From e32d6e7795aeadd5f7970bd282ca003a91241359 Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Fri, 7 Oct 2022 17:13:57 +1100 Subject: [PATCH 001/167] appVersion: v2.10.0 (#494) --- .github/workflows/test-suite.yaml | 3 ++- charts/lagoon-core/Chart.yaml | 4 ++-- charts/lagoon-test/Chart.yaml | 4 ++-- 3 files changed, 6 insertions(+), 5 deletions(-) diff --git a/.github/workflows/test-suite.yaml b/.github/workflows/test-suite.yaml index a57dadd3..aad56d4c 100644 --- a/.github/workflows/test-suite.yaml +++ b/.github/workflows/test-suite.yaml @@ -145,7 +145,8 @@ jobs: if: | (steps.list-changed.outputs.changed == 'true') || (contains(github.event.pull_request.labels.*.name, 'needs-testing')) - run: make -j8 -O fill-test-ci-values TESTS=[${{ matrix.test }}] IMAGE_REGISTRY=testlagoon IMAGE_TAG=main + # run: make -j8 -O fill-test-ci-values TESTS=[${{ matrix.test }}] IMAGE_REGISTRY=testlagoon IMAGE_TAG=main + run: make -j8 -O fill-test-ci-values TESTS=[${{ matrix.test }}] - name: Free up some disk space if: | diff --git a/charts/lagoon-core/Chart.yaml b/charts/lagoon-core/Chart.yaml index aaa2e8a3..271a8899 100644 --- a/charts/lagoon-core/Chart.yaml +++ b/charts/lagoon-core/Chart.yaml @@ -21,13 +21,13 @@ type: application # time you make changes to the chart and its templates, including the app # version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 1.11.0 +version: 1.12.0 # This is the version number of the application being deployed. This version # number should be incremented each time you make changes to the application. # Versions are not expected to follow Semantic Versioning. They should reflect # the version the application is using. -appVersion: v2.9.2 +appVersion: v2.10.0 dependencies: - name: nats diff --git a/charts/lagoon-test/Chart.yaml b/charts/lagoon-test/Chart.yaml index c4280cd9..edc6aad0 100644 --- a/charts/lagoon-test/Chart.yaml +++ b/charts/lagoon-test/Chart.yaml @@ -11,6 +11,6 @@ kubeVersion: ">= 1.19.0-0" type: application -version: 0.39.0 +version: 0.40.0 -appVersion: v2.9.0 +appVersion: v2.10.0 From 299d1743d0b7cdbac22ea19a11d46c409a4ccc70 Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Mon, 10 Oct 2022 11:05:54 +1100 Subject: [PATCH 002/167] use uselagoon for logs2notifications (#495) --- charts/lagoon-core/Chart.yaml | 2 +- charts/lagoon-core/values.yaml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/lagoon-core/Chart.yaml b/charts/lagoon-core/Chart.yaml index 271a8899..7d7ba7cd 100644 --- a/charts/lagoon-core/Chart.yaml +++ b/charts/lagoon-core/Chart.yaml @@ -21,7 +21,7 @@ type: application # time you make changes to the chart and its templates, including the app # version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 1.12.0 +version: 1.12.1 # This is the version number of the application being deployed. This version # number should be incremented each time you make changes to the application. diff --git a/charts/lagoon-core/values.yaml b/charts/lagoon-core/values.yaml index c4a6c595..9868ef36 100644 --- a/charts/lagoon-core/values.yaml +++ b/charts/lagoon-core/values.yaml @@ -565,10 +565,10 @@ logs2notifications: enabled: true replicaCount: 2 image: - repository: testlagoon/logs2notifications + repository: uselagoon/logs2notifications pullPolicy: Always # Overrides the image tag whose default is the chart appVersion. - tag: "main" + tag: "" logs2slack: disabled: true From 50e35235ffcbe9033e658b5ab64e15455560e8fe Mon Sep 17 00:00:00 2001 From: Scott Leggett Date: Tue, 20 Sep 2022 19:56:09 +0800 Subject: [PATCH 003/167] feat: add lagoon-container-memory-limit argument to remote-controller --- charts/lagoon-build-deploy/templates/deployment.yaml | 4 ++++ charts/lagoon-build-deploy/values.yaml | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/charts/lagoon-build-deploy/templates/deployment.yaml b/charts/lagoon-build-deploy/templates/deployment.yaml index 8df2749d..c4030be8 100644 --- a/charts/lagoon-build-deploy/templates/deployment.yaml +++ b/charts/lagoon-build-deploy/templates/deployment.yaml @@ -214,6 +214,10 @@ spec: value: {{ . | quote }} {{- end }} {{- end }} + {{- with .Values.adminLagoonFeatureFlag.containerMemoryLimit }} + - name: ADMIN_LAGOON_FEATURE_FLAG_CONTAINER_MEMORY_LIMIT + value: {{ . | quote}} + {{- end }} - name: PENDING_MESSAGE_CRON value: {{ .Values.pendingMessageCron | quote }} - name: RABBITMQ_HOSTNAME diff --git a/charts/lagoon-build-deploy/values.yaml b/charts/lagoon-build-deploy/values.yaml index 9c56c746..13484ed8 100644 --- a/charts/lagoon-build-deploy/values.yaml +++ b/charts/lagoon-build-deploy/values.yaml @@ -79,6 +79,10 @@ extraEnvs: # the following values are defaults which may be overridden +adminLagoonFeatureFlag: + # Set the memory resource limit for containers deployed by Lagoon. + containerMemoryLimit: 16Gi + # rootlessBuildPods tells the build-deploy controller to create build pods # which do not run as root. See https://github.com/amazeeio/lagoon/pull/2481 # for details. From 1b74b7e81a061ea47506ee253821da680117e6b1 Mon Sep 17 00:00:00 2001 From: Scott Leggett Date: Tue, 18 Oct 2022 10:43:43 +1000 Subject: [PATCH 004/167] chore: bump lagoon-build-deploy chart version --- charts/lagoon-build-deploy/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/lagoon-build-deploy/Chart.yaml b/charts/lagoon-build-deploy/Chart.yaml index 24e541b0..49e684da 100644 --- a/charts/lagoon-build-deploy/Chart.yaml +++ b/charts/lagoon-build-deploy/Chart.yaml @@ -16,6 +16,6 @@ kubeVersion: ">= 1.19.0-0" type: application -version: 0.15.0 +version: 0.16.0 appVersion: v0.6.0 From 9564bb7ae235d153fd390ceade5ac1b6d694443b Mon Sep 17 00:00:00 2001 From: shreddedbacon Date: Tue, 25 Oct 2022 10:54:11 +1100 Subject: [PATCH 005/167] feat: add storage-calculator to remote --- charts/lagoon-remote/ci/linter-values.yaml | 5 ++ charts/lagoon-remote/templates/_helpers.tpl | 33 ++++++++ .../storage-calculator.clusterrole.yaml | 40 +++++++++ .../storage-calculator.deployment.yaml | 84 +++++++++++++++++++ .../storage-calculator.rolebinding.yaml | 15 ++++ .../templates/storage-calculator.secret.yaml | 10 +++ .../storage-calculator.serviceaccount.yaml | 6 ++ charts/lagoon-remote/values.yaml | 22 +++++ 8 files changed, 215 insertions(+) create mode 100644 charts/lagoon-remote/templates/storage-calculator.clusterrole.yaml create mode 100644 charts/lagoon-remote/templates/storage-calculator.deployment.yaml create mode 100644 charts/lagoon-remote/templates/storage-calculator.rolebinding.yaml create mode 100644 charts/lagoon-remote/templates/storage-calculator.secret.yaml create mode 100644 charts/lagoon-remote/templates/storage-calculator.serviceaccount.yaml diff --git a/charts/lagoon-remote/ci/linter-values.yaml b/charts/lagoon-remote/ci/linter-values.yaml index 29b31bb1..07a82900 100644 --- a/charts/lagoon-remote/ci/linter-values.yaml +++ b/charts/lagoon-remote/ci/linter-values.yaml @@ -92,3 +92,8 @@ sshPortal: AAAECW61aE011GKLSFBJ82G6oGEOjJSUV3STx16veSvX38kD9iqXNt1OpHncEdwOG8/QRV 6lnrpkhPYdpdKnF3PCEyAAAAAAECAwQF -----END OPENSSH PRIVATE KEY----- + +storageCalculator: + rabbitMQUsername: lagoon + rabbitMQPassword: ci + rabbitMQHostname: lagoon-core-broker \ No newline at end of file diff --git a/charts/lagoon-remote/templates/_helpers.tpl b/charts/lagoon-remote/templates/_helpers.tpl index 2597b3f1..ef1a2a61 100644 --- a/charts/lagoon-remote/templates/_helpers.tpl +++ b/charts/lagoon-remote/templates/_helpers.tpl @@ -83,7 +83,40 @@ app.kubernetes.io/component: {{ include "lagoon-remote.dockerHost.fullname" . }} app.kubernetes.io/instance: {{ .Release.Name }} {{- end }} +{{/* +Create the name of the service account to use for storageCalculator. +*/}} +{{- define "lagoon-remote.storageCalculator.serviceAccountName" -}} +{{- default (include "lagoon-remote.storageCalculator.fullname" .) .Values.storageCalculator.serviceAccount.name }} +{{- end }} +{{/* +Create a default fully qualified app name for storageCalculator. +*/}} +{{- define "lagoon-remote.storageCalculator.fullname" -}} +{{- include "lagoon-remote.fullname" . }}-storageCalculator +{{- end }} + +{{/* +Common labels storageCalculator. +*/}} +{{- define "lagoon-remote.storageCalculator.labels" -}} +helm.sh/chart: {{ include "lagoon-remote.chart" . }} +{{ include "lagoon-remote.storageCalculator.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels storageCalculator. +*/}} +{{- define "lagoon-remote.storageCalculator.selectorLabels" -}} +app.kubernetes.io/name: {{ include "lagoon-remote.name" . }} +app.kubernetes.io/component: {{ include "lagoon-remote.storageCalculator.fullname" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} {{/* Create the name of the service account to use for kubernetesBuildDeploy. diff --git a/charts/lagoon-remote/templates/storage-calculator.clusterrole.yaml b/charts/lagoon-remote/templates/storage-calculator.clusterrole.yaml new file mode 100644 index 00000000..e7e63277 --- /dev/null +++ b/charts/lagoon-remote/templates/storage-calculator.clusterrole.yaml @@ -0,0 +1,40 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "lagoon-remote.storageCalculator.fullname" . }} + labels: + {{- include "lagoon-remote.storageCalculator.labels" . | nindent 4 }} +rules: +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - pods + verbs: + - create + - get + - list + - update + - watch +- apiGroups: + - "" + resources: + - pods/exec + verbs: + - create +- apiGroups: + - "" + resources: + - pods/log + verbs: + - get + - list + + diff --git a/charts/lagoon-remote/templates/storage-calculator.deployment.yaml b/charts/lagoon-remote/templates/storage-calculator.deployment.yaml new file mode 100644 index 00000000..7cd6fa01 --- /dev/null +++ b/charts/lagoon-remote/templates/storage-calculator.deployment.yaml @@ -0,0 +1,84 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "lagoon-remote.storageCalculator.fullname" . }} + labels: + {{- include "lagoon-remote.storageCalculator.labels" . | nindent 4 }} +spec: + selector: + matchLabels: + {{- include "lagoon-remote.storageCalculator.selectorLabels" . | nindent 6 }} + template: + metadata: + annotations: + checksum/secret: {{ include (print $.Template.BasePath "/storage-calculator.secret.yaml") . | sha256sum }} + labels: + {{- include "lagoon-remote.storageCalculator.selectorLabels" . | nindent 8 }} + spec: + {{- with .Values.storageCalculator.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "lagoon-remote.storageCalculator.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.storageCalculator.podSecurityContext | nindent 8 }} + containers: + - name: kube-rbac-proxy + securityContext: + {{- toYaml .Values.storageCalculator.kubeRBACProxy.securityContext | nindent 10 }} + image: "{{ .Values.storageCalculator.kubeRBACProxy.image.repository }}:{{ .Values.storageCalculator.kubeRBACProxy.image.tag }}" + imagePullPolicy: {{ .Values.storageCalculator.kubeRBACProxy.image.pullPolicy }} + args: + - "--secure-listen-address=0.0.0.0:8443" + - "--upstream=http://127.0.0.1:8080/" + - "--logtostderr=true" + - "--v=10" + ports: + - containerPort: 8443 + name: https + resources: + {{- toYaml .Values.storageCalculator.kubeRBACProxy.resources | nindent 10 }} + - name: manager + securityContext: + {{- toYaml .Values.storageCalculator.securityContext | nindent 10 }} + image: "{{ .Values.storageCalculator.image.repository }}:{{ .Values.storageCalculator.image.tag | default .Chart.AppVersion}}" + imagePullPolicy: {{ .Values.storageCalculator.image.pullPolicy }} + command: + - /manager + args: + - "--metrics-addr=127.0.0.1:8080" + - "--enable-leader-election" + {{- with .Values.storageCalculator.extraArgs }} + {{- toYaml . | nindent 8 }} + {{- end }} + env: + {{- range $name, $value := .Values.storageCalculator.extraEnvs }} + - name: {{ .name }} + value: {{ .value | quote }} + {{- end }} + - name: RABBITMQ_HOSTNAME + value: {{ required "A valid .Values.storageCalculator.rabbitMQHostname required!" .Values.storageCalculator.rabbitMQHostname | quote }} + - name: RABBITMQ_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "lagoon-remote.storageCalculator.fullname" . }} + key: RABBITMQ_PASSWORD + - name: RABBITMQ_USERNAME + valueFrom: + secretKeyRef: + name: {{ include "lagoon-remote.storageCalculator.fullname" . }} + key: RABBITMQ_USERNAME + resources: + {{- toYaml .Values.storageCalculator.resources | nindent 10 }} + {{- with .Values.storageCalculator.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.storageCalculator.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.storageCalculator.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/charts/lagoon-remote/templates/storage-calculator.rolebinding.yaml b/charts/lagoon-remote/templates/storage-calculator.rolebinding.yaml new file mode 100644 index 00000000..19791357 --- /dev/null +++ b/charts/lagoon-remote/templates/storage-calculator.rolebinding.yaml @@ -0,0 +1,15 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "lagoon-remote.storageCalculator.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "lagoon-remote.storageCalculator.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "lagoon-remote.storageCalculator.fullname" . }} +subjects: +- kind: ServiceAccount + name: {{ include "lagoon-remote.storageCalculator.serviceAccountName" . }} + namespace: {{ .Release.Namespace | quote }} diff --git a/charts/lagoon-remote/templates/storage-calculator.secret.yaml b/charts/lagoon-remote/templates/storage-calculator.secret.yaml new file mode 100644 index 00000000..82293a9f --- /dev/null +++ b/charts/lagoon-remote/templates/storage-calculator.secret.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: Secret +type: Opaque +metadata: + name: {{ include "lagoon-remote.storageCalculator.fullname" . }} + labels: + {{- include "lagoon-remote.storageCalculator.labels" . | nindent 4 }} +stringData: + RABBITMQ_PASSWORD: {{ required "A valid .Values.storageCalculator.rabbitMQPassword required!" .Values.storageCalculator.rabbitMQPassword | quote }} + RABBITMQ_USERNAME: {{ required "A valid .Values.storageCalculator.rabbitMQUsername required!" .Values.storageCalculator.rabbitMQUsername | quote }} diff --git a/charts/lagoon-remote/templates/storage-calculator.serviceaccount.yaml b/charts/lagoon-remote/templates/storage-calculator.serviceaccount.yaml new file mode 100644 index 00000000..eb05b528 --- /dev/null +++ b/charts/lagoon-remote/templates/storage-calculator.serviceaccount.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "lagoon-remote.storageCalculator.serviceAccountName" . }} + labels: + {{- include "lagoon-remote.storageCalculator.labels" . | nindent 4 }} diff --git a/charts/lagoon-remote/values.yaml b/charts/lagoon-remote/values.yaml index f91ee04b..b81fea60 100644 --- a/charts/lagoon-remote/values.yaml +++ b/charts/lagoon-remote/values.yaml @@ -250,3 +250,25 @@ natsConfig: # be named lagoon-remote-nats-tls. This secret should contain fields # tls.crt and tls.key, and the certificate should be issued by a public # authority. + +storageCalculator: + serviceAccount: + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname + # template + name: + rabbitMQHostname: "" + rabbitMQPassword: "" + rabbitMQUsername: "" + + image: + repository: uselagoon/remote-calculator + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: "main" + # this is a sidecar in the same pod as the storageCalculator container + kubeRBACProxy: + image: + repository: gcr.io/kubebuilder/kube-rbac-proxy + pullPolicy: IfNotPresent + tag: v0.4.1 From e9e3a9bae82edd06a6f2e38319c00158fb2d2435 Mon Sep 17 00:00:00 2001 From: shreddedbacon Date: Tue, 25 Oct 2022 12:32:09 +1100 Subject: [PATCH 006/167] chore: add enabled conditional --- charts/lagoon-remote/ci/linter-values.yaml | 1 + .../lagoon-remote/templates/storage-calculator.clusterrole.yaml | 2 ++ .../lagoon-remote/templates/storage-calculator.deployment.yaml | 2 ++ .../lagoon-remote/templates/storage-calculator.rolebinding.yaml | 2 ++ charts/lagoon-remote/templates/storage-calculator.secret.yaml | 2 ++ .../templates/storage-calculator.serviceaccount.yaml | 2 ++ charts/lagoon-remote/values.yaml | 1 + 7 files changed, 12 insertions(+) diff --git a/charts/lagoon-remote/ci/linter-values.yaml b/charts/lagoon-remote/ci/linter-values.yaml index 07a82900..04f93131 100644 --- a/charts/lagoon-remote/ci/linter-values.yaml +++ b/charts/lagoon-remote/ci/linter-values.yaml @@ -94,6 +94,7 @@ sshPortal: -----END OPENSSH PRIVATE KEY----- storageCalculator: + enabled: true rabbitMQUsername: lagoon rabbitMQPassword: ci rabbitMQHostname: lagoon-core-broker \ No newline at end of file diff --git a/charts/lagoon-remote/templates/storage-calculator.clusterrole.yaml b/charts/lagoon-remote/templates/storage-calculator.clusterrole.yaml index e7e63277..c75fd628 100644 --- a/charts/lagoon-remote/templates/storage-calculator.clusterrole.yaml +++ b/charts/lagoon-remote/templates/storage-calculator.clusterrole.yaml @@ -1,3 +1,4 @@ +{{- if .Values.storageCalculator.enabled -}} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -36,5 +37,6 @@ rules: verbs: - get - list +{{- end }} diff --git a/charts/lagoon-remote/templates/storage-calculator.deployment.yaml b/charts/lagoon-remote/templates/storage-calculator.deployment.yaml index 7cd6fa01..bba5a5e7 100644 --- a/charts/lagoon-remote/templates/storage-calculator.deployment.yaml +++ b/charts/lagoon-remote/templates/storage-calculator.deployment.yaml @@ -1,3 +1,4 @@ +{{- if .Values.storageCalculator.enabled -}} apiVersion: apps/v1 kind: Deployment metadata: @@ -82,3 +83,4 @@ spec: tolerations: {{- toYaml . | nindent 8 }} {{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/lagoon-remote/templates/storage-calculator.rolebinding.yaml b/charts/lagoon-remote/templates/storage-calculator.rolebinding.yaml index 19791357..a7bd0ad0 100644 --- a/charts/lagoon-remote/templates/storage-calculator.rolebinding.yaml +++ b/charts/lagoon-remote/templates/storage-calculator.rolebinding.yaml @@ -1,3 +1,4 @@ +{{- if .Values.storageCalculator.enabled -}} apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: @@ -13,3 +14,4 @@ subjects: - kind: ServiceAccount name: {{ include "lagoon-remote.storageCalculator.serviceAccountName" . }} namespace: {{ .Release.Namespace | quote }} +{{- end }} \ No newline at end of file diff --git a/charts/lagoon-remote/templates/storage-calculator.secret.yaml b/charts/lagoon-remote/templates/storage-calculator.secret.yaml index 82293a9f..444061fe 100644 --- a/charts/lagoon-remote/templates/storage-calculator.secret.yaml +++ b/charts/lagoon-remote/templates/storage-calculator.secret.yaml @@ -1,3 +1,4 @@ +{{- if .Values.storageCalculator.enabled -}} apiVersion: v1 kind: Secret type: Opaque @@ -8,3 +9,4 @@ metadata: stringData: RABBITMQ_PASSWORD: {{ required "A valid .Values.storageCalculator.rabbitMQPassword required!" .Values.storageCalculator.rabbitMQPassword | quote }} RABBITMQ_USERNAME: {{ required "A valid .Values.storageCalculator.rabbitMQUsername required!" .Values.storageCalculator.rabbitMQUsername | quote }} +{{- end }} \ No newline at end of file diff --git a/charts/lagoon-remote/templates/storage-calculator.serviceaccount.yaml b/charts/lagoon-remote/templates/storage-calculator.serviceaccount.yaml index eb05b528..67241e57 100644 --- a/charts/lagoon-remote/templates/storage-calculator.serviceaccount.yaml +++ b/charts/lagoon-remote/templates/storage-calculator.serviceaccount.yaml @@ -1,6 +1,8 @@ +{{- if .Values.storageCalculator.enabled -}} apiVersion: v1 kind: ServiceAccount metadata: name: {{ include "lagoon-remote.storageCalculator.serviceAccountName" . }} labels: {{- include "lagoon-remote.storageCalculator.labels" . | nindent 4 }} +{{- end }} \ No newline at end of file diff --git a/charts/lagoon-remote/values.yaml b/charts/lagoon-remote/values.yaml index b81fea60..b9bd087e 100644 --- a/charts/lagoon-remote/values.yaml +++ b/charts/lagoon-remote/values.yaml @@ -252,6 +252,7 @@ natsConfig: # authority. storageCalculator: + enabled: false serviceAccount: # The name of the service account to use. # If not set and create is true, a name is generated using the fullname From e54c003ed4ab764ca06703486038da17942b053d Mon Sep 17 00:00:00 2001 From: shreddedbacon Date: Tue, 25 Oct 2022 12:39:03 +1100 Subject: [PATCH 007/167] chore: bump remote version --- charts/lagoon-remote/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/lagoon-remote/Chart.yaml b/charts/lagoon-remote/Chart.yaml index 21a05c8a..0f279121 100644 --- a/charts/lagoon-remote/Chart.yaml +++ b/charts/lagoon-remote/Chart.yaml @@ -19,7 +19,7 @@ type: application # This is the chart version. This version number should be incremented each # time you make changes to the chart and its templates, including the app # version. -version: 0.63.0 +version: 0.64.0 dependencies: - name: lagoon-build-deploy From 13096cfea67b9c1799c41b92987a5ca3394f1d73 Mon Sep 17 00:00:00 2001 From: shreddedbacon Date: Tue, 25 Oct 2022 12:40:38 +1100 Subject: [PATCH 008/167] chore: linting fixes --- charts/lagoon-remote/ci/linter-values.yaml | 2 +- charts/lagoon-remote/templates/_helpers.tpl | 2 +- charts/lagoon-remote/values.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/lagoon-remote/ci/linter-values.yaml b/charts/lagoon-remote/ci/linter-values.yaml index 04f93131..d0e5f791 100644 --- a/charts/lagoon-remote/ci/linter-values.yaml +++ b/charts/lagoon-remote/ci/linter-values.yaml @@ -97,4 +97,4 @@ storageCalculator: enabled: true rabbitMQUsername: lagoon rabbitMQPassword: ci - rabbitMQHostname: lagoon-core-broker \ No newline at end of file + rabbitMQHostname: lagoon-core-broker diff --git a/charts/lagoon-remote/templates/_helpers.tpl b/charts/lagoon-remote/templates/_helpers.tpl index ef1a2a61..9b18f65f 100644 --- a/charts/lagoon-remote/templates/_helpers.tpl +++ b/charts/lagoon-remote/templates/_helpers.tpl @@ -94,7 +94,7 @@ Create the name of the service account to use for storageCalculator. Create a default fully qualified app name for storageCalculator. */}} {{- define "lagoon-remote.storageCalculator.fullname" -}} -{{- include "lagoon-remote.fullname" . }}-storageCalculator +{{- include "lagoon-remote.fullname" . }}-storage-calculator {{- end }} {{/* diff --git a/charts/lagoon-remote/values.yaml b/charts/lagoon-remote/values.yaml index b9bd087e..1a8a2036 100644 --- a/charts/lagoon-remote/values.yaml +++ b/charts/lagoon-remote/values.yaml @@ -257,7 +257,7 @@ storageCalculator: # The name of the service account to use. # If not set and create is true, a name is generated using the fullname # template - name: + name: rabbitMQHostname: "" rabbitMQPassword: "" rabbitMQUsername: "" From 7ef9ce7b323fa337f20fe02970f94816945157be Mon Sep 17 00:00:00 2001 From: shreddedbacon Date: Tue, 25 Oct 2022 14:21:07 +1100 Subject: [PATCH 009/167] chore: update flags for storage-calculator --- .../templates/storage-calculator.deployment.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/lagoon-remote/templates/storage-calculator.deployment.yaml b/charts/lagoon-remote/templates/storage-calculator.deployment.yaml index bba5a5e7..d391ae8d 100644 --- a/charts/lagoon-remote/templates/storage-calculator.deployment.yaml +++ b/charts/lagoon-remote/templates/storage-calculator.deployment.yaml @@ -47,8 +47,8 @@ spec: command: - /manager args: - - "--metrics-addr=127.0.0.1:8080" - - "--enable-leader-election" + - "--metrics-bind-address=127.0.0.1:8080" + - "--leader-elect" {{- with .Values.storageCalculator.extraArgs }} {{- toYaml . | nindent 8 }} {{- end }} From da77942af3ddf240f255bf25049c7676ca2b4df8 Mon Sep 17 00:00:00 2001 From: shreddedbacon Date: Tue, 25 Oct 2022 16:46:03 +1100 Subject: [PATCH 010/167] chore: bump to use v0.1.0 tag remote-calcualtor image --- charts/lagoon-remote/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/lagoon-remote/values.yaml b/charts/lagoon-remote/values.yaml index 1a8a2036..42082b3d 100644 --- a/charts/lagoon-remote/values.yaml +++ b/charts/lagoon-remote/values.yaml @@ -266,7 +266,7 @@ storageCalculator: repository: uselagoon/remote-calculator pullPolicy: IfNotPresent # Overrides the image tag whose default is the chart appVersion. - tag: "main" + tag: v0.1.0 # this is a sidecar in the same pod as the storageCalculator container kubeRBACProxy: image: From 01dab1fd603153c85c8aec2f17e8fc05c2932063 Mon Sep 17 00:00:00 2001 From: shreddedbacon Date: Tue, 25 Oct 2022 17:19:34 +1100 Subject: [PATCH 011/167] chore: disable leader-election for one pod --- .../lagoon-remote/templates/storage-calculator.deployment.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/charts/lagoon-remote/templates/storage-calculator.deployment.yaml b/charts/lagoon-remote/templates/storage-calculator.deployment.yaml index d391ae8d..d95a74a6 100644 --- a/charts/lagoon-remote/templates/storage-calculator.deployment.yaml +++ b/charts/lagoon-remote/templates/storage-calculator.deployment.yaml @@ -48,7 +48,6 @@ spec: - /manager args: - "--metrics-bind-address=127.0.0.1:8080" - - "--leader-elect" {{- with .Values.storageCalculator.extraArgs }} {{- toYaml . | nindent 8 }} {{- end }} From 4f8ef71c49204566f7984c3a94e36551cf82d0c4 Mon Sep 17 00:00:00 2001 From: shreddedbacon Date: Tue, 25 Oct 2022 17:26:51 +1100 Subject: [PATCH 012/167] chore: add configuration options --- .../templates/storage-calculator.deployment.yaml | 8 ++++++++ charts/lagoon-remote/values.yaml | 2 ++ 2 files changed, 10 insertions(+) diff --git a/charts/lagoon-remote/templates/storage-calculator.deployment.yaml b/charts/lagoon-remote/templates/storage-calculator.deployment.yaml index d95a74a6..7a3f84fa 100644 --- a/charts/lagoon-remote/templates/storage-calculator.deployment.yaml +++ b/charts/lagoon-remote/templates/storage-calculator.deployment.yaml @@ -56,6 +56,14 @@ spec: - name: {{ .name }} value: {{ .value | quote }} {{- end }} + {{- with .Values.storageCalculator.cronjob }} + - name: CALCULATOR_CRON + value: {{ . | quote }} + {{- end }} + {{- with .Values.storageCalculator.ignoreRegex }} + - name: LAGOON_STORAGE_IGNORE_REGEX + value: {{ . | quote }} + {{- end }} - name: RABBITMQ_HOSTNAME value: {{ required "A valid .Values.storageCalculator.rabbitMQHostname required!" .Values.storageCalculator.rabbitMQHostname | quote }} - name: RABBITMQ_PASSWORD diff --git a/charts/lagoon-remote/values.yaml b/charts/lagoon-remote/values.yaml index 42082b3d..c0471f2d 100644 --- a/charts/lagoon-remote/values.yaml +++ b/charts/lagoon-remote/values.yaml @@ -253,6 +253,8 @@ natsConfig: storageCalculator: enabled: false + #cronjob: 5 */12 * * * + #ignoreRegex: "solr|redis" serviceAccount: # The name of the service account to use. # If not set and create is true, a name is generated using the fullname From 594f8943515b9934f8ce0e82c5098f99b520c33d Mon Sep 17 00:00:00 2001 From: shreddedbacon Date: Tue, 25 Oct 2022 17:51:21 +1100 Subject: [PATCH 013/167] chore: fix up rbac --- .../templates/storage-calculator.clusterrole.yaml | 12 ++++++++++-- .../templates/storage-calculator.rolebinding.yaml | 3 +-- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/charts/lagoon-remote/templates/storage-calculator.clusterrole.yaml b/charts/lagoon-remote/templates/storage-calculator.clusterrole.yaml index c75fd628..d557e978 100644 --- a/charts/lagoon-remote/templates/storage-calculator.clusterrole.yaml +++ b/charts/lagoon-remote/templates/storage-calculator.clusterrole.yaml @@ -13,6 +13,15 @@ rules: verbs: - get - list + - update + - watch +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - get + - list - watch - apiGroups: - "" @@ -20,6 +29,7 @@ rules: - pods verbs: - create + - delete - get - list - update @@ -38,5 +48,3 @@ rules: - get - list {{- end }} - - diff --git a/charts/lagoon-remote/templates/storage-calculator.rolebinding.yaml b/charts/lagoon-remote/templates/storage-calculator.rolebinding.yaml index a7bd0ad0..0ea9f30e 100644 --- a/charts/lagoon-remote/templates/storage-calculator.rolebinding.yaml +++ b/charts/lagoon-remote/templates/storage-calculator.rolebinding.yaml @@ -1,9 +1,8 @@ {{- if .Values.storageCalculator.enabled -}} apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: name: {{ include "lagoon-remote.storageCalculator.fullname" . }} - namespace: {{ .Release.Namespace | quote }} labels: {{- include "lagoon-remote.storageCalculator.labels" . | nindent 4 }} roleRef: From 5ac653138a7bdea8bd5ef294d5fa781f0139149c Mon Sep 17 00:00:00 2001 From: shreddedbacon Date: Wed, 26 Oct 2022 08:22:08 +1100 Subject: [PATCH 014/167] chore: linting fixes --- charts/lagoon-remote/values.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/lagoon-remote/values.yaml b/charts/lagoon-remote/values.yaml index c0471f2d..56480ec6 100644 --- a/charts/lagoon-remote/values.yaml +++ b/charts/lagoon-remote/values.yaml @@ -253,8 +253,8 @@ natsConfig: storageCalculator: enabled: false - #cronjob: 5 */12 * * * - #ignoreRegex: "solr|redis" + # cronjob: 5 */12 * * * + # ignoreRegex: "solr|redis" serviceAccount: # The name of the service account to use. # If not set and create is true, a name is generated using the fullname From 290a38a3a1b13e5efd59388916f0d05ec47d28df Mon Sep 17 00:00:00 2001 From: shreddedbacon Date: Wed, 26 Oct 2022 08:28:17 +1100 Subject: [PATCH 015/167] chore: fix rbac --- .../lagoon-remote/templates/storage-calculator.clusterrole.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/charts/lagoon-remote/templates/storage-calculator.clusterrole.yaml b/charts/lagoon-remote/templates/storage-calculator.clusterrole.yaml index d557e978..ae483899 100644 --- a/charts/lagoon-remote/templates/storage-calculator.clusterrole.yaml +++ b/charts/lagoon-remote/templates/storage-calculator.clusterrole.yaml @@ -13,6 +13,7 @@ rules: verbs: - get - list + - patch - update - watch - apiGroups: From 12363db0dababd037531ae6d15bfadf233772bbb Mon Sep 17 00:00:00 2001 From: shreddedbacon Date: Thu, 27 Oct 2022 09:21:04 +1100 Subject: [PATCH 016/167] chore: remove rbac sidecar(not req) and bump to v0.2.0 storage-calculator --- .../templates/storage-calculator.deployment.yaml | 15 --------------- charts/lagoon-remote/values.yaml | 8 +------- 2 files changed, 1 insertion(+), 22 deletions(-) diff --git a/charts/lagoon-remote/templates/storage-calculator.deployment.yaml b/charts/lagoon-remote/templates/storage-calculator.deployment.yaml index 7a3f84fa..8326a84a 100644 --- a/charts/lagoon-remote/templates/storage-calculator.deployment.yaml +++ b/charts/lagoon-remote/templates/storage-calculator.deployment.yaml @@ -24,21 +24,6 @@ spec: securityContext: {{- toYaml .Values.storageCalculator.podSecurityContext | nindent 8 }} containers: - - name: kube-rbac-proxy - securityContext: - {{- toYaml .Values.storageCalculator.kubeRBACProxy.securityContext | nindent 10 }} - image: "{{ .Values.storageCalculator.kubeRBACProxy.image.repository }}:{{ .Values.storageCalculator.kubeRBACProxy.image.tag }}" - imagePullPolicy: {{ .Values.storageCalculator.kubeRBACProxy.image.pullPolicy }} - args: - - "--secure-listen-address=0.0.0.0:8443" - - "--upstream=http://127.0.0.1:8080/" - - "--logtostderr=true" - - "--v=10" - ports: - - containerPort: 8443 - name: https - resources: - {{- toYaml .Values.storageCalculator.kubeRBACProxy.resources | nindent 10 }} - name: manager securityContext: {{- toYaml .Values.storageCalculator.securityContext | nindent 10 }} diff --git a/charts/lagoon-remote/values.yaml b/charts/lagoon-remote/values.yaml index 56480ec6..5e219cee 100644 --- a/charts/lagoon-remote/values.yaml +++ b/charts/lagoon-remote/values.yaml @@ -268,10 +268,4 @@ storageCalculator: repository: uselagoon/remote-calculator pullPolicy: IfNotPresent # Overrides the image tag whose default is the chart appVersion. - tag: v0.1.0 - # this is a sidecar in the same pod as the storageCalculator container - kubeRBACProxy: - image: - repository: gcr.io/kubebuilder/kube-rbac-proxy - pullPolicy: IfNotPresent - tag: v0.4.1 + tag: v0.2.0 \ No newline at end of file From 5e2e48afd2854632bf910d43a0a1bf70f8526a61 Mon Sep 17 00:00:00 2001 From: shreddedbacon Date: Thu, 27 Oct 2022 09:52:21 +1100 Subject: [PATCH 017/167] chore: bump storage-calculator version --- charts/lagoon-remote/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/lagoon-remote/values.yaml b/charts/lagoon-remote/values.yaml index 5e219cee..3ea98bb7 100644 --- a/charts/lagoon-remote/values.yaml +++ b/charts/lagoon-remote/values.yaml @@ -268,4 +268,4 @@ storageCalculator: repository: uselagoon/remote-calculator pullPolicy: IfNotPresent # Overrides the image tag whose default is the chart appVersion. - tag: v0.2.0 \ No newline at end of file + tag: v0.2.1 From f7be658e83660ce8d0e97cc04819c6e0904a9490 Mon Sep 17 00:00:00 2001 From: shreddedbacon Date: Thu, 27 Oct 2022 13:05:37 +1100 Subject: [PATCH 018/167] chore: add artifacthub change annotation --- charts/lagoon-remote/Chart.