uselagoon · tobybellwood · Sep 17, 2024 · Aug 15, 2024 · Aug 15, 2024 · Aug 15, 2024
diff --git a/.github/workflows/lint-test-matrix.yaml b/.github/workflows/lint-test-matrix.yaml
@@ -11,11 +11,12 @@ jobs:
       fail-fast: false
       matrix:
         kindest_node_version:
-        - v1.25.16@sha256:5da57dfc290ac3599e775e63b8b6c49c0c85d3fec771cd7d55b45fae14b38d3b
-        - v1.26.15@sha256:84333e26cae1d70361bb7339efb568df1871419f2019c80f9a12b7e2d485fe19
-        - v1.27.13@sha256:17439fa5b32290e3ead39ead1250dca1d822d94a10d26f1981756cd51b24b9d8
-        - v1.28.9@sha256:dca54bc6a6079dd34699d53d7d4ffa2e853e46a20cd12d619a09207e35300bd0
-        - v1.29.4@sha256:3abb816a5b1061fb15c6e9e60856ec40d56b7b52bcea5f5f1350bc6e2320b6f8
+        - v1.25.16@sha256:6110314339b3b44d10da7d27881849a87e092124afab5956f2e10ecdb463b025
+        - v1.26.15@sha256:1cc15d7b1edd2126ef051e359bf864f37bbcf1568e61be4d2ed1df7a3e87b354
+        - v1.27.17@sha256:3fd82731af34efe19cd54ea5c25e882985bafa2c9baefe14f8deab1737d9fabe
+        - v1.28.13@sha256:45d319897776e11167e4698f6b14938eb4d52eb381d9e3d7a9086c16c69a8110
+        - v1.29.8@sha256:d46b7aa29567e93b27f7531d258c372e829d7224b25e3fc6ffdefed12476d3aa
+        - v1.31.0@sha256:53df588e04085fd41ae12de0c3fe4c72f7013bba32a20e7325357a1ac94ba865
     steps:
     - name: Checkout
       uses: actions/checkout@v4
@@ -43,7 +44,7 @@ jobs:
     - name: Create kind cluster
       uses: helm/[email protected]
       with:
-        version: v0.23.0
+        version: v0.24.0
         node_image: kindest/node:${{ matrix.kindest_node_version }}
       if: |
         (steps.list-changed.outputs.changed == 'true') ||

diff --git a/.github/workflows/lint-test.yaml b/.github/workflows/lint-test.yaml
@@ -78,9 +78,9 @@ jobs:
     - name: Create kind cluster
       uses: helm/[email protected]
       with:
-        version: v0.23.0
-        node_image: kindest/node:v1.30.0@sha256:047357ac0cfea04663786a612ba1eaba9702bef25227a794b52890dd8bcd692e
-        kubectl_version: v1.30.0
+        version: v0.24.0
+        node_image: kindest/node:v1.30.4@sha256:976ea815844d5fa93be213437e3ff5754cd599b040946b5cca43ca45c2047114
+        kubectl_version: v1.30.4
       if: |
         (steps.list-changed.outputs.changed == 'true') ||
         (contains(github.event.pull_request.labels.*.name, 'needs-testing'))
@@ -96,6 +96,11 @@ jobs:
         ct install --config ./default.ct.yaml --helm-extra-args "--timeout 30m"
       if: ${{ contains(github.event.pull_request.labels.*.name, 'next-release') }}
 
+    - name: Run chart-testing (upgrade changed next-release only)
+      run: |
+        ct install --upgrade --config ./default.ct.yaml --helm-extra-args "--timeout 30m"
+      if: ${{ contains(github.event.pull_request.labels.*.name, 'next-release') }}
+
     - name: Run chart-testing (install all charts when required)
       run: ct install --config ./default.ct.yaml  --helm-extra-args "--timeout 30m" --all
       if: ${{ contains(github.event.pull_request.labels.*.name, 'next-release') || contains(github.event.pull_request.labels.*.name, 'needs-testing') }}

diff --git a/.github/workflows/test-suite.yaml b/.github/workflows/test-suite.yaml
@@ -77,9 +77,9 @@ jobs:
         (contains(github.event.pull_request.labels.*.name, 'needs-testing')) ||
         (contains(github.event.pull_request.labels.*.name, 'next-release'))
       with:
-        version: v0.23.0
-        node_image: kindest/node:v1.30.0@sha256:047357ac0cfea04663786a612ba1eaba9702bef25227a794b52890dd8bcd692e
-        kubectl_version: v1.30.0
+        version: v0.24.0
+        node_image: kindest/node:v1.30.4@sha256:976ea815844d5fa93be213437e3ff5754cd599b040946b5cca43ca45c2047114
+        kubectl_version: v1.30.4
         config: test-suite.kind-config.yaml
 
