec:
       tolerations:
         {{- toYaml . | nindent 8 }}
       {{- end }}
+      {{- with .Values.keycloakDB.terminationGracePeriodSeconds }}
+      terminationGracePeriodSeconds:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
   volumeClaimTemplates:
   - metadata:
       name: {{ include "lagoon-core.keycloakDB.fullname" . }}-data