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/charts/lagoon-remote/Chart.yaml b/charts/lagoon-remote/Chart.yaml index 0f279121..983d2ccf 100644 --- a/charts/lagoon-remote/Chart.yaml +++ b/charts/lagoon-remote/Chart.yaml @@ -42,3 +42,8 @@ dependencies: version: ~0.18.0 repository: https://nats-io.github.io/k8s/helm/charts/ condition: nats.enabled + +annotations: + artifacthub.io/changes: | + - kind: added + description: Support for storage-calculator, disabled by default From 2ac6658a796a79096b1b6fea515071d99d4f3ba2 Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Thu, 27 Oct 2022 17:06:52 +1100 Subject: [PATCH 019/167] Added README.md to insights-remote --- charts/lagoon-insights-remote/Chart.yaml | 7 ++++++- charts/lagoon-insights-remote/README.md | 5 +++++ 2 files changed, 11 insertions(+), 1 deletion(-) create mode 100644 charts/lagoon-insights-remote/README.md diff --git a/charts/lagoon-insights-remote/Chart.yaml b/charts/lagoon-insights-remote/Chart.yaml index 23610c04..a613029a 100644 --- a/charts/lagoon-insights-remote/Chart.yaml +++ b/charts/lagoon-insights-remote/Chart.yaml @@ -22,10 +22,15 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.2.0 +version: 0.2.1 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. appVersion: v0.0.3 + +annotations: + artifacthub.io/changes: | + - kind: added + description: Added README.md to explain purpose \ No newline at end of file diff --git a/charts/lagoon-insights-remote/README.md b/charts/lagoon-insights-remote/README.md new file mode 100644 index 00000000..ec37a821 --- /dev/null +++ b/charts/lagoon-insights-remote/README.md @@ -0,0 +1,5 @@ +# Lagoon Insights Remote + +This chart is currently consumed as a sub-chart of Lagoon Remote, but the service will instead be added as an optional in a coming release. + +Only install this chart as a sub-chart of Lagoon-Remote, it serves no functionality without it, and will be deprecated once the service is included. \ No newline at end of file From a5baf74ec4382d589fe139ae667ca706ab0fced2 Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Thu, 27 Oct 2022 17:08:41 +1100 Subject: [PATCH 020/167] add newline --- charts/lagoon-insights-remote/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/lagoon-insights-remote/Chart.yaml b/charts/lagoon-insights-remote/Chart.yaml index a613029a..923f642d 100644 --- a/charts/lagoon-insights-remote/Chart.yaml +++ b/charts/lagoon-insights-remote/Chart.yaml @@ -33,4 +33,4 @@ appVersion: v0.0.3 annotations: artifacthub.io/changes: | - kind: added - description: Added README.md to explain purpose \ No newline at end of file + description: Added README.md to explain purpose From d4465d481a38f75eaa80a88815935a5af0ff2142 Mon Sep 17 00:00:00 2001 From: Scott Leggett Date: Tue, 1 Nov 2022 21:06:08 +0800 Subject: [PATCH 021/167] chore: use the new syntax for output variables in github actions https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/ --- .github/workflows/lint-test-matrix.yaml | 2 +- .github/workflows/lint-test.yaml | 2 +- .github/workflows/test-suite.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/lint-test-matrix.yaml b/.github/workflows/lint-test-matrix.yaml index ad653633..2f886154 100644 --- a/.github/workflows/lint-test-matrix.yaml +++ b/.github/workflows/lint-test-matrix.yaml @@ -31,7 +31,7 @@ jobs: run: | changed=$(ct list-changed --config ./default.ct.yaml) if [[ "$changed" ]]; then - echo "::set-output name=changed::true" + echo "changed=true" >> $GITHUB_OUTPUT echo "$changed" fi diff --git a/.github/workflows/lint-test.yaml b/.github/workflows/lint-test.yaml index b5108a36..914c720c 100644 --- a/.github/workflows/lint-test.yaml +++ b/.github/workflows/lint-test.yaml @@ -83,7 +83,7 @@ jobs: run: | changed=$(ct list-changed --config ./default.ct.yaml) if [[ "$changed" ]]; then - echo "::set-output name=changed::true" + echo "changed=true" >> $GITHUB_OUTPUT echo "$changed" fi diff --git a/.github/workflows/test-suite.yaml b/.github/workflows/test-suite.yaml index aad56d4c..cf1bd7b5 100644 --- a/.github/workflows/test-suite.yaml +++ b/.github/workflows/test-suite.yaml @@ -57,7 +57,7 @@ jobs: run: | changed=$(ct list-changed --config ./test-suite-lint.ct.yaml) if [[ "$changed" ]]; then - echo "::set-output name=changed::true" + echo "changed=true" >> $GITHUB_OUTPUT echo "$changed" fi From 64ea95573d38851f6900f758253b62755d0fe66a Mon Sep 17 00:00:00 2001 From: Scott Leggett Date: Thu, 3 Nov 2022 13:59:23 +0800 Subject: [PATCH 022/167] feat: bump ssh-portal-api version in lagoon-core chart --- charts/lagoon-core/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/lagoon-core/values.yaml b/charts/lagoon-core/values.yaml index 9868ef36..858460a8 100644 --- a/charts/lagoon-core/values.yaml +++ b/charts/lagoon-core/values.yaml @@ -791,7 +791,7 @@ sshPortalAPI: repository: ghcr.io/uselagoon/lagoon-ssh-portal/ssh-portal-api pullPolicy: Always # Overrides the image tag whose default is the chart appVersion. - tag: "v0.20.1" + tag: "v0.22.0" podAnnotations: {} From 3663a625d152624db70d5efbc37c3027ccf6c732 Mon Sep 17 00:00:00 2001 From: Scott Leggett Date: Thu, 3 Nov 2022 13:59:55 +0800 Subject: [PATCH 023/167] feat: bump ssh-portal version in lagoon-remote chart --- charts/lagoon-remote/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/lagoon-remote/values.yaml b/charts/lagoon-remote/values.yaml index 3ea98bb7..a7f3780d 100644 --- a/charts/lagoon-remote/values.yaml +++ b/charts/lagoon-remote/values.yaml @@ -119,7 +119,7 @@ sshPortal: repository: ghcr.io/uselagoon/lagoon-ssh-portal/ssh-portal pullPolicy: Always # Overrides the image tag whose default is the chart appVersion. - tag: "v0.20.1" + tag: "v0.22.0" service: type: LoadBalancer From 4109d60ba1d584080df855154875bd0963efc2dc Mon Sep 17 00:00:00 2001 From: Scott Leggett Date: Thu, 3 Nov 2022 14:05:43 +0800 Subject: [PATCH 024/167] chore: bump lagoon-core chart version --- charts/lagoon-core/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/lagoon-core/Chart.yaml b/charts/lagoon-core/Chart.yaml index 7d7ba7cd..6785d67b 100644 --- a/charts/lagoon-core/Chart.yaml +++ b/charts/lagoon-core/Chart.yaml @@ -21,7 +21,7 @@ type: application # time you make changes to the chart and its templates, including the app # version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 1.12.1 +version: 1.13.0 # This is the version number of the application being deployed. This version # number should be incremented each time you make changes to the application. From 6906651284f24e9776df2739d47818f3e2ff2645 Mon Sep 17 00:00:00 2001 From: Scott Leggett Date: Thu, 3 Nov 2022 14:05:52 +0800 Subject: [PATCH 025/167] chore: bump lagoon-remote chart version --- charts/lagoon-remote/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/lagoon-remote/Chart.yaml b/charts/lagoon-remote/Chart.yaml index 983d2ccf..39c4a583 100644 --- a/charts/lagoon-remote/Chart.yaml +++ b/charts/lagoon-remote/Chart.yaml @@ -19,7 +19,7 @@ type: application # This is the chart version. This version number should be incremented each # time you make changes to the chart and its templates, including the app # version. -version: 0.64.0 +version: 0.65.0 dependencies: - name: lagoon-build-deploy From 17a770a2f07b44ca0573ab33d683b0111e633ed1 Mon Sep 17 00:00:00 2001 From: Scott Leggett Date: Fri, 4 Nov 2022 13:35:31 +0800 Subject: [PATCH 026/167] chore: add artifacthub changelog to lagoon-core --- charts/lagoon-core/Chart.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/charts/lagoon-core/Chart.yaml b/charts/lagoon-core/Chart.yaml index 6785d67b..06a0a380 100644 --- a/charts/lagoon-core/Chart.yaml +++ b/charts/lagoon-core/Chart.yaml @@ -34,3 +34,8 @@ dependencies: version: ~0.18.0 repository: https://nats-io.github.io/k8s/helm/charts/ condition: nats.enabled + +annotations: + artifacthub.io/changes: | + - kind: changed + description: Bumped ssh-portal-api to v0.22.0. From ab833490226a73315682e64d7894b17ba9a7e98e Mon Sep 17 00:00:00 2001 From: Scott Leggett Date: Fri, 4 Nov 2022 13:35:46 +0800 Subject: [PATCH 027/167] chore: add artifacthub changelog to lagoon-remote --- charts/lagoon-remote/Chart.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/lagoon-remote/Chart.yaml b/charts/lagoon-remote/Chart.yaml index 39c4a583..6215519e 100644 --- a/charts/lagoon-remote/Chart.yaml +++ b/charts/lagoon-remote/Chart.yaml @@ -45,5 +45,5 @@ dependencies: annotations: artifacthub.io/changes: | - - kind: added - description: Support for storage-calculator, disabled by default + - kind: changed + description: Bumped ssh-portal to v0.22.0. From e57746ab334d88de259907bddf4803ea35e487c0 Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Tue, 8 Nov 2022 07:14:54 +1100 Subject: [PATCH 028/167] Assorted CI dependency updates (#507) --- .github/workflows/lint-test-matrix.yaml | 9 +++++---- .github/workflows/lint-test.yaml | 4 ++-- .github/workflows/test-suite.yaml | 14 +++++++------- Makefile | 14 +++++++------- 4 files changed, 21 insertions(+), 20 deletions(-) diff --git a/.github/workflows/lint-test-matrix.yaml b/.github/workflows/lint-test-matrix.yaml index 2f886154..4638d32e 100644 --- a/.github/workflows/lint-test-matrix.yaml +++ b/.github/workflows/lint-test-matrix.yaml @@ -11,9 +11,10 @@ jobs: fail-fast: false matrix: kindest_node_version: - - v1.21.14@sha256:ad5b7446dd8332439f22a1efdac73670f0da158c00f0a70b45716e7ef3fae20b - - v1.23.12@sha256:9402cf1330bbd3a0d097d2033fa489b2abe40d479cc5ef47d0b6a6960613148a - - v1.24.6@sha256:97e8d00bc37a7598a0b32d1fabd155a96355c49fa0d4d4790aab0f161bf31be1 + - v1.21.14@sha256:9d9eb5fb26b4fbc0c6d95fa8c790414f9750dd583f5d7cee45d92e8c26670aa1 + - v1.22.15@sha256:7d9708c4b0873f0fe2e171e2b1b7f45ae89482617778c1c875f1053d4cef2e41 + - v1.24.7@sha256:577c630ce8e509131eab1aea12c022190978dd2f745aac5eb1fe65c0807eb315 + - v1.25.3@sha256:f52781bc0d7a19fb6c405c2af83abfeb311f130707a0e219175677e366cc45d1 steps: - name: Checkout uses: actions/checkout@v3 @@ -41,7 +42,7 @@ jobs: - name: Create kind cluster uses: helm/kind-action@v1.4.0 with: - version: v0.14.0 + version: v0.17.0 node_image: kindest/node:${{ matrix.kindest_node_version }} if: | (steps.list-changed.outputs.changed == 'true') || diff --git a/.github/workflows/lint-test.yaml b/.github/workflows/lint-test.yaml index 914c720c..de611b0d 100644 --- a/.github/workflows/lint-test.yaml +++ b/.github/workflows/lint-test.yaml @@ -93,8 +93,8 @@ jobs: - name: Create kind cluster uses: helm/kind-action@v1.4.0 with: - version: v0.14.0 - node_image: kindest/node:v1.22.15@sha256:bfd5eaae36849bfb3c1e3b9442f3da17d730718248939d9d547e86bbac5da586 + version: v0.17.0 + node_image: kindest/node:v1.23.13@sha256:ef453bb7c79f0e3caba88d2067d4196f427794086a7d0df8df4f019d5e336b61 if: | (steps.list-changed.outputs.changed == 'true') || (contains(github.event.pull_request.labels.*.name, 'needs-testing')) diff --git a/.github/workflows/test-suite.yaml b/.github/workflows/test-suite.yaml index cf1bd7b5..beef18c3 100644 --- a/.github/workflows/test-suite.yaml +++ b/.github/workflows/test-suite.yaml @@ -76,8 +76,8 @@ jobs: (steps.list-changed.outputs.changed == 'true') || (contains(github.event.pull_request.labels.*.name, 'needs-testing')) with: - version: v0.14.0 - node_image: kindest/node:v1.23.12@sha256:9402cf1330bbd3a0d097d2033fa489b2abe40d479cc5ef47d0b6a6960613148a + version: v0.17.0 + node_image: kindest/node:v1.23.13@sha256:ef453bb7c79f0e3caba88d2067d4196f427794086a7d0df8df4f019d5e336b61 config: test-suite.kind-config.yaml - name: Install kubectl @@ -129,15 +129,15 @@ jobs: (contains(github.event.pull_request.labels.*.name, 'needs-testing')) run: | cd /tmp - curl -sSLO https://github.com/itchyny/gojq/releases/download/v0.11.1/gojq_v0.11.1_linux_amd64.tar.gz - tar -xf ./gojq_v0.11.1_linux_amd64.tar.gz - sudo cp /tmp/gojq_v0.11.1_linux_amd64/gojq /usr/local/bin/jq + curl -sSLO https://github.com/itchyny/gojq/releases/download/v0.12.9/gojq_v0.12.9_linux_amd64.tar.gz + tar -xf ./gojq_v0.12.9_linux_amd64.tar.gz + sudo cp /tmp/gojq_v0.12.9_linux_amd64/gojq /usr/local/bin/jq - name: Install kubens and kubectl alias run: | cd /tmp - curl -sSLO https://github.com/ahmetb/kubectx/releases/download/v0.9.1/kubens_v0.9.1_linux_x86_64.tar.gz - tar -xf ./kubens_v0.9.1_linux_x86_64.tar.gz + curl -sSLO https://github.com/ahmetb/kubectx/releases/download/v0.9.4/kubens_v0.9.4_linux_x86_64.tar.gz + tar -xf ./kubens_v0.9.4_linux_x86_64.tar.gz sudo cp /tmp/kubens /usr/local/bin/kubens sudo ln -s /usr/local/bin/kubectl /usr/local/bin/kc diff --git a/Makefile b/Makefile index 25678132..d706e5d2 100644 --- a/Makefile +++ b/Makefile @@ -78,7 +78,7 @@ install-ingress: --set controller.config.proxy-body-size=100m \ --set controller.watchIngressWithoutClass=true \ --set controller.ingressClassResource.default=true \ - --version=4.1.3 \ + --version=4.3.0 \ ingress-nginx \ ingress-nginx/ingress-nginx @@ -98,7 +98,7 @@ install-registry: install-ingress --set clair.enabled=false \ --set notary.enabled=false \ --set trivy.enabled=false \ - --version=1.9.1 \ + --version=1.10.1 \ registry \ harbor/harbor @@ -125,7 +125,7 @@ install-mariadb: --wait \ --timeout $(TIMEOUT) \ $$($(KUBECTL) get ns mariadb > /dev/null 2>&1 && echo --set auth.rootPassword=$$($(KUBECTL) get secret --namespace mariadb mariadb -o json | $(JQ) -r '.data."mariadb-root-password" | @base64d')) \ - --version=10.5.1 \ + --version=11.3.4 \ mariadb \ bitnami/mariadb @@ -138,8 +138,8 @@ install-postgresql: --namespace postgresql \ --wait \ --timeout $(TIMEOUT) \ - $$($(KUBECTL) get ns postgresql > /dev/null 2>&1 && echo --set postgresqlPassword=$$($(KUBECTL) get secret --namespace postgresql postgresql -o json | $(JQ) -r '.data."postgresql-password" | @base64d')) \ - --version=10.16.2 \ + $$($(KUBECTL) get ns postgresql > /dev/null 2>&1 && echo --set auth.postgresPassword=$$($(KUBECTL) get secret --namespace postgresql postgresql -o json | $(JQ) -r '.data."postgres-password" | @base64d')) \ + --version=11.9.13 \ postgresql \ bitnami/postgresql @@ -167,7 +167,7 @@ install-minio: install-ingress --timeout $(TIMEOUT) \ --set auth.rootUser=lagoonFilesAccessKey,auth.rootPassword=lagoonFilesSecretKey \ --set defaultBuckets=lagoon-files \ - --version=11.6.3 \ + --version=11.10.13 \ minio \ bitnami/minio @@ -248,7 +248,7 @@ install-lagoon-remote: install-lagoon-build-deploy install-lagoon-core install-m --set "dbaas-operator.mariadbProviders.development.user=root" \ --set "dbaas-operator.postgresqlProviders.development.environment=development" \ --set "dbaas-operator.postgresqlProviders.development.hostname=postgresql.postgresql.svc.cluster.local" \ - --set "dbaas-operator.postgresqlProviders.development.password=$$($(KUBECTL) get secret --namespace postgresql postgresql -o json | $(JQ) -r '.data."postgresql-password" | @base64d')" \ + --set "dbaas-operator.postgresqlProviders.development.password=$$($(KUBECTL) get secret --namespace postgresql postgresql -o json | $(JQ) -r '.data."postgres-password" | @base64d')" \ --set "dbaas-operator.postgresqlProviders.development.port=5432" \ --set "dbaas-operator.postgresqlProviders.development.user=postgres" \ --set "dbaas-operator.mongodbProviders.development.environment=development" \ From 8930c2ca932dd7eab9f93be6a681c2248628c72e Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Tue, 8 Nov 2022 08:45:56 +1100 Subject: [PATCH 029/167] add OPENSEARCH_INTEGRATION_ENABLED additionalEnv to makefile (#470) --- Makefile | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Makefile b/Makefile index d706e5d2..ad4d16bb 100644 --- a/Makefile +++ b/Makefile @@ -38,6 +38,8 @@ SKIP_INSTALL_REGISTRY = SKIP_ALL_DEPS = # Set to `true` to use the disable harbor integration in lagoon-core DISABLE_CORE_HARBOR = +# Set to `true` to enable the elements of lagoon-core that talk to OpenSearch installs +OPENSEARCH_INTEGRATION_ENABLED = false TIMEOUT = 30m HELM = helm @@ -184,6 +186,7 @@ install-lagoon-core: install-minio $$([ $(IMAGE_TAG) ] && echo '--set imageTag=$(IMAGE_TAG)') \ $$([ $(OVERRIDE_ACTIVE_STANDBY_TASK_IMAGE) ] && echo '--set overwriteActiveStandbyTaskImage=$(OVERRIDE_ACTIVE_STANDBY_TASK_IMAGE)') \ $$([ $(DISABLE_CORE_HARBOR) ] && echo '--set api.additionalEnvs.DISABLE_CORE_HARBOR=$(DISABLE_CORE_HARBOR)') \ + $$([ $(OPENSEARCH_INTEGRATION_ENABLED) ] && echo '--set api.additionalEnvs.OPENSEARCH_INTEGRATION_ENABLED=$(OPENSEARCH_INTEGRATION_ENABLED)') \ --set "keycloakAPIURL=http://lagoon-keycloak.$$($(KUBECTL) get nodes -o jsonpath='{.items[0].status.addresses[0].address}').nip.io:32080/auth" \ --set "lagoonAPIURL=http://lagoon-api.$$($(KUBECTL) get nodes -o jsonpath='{.items[0].status.addresses[0].address}').nip.io:32080/graphql" \ --set actionsHandler.image.repository=$(IMAGE_REGISTRY)/actions-handler \ From 2394a89f02fa0f03e31afd315f89c909e0f4e788 Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Wed, 9 Nov 2022 13:34:49 +1100 Subject: [PATCH 030/167] update NATS chart to 0.18.2 --- charts/lagoon-core/Chart.lock | 6 +++--- charts/lagoon-core/Chart.yaml | 7 +++++-- charts/lagoon-remote/Chart.lock | 6 +++--- charts/lagoon-remote/Chart.yaml | 7 +++++-- 4 files changed, 16 insertions(+), 10 deletions(-) diff --git a/charts/lagoon-core/Chart.lock b/charts/lagoon-core/Chart.lock index 152cc304..772ee5db 100644 --- a/charts/lagoon-core/Chart.lock +++ b/charts/lagoon-core/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: nats repository: https://nats-io.github.io/k8s/helm/charts/ - version: 0.18.0 -digest: sha256:3e8ec1b8a84fb0142cfd4ffd629822536a5cfb46f1e1bff950a97c322edd2295 -generated: "2022-09-13T09:48:38.604636+08:00" + version: 0.18.2 +digest: sha256:07111301495aa6b86b973b797eda1a333728dbebd2626c54bd935cca43a20dc4 +generated: "2022-11-09T13:25:35.196455291+11:00" diff --git a/charts/lagoon-core/Chart.yaml b/charts/lagoon-core/Chart.yaml index 06a0a380..b60eb1cd 100644 --- a/charts/lagoon-core/Chart.yaml +++ b/charts/lagoon-core/Chart.yaml @@ -21,7 +21,7 @@ type: application # time you make changes to the chart and its templates, including the app # version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 1.13.0 +version: 1.14.0 # This is the version number of the application being deployed. This version # number should be incremented each time you make changes to the application. @@ -35,7 +35,10 @@ dependencies: repository: https://nats-io.github.io/k8s/helm/charts/ condition: nats.enabled +# This section is used to collect a changelog for artifacthub.io +# It should be started afresh for each release +# Valid supported kinds are added, changed, deprecated, removed, fixed and security annotations: artifacthub.io/changes: | - kind: changed - description: Bumped ssh-portal-api to v0.22.0. + description: Updated NATS sub-chart to 0.18.2 diff --git a/charts/lagoon-remote/Chart.lock b/charts/lagoon-remote/Chart.lock index 89fa902d..5cee07f9 100644 --- a/charts/lagoon-remote/Chart.lock +++ b/charts/lagoon-remote/Chart.lock @@ -13,6 +13,6 @@ dependencies: version: 0.1.2 - name: nats repository: https://nats-io.github.io/k8s/helm/charts/ - version: 0.18.0 -digest: sha256:bebff0f36b3944e203344f5fc9c5dacff35c6a253c0e5c5d16ae649bcebbe217 -generated: "2022-10-05T09:10:46.336962729+11:00" + version: 0.18.2 +digest: sha256:ac99187ecaf7d606447869db1e814fb7ca41e5c24da5b8a6e47a5d7de47dd7a4 +generated: "2022-11-09T13:27:27.336561068+11:00" diff --git a/charts/lagoon-remote/Chart.yaml b/charts/lagoon-remote/Chart.yaml index 6215519e..ed28e1ca 100644 --- a/charts/lagoon-remote/Chart.yaml +++ b/charts/lagoon-remote/Chart.yaml @@ -19,7 +19,7 @@ type: application # This is the chart version. This version number should be incremented each # time you make changes to the chart and its templates, including the app # version. -version: 0.65.0 +version: 0.66.0 dependencies: - name: lagoon-build-deploy @@ -43,7 +43,10 @@ dependencies: repository: https://nats-io.github.io/k8s/helm/charts/ condition: nats.enabled +# This section is used to collect a changelog for artifacthub.io +# It should be started afresh for each release +# Valid supported kinds are added, changed, deprecated, removed, fixed and security annotations: artifacthub.io/changes: | - kind: changed - description: Bumped ssh-portal to v0.22.0. + description: Updated NATS sub-chart to 0.18.2 From b34226d4646442f208d900fbfc33d1d85c1042ba Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Wed, 9 Nov 2022 13:35:01 +1100 Subject: [PATCH 031/167] suib-chart updates --- charts/lagoon-remote/Chart.lock | 4 ++-- charts/lagoon-remote/Chart.yaml | 10 ++++++++-- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/charts/lagoon-remote/Chart.lock b/charts/lagoon-remote/Chart.lock index 5cee07f9..699d2e98 100644 --- a/charts/lagoon-remote/Chart.lock +++ b/charts/lagoon-remote/Chart.lock @@ -1,7 +1,7 @@ dependencies: - name: lagoon-build-deploy repository: https://uselagoon.github.io/lagoon-charts/ - version: 0.15.0 + version: 0.16.0 - name: dioscuri repository: https://amazeeio.github.io/charts/ version: 0.4.1 @@ -10,7 +10,7 @@ dependencies: version: 0.3.0 - name: lagoon-insights-remote repository: https://uselagoon.github.io/lagoon-charts/ - version: 0.1.2 + version: 0.2.1 - name: nats repository: https://nats-io.github.io/k8s/helm/charts/ version: 0.18.2 diff --git a/charts/lagoon-remote/Chart.yaml b/charts/lagoon-remote/Chart.yaml index ed28e1ca..566585b4 100644 --- a/charts/lagoon-remote/Chart.yaml +++ b/charts/lagoon-remote/Chart.yaml @@ -23,7 +23,7 @@ version: 0.66.0 dependencies: - name: lagoon-build-deploy - version: ~0.15.0 + version: ~0.16.0 repository: https://uselagoon.github.io/lagoon-charts/ condition: lagoon-build-deploy.enabled - name: dioscuri @@ -35,7 +35,7 @@ dependencies: repository: https://amazeeio.github.io/charts/ condition: dbaas-operator.enabled - name: lagoon-insights-remote - version: ~0.1.0 + version: ~0.2.0 repository: https://uselagoon.github.io/lagoon-charts/ condition: lagoon-insights-remote.enabled - name: nats @@ -50,3 +50,9 @@ annotations: artifacthub.io/changes: | - kind: changed description: Updated NATS sub-chart to 0.18.2 + - kind: changed + description: Updated lagoon-build-deploy sub-chart to 0.16.0 + - kind: changed + description: Updated lagoon-insights-remote sub-chart to 0.2.1 + - kind: changed + description: Updated docker-host service image to 3.1.0 From e28c6e3b231c1f899d00a423b15293bffcd6b7ea Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Wed, 9 Nov 2022 13:35:14 +1100 Subject: [PATCH 032/167] docker-host update --- charts/lagoon-remote/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/lagoon-remote/values.yaml b/charts/lagoon-remote/values.yaml index a7f3780d..17a76878 100644 --- a/charts/lagoon-remote/values.yaml +++ b/charts/lagoon-remote/values.yaml @@ -24,7 +24,7 @@ dockerHost: repository: uselagoon/docker-host pullPolicy: Always # Overrides the image tag whose default is "latest". - tag: "v3.0.0" + tag: "v3.1.0" name: docker-host From f04633caf1b754566ff0cbeadb6123f3994d604a Mon Sep 17 00:00:00 2001 From: shreddedbacon Date: Fri, 11 Nov 2022 18:25:08 +1100 Subject: [PATCH 033/167] chore: bump remote-controller version --- charts/lagoon-build-deploy/Chart.yaml | 4 ++-- charts/lagoon-build-deploy/templates/deployment.yaml | 6 ++++++ charts/lagoon-build-deploy/values.yaml | 4 ++++ 3 files changed, 12 insertions(+), 2 deletions(-) diff --git a/charts/lagoon-build-deploy/Chart.yaml b/charts/lagoon-build-deploy/Chart.yaml index 49e684da..7f40c058 100644 --- a/charts/lagoon-build-deploy/Chart.yaml +++ b/charts/lagoon-build-deploy/Chart.yaml @@ -16,6 +16,6 @@ kubeVersion: ">= 1.19.0-0" type: application -version: 0.16.0 +version: 0.17.0 -appVersion: v0.6.0 +appVersion: v0.7.0 diff --git a/charts/lagoon-build-deploy/templates/deployment.yaml b/charts/lagoon-build-deploy/templates/deployment.yaml index c4030be8..b8b15583 100644 --- a/charts/lagoon-build-deploy/templates/deployment.yaml +++ b/charts/lagoon-build-deploy/templates/deployment.yaml @@ -156,6 +156,12 @@ spec: {{- with .Values.QoSDefault }} - "--qos-default={{ . }}" {{- end }} + {{- with .Values.timeoutForLongRunningBuildPods }} + - "--timeout-longrunning-build-pod-cleanup={{ . }}" + {{- end }} + {{- with .Values.timeoutForLongRunningTaskPods }} + - "--timeout-longrunning-task-pod-cleanup={{ . }}" + {{- end }} {{- with .Values.extraArgs }} {{- toYaml . | nindent 8 }} {{- end }} diff --git a/charts/lagoon-build-deploy/values.yaml b/charts/lagoon-build-deploy/values.yaml index 13484ed8..fe445976 100644 --- a/charts/lagoon-build-deploy/values.yaml +++ b/charts/lagoon-build-deploy/values.yaml @@ -79,6 +79,10 @@ extraEnvs: # the following values are defaults which may be overridden +# the number of hours a build/task pod can run before forcefully cancelled. +timeoutForLongRunningBuildPods: 6 +timeoutForLongRunningTaskPods: 6 + adminLagoonFeatureFlag: # Set the memory resource limit for containers deployed by Lagoon. containerMemoryLimit: 16Gi From 08f3c93cfce84d00e9b91af1dab6165ed58aa473 Mon Sep 17 00:00:00 2001 From: shreddedbacon Date: Fri, 11 Nov 2022 18:27:29 +1100 Subject: [PATCH 034/167] chore: add chart changes --- charts/lagoon-build-deploy/Chart.yaml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/charts/lagoon-build-deploy/Chart.yaml b/charts/lagoon-build-deploy/Chart.yaml index 7f40c058..b4609c2d 100644 --- a/charts/lagoon-build-deploy/Chart.yaml +++ b/charts/lagoon-build-deploy/Chart.yaml @@ -19,3 +19,10 @@ type: application version: 0.17.0 appVersion: v0.7.0 + +annotations: + artifacthub.io/changes: | + - kind: changed + description: Bumped remote-controller to v0.7.0. + - kind: added + description: Configuration items for build and task pod timeouts From 55adde870c9275112cfa3a43e173edb461461500 Mon Sep 17 00:00:00 2001 From: shreddedbacon Date: Fri, 11 Nov 2022 19:39:09 +1100 Subject: [PATCH 035/167] chore: bump lagoon-build-deploy version --- charts/lagoon-remote/Chart.lock | 8 ++++---- charts/lagoon-remote/Chart.yaml | 8 +++++--- 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/charts/lagoon-remote/Chart.lock b/charts/lagoon-remote/Chart.lock index 89fa902d..ad40d179 100644 --- a/charts/lagoon-remote/Chart.lock +++ b/charts/lagoon-remote/Chart.lock @@ -1,7 +1,7 @@ dependencies: - name: lagoon-build-deploy repository: https://uselagoon.github.io/lagoon-charts/ - version: 0.15.0 + version: 0.17.0 - name: dioscuri repository: https://amazeeio.github.io/charts/ version: 0.4.1 @@ -13,6 +13,6 @@ dependencies: version: 0.1.2 - name: nats repository: https://nats-io.github.io/k8s/helm/charts/ - version: 0.18.0 -digest: sha256:bebff0f36b3944e203344f5fc9c5dacff35c6a253c0e5c5d16ae649bcebbe217 -generated: "2022-10-05T09:10:46.336962729+11:00" + version: 0.18.2 +digest: sha256:ba96097ba5751e7c5669cdaeb90dca02d1e35c1fc6b3713834daf18d89f52105 +generated: "2022-11-11T19:37:25.47337239+11:00" diff --git a/charts/lagoon-remote/Chart.yaml b/charts/lagoon-remote/Chart.yaml index 6215519e..eb454959 100644 --- a/charts/lagoon-remote/Chart.yaml +++ b/charts/lagoon-remote/Chart.yaml @@ -19,11 +19,11 @@ type: application # This is the chart version. This version number should be incremented each # time you make changes to the chart and its templates, including the app # version. -version: 0.65.0 +version: 0.66.0 dependencies: - name: lagoon-build-deploy - version: ~0.15.0 + version: ~0.17.0 repository: https://uselagoon.github.io/lagoon-charts/ condition: lagoon-build-deploy.enabled - name: dioscuri @@ -46,4 +46,6 @@ dependencies: annotations: artifacthub.io/changes: | - kind: changed - description: Bumped ssh-portal to v0.22.0. + description: Bumped lagoon-build-deploy to v0.17.0. + - kind: changed + description: Bumped nats to v0.18.2. From 392097b060c79e3ed3b82dc80f2739ae88c5cfc2 Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Sat, 12 Nov 2022 10:39:33 +1100 Subject: [PATCH 036/167] update chart version --- charts/lagoon-remote/Chart.lock | 4 ++-- charts/lagoon-remote/Chart.yaml | 4 +--- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/charts/lagoon-remote/Chart.lock b/charts/lagoon-remote/Chart.lock index 0beee1dc..2b552b9f 100644 --- a/charts/lagoon-remote/Chart.lock +++ b/charts/lagoon-remote/Chart.lock @@ -14,5 +14,5 @@ dependencies: - name: nats repository: https://nats-io.github.io/k8s/helm/charts/ version: 0.18.2 -digest: sha256:ba96097ba5751e7c5669cdaeb90dca02d1e35c1fc6b3713834daf18d89f52105 -generated: "2022-11-11T19:37:25.47337239+11:00" +digest: sha256:9b96ce17cd70d6530d5bbbaa6a3de8f5a6f3f3130b8650c8bcaf4e2ec06eca40 +generated: "2022-11-12T10:38:41.332054599+11:00" diff --git a/charts/lagoon-remote/Chart.yaml b/charts/lagoon-remote/Chart.yaml index f52738d0..21215d4e 100644 --- a/charts/lagoon-remote/Chart.yaml +++ b/charts/lagoon-remote/Chart.yaml @@ -19,7 +19,7 @@ type: application # This is the chart version. This version number should be incremented each # time you make changes to the chart and its templates, including the app # version. -version: 0.66.0 +version: 0.67.0 dependencies: - name: lagoon-build-deploy @@ -50,5 +50,3 @@ annotations: artifacthub.io/changes: | - kind: changed description: Bumped lagoon-build-deploy to v0.17.0. - - kind: changed - description: Bumped nats to v0.18.2. From 7187f3999f04342fdc94a3964ad56818398e3ed3 Mon Sep 17 00:00:00 2001 From: Scott Leggett Date: Thu, 17 Nov 2022 08:12:49 +0800 Subject: [PATCH 037/167] feat: collect logs from spot instances Add a toleration on the fluentbit daemonset that does log collection which allows it to schedule on spot instances. --- charts/lagoon-logging/values.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/charts/lagoon-logging/values.yaml b/charts/lagoon-logging/values.yaml index b6d50801..6f9c9b60 100644 --- a/charts/lagoon-logging/values.yaml +++ b/charts/lagoon-logging/values.yaml @@ -257,6 +257,9 @@ fluentbitTolerations: - effect: NoSchedule key: lagoon.sh/lb operator: Exists +- effect: NoSchedule + key: lagoon.sh/spot + operator: Exists # This chart assumes the container runtime is containerd, which puts the log # message in the `message` field of the log record. From 74f216b973954f91ef8d672b89f273a40a48bc75 Mon Sep 17 00:00:00 2001 From: Scott Leggett Date: Thu, 17 Nov 2022 08:13:53 +0800 Subject: [PATCH 038/167] chore: bump lagoon-logging chart version --- charts/lagoon-logging/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/lagoon-logging/Chart.yaml b/charts/lagoon-logging/Chart.yaml index bea7a140..2fbef58b 100644 --- a/charts/lagoon-logging/Chart.yaml +++ b/charts/lagoon-logging/Chart.yaml @@ -19,7 +19,7 @@ type: application # time you make changes to the chart and its templates, including the app # version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.69.0 +version: 0.70.0 dependencies: - name: logging-operator From 1b0100cfbc0bd239505d598b72e69c9a5d2aae06 Mon Sep 17 00:00:00 2001 From: Chris Date: Thu, 17 Nov 2022 12:34:35 +1100 Subject: [PATCH 039/167] Initial pass at integrating insights remote into lagoon remote --- charts/lagoon-remote/Chart.lock | 6 +- charts/lagoon-remote/Chart.yaml | 8 +- charts/lagoon-remote/ci/linter-values.yaml | 7 +- charts/lagoon-remote/templates/_helpers.tpl | 37 ++++++++ .../insights-remote.clusterrole.yaml | 15 ++++ .../insights-remote.clusterrolebinding.yaml | 14 +++ .../templates/insights-remote.deployment.yaml | 68 ++++++++++++++ .../templates/insights-remote.secrets.yaml | 12 +++ .../insights-remote.serviceaccount.yaml | 14 +++ charts/lagoon-remote/values.yaml | 88 ++++++++++++++++++- 10 files changed, 258 insertions(+), 11 deletions(-) create mode 100644 charts/lagoon-remote/templates/insights-remote.clusterrole.yaml create mode 100644 charts/lagoon-remote/templates/insights-remote.clusterrolebinding.yaml create mode 100644 charts/lagoon-remote/templates/insights-remote.deployment.yaml create mode 100644 charts/lagoon-remote/templates/insights-remote.secrets.yaml create mode 100644 charts/lagoon-remote/templates/insights-remote.serviceaccount.yaml diff --git a/charts/lagoon-remote/Chart.lock b/charts/lagoon-remote/Chart.lock index 2b552b9f..209f913d 100644 --- a/charts/lagoon-remote/Chart.lock +++ b/charts/lagoon-remote/Chart.lock @@ -8,9 +8,9 @@ dependencies: - name: dbaas-operator repository: https://amazeeio.github.io/charts/ version: 0.3.0 -- name: lagoon-insights-remote - repository: https://uselagoon.github.io/lagoon-charts/ - version: 0.2.1 +# - name: lagoon-insights-remote +# repository: https://uselagoon.github.io/lagoon-charts/ +# version: 0.2.1 - name: nats repository: https://nats-io.github.io/k8s/helm/charts/ version: 0.18.2 diff --git a/charts/lagoon-remote/Chart.yaml b/charts/lagoon-remote/Chart.yaml index 21215d4e..15d86aa3 100644 --- a/charts/lagoon-remote/Chart.yaml +++ b/charts/lagoon-remote/Chart.yaml @@ -34,10 +34,10 @@ dependencies: version: ~0.3.0 repository: https://amazeeio.github.io/charts/ condition: dbaas-operator.enabled -- name: lagoon-insights-remote - version: ~0.2.0 - repository: https://uselagoon.github.io/lagoon-charts/ - condition: lagoon-insights-remote.enabled +# - name: lagoon-insights-remote +# version: ~0.2.0 +# repository: https://uselagoon.github.io/lagoon-charts/ +# condition: lagoon-insights-remote.enabled - name: nats version: ~0.18.0 repository: https://nats-io.github.io/k8s/helm/charts/ diff --git a/charts/lagoon-remote/ci/linter-values.yaml b/charts/lagoon-remote/ci/linter-values.yaml index d0e5f791..f300f1aa 100644 --- a/charts/lagoon-remote/ci/linter-values.yaml +++ b/charts/lagoon-remote/ci/linter-values.yaml @@ -19,11 +19,14 @@ imageTag: "" dbaas-operator: enabled: true -lagoon-insights-remote: - enabled: false +insightsRemote: + enabled: true rabbitMQUsername: lagoon rabbitMQPassword: ci rabbitMQHostname: lagoon-core-broker + # rabbitMQHostname: "messagebroker" + # rabbitMQPassword: "password" + # rabbitMQUsername: "user" mxoutHost: mxout1.example.com diff --git a/charts/lagoon-remote/templates/_helpers.tpl b/charts/lagoon-remote/templates/_helpers.tpl index 9b18f65f..a0fd1b6f 100644 --- a/charts/lagoon-remote/templates/_helpers.tpl +++ b/charts/lagoon-remote/templates/_helpers.tpl @@ -189,3 +189,40 @@ app.kubernetes.io/name: {{ include "lagoon-remote.name" . }} app.kubernetes.io/component: {{ include "lagoon-remote.sshPortal.fullname" . }} app.kubernetes.io/instance: {{ .Release.Name }} {{- end }} + + + +{{/* +Create the name of the service account to use for insights-remote +*/}} +{{- define "lagoon-remote.insightsRemote.serviceAccountName" -}} +{{- default (include "lagoon-remote.insightsRemote.fullname" .) .Values.insightsRemote.serviceAccount.name }} +{{- end }} + +{{/* +Create a default fully qualified app name for insights-remote. +*/}} +{{- define "lagoon-remote.insightsRemote.fullname" -}} +{{- include "lagoon-remote.fullname" . }}-insights-remote +{{- end }} + +{{/* +Common labels insights-remote +*/}} +{{- define "lagoon-remote.insightsRemote.labels" -}} +helm.sh/chart: {{ include "lagoon-remote.chart" . }} +{{ include "lagoon-remote.insightsRemote.