     - name: Check node IP matches kind configuration

diff --git a/charts/lagoon-core/Chart.yaml b/charts/lagoon-core/Chart.yaml
@@ -21,13 +21,13 @@ type: application
 # time you make changes to the chart and its templates, including the app
 # version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 1.47.0
+version: 1.48.0
 
 # This is the version number of the application being deployed. This version
 # number should be incremented each time you make changes to the application.
 # Versions are not expected to follow Semantic Versioning. They should reflect
 # the version the application is using.
-appVersion: v2.20.1
+appVersion: v2.21.0
 
 dependencies:
 - name: nats
@@ -41,6 +41,21 @@ dependencies:
 annotations:
   artifacthub.io/changes: |
     - kind: changed
-      description: add support for injecting hostkeys in core ssh service
+      description: update Lagoon appVersion to v2.21.0
+      links:
+        - name: lagoon-core v2.21.0 release
+          url: https://github.com/uselagoon/lagoon/releases/tag/v2.21.0
     - kind: changed
-      description: update Lagoon appVersion to v2.20.1
+      description: update insights-handler to v0.0.6
+      links:
+        - name: insights-remote v0.0.6 release
+          url: https://github.com/uselagoon/insights-handler/releases/tag/v0.0.6
+    - kind: changed
+      description: update ssh-portal and ssh-token to v0.37.2
+      links:
+        - name: ssh-portal v0.37.2 release
+          url: https://github.com/uselagoon/lagoon-ssh-portal/releases/tag/v0.37.2
+    - kind: changed
+      description: add broker-flag-enable pre-upgrade job
+    - kind: changed
+      description: add KEYCLOAK_FRONTEND_URL variable to api deployment
diff --git a/charts/lagoon-core/ci/linter-values.yaml b/charts/lagoon-core/ci/linter-values.yaml
@@ -142,9 +142,9 @@ backupHandler:
       cpu: "10m"
 
 insightsHandler:
+  enabled: true
   image:
     repository: uselagoon/insights-handler
-    tag: main
 
 logs2notifications:
   replicaCount: 1

diff --git a/charts/lagoon-core/templates/_helpers.tpl b/charts/lagoon-core/templates/_helpers.tpl
@@ -240,6 +240,15 @@ app.kubernetes.io/instance: {{ .Release.Name }}
 
 
 
+{{/*
+Create a default fully qualified app name for broker-flag-enable job.
+*/}}
+{{- define "lagoon-core.brokerFlagEnable.fullname" -}}
+{{- include "lagoon-core.fullname" . }}-broker-flag-enable
+{{- end }}
+
+
+
 {{/*
 Create a default fully qualified app name for auth-server.
 */}}

diff --git a/charts/lagoon-core/templates/api.deployment.yaml b/charts/lagoon-core/templates/api.deployment.yaml
@@ -58,14 +58,16 @@ spec:
             secretKeyRef:
               name: {{ include "lagoon-core.keycloak.fullname" . }}
               key: KEYCLOAK_API_CLIENT_SECRET
-        - name: KEYCLOAK_URL
+        - name: KEYCLOAK_FRONTEND_URL
           {{- if .Values.keycloakFrontEndURL }}
-          value: {{ .Values.keycloakFrontEndURL }}
+          value: {{ .Values.keycloakFrontEndURL }}/auth
           {{- else if .Values.keycloak.ingress.enabled }}
-          value: https://{{ index .Values.keycloak.ingress.hosts 0 "host" }}
+          value: https://{{ index .Values.keycloak.ingress.hosts 0 "host" }}/auth
           {{- else }}
-          value: http://{{ include "lagoon-core.keycloak.fullname" . }}:{{ .Values.keycloak.service.port }}
+          value: http://{{ include "lagoon-core.keycloak.fullname" . }}:{{ .Values.keycloak.service.port }}/auth
           {{- end }}
+        - name: KEYCLOAK_URL
+          value: http://{{ include "lagoon-core.keycloak.fullname" . }}:{{ .Values.keycloak.service.port }}
         - name: REDIS_HOST
           value: {{ include "lagoon-core.apiRedis.fullname" . }}
         envFrom:
@@ -153,14 +155,16 @@ spec:
             secretKeyRef:
               name: {{ include "lagoon-core.keycloak.fullname" . }}
               key: KEYCLOAK_API_CLIENT_SECRET
-        - name: KEYCLOAK_URL
+        - name: KEYCLOAK_FRONTEND_URL
           {{- if .Values.keycloakFrontEndURL }}
-          value: {{ .Values.keycloakFrontEndURL }}
+          value: {{ .Values.keycloakFrontEndURL }}/auth
           {{- else if .Values.keycloak.ingress.enabled }}
-          value: https://{{ index .Values.keycloak.ingress.hosts 0 "host" }}
+          value: https://{{ index .Values.keycloak.ingress.hosts 0 "host" }}/auth
           {{- else }}
-          value: http://{{ include "lagoon-core.keycloak.fullname" . }}:{{ .Values.keycloak.service.port }}
+          value: http://{{ include "lagoon-core.keycloak.fullname" . }}:{{ .Values.keycloak.service.port }}/auth
           {{- end }}
+        - name: KEYCLOAK_URL
+          value: http://{{ include "lagoon-core.keycloak.fullname" . }}:{{ .Values.keycloak.service.port }}
         - name: KIBANA_URL
           value: {{ required "A valid .Values.kibanaURL required!" .Values.kibanaURL | quote }}
         - name: LAGOON_VERSION