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels insightsRemote +*/}} +{{- define "lagoon-remote.insightsRemote.selectorLabels" -}} +app.kubernetes.io/name: {{ include "lagoon-remote.name" . }} +app.kubernetes.io/component: {{ include "lagoon-remote.insightsRemote.fullname" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} diff --git a/charts/lagoon-remote/templates/insights-remote.clusterrole.yaml b/charts/lagoon-remote/templates/insights-remote.clusterrole.yaml new file mode 100644 index 00000000..ddab9fff --- /dev/null +++ b/charts/lagoon-remote/templates/insights-remote.clusterrole.yaml @@ -0,0 +1,15 @@ +{{- if .Values.insightsRemote.enabled -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "lagoon-remote.insightsRemote.fullname" . }}-manager + labels: + {{- include "lagoon-remote.insightsRemote.labels" . | nindent 4 }} +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - "*" + {{- end }} \ No newline at end of file diff --git a/charts/lagoon-remote/templates/insights-remote.clusterrolebinding.yaml b/charts/lagoon-remote/templates/insights-remote.clusterrolebinding.yaml new file mode 100644 index 00000000..1d96e331 --- /dev/null +++ b/charts/lagoon-remote/templates/insights-remote.clusterrolebinding.yaml @@ -0,0 +1,14 @@ +{{- if .Values.insightsRemote.enabled -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "lagoon-remote.insightsRemote.fullname" . }}-manager +subjects: +- kind: ServiceAccount + name: {{ include "lagoon-remote.insightsRemote.serviceAccountName" . }} + namespace: {{ .Release.Namespace | quote }} +roleRef: + kind: ClusterRole + name: {{ include "lagoon-remote.insightsRemote.fullname" . }}-manager + apiGroup: rbac.authorization.k8s.io +{{- end }} \ No newline at end of file diff --git a/charts/lagoon-remote/templates/insights-remote.deployment.yaml b/charts/lagoon-remote/templates/insights-remote.deployment.yaml new file mode 100644 index 00000000..79e9eeee --- /dev/null +++ b/charts/lagoon-remote/templates/insights-remote.deployment.yaml @@ -0,0 +1,68 @@ +{{- if .Values.insightsRemote.enabled -}} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "lagoon-remote.insightsRemote.fullname" . }} + labels: + {{- include "lagoon-remote.insightsRemote.labels" . | nindent 4 }} +spec: + {{- if not .Values.insightsRemote.autoscaling.enabled }} + replicas: {{ .Values.insightsRemote.replicaCount }} + {{- end }} + selector: + matchLabels: + {{- include "lagoon-remote.insightsRemote.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.insightsRemote.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "lagoon-remote.insightsRemote.selectorLabels" . | nindent 8 }} + spec: + {{- with .Values.insightsRemote.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "lagoon-remote.insightsRemote.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.insightsRemote.podSecurityContext | nindent 8 }} + containers: + - name: insights-remote + securityContext: + {{- toYaml .Values.insightsRemote.securityContext | nindent 12 }} + image: "{{ .Values.insightsRemote.image.repository }}:{{ .Values.insightsRemote.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.insightsRemote.image.pullPolicy }} + env: + {{- if .Values.insightsRemote.burnAfterReading }} + - name: BURN_AFTER_READING + value: "TRUE" + {{- end }} + - name: RABBITMQ_ADDRESS + value: {{ required "A valid .Values.insightsRemote.rabbitMQHostname required!" .Values.insightsRemote.rabbitMQHostname | quote }} + - name: RABBITMQ_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "lagoon-remote.insightsRemote.fullname" . }}-rabbitmqsecret + key: password + - name: RABBITMQ_USERNAME + valueFrom: + secretKeyRef: + name: {{ include "lagoon-remote.insightsRemote.fullname" . }}-rabbitmqsecret + key: username + resources: + {{- toYaml .Values.insightsRemote.resources | nindent 12 }} + {{- with .Values.insightsRemote.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.insightsRemote.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.insightsRemote.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/lagoon-remote/templates/insights-remote.secrets.yaml b/charts/lagoon-remote/templates/insights-remote.secrets.yaml new file mode 100644 index 00000000..81d8aa2e --- /dev/null +++ b/charts/lagoon-remote/templates/insights-remote.secrets.yaml @@ -0,0 +1,12 @@ +{{- if .Values.insightsRemote.enabled -}} +{{- if .Values.insightsRemote.rabbitMQPassword }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "lagoon-remote.insightsRemote.fullname" . }}-rabbitmqsecret +type: kubernetes.io/basic-auth +stringData: + username: {{ required "A valid .Values.insightsRemote.rabbitMQUsername required!" .Values.insightsRemote.rabbitMQUsername | quote }} + password: {{ required "A valid .Values.insightsRemote.rabbitMQPassword required!" .Values.insightsRemote.rabbitMQPassword | quote }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/lagoon-remote/templates/insights-remote.serviceaccount.yaml b/charts/lagoon-remote/templates/insights-remote.serviceaccount.yaml new file mode 100644 index 00000000..5e966ff4 --- /dev/null +++ b/charts/lagoon-remote/templates/insights-remote.serviceaccount.yaml @@ -0,0 +1,14 @@ +{{- if .Values.insightsRemote.enabled -}} +{{- if .Values.insightsRemote.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "lagoon-remote.insightsRemote.serviceAccountName" . }} + labels: + {{- include "lagoon-remote.insightsRemote.labels" . | nindent 4 }} + {{- with .Values.insightsRemote.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} +{{- end }} diff --git a/charts/lagoon-remote/values.yaml b/charts/lagoon-remote/values.yaml index 17a76878..2573f179 100644 --- a/charts/lagoon-remote/values.yaml +++ b/charts/lagoon-remote/values.yaml @@ -191,10 +191,94 @@ dbaas-operator: # setting this will always override whatever `dbaas-operator` would set, useful if you want to target a different endpoint dbaasHTTPEndpoint: "" -lagoon-insights-remote: - enabled: false +# lagoon-insights-remote: +# enabled: false # burnAfterReading: false +insightsRemote: + rabbitMQHostname: "" + rabbitMQPassword: "" + rabbitMQUsername: "" + # sets insights configMaps to be removed after being processed + burnAfterReading: true + + replicaCount: 1 + + image: + repository: uselagoon/insights-remote + pullPolicy: Always + # Overrides the image tag whose default is the chart appVersion. + tag: "" + + imagePullSecrets: [] + nameOverride: "" + fullnameOverride: "" + + serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + + podAnnotations: {} + + podSecurityContext: {} + # fsGroup: 2000 + + securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + # service: + # type: ClusterIP + # port: 80 + # ingress: + # enabled: false + # className: "" + # annotations: {} + # # kubernetes.io/ingress.class: nginx + # # kubernetes.io/tls-acme: "true" + # hosts: + # - host: chart-example.local + # paths: + # - path: / + # pathType: ImplementationSpecific + # tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + + resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + + autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + + nodeSelector: {} + + tolerations: [] + + affinity: {} + # the nats chart is a subchart which is configured for use by lagoon-remote nats: enabled: false From e9f33469c823101c2de4026ef516be297aa2ee8d Mon Sep 17 00:00:00 2001 From: Scott Leggett Date: Fri, 18 Nov 2022 09:47:49 +0800 Subject: [PATCH 040/167] feat: bump ssh-portal-api version in lagoon-core --- charts/lagoon-core/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/lagoon-core/values.yaml b/charts/lagoon-core/values.yaml index 858460a8..64256095 100644 --- a/charts/lagoon-core/values.yaml +++ b/charts/lagoon-core/values.yaml @@ -791,7 +791,7 @@ sshPortalAPI: repository: ghcr.io/uselagoon/lagoon-ssh-portal/ssh-portal-api pullPolicy: Always # Overrides the image tag whose default is the chart appVersion. - tag: "v0.22.0" + tag: "v0.24.0" podAnnotations: {} From 4fc9735cfc9e0555aa7497eab16575e686beeb63 Mon Sep 17 00:00:00 2001 From: Scott Leggett Date: Fri, 18 Nov 2022 09:48:07 +0800 Subject: [PATCH 041/167] feat: bump ssh-portal version in lagoon-remote --- charts/lagoon-remote/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/lagoon-remote/values.yaml b/charts/lagoon-remote/values.yaml index 17a76878..ed4f5b6e 100644 --- a/charts/lagoon-remote/values.yaml +++ b/charts/lagoon-remote/values.yaml @@ -119,7 +119,7 @@ sshPortal: repository: ghcr.io/uselagoon/lagoon-ssh-portal/ssh-portal pullPolicy: Always # Overrides the image tag whose default is the chart appVersion. - tag: "v0.22.0" + tag: "v0.24.0" service: type: LoadBalancer From 227ed82df11dc40e5119e5fb34405a3bb8b89af2 Mon Sep 17 00:00:00 2001 From: Scott Leggett Date: Fri, 18 Nov 2022 09:48:45 +0800 Subject: [PATCH 042/167] chore: bump lagoon-core chart version --- charts/lagoon-core/Chart.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/lagoon-core/Chart.yaml b/charts/lagoon-core/Chart.yaml index b60eb1cd..a2eb646c 100644 --- a/charts/lagoon-core/Chart.yaml +++ b/charts/lagoon-core/Chart.yaml @@ -21,7 +21,7 @@ type: application # time you make changes to the chart and its templates, including the app # version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 1.14.0 +version: 1.15.0 # This is the version number of the application being deployed. This version # number should be incremented each time you make changes to the application. @@ -41,4 +41,4 @@ dependencies: annotations: artifacthub.io/changes: | - kind: changed - description: Updated NATS sub-chart to 0.18.2 + description: Update ssh-portal-api to latest version. From 02f9734e94dbe98136b2575a43233c2f41119903 Mon Sep 17 00:00:00 2001 From: Scott Leggett Date: Fri, 18 Nov 2022 09:49:00 +0800 Subject: [PATCH 043/167] chore: bump lagoon-remote chart version --- charts/lagoon-remote/Chart.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/lagoon-remote/Chart.yaml b/charts/lagoon-remote/Chart.yaml index 21215d4e..433fee15 100644 --- a/charts/lagoon-remote/Chart.yaml +++ b/charts/lagoon-remote/Chart.yaml @@ -19,7 +19,7 @@ type: application # This is the chart version. This version number should be incremented each # time you make changes to the chart and its templates, including the app # version. -version: 0.67.0 +version: 0.68.0 dependencies: - name: lagoon-build-deploy @@ -49,4 +49,4 @@ dependencies: annotations: artifacthub.io/changes: | - kind: changed - description: Bumped lagoon-build-deploy to v0.17.0. + description: Update ssh-portal to latest version. From 563e4b04e632d8be9d2464fad3fda6dd34d5c89a Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Mon, 21 Nov 2022 09:11:23 +1100 Subject: [PATCH 044/167] update logs-dispatcher image to v3.1.0 --- charts/lagoon-logging/Chart.yaml | 10 +++++++++- charts/lagoon-logging/values.yaml | 4 ++-- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/charts/lagoon-logging/Chart.yaml b/charts/lagoon-logging/Chart.yaml index 2fbef58b..67fed541 100644 --- a/charts/lagoon-logging/Chart.yaml +++ b/charts/lagoon-logging/Chart.yaml @@ -19,10 +19,18 @@ type: application # time you make changes to the chart and its templates, including the app # version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.70.0 +version: 0.71.0 dependencies: - name: logging-operator repository: https://kubernetes-charts.banzaicloud.com version: ~3.17.0 condition: logging-operator.enabled + +# This section is used to collect a changelog for artifacthub.io +# It should be started afresh for each release +# Valid supported kinds are added, changed, deprecated, removed, fixed and security +annotations: + artifacthub.io/changes: | + - kind: changed + description: Update logs-dispatcher image to v3.1.0 diff --git a/charts/lagoon-logging/values.yaml b/charts/lagoon-logging/values.yaml index 6f9c9b60..fa38fe04 100644 --- a/charts/lagoon-logging/values.yaml +++ b/charts/lagoon-logging/values.yaml @@ -19,7 +19,7 @@ logsDispatcher: repository: uselagoon/logs-dispatcher pullPolicy: IfNotPresent # Overrides the image tag whose default is "latest". - tag: "v3.0.0" + tag: "v3.1.0" serviceAccount: # Specifies whether a service account should be created @@ -121,7 +121,7 @@ cdnLogsCollector: repository: uselagoon/logs-dispatcher pullPolicy: IfNotPresent # Overrides the image tag whose default is "latest". - tag: "v3.0.0" + tag: "v3.1.0" podAnnotations: {} From f05cfaf6ccadd236bb97babe34c22d9863152f93 Mon Sep 17 00:00:00 2001 From: Chris Date: Mon, 21 Nov 2022 14:44:51 +1100 Subject: [PATCH 045/167] Fixing up integration --- charts/lagoon-insights-remote/Chart.yaml | 36 -------- charts/lagoon-insights-remote/README.md | 5 -- .../ci/linter-values.yaml | 3 - .../templates/NOTES.txt | 1 - .../templates/_helpers.tpl | 62 -------------- .../templates/clusterrole.yaml | 13 --- .../templates/clusterrolebinding.yaml | 12 --- .../templates/deployment.yaml | 67 --------------- .../templates/secrets.yaml | 10 --- .../templates/serviceaccount.yaml | 12 --- charts/lagoon-insights-remote/values.yaml | 82 ------------------- charts/lagoon-remote/Chart.lock | 7 +- charts/lagoon-remote/Chart.yaml | 4 - .../templates/insights-remote.deployment.yaml | 2 +- charts/lagoon-remote/values.yaml | 3 +- 15 files changed, 5 insertions(+), 314 deletions(-) delete mode 100644 charts/lagoon-insights-remote/Chart.yaml delete mode 100644 charts/lagoon-insights-remote/README.md delete mode 100644 charts/lagoon-insights-remote/ci/linter-values.yaml delete mode 100644 charts/lagoon-insights-remote/templates/NOTES.txt delete mode 100644 charts/lagoon-insights-remote/templates/_helpers.tpl delete mode 100644 charts/lagoon-insights-remote/templates/clusterrole.yaml delete mode 100644 charts/lagoon-insights-remote/templates/clusterrolebinding.yaml delete mode 100644 charts/lagoon-insights-remote/templates/deployment.yaml delete mode 100644 charts/lagoon-insights-remote/templates/secrets.yaml delete mode 100644 charts/lagoon-insights-remote/templates/serviceaccount.yaml delete mode 100644 charts/lagoon-insights-remote/values.yaml diff --git a/charts/lagoon-insights-remote/Chart.yaml b/charts/lagoon-insights-remote/Chart.yaml deleted file mode 100644 index 923f642d..00000000 --- a/charts/lagoon-insights-remote/Chart.yaml +++ /dev/null @@ -1,36 +0,0 @@ -apiVersion: v2 -name: lagoon-insights-remote -description: A Helm chart for Lagoon remote insights -home: https://github.com/uselagoon/lagoon-charts -icon: https://raw.githubusercontent.com/uselagoon/lagoon-charts/main/icon.png -maintainers: -- name: bomoko - email: blaize.kaye@amazee.io - url: https://amazee.io -kubeVersion: ">= 1.19.0-0" - -# A chart can be either an 'application' or a 'library' chart. -# -# Application charts are a collection of templates that can be packaged into versioned archives -# to be deployed. -# -# Library charts provide useful utilities or functions for the chart developer. They're included as -# a dependency of application charts to inject those utilities and functions into the rendering -# pipeline. Library charts do not define any templates and therefore cannot be deployed. -type: application - -# This is the chart version. This version number should be incremented each time you make changes -# to the chart and its templates, including the app version. -# Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.2.1 - -# This is the version number of the application being deployed. This version number should be -# incremented each time you make changes to the application. Versions are not expected to -# follow Semantic Versioning. They should reflect the version the application is using. -# It is recommended to use it with quotes. -appVersion: v0.0.3 - -annotations: - artifacthub.io/changes: | - - kind: added - description: Added README.md to explain purpose diff --git a/charts/lagoon-insights-remote/README.md b/charts/lagoon-insights-remote/README.md deleted file mode 100644 index ec37a821..00000000 --- a/charts/lagoon-insights-remote/README.md +++ /dev/null @@ -1,5 +0,0 @@ -# Lagoon Insights Remote - -This chart is currently consumed as a sub-chart of Lagoon Remote, but the service will instead be added as an optional in a coming release. - -Only install this chart as a sub-chart of Lagoon-Remote, it serves no functionality without it, and will be deprecated once the service is included. \ No newline at end of file diff --git a/charts/lagoon-insights-remote/ci/linter-values.yaml b/charts/lagoon-insights-remote/ci/linter-values.yaml deleted file mode 100644 index 33b242f8..00000000 --- a/charts/lagoon-insights-remote/ci/linter-values.yaml +++ /dev/null @@ -1,3 +0,0 @@ -rabbitMQHostname: "messagebroker" -rabbitMQPassword: "password" -rabbitMQUsername: "user" diff --git a/charts/lagoon-insights-remote/templates/NOTES.txt b/charts/lagoon-insights-remote/templates/NOTES.txt deleted file mode 100644 index 59723d5f..00000000 --- a/charts/lagoon-insights-remote/templates/NOTES.txt +++ /dev/null @@ -1 +0,0 @@ -Lagoon Insights Remote is installed. \ No newline at end of file diff --git a/charts/lagoon-insights-remote/templates/_helpers.tpl b/charts/lagoon-insights-remote/templates/_helpers.tpl deleted file mode 100644 index 2eefc33c..00000000 --- a/charts/lagoon-insights-remote/templates/_helpers.tpl +++ /dev/null @@ -1,62 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "lagoon-insights-remote.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "lagoon-insights-remote.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "lagoon-insights-remote.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "lagoon-insights-remote.labels" -}} -helm.sh/chart: {{ include "lagoon-insights-remote.chart" . }} -{{ include "lagoon-insights-remote.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "lagoon-insights-remote.selectorLabels" -}} -app.kubernetes.io/name: {{ include "lagoon-insights-remote.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "lagoon-insights-remote.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "lagoon-insights-remote.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} diff --git a/charts/lagoon-insights-remote/templates/clusterrole.yaml b/charts/lagoon-insights-remote/templates/clusterrole.yaml deleted file mode 100644 index cefad383..00000000 --- a/charts/lagoon-insights-remote/templates/clusterrole.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ include "lagoon-insights-remote.fullname" . }}-manager - labels: - {{- include "lagoon-insights-remote.labels" . | nindent 4 }} -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - "*" \ No newline at end of file diff --git a/charts/lagoon-insights-remote/templates/clusterrolebinding.yaml b/charts/lagoon-insights-remote/templates/clusterrolebinding.yaml deleted file mode 100644 index 0a4cc013..00000000 --- a/charts/lagoon-insights-remote/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ include "lagoon-insights-remote.fullname" . }}-manager -subjects: -- kind: ServiceAccount - name: {{ include "lagoon-insights-remote.serviceAccountName" . }} - namespace: {{ .Release.Namespace | quote }} -roleRef: - kind: ClusterRole - name: {{ include "lagoon-insights-remote.fullname" . }}-manager - apiGroup: rbac.authorization.k8s.io \ No newline at end of file diff --git a/charts/lagoon-insights-remote/templates/deployment.yaml b/charts/lagoon-insights-remote/templates/deployment.yaml deleted file mode 100644 index f1690734..00000000 --- a/charts/lagoon-insights-remote/templates/deployment.yaml +++ /dev/null @@ -1,67 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "lagoon-insights-remote.fullname" . }} - labels: - {{- include "lagoon-insights-remote.labels" . | nindent 4 }} -spec: - {{- if not .Values.autoscaling.enabled }} - replicas: {{ .Values.replicaCount }} - {{- end }} - selector: - matchLabels: - {{- include "lagoon-insights-remote.selectorLabels" . | nindent 6 }} - template: - metadata: - {{- with .Values.podAnnotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "lagoon-insights-remote.selectorLabels" . | nindent 8 }} - spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "lagoon-insights-remote.serviceAccountName" . }} - securityContext: - {{- toYaml .Values.podSecurityContext | nindent 8 }} - containers: - - name: {{ .Chart.Name }} - securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - env: - {{- if .Values.burnAfterReading }} - - name: BURN_AFTER_READING - value: "TRUE" - {{- end }} - - name: RABBITMQ_ADDRESS - value: {{ required "A valid .Values.rabbitMQHostname required!" .Values.rabbitMQHostname | quote }} - - name: RABBITMQ_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "lagoon-insights-remote.fullname" . }}-rabbitmqsecret - key: password - - name: RABBITMQ_USERNAME - valueFrom: - secretKeyRef: - name: {{ include "lagoon-insights-remote.fullname" . }}-rabbitmqsecret - key: username - resources: - {{- toYaml .Values.resources | nindent 12 }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - \ No newline at end of file diff --git a/charts/lagoon-insights-remote/templates/secrets.yaml b/charts/lagoon-insights-remote/templates/secrets.yaml deleted file mode 100644 index 7709090e..00000000 --- a/charts/lagoon-insights-remote/templates/secrets.yaml +++ /dev/null @@ -1,10 +0,0 @@ -{{- if .Values.rabbitMQPassword }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "lagoon-insights-remote.fullname" . }}-rabbitmqsecret -type: kubernetes.io/basic-auth -stringData: - username: {{ required "A valid .Values.rabbitMQUsername required!" .Values.rabbitMQUsername | quote }} - password: {{ required "A valid .Values.rabbitMQPassword required!" .Values.rabbitMQPassword | quote }} -{{- end }} \ No newline at end of file diff --git a/charts/lagoon-insights-remote/templates/serviceaccount.yaml b/charts/lagoon-insights-remote/templates/serviceaccount.yaml deleted file mode 100644 index aa3b2d10..00000000 --- a/charts/lagoon-insights-remote/templates/serviceaccount.yaml +++ /dev/null @@ -1,12 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "lagoon-insights-remote.serviceAccountName" . }} - labels: - {{- include "lagoon-insights-remote.labels" . | nindent 4 }} - {{- with .Values.serviceAccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -{{- end }} diff --git a/charts/lagoon-insights-remote/values.yaml b/charts/lagoon-insights-remote/values.yaml deleted file mode 100644 index 6e5dbc8b..00000000 --- a/charts/lagoon-insights-remote/values.yaml +++ /dev/null @@ -1,82 +0,0 @@ -rabbitMQHostname: "" -rabbitMQPassword: "" -rabbitMQUsername: "" -# sets insights configMaps to be removed after being processed -burnAfterReading: true - -replicaCount: 1 - -image: - repository: uselagoon/insights-remote - pullPolicy: Always - # Overrides the image tag whose default is the chart appVersion. - tag: "" - -imagePullSecrets: [] -nameOverride: "" -fullnameOverride: "" - -serviceAccount: - # Specifies whether a service account should be created - create: true - # Annotations to add to the service account - annotations: {} - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: "" - -podAnnotations: {} - -podSecurityContext: {} - # fsGroup: 2000 - -securityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 -# service: -# type: ClusterIP -# port: 80 -# ingress: -# enabled: false -# className: "" -# annotations: {} -# # kubernetes.io/ingress.class: nginx -# # kubernetes.io/tls-acme: "true" -# hosts: -# - host: chart-example.local -# paths: -# - path: / -# pathType: ImplementationSpecific -# tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - -autoscaling: - enabled: false - minReplicas: 1 - maxReplicas: 100 - targetCPUUtilizationPercentage: 80 - # targetMemoryUtilizationPercentage: 80 - -nodeSelector: {} - -tolerations: [] - -affinity: {} diff --git a/charts/lagoon-remote/Chart.lock b/charts/lagoon-remote/Chart.lock index 209f913d..da13f7b9 100644 --- a/charts/lagoon-remote/Chart.lock +++ b/charts/lagoon-remote/Chart.lock @@ -8,11 +8,8 @@ dependencies: - name: dbaas-operator repository: https://amazeeio.github.io/charts/ version: 0.3.0 -# - name: lagoon-insights-remote -# repository: https://uselagoon.github.io/lagoon-charts/ -# version: 0.2.1 - name: nats repository: https://nats-io.github.io/k8s/helm/charts/ version: 0.18.2 -digest: sha256:9b96ce17cd70d6530d5bbbaa6a3de8f5a6f3f3130b8650c8bcaf4e2ec06eca40 -generated: "2022-11-12T10:38:41.332054599+11:00" +digest: sha256:07221e1170df6092501b029e7fc3ae6698b191883cdf1db1bb50e54a02477c2c +generated: "2022-11-17T13:14:00.077328865+11:00" diff --git a/charts/lagoon-remote/Chart.yaml b/charts/lagoon-remote/Chart.yaml index 15d86aa3..229a0a32 100644 --- a/charts/lagoon-remote/Chart.yaml +++ b/charts/lagoon-remote/Chart.yaml @@ -34,10 +34,6 @@ dependencies: version: ~0.3.0 repository: https://amazeeio.github.io/charts/ condition: dbaas-operator.enabled -# - name: lagoon-insights-remote -# version: ~0.2.0 -# repository: https://uselagoon.github.io/lagoon-charts/ -# condition: lagoon-insights-remote.enabled - name: nats version: ~0.18.0 repository: https://nats-io.github.io/k8s/helm/charts/ diff --git a/charts/lagoon-remote/templates/insights-remote.deployment.yaml b/charts/lagoon-remote/templates/insights-remote.deployment.yaml index 79e9eeee..d12a9817 100644 --- a/charts/lagoon-remote/templates/insights-remote.deployment.yaml +++ b/charts/lagoon-remote/templates/insights-remote.deployment.yaml @@ -32,7 +32,7 @@ spec: - name: insights-remote securityContext: {{- toYaml .Values.insightsRemote.securityContext | nindent 12 }} - image: "{{ .Values.insightsRemote.image.repository }}:{{ .Values.insightsRemote.image.tag | default .Chart.AppVersion }}" + image: "{{ .Values.insightsRemote.image.repository }}:{{ coalesce .Values.insightsRemote.image.tag .Values.imageTag "latest" }}" imagePullPolicy: {{ .Values.insightsRemote.image.pullPolicy }} env: {{- if .Values.insightsRemote.burnAfterReading }} diff --git a/charts/lagoon-remote/values.yaml b/charts/lagoon-remote/values.yaml index 2573f179..a0ed9109 100644 --- a/charts/lagoon-remote/values.yaml +++ b/charts/lagoon-remote/values.yaml @@ -196,6 +196,7 @@ dbaasHTTPEndpoint: "" # burnAfterReading: false insightsRemote: + enabled: false rabbitMQHostname: "" rabbitMQPassword: "" rabbitMQUsername: "" @@ -208,7 +209,7 @@ insightsRemote: repository: uselagoon/insights-remote pullPolicy: Always # Overrides the image tag whose default is the chart appVersion. - tag: "" + tag: "v0.0.4" imagePullSecrets: [] nameOverride: "" From e808c4583ccfdfd0dd58be2afa419f12ac42aca9 Mon Sep 17 00:00:00 2001 From: Chris Date: Tue, 22 Nov 2022 17:35:55 +1100 Subject: [PATCH 046/167] Converted to Global Values --- charts/lagoon-build-deploy/Chart.yaml | 7 +++---- .../lagoon-build-deploy/templates/deployment.yaml | 4 +++- charts/lagoon-build-deploy/templates/secret.yaml | 7 +++++-- charts/lagoon-remote/Chart.yaml | 6 ++++-- charts/lagoon-remote/ci/linter-values.yaml | 15 ++++----------- .../templates/insights-remote.deployment.yaml | 5 ++++- .../templates/insights-remote.secrets.yaml | 10 ++++++---- .../templates/storage-calculator.deployment.yaml | 5 ++++- .../templates/storage-calculator.secret.yaml | 8 ++++++-- charts/lagoon-remote/values.yaml | 12 +++--------- 10 files changed, 42 insertions(+), 37 deletions(-) diff --git a/charts/lagoon-build-deploy/Chart.yaml b/charts/lagoon-build-deploy/Chart.yaml index b4609c2d..3b13bfd3 100644 --- a/charts/lagoon-build-deploy/Chart.yaml +++ b/charts/lagoon-build-deploy/Chart.yaml @@ -16,13 +16,12 @@ kubeVersion: ">= 1.19.0-0" type: application -version: 0.17.0 +version: 0.18.0 appVersion: v0.7.0 annotations: artifacthub.io/changes: | - kind: changed - description: Bumped remote-controller to v0.7.0. - - kind: added - description: Configuration items for build and task pod timeouts + description: Convert to Global values + \ No newline at end of file diff --git a/charts/lagoon-build-deploy/templates/deployment.yaml b/charts/lagoon-build-deploy/templates/deployment.yaml index b8b15583..201e4754 100644 --- a/charts/lagoon-build-deploy/templates/deployment.yaml +++ b/charts/lagoon-build-deploy/templates/deployment.yaml @@ -1,3 +1,5 @@ +{{- $rabbitMQHostname := coalesce (.Values.global).rabbitMQHostname .Values.rabbitMQHostname }} + apiVersion: apps/v1 kind: Deployment metadata: @@ -227,7 +229,7 @@ spec: - name: PENDING_MESSAGE_CRON value: {{ .Values.pendingMessageCron | quote }} - name: RABBITMQ_HOSTNAME - value: {{ required "A valid .Values.rabbitMQHostname required!" .Values.rabbitMQHostname | quote }} + value: {{ required "A valid rabbitMQHostname required!" $rabbitMQHostname | quote }} - name: RABBITMQ_PASSWORD valueFrom: secretKeyRef: diff --git a/charts/lagoon-build-deploy/templates/secret.yaml b/charts/lagoon-build-deploy/templates/secret.yaml index eb16b0b5..b1b2c502 100644 --- a/charts/lagoon-build-deploy/templates/secret.yaml +++ b/charts/lagoon-build-deploy/templates/secret.yaml @@ -1,3 +1,6 @@ +{{- $rabbitMQUsername := coalesce (.Values.global).rabbitMQUsername .Values.rabbitMQUsername }} +{{- $rabbitMQPassword := coalesce (.Values.global).rabbitMQPassword .Values.rabbitMQPassword }} + apiVersion: v1 kind: Secret type: Opaque @@ -6,5 +9,5 @@ metadata: labels: {{- include "lagoon-build-deploy.labels" . | nindent 4 }} stringData: - RABBITMQ_PASSWORD: {{ required "A valid .Values.rabbitMQPassword required!" .Values.rabbitMQPassword | quote }} - RABBITMQ_USERNAME: {{ required "A valid .Values.rabbitMQUsername required!" .Values.rabbitMQUsername | quote }} + RABBITMQ_PASSWORD: {{ required "A valid rabbitMQPassword required!" $rabbitMQPassword | quote }} + RABBITMQ_USERNAME: {{ required "A valid rabbitMQUsername required!" $rabbitMQUsername | quote }} diff --git a/charts/lagoon-remote/Chart.yaml b/charts/lagoon-remote/Chart.yaml index 229a0a32..8a25cf6a 100644 --- a/charts/lagoon-remote/Chart.yaml +++ b/charts/lagoon-remote/Chart.yaml @@ -19,7 +19,7 @@ type: application # This is the chart version. This version number should be incremented each # time you make changes to the chart and its templates, including the app # version. -version: 0.67.0 +version: 0.69.0 dependencies: - name: lagoon-build-deploy @@ -45,4 +45,6 @@ dependencies: annotations: artifacthub.io/changes: | - kind: changed - description: Bumped lagoon-build-deploy to v0.17.0. + description: Converted to Global variables. + - kind: added + description: Included Insights Remote instead of subchart. diff --git a/charts/lagoon-remote/ci/linter-values.yaml b/charts/lagoon-remote/ci/linter-values.yaml index f300f1aa..b7e0cb66 100644 --- a/charts/lagoon-remote/ci/linter-values.yaml +++ b/charts/lagoon-remote/ci/linter-values.yaml @@ -1,8 +1,10 @@ -lagoon-build-deploy: - enabled: true +global: rabbitMQUsername: lagoon rabbitMQPassword: ci rabbitMQHostname: lagoon-core-broker + +lagoon-build-deploy: + enabled: true lagoonTargetName: ci-local-control-k8s taskSSHHost: lagoon-core-ssh.lagoon.svc taskSSHPort: 2020 @@ -21,12 +23,6 @@ dbaas-operator: insightsRemote: enabled: true - rabbitMQUsername: lagoon - rabbitMQPassword: ci - rabbitMQHostname: lagoon-core-broker - # rabbitMQHostname: "messagebroker" - # rabbitMQPassword: "password" - # rabbitMQUsername: "user" mxoutHost: mxout1.example.com @@ -98,6 +94,3 @@ sshPortal: storageCalculator: enabled: true - rabbitMQUsername: lagoon - rabbitMQPassword: ci - rabbitMQHostname: lagoon-core-broker diff --git a/charts/lagoon-remote/templates/insights-remote.deployment.yaml b/charts/lagoon-remote/templates/insights-remote.deployment.yaml index d12a9817..e450ae32 100644 --- a/charts/lagoon-remote/templates/insights-remote.deployment.yaml +++ b/charts/lagoon-remote/templates/insights-remote.deployment.yaml @@ -1,4 +1,7 @@ {{- if .Values.insightsRemote.enabled -}} + +{{- $rabbitMQHostname := coalesce .Values.global.rabbitMQHostname .Values.insightsRemote.rabbitMQHostname }} + apiVersion: apps/v1 kind: Deployment metadata: @@ -40,7 +43,7 @@ spec: value: "TRUE" {{- end }} - name: RABBITMQ_ADDRESS - value: {{ required "A valid .Values.insightsRemote.rabbitMQHostname required!" .Values.insightsRemote.rabbitMQHostname | quote }} + value: {{ required "A valid rabbitMQHostname required!" $rabbitMQHostname | quote }} - name: RABBITMQ_PASSWORD valueFrom: secretKeyRef: diff --git a/charts/lagoon-remote/templates/insights-remote.secrets.yaml b/charts/lagoon-remote/templates/insights-remote.secrets.yaml index 81d8aa2e..c018d9ce 100644 --- a/charts/lagoon-remote/templates/insights-remote.secrets.yaml +++ b/charts/lagoon-remote/templates/insights-remote.secrets.yaml @@ -1,12 +1,14 @@ {{- if .Values.insightsRemote.enabled -}} -{{- if .Values.insightsRemote.rabbitMQPassword }} + +{{- $rabbitMQUsername := coalesce .Values.global.rabbitMQUsername .Values.insightsRemote.rabbitMQUsername }} +{{- $rabbitMQPassword := coalesce .Values.global.rabbitMQPassword .Values.insightsRemote.rabbitMQPassword }} + apiVersion: v1 kind: Secret metadata: name: {{ include "lagoon-remote.insightsRemote.fullname" . }}-rabbitmqsecret type: kubernetes.io/basic-auth stringData: - username: {{ required "A valid .Values.insightsRemote.rabbitMQUsername required!" .Values.insightsRemote.rabbitMQUsername | quote }} - password: {{ required "A valid .Values.insightsRemote.rabbitMQPassword required!" .Values.insightsRemote.rabbitMQPassword | quote }} -{{- end }} + username: {{ required "A valid rabbitMQUsername required!" $rabbitMQUsername | quote }} + password: {{ required "A valid rabbitMQPassword required!" $rabbitMQPassword | quote }} {{- end }} \ No newline at end of file diff --git a/charts/lagoon-remote/templates/storage-calculator.deployment.yaml b/charts/lagoon-remote/templates/storage-calculator.deployment.yaml index 8326a84a..f4cc3ecf 100644 --- a/charts/lagoon-remote/templates/storage-calculator.deployment.yaml +++ b/charts/lagoon-remote/templates/storage-calculator.deployment.yaml @@ -1,4 +1,7 @@ {{- if .Values.storageCalculator.enabled -}} + +{{- $rabbitMQHostname := coalesce .Values.global.rabbitMQHostname .Values.storageCalculator.rabbitMQHostname }} + apiVersion: apps/v1 kind: Deployment metadata: @@ -50,7 +53,7 @@ spec: value: {{ . | quote }} {{- end }} - name: RABBITMQ_HOSTNAME - value: {{ required "A valid .Values.storageCalculator.rabbitMQHostname required!" .Values.storageCalculator.rabbitMQHostname | quote }} + value: {{ required "A valid rabbitMQHostname required!" $rabbitMQHostname | quote }} - name: RABBITMQ_PASSWORD valueFrom: secretKeyRef: diff --git a/charts/lagoon-remote/templates/storage-calculator.secret.yaml b/charts/lagoon-remote/templates/storage-calculator.secret.yaml index 444061fe..e218b73b 100644 --- a/charts/lagoon-remote/templates/storage-calculator.secret.yaml +++ b/charts/lagoon-remote/templates/storage-calculator.secret.yaml @@ -1,4 +1,8 @@ {{- if .Values.storageCalculator.enabled -}} + +{{- $rabbitMQUsername := coalesce .Values.global.rabbitMQUsername .Values.storageCalculator.rabbitMQUsername }} +{{- $rabbitMQPassword := coalesce .Values.global.rabbitMQPassword .Values.storageCalculator.rabbitMQPassword }} + apiVersion: v1 kind: Secret type: Opaque @@ -7,6 +11,6 @@ metadata: labels: {{- include "lagoon-remote.storageCalculator.labels" . | nindent 4 }} stringData: - RABBITMQ_PASSWORD: {{ required "A valid .Values.storageCalculator.rabbitMQPassword required!" .Values.storageCalculator.rabbitMQPassword | quote }} - RABBITMQ_USERNAME: {{ required "A valid .Values.storageCalculator.rabbitMQUsername required!" .Values.storageCalculator.rabbitMQUsername | quote }} + RABBITMQ_PASSWORD: {{ required "A valid rabbitMQPassword required!" $rabbitMQPassword | quote }} + RABBITMQ_USERNAME: {{ required "A valid rabbitMQUsername required!" $rabbitMQUsername | quote }} {{- end }} \ No newline at end of file diff --git a/charts/lagoon-remote/values.yaml b/charts/lagoon-remote/values.yaml index a0ed9109..c2c04ee9 100644 --- a/charts/lagoon-remote/values.yaml +++ b/charts/lagoon-remote/values.yaml @@ -4,6 +4,9 @@ global: # set to true to enable openshift support openshift: false + rabbitMQUsername: "" + rabbitMQPassword: "" + rabbitMQHostname: "" imagePullSecrets: [] @@ -161,9 +164,6 @@ lagoon-build-deploy: enabled: false # these values are used by the lagoon-build-deploy controller and do not have # sensible defaults. - # rabbitMQUsername: - # rabbitMQPassword: - # rabbitMQHostname: # lagoonTargetName: # taskSSHHost: "" # taskSSHPort: "" @@ -197,9 +197,6 @@ dbaasHTTPEndpoint: "" insightsRemote: enabled: false - rabbitMQHostname: "" - rabbitMQPassword: "" - rabbitMQUsername: "" # sets insights configMaps to be removed after being processed burnAfterReading: true @@ -345,9 +342,6 @@ storageCalculator: # If not set and create is true, a name is generated using the fullname # template name: - rabbitMQHostname: "" - rabbitMQPassword: "" - rabbitMQUsername: "" image: repository: uselagoon/remote-calculator From 3c4a1da934ca8ab9164206d6238cbb7ec86f94ec Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Wed, 23 Nov 2022 07:49:04 +1100 Subject: [PATCH 047/167] deprecate chart --- charts/lagoon-insights-remote/Chart.yaml | 14 ++++++-------- charts/lagoon-insights-remote/README.md | 6 ++---- 2 files changed, 8 insertions(+), 12 deletions(-) diff --git a/charts/lagoon-insights-remote/Chart.yaml b/charts/lagoon-insights-remote/Chart.yaml index 923f642d..37904b0a 100644 --- a/charts/lagoon-insights-remote/Chart.yaml +++ b/charts/lagoon-insights-remote/Chart.yaml @@ -1,13 +1,11 @@ apiVersion: v2 name: lagoon-insights-remote -description: A Helm chart for Lagoon remote insights +description: DEPRECATED A Helm chart for Lagoon remote insights home: https://github.com/uselagoon/lagoon-charts icon: https://raw.githubusercontent.com/uselagoon/lagoon-charts/main/icon.png -maintainers: -- name: bomoko - email: blaize.kaye@amazee.io - url: https://amazee.io kubeVersion: ">= 1.19.0-0" +# This sub-chart has been deprecated and will be replaced by a service in lagoon-remote +deprecated: true # A chart can be either an 'application' or a 'library' chart. # @@ -22,7 +20,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.2.1 +version: 0.2.2 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -32,5 +30,5 @@ appVersion: v0.0.3 annotations: artifacthub.io/changes: | - - kind: added - description: Added README.md to explain purpose + - kind: deprecated + description: This chart has been deprecated diff --git a/charts/lagoon-insights-remote/README.md b/charts/lagoon-insights-remote/README.md index ec37a821..73428974 100644 --- a/charts/lagoon-insights-remote/README.md +++ b/charts/lagoon-insights-remote/README.md @@ -1,5 +1,3 @@ -# Lagoon Insights Remote +# DEPRECATED Lagoon Insights Remote -This chart is currently consumed as a sub-chart of Lagoon Remote, but the service will instead be added as an optional in a coming release. - -Only install this chart as a sub-chart of Lagoon-Remote, it serves no functionality without it, and will be deprecated once the service is included. \ No newline at end of file +This chart was originally consumed as a sub-chart of Lagoon Remote, but the service has instead been added as an optional service in a coming release. From 03ea83daacbed6858e4e7c89046fd65704e4691a Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Wed, 23 Nov 2022 10:00:54 +1100 Subject: [PATCH 048/167] reinstate deprecated lagoon-insights-remote chart --- charts/lagoon-insights-remote/Chart.yaml | 34 ++++++++ charts/lagoon-insights-remote/README.md | 3 + .../ci/linter-values.yaml | 3 + .../templates/NOTES.txt | 1 + .../templates/_helpers.tpl | 62 ++++++++++++++ .../templates/clusterrole.yaml | 13 +++ .../templates/clusterrolebinding.yaml | 12 +++ .../templates/deployment.yaml | 67 +++++++++++++++ .../templates/secrets.yaml | 10 +++ .../templates/serviceaccount.yaml | 12 +++ charts/lagoon-insights-remote/values.yaml | 82 +++++++++++++++++++ 11 files changed, 299 insertions(+) create mode 100644 charts/lagoon-insights-remote/Chart.yaml create mode 100644 charts/lagoon-insights-remote/README.md create mode 100644 charts/lagoon-insights-remote/ci/linter-values.yaml create mode 100644 charts/lagoon-insights-remote/templates/NOTES.txt create mode 100644 charts/lagoon-insights-remote/templates/_helpers.tpl create mode 100644 charts/lagoon-insights-remote/templates/clusterrole.yaml create mode 100644 charts/lagoon-insights-remote/templates/clusterrolebinding.yaml create mode 100644 charts/lagoon-insights-remote/templates/deployment.yaml create mode 100644 charts/lagoon-insights-remote/templates/secrets.yaml create mode 100644 charts/lagoon-insights-remote/templates/serviceaccount.yaml create mode 100644 charts/lagoon-insights-remote/values.yaml diff --git a/charts/lagoon-insights-remote/Chart.yaml b/charts/lagoon-insights-remote/Chart.yaml new file mode 100644 index 00000000..37904b0a --- /dev/null +++ b/charts/lagoon-insights-remote/Chart.yaml @@ -0,0 +1,34 @@ +apiVersion: v2 +name: lagoon-insights-remote +description: DEPRECATED A Helm chart for Lagoon remote insights +home: https://github.com/uselagoon/lagoon-charts +icon: https://raw.githubusercontent.com/uselagoon/lagoon-charts/main/icon.png +kubeVersion: ">= 1.19.0-0" +# This sub-chart has been deprecated and will be replaced by a service in lagoon-remote +deprecated: true + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.2.2 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: v0.0.3 + +annotations: + artifacthub.io/changes: | + - kind: deprecated + description: This chart has been deprecated diff --git a/charts/lagoon-insights-remote/README.md b/charts/lagoon-insights-remote/README.md new file mode 100644 index 00000000..73428974 --- /dev/null +++ b/charts/lagoon-insights-remote/README.md @@ -0,0 +1,3 @@ +# DEPRECATED Lagoon Insights Remote + +This chart was originally consumed as a sub-chart of Lagoon Remote, but the service has instead been added as an optional service in a coming release. diff --git a/charts/lagoon-insights-remote/ci/linter-values.yaml b/charts/lagoon-insights-remote/ci/linter-values.yaml new file mode 100644 index 00000000..33b242f8 --- /dev/null +++ b/charts/lagoon-insights-remote/ci/linter-values.yaml @@ -0,0 +1,3 @@ +rabbitMQHostname: "messagebroker" +rabbitMQPassword: "password" +rabbitMQUsername: "user" diff --git a/charts/lagoon-insights-remote/templates/NOTES.txt b/charts/lagoon-insights-remote/templates/NOTES.txt new file mode 100644 index 00000000..59723d5f --- /dev/null +++ b/charts/lagoon-insights-remote/templates/NOTES.txt @@ -0,0 +1 @@ +Lagoon Insights Remote is installed. \ No newline at end of file diff --git a/charts/lagoon-insights-remote/templates/_helpers.tpl b/charts/lagoon-insights-remote/templates/_helpers.tpl new file mode 100644 index 00000000..2eefc33c --- /dev/null +++ b/charts/lagoon-insights-remote/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "lagoon-insights-remote.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "lagoon-insights-remote.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "lagoon-insights-remote.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "lagoon-insights-remote.labels" -}} +helm.sh/chart: {{ include "lagoon-insights-remote.chart" . }} +{{ include "lagoon-insights-remote.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "lagoon-insights-remote.selectorLabels" -}} +app.kubernetes.io/name: {{ include "lagoon-insights-remote.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "lagoon-insights-remote.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "lagoon-insights-remote.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/charts/lagoon-insights-remote/templates/clusterrole.yaml b/charts/lagoon-insights-remote/templates/clusterrole.yaml new file mode 100644 index 00000000..cefad383 --- /dev/null +++ b/charts/lagoon-insights-remote/templates/clusterrole.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "lagoon-insights-remote.fullname" . }}-manager + labels: + {{- include "lagoon-insights-remote.labels" . | nindent 4 }} +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - "*" \ No newline at end of file diff --git a/charts/lagoon-insights-remote/templates/clusterrolebinding.yaml b/charts/lagoon-insights-remote/templates/clusterrolebinding.yaml new file mode 100644 index 00000000..0a4cc013 --- /dev/null +++ b/charts/lagoon-insights-remote/templates/clusterrolebinding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "lagoon-insights-remote.fullname" . }}-manager +subjects: +- kind: ServiceAccount + name: {{ include "lagoon-insights-remote.serviceAccountName" . }} + namespace: {{ .Release.Namespace | quote }} +roleRef: + kind: ClusterRole + name: {{ include "lagoon-insights-remote.fullname" . }}-manager + apiGroup: rbac.authorization.k8s.io \ No newline at end of file diff --git a/charts/lagoon-insights-remote/templates/deployment.yaml b/charts/lagoon-insights-remote/templates/deployment.yaml new file mode 100644 index 00000000..f1690734 --- /dev/null +++ b/charts/lagoon-insights-remote/templates/deployment.yaml @@ -0,0 +1,67 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "lagoon-insights-remote.fullname" . }} + labels: + {{- include "lagoon-insights-remote.labels" . | nindent 4 }} +spec: + {{- if not .Values.autoscaling.enabled }} + replicas: {{ .Values.replicaCount }} + {{- end }} + selector: + matchLabels: + {{- include "lagoon-insights-remote.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "lagoon-insights-remote.selectorLabels" . | nindent 8 }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "lagoon-insights-remote.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + env: + {{- if .Values.burnAfterReading }} + - name: BURN_AFTER_READING + value: "TRUE" + {{- end }} + - name: RABBITMQ_ADDRESS + value: {{ required "A valid .Values.rabbitMQHostname required!" .Values.rabbitMQHostname | quote }} + - name: RABBITMQ_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "lagoon-insights-remote.fullname" . }}-rabbitmqsecret + key: password + - name: RABBITMQ_USERNAME + valueFrom: + secretKeyRef: + name: {{ include "lagoon-insights-remote.fullname" . }}-rabbitmqsecret + key: username + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + \ No newline at end of file diff --git a/charts/lagoon-insights-remote/templates/secrets.yaml b/charts/lagoon-insights-remote/templates/secrets.yaml new file mode 100644 index 00000000..7709090e --- /dev/null +++ b/charts/lagoon-insights-remote/templates/secrets.yaml @@ -0,0 +1,10 @@ +{{- if .Values.rabbitMQPassword }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "lagoon-insights-remote.fullname" . }}-rabbitmqsecret +type: kubernetes.io/basic-auth +stringData: + username: {{ required "A valid .Values.rabbitMQUsername required!" .Values.rabbitMQUsername | quote }} + password: {{ required "A valid .Values.rabbitMQPassword required!" .Values.rabbitMQPassword | quote }} +{{- end }} \ No newline at end of file diff --git a/charts/lagoon-insights-remote/templates/serviceaccount.yaml b/charts/lagoon-insights-remote/templates/serviceaccount.yaml new file mode 100644 index 00000000..aa3b2d10 --- /dev/null +++ b/charts/lagoon-insights-remote/templates/serviceaccount.yaml @@ -0,0 +1,12 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "lagoon-insights-remote.serviceAccountName" . }} + labels: + {{- include "lagoon-insights-remote.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/lagoon-insights-remote/values.yaml b/charts/lagoon-insights-remote/values.yaml new file mode 100644 index 00000000..6e5dbc8b --- /dev/null +++ b/charts/lagoon-insights-remote/values.yaml @@ -0,0 +1,82 @@ +rabbitMQHostname: "" +rabbitMQPassword: "" +rabbitMQUsername: "" +# sets insights configMaps to be removed after being processed +burnAfterReading: true + +replicaCount: 1 + +image: + repository: uselagoon/insights-remote + pullPolicy: Always + # Overrides the image tag whose default is the chart appVersion. + tag: "" + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 +# service: +# type: ClusterIP +# port: 80 +# ingress: +# enabled: false +# className: "" +# annotations: {} +# # kubernetes.io/ingress.class: nginx +# # kubernetes.io/tls-acme: "true" +# hosts: +# - host: chart-example.local +# paths: +# - path: / +# pathType: ImplementationSpecific +# tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +nodeSelector: {} + +tolerations: [] + +affinity: {} From 6cfcf155cca9318004ea2820a2049576fccebadd Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Wed, 23 Nov 2022 10:02:31 +1100 Subject: [PATCH 049/167] add null global to lagoon-build-deploy chart --- charts/lagoon-build-deploy/values.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/charts/lagoon-build-deploy/values.yaml b/charts/lagoon-build-deploy/values.yaml index fe445976..ced8a736 100644 --- a/charts/lagoon-build-deploy/values.yaml +++ b/charts/lagoon-build-deploy/values.yaml @@ -1,4 +1,5 @@ # the following values are requried and have no sensible default +global: {} lagoonTargetName: "" rabbitMQHostname: "" From 7b485f16129b746403ce70c64946cbff1567c39c Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Wed, 23 Nov 2022 10:23:53 +1100 Subject: [PATCH 050/167] lint/ci fixes --- charts/lagoon-build-deploy/Chart.yaml | 1 - charts/lagoon-remote/ci/linter-values.yaml | 4 ++++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/charts/lagoon-build-deploy/Chart.yaml b/charts/lagoon-build-deploy/Chart.yaml index 3b13bfd3..d2fa3a73 100644 --- a/charts/lagoon-build-deploy/Chart.yaml +++ b/charts/lagoon-build-deploy/Chart.yaml @@ -24,4 +24,3 @@ annotations: artifacthub.io/changes: | - kind: changed description: Convert to Global values - \ No newline at end of file diff --git a/charts/lagoon-remote/ci/linter-values.yaml b/charts/lagoon-remote/ci/linter-values.yaml index b7e0cb66..9c7e7d9d 100644 --- a/charts/lagoon-remote/ci/linter-values.yaml +++ b/charts/lagoon-remote/ci/linter-values.yaml @@ -9,6 +9,10 @@ lagoon-build-deploy: taskSSHHost: lagoon-core-ssh.lagoon.svc taskSSHPort: 2020 taskAPIHost: http://lagoon-core-api.lagoon.svc:80 + # remove on next release + rabbitMQUsername: lagoon + rabbitMQPassword: ci + rabbitMQHostname: lagoon-core-broker dockerHost: image: From 2913a9381976a7c56b2c393a70fee85ad0fbedf9 Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Wed, 23 Nov 2022 16:29:40 +1100 Subject: [PATCH 051/167] Updated lagoon-build-deploy sub-chart to v0.18.0 --- charts/lagoon-remote/Chart.lock | 6 +++--- charts/lagoon-remote/Chart.yaml | 8 +++----- 2 files changed, 6 insertions(+), 8 deletions(-) diff --git a/charts/lagoon-remote/Chart.lock b/charts/lagoon-remote/Chart.lock index da13f7b9..622f418d 100644 --- a/charts/lagoon-remote/Chart.lock +++ b/charts/lagoon-remote/Chart.lock @@ -1,7 +1,7 @@ dependencies: - name: lagoon-build-deploy repository: https://uselagoon.github.io/lagoon-charts/ - version: 0.17.0 + version: 0.18.0 - name: dioscuri repository: https://amazeeio.github.io/charts/ version: 0.4.1 @@ -11,5 +11,5 @@ dependencies: - name: nats repository: https://nats-io.github.io/k8s/helm/charts/ version: 0.18.2 -digest: sha256:07221e1170df6092501b029e7fc3ae6698b191883cdf1db1bb50e54a02477c2c -generated: "2022-11-17T13:14:00.077328865+11:00" +digest: sha256:20ad0e5df3c30e32d133f228812ee159747b57f63cc2d16a065b5e00cbc89b8f +generated: "2022-11-23T16:27:46.243226121+11:00" diff --git a/charts/lagoon-remote/Chart.yaml b/charts/lagoon-remote/Chart.yaml index 8a25cf6a..7c852949 100644 --- a/charts/lagoon-remote/Chart.yaml +++ b/charts/lagoon-remote/Chart.yaml @@ -19,11 +19,11 @@ type: application # This is the chart version. This version number should be incremented each # time you make changes to the chart and its templates, including the app # version. -version: 0.69.0 +version: 0.69.1 dependencies: - name: lagoon-build-deploy - version: ~0.17.0 + version: ~0.18.0 repository: https://uselagoon.github.io/lagoon-charts/ condition: lagoon-build-deploy.enabled - name: dioscuri @@ -45,6 +45,4 @@ dependencies: annotations: artifacthub.io/changes: | - kind: changed - description: Converted to Global variables. - - kind: added - description: Included Insights Remote instead of subchart. + description: Updated lagoon-build-deploy sub-chart to v0.18.0 From 0a209cf5b3dac086182a1dba80a9bbef0de1f98b Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Wed, 23 Nov 2022 16:31:35 +1100 Subject: [PATCH 052/167] Updated remote-calculator to v0.2.3 --- charts/lagoon-remote/Chart.yaml | 2 +- charts/lagoon-remote/values.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/lagoon-remote/Chart.yaml b/charts/lagoon-remote/Chart.yaml index 7c852949..a05e7862 100644 --- a/charts/lagoon-remote/Chart.yaml +++ b/charts/lagoon-remote/Chart.yaml @@ -45,4 +45,4 @@ dependencies: annotations: artifacthub.io/changes: | - kind: changed - description: Updated lagoon-build-deploy sub-chart to v0.18.0 + description: Updated remote-calculator to v0.2.3 diff --git a/charts/lagoon-remote/values.yaml b/charts/lagoon-remote/values.yaml index f14c53c6..265a8276 100644 --- a/charts/lagoon-remote/values.yaml +++ b/charts/lagoon-remote/values.yaml @@ -347,4 +347,4 @@ storageCalculator: repository: uselagoon/remote-calculator pullPolicy: IfNotPresent # Overrides the image tag whose default is the chart appVersion. - tag: v0.2.1 + tag: v0.2.3 From c6fbfce2fcc17c526b8f15467e1912c60969b2f6 Mon Sep 17 00:00:00 2001 From: shreddedbacon Date: Thu, 24 Nov 2022 11:09:50 +1100 Subject: [PATCH 053/167] chore: bump the remote-controller to latest version v0.7.2 --- charts/lagoon-build-deploy/Chart.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/lagoon-build-deploy/Chart.yaml b/charts/lagoon-build-deploy/Chart.yaml index d2fa3a73..32e39b3d 100644 --- a/charts/lagoon-build-deploy/Chart.yaml +++ b/charts/lagoon-build-deploy/Chart.yaml @@ -16,11 +16,11 @@ kubeVersion: ">= 1.19.0-0" type: application -version: 0.18.0 +version: 0.18.1 -appVersion: v0.7.0 +appVersion: v0.7.2 annotations: artifacthub.io/changes: | - kind: changed - description: Convert to Global values + description: bump remote-controller to v0.7.2 From 32e4e647d085be577183337a4dd5920c6ba12962 Mon Sep 17 00:00:00 2001 From: shreddedbacon Date: Thu, 24 Nov 2022 11:45:01 +1100 Subject: [PATCH 054/167] chore: bump lagoon-build-deploy to version v0.18.1 chore: bump nats to v0.18.3 --- charts/lagoon-core/Chart.lock | 6 +++--- charts/lagoon-core/Chart.yaml | 4 ++-- charts/lagoon-remote/Chart.lock | 8 ++++---- charts/lagoon-remote/Chart.yaml | 6 ++++-- 4 files changed, 13 insertions(+), 11 deletions(-) diff --git a/charts/lagoon-core/Chart.lock b/charts/lagoon-core/Chart.lock index 772ee5db..f404f187 100644 --- a/charts/lagoon-core/Chart.lock +++ b/charts/lagoon-core/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: nats repository: https://nats-io.github.io/k8s/helm/charts/ - version: 0.18.2 -digest: sha256:07111301495aa6b86b973b797eda1a333728dbebd2626c54bd935cca43a20dc4 -generated: "2022-11-09T13:25:35.196455291+11:00" + version: 0.18.3 +digest: sha256:23ec68e1604f1b9f90bd9571e7e17c6101524be61b304de03f378a31a6c55fbd +generated: "2022-11-24T11:53:36.184266854+11:00" diff --git a/charts/lagoon-core/Chart.yaml b/charts/lagoon-core/Chart.yaml index a2eb646c..7be64f9f 100644 --- a/charts/lagoon-core/Chart.yaml +++ b/charts/lagoon-core/Chart.yaml @@ -21,7 +21,7 @@ type: application # time you make changes to the chart and its templates, including the app # version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 1.15.0 +version: 1.15.1 # This is the version number of the application being deployed. This version # number should be incremented each time you make changes to the application. @@ -41,4 +41,4 @@ dependencies: annotations: artifacthub.io/changes: | - kind: changed - description: Update ssh-portal-api to latest version. + description: Updated nats to v0.18.3 diff --git a/charts/lagoon-remote/Chart.lock b/charts/lagoon-remote/Chart.lock index 622f418d..70f738f7 100644 --- a/charts/lagoon-remote/Chart.lock +++ b/charts/lagoon-remote/Chart.lock @@ -1,7 +1,7 @@ dependencies: - name: lagoon-build-deploy repository: https://uselagoon.github.io/lagoon-charts/ - version: 0.18.0 + version: 0.18.1 - name: dioscuri repository: https://amazeeio.github.io/charts/ version: 0.4.1 @@ -10,6 +10,6 @@ dependencies: version: 0.3.0 - name: nats repository: https://nats-io.github.io/k8s/helm/charts/ - version: 0.18.2 -digest: sha256:20ad0e5df3c30e32d133f228812ee159747b57f63cc2d16a065b5e00cbc89b8f -generated: "2022-11-23T16:27:46.243226121+11:00" + version: 0.18.3 +digest: sha256:1018b08ca55534e25872062782c15d58d4ae03129374ce015e62306ce319b353 +generated: "2022-11-24T11:53:05.091683188+11:00" diff --git a/charts/lagoon-remote/Chart.yaml b/charts/lagoon-remote/Chart.yaml index a05e7862..e376816f 100644 --- a/charts/lagoon-remote/Chart.yaml +++ b/charts/lagoon-remote/Chart.yaml @@ -19,7 +19,7 @@ type: application # This is the chart version. This version number should be incremented each # time you make changes to the chart and its templates, including the app # version. -version: 0.69.1 +version: 0.69.2 dependencies: - name: lagoon-build-deploy @@ -45,4 +45,6 @@ dependencies: annotations: artifacthub.io/changes: | - kind: changed - description: Updated remote-calculator to v0.2.3 + description: Updated lagoon-build-deploy to v0.18.1 + - kind: changed + description: Updated nats to v0.18.3 From ad4e7356052b03571e2933735ddb69713600c194 Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Mon, 28 Nov 2022 08:19:52 +1100 Subject: [PATCH 055/167] lagoon-core v2.11.0 release (#506) Co-authored-by: shreddedbacon --- Makefile | 7 +- charts/lagoon-core/Chart.yaml | 12 ++- charts/lagoon-core/README.md | 2 - charts/lagoon-core/ci/linter-values.yaml | 13 +-- charts/lagoon-core/templates/_helpers.tpl | 60 -------------- .../lagoon-core/templates/api.deployment.yaml | 36 +++++++++ .../controllerhandler.deployment.yaml | 80 ------------------- .../storage-calculator.deployment.yaml | 63 --------------- charts/lagoon-core/values.yaml | 45 ----------- 9 files changed, 48 insertions(+), 270 deletions(-) delete mode 100644 charts/lagoon-core/templates/controllerhandler.deployment.yaml delete mode 100644 charts/lagoon-core/templates/storage-calculator.deployment.yaml diff --git a/Makefile b/Makefile index ad4d16bb..91189b13 100644 --- a/Makefile +++ b/Makefile @@ -189,7 +189,7 @@ install-lagoon-core: install-minio $$([ $(OPENSEARCH_INTEGRATION_ENABLED) ] && echo '--set api.additionalEnvs.OPENSEARCH_INTEGRATION_ENABLED=$(OPENSEARCH_INTEGRATION_ENABLED)') \ --set "keycloakAPIURL=http://lagoon-keycloak.$$($(KUBECTL) get nodes -o jsonpath='{.items[0].status.addresses[0].address}').nip.io:32080/auth" \ --set "lagoonAPIURL=http://lagoon-api.$$($(KUBECTL) get nodes -o jsonpath='{.items[0].status.addresses[0].address}').nip.io:32080/graphql" \ - --set actionsHandler.image.repository=$(IMAGE_REGISTRY)/actions-handler \ + --set actionsHandler.image.repository=$(IMAGE_REGISTRY)/actions-handler \ --set api.image.repository=$(IMAGE_REGISTRY)/api \ --set apiDB.image.repository=$(IMAGE_REGISTRY)/api-db \ --set apiRedis.image.repository=$(IMAGE_REGISTRY)/api-redis \ @@ -197,19 +197,16 @@ install-lagoon-core: install-minio --set autoIdler.enabled=false \ --set backupHandler.enabled=false \ --set broker.image.repository=$(IMAGE_REGISTRY)/broker \ - --set controllerhandler.image.repository=$(IMAGE_REGISTRY)/controllerhandler \ --set insightsHandler.enabled=false \ --set keycloak.image.repository=$(IMAGE_REGISTRY)/keycloak \ --set keycloakDB.image.repository=$(IMAGE_REGISTRY)/keycloak-db \ - --set logs2notifications.image.repository=testlagoon/logs2notifications \ - --set logs2notifications.image.tag=main \ + --set logs2notifications.image.repository=$(IMAGE_REGISTRY)/logs2notifications \ --set logs2notifications.email.disabled=true \ --set logs2notifications.microsoftteams.disabled=true \ --set logs2notifications.rocketchat.disabled=true \ --set logs2notifications.slack.disabled=true \ --set logs2notifications.webhooks.disabled=true \ --set ssh.image.repository=$(IMAGE_REGISTRY)/ssh \ - --set storageCalculator.enabled=false \ --set webhookHandler.image.repository=$(IMAGE_REGISTRY)/webhook-handler \ --set webhooks2tasks.image.repository=$(IMAGE_REGISTRY)/webhooks2tasks \ --set s3FilesAccessKeyID=lagoonFilesAccessKey \ diff --git a/charts/lagoon-core/Chart.yaml b/charts/lagoon-core/Chart.yaml index 7be64f9f..ff93c3d5 100644 --- a/charts/lagoon-core/Chart.yaml +++ b/charts/lagoon-core/Chart.yaml @@ -21,13 +21,13 @@ type: application # time you make changes to the chart and its templates, including the app # version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 1.15.1 +version: 1.16.0 # This is the version number of the application being deployed. This version # number should be incremented each time you make changes to the application. # Versions are not expected to follow Semantic Versioning. They should reflect # the version the application is using. -appVersion: v2.10.0 +appVersion: v2.11.0 dependencies: - name: nats @@ -40,5 +40,9 @@ dependencies: # Valid supported kinds are added, changed, deprecated, removed, fixed and security annotations: artifacthub.io/changes: | - - kind: changed - description: Updated nats to v0.18.3 + - kind: removed + description: controller-handler has been removed, it's functions are now in actions-handler + - kind: removed + description: storage-calculator is now handled in lagoon-remote + - kind: added + description: Support lagoon-core-api init container to migrate/populate database diff --git a/charts/lagoon-core/README.md b/charts/lagoon-core/README.md index db50dcbf..eb0451b2 100644 --- a/charts/lagoon-core/README.md +++ b/charts/lagoon-core/README.md @@ -23,8 +23,6 @@ logs2slack: enabled: false logs2webhook: enabled: false -storageCalculator: - enabled: false webhookHandler: enabled: false webhooks2tasks: diff --git a/charts/lagoon-core/ci/linter-values.yaml b/charts/lagoon-core/ci/linter-values.yaml index f64823d5..91f540f9 100644 --- a/charts/lagoon-core/ci/linter-values.yaml +++ b/charts/lagoon-core/ci/linter-values.yaml @@ -44,6 +44,7 @@ apiRedis: image: repository: uselagoon/api-redis +# TODO - update repo/tag before v2.11 release actionsHandler: replicaCount: 1 image: @@ -95,15 +96,10 @@ insightsHandler: repository: uselagoon/insights-handler tag: main -storageCalculator: - image: - repository: uselagoon/storage-calculator - logs2notifications: replicaCount: 1 image: - repository: testlagoon/logs2notifications - tag: main + repository: uselagoon/logs2notifications drushAlias: replicaCount: 1 @@ -122,11 +118,6 @@ sshPortalAPI: serviceMonitor: enabled: false -controllerhandler: - replicaCount: 1 - image: - repository: uselagoon/controllerhandler - imageTag: "" workflows: diff --git a/charts/lagoon-core/templates/_helpers.tpl b/charts/lagoon-core/templates/_helpers.tpl index 1a03d1e7..85bfa811 100644 --- a/charts/lagoon-core/templates/_helpers.tpl +++ b/charts/lagoon-core/templates/_helpers.tpl @@ -459,36 +459,6 @@ app.kubernetes.io/component: {{ include "lagoon-core.insightsHandler.fullname" . app.kubernetes.io/instance: {{ .Release.Name }} {{- end }} - -{{/* -Create a default fully qualified app name for storage-calculator. -*/}} -{{- define "lagoon-core.storageCalculator.fullname" -}} -{{- include "lagoon-core.fullname" . }}-storage-calculator -{{- end }} - -{{/* -Common labels storage-calculator. -*/}} -{{- define "lagoon-core.storageCalculator.labels" -}} -helm.sh/chart: {{ include "lagoon-core.chart" . }} -{{ include "lagoon-core.storageCalculator.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels storage-calculator. -*/}} -{{- define "lagoon-core.storageCalculator.selectorLabels" -}} -app.kubernetes.io/name: {{ include "lagoon-core.name" . }} -app.kubernetes.io/component: {{ include "lagoon-core.storageCalculator.fullname" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - - {{/* Create a default fully qualified app name for logs2notifications. */}} @@ -575,36 +545,6 @@ app.kubernetes.io/instance: {{ .Release.Name }} {{- end }} - -{{/* -Create a default fully qualified app name for controllerhandler. -*/}} -{{- define "lagoon-core.controllerhandler.fullname" -}} -{{- include "lagoon-core.fullname" . }}-controllerhandler -{{- end }} - -{{/* -Common labels controllerhandler. -*/}} -{{- define "lagoon-core.controllerhandler.labels" -}} -helm.sh/chart: {{ include "lagoon-core.chart" . }} -{{ include "lagoon-core.controllerhandler.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels controllerhandler. -*/}} -{{- define "lagoon-core.controllerhandler.selectorLabels" -}} -app.kubernetes.io/name: {{ include "lagoon-core.name" . }} -app.kubernetes.io/component: {{ include "lagoon-core.controllerhandler.fullname" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - - {{/* --- WORKFLOWS --- */}} diff --git a/charts/lagoon-core/templates/api.deployment.yaml b/charts/lagoon-core/templates/api.deployment.yaml index 87bfdd46..01ac6992 100644 --- a/charts/lagoon-core/templates/api.deployment.yaml +++ b/charts/lagoon-core/templates/api.deployment.yaml @@ -199,3 +199,39 @@ spec: tolerations: {{- toYaml . | nindent 8 }} {{- end }} + initContainers: + - name: api-init + args: + - ./node_modules/.bin/knex migrate:list --cwd /app/services/api/database; + ./node_modules/.bin/knex migrate:latest --cwd /app/services/api/database; + command: + - /bin/sh + - -c + securityContext: + {{- toYaml .Values.api.securityContext | nindent 10 }} + image: "{{ .Values.api.image.repository }}:{{ coalesce .Values.api.image.tag .Values.imageTag .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.api.image.pullPolicy }} + env: + - name: API_DB_HOST + value: {{ include "lagoon-core.apiDB.fullname" . }} + - name: API_DB_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "lagoon-core.apiDB.fullname" . }} + key: API_DB_PASSWORD + - name: LAGOON_VERSION + value: {{ .Chart.AppVersion | replace "-" "." }} + {{- range $key, $val := .Values.api.additionalEnvs }} + - name: {{ $key }} + value: {{ $val | quote }} + {{- end }} + resources: + {{- toYaml .Values.api.resources | nindent 10 }} + {{- with .Values.api.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.api.