diff --git a/charts/lagoon-core/templates/broker.flag-enable.job.yaml b/charts/lagoon-core/templates/broker.flag-enable.job.yaml
@@ -0,0 +1,63 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: {{ include "lagoon-core.brokerFlagEnable.fullname" . }}
+  labels:
+    {{- include "lagoon-core.broker.labels" . | nindent 4 }}
+  annotations:
+    "helm.sh/hook": pre-upgrade
+    "helm.sh/hook-weight": "-5"
+spec:
+  backoffLimit: 2
+  template:
+    metadata:
+      labels:
+        {{- include "lagoon-core.broker.selectorLabels" . | nindent 8 }}
+    spec:
+      restartPolicy: Never
+      securityContext:
+          {{- toYaml .Values.broker.securityContext | nindent 8 }}
+      terminationGracePeriodSeconds: 120
+      containers:
+      - name: broker-flag-enable
+        args:
+        - /enable-feature-flags.sh
+        image: "{{ .Values.broker.image.repository }}:{{ coalesce .Values.broker.image.tag .Values.imageTag .Chart.AppVersion }}"
+        imagePullPolicy: {{ .Values.broker.image.pullPolicy }}
+        command:
+        - /bin/sh
+        - -c
+        securityContext:
+          {{- toYaml .Values.broker.securityContext | nindent 10 }}
+        env:
+        - name: RABBITMQ_DEFAULT_PASS
+          valueFrom:
+            secretKeyRef:
+              name: {{ include "lagoon-core.broker.fullname" . }}
+              key: RABBITMQ_PASSWORD
+        - name: RABBITMQ_DEFAULT_USER
+          valueFrom:
+            secretKeyRef:
+              name: {{ include "lagoon-core.broker.fullname" . }}
+              key: RABBITMQ_USERNAME
+        - name: RABBITMQ_USE_LONGNAME
+          value: "true"
+        # these variables are used by the /cluster-rabbit.sh entrypoint
+        - name: POD_NAMESPACE
+          value: {{ .Release.Namespace | quote }}
+        - name: SERVICE_NAME
+          value: {{ include "lagoon-core.broker.fullname" . }}
+      {{- range $key, $val := .Values.broker.additionalEnvs }}
+        - name: {{ $key }}
+          value: {{ $val | quote }}
+      {{- end }}
+        resources:
+          {{- toYaml .Values.broker.resources | nindent 10 }}
+      {{- with .Values.broker.nodeSelector }}
+      nodeSelector:
+        {{ toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.broker.tolerations }}
+      tolerations:
+        {{ toYaml . | nindent 8 }}
+      {{- end }}
diff --git a/charts/lagoon-core/values.yaml b/charts/lagoon-core/values.yaml
@@ -630,7 +630,7 @@ insightsHandler:
     repository: uselagoon/insights-handler
     pullPolicy: Always
     # Overrides the image tag whose default is the chart appVersion.
-    tag: "v0.0.5"
+    tag: "v0.0.6"
 