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/charts/lagoon-core/templates/controllerhandler.deployment.yaml b/charts/lagoon-core/templates/controllerhandler.deployment.yaml deleted file mode 100644 index df46db2f..00000000 --- a/charts/lagoon-core/templates/controllerhandler.deployment.yaml +++ /dev/null @@ -1,80 +0,0 @@ -{{- if .Values.controllerhandler.enabled -}} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "lagoon-core.controllerhandler.fullname" . }} - labels: - {{- include "lagoon-core.controllerhandler.labels" . | nindent 4 }} -spec: -{{- if not .Values.controllerhandler.autoscaling.enabled }} - replicas: {{ .Values.controllerhandler.replicaCount }} -{{- end }} - selector: - matchLabels: - {{- include "lagoon-core.controllerhandler.selectorLabels" . | nindent 6 }} - template: - metadata: - annotations: - checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} - checksum/broker.secret: {{ include (print $.Template.BasePath "/broker.secret.yaml") . | sha256sum }} - {{- with .Values.controllerhandler.podAnnotations }} - {{- toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "lagoon-core.controllerhandler.selectorLabels" . | nindent 8 }} - spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - securityContext: - {{- toYaml (coalesce .Values.controllerhandler.podSecurityContext .Values.podSecurityContext) | nindent 8 }} - containers: - - name: controllerhandler - securityContext: - {{- toYaml .Values.controllerhandler.securityContext | nindent 10 }} - image: "{{ .Values.controllerhandler.image.repository }}:{{ coalesce .Values.controllerhandler.image.tag .Values.imageTag .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.controllerhandler.image.pullPolicy }} - env: - - name: API_HOST - value: http://{{ include "lagoon-core.api.fullname" . }}:{{ .Values.api.service.port }} - - name: JWTSECRET - valueFrom: - secretKeyRef: - name: {{ include "lagoon-core.fullname" . }}-secrets - key: JWTSECRET - - name: LAGOON_VERSION - value: {{ .Chart.AppVersion | replace "-" "." }} - - name: RABBITMQ_HOST - value: {{ include "lagoon-core.broker.fullname" . }} - - name: RABBITMQ_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "lagoon-core.broker.fullname" . }} - key: RABBITMQ_PASSWORD - - name: RABBITMQ_USERNAME - valueFrom: - secretKeyRef: - name: {{ include "lagoon-core.broker.fullname" . }} - key: RABBITMQ_USERNAME - - name: REGISTRY - value: {{ required "A valid .Values.registry required!" .Values.registry | quote }} - {{- range $key, $val := .Values.controllerhandler.additionalEnvs }} - - name: {{ $key }} - value: {{ $val | quote }} - {{- end }} - resources: - {{- toYaml .Values.controllerhandler.resources | nindent 10 }} - {{- with .Values.controllerhandler.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.controllerhandler.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.controllerhandler.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} -{{- end }} diff --git a/charts/lagoon-core/templates/storage-calculator.deployment.yaml b/charts/lagoon-core/templates/storage-calculator.deployment.yaml deleted file mode 100644 index fa60d459..00000000 --- a/charts/lagoon-core/templates/storage-calculator.deployment.yaml +++ /dev/null @@ -1,63 +0,0 @@ -{{- if .Values.storageCalculator.enabled -}} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "lagoon-core.storageCalculator.fullname" . }} - labels: - {{- include "lagoon-core.storageCalculator.labels" . | nindent 4 }} -spec: - selector: - matchLabels: - {{- include "lagoon-core.storageCalculator.selectorLabels" . | nindent 6 }} - template: - metadata: - annotations: - checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} - {{- with .Values.storageCalculator.podAnnotations }} - {{- toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "lagoon-core.storageCalculator.selectorLabels" . | nindent 8 }} - spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - securityContext: - {{- toYaml (coalesce .Values.storageCalculator.podSecurityContext .Values.podSecurityContext) | nindent 8 }} - containers: - - name: storage-calculator - securityContext: - {{- toYaml .Values.storageCalculator.securityContext | nindent 10 }} - image: "{{ .Values.storageCalculator.image.repository }}:{{ coalesce .Values.storageCalculator.image.tag .Values.imageTag .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.storageCalculator.image.pullPolicy }} - env: - - name: JWTSECRET - valueFrom: - secretKeyRef: - name: {{ include "lagoon-core.fullname" . }}-secrets - key: JWTSECRET - - name: GRAPHQL_ENDPOINT - value: http://{{ include "lagoon-core.api.fullname" . }}:{{ .Values.api.service.port }}/graphql - - name: CRONJOBS - value: |- - {{ .Values.storageCalculator.cron }} /lagoon/cronjob.sh /calculate-storage.sh - {{- range $key, $val := .Values.storageCalculator.additionalEnvs }} - - name: {{ $key }} - value: {{ $val | quote }} - {{- end }} - resources: - {{- toYaml .Values.storageCalculator.resources | nindent 10 }} - {{- with .Values.storageCalculator.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.storageCalculator.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.storageCalculator.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} -{{- end }} diff --git a/charts/lagoon-core/values.yaml b/charts/lagoon-core/values.yaml index 64256095..6f2b44e1 100644 --- a/charts/lagoon-core/values.yaml +++ b/charts/lagoon-core/values.yaml @@ -542,25 +542,6 @@ insightsHandler: targetCPUUtilizationPercentage: 80 # targetMemoryUtilizationPercentage: 80 -storageCalculator: - enabled: true - image: - repository: uselagoon/storage-calculator - pullPolicy: Always - # Overrides the image tag whose default is the chart appVersion. - tag: "" - - podAnnotations: {} - - securityContext: {} - - resources: {} - - cron: 5 */12 * * * - - additionalEnvs: - # FOO: Bar - logs2notifications: enabled: true replicaCount: 2 @@ -670,32 +651,6 @@ ssh: targetCPUUtilizationPercentage: 80 # targetMemoryUtilizationPercentage: 80 -controllerhandler: - enabled: true - replicaCount: 2 - image: - repository: uselagoon/controllerhandler - pullPolicy: Always - # Overrides the image tag whose default is the chart appVersion. - tag: "" - - podAnnotations: {} - - securityContext: {} - - resources: {} - - additionalEnvs: - # FOO: Bar - - autoscaling: - enabled: false - minReplicas: 1 - maxReplicas: 100 - targetCPUUtilizationPercentage: 80 - # targetMemoryUtilizationPercentage: 80 - - workflows: enabled: true replicaCount: 2 From 06dcc5559e3c0654e7f58905e86090e3a84135e0 Mon Sep 17 00:00:00 2001 From: Scott Leggett Date: Wed, 23 Nov 2022 13:12:07 +0800 Subject: [PATCH 056/167] fix: avoid using deprecated hook https://helm.sh/docs/topics/chart_tests/ --- charts/lagoon-logging/templates/tests/test-connection.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/lagoon-logging/templates/tests/test-connection.yaml b/charts/lagoon-logging/templates/tests/test-connection.yaml index 190d32ac..f22e9440 100644 --- a/charts/lagoon-logging/templates/tests/test-connection.yaml +++ b/charts/lagoon-logging/templates/tests/test-connection.yaml @@ -5,7 +5,7 @@ metadata: labels: {{- include "lagoon-logging.logsDispatcher.labels" . | nindent 4 }} annotations: - "helm.sh/hook": test-success + "helm.sh/hook": test spec: containers: - name: nc From ad862f8b0d72cc0f7f1e328dacf9d27225f88f21 Mon Sep 17 00:00:00 2001 From: Scott Leggett Date: Wed, 23 Nov 2022 13:44:37 +0800 Subject: [PATCH 057/167] chore: bump logs-dispatcher image version --- charts/lagoon-logging/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/lagoon-logging/values.yaml b/charts/lagoon-logging/values.yaml index fa38fe04..a17c3ec8 100644 --- a/charts/lagoon-logging/values.yaml +++ b/charts/lagoon-logging/values.yaml @@ -19,7 +19,7 @@ logsDispatcher: repository: uselagoon/logs-dispatcher pullPolicy: IfNotPresent # Overrides the image tag whose default is "latest". - tag: "v3.1.0" + tag: "v3.2.0" serviceAccount: # Specifies whether a service account should be created From 428577f7a18ec319f5534d1335d46e5654dd065b Mon Sep 17 00:00:00 2001 From: Scott Leggett Date: Wed, 23 Nov 2022 13:13:30 +0800 Subject: [PATCH 058/167] feat: add test suite for logs-dispatcher --- charts/lagoon-logging/ci/linter-values.yaml | 3 + .../test-logs-dispatcher-processing.yaml | 416 ++++++++++++++++++ charts/lagoon-logging/values.yaml | 6 + 3 files changed, 425 insertions(+) create mode 100644 charts/lagoon-logging/templates/tests/test-logs-dispatcher-processing.yaml diff --git a/charts/lagoon-logging/ci/linter-values.yaml b/charts/lagoon-logging/ci/linter-values.yaml index 46f701fb..b2722e90 100644 --- a/charts/lagoon-logging/ci/linter-values.yaml +++ b/charts/lagoon-logging/ci/linter-values.yaml @@ -106,3 +106,6 @@ cdnLogsCollector: extraExcludeNamespaces: - ci-fake-namespace-0 - ci-fake-namespace-1 + +testFixtures: + create: true diff --git a/charts/lagoon-logging/templates/tests/test-logs-dispatcher-processing.yaml b/charts/lagoon-logging/templates/tests/test-logs-dispatcher-processing.yaml new file mode 100644 index 00000000..e478273d --- /dev/null +++ b/charts/lagoon-logging/templates/tests/test-logs-dispatcher-processing.yaml @@ -0,0 +1,416 @@ +{{- if .Values.testFixtures.create }} +--- +apiVersion: v1 +kind: Namespace +metadata: + labels: + lagoon.sh/environment: dev + lagoon.sh/environmentType: development + lagoon.sh/project: test-logs-deleteme-fakeproject + name: test-logs-deleteme-fakeproject-dev +--- +apiVersion: v1 +kind: Namespace +metadata: + labels: + lagoon.sh/environment: prod + lagoon.sh/environmentType: production + lagoon.sh/project: test-logs-deleteme-fakeproject + name: test-logs-deleteme-fakeproject-prod +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "lagoon-logging.logsDispatcher.fullname" . }}-test-processing-fluent-conf + labels: + {{- include "lagoon-logging.logsDispatcher.labels" . | nindent 4 }} +data: + fluent.conf: | + + workers 1 + # comment out this line to see warnings + # it is set to error because fluentd is quite chatty + log_level error + + # container logs collected by the logging-operator + + @type forward + @id in_container + tag process.container + + + # + # pre-processing for nginx_router logs + # + # the reason for having the two match blocks is because we have two checks + # to distinguish nginx_router logs: + # * app label is "nginx-ingress" + # * namespace is "syn-nginx-ingress" + # if either of those checks fails the message is tagged as a regular + # container log. + # + # check app name first. if app name didn't match, set tag to container log. + + @type rewrite_tag_filter + + key $.kubernetes.labels.app + pattern ^nginx-ingress$ + tag "process.app_nginx_ingress" + + + key $['kubernetes']['labels']['app.kubernetes.io/name'] + pattern ^ingress-nginx$ + tag "process.app_nginx_ingress" + + # Last rule: catchall + + invert true + key $.kubernetes.labels.app + pattern ^nginx-ingress$ + tag "lagoon.#{ENV['CLUSTER_NAME']}.container" + + + # check namespace_name. if it is okay too, tag as router log. + # if namespace didn't match, set tag to container log. + + @type rewrite_tag_filter + + key $.kubernetes.namespace_name + pattern ^syn-nginx-ingress$ + tag "lagoon.#{ENV['CLUSTER_NAME']}.router.nginx" + + + key $.kubernetes.namespace_name + pattern ^ingress-nginx$ + tag "lagoon.#{ENV['CLUSTER_NAME']}.router.nginx" + + + key $.kubernetes.namespace_name + pattern ^sigsci-ingress-nginx$ + tag "lagoon.#{ENV['CLUSTER_NAME']}.router.nginx" + + # Last rule: catchall + + invert true + key $.kubernetes.namespace_name + pattern ^syn-nginx-ingress$ + tag "lagoon.#{ENV['CLUSTER_NAME']}.container" + + + + # + # process container logs + # + # restructure so the kubernetes_metadata plugin can find the keys it needs + + @type record_modifier + remove_keys _dummy_ + + _dummy_ ${record['docker'] = {'container_id' => "#{record.dig('kubernetes','docker_id')}"}; nil} + + + # enrich with k8s metadata (will get the namespace labels) + + @type kubernetes_metadata + @log_level warn + skip_container_metadata true + skip_master_url true + + # strip the duplicate information so that it doesn't appear in logs + + @type record_modifier + remove_keys docker + + # post-process to try to eke some more structure out of the logs. + # the last "format none" block is a catch-all for unmatched messages. + + @type parser + key_name message + reserve_data true + + @type multi_format + + format regexp + expression /^(?[^ ]*) (?[^ ]*) (?[^ ]*) \[(? + + format none + + + + + # + # process nginx_router logs + # + # The message field may be json-encoded router logs, so parse that and put the + # keys in the top-level log object. + + @type parser + key_name message + reserve_time true + reserve_data true + remove_key_name_field true + + @type multi_format + + format json + + + format none + + + + # match the nginx router logs here and relabel them based on whether they + # were successfully parsed as json above or not + + @type rewrite_tag_filter + + # if the host key doesn't exist then this was not parsed as JSON, so we + # just send to @OUTPUT directly because it is an actual nginx + # controller log. These logs will appear in index_name + # router-logs-ingress-nginx_.* if the keepIngressNginxController value + # is set to true. + invert true + key host + pattern /.+/ + tag ${tag} + label @DISCARD + + + # host key exists, so this is a HTTP request log + key host + pattern /.+/ + tag ${tag} + label @NGINX_ROUTER_OUTPUT + + + + + + @type relabel + @label @OUTPUT + + + + + + input.log: | + {{- /* nginx router logs */}} + {"stream":"stdout","logtag":"F","message":"{ \"http_section_io_id\": \"-\", \"time\": \"2022-11-22T07:43:13+00:00\", \"remote_addr\": \"119.18.3.40\", \"x-forwarded-for\": \"-\", \"true-client-ip\": \"-\", \"req_id\": \"c3564341bbe8ac46c9044a87ec3db1a7\", \"remote_user\": \"-\", \"bytes_sent\": 3210, \"request_time\": 0.041, \"status\": \"200\", \"host\": \"test-logs-deleteme-fakeproject-dev.test1.amazee.io\", \"request_proto\": \"HTTP/2.0\", \"request_uri\": \"/\", \"request_query\": \"-\", \"request_length\": 303, \"request_time\": 0.041, \"request_method\": \"GET\", \"http_referer\": \"-\", \"http_user_agent\": \"Mozilla/5.0 (X11; Linux x86_64; rv:107.0) Gecko/20100101 Firefox/107.0\", \"namespace\": \"test-logs-deleteme-fakeproject-dev\", \"ingress_name\": \"test-logs-deleteme-fakeproject-dev.test1.amazee.io\", \"service_name\": \"nginx\", \"service_port\": \"http\" }","kubernetes":{"pod_name":"ingress-nginx-controller-976c576cf-mqzs8","namespace_name":"ingress-nginx","pod_id":"9555ef6d-bbf5-4276-8f5c-c91377feca99","labels":{"app.kubernetes.io/component":"controller","app.kubernetes.io/instance":"ingress-nginx","app.kubernetes.io/name":"ingress-nginx","pod-template-hash":"976c576cf"},"annotations":{"kubernetes.io/psp":"eks.privileged"},"host":"ip-10-20-30-40.eu-central-1.compute.internal","container_name":"controller","docker_id":"123eee982a5afa82e0fc3dad5d5af10dd93363657bd18bd5e2c548b0d32a19f7","container_hash":"k8s.gcr.io/ingress-nginx/controller@sha256:28b11ce69e57843de44e3db6413e98d09de0f6688e33d4bd384002a44f78405c","container_image":"sha256:7e5c1cecb086f36c6ef4b319a60853020820997f3600c3687e8ba6139e83674d"}} + {"stream":"stdout","logtag":"F","message":"{ \"http_section_io_id\": \"-\", \"time\": \"2022-11-22T07:43:13+00:00\", \"remote_addr\": \"119.18.3.40\", \"x-forwarded-for\": \"-\", \"true-client-ip\": \"-\", \"req_id\": \"1a910605e50cbfc5db9090ac5ce9fefb\", \"remote_user\": \"-\", \"bytes_sent\": 3250, \"request_time\": 0.006, \"status\": \"200\", \"host\": \"test-logs-deleteme-fakeproject-dev.test1.amazee.io\", \"request_proto\": \"HTTP/2.0\", \"request_uri\": \"/sites/default/files/css/css_v18WUm75dSk_A-DeLZcRjivGVxxUXl9PCwLE_JJpyIk.css\", \"request_query\": \"-\", \"request_length\": 137, \"request_time\": 0.006, \"request_method\": \"GET\", \"http_referer\": \"https://test-logs-deleteme-fakeproject-dev.test1.amazee.io/\", \"http_user_agent\": \"Mozilla/5.0 (X11; Linux x86_64; rv:107.0) Gecko/20100101 Firefox/107.0\", \"namespace\": \"test-logs-deleteme-fakeproject-dev\", \"ingress_name\": \"test-logs-deleteme-fakeproject-dev.test1.amazee.io\", \"service_name\": \"nginx\", \"service_port\": \"http\" }","kubernetes":{"pod_name":"ingress-nginx-controller-976c576cf-mqzs8","namespace_name":"ingress-nginx","pod_id":"9555ef6d-bbf5-4276-8f5c-c91377feca99","labels":{"app.kubernetes.io/component":"controller","app.kubernetes.io/instance":"ingress-nginx","app.kubernetes.io/name":"ingress-nginx","pod-template-hash":"976c576cf"},"annotations":{"kubernetes.io/psp":"eks.privileged"},"host":"ip-10-20-30-40.eu-central-1.compute.internal","container_name":"controller","docker_id":"123eee982a5afa82e0fc3dad5d5af10dd93363657bd18bd5e2c548b0d32a19f7","container_hash":"k8s.gcr.io/ingress-nginx/controller@sha256:28b11ce69e57843de44e3db6413e98d09de0f6688e33d4bd384002a44f78405c","container_image":"sha256:7e5c1cecb086f36c6ef4b319a60853020820997f3600c3687e8ba6139e83674d"}} + {"stream":"stdout","logtag":"F","message":"{ \"http_section_io_id\": \"-\", \"time\": \"2022-11-22T07:43:13+00:00\", \"remote_addr\": \"119.18.3.40\", \"x-forwarded-for\": \"-\", \"true-client-ip\": \"-\", \"req_id\": \"7c59ed76f0b17c3059ef4cd401d1f1c1\", \"remote_user\": \"-\", \"bytes_sent\": 802, \"request_time\": 0.011, \"status\": \"200\", \"host\": \"test-logs-deleteme-fakeproject-dev.test1.amazee.io\", \"request_proto\": \"HTTP/2.0\", \"request_uri\": \"/sites/default/files/css/css_jXoGUEFrud0744Ahfg7jDKSYsoEmd3Vq1DLfwEw5fVs.css\", \"request_query\": \"-\", \"request_length\": 74, \"request_time\": 0.011, \"request_method\": \"GET\", \"http_referer\": \"https://test-logs-deleteme-fakeproject-dev.test1.amazee.io/\", \"http_user_agent\": \"Mozilla/5.0 (X11; Linux x86_64; rv:107.0) Gecko/20100101 Firefox/107.0\", \"namespace\": \"test-logs-deleteme-fakeproject-dev\", \"ingress_name\": \"test-logs-deleteme-fakeproject-dev.test1.amazee.io\", \"service_name\": \"nginx\", \"service_port\": \"http\" }","kubernetes":{"pod_name":"ingress-nginx-controller-976c576cf-mqzs8","namespace_name":"ingress-nginx","pod_id":"9555ef6d-bbf5-4276-8f5c-c91377feca99","labels":{"app.kubernetes.io/component":"controller","app.kubernetes.io/instance":"ingress-nginx","app.kubernetes.io/name":"ingress-nginx","pod-template-hash":"976c576cf"},"annotations":{"kubernetes.io/psp":"eks.privileged"},"host":"ip-10-20-30-40.eu-central-1.compute.internal","container_name":"controller","docker_id":"123eee982a5afa82e0fc3dad5d5af10dd93363657bd18bd5e2c548b0d32a19f7","container_hash":"k8s.gcr.io/ingress-nginx/controller@sha256:28b11ce69e57843de44e3db6413e98d09de0f6688e33d4bd384002a44f78405c","container_image":"sha256:7e5c1cecb086f36c6ef4b319a60853020820997f3600c3687e8ba6139e83674d"}} + {"stream":"stdout","logtag":"F","message":"{ \"http_section_io_id\": \"-\", \"time\": \"2022-11-22T07:43:13+00:00\", \"remote_addr\": \"119.18.3.40\", \"x-forwarded-for\": \"-\", \"true-client-ip\": \"-\", \"req_id\": \"ae8778041f9eb0472f87d54f5fc88339\", \"remote_user\": \"-\", \"bytes_sent\": 13921, \"request_time\": 0.021, \"status\": \"200\", \"host\": \"test-logs-deleteme-fakeproject-prod.test1.amazee.io\", \"request_proto\": \"HTTP/2.0\", \"request_uri\": \"/sites/default/files/css/css_QVAG5D3Tjgmzc55dRjVpYlhI02sBiqX5b0VAkKLpSGg.css\", \"request_query\": \"-\", \"request_length\": 74, \"request_time\": 0.021, \"request_method\": \"GET\", \"http_referer\": \"https://test-logs-deleteme-fakeproject-prod.test1.amazee.io/\", \"http_user_agent\": \"Mozilla/5.0 (X11; Linux x86_64; rv:107.0) Gecko/20100101 Firefox/107.0\", \"namespace\": \"test-logs-deleteme-fakeproject-prod\", \"ingress_name\": \"test-logs-deleteme-fakeproject-prod.test1.amazee.io\", \"service_name\": \"nginx\", \"service_port\": \"http\" }","kubernetes":{"pod_name":"ingress-nginx-controller-976c576cf-mqzs8","namespace_name":"ingress-nginx","pod_id":"9555ef6d-bbf5-4276-8f5c-c91377feca99","labels":{"app.kubernetes.io/component":"controller","app.kubernetes.io/instance":"ingress-nginx","app.kubernetes.io/name":"ingress-nginx","pod-template-hash":"976c576cf"},"annotations":{"kubernetes.io/psp":"eks.privileged"},"host":"ip-10-20-30-40.eu-central-1.compute.internal","container_name":"controller","docker_id":"123eee982a5afa82e0fc3dad5d5af10dd93363657bd18bd5e2c548b0d32a19f7","container_hash":"k8s.gcr.io/ingress-nginx/controller@sha256:28b11ce69e57843de44e3db6413e98d09de0f6688e33d4bd384002a44f78405c","container_image":"sha256:7e5c1cecb086f36c6ef4b319a60853020820997f3600c3687e8ba6139e83674d"}} + {"stream":"stdout","logtag":"F","message":"{ \"http_section_io_id\": \"-\", \"time\": \"2022-11-22T07:43:13+00:00\", \"remote_addr\": \"119.18.3.40\", \"x-forwarded-for\": \"-\", \"true-client-ip\": \"-\", \"req_id\": \"385dd38e6adf2465724da35224ff8c6c\", \"remote_user\": \"-\", \"bytes_sent\": 3554, \"request_time\": 0.011, \"status\": \"200\", \"host\": \"test-logs-deleteme-fakeproject-prod.test1.amazee.io\", \"request_proto\": \"HTTP/2.0\", \"request_uri\": \"/profiles/contrib/govcms/themes/custom/govcms_bartik/logo.svg\", \"request_query\": \"-\", \"request_length\": 87, \"request_time\": 0.011, \"request_method\": \"GET\", \"http_referer\": \"https://test-logs-deleteme-fakeproject-prod.test1.amazee.io/\", \"http_user_agent\": \"Mozilla/5.0 (X11; Linux x86_64; rv:107.0) Gecko/20100101 Firefox/107.0\", \"namespace\": \"test-logs-deleteme-fakeproject-prod\", \"ingress_name\": \"test-logs-deleteme-fakeproject-prod.test1.amazee.io\", \"service_name\": \"nginx\", \"service_port\": \"http\" }","kubernetes":{"pod_name":"ingress-nginx-controller-976c576cf-mqzs8","namespace_name":"ingress-nginx","pod_id":"9555ef6d-bbf5-4276-8f5c-c91377feca99","labels":{"app.kubernetes.io/component":"controller","app.kubernetes.io/instance":"ingress-nginx","app.kubernetes.io/name":"ingress-nginx","pod-template-hash":"976c576cf"},"annotations":{"kubernetes.io/psp":"eks.privileged"},"host":"ip-10-20-30-40.eu-central-1.compute.internal","container_name":"controller","docker_id":"123eee982a5afa82e0fc3dad5d5af10dd93363657bd18bd5e2c548b0d32a19f7","container_hash":"k8s.gcr.io/ingress-nginx/controller@sha256:28b11ce69e57843de44e3db6413e98d09de0f6688e33d4bd384002a44f78405c","container_image":"sha256:7e5c1cecb086f36c6ef4b319a60853020820997f3600c3687e8ba6139e83674d"}} + {{- /* nginx container log 0 */}} + {"stream":"stderr","logtag":"F","message":"Identity added: /home/.ssh/key (/home/.ssh/key)","kubernetes":{"pod_name":"cli-676f77fc56-pjm8r","namespace_name":"test-logs-deleteme-fakeproject-prod","pod_id":"2df4c564-2900-4b08-922f-36a0d032f670","labels":{"admission.datadoghq.com/enabled":"true","app.kubernetes.io/instance":"cli","app.kubernetes.io/managed-by":"Helm","app.kubernetes.io/name":"cli-persistent","helm.sh/chart":"cli-persistent-0.1.0","lagoon.sh/buildType":"branch","lagoon.sh/environment":"prod","lagoon.sh/environmentType":"production","lagoon.sh/project":"test-logs-deleteme-fakeproject","lagoon.sh/service":"cli","lagoon.sh/service-type":"cli-persistent","pod-template-hash":"676f77fc56"},"annotations":{"kubernetes.io/psp":"eks.privileged","lagoon.sh/branch":"prod","lagoon.sh/configMapSha":"4ef7cefb450b614a576f32bd5ceb23bb8f3b44f9ff3569dba498ea92551217ff","lagoon.sh/version":"22.4.1"},"host":"ip-10-200-18-51.eu-central-1.compute.internal","container_name":"cli","docker_id":"f3a44dc65462386c0e0ffdb31528b989c9e55eb2ba5c431683f72e8b6a5458f4"}} + {{- /* application log 0 */}} + expected.output.log: | + {{- /* nginx router logs */}} + {"stream":"stdout","logtag":"F","kubernetes":{"namespace_name":"test-logs-deleteme-fakeproject-dev","namespace_labels":{"app.kubernetes.io/managed-by":"Helm","kubernetes.io/metadata.name":"test-logs-deleteme-fakeproject-dev","lagoon.sh/environment":"dev","lagoon.sh/environmentType":"development","lagoon.sh/project":"test-logs-deleteme-fakeproject"}},"http_section_io_id":"-","remote_addr":"119.18.3.40","x-forwarded-for":"-","true-client-ip":"-","req_id":"c3564341bbe8ac46c9044a87ec3db1a7","remote_user":"-","bytes_sent":3210,"request_time":0.041,"status":"200","host":"test-logs-deleteme-fakeproject-dev.test1.amazee.io","request_proto":"HTTP/2.0","request_uri":"/","request_query":"-","request_length":303,"request_method":"GET","http_referer":"-","http_user_agent":"Mozilla/5.0 (X11; Linux x86_64; rv:107.0) Gecko/20100101 Firefox/107.0","namespace":"test-logs-deleteme-fakeproject-dev","ingress_name":"test-logs-deleteme-fakeproject-dev.test1.amazee.io","service_name":"nginx","service_port":"http","cluster":"test-cluster-name","index_name":"router-logs-test-logs-deleteme-fakeproject-_-development-_-2022.11"} + {"stream":"stdout","logtag":"F","kubernetes":{"namespace_name":"test-logs-deleteme-fakeproject-dev","namespace_labels":{"app.kubernetes.io/managed-by":"Helm","kubernetes.io/metadata.name":"test-logs-deleteme-fakeproject-dev","lagoon.sh/environment":"dev","lagoon.sh/environmentType":"development","lagoon.sh/project":"test-logs-deleteme-fakeproject"}},"http_section_io_id":"-","remote_addr":"119.18.3.40","x-forwarded-for":"-","true-client-ip":"-","req_id":"1a910605e50cbfc5db9090ac5ce9fefb","remote_user":"-","bytes_sent":3250,"request_time":0.006,"status":"200","host":"test-logs-deleteme-fakeproject-dev.test1.amazee.io","request_proto":"HTTP/2.0","request_uri":"/sites/default/files/css/css_v18WUm75dSk_A-DeLZcRjivGVxxUXl9PCwLE_JJpyIk.css","request_query":"-","request_length":137,"request_method":"GET","http_referer":"https://test-logs-deleteme-fakeproject-dev.test1.amazee.io/","http_user_agent":"Mozilla/5.0 (X11; Linux x86_64; rv:107.0) Gecko/20100101 Firefox/107.0","namespace":"test-logs-deleteme-fakeproject-dev","ingress_name":"test-logs-deleteme-fakeproject-dev.test1.amazee.io","service_name":"nginx","service_port":"http","cluster":"test-cluster-name","index_name":"router-logs-test-logs-deleteme-fakeproject-_-development-_-2022.11"} + {"stream":"stdout","logtag":"F","kubernetes":{"namespace_name":"test-logs-deleteme-fakeproject-dev","namespace_labels":{"app.kubernetes.io/managed-by":"Helm","kubernetes.io/metadata.name":"test-logs-deleteme-fakeproject-dev","lagoon.sh/environment":"dev","lagoon.sh/environmentType":"development","lagoon.sh/project":"test-logs-deleteme-fakeproject"}},"http_section_io_id":"-","remote_addr":"119.18.3.40","x-forwarded-for":"-","true-client-ip":"-","req_id":"7c59ed76f0b17c3059ef4cd401d1f1c1","remote_user":"-","bytes_sent":802,"request_time":0.011,"status":"200","host":"test-logs-deleteme-fakeproject-dev.test1.amazee.io","request_proto":"HTTP/2.0","request_uri":"/sites/default/files/css/css_jXoGUEFrud0744Ahfg7jDKSYsoEmd3Vq1DLfwEw5fVs.css","request_query":"-","request_length":74,"request_method":"GET","http_referer":"https://test-logs-deleteme-fakeproject-dev.test1.amazee.io/","http_user_agent":"Mozilla/5.0 (X11; Linux x86_64; rv:107.0) Gecko/20100101 Firefox/107.0","namespace":"test-logs-deleteme-fakeproject-dev","ingress_name":"test-logs-deleteme-fakeproject-dev.test1.amazee.io","service_name":"nginx","service_port":"http","cluster":"test-cluster-name","index_name":"router-logs-test-logs-deleteme-fakeproject-_-development-_-2022.11"} + {"stream":"stdout","logtag":"F","kubernetes":{"namespace_name":"test-logs-deleteme-fakeproject-prod","namespace_labels":{"app.kubernetes.io/managed-by":"Helm","kubernetes.io/metadata.name":"test-logs-deleteme-fakeproject-prod","lagoon.sh/environment":"prod","lagoon.sh/environmentType":"production","lagoon.sh/project":"test-logs-deleteme-fakeproject"}},"http_section_io_id":"-","remote_addr":"119.18.3.40","x-forwarded-for":"-","true-client-ip":"-","req_id":"ae8778041f9eb0472f87d54f5fc88339","remote_user":"-","bytes_sent":13921,"request_time":0.021,"status":"200","host":"test-logs-deleteme-fakeproject-prod.test1.amazee.io","request_proto":"HTTP/2.0","request_uri":"/sites/default/files/css/css_QVAG5D3Tjgmzc55dRjVpYlhI02sBiqX5b0VAkKLpSGg.css","request_query":"-","request_length":74,"request_method":"GET","http_referer":"https://test-logs-deleteme-fakeproject-prod.test1.amazee.io/","http_user_agent":"Mozilla/5.0 (X11; Linux x86_64; rv:107.0) Gecko/20100101 Firefox/107.0","namespace":"test-logs-deleteme-fakeproject-prod","ingress_name":"test-logs-deleteme-fakeproject-prod.test1.amazee.io","service_name":"nginx","service_port":"http","cluster":"test-cluster-name","index_name":"router-logs-test-logs-deleteme-fakeproject-_-production-_-2022.11"} + {"stream":"stdout","logtag":"F","kubernetes":{"namespace_name":"test-logs-deleteme-fakeproject-prod","namespace_labels":{"app.kubernetes.io/managed-by":"Helm","kubernetes.io/metadata.name":"test-logs-deleteme-fakeproject-prod","lagoon.sh/environment":"prod","lagoon.sh/environmentType":"production","lagoon.sh/project":"test-logs-deleteme-fakeproject"}},"http_section_io_id":"-","remote_addr":"119.18.3.40","x-forwarded-for":"-","true-client-ip":"-","req_id":"385dd38e6adf2465724da35224ff8c6c","remote_user":"-","bytes_sent":3554,"request_time":0.011,"status":"200","host":"test-logs-deleteme-fakeproject-prod.test1.amazee.io","request_proto":"HTTP/2.0","request_uri":"/profiles/contrib/govcms/themes/custom/govcms_bartik/logo.svg","request_query":"-","request_length":87,"request_method":"GET","http_referer":"https://test-logs-deleteme-fakeproject-prod.test1.amazee.io/","http_user_agent":"Mozilla/5.0 (X11; Linux x86_64; rv:107.0) Gecko/20100101 Firefox/107.0","namespace":"test-logs-deleteme-fakeproject-prod","ingress_name":"test-logs-deleteme-fakeproject-prod.test1.amazee.io","service_name":"nginx","service_port":"http","cluster":"test-cluster-name","index_name":"router-logs-test-logs-deleteme-fakeproject-_-production-_-2022.11"} + {{- /* nginx container log 0 */}} + {"stream":"stderr","logtag":"F","message":"Identity added: /home/.ssh/key (/home/.ssh/key)","kubernetes":{"container_name":"cli","namespace_name":"test-logs-deleteme-fakeproject-prod","pod_name":"cli-676f77fc56-pjm8r","pod_id":"f3a44dc65462386c0e0ffdb31528b989c9e55eb2ba5c431683f72e8b6a5458f4","namespace_labels":{"app.kubernetes.io/managed-by": "Helm","kubernetes.io/metadata.name":"test-logs-deleteme-fakeproject-prod","lagoon.sh/environment":"prod","lagoon.sh/environmentType":"production","lagoon.sh/project":"test-logs-deleteme-fakeproject"}},"cluster":"test-cluster-name","index_name":"container-logs-test-logs-deleteme-fakeproject-_-production-_-2022.11","log":""} + {{- /* application log 0 */}} +{{- end }} +--- +apiVersion: v1 +kind: Pod +metadata: + name: {{ include "lagoon-logging.logsDispatcher.fullname" . }}-test-processing + labels: + {{- include "lagoon-logging.logsDispatcher.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded +spec: + serviceAccountName: {{ include "lagoon-logging.logsDispatcher.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.logsDispatcher.podSecurityContext | nindent 4 }} + containers: + - name: fluentd + securityContext: + {{- toYaml .Values.logsDispatcher.securityContext | nindent 6 }} + image: "{{ .Values.logsDispatcher.image.repository }}:{{ coalesce .Values.logsDispatcher.image.tag .Values.imageTag "latest" }}" + imagePullPolicy: {{ .Values.logsDispatcher.image.pullPolicy }} + command: + - sh + - -c + - | + set -xe + # start fluentd + fluentd --config /fluentd/etc/${FLUENTD_CONF} --plugin /fluentd/plugins & + sleep 2 + # send input + fluent-cat tag.foo < /fluentd/etc/input.log + sleep 4 + # check output + ls -lah /tmp/log.out.* + # process test cases before diff using jq: + # * strip the namespace_id from the log output, since it is randomly generated by the k8s API + # * update the suffix on the index_name in the test cases so the tests continue to pass after 2022.11 + diff <(jq '.index_name |= gsub("2022.11$";(now|strftime("%Y.%m")))' /fluentd/etc/expected.output.log) <(jq 'del(.kubernetes.namespace_id)' /tmp/log.out.*) + # stop fluentd + kill %1 + ports: + - containerPort: 24224 + protocol: TCP + name: forward + - containerPort: 24231 + protocol: TCP + name: metrics + readinessProbe: + tcpSocket: + port: 24224 + initialDelaySeconds: 20 + periodSeconds: 20 + timeoutSeconds: 2 + livenessProbe: + tcpSocket: + port: 24224 + initialDelaySeconds: 120 + periodSeconds: 60 + timeoutSeconds: 2 + volumeMounts: + - mountPath: /fluentd/etc/fluent.conf + name: fluent-conf + subPath: fluent.conf + - mountPath: /fluentd/etc/input.log + name: fluent-conf + subPath: input.log + - mountPath: /fluentd/etc/expected.output.log + name: fluent-conf + subPath: expected.output.log + env: + - name: CLUSTER_NAME + value: test-cluster-name + - name: K8S_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + volumes: + - configMap: + defaultMode: 420 + items: + - key: fluent.conf + path: fluent.conf + - key: input.log + path: input.log + - key: expected.output.log + path: expected.output.log + name: {{ include "lagoon-logging.logsDispatcher.fullname" . }}-test-processing-fluent-conf + name: fluent-conf + restartPolicy: Never diff --git a/charts/lagoon-logging/values.yaml b/charts/lagoon-logging/values.yaml index a17c3ec8..e2962948 100644 --- a/charts/lagoon-logging/values.yaml +++ b/charts/lagoon-logging/values.yaml @@ -367,3 +367,9 @@ keepIngressNginxController: false # Openshift only! # # fluentbitPrivileged: true + +# Install test fixtures into the cluster. +# This should _only_ be used in a test cluster, because it creates namespaces for testing. +# Do not set testFixtures.create=true in a production environment. +testFixtures: + create: false From 3045c385ac1aa78faa6dd7b1955d33a3fe29ee25 Mon Sep 17 00:00:00 2001 From: Scott Leggett Date: Sat, 19 Nov 2022 11:32:00 +0800 Subject: [PATCH 059/167] fix: update fluentd config for v3 k8s metadata filter compatibility fluent-plugin-kubernetes_metadata_filter v3 made some breaking changes. The one that affects our config is the removal of automatic de-dot functionality. So this change updates the config to match the new behaviour. See this PR for details: https://github.com/fabric8io/fluent-plugin-kubernetes_metadata_filter/pull/347 --- .../templates/logs-dispatcher.fluent-conf.configmap.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/lagoon-logging/templates/logs-dispatcher.fluent-conf.configmap.yaml b/charts/lagoon-logging/templates/logs-dispatcher.fluent-conf.configmap.yaml index 1baa4ea0..6eb8e766 100644 --- a/charts/lagoon-logging/templates/logs-dispatcher.fluent-conf.configmap.yaml +++ b/charts/lagoon-logging/templates/logs-dispatcher.fluent-conf.configmap.yaml @@ -346,7 +346,7 @@ data: @type record_modifier - index_name container-logs-${record.dig('kubernetes','namespace_labels','lagoon_sh/project')&.gsub("_", "-") || "#{record.dig('kubernetes','namespace_name') || 'unknown_project'}_#{ENV['CLUSTER_NAME']}"}-_-${record.dig('kubernetes','namespace_labels','lagoon_sh/environmentType') || "unknown_environmenttype"}-_-${Time.at(time).strftime("%Y.%m")} + index_name container-logs-${record.dig('kubernetes','namespace_labels','lagoon.sh/project')&.gsub("_", "-") || "#{record.dig('kubernetes','namespace_name') || 'unknown_project'}_#{ENV['CLUSTER_NAME']}"}-_-${record.dig('kubernetes','namespace_labels','lagoon.sh/environmentType') || "unknown_environmenttype"}-_-${Time.at(time).strftime("%Y.%m")} log ${record['log'] || ""} @@ -356,7 +356,7 @@ data: @type record_modifier - index_name application-logs-${record.dig('kubernetes','namespace_labels','lagoon_sh/project')&.gsub("_", "-") || "#{record.dig('kubernetes','namespace_name') || 'unknown_project'}_#{ENV['CLUSTER_NAME']}"}-_-${record.dig('kubernetes','namespace_labels','lagoon_sh/environmentType') || "unknown_environmenttype"}-_-${Time.at(time).strftime("%Y.%m")} + index_name application-logs-${record.dig('kubernetes','namespace_labels','lagoon.sh/project')&.gsub("_", "-") || "#{record.dig('kubernetes','namespace_name') || 'unknown_project'}_#{ENV['CLUSTER_NAME']}"}-_-${record.dig('kubernetes','namespace_labels','lagoon.sh/environmentType') || "unknown_environmenttype"}-_-${Time.at(time).strftime("%Y.%m")} # @@ -365,7 +365,7 @@ data: @type record_modifier - index_name router-logs-${record.dig('kubernetes','namespace_labels','lagoon_sh/project')&.gsub("_", "-") || "#{record.dig('kubernetes','namespace_name') || 'unknown_project'}_#{ENV['CLUSTER_NAME']}"}-_-${record.dig('kubernetes','namespace_labels','lagoon_sh/environmentType') || "unknown_environmenttype"}-_-${Time.at(time).strftime("%Y.%m")} + index_name router-logs-${record.dig('kubernetes','namespace_labels','lagoon.sh/project')&.gsub("_", "-") || "#{record.dig('kubernetes','namespace_name') || 'unknown_project'}_#{ENV['CLUSTER_NAME']}"}-_-${record.dig('kubernetes','namespace_labels','lagoon.sh/environmentType') || "unknown_environmenttype"}-_-${Time.at(time).strftime("%Y.%m")} {{- if .Values.cdnLogsCollector.enabled }} From d8d7db431df0a84a3084ad9d4347a04456573b2d Mon Sep 17 00:00:00 2001 From: Scott Leggett Date: Wed, 23 Nov 2022 13:43:54 +0800 Subject: [PATCH 060/167] chore: add chart changelog --- charts/lagoon-logging/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/lagoon-logging/Chart.yaml b/charts/lagoon-logging/Chart.yaml index 67fed541..6983ac8a 100644 --- a/charts/lagoon-logging/Chart.yaml +++ b/charts/lagoon-logging/Chart.yaml @@ -33,4 +33,4 @@ dependencies: annotations: artifacthub.io/changes: | - kind: changed - description: Update logs-dispatcher image to v3.1.0 + description: Add integration test suite and bump logs-dispatcher to v3.2.0. From 09c42b46cf3d29e570a4447dd1f90dc77ec3adfb Mon Sep 17 00:00:00 2001 From: Scott Leggett Date: Wed, 23 Nov 2022 13:32:42 +0800 Subject: [PATCH 061/167] chore: bump lagoon-logging chart version --- charts/lagoon-logging/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/lagoon-logging/Chart.yaml b/charts/lagoon-logging/Chart.yaml index 6983ac8a..279ccee8 100644 --- a/charts/lagoon-logging/Chart.yaml +++ b/charts/lagoon-logging/Chart.yaml @@ -19,7 +19,7 @@ type: application # time you make changes to the chart and its templates, including the app # version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.71.0 +version: 0.72.0 dependencies: - name: logging-operator From f18ddf40ef27da556ef598b1307f5f8032fefedf Mon Sep 17 00:00:00 2001 From: Scott Leggett Date: Wed, 23 Nov 2022 14:31:57 +0800 Subject: [PATCH 062/167] Update charts/lagoon-logging/Chart.yaml Co-authored-by: Toby Bellwood --- charts/lagoon-logging/Chart.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/charts/lagoon-logging/Chart.yaml b/charts/lagoon-logging/Chart.yaml index 279ccee8..92c7e5a8 100644 --- a/charts/lagoon-logging/Chart.yaml +++ b/charts/lagoon-logging/Chart.yaml @@ -33,4 +33,6 @@ dependencies: annotations: artifacthub.io/changes: | - kind: changed - description: Add integration test suite and bump logs-dispatcher to v3.2.0. + description: Bump logs-dispatcher to v3.2.0 and use dots to read lagoon.sh labels + - kind: added + description: Add integration test suite From cc10d4164b9a2ccdad3dbba1812b480f107591a1 Mon Sep 17 00:00:00 2001 From: Scott Leggett Date: Mon, 28 Nov 2022 22:13:05 +0800 Subject: [PATCH 063/167] fix: bump logging-operator dependency for k8s 1.25+ support --- charts/lagoon-logging/Chart.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/lagoon-logging/Chart.lock b/charts/lagoon-logging/Chart.lock index 8b4bbca1..8dcc8f15 100644 --- a/charts/lagoon-logging/Chart.lock +++ b/charts/lagoon-logging/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: logging-operator repository: https://kubernetes-charts.banzaicloud.com - version: 3.17.7 -digest: sha256:12db5e3fa5d67bdc4307758150cc57e3ef0c5893095b40735d989935cac2c318 -generated: "2022-06-02T14:25:04.188887195+08:00" + version: 3.17.10 +digest: sha256:293ac5ba13713b7edcc8fb655e8fd402c6d466c57edcdc9886f1336b39815b8c +generated: "2022-11-28T22:12:54.57492083+08:00" From cd220133dcf04cdfdfa026ef623fcedb736831b2 Mon Sep 17 00:00:00 2001 From: Scott Leggett Date: Mon, 28 Nov 2022 22:13:49 +0800 Subject: [PATCH 064/167] chore: bump lagoon-logging chart version --- charts/lagoon-logging/Chart.yaml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/charts/lagoon-logging/Chart.yaml b/charts/lagoon-logging/Chart.yaml index 92c7e5a8..0bc3313d 100644 --- a/charts/lagoon-logging/Chart.yaml +++ b/charts/lagoon-logging/Chart.yaml @@ -19,7 +19,7 @@ type: application # time you make changes to the chart and its templates, including the app # version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.72.0 +version: 0.73.0 dependencies: - name: logging-operator @@ -33,6 +33,4 @@ dependencies: annotations: artifacthub.io/changes: | - kind: changed - description: Bump logs-dispatcher to v3.2.0 and use dots to read lagoon.sh labels - - kind: added - description: Add integration test suite + description: Update logging-operator dependency to v3.17.10 From 5563fc5fc949e4ad482553ea523c80af8f462db0 Mon Sep 17 00:00:00 2001 From: Scott Leggett Date: Tue, 29 Nov 2022 10:32:20 +0800 Subject: [PATCH 065/167] fix: bump logs-dispatcher image version This fixes the verbose error logging for missing pods. --- charts/lagoon-logging/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/lagoon-logging/values.yaml b/charts/lagoon-logging/values.yaml index e2962948..8a8889dc 100644 --- a/charts/lagoon-logging/values.yaml +++ b/charts/lagoon-logging/values.yaml @@ -19,7 +19,7 @@ logsDispatcher: repository: uselagoon/logs-dispatcher pullPolicy: IfNotPresent # Overrides the image tag whose default is "latest". - tag: "v3.2.0" + tag: "v3.3.0" serviceAccount: # Specifies whether a service account should be created From 7835bd57f6577e7eabeced6c19035c08551faf3b Mon Sep 17 00:00:00 2001 From: Scott Leggett Date: Tue, 29 Nov 2022 10:33:10 +0800 Subject: [PATCH 066/167] chore: bump lagoon-logging chart version --- charts/lagoon-logging/Chart.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/lagoon-logging/Chart.yaml b/charts/lagoon-logging/Chart.yaml index 0bc3313d..102cf7f4 100644 --- a/charts/lagoon-logging/Chart.yaml +++ b/charts/lagoon-logging/Chart.yaml @@ -19,7 +19,7 @@ type: application # time you make changes to the chart and its templates, including the app # version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.73.0 +version: 0.74.0 dependencies: - name: logging-operator @@ -33,4 +33,4 @@ dependencies: annotations: artifacthub.io/changes: | - kind: changed - description: Update logging-operator dependency to v3.17.10 + description: Update logs-dispatcher to v3.3.0. From b1997185aaea136b5e095d4e7e58a54f4a627c9c Mon Sep 17 00:00:00 2001 From: Chris Date: Wed, 30 Nov 2022 10:23:29 +1100 Subject: [PATCH 067/167] Updating test suite --- .github/workflows/test-suite.yaml | 20 +++++++++----------- 1 file changed, 9 insertions(+), 11 deletions(-) diff --git a/.github/workflows/test-suite.yaml b/.github/workflows/test-suite.yaml index beef18c3..91de57f2 100644 --- a/.github/workflows/test-suite.yaml +++ b/.github/workflows/test-suite.yaml @@ -13,26 +13,24 @@ jobs: - active-standby-kubernetes - api - deploytarget - - features-variables - features-kubernetes - features-kubernetes-2 - - tasks - - dbaas + - features-variables + - services - ssh-portal + - tasks ## Re-enable any of these below tests in your branch for specific testing - ## - drupal-php74 - ## - drupal-php80 - ## - drupal-postgres + ## - bitbucket + ## - bulk-deployment ## - drush + ## - generic + ## - github + ## - gitlab ## - image-cache - ## - node-mongodb ## - nginx ## - node ## - python - ## - elasticsearch - ## - github - ## - gitlab - ## - bitbucket + ## - workflows steps: # Continue after getting a shell via: `touch continue` From 4e2cf14472cee91522ff751575e50451e75ed7f9 Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Wed, 30 Nov 2022 15:54:19 +1100 Subject: [PATCH 068/167] force rerun --- .github/workflows/test-suite.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test-suite.yaml b/.github/workflows/test-suite.yaml index 91de57f2..39129b90 100644 --- a/.github/workflows/test-suite.yaml +++ b/.github/workflows/test-suite.yaml @@ -19,7 +19,7 @@ jobs: - services - ssh-portal - tasks - ## Re-enable any of these below tests in your branch for specific testing + ## Re-enable any of these tests in your branch for specific testing ## - bitbucket ## - bulk-deployment ## - drush From 8b8d9ecbdbcbaa440a8d1a024694e2667d189c56 Mon Sep 17 00:00:00 2001 From: Scott Leggett Date: Tue, 13 Sep 2022 00:03:25 +0800 Subject: [PATCH 069/167] feat: add lagoon-opensearch-sync service to lagoon-core chart Add a new service to the lagoon-core chart, disabled by default because Opensearch integration with lagoon-core should be optional. --- charts/lagoon-core/templates/_helpers.tpl | 31 ++++- .../templates/keycloak.secret.yaml | 2 + .../templates/opensearch-sync.deployment.yaml | 107 ++++++++++++++++++ .../templates/opensearch-sync.secret.yaml | 11 ++ charts/lagoon-core/values.yaml | 26 +++++ 5 files changed, 176 insertions(+), 1 deletion(-) create mode 100644 charts/lagoon-core/templates/opensearch-sync.deployment.yaml create mode 100644 charts/lagoon-core/templates/opensearch-sync.secret.yaml diff --git a/charts/lagoon-core/templates/_helpers.tpl b/charts/lagoon-core/templates/_helpers.tpl index 85bfa811..b9d6306d 100644 --- a/charts/lagoon-core/templates/_helpers.tpl +++ b/charts/lagoon-core/templates/_helpers.tpl @@ -1,4 +1,3 @@ -{{/* vim: set filetype=mustache: */}} {{/* Expand the name of the chart. */}} @@ -621,3 +620,33 @@ app.kubernetes.io/name: {{ include "lagoon-core.name" . }} app.kubernetes.io/component: {{ include "lagoon-core.sshPortalAPI.fullname" . }} app.kubernetes.io/instance: {{ .Release.Name }} {{- end }} + + + +{{/* +Create a default fully qualified app name for opensearch-sync. +*/}} +{{- define "lagoon-core.opensearchSync.fullname" -}} +{{- include "lagoon-core.fullname" . }}-opensearch-sync +{{- end }} + +{{/* +Common labels opensearch-sync. +*/}} +{{- define "lagoon-core.opensearchSync.labels" -}} +helm.sh/chart: {{ include "lagoon-core.chart" . }} +{{ include "lagoon-core.opensearchSync.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels opensearch-sync. +*/}} +{{- define "lagoon-core.opensearchSync.selectorLabels" -}} +app.kubernetes.io/name: {{ include "lagoon-core.name" . }} +app.kubernetes.io/component: {{ include "lagoon-core.opensearchSync.fullname" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} diff --git a/charts/lagoon-core/templates/keycloak.secret.yaml b/charts/lagoon-core/templates/keycloak.secret.yaml index 1b452534..55b7465c 100644 --- a/charts/lagoon-core/templates/keycloak.secret.yaml +++ b/charts/lagoon-core/templates/keycloak.secret.yaml @@ -10,6 +10,7 @@ This somewhat complex logic is intended to: {{- $keycloakAPIClientSecret := coalesce .Values.keycloakAPIClientSecret (ternary uuidv4 (index $data "KEYCLOAK_API_CLIENT_SECRET" | default "" | b64dec) (index $data "KEYCLOAK_API_CLIENT_SECRET" | empty)) }} {{- $keycloakAuthServerClientSecret := coalesce .Values.keycloakAuthServerClientSecret (ternary uuidv4 (index $data "KEYCLOAK_AUTH_SERVER_CLIENT_SECRET" | default "" | b64dec) (index $data "KEYCLOAK_AUTH_SERVER_CLIENT_SECRET" | empty)) }} {{- $keycloakServiceAPIClientSecret := coalesce .Values.keycloakServiceAPIClientSecret (ternary uuidv4 (index $data "KEYCLOAK_SERVICE_API_CLIENT_SECRET" | default "" | b64dec) (index $data "KEYCLOAK_SERVICE_API_CLIENT_SECRET" | empty)) }} +{{- $keycloakLagoonOpensearchSyncClientSecret := coalesce .Values.keycloakLagoonOpensearchSyncClientSecret (ternary uuidv4 (index $data "KEYCLOAK_LAGOON_OPENSEARCH_SYNC_CLIENT_SECRET" | default "" | b64dec) (index $data "KEYCLOAK_LAGOON_OPENSEARCH_SYNC_CLIENT_SECRET" | empty)) }} {{- $keycloakLagoonAdminPassword := coalesce .Values.keycloakLagoonAdminPassword (ternary (randAlpha 32) (index $data "KEYCLOAK_LAGOON_ADMIN_PASSWORD" | default "" | b64dec) (index $data "KEYCLOAK_LAGOON_ADMIN_PASSWORD" | empty)) }} {{/* set the variable globally for access in NOTES */}} {{- $_ := set .Values "keycloakLagoonAdminPassword" $keycloakLagoonAdminPassword -}} @@ -26,4 +27,5 @@ stringData: KEYCLOAK_API_CLIENT_SECRET: {{ $keycloakAPIClientSecret }} KEYCLOAK_AUTH_SERVER_CLIENT_SECRET: {{ $keycloakAuthServerClientSecret | quote }} KEYCLOAK_SERVICE_API_CLIENT_SECRET: {{ $keycloakServiceAPIClientSecret | quote }} + KEYCLOAK_LAGOON_OPENSEARCH_SYNC_CLIENT_SECRET: {{ $keycloakLagoonOpensearchSyncClientSecret | quote }} KEYCLOAK_LAGOON_ADMIN_PASSWORD: {{ $keycloakLagoonAdminPassword | quote }} diff --git a/charts/lagoon-core/templates/opensearch-sync.deployment.yaml b/charts/lagoon-core/templates/opensearch-sync.deployment.yaml new file mode 100644 index 00000000..6b6e7bc6 --- /dev/null +++ b/charts/lagoon-core/templates/opensearch-sync.deployment.yaml @@ -0,0 +1,107 @@ +{{- if .Values.opensearchSync.enabled -}} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "lagoon-core.opensearchSync.fullname" . }} + labels: + {{- include "lagoon-core.opensearchSync.labels" . | nindent 4 }} +spec: + selector: + matchLabels: + {{- include "lagoon-core.opensearchSync.selectorLabels" . | nindent 6 }} + template: + metadata: + annotations: + checksum/keycloak.secret: {{ include (print $.Template.BasePath "/keycloak.secret.yaml") . | sha256sum }} + checksum/api.secret: {{ include (print $.Template.BasePath "/api.secret.yaml") . | sha256sum }} + checksum/api-db.secret: {{ include (print $.Template.BasePath "/api-db.secret.yaml") . | sha256sum }} + checksum/opensearch-sync.secret: {{ include (print $.Template.BasePath "/opensearch-sync.secret.yaml") . | sha256sum }} + {{- with .Values.opensearchSync.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "lagoon-core.opensearchSync.selectorLabels" . | nindent 8 }} + spec: + securityContext: + {{- toYaml (coalesce .Values.opensearchSync.podSecurityContext .Values.podSecurityContext) | nindent 8 }} + containers: + - name: lagoon-opensearch-sync + securityContext: + {{- toYaml .Values.opensearchSync.securityContext | nindent 10 }} + image: "{{ .Values.opensearchSync.image.repository }}:{{ coalesce .Values.opensearchSync.image.tag .Values.imageTag .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.opensearchSync.image.pullPolicy }} + command: + - "/lagoon-opensearch-sync" + env: + {{- if .Values.opensearchSync.debug }} + - name: DEBUG + value: "true" + {{- end }} + - name: API_DB_ADDRESS + value: {{ include "lagoon-core.apiDB.fullname" . }} + - name: API_DB_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "lagoon-core.apiDB.fullname" . }} + key: API_DB_PASSWORD + - name: KEYCLOAK_BASE_URL + value: http://{{ include "lagoon-core.keycloak.fullname" . }}:{{ .Values.keycloak.service.port }}/ + - name: KEYCLOAK_CLIENT_ID + value: lagoon-opensearch-sync + - name: KEYCLOAK_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: {{ include "lagoon-core.keycloak.fullname" . }} + key: KEYCLOAK_LAGOON_OPENSEARCH_SYNC_CLIENT_SECRET + - name: OPENSEARCH_BASE_URL + value: {{ required "A valid .Values.elasticsearchURL required!" .Values.elasticsearchURL | quote }} + - name: OPENSEARCH_DASHBOARDS_BASE_URL + value: {{ required "A valid .Values.kibanaURL required!" .Values.kibanaURL | quote }} + - name: OPENSEARCH_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "lagoon-core.api.fullname" . }} + key: LOGSDB_ADMIN_PASSWORD + - name: OPENSEARCH_CA_CERTIFICATE + valueFrom: + secretKeyRef: + name: {{ include "lagoon-core.opensearchSync.fullname" . }} + key: OPENSEARCH_CA_CERTIFICATE + {{- range $key, $val := .Values.opensearchSync.additionalEnvs }} + - name: {{ $key }} + value: {{ $val | quote }} + {{- end }} + resources: + {{- toYaml .Values.opensearchSync.resources | nindent 10 }} + {{- with .Values.opensearchSync.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 50 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - {{ include "lagoon-core.name" . }} + - key: app.kubernetes.io/component + operator: In + values: + - {{ include "lagoon-core.opensearchSync.fullname" . }} + - key: app.kubernetes.io/instance + operator: In + values: + - {{ .Release.Name }} + topologyKey: kubernetes.io/hostname + {{- with .Values.opensearchSync.affinity }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.opensearchSync.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} +{{- end }} diff --git a/charts/lagoon-core/templates/opensearch-sync.secret.yaml b/charts/lagoon-core/templates/opensearch-sync.secret.yaml new file mode 100644 index 00000000..3bce6a5f --- /dev/null +++ b/charts/lagoon-core/templates/opensearch-sync.secret.yaml @@ -0,0 +1,11 @@ +{{- if .Values.opensearchSync.enabled -}} +apiVersion: v1 +kind: Secret +type: Opaque +metadata: + name: {{ include "lagoon-core.opensearchSync.fullname" . }} + labels: + {{- include "lagoon-core.opensearchSync.labels" . | nindent 4 }} +stringData: + OPENSEARCH_CA_CERTIFICATE: {{ required "A valid .Values.opensearchSync.opensearchCACertificate required!" .Values.opensearchSync.caCertificate | quote }} +{{- end }} diff --git a/charts/lagoon-core/values.yaml b/charts/lagoon-core/values.yaml index 6f2b44e1..ec3fb0c4 100644 --- a/charts/lagoon-core/values.yaml +++ b/charts/lagoon-core/values.yaml @@ -779,3 +779,29 @@ sshPortalAPI: type: ClusterIP ports: metrics: 9911 + +opensearchSync: + enabled: false + image: + repository: ghcr.io/uselagoon/lagoon-opensearch-sync/lagoon-opensearch-sync + pullPolicy: Always + # Overrides the image tag whose default is the chart appVersion. + tag: "v0.4.0" + + # debug logging toggle + debug: false + + # root certificate for the server certificate presented by opensearch + opensearchCACertificate: | + # -----BEGIN CERTIFICATE----- + # ... + # -----END CERTIFICATE----- + + podAnnotations: {} + + securityContext: {} + + resources: {} + + additionalEnvs: + # FOO: Bar From 0e7104f6c5b5416543382f314a104448fc0a50ee Mon Sep 17 00:00:00 2001 From: Scott Leggett Date: Fri, 4 Nov 2022 14:55:41 +0800 Subject: [PATCH 070/167] chore: bump lagoon-core chart version --- charts/lagoon-core/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/lagoon-core/Chart.yaml b/charts/lagoon-core/Chart.yaml index ff93c3d5..f297752d 100644 --- a/charts/lagoon-core/Chart.yaml +++ b/charts/lagoon-core/Chart.yaml @@ -21,7 +21,7 @@ type: application # time you make changes to the chart and its templates, including the app # version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 1.16.0 +version: 1.17.0 # This is the version number of the application being deployed. This version # number should be incremented each time you make changes to the application. From 55c3d6adac571f3466af8693c6786fea3b3c2063 Mon Sep 17 00:00:00 2001 From: Scott Leggett Date: Tue, 6 Dec 2022 15:43:04 +0800 Subject: [PATCH 071/167] chore: point lagoon-opensearch-sync at the new repository location See https://github.com/uselagoon/lagoon-opensearch-sync/pull/27 --- charts/lagoon-core/values.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/lagoon-core/values.yaml b/charts/lagoon-core/values.yaml index ec3fb0c4..1a56bacb 100644 --- a/charts/lagoon-core/values.yaml +++ b/charts/lagoon-core/values.yaml @@ -783,10 +783,10 @@ sshPortalAPI: opensearchSync: enabled: false image: - repository: ghcr.io/uselagoon/lagoon-opensearch-sync/lagoon-opensearch-sync + repository: ghcr.io/uselagoon/lagoon-opensearch-sync pullPolicy: Always # Overrides the image tag whose default is the chart appVersion. - tag: "v0.4.0" + tag: "v0.4.1" # debug logging toggle debug: false From 1cfbbf03b516bc02652c42a23e5a0631ab6e3bb8 Mon Sep 17 00:00:00 2001 From: Scott Leggett Date: Wed, 7 Dec 2022 15:58:11 +0800 Subject: [PATCH 072/167] feat: add artifacthub changelog check to CI This check will fail if artifacthub changelog hasn't been updated. --- .github/workflows/lint-test.yaml | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/.github/workflows/lint-test.yaml b/.github/workflows/lint-test.yaml index de611b0d..5daa7fe1 100644 --- a/.github/workflows/lint-test.yaml +++ b/.github/workflows/lint-test.yaml @@ -101,3 +101,27 @@ jobs: - name: Run chart-testing (install) run: ct install --config ./default.ct.yaml + + artifacthub-changelog: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + with: + fetch-depth: "0" + + - name: Install gojq + run: | + cd /tmp + curl -sSLO https://github.com/itchyny/gojq/releases/download/v0.12.10/gojq_v0.12.10_linux_amd64.tar.gz + tar -xf ./gojq_v0.12.10_linux_amd64.tar.gz + sudo cp /tmp/gojq_v0.12.10_linux_amd64/gojq /usr/local/bin/gojq + + - name: Run artifacthub.io changelog check + run: | + for chartyaml in $(git diff --name-only origin/main | awk -F/ '/^charts\// { printf "%s/%s/%s\n",$1,$2,"Chart.yaml" }' | sort -u); do + if diff <(gojq -r --yaml-input '.annotations."artifacthub.io/changes"' <(git show HEAD:$chartyaml)) <(gojq -r --yaml-input '.annotations."artifacthub.io/changes"' <(git show origin/main:$chartyaml)); then + echo "$chartyaml artifacthub.io changelog needs an update!" + exit 1 + fi + done From db8dc23de94bace52c94618e251bb57ed24817e3 Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Fri, 9 Dec 2022 16:53:06 +1100 Subject: [PATCH 073/167] updated drush-alias to v3.1.0 --- charts/lagoon-core/Chart.yaml | 10 +++------- charts/lagoon-core/values.yaml | 2 +- 2 files changed, 4 insertions(+), 8 deletions(-) diff --git a/charts/lagoon-core/Chart.yaml b/charts/lagoon-core/Chart.yaml index f297752d..c82bbd00 100644 --- a/charts/lagoon-core/Chart.yaml +++ b/charts/lagoon-core/Chart.yaml @@ -21,7 +21,7 @@ type: application # time you make changes to the chart and its templates, including the app # version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 1.17.0 +version: 1.18.0 # This is the version number of the application being deployed. This version # number should be incremented each time you make changes to the application. @@ -40,9 +40,5 @@ dependencies: # Valid supported kinds are added, changed, deprecated, removed, fixed and security annotations: artifacthub.io/changes: | - - kind: removed - description: controller-handler has been removed, it's functions are now in actions-handler - - kind: removed - description: storage-calculator is now handled in lagoon-remote - - kind: added - description: Support lagoon-core-api init container to migrate/populate database + - kind: changed + description: updated drush-alias to v3.1.0 for ssh-portal support diff --git a/charts/lagoon-core/values.yaml b/charts/lagoon-core/values.yaml index 1a56bacb..14fb69bb 100644 --- a/charts/lagoon-core/values.yaml +++ b/charts/lagoon-core/values.yaml @@ -587,7 +587,7 @@ drushAlias: repository: uselagoon/drush-alias pullPolicy: Always # Overrides the image tag whose default is "latest". - tag: "v3.0.0" + tag: "v3.1.0" podAnnotations: {} From bba8c8bdc67e3d406ff196cd740db8b13ff9f24a Mon Sep 17 00:00:00 2001 From: Scott Leggett Date: Fri, 18 Nov 2022 08:21:20 +0800 Subject: [PATCH 074/167] chore: remove unused template function --- charts/lagoon-core/templates/_helpers.tpl | 7 ------- 1 file changed, 7 deletions(-) diff --git a/charts/lagoon-core/templates/_helpers.tpl b/charts/lagoon-core/templates/_helpers.tpl index b9d6306d..09873261 100644 --- a/charts/lagoon-core/templates/_helpers.tpl +++ b/charts/lagoon-core/templates/_helpers.tpl @@ -586,13 +586,6 @@ Create a default fully qualified app name for the nats subchart. -{{/* -Create the name of the service account to use for ssh-portal-api. -*/}} -{{- define "lagoon-core.sshPortalAPI.serviceAccountName" -}} -{{- default (include "lagoon-core.sshPortalAPI.fullname" .) .Values.sshPortalAPI.serviceAccount.name }} -{{- end }} - {{/* Create a default fully qualified app name for ssh-portal-api. */}} From ff0e0cef8d33adaa37543c25ff84268badbfd305 Mon Sep 17 00:00:00 2001 From: Scott Leggett Date: Fri, 18 Nov 2022 08:24:21 +0800 Subject: [PATCH 075/167] feat: add option to disable the ssh service --- charts/lagoon-core/templates/ssh.deployment.yaml | 2 ++ charts/lagoon-core/templates/ssh.hpa.yaml | 2 +- charts/lagoon-core/templates/ssh.service.yaml | 2 ++ charts/lagoon-core/values.yaml | 1 + 4 files changed, 6 insertions(+), 1 deletion(-) diff --git a/charts/lagoon-core/templates/ssh.deployment.yaml b/charts/lagoon-core/templates/ssh.deployment.yaml index 0c756168..94c5e814 100644 --- a/charts/lagoon-core/templates/ssh.deployment.yaml +++ b/charts/lagoon-core/templates/ssh.deployment.yaml @@ -1,3 +1,4 @@ +{{- if .Values.ssh.enabled -}} apiVersion: apps/v1 kind: Deployment metadata: @@ -98,3 +99,4 @@ spec: tolerations: {{- toYaml . | nindent 8 }} {{- end }} +{{- end }} diff --git a/charts/lagoon-core/templates/ssh.hpa.yaml b/charts/lagoon-core/templates/ssh.hpa.yaml index 2057abfa..abe657ff 100644 --- a/charts/lagoon-core/templates/ssh.hpa.yaml +++ b/charts/lagoon-core/templates/ssh.hpa.yaml @@ -1,4 +1,4 @@ -{{- if .Values.ssh.autoscaling.enabled -}} +{{- if and .Values.ssh.enabled .Values.ssh.autoscaling.enabled -}} apiVersion: autoscaling/v2beta2 kind: HorizontalPodAutoscaler metadata: diff --git a/charts/lagoon-core/templates/ssh.service.yaml b/charts/lagoon-core/templates/ssh.service.yaml index 138b4a08..5b1feaa4 100644 --- a/charts/lagoon-core/templates/ssh.service.yaml +++ b/charts/lagoon-core/templates/ssh.service.yaml @@ -1,3 +1,4 @@ +{{- if .Values.ssh.enabled -}} apiVersion: v1 kind: Service metadata: @@ -17,3 +18,4 @@ spec: name: ssh selector: {{- include "lagoon-core.ssh.selectorLabels" . | nindent 4 }} +{{- end }} diff --git a/charts/lagoon-core/values.yaml b/charts/lagoon-core/values.yaml index 14fb69bb..b35df186 100644 --- a/charts/lagoon-core/values.yaml +++ b/charts/lagoon-core/values.yaml @@ -623,6 +623,7 @@ drushAlias: # targetMemoryUtilizationPercentage: 80 ssh: + enabled: true replicaCount: 2 image: repository: uselagoon/ssh From da60510caab0afb63d8d9c6166f9354b743f9625 Mon Sep 17 00:00:00 2001 From: Scott Leggett Date: Thu, 17 Nov 2022 16:28:24 +0800 Subject: [PATCH 076/167] chore: disable auth-server when ssh is disabled auth-server only exists as a backend for the ssh service. --- charts/lagoon-core/templates/auth-server.deployment.yaml | 2 ++ charts/lagoon-core/templates/auth-server.hpa.yaml | 2 +- charts/lagoon-core/templates/auth-server.service.yaml | 2 ++ 3 files changed, 5 insertions(+), 1 deletion(-) diff --git a/charts/lagoon-core/templates/auth-server.deployment.yaml b/charts/lagoon-core/templates/auth-server.deployment.yaml index d4eb515a..d714770b 100644 --- a/charts/lagoon-core/templates/auth-server.deployment.yaml +++ b/charts/lagoon-core/templates/auth-server.deployment.yaml @@ -1,3 +1,4 @@ +{{- if .Values.ssh.enabled -}} apiVersion: apps/v1 kind: Deployment metadata: @@ -94,3 +95,4 @@ spec: tolerations: {{- toYaml . | nindent 8 }} {{- end }} +{{- end }} diff --git a/charts/lagoon-core/templates/auth-server.hpa.yaml b/charts/lagoon-core/templates/auth-server.hpa.yaml index 5f402a55..795beb79 100644 --- a/charts/lagoon-core/templates/auth-server.hpa.yaml +++ b/charts/lagoon-core/templates/auth-server.hpa.yaml @@ -1,4 +1,4 @@ -{{- if .Values.authServer.autoscaling.enabled -}} +{{- if and .Values.ssh.enabled .Values.authServer.autoscaling.enabled -}} apiVersion: autoscaling/v2beta2 kind: HorizontalPodAutoscaler metadata: diff --git a/charts/lagoon-core/templates/auth-server.service.yaml b/charts/lagoon-core/templates/auth-server.service.yaml index 5b69e491..8b2c2e4a 100644 --- a/charts/lagoon-core/templates/auth-server.service.yaml +++ b/charts/lagoon-core/templates/auth-server.service.yaml @@ -1,3 +1,4 @@ +{{- if .Values.ssh.enabled -}} apiVersion: v1 kind: Service metadata: @@ -16,3 +17,4 @@ spec: name: http selector: {{- include "lagoon-core.authServer.selectorLabels" . | nindent 4 }} +{{- end }} From 40832272aa165a86fac26ccf7bb6bb7b0c9c065e Mon Sep 17 00:00:00 2001 From: Scott Leggett Date: Fri, 18 Nov 2022 08:24:52 +0800 Subject: [PATCH 077/167] chore: set pull policy to IfNotPresent for sshPortalAPI This service always has well defined tags so there is no need to pull again if the tagged image is already present. --- charts/lagoon-core/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/lagoon-core/values.yaml b/charts/lagoon-core/values.yaml index b35df186..b04f4c6d 100644 --- a/charts/lagoon-core/values.yaml +++ b/charts/lagoon-core/values.yaml @@ -745,7 +745,7 @@ sshPortalAPI: replicaCount: 2 image: repository: ghcr.io/uselagoon/lagoon-ssh-portal/ssh-portal-api - pullPolicy: Always + pullPolicy: IfNotPresent # Overrides the image tag whose default is the chart appVersion. tag: "v0.24.0" From 89939ea5dd945ba426eca7700dfb25df2faf7372 Mon Sep 17 00:00:00 2001 From: Scott Leggett Date: Thu, 24 Nov 2022 13:44:42 +0800 Subject: [PATCH 078/167] chore: bump ssh-portal-api version --- charts/lagoon-core/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/lagoon-core/values.yaml b/charts/lagoon-core/values.yaml index b04f4c6d..7fcb96c8 100644 --- a/charts/lagoon-core/values.yaml +++ b/charts/lagoon-core/values.yaml @@ -747,7 +747,7 @@ sshPortalAPI: repository: ghcr.io/uselagoon/lagoon-ssh-portal/ssh-portal-api pullPolicy: IfNotPresent # Overrides the image tag whose default is the chart appVersion. - tag: "v0.24.0" + tag: "v0.27.0" podAnnotations: {} From e5a1a99a7c570d9596dcec10c1ca9f3a6f68092b Mon Sep 17 00:00:00 2001 From: Scott Leggett Date: Fri, 18 Nov 2022 08:26:07 +0800 Subject: [PATCH 079/167] feat: add ssh-token service --- charts/lagoon-core/templates/_helpers.tpl | 30 +++++ .../templates/ssh-token.deployment.yaml | 107 ++++++++++++++++++ .../lagoon-core/templates/ssh-token.hpa.yaml | 28 +++++ .../templates/ssh-token.secret.yaml | 22 ++++ .../templates/ssh-token.service.yaml | 32 ++++++ .../templates/ssh-token.servicemonitor.yaml | 17 +++ charts/lagoon-core/values.yaml | 44 +++++++ 7 files changed, 280 insertions(+) create mode 100644 charts/lagoon-core/templates/ssh-token.deployment.yaml create mode 100644 charts/lagoon-core/templates/ssh-token.hpa.yaml create mode 100644 charts/lagoon-core/templates/ssh-token.secret.yaml create mode 100644 charts/lagoon-core/templates/ssh-token.service.yaml create mode 100644 charts/lagoon-core/templates/ssh-token.servicemonitor.yaml diff --git a/charts/lagoon-core/templates/_helpers.tpl b/charts/lagoon-core/templates/_helpers.tpl index 09873261..2abd89ee 100644 --- a/charts/lagoon-core/templates/_helpers.tpl +++ b/charts/lagoon-core/templates/_helpers.tpl @@ -643,3 +643,33 @@ app.kubernetes.io/name: {{ include "lagoon-core.name" . }} app.kubernetes.io/component: {{ include "lagoon-core.opensearchSync.fullname" . }} app.kubernetes.io/instance: {{ .Release.Name }} {{- end }} + + + +{{/* +Create a default fully qualified app name for ssh-token. +*/}} +{{- define "lagoon-core.sshToken.fullname" -}} +{{- include "lagoon-core.fullname" . }}-ssh-token +{{- end }} + +{{/* +Common labels ssh-token. +*/}} +{{- define "lagoon-core.sshToken.labels" -}} +helm.sh/chart: {{ include "lagoon-core.chart" . }} +{{ include "lagoon-core.sshToken.