   podAnnotations: {}
 
@@ -885,7 +885,7 @@ sshPortalAPI:
     repository: ghcr.io/uselagoon/lagoon-ssh-portal/ssh-portal-api
     pullPolicy: IfNotPresent
     # Overrides the image tag whose default is the chart appVersion.
-    tag: "v0.37.0"
+    tag: "v0.37.2"
 
   podAnnotations: {}
 
@@ -958,7 +958,7 @@ sshToken:
     repository: ghcr.io/uselagoon/lagoon-ssh-portal/ssh-token
     pullPolicy: IfNotPresent
     # Overrides the image tag whose default is the chart appVersion.
-    tag: "v0.37.0"
+    tag: "v0.37.2"
 
   podAnnotations: {}
 

diff --git a/charts/lagoon-docker-host/Chart.yaml b/charts/lagoon-docker-host/Chart.yaml
@@ -16,7 +16,7 @@ type: application
 # This is the chart version. This version number should be incremented each
 # time you make changes to the chart and its templates, including the app
 # version.
-version: 0.3.0
+version: 0.3.1
 
 appVersion: v3.5.0
 
@@ -26,4 +26,4 @@ appVersion: v3.5.0
 annotations:
   artifacthub.io/changes: |
     - kind: changed
-      description: update docker-host from v3.3.0 to v3.5.0
+      description: configure network policy for CI
diff --git a/charts/lagoon-docker-host/ci/linter-values.yaml b/charts/lagoon-docker-host/ci/linter-values.yaml
@@ -1,2 +1,22 @@
 storage:
   size: 50Gi
+networkPolicy:
+  # Specifies whether the docker-host network policy should be enabled
+  enabled: true
+  # Specify the policy to apply, useful to change who can access the docker-host
+  # This default policy just replicates the existing docker-host
+  policy:
+    - namespaceSelector:
+        matchExpressions:
+        - key: lagoon.sh/environment
+          operator: Exists
+      podSelector:
+        matchExpressions:
+        - key: lagoon.sh/buildName
+          operator: Exists
+    - podSelector:
+        matchExpressions:
+        - key: app.kubernetes.io/name
+          operator: In
+          values:
+            - lagoon-docker-host
diff --git a/charts/lagoon-remote/Chart.yaml b/charts/lagoon-remote/Chart.yaml
@@ -19,7 +19,7 @@ type: application
 # This is the chart version. This version number should be incremented each
 # time you make changes to the chart and its templates, including the app
 # version.
-version: 0.93.0
+version: 0.94.0
 
 dependencies:
 - name: lagoon-build-deploy
@@ -40,5 +40,10 @@ dependencies:
 # Valid supported kinds are added, changed, deprecated, removed, fixed and security
 annotations:
   artifacthub.io/changes: |
-    - kind: fixed
-      description: lagoon-remote-ssh-core scale permissions
+    - kind: changed
+      description: remove docker-host connection test in CI
+    - kind: changed
+      description: update insights-remote to v0.0.11
+      links:
+        - name: insights-remote v0.0.11 release
+          url: https://github.com/uselagoon/insights-remote/releases/tag/v0.0.11
diff --git a/charts/lagoon-remote/templates/tests/test-connection.yaml b/charts/lagoon-remote/templates/tests/test-connection.yaml
diff --git a/charts/lagoon-remote/values.yaml b/charts/lagoon-remote/values.yaml
@@ -219,7 +219,7 @@ insightsRemote:
     repository: uselagoon/insights-remote
     pullPolicy: Always
     # Overrides the image tag whose default is the chart appVersion.
-    tag: "v0.0.10"
+    tag: "v0.0.11"
 
   imagePullSecrets: []
   nameOverride: ""

diff --git a/charts/lagoon-test/Chart.yaml b/charts/lagoon-test/Chart.yaml
@@ -15,18 +15,18 @@ type: application
 # time you make changes to the chart and its templates, including the app
 # version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.59.0
+version: 0.60.0
 
 # This is the version number of the application being deployed. This version
 # number should be incremented each time you make changes to the application.
 # Versions are not expected to follow Semantic Versioning. They should reflect
 # the version the application is using.
-appVersion: v2.20.1
+appVersion: v2.21.0
 
 # This section is used to collect a changelog for artifacthub.io
 # It should be started afresh for each release
 # Valid supported kinds are added, changed, deprecated, removed, fixed and security
 annotations:
   artifacthub.io/changes: |
     - kind: changed
-      description: update Lagoon appVersion to v2.20.1
+      description: update Lagoon appVersion to v2.21.0