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels ssh-token. +*/}} +{{- define "lagoon-core.sshToken.selectorLabels" -}} +app.kubernetes.io/name: {{ include "lagoon-core.name" . }} +app.kubernetes.io/component: {{ include "lagoon-core.sshToken.fullname" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} diff --git a/charts/lagoon-core/templates/ssh-token.deployment.yaml b/charts/lagoon-core/templates/ssh-token.deployment.yaml new file mode 100644 index 00000000..a050fd65 --- /dev/null +++ b/charts/lagoon-core/templates/ssh-token.deployment.yaml @@ -0,0 +1,107 @@ +{{- if .Values.sshToken.enabled -}} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "lagoon-core.sshToken.fullname" . }} + labels: + {{- include "lagoon-core.sshToken.labels" . | nindent 4 }} +spec: +{{- if not .Values.sshToken.autoscaling.enabled }} + replicas: {{ .Values.sshToken.replicaCount }} +{{- end }} + selector: + matchLabels: + {{- include "lagoon-core.sshToken.selectorLabels" . | nindent 6 }} + template: + metadata: + annotations: + checksum/keycloak.secret: {{ include (print $.Template.BasePath "/keycloak.secret.yaml") . | sha256sum }} + checksum/api-db.secret: {{ include (print $.Template.BasePath "/api-db.secret.yaml") . | sha256sum }} + {{- with .Values.sshToken.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "lagoon-core.sshToken.selectorLabels" . | nindent 8 }} + spec: + securityContext: + {{- toYaml (coalesce .Values.sshToken.podSecurityContext .Values.podSecurityContext) | nindent 8 }} + containers: + - name: ssh-token + securityContext: + {{- toYaml .Values.sshToken.securityContext | nindent 10 }} + image: "{{ .Values.sshToken.image.repository }}:{{ coalesce .Values.sshToken.image.tag .Values.imageTag .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.sshToken.image.pullPolicy }} + command: + - "/ssh-token" + env: + {{- if .Values.sshToken.debug }} + - name: DEBUG + value: "true" + {{- end }} + - name: KEYCLOAK_BASE_URL + value: http://{{ include "lagoon-core.keycloak.fullname" . }}:{{ .Values.keycloak.service.port }}/ + - name: KEYCLOAK_AUTH_SERVER_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: {{ include "lagoon-core.keycloak.fullname" . }} + key: KEYCLOAK_AUTH_SERVER_CLIENT_SECRET + - name: KEYCLOAK_SERVICE_API_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: {{ include "lagoon-core.keycloak.fullname" . }} + key: KEYCLOAK_SERVICE_API_CLIENT_SECRET + - name: API_DB_ADDRESS + value: {{ include "lagoon-core.apiDB.fullname" . }} + - name: API_DB_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "lagoon-core.apiDB.fullname" . }} + key: API_DB_PASSWORD + envFrom: + - secretRef: + name: {{ include "lagoon-core.sshToken.fullname" . }} + {{- range $key, $val := .Values.sshToken.additionalEnvs }} + - name: {{ $key }} + value: {{ $val | quote }} + {{- end }} + ports: + - name: metrics + containerPort: 9948 + protocol: TCP + - name: sshserver + containerPort: 2222 + protocol: TCP + resources: + {{- toYaml .Values.sshToken.resources | nindent 10 }} + {{- with .Values.sshToken.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 50 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - {{ include "lagoon-core.name" . }} + - key: app.kubernetes.io/component + operator: In + values: + - {{ include "lagoon-core.sshToken.fullname" . }} + - key: app.kubernetes.io/instance + operator: In + values: + - {{ .Release.Name }} + topologyKey: kubernetes.io/hostname + {{- with .Values.sshToken.affinity }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.sshToken.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} +{{- end }} diff --git a/charts/lagoon-core/templates/ssh-token.hpa.yaml b/charts/lagoon-core/templates/ssh-token.hpa.yaml new file mode 100644 index 00000000..2fd1c834 --- /dev/null +++ b/charts/lagoon-core/templates/ssh-token.hpa.yaml @@ -0,0 +1,28 @@ +{{- if and .Values.sshToken.enabled .Values.sshToken.autoscaling.enabled -}} +apiVersion: autoscaling/v2beta1 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "lagoon-core.sshToken.fullname" . }} + labels: + {{- include "lagoon-core.sshToken.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "lagoon-core.sshToken.fullname" . }} + minReplicas: {{ .Values.sshToken.autoscaling.minReplicas }} + maxReplicas: {{ .Values.sshToken.autoscaling.maxReplicas }} + metrics: + {{- if .Values.sshToken.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + targetAverageUtilization: {{ .Values.sshToken.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.sshToken.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + targetAverageUtilization: {{ .Values.sshToken.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} diff --git a/charts/lagoon-core/templates/ssh-token.secret.yaml b/charts/lagoon-core/templates/ssh-token.secret.yaml new file mode 100644 index 00000000..7a8f53cf --- /dev/null +++ b/charts/lagoon-core/templates/ssh-token.secret.yaml @@ -0,0 +1,22 @@ +{{- if .Values.sshToken.enabled -}} +apiVersion: v1 +kind: Secret +type: Opaque +metadata: + name: {{ include "lagoon-core.sshToken.fullname" . }} + labels: + {{- include "lagoon-core.sshToken.labels" . | nindent 4 }} +stringData: + {{- with .Values.sshToken.hostKeys.ecdsa }} + HOST_KEY_ECDSA: |- + {{- . | nindent 4 }} + {{- end }} + {{- with .Values.sshToken.hostKeys.ed25519 }} + HOST_KEY_ED25519: |- + {{- . | nindent 4 }} + {{- end }} + {{- with .Values.sshToken.hostKeys.rsa }} + HOST_KEY_RSA: |- + {{- . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/lagoon-core/templates/ssh-token.service.yaml b/charts/lagoon-core/templates/ssh-token.service.yaml new file mode 100644 index 00000000..ac6250f0 --- /dev/null +++ b/charts/lagoon-core/templates/ssh-token.service.yaml @@ -0,0 +1,32 @@ +{{- if .Values.sshToken.enabled -}} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "lagoon-core.sshToken.fullname" . }} + labels: + {{- include "lagoon-core.sshToken.labels" . | nindent 4 }} +spec: + type: {{ .Values.sshToken.service.type }} + ports: + - port: {{ .Values.sshToken.service.ports.sshserver }} + targetPort: sshserver + name: sshserver + selector: + {{- include "lagoon-core.sshToken.selectorLabels" . | nindent 4 }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ include "lagoon-core.sshToken.fullname" . }}-metrics + labels: + metrics-only: "true" + {{- include "lagoon-core.sshToken.labels" . | nindent 4 }} +spec: + type: {{ .Values.sshToken.metricsService.type }} + ports: + - port: {{ .Values.sshToken.metricsService.ports.metrics }} + targetPort: metrics + name: metrics + selector: + {{- include "lagoon-core.sshToken.selectorLabels" . | nindent 4 }} +{{- end }} diff --git a/charts/lagoon-core/templates/ssh-token.servicemonitor.yaml b/charts/lagoon-core/templates/ssh-token.servicemonitor.yaml new file mode 100644 index 00000000..7185cff7 --- /dev/null +++ b/charts/lagoon-core/templates/ssh-token.servicemonitor.yaml @@ -0,0 +1,17 @@ +{{- if and .Values.sshToken.enabled .Values.sshToken.serviceMonitor.enabled -}} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "lagoon-core.sshToken.fullname" . }} + labels: + {{- include "lagoon-core.sshToken.labels" . | nindent 4 }} +spec: + endpoints: + - port: metrics + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + selector: + matchLabels: + {{- include "lagoon-core.sshToken.selectorLabels" . | nindent 6 }} +{{- end }} diff --git a/charts/lagoon-core/values.yaml b/charts/lagoon-core/values.yaml index 7fcb96c8..3c662540 100644 --- a/charts/lagoon-core/values.yaml +++ b/charts/lagoon-core/values.yaml @@ -806,3 +806,47 @@ opensearchSync: additionalEnvs: # FOO: Bar + +sshToken: + enabled: false + replicaCount: 2 + image: + repository: ghcr.io/uselagoon/lagoon-ssh-portal/ssh-token + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: "v0.27.0" + + podAnnotations: {} + + securityContext: {} + + resources: {} + + additionalEnvs: + # FOO: Bar + + autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + + serviceMonitor: + enabled: true + + service: + type: LoadBalancer + ports: + sshserver: 22 + + metricsService: + type: ClusterIP + ports: + metrics: 9948 + + # host keys, PEM encoded + hostKeys: + ecdsa: "" + ed25519: "" + rsa: "" From 3ba34e95dcdf35c41d8f76aeb5518eafc98318aa Mon Sep 17 00:00:00 2001 From: Scott Leggett Date: Mon, 28 Nov 2022 22:52:29 +0800 Subject: [PATCH 080/167] chore: enable ssh-token in CI --- charts/lagoon-core/ci/linter-values.yaml | 25 ++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/charts/lagoon-core/ci/linter-values.yaml b/charts/lagoon-core/ci/linter-values.yaml index 91f540f9..96886343 100644 --- a/charts/lagoon-core/ci/linter-values.yaml +++ b/charts/lagoon-core/ci/linter-values.yaml @@ -118,6 +118,31 @@ sshPortalAPI: serviceMonitor: enabled: false +sshToken: + enabled: true + replicaCount: 1 + debug: true + serviceMonitor: + enabled: false + service: + type: NodePort + ports: + sshserver: 2223 + hostKeys: + ed25519: | + -----BEGIN OPENSSH PRIVATE KEY----- + b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW + QyNTUxOQAAACA/YqlzbdTqR53BHcDhvP0EVepZ66ZIT2HaXSpxdzwhMgAAAIgc+EPKHPhD + ygAAAAtzc2gtZWQyNTUxOQAAACA/YqlzbdTqR53BHcDhvP0EVepZ66ZIT2HaXSpxdzwhMg + AAAECW61aE011GKLSFBJ82G6oGEOjJSUV3STx16veSvX38kD9iqXNt1OpHncEdwOG8/QRV + 6lnrpkhPYdpdKnF3PCEyAAAAAAECAwQF + -----END OPENSSH PRIVATE KEY----- + +controllerhandler: + replicaCount: 1 + image: + repository: uselagoon/controllerhandler + imageTag: "" workflows: From 79d44c283226438c89d41ae7ba020a15e9bd7ab8 Mon Sep 17 00:00:00 2001 From: Scott Leggett Date: Thu, 17 Nov 2022 16:28:07 +0800 Subject: [PATCH 081/167] chore: bump lagoon-core chart version --- charts/lagoon-core/Chart.yaml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/charts/lagoon-core/Chart.yaml b/charts/lagoon-core/Chart.yaml index c82bbd00..98e6c5d7 100644 --- a/charts/lagoon-core/Chart.yaml +++ b/charts/lagoon-core/Chart.yaml @@ -21,7 +21,7 @@ type: application # time you make changes to the chart and its templates, including the app # version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 1.18.0 +version: 1.19.0 # This is the version number of the application being deployed. This version # number should be incremented each time you make changes to the application. @@ -40,5 +40,9 @@ dependencies: # Valid supported kinds are added, changed, deprecated, removed, fixed and security annotations: artifacthub.io/changes: | + - kind: added + description: Add support for experimental ssh-token service. - kind: changed - description: updated drush-alias to v3.1.0 for ssh-portal support + description: Allow disabling the ssh and auth-server services. + - kind: changed + description: Update ssh-portal-api to v0.27.0. From 02a106f833d03e05f8cc84891dad8004bc70def0 Mon Sep 17 00:00:00 2001 From: Scott Leggett Date: Thu, 24 Nov 2022 13:57:11 +0800 Subject: [PATCH 082/167] chore: set ssh-token values in lagoon-test --- charts/lagoon-test/templates/secret.yaml | 2 ++ charts/lagoon-test/values.yaml | 2 ++ 2 files changed, 4 insertions(+) diff --git a/charts/lagoon-test/templates/secret.yaml b/charts/lagoon-test/templates/secret.yaml index e2e63997..d548d911 100644 --- a/charts/lagoon-test/templates/secret.yaml +++ b/charts/lagoon-test/templates/secret.yaml @@ -27,6 +27,8 @@ stringData: SSH_PORT: {{ .Values.sshPort | quote }} SSH_PORTAL_HOST: {{ .Values.sshPortalHost | quote }} SSH_PORTAL_PORT: {{ .Values.sshPortalPort | quote }} + SSH_TOKEN_HOST: {{ .Values.sshTokenHost | quote }} + SSH_TOKEN_PORT: {{ .Values.sshTokenPort | quote }} SSH_PRIVATE_KEY: | {{- .Values.sshPrivateKey | nindent 4 }} WEBHOOK_HOST: {{ .Values.webhookHost | quote }} diff --git a/charts/lagoon-test/values.yaml b/charts/lagoon-test/values.yaml index b2cb9d8f..30046d25 100644 --- a/charts/lagoon-test/values.yaml +++ b/charts/lagoon-test/values.yaml @@ -14,6 +14,8 @@ sshHost: lagoon-core-ssh sshPort: 2020 sshPortalHost: lagoon-remote-ssh-portal sshPortalPort: 2222 +sshTokenHost: lagoon-core-ssh-token +sshTokenPort: 2223 sshPrivateKey: |- -----BEGIN RSA PRIVATE KEY----- MIIJKAIBAAKCAgEAxGZZrOV7Islo5p51Moabfd1YB8qbHvQZfJDZJmSU4jNxMf8G From 922a18f645ec75e6974b20bcaaee2aa460a4c2c6 Mon Sep 17 00:00:00 2001 From: Scott Leggett Date: Mon, 28 Nov 2022 22:48:21 +0800 Subject: [PATCH 083/167] chore: bump lagoon-test chart version --- charts/lagoon-test/Chart.yaml | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/charts/lagoon-test/Chart.yaml b/charts/lagoon-test/Chart.yaml index edc6aad0..86ad6abe 100644 --- a/charts/lagoon-test/Chart.yaml +++ b/charts/lagoon-test/Chart.yaml @@ -11,6 +11,14 @@ kubeVersion: ">= 1.19.0-0" type: application -version: 0.40.0 +version: 0.41.0 appVersion: v2.10.0 + +# This section is used to collect a changelog for artifacthub.io +# It should be started afresh for each release +# Valid supported kinds are added, changed, deprecated, removed, fixed and security +annotations: + artifacthub.io/changes: | + - kind: added + description: Add ssh-token environment variables to test container. From fa920e70b839c9aa439065ff2f047bb5362a557c Mon Sep 17 00:00:00 2001 From: Scott Leggett Date: Mon, 28 Nov 2022 23:40:47 +0800 Subject: [PATCH 084/167] feat: bump ssh-portal version --- charts/lagoon-remote/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/lagoon-remote/values.yaml b/charts/lagoon-remote/values.yaml index 265a8276..4427636b 100644 --- a/charts/lagoon-remote/values.yaml +++ b/charts/lagoon-remote/values.yaml @@ -122,7 +122,7 @@ sshPortal: repository: ghcr.io/uselagoon/lagoon-ssh-portal/ssh-portal pullPolicy: Always # Overrides the image tag whose default is the chart appVersion. - tag: "v0.24.0" + tag: "v0.27.0" service: type: LoadBalancer From 242898c6594486bf3e47b5c9e65ff4b516db7e15 Mon Sep 17 00:00:00 2001 From: Scott Leggett Date: Mon, 28 Nov 2022 23:41:52 +0800 Subject: [PATCH 085/167] chore: bump lagoon-remote chart version --- charts/lagoon-remote/Chart.yaml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/charts/lagoon-remote/Chart.yaml b/charts/lagoon-remote/Chart.yaml index e376816f..46cdfe69 100644 --- a/charts/lagoon-remote/Chart.yaml +++ b/charts/lagoon-remote/Chart.yaml @@ -19,7 +19,7 @@ type: application # This is the chart version. This version number should be incremented each # time you make changes to the chart and its templates, including the app # version. -version: 0.69.2 +version: 0.70.0 dependencies: - name: lagoon-build-deploy @@ -45,6 +45,4 @@ dependencies: annotations: artifacthub.io/changes: | - kind: changed - description: Updated lagoon-build-deploy to v0.18.1 - - kind: changed - description: Updated nats to v0.18.3 + description: Update ssh-portal to v0.27.0. From 7908ab51d8763b0ce788a63a8e53f8a1b3efa944 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 14 Dec 2022 00:01:06 +0000 Subject: [PATCH 086/167] chore(deps): bump helm/kind-action from 1.4.0 to 1.5.0 Bumps [helm/kind-action](https://github.com/helm/kind-action) from 1.4.0 to 1.5.0. - [Release notes](https://github.com/helm/kind-action/releases) - [Commits](https://github.com/helm/kind-action/compare/v1.4.0...v1.5.0) --- updated-dependencies: - dependency-name: helm/kind-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/lint-test-matrix.yaml | 2 +- .github/workflows/lint-test.yaml | 2 +- .github/workflows/test-suite.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/lint-test-matrix.yaml b/.github/workflows/lint-test-matrix.yaml index 4638d32e..a5d99e46 100644 --- a/.github/workflows/lint-test-matrix.yaml +++ b/.github/workflows/lint-test-matrix.yaml @@ -40,7 +40,7 @@ jobs: run: ct lint --config ./default.ct.yaml - name: Create kind cluster - uses: helm/kind-action@v1.4.0 + uses: helm/kind-action@v1.5.0 with: version: v0.17.0 node_image: kindest/node:${{ matrix.kindest_node_version }} diff --git a/.github/workflows/lint-test.yaml b/.github/workflows/lint-test.yaml index 5daa7fe1..2bed29dc 100644 --- a/.github/workflows/lint-test.yaml +++ b/.github/workflows/lint-test.yaml @@ -91,7 +91,7 @@ jobs: run: ct lint --config ./default.ct.yaml - name: Create kind cluster - uses: helm/kind-action@v1.4.0 + uses: helm/kind-action@v1.5.0 with: version: v0.17.0 node_image: kindest/node:v1.23.13@sha256:ef453bb7c79f0e3caba88d2067d4196f427794086a7d0df8df4f019d5e336b61 diff --git a/.github/workflows/test-suite.yaml b/.github/workflows/test-suite.yaml index beef18c3..07b38011 100644 --- a/.github/workflows/test-suite.yaml +++ b/.github/workflows/test-suite.yaml @@ -71,7 +71,7 @@ jobs: envsubst < test-suite.kind-config.yaml.tpl > test-suite.kind-config.yaml - name: Create kind cluster - uses: helm/kind-action@v1.4.0 + uses: helm/kind-action@v1.5.0 if: | (steps.list-changed.outputs.changed == 'true') || (contains(github.event.pull_request.labels.*.name, 'needs-testing')) From ad52b075a31d64e53f48af58ff117120301ab656 Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Wed, 21 Dec 2022 08:44:45 +1100 Subject: [PATCH 087/167] update bitnami/mongo image to 12.1.31 --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 91189b13..bd3ecd85 100644 --- a/Makefile +++ b/Makefile @@ -155,7 +155,7 @@ install-mongodb: --timeout $(TIMEOUT) \ $$($(KUBECTL) get ns mongodb > /dev/null 2>&1 && echo --set auth.rootPassword=$$($(KUBECTL) get secret --namespace mongodb mongodb -o json | $(JQ) -r '.data."mongodb-root-password" | @base64d')) \ --set tls.enabled=false \ - --version=11.2.0 \ + --version=12.1.31 \ mongodb \ bitnami/mongodb From 0d3d6fb3366ec612777be2c1e689d98c4c8a0f5a Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Fri, 23 Dec 2022 14:40:59 +1100 Subject: [PATCH 088/167] Added annotations support to ssh-portal service --- charts/lagoon-remote/Chart.yaml | 6 +++--- charts/lagoon-remote/templates/ssh-portal.service.yaml | 4 ++++ charts/lagoon-remote/values.yaml | 1 + 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/charts/lagoon-remote/Chart.yaml b/charts/lagoon-remote/Chart.yaml index 46cdfe69..f4395e28 100644 --- a/charts/lagoon-remote/Chart.yaml +++ b/charts/lagoon-remote/Chart.yaml @@ -19,7 +19,7 @@ type: application # This is the chart version. This version number should be incremented each # time you make changes to the chart and its templates, including the app # version. -version: 0.70.0 +version: 0.70.1 dependencies: - name: lagoon-build-deploy @@ -44,5 +44,5 @@ dependencies: # Valid supported kinds are added, changed, deprecated, removed, fixed and security annotations: artifacthub.io/changes: | - - kind: changed - description: Update ssh-portal to v0.27.0. + - kind: added + description: Added annotations support to ssh-portal service. diff --git a/charts/lagoon-remote/templates/ssh-portal.service.yaml b/charts/lagoon-remote/templates/ssh-portal.service.yaml index e2ff71b5..1c345d83 100644 --- a/charts/lagoon-remote/templates/ssh-portal.service.yaml +++ b/charts/lagoon-remote/templates/ssh-portal.service.yaml @@ -5,6 +5,10 @@ metadata: name: {{ include "lagoon-remote.sshPortal.fullname" . }} labels: {{- include "lagoon-remote.sshPortal.labels" . | nindent 4 }} + {{- with .Values.sshPortal.service.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} spec: type: {{ .Values.sshPortal.service.type }} ports: diff --git a/charts/lagoon-remote/values.yaml b/charts/lagoon-remote/values.yaml index 4427636b..8ace4608 100644 --- a/charts/lagoon-remote/values.yaml +++ b/charts/lagoon-remote/values.yaml @@ -128,6 +128,7 @@ sshPortal: type: LoadBalancer ports: sshserver: 22 + annotations: {} metricsService: type: ClusterIP From 77915c780c5dc4296ecb39f473fae15973719219 Mon Sep 17 00:00:00 2001 From: Scott Leggett Date: Fri, 23 Dec 2022 15:53:18 +0800 Subject: [PATCH 089/167] feat: update the ssh-portal image to v0.27.1 Fixes https://github.com/uselagoon/lagoon-ssh-portal/issues/158 --- charts/lagoon-remote/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/lagoon-remote/values.yaml b/charts/lagoon-remote/values.yaml index 4427636b..21b2ca89 100644 --- a/charts/lagoon-remote/values.yaml +++ b/charts/lagoon-remote/values.yaml @@ -122,7 +122,7 @@ sshPortal: repository: ghcr.io/uselagoon/lagoon-ssh-portal/ssh-portal pullPolicy: Always # Overrides the image tag whose default is the chart appVersion. - tag: "v0.27.0" + tag: "v0.27.1" service: type: LoadBalancer From 4195ec8b51e4ba8ad4cdec5b34aa979a55abc4b2 Mon Sep 17 00:00:00 2001 From: Scott Leggett Date: Fri, 23 Dec 2022 15:54:03 +0800 Subject: [PATCH 090/167] chore: bump lagoon-remote chart version --- charts/lagoon-remote/Chart.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/lagoon-remote/Chart.yaml b/charts/lagoon-remote/Chart.yaml index 46cdfe69..4c96c2ce 100644 --- a/charts/lagoon-remote/Chart.yaml +++ b/charts/lagoon-remote/Chart.yaml @@ -19,7 +19,7 @@ type: application # This is the chart version. This version number should be incremented each # time you make changes to the chart and its templates, including the app # version. -version: 0.70.0 +version: 0.72.0 dependencies: - name: lagoon-build-deploy @@ -45,4 +45,4 @@ dependencies: annotations: artifacthub.io/changes: | - kind: changed - description: Update ssh-portal to v0.27.0. + description: Update ssh-portal to v0.27.1. From f768a158276ea555758ea6fa1b6fc5eb705e7eee Mon Sep 17 00:00:00 2001 From: Scott Leggett Date: Fri, 23 Dec 2022 15:56:12 +0800 Subject: [PATCH 091/167] feat: bump ssh-portal-api and ssh-token versions --- charts/lagoon-core/values.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/lagoon-core/values.yaml b/charts/lagoon-core/values.yaml index 3c662540..f033c1b9 100644 --- a/charts/lagoon-core/values.yaml +++ b/charts/lagoon-core/values.yaml @@ -747,7 +747,7 @@ sshPortalAPI: repository: ghcr.io/uselagoon/lagoon-ssh-portal/ssh-portal-api pullPolicy: IfNotPresent # Overrides the image tag whose default is the chart appVersion. - tag: "v0.27.0" + tag: "v0.27.1" podAnnotations: {} @@ -814,7 +814,7 @@ sshToken: repository: ghcr.io/uselagoon/lagoon-ssh-portal/ssh-token pullPolicy: IfNotPresent # Overrides the image tag whose default is the chart appVersion. - tag: "v0.27.0" + tag: "v0.27.1" podAnnotations: {} From 99f6b45a38f6ad3513fd4b7f9f195354a2feb105 Mon Sep 17 00:00:00 2001 From: Scott Leggett Date: Fri, 23 Dec 2022 15:56:39 +0800 Subject: [PATCH 092/167] chore: bump lagoon-core chart version --- charts/lagoon-core/Chart.yaml | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/charts/lagoon-core/Chart.yaml b/charts/lagoon-core/Chart.yaml index 98e6c5d7..ea78d9a4 100644 --- a/charts/lagoon-core/Chart.yaml +++ b/charts/lagoon-core/Chart.yaml @@ -21,7 +21,7 @@ type: application # time you make changes to the chart and its templates, including the app # version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 1.19.0 +version: 1.20.0 # This is the version number of the application being deployed. This version # number should be incremented each time you make changes to the application. @@ -40,9 +40,5 @@ dependencies: # Valid supported kinds are added, changed, deprecated, removed, fixed and security annotations: artifacthub.io/changes: | - - kind: added - description: Add support for experimental ssh-token service. - kind: changed - description: Allow disabling the ssh and auth-server services. - - kind: changed - description: Update ssh-portal-api to v0.27.0. + description: Update ssh-portal-api and ssh-token to v0.27.1. From c8c9e5a77ad0650374d7c85e20339eb3738eb9f5 Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Wed, 28 Dec 2022 13:42:34 +1100 Subject: [PATCH 093/167] set correct chart ver --- charts/lagoon-remote/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/lagoon-remote/Chart.yaml b/charts/lagoon-remote/Chart.yaml index f4395e28..cd1e6b83 100644 --- a/charts/lagoon-remote/Chart.yaml +++ b/charts/lagoon-remote/Chart.yaml @@ -19,7 +19,7 @@ type: application # This is the chart version. This version number should be incremented each # time you make changes to the chart and its templates, including the app # version. -version: 0.70.1 +version: 0.71.0 dependencies: - name: lagoon-build-deploy From 7125648b2ece33e24227734baf30f52f0e7fa5a8 Mon Sep 17 00:00:00 2001 From: Scott Leggett Date: Tue, 3 Jan 2023 23:02:57 +0800 Subject: [PATCH 094/167] fix: handle forward target hosts with dynamic DNS --- .../templates/logs-dispatcher.fluent-conf.configmap.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/charts/lagoon-logging/templates/logs-dispatcher.fluent-conf.configmap.yaml b/charts/lagoon-logging/templates/logs-dispatcher.fluent-conf.configmap.yaml index 6eb8e766..0022fa52 100644 --- a/charts/lagoon-logging/templates/logs-dispatcher.fluent-conf.configmap.yaml +++ b/charts/lagoon-logging/templates/logs-dispatcher.fluent-conf.configmap.yaml @@ -459,6 +459,8 @@ data: # endpoint keepalive true # makes sure the connection is not recreated every second keepalive_timeout 10m # reconnect after 10mins in order to handle DNS changes, etc. + # avoid persistent DNS cache in case the server IP changes + expire_dns_cache 21600 # refresh cached DNS every 6 hours port "#{ENV['LOGS_FORWARD_HOST_PORT']}" host "#{ENV['LOGS_FORWARD_HOST']}" From 6152668ce157b82df0ae188769890572264193c7 Mon Sep 17 00:00:00 2001 From: Scott Leggett Date: Tue, 3 Jan 2023 23:06:57 +0800 Subject: [PATCH 095/167] chore: bump lagoon-logging chart version --- charts/lagoon-logging/Chart.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/lagoon-logging/Chart.yaml b/charts/lagoon-logging/Chart.yaml index 102cf7f4..56790b9a 100644 --- a/charts/lagoon-logging/Chart.yaml +++ b/charts/lagoon-logging/Chart.yaml @@ -19,7 +19,7 @@ type: application # time you make changes to the chart and its templates, including the app # version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.74.0 +version: 0.74.1 dependencies: - name: logging-operator @@ -32,5 +32,5 @@ dependencies: # Valid supported kinds are added, changed, deprecated, removed, fixed and security annotations: artifacthub.io/changes: | - - kind: changed - description: Update logs-dispatcher to v3.3.0. + - kind: fixed + description: Handle forward target hosts with dynamic DNS. From 56cda917ea63a571978f21f17c932bddd1864993 Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Wed, 4 Jan 2023 08:15:34 +1100 Subject: [PATCH 096/167] update kubernetes reqs --- charts/lagoon-build-deploy/Chart.yaml | 6 +++--- charts/lagoon-core/Chart.yaml | 6 +++--- charts/lagoon-logging/Chart.yaml | 6 +++--- charts/lagoon-logs-concentrator/Chart.yaml | 12 ++++++++++-- charts/lagoon-remote/Chart.yaml | 6 +++--- charts/lagoon-test/Chart.yaml | 7 +++++-- charts/lagoon-test/values.yaml | 20 ++++++++++++++++++-- 7 files changed, 45 insertions(+), 18 deletions(-) diff --git a/charts/lagoon-build-deploy/Chart.yaml b/charts/lagoon-build-deploy/Chart.yaml index 32e39b3d..3e1ba553 100644 --- a/charts/lagoon-build-deploy/Chart.yaml +++ b/charts/lagoon-build-deploy/Chart.yaml @@ -12,15 +12,15 @@ maintainers: - name: smlx email: scott.leggett@amazee.io url: https://amazee.io -kubeVersion: ">= 1.19.0-0" +kubeVersion: ">= 1.21.0-0" type: application -version: 0.18.1 +version: 0.19.0 appVersion: v0.7.2 annotations: artifacthub.io/changes: | - kind: changed - description: bump remote-controller to v0.7.2 + description: introduced minimum kubernetes version 1.21 diff --git a/charts/lagoon-core/Chart.yaml b/charts/lagoon-core/Chart.yaml index ea78d9a4..7dc33e95 100644 --- a/charts/lagoon-core/Chart.yaml +++ b/charts/lagoon-core/Chart.yaml @@ -11,7 +11,7 @@ maintainers: - name: shreddedbacon email: ben.jackson@amazee.io url: https://amazee.io -kubeVersion: ">= 1.19.0-0" +kubeVersion: ">= 1.21.0-0" # Application charts are a collection of templates that can be packaged into # versioned archives to be deployed. @@ -21,7 +21,7 @@ type: application # time you make changes to the chart and its templates, including the app # version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 1.20.0 +version: 1.21.0 # This is the version number of the application being deployed. This version # number should be incremented each time you make changes to the application. @@ -41,4 +41,4 @@ dependencies: annotations: artifacthub.io/changes: | - kind: changed - description: Update ssh-portal-api and ssh-token to v0.27.1. + description: introduced minimum kubernetes version 1.21 diff --git a/charts/lagoon-logging/Chart.yaml b/charts/lagoon-logging/Chart.yaml index 102cf7f4..e5fba8c9 100644 --- a/charts/lagoon-logging/Chart.yaml +++ b/charts/lagoon-logging/Chart.yaml @@ -9,7 +9,7 @@ maintainers: - name: smlx email: scott.leggett@amazee.io url: https://amazee.io -kubeVersion: ">= 1.19.0-0" +kubeVersion: ">= 1.21.0-0" # Application charts are a collection of templates that can be packaged into # versioned archives to be deployed. @@ -19,7 +19,7 @@ type: application # time you make changes to the chart and its templates, including the app # version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.74.0 +version: 0.75.0 dependencies: - name: logging-operator @@ -33,4 +33,4 @@ dependencies: annotations: artifacthub.io/changes: | - kind: changed - description: Update logs-dispatcher to v3.3.0. + description: introduced minimum kubernetes version 1.21 diff --git a/charts/lagoon-logs-concentrator/Chart.yaml b/charts/lagoon-logs-concentrator/Chart.yaml index e845a941..1d8b9667 100644 --- a/charts/lagoon-logs-concentrator/Chart.yaml +++ b/charts/lagoon-logs-concentrator/Chart.yaml @@ -9,7 +9,7 @@ maintainers: - name: smlx email: scott.leggett@amazee.io url: https://amazee.io -kubeVersion: ">= 1.19.0-0" +kubeVersion: ">= 1.21.0-0" # Application charts are a collection of templates that can be packaged into # versioned archives to be deployed. @@ -19,4 +19,12 @@ type: application # time you make changes to the chart and its templates, including the app # version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.42.0 +version: 0.43.0 + +# This section is used to collect a changelog for artifacthub.io +# It should be started afresh for each release +# Valid supported kinds are added, changed, deprecated, removed, fixed and security +annotations: + artifacthub.io/changes: | + - kind: changed + description: introduced minimum kubernetes version 1.21 diff --git a/charts/lagoon-remote/Chart.yaml b/charts/lagoon-remote/Chart.yaml index 4c96c2ce..963a18ac 100644 --- a/charts/lagoon-remote/Chart.yaml +++ b/charts/lagoon-remote/Chart.yaml @@ -10,7 +10,7 @@ maintainers: - name: smlx email: scott.leggett@amazee.io url: https://amazee.io -kubeVersion: ">= 1.19.0-0" +kubeVersion: ">= 1.21.0-0" # Application charts are a collection of templates that can be packaged into # versioned archives to be deployed. @@ -19,7 +19,7 @@ type: application # This is the chart version. This version number should be incremented each # time you make changes to the chart and its templates, including the app # version. -version: 0.72.0 +version: 0.73.0 dependencies: - name: lagoon-build-deploy @@ -45,4 +45,4 @@ dependencies: annotations: artifacthub.io/changes: | - kind: changed - description: Update ssh-portal to v0.27.1. + description: introduced minimum kubernetes version 1.21 diff --git a/charts/lagoon-test/Chart.yaml b/charts/lagoon-test/Chart.yaml index 86ad6abe..1bcaa8ef 100644 --- a/charts/lagoon-test/Chart.yaml +++ b/charts/lagoon-test/Chart.yaml @@ -7,7 +7,7 @@ maintainers: - name: smlx email: scott.leggett@amazee.io url: https://amazee.io -kubeVersion: ">= 1.19.0-0" +kubeVersion: ">= 1.21.0-0" type: application @@ -21,4 +21,7 @@ appVersion: v2.10.0 annotations: artifacthub.io/changes: | - kind: added - description: Add ssh-token environment variables to test container. + description: added services test and deprecated old tests + - kind: changed + description: introduced minimum kubernetes version 1.21 + diff --git a/charts/lagoon-test/values.yaml b/charts/lagoon-test/values.yaml index 30046d25..0bea382c 100644 --- a/charts/lagoon-test/values.yaml +++ b/charts/lagoon-test/values.yaml @@ -135,7 +135,23 @@ tests: tests: [] # This value is required when suiteEnabled is true, and must be set to one or # more of the valid test suites: - # - features-kubernetes # - active-standby-kubernetes + # - api + # - deploytarget + # - features-kubernetes + # - features-kubernetes-2 + # - features-variables + # - services + # - ssh-portal + # - tasks + # - bitbucket + # - bulk-deployment + # - drush + # - generic + # - github + # - gitlab + # - image-cache # - nginx - # - drupal + # - node + # - python + # - workflows From 5140fd0517d7a3af0d9799766d685bb0e15723bc Mon Sep 17 00:00:00 2001 From: Scott Leggett Date: Thu, 5 Jan 2023 10:51:47 +0800 Subject: [PATCH 097/167] fix: use the latest version of logs-dispatcher for the cdn collector --- charts/lagoon-logging/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/lagoon-logging/values.yaml b/charts/lagoon-logging/values.yaml index 8a8889dc..dab2e9e6 100644 --- a/charts/lagoon-logging/values.yaml +++ b/charts/lagoon-logging/values.yaml @@ -121,7 +121,7 @@ cdnLogsCollector: repository: uselagoon/logs-dispatcher pullPolicy: IfNotPresent # Overrides the image tag whose default is "latest". - tag: "v3.1.0" + tag: "v3.3.0" podAnnotations: {} From 554cb874f3a24b16020abb7322a4255b5cacb2a3 Mon Sep 17 00:00:00 2001 From: Scott Leggett Date: Thu, 5 Jan 2023 10:53:19 +0800 Subject: [PATCH 098/167] chore: bump lagoon-logging chart version --- charts/lagoon-logging/Chart.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/lagoon-logging/Chart.yaml b/charts/lagoon-logging/Chart.yaml index 56790b9a..abf546e3 100644 --- a/charts/lagoon-logging/Chart.yaml +++ b/charts/lagoon-logging/Chart.yaml @@ -19,7 +19,7 @@ type: application # time you make changes to the chart and its templates, including the app # version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.74.1 +version: 0.74.2 dependencies: - name: logging-operator @@ -33,4 +33,4 @@ dependencies: annotations: artifacthub.io/changes: | - kind: fixed - description: Handle forward target hosts with dynamic DNS. + description: Use version v3.3.0 of logs-dispatcher for the cdn logs collector. From 2224cf304b6c7ea2bb48326aa4f9d6669de3c4ae Mon Sep 17 00:00:00 2001 From: Scott Leggett Date: Thu, 5 Jan 2023 14:54:03 +0800 Subject: [PATCH 099/167] fix: reduce logs-dispatcher DNS TTL This fixes a bug where the log buffer fills too quickly after DNS changes. --- .../templates/logs-dispatcher.fluent-conf.configmap.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/lagoon-logging/templates/logs-dispatcher.fluent-conf.configmap.yaml b/charts/lagoon-logging/templates/logs-dispatcher.fluent-conf.configmap.yaml index 0022fa52..1eb548c8 100644 --- a/charts/lagoon-logging/templates/logs-dispatcher.fluent-conf.configmap.yaml +++ b/charts/lagoon-logging/templates/logs-dispatcher.fluent-conf.configmap.yaml @@ -460,7 +460,7 @@ data: keepalive true # makes sure the connection is not recreated every second keepalive_timeout 10m # reconnect after 10mins in order to handle DNS changes, etc. # avoid persistent DNS cache in case the server IP changes - expire_dns_cache 21600 # refresh cached DNS every 6 hours + expire_dns_cache 3600 # refresh cached DNS every hour port "#{ENV['LOGS_FORWARD_HOST_PORT']}" host "#{ENV['LOGS_FORWARD_HOST']}" From 17a1e48c4972edf36aa8d0627e7ccd3b392f3dbc Mon Sep 17 00:00:00 2001 From: Scott Leggett Date: Thu, 5 Jan 2023 14:55:41 +0800 Subject: [PATCH 100/167] chore: bump lagoon-logging chart version --- charts/lagoon-logging/Chart.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/lagoon-logging/Chart.yaml b/charts/lagoon-logging/Chart.yaml index abf546e3..487c4c19 100644 --- a/charts/lagoon-logging/Chart.yaml +++ b/charts/lagoon-logging/Chart.yaml @@ -19,7 +19,7 @@ type: application # time you make changes to the chart and its templates, including the app # version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.74.2 +version: 0.74.3 dependencies: - name: logging-operator @@ -33,4 +33,4 @@ dependencies: annotations: artifacthub.io/changes: | - kind: fixed - description: Use version v3.3.0 of logs-dispatcher for the cdn logs collector. + description: Reduce DNS cache TTL from 6 hours to 1 hour to adapt to DNS changes more quickly. From cf41283d337cb1883033e668a57943b08d34e604 Mon Sep 17 00:00:00 2001 From: Scott Leggett Date: Thu, 5 Jan 2023 13:54:11 +0800 Subject: [PATCH 101/167] feat: bump logs-concentrator image version for Opensearch support --- charts/lagoon-logs-concentrator/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/lagoon-logs-concentrator/values.yaml b/charts/lagoon-logs-concentrator/values.yaml index 7ba5e188..25b9d2de 100644 --- a/charts/lagoon-logs-concentrator/values.yaml +++ b/charts/lagoon-logs-concentrator/values.yaml @@ -12,7 +12,7 @@ image: repository: uselagoon/logs-concentrator pullPolicy: IfNotPresent # Overrides the image tag whose default is "latest". - tag: "v3.0.0" + tag: "v3.1.0" imagePullSecrets: [] nameOverride: "" From 3a8e23c164b3c3124fa92a4252b1fcf060ae18fb Mon Sep 17 00:00:00 2001 From: Scott Leggett Date: Thu, 5 Jan 2023 13:44:20 +0800 Subject: [PATCH 102/167] feat: switch lagoon-logs-concentrator configuration to Opensearch Elasticsearch support is deprecated. --- charts/lagoon-logs-concentrator/README.md | 2 +- .../ci/linter-values.yaml | 6 ++--- .../templates/NOTES.txt | 2 +- .../templates/env.configmap.yaml | 10 ++++----- .../templates/fluent-conf.configmap.yaml | 22 +++++++++---------- .../templates/secret.yaml | 8 +++---- .../templates/statefulset.yaml | 4 ++-- charts/lagoon-logs-concentrator/values.yaml | 16 +++++++------- 8 files changed, 35 insertions(+), 35 deletions(-) diff --git a/charts/lagoon-logs-concentrator/README.md b/charts/lagoon-logs-concentrator/README.md index 4335be7c..f915883a 100644 --- a/charts/lagoon-logs-concentrator/README.md +++ b/charts/lagoon-logs-concentrator/README.md @@ -1,7 +1,7 @@ # Logs Concentrator This service collects logs from logs-dispatchers (both local and remote) using -fluentd's forward protocol, and sends them to Elasticsearch. +fluentd's forward protocol, and sends them to Opensearch. ## Configuration diff --git a/charts/lagoon-logs-concentrator/ci/linter-values.yaml b/charts/lagoon-logs-concentrator/ci/linter-values.yaml index 6bbb6eb6..7a8424b3 100644 --- a/charts/lagoon-logs-concentrator/ci/linter-values.yaml +++ b/charts/lagoon-logs-concentrator/ci/linter-values.yaml @@ -1,7 +1,7 @@ # values for CI linting and testing -elasticsearchHost: "logs-db-service.elasticsearch.svc.cluster.local" -elasticsearchAdminUser: "admin" -elasticsearchAdminPassword: "securepass" +opensearchHost: "logs-db-service.opensearch.svc.cluster.local" +opensearchAdminUser: "admin" +opensearchAdminPassword: "securepass" tls: caCert: |- -----BEGIN CERTIFICATE----- diff --git a/charts/lagoon-logs-concentrator/templates/NOTES.txt b/charts/lagoon-logs-concentrator/templates/NOTES.txt index a92a7355..1cbceaa5 100644 --- a/charts/lagoon-logs-concentrator/templates/NOTES.txt +++ b/charts/lagoon-logs-concentrator/templates/NOTES.txt @@ -2,4 +2,4 @@ Thank you for installing {{ .Chart.Name }}. Your release is named {{ .Release.Name }}. -Your logs are now being sent to {{ default "http" .Values.elasticsearchScheme }}://{{ .Values.elasticsearchHost }}:{{ default "9200" .Values.elasticsearchHostPort }} +Your logs are now being sent to {{ default "http" .Values.opensearchScheme }}://{{ .Values.opensearchHost }}:{{ default "9200" .Values.opensearchHostPort }} diff --git a/charts/lagoon-logs-concentrator/templates/env.configmap.yaml b/charts/lagoon-logs-concentrator/templates/env.configmap.yaml index 01002ee0..41e0d487 100644 --- a/charts/lagoon-logs-concentrator/templates/env.configmap.yaml +++ b/charts/lagoon-logs-concentrator/templates/env.configmap.yaml @@ -5,10 +5,10 @@ metadata: labels: {{- include "lagoon-logs-concentrator.labels" . | nindent 4 }} data: - ELASTICSEARCH_HOST: {{ required "A valid .Values.elasticsearchHost required!" .Values.elasticsearchHost }} -{{- if .Values.elasticsearchHostPort }} - ELASTICSEARCH_HOST_PORT: {{ .Values.elasticsearchHostPort | quote }} + OPENSEARCH_HOST: {{ required "A valid .Values.opensearchHost required!" .Values.opensearchHost }} +{{- if .Values.opensearchHostPort }} + OPENSEARCH_HOST_PORT: {{ .Values.opensearchHostPort | quote }} {{- end }} -{{- if .Values.elasticsearchScheme }} - ELASTICSEARCH_SCHEME: {{ .Values.elasticsearchScheme }} +{{- if .Values.opensearchScheme }} + OPENSEARCH_SCHEME: {{ .Values.opensearchScheme }} {{- end }} diff --git a/charts/lagoon-logs-concentrator/templates/fluent-conf.configmap.yaml b/charts/lagoon-logs-concentrator/templates/fluent-conf.configmap.yaml index 3cf038f5..015693e9 100644 --- a/charts/lagoon-logs-concentrator/templates/fluent-conf.configmap.yaml +++ b/charts/lagoon-logs-concentrator/templates/fluent-conf.configmap.yaml @@ -54,20 +54,20 @@ data: - # send to elasticsearch + # send to opensearch - @type elasticsearch - @id out_elasticsearch - # be more verbose about elasticsearch problems + @type opensearch + @id out_opensearch + # be more verbose about opensearch problems @log_level info # ingestion target_index_key index_name include_timestamp true time_key time # endpoint - host "#{ENV['ELASTICSEARCH_HOST']}" - port "#{ENV.fetch('ELASTICSEARCH_HOST_PORT','9200')}" - scheme "#{ENV.fetch('ELASTICSEARCH_SCHEME','http')}" + host "#{ENV['OPENSEARCH_HOST']}" + port "#{ENV.fetch('OPENSEARCH_HOST_PORT','9200')}" + scheme "#{ENV.fetch('OPENSEARCH_SCHEME','http')}" ssl_min_version TLSv1_2 ssl_max_version TLSv1_3 user "#{ENV['LOGSDB_ADMIN_USER']}" @@ -80,7 +80,7 @@ data: log_es_400_reason true @type file - path /fluentd/buffer/elasticsearch + path /fluentd/buffer/opensearch # buffer params (per worker) total_limit_size 8GB # flush params @@ -89,20 +89,20 @@ data: flush_thread_burst_interval 0 # don't sleep if there are more chunks to be flushed retry_max_interval 30s # limit exponential backoff period retry_timeout 12h # limit the time spent retrying chunk submission - chunk_limit_size 32MB # chunks cannot be bigger than the max HTTP limit of Elasticsearch (which is 100MB) + chunk_limit_size 32MB # chunks cannot be bigger than the max HTTP limit of Opensearch (which is 100MB) overflow_action drop_oldest_chunk # drop chunks once they reach retry limits # silence warnings (these have no effect) type_name _doc suppress_type_name true ssl_version TLSv1_2 -{{- if not .Values.elasticsearchTLSVerify }} +{{- if not .Values.opensearchTLSVerify }} ssl_verify false {{- end }} {{- if not .Values.verifyESVersionAtStartup }} verify_es_version_at_startup false {{- end }} -{{- if .Values.elasticsearchCACert }} +{{- if .Values.opensearchCACert }} ca_file /fluentd/es-tls/ca.crt {{- end }} diff --git a/charts/lagoon-logs-concentrator/templates/secret.yaml b/charts/lagoon-logs-concentrator/templates/secret.yaml index e8b592ac..9d00b054 100644 --- a/charts/lagoon-logs-concentrator/templates/secret.yaml +++ b/charts/lagoon-logs-concentrator/templates/secret.yaml @@ -7,8 +7,8 @@ metadata: {{- include "lagoon-logs-concentrator.labels" . | nindent 4 }} stringData: FORWARD_SHARED_KEY: {{ required "A valid .Values.forwardSharedKey required!" .Values.forwardSharedKey }} - LOGSDB_ADMIN_USER: {{ .Values.elasticsearchAdminUser }} - LOGSDB_ADMIN_PASSWORD: {{ required "A valid .Values.elasticsearchAdminPassword required!" .Values.elasticsearchAdminPassword }} + LOGSDB_ADMIN_USER: {{ .Values.opensearchAdminUser }} + LOGSDB_ADMIN_PASSWORD: {{ required "A valid .Values.opensearchAdminPassword required!" .Values.opensearchAdminPassword }} --- apiVersion: v1 kind: Secret @@ -40,7 +40,7 @@ stringData: password "{{ .password }}" {{- end }} -{{- if .Values.elasticsearchCACert }} +{{- if .Values.opensearchCACert }} --- apiVersion: v1 kind: Secret @@ -51,5 +51,5 @@ metadata: {{- include "lagoon-logs-concentrator.labels" . | nindent 4 }} stringData: ca.crt: | - {{- .Values.elasticsearchCACert | nindent 4 }} + {{- .Values.opensearchCACert | nindent 4 }} {{- end }} diff --git a/charts/lagoon-logs-concentrator/templates/statefulset.yaml b/charts/lagoon-logs-concentrator/templates/statefulset.yaml index e578767c..f9784dd3 100644 --- a/charts/lagoon-logs-concentrator/templates/statefulset.yaml +++ b/charts/lagoon-logs-concentrator/templates/statefulset.yaml @@ -78,7 +78,7 @@ spec: name: {{ include "lagoon-logs-concentrator.fullname" . }}-buffer - mountPath: /fluentd/tls/ name: {{ include "lagoon-logs-concentrator.fullname" . }}-tls - {{- if .Values.elasticsearchCACert }} + {{- if .Values.opensearchCACert }} - mountPath: /fluentd/es-tls/ name: {{ include "lagoon-logs-concentrator.fullname" . }}-es-tls {{- end }} @@ -112,7 +112,7 @@ spec: defaultMode: 420 secretName: {{ include "lagoon-logs-concentrator.fullname" . }}-users name: {{ include "lagoon-logs-concentrator.fullname" . }}-users - {{- if .Values.elasticsearchCACert }} + {{- if .Values.opensearchCACert }} - secret: defaultMode: 420 secretName: {{ include "lagoon-logs-concentrator.fullname" . }}-es-tls diff --git a/charts/lagoon-logs-concentrator/values.yaml b/charts/lagoon-logs-concentrator/values.yaml index 25b9d2de..f9e4eef1 100644 --- a/charts/lagoon-logs-concentrator/values.yaml +++ b/charts/lagoon-logs-concentrator/values.yaml @@ -69,19 +69,19 @@ affinity: {} # this is set to false in CI so that the concentrator will start without ES # being installed verifyESVersionAtStartup: true -# Verification of the certificate presented by the elasticsearch endpoint can +# Verification of the certificate presented by the opensearch endpoint can # be disabled by setting this option to false, which can be useful for CI and # manual testing. Do not disable this in production. -elasticsearchTLSVerify: true +opensearchTLSVerify: true # The values below must be supplied during installation. # Certificates should be provided in PEM format, and are generated as described # in the README. -elasticsearchAdminUser: "admin" +opensearchAdminUser: "admin" # Sample data shown below. -# elasticsearchHost: "logs-db-service.elasticsearch.svc.cluster.local" -# elasticsearchAdminPassword: "securepass" +# opensearchHost: "logs-db-service.opensearch.svc.cluster.local" +# opensearchAdminPassword: "securepass" # tls: # caCert: | # -----BEGIN CERTIFICATE----- @@ -104,14 +104,14 @@ elasticsearchAdminUser: "admin" # The values below are optional. -# elasticsearchHostPort: "443" # default 9200 -# elasticsearchScheme: https # default http +# opensearchHostPort: "443" # default 9200 +# opensearchScheme: https # default http # service: # type: LoadBalancer # default ClusterIP. Set to LoadBalancer to # # expose the logs-concentrator service # # publicly. # -# elasticsearchCACert: | # if elasticsearch is presenting a certificate +# opensearchCACert: | # if opensearch is presenting a certificate # -----BEGIN CERTIFICATE----- # signed by a private CA, then define the CA # ... # root certificate here. # -----END CERTIFICATE----- From 9fa065285b0b93fd5cfb178d07b3da0212cc3b3c Mon Sep 17 00:00:00 2001 From: Scott Leggett Date: Thu, 5 Jan 2023 13:59:25 +0800 Subject: [PATCH 103/167] chore: bump lagoon-logs-concentrator chart version --- charts/lagoon-logs-concentrator/Chart.yaml | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/charts/lagoon-logs-concentrator/Chart.yaml b/charts/lagoon-logs-concentrator/Chart.yaml index e845a941..52f32a0e 100644 --- a/charts/lagoon-logs-concentrator/Chart.yaml +++ b/charts/lagoon-logs-concentrator/Chart.yaml @@ -19,4 +19,16 @@ type: application # time you make changes to the chart and its templates, including the app # version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.42.0 +version: 0.43.0 + +# This section is used to collect a changelog for artifacthub.io +# It should be started afresh for each release +# Valid supported kinds are added, changed, deprecated, removed, fixed and security +annotations: + artifacthub.io/changes: | + - kind: changed + description: Use version v3.1.0 of logs-concentrator which adds the opensearch fluentd plugin. + - kind: changed + description: Switch default chart configuration from Elasticsearch to Opensearch. + - kind: removed + description: Default chart support for Elasticsearch. From 2dec3222de5bfc076991dceed52772d00adebaaf Mon Sep 17 00:00:00 2001 From: Scott Leggett Date: Thu, 5 Jan 2023 14:28:31 +0800 Subject: [PATCH 104/167] fix: update the version verification config option Name changed from ES to OS. --- charts/lagoon-logs-concentrator/ci/linter-values.yaml | 4 ++-- .../templates/fluent-conf.configmap.yaml | 4 ++-- charts/lagoon-logs-concentrator/values.yaml | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/charts/lagoon-logs-concentrator/ci/linter-values.yaml b/charts/lagoon-logs-concentrator/ci/linter-values.yaml index 7a8424b3..01fe6a79 100644 --- a/charts/lagoon-logs-concentrator/ci/linter-values.yaml +++ b/charts/lagoon-logs-concentrator/ci/linter-values.yaml @@ -41,8 +41,8 @@ users: password: "securepass" - username: "example2" password: "securepass" -# allow fluentd to start without connecting to ES -verifyESVersionAtStartup: false +# allow fluentd to start without connecting to Opensearch +verifyOSVersionAtStartup: false serviceMonitor: enabled: false diff --git a/charts/lagoon-logs-concentrator/templates/fluent-conf.configmap.yaml b/charts/lagoon-logs-concentrator/templates/fluent-conf.configmap.yaml index 015693e9..fa363eb4 100644 --- a/charts/lagoon-logs-concentrator/templates/fluent-conf.configmap.yaml +++ b/charts/lagoon-logs-concentrator/templates/fluent-conf.configmap.yaml @@ -99,8 +99,8 @@ data: {{- if not .Values.opensearchTLSVerify }} ssl_verify false {{- end }} -{{- if not .Values.verifyESVersionAtStartup }} - verify_es_version_at_startup false +{{- if not .Values.verifyOSVersionAtStartup }} + verify_os_version_at_startup false {{- end }} {{- if .Values.opensearchCACert }} ca_file /fluentd/es-tls/ca.crt diff --git a/charts/lagoon-logs-concentrator/values.yaml b/charts/lagoon-logs-concentrator/values.yaml index f9e4eef1..6d9cff3e 100644 --- a/charts/lagoon-logs-concentrator/values.yaml +++ b/charts/lagoon-logs-concentrator/values.yaml @@ -66,9 +66,9 @@ tolerations: [] affinity: {} -# this is set to false in CI so that the concentrator will start without ES +# this is set to false in CI so that the concentrator will start without OS # being installed -verifyESVersionAtStartup: true +verifyOSVersionAtStartup: true # Verification of the certificate presented by the opensearch endpoint can # be disabled by setting this option to false, which can be useful for CI and # manual testing. Do not disable this in production. From 7a55cdbd2427b2fa6ccd9e7fcb5ecb6ed2482e2f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 9 Jan 2023 00:10:01 +0000 Subject: [PATCH 105/167] chore(deps): bump helm/chart-releaser-action from 1.4.1 to 1.5.0 Bumps [helm/chart-releaser-action](https://github.com/helm/chart-releaser-action) from 1.4.1 to 1.5.0. - [Release notes](https://github.com/helm/chart-releaser-action/releases) - [Commits](https://github.com/helm/chart-releaser-action/compare/v1.4.1...v1.5.0) --- updated-dependencies: - dependency-name: helm/chart-releaser-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/release.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 063524d2..377367a3 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -35,6 +35,6 @@ jobs: helm repo add nats https://nats-io.github.io/k8s/helm/charts/ - name: Run chart-releaser - uses: helm/chart-releaser-action@v1.4.1 + uses: helm/chart-releaser-action@v1.5.0 env: CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" From 5ababdded7aa2bb97dc01f20435cc2e8f030515c Mon Sep 17 00:00:00 2001 From: Scott Leggett Date: Tue, 10 Jan 2023 23:39:55 +0800 Subject: [PATCH 106/167] feat: bump ssh-portal to v0.27.2 Fixes https://github.com/uselagoon/lagoon-ssh-portal/issues/162 --- charts/lagoon-remote/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/lagoon-remote/values.yaml b/charts/lagoon-remote/values.yaml index f0880fa1..6d95d38a 100644 --- a/charts/lagoon-remote/values.yaml +++ b/charts/lagoon-remote/values.yaml @@ -122,7 +122,7 @@ sshPortal: repository: ghcr.io/uselagoon/lagoon-ssh-portal/ssh-portal pullPolicy: Always # Overrides the image tag whose default is the chart appVersion. - tag: "v0.27.1" + tag: "v0.27.2" service: type: LoadBalancer From b3c99ad8b283b091a6a0e9d7ef7c86510860e97b Mon Sep 17 00:00:00 2001 From: Scott Leggett Date: Tue, 10 Jan 2023 23:39:45 +0800 Subject: [PATCH 107/167] chore: bump lagoon-remote chart version --- charts/lagoon-remote/Chart.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/lagoon-remote/Chart.yaml b/charts/lagoon-remote/Chart.yaml index 4c96c2ce..ecd7685d 100644 --- a/charts/lagoon-remote/Chart.yaml +++ b/charts/lagoon-remote/Chart.yaml @@ -19,7 +19,7 @@ type: application # This is the chart version. This version number should be incremented each # time you make changes to the chart and its templates, including the app # version. -version: 0.72.0 +version: 0.73.0 dependencies: - name: lagoon-build-deploy @@ -45,4 +45,4 @@ dependencies: annotations: artifacthub.io/changes: | - kind: changed - description: Update ssh-portal to v0.27.1. + description: Update ssh-portal to v0.27.2. From b656d60647e0d1aef059beda310626b162b8b09b Mon Sep 17 00:00:00 2001 From: Scott Leggett Date: Tue, 10 Jan 2023 23:39:13 +0800 Subject: [PATCH 108/167] feat: bump ssh-portal-api and ssh-token to v0.27.2 --- charts/lagoon-core/values.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/lagoon-core/values.yaml b/charts/lagoon-core/values.yaml index f033c1b9..4e668329 100644 --- a/charts/lagoon-core/values.yaml +++ b/charts/lagoon-core/values.yaml @@ -747,7 +747,7 @@ sshPortalAPI: repository: ghcr.io/uselagoon/lagoon-ssh-portal/ssh-portal-api pullPolicy: IfNotPresent # Overrides the image tag whose default is the chart appVersion. - tag: "v0.27.1" + tag: "v0.27.2" podAnnotations: {} @@ -814,7 +814,7 @@ sshToken: repository: ghcr.io/uselagoon/lagoon-ssh-portal/ssh-token pullPolicy: IfNotPresent # Overrides the image tag whose default is the chart appVersion. - tag: "v0.27.1" + tag: "v0.27.2" podAnnotations: {} From c0fe44416f309097405de83524f5ee0d447c062b Mon Sep 17 00:00:00 2001 From: Scott Leggett Date: Tue, 10 Jan 2023 23:38:53 +0800 Subject: [PATCH 109/167] chore: bump lagoon-core chart version --- charts/lagoon-core/Chart.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/lagoon-core/Chart.yaml b/charts/lagoon-core/Chart.yaml index ea78d9a4..87dbd1c2 100644 --- a/charts/lagoon-core/Chart.yaml +++ b/charts/lagoon-core/Chart.yaml @@ -21,7 +21,7 @@ type: application # time you make changes to the chart and its templates, including the app # version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 1.20.0 +version: 1.21.0 # This is the version number of the application being deployed. This version # number should be incremented each time you make changes to the application. @@ -41,4 +41,4 @@ dependencies: annotations: artifacthub.io/changes: | - kind: changed - description: Update ssh-portal-api and ssh-token to v0.27.1. + description: Update ssh-portal-api and ssh-token to v0.27.2. From 6a9c982cdd2551c9f75d3e6b0bf283a10d2750ed Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Wed, 18 Jan 2023 11:50:23 +1100 Subject: [PATCH 110/167] Update Kubernetes to 1.24 (and change storageclass) in makefile (#537) --- .github/workflows/lint-test.yaml | 2 +- .github/workflows/test-suite.yaml | 25 +- .gitignore | 1 + Makefile | 41 +- ci/calico/README.md | 4 + ci/calico/custom-resources.yaml | 5 +- ci/calico/tigera-operator.yaml | 12301 ++++++++++++++++++++++- ci/storageclass/local-path-bulk.yaml | 7 + test-suite.kind-config.calico.yaml.tpl | 1 + test-suite.kind-config.yaml.tpl | 1 + 10 files changed, 12231 insertions(+), 157 deletions(-) create mode 100644 ci/calico/README.md create mode 100644 ci/storageclass/local-path-bulk.yaml diff --git a/.github/workflows/lint-test.yaml b/.github/workflows/lint-test.yaml index 2bed29dc..2ee6e09b 100644 --- a/.github/workflows/lint-test.yaml +++ b/.github/workflows/lint-test.yaml @@ -94,7 +94,7 @@ jobs: uses: helm/kind-action@v1.5.0 with: version: v0.17.0 - node_image: kindest/node:v1.23.13@sha256:ef453bb7c79f0e3caba88d2067d4196f427794086a7d0df8df4f019d5e336b61 + node_image: kindest/node:v1.24.7@sha256:577c630ce8e509131eab1aea12c022190978dd2f745aac5eb1fe65c0807eb315 if: | (steps.list-changed.outputs.changed == 'true') || (contains(github.event.pull_request.labels.*.name, 'needs-testing')) diff --git a/.github/workflows/test-suite.yaml b/.github/workflows/test-suite.yaml index 07b38011..d627cfd4 100644 --- a/.github/workflows/test-suite.yaml +++ b/.github/workflows/test-suite.yaml @@ -77,18 +77,9 @@ jobs: (contains(github.event.pull_request.labels.*.name, 'needs-testing')) with: version: v0.17.0 - node_image: kindest/node:v1.23.13@sha256:ef453bb7c79f0e3caba88d2067d4196f427794086a7d0df8df4f019d5e336b61 + node_image: kindest/node:v1.24.7@sha256:577c630ce8e509131eab1aea12c022190978dd2f745aac5eb1fe65c0807eb315 config: test-suite.kind-config.yaml - - - name: Install kubectl - if: | - (steps.list-changed.outputs.changed == 'true') || - (contains(github.event.pull_request.labels.*.name, 'needs-testing')) - run: | - cd /tmp - curl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl - chmod +x ./kubectl - sudo cp ./kubectl /usr/local/bin/ + kubectl_version: v1.24.7 - name: Check node IP matches kind configuration if: | @@ -99,16 +90,6 @@ jobs: echo Checking for NODE_IP "$NODE_IP" grep $NODE_IP test-suite.kind-config.yaml - - name: Install Helm - if: | - (steps.list-changed.outputs.changed == 'true') || - (contains(github.event.pull_request.labels.*.name, 'needs-testing')) - run: | - cd /tmp - curl -fsSLo get_helm.sh https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 - chmod 700 get_helm.sh - ./get_helm.sh - - name: Add dependency chart repos if: | (steps.list-changed.outputs.changed == 'true') || @@ -139,7 +120,7 @@ jobs: curl -sSLO https://github.com/ahmetb/kubectx/releases/download/v0.9.4/kubens_v0.9.4_linux_x86_64.tar.gz tar -xf ./kubens_v0.9.4_linux_x86_64.tar.gz sudo cp /tmp/kubens /usr/local/bin/kubens - sudo ln -s /usr/local/bin/kubectl /usr/local/bin/kc + sudo ln -s $(which kubectl) /usr/local/bin/kc - name: Helm-install the test fixtures and fill lagoon-test/ci/linter-values.yaml if: | diff --git a/.gitignore b/.gitignore index f60284bd..dc41c877 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ /test-suite.kind-config.yaml +/test-suite.kind-config.calico.yaml diff --git a/Makefile b/Makefile index bd3ecd85..374e2ae5 100644 --- a/Makefile +++ b/Makefile @@ -25,6 +25,7 @@ BUILD_DEPLOY_CONTROLLER_ROOTLESS_BUILD_PODS = # Control the feature flags on the lagoon-build-deploy chart. Valid values: `enabled` or `disabled`. LAGOON_FEATURE_FLAG_DEFAULT_ROOTLESS_WORKLOAD = LAGOON_FEATURE_FLAG_DEFAULT_ISOLATION_NETWORK_POLICY = +LAGOON_FEATURE_FLAG_DEFAULT_RWX_TO_RWO = enabled # Set to `true` to use the Calico CNI plugin instead of the default kindnet. This # is useful for testing network policies. USE_CALICO_CNI = @@ -52,18 +53,19 @@ fill-test-ci-values: && export keycloakAuthServerClientSecret="$$($(KUBECTL) -n lagoon get secret lagoon-core-keycloak -o json | $(JQ) -r '.data.KEYCLOAK_AUTH_SERVER_CLIENT_SECRET | @base64d')" \ && export routeSuffixHTTP="$$($(KUBECTL) get nodes -o jsonpath='{.items[0].status.addresses[0].address}').nip.io" \ && export routeSuffixHTTPS="$$($(KUBECTL) get nodes -o jsonpath='{.items[0].status.addresses[0].address}').nip.io" \ - && export token="$$($(KUBECTL) -n lagoon get secret -o json | $(JQ) -r '.items[] | select(.metadata.name | match("lagoon-build-deploy-token")) | .data.token | @base64d')" \ + && export token="$$($(KUBECTL) -n lagoon create token lagoon-build-deploy --duration 3h)" \ && export $$([ $(IMAGE_TAG) ] && echo imageTag='$(IMAGE_TAG)' || echo imageTag='latest') \ && export webhookHandler="lagoon-core-webhook-handler" \ && export tests='$(TESTS)' imageRegistry='$(IMAGE_REGISTRY)' \ && valueTemplate=charts/lagoon-test/ci/linter-values.yaml \ - && envsubst < $$valueTemplate.tpl > $$valueTemplate + && envsubst < $$valueTemplate.tpl > $$valueTemplate \ + && cat $$valueTemplate ifneq ($(SKIP_ALL_DEPS),true) ifneq ($(SKIP_INSTALL_REGISTRY),true) fill-test-ci-values: install-registry endif -fill-test-ci-values: install-ingress install-lagoon-core install-lagoon-remote install-nfs-server-provisioner +fill-test-ci-values: install-ingress install-lagoon-core install-lagoon-remote install-bulk-storageclass endif .PHONY: install-ingress @@ -104,19 +106,6 @@ install-registry: install-ingress registry \ harbor/harbor -.PHONY: install-nfs-server-provisioner -install-nfs-server-provisioner: - $(HELM) upgrade \ - --install \ - --create-namespace \ - --namespace nfs-server-provisioner \ - --wait \ - --timeout $(TIMEOUT) \ - --set storageClass.name=bulk \ - --version=1.1.3 \ - nfs-server-provisioner \ - stable/nfs-server-provisioner - .PHONY: install-mariadb install-mariadb: # root password is required on upgrade if the chart is already installed @@ -185,6 +174,7 @@ install-lagoon-core: install-minio --values ./charts/lagoon-core/ci/linter-values.yaml \ $$([ $(IMAGE_TAG) ] && echo '--set imageTag=$(IMAGE_TAG)') \ $$([ $(OVERRIDE_ACTIVE_STANDBY_TASK_IMAGE) ] && echo '--set overwriteActiveStandbyTaskImage=$(OVERRIDE_ACTIVE_STANDBY_TASK_IMAGE)') \ + $$([ $(OVERRIDE_BUILD_DEPLOY_DIND_IMAGE) ] && echo '--set buildDeployImage.edge.image=$(OVERRIDE_BUILD_DEPLOY_DIND_IMAGE)') \ $$([ $(DISABLE_CORE_HARBOR) ] && echo '--set api.additionalEnvs.DISABLE_CORE_HARBOR=$(DISABLE_CORE_HARBOR)') \ $$([ $(OPENSEARCH_INTEGRATION_ENABLED) ] && echo '--set api.additionalEnvs.OPENSEARCH_INTEGRATION_ENABLED=$(OPENSEARCH_INTEGRATION_ENABLED)') \ --set "keycloakAPIURL=http://lagoon-keycloak.$$($(KUBECTL) get nodes -o jsonpath='{.items[0].status.addresses[0].address}').nip.io:32080/auth" \ @@ -230,7 +220,7 @@ install-lagoon-core: install-minio ./charts/lagoon-core .PHONY: install-lagoon-remote -install-lagoon-remote: install-lagoon-build-deploy install-lagoon-core install-mariadb install-postgresql install-mongodb install-nfs-server-provisioner +install-lagoon-remote: install-lagoon-build-deploy install-lagoon-core install-mariadb install-postgresql install-mongodb install-bulk-storageclass $(HELM) dependency build ./charts/lagoon-remote/ $(HELM) upgrade \ --install \ @@ -290,6 +280,7 @@ install-lagoon-build-deploy: install-lagoon-core install-registry $$([ $(BUILD_DEPLOY_CONTROLLER_ROOTLESS_BUILD_PODS) ] && echo '--set rootlessBuildPods=true') \ $$([ $(LAGOON_FEATURE_FLAG_DEFAULT_ROOTLESS_WORKLOAD) ] && echo '--set lagoonFeatureFlagDefaultRootlessWorkload=$(LAGOON_FEATURE_FLAG_DEFAULT_ROOTLESS_WORKLOAD)') \ $$([ $(LAGOON_FEATURE_FLAG_DEFAULT_ISOLATION_NETWORK_POLICY) ] && echo '--set lagoonFeatureFlagDefaultIsolationNetworkPolicy=$(LAGOON_FEATURE_FLAG_DEFAULT_ISOLATION_NETWORK_POLICY)') \ + $$([ $(LAGOON_FEATURE_FLAG_DEFAULT_RWX_TO_RWO) ] && echo '--set lagoonFeatureFlagDefaultRWX2RWO=$(LAGOON_FEATURE_FLAG_DEFAULT_RWX_TO_RWO)') \ lagoon-build-deploy \ ./charts/lagoon-build-deploy @@ -297,6 +288,10 @@ install-lagoon-build-deploy: install-lagoon-core install-registry # The following targets facilitate local development only and aren't used in CI. # +.PHONY: install-bulk-storageclass +install-bulk-storageclass: + $(KUBECTL) apply -f ./ci/storageclass/local-path-bulk.yaml + .PHONY: create-kind-cluster create-kind-cluster: docker network inspect kind >/dev/null || docker network create kind \ @@ -305,18 +300,18 @@ create-kind-cluster: && envsubst < test-suite.kind-config.calico.yaml.tpl > test-suite.kind-config.calico.yaml ifeq ($(USE_CALICO_CNI),true) kind create cluster --wait=60s --config=test-suite.kind-config.calico.yaml \ - && kubectl apply -f ./ci/calico/tigera-operator.yaml \ - && kubectl apply -f ./ci/calico/custom-resources.yaml + && $(KUBECTL) create -f ./ci/calico/tigera-operator.yaml --context kind-chart-testing \ + && $(KUBECTL) create -f ./ci/calico/custom-resources.yaml --context kind-chart-testing .PHONY: install-calico install-calico: - $(KUBECTL) apply -f ./ci/calico/tigera-operator.yaml \ - && $(KUBECTL) apply -f ./ci/calico/custom-resources.yaml + $(KUBECTL) create -f ./ci/calico/tigera-operator.yaml \ + && $(KUBECTL) create -f ./ci/calico/custom-resources.yaml # add dependencies to ensure calico gets installed in the correct order install-ingress: install-calico install-registry: install-calico -install-nfs-server-provisioner: install-calico +install-bulk-storageclass: install-calico install-mariadb: install-calico install-postgresql: install-calico install-mongodb: install-calico @@ -327,7 +322,7 @@ else endif .PHONY: install-test-cluster -install-test-cluster: install-ingress install-registry install-nfs-server-provisioner install-mariadb install-postgresql install-mongodb install-minio +install-test-cluster: install-ingress install-registry install-bulk-storageclass install-mariadb install-postgresql install-mongodb install-minio .PHONY: install-lagoon install-lagoon: install-lagoon-core install-lagoon-remote diff --git a/ci/calico/README.md b/ci/calico/README.md new file mode 100644 index 00000000..ec040995 --- /dev/null +++ b/ci/calico/README.md @@ -0,0 +1,4 @@ +Download manifests linked in the instructions in https://projectcalico.docs.tigera.io/getting-started/kubernetes/k3s/quickstart#install-calico + + + diff --git a/ci/calico/custom-resources.yaml b/ci/calico/custom-resources.yaml index bf5d3f63..121f6824 100644 --- a/ci/calico/custom-resources.yaml +++ b/ci/calico/custom-resources.yaml @@ -1,5 +1,6 @@ +# Source https://raw.githubusercontent.com/projectcalico/calico/v3.25.0/manifests/custom-resources.yaml # This section includes base Calico installation configuration. -# For more information, see: https://projectcalico.docs.tigera.io/v3.23/reference/installation/api#operator.tigera.io/v1.Installation +# For more information, see: https://projectcalico.docs.tigera.io/master/reference/installation/api#operator.tigera.io/v1.Installation apiVersion: operator.tigera.io/v1 kind: Installation metadata: @@ -18,7 +19,7 @@ spec: --- # This section configures the Calico API server. -# For more information, see: https://projectcalico.docs.tigera.io/v3.23/reference/installation/api#operator.tigera.io/v1.APIServer +# For more information, see: https://projectcalico.docs.tigera.io/master/reference/installation/api#operator.tigera.io/v1.APIServer apiVersion: operator.tigera.io/v1 kind: APIServer metadata: diff --git a/ci/calico/tigera-operator.yaml b/ci/calico/tigera-operator.yaml index 7e5bd6a3..482bad15 100644 --- a/ci/calico/tigera-operator.yaml +++ b/ci/calico/tigera-operator.yaml @@ -1,12 +1,10 @@ +# Source https://raw.githubusercontent.com/projectcalico/calico/v3.25.0/manifests/tigera-operator.yaml apiVersion: v1 kind: Namespace metadata: name: tigera-operator labels: name: tigera-operator - ---- - --- # Source: crds/calico/crd.projectcalico.org_bgpconfigurations.yaml apiVersion: apiextensions.k8s.io/v1 @@ -20,6 +18,7 @@ spec: listKind: BGPConfigurationList plural: bgpconfigurations singular: bgpconfiguration + preserveUnknownFields: false scope: Cluster versions: - name: v1 @@ -73,6 +72,12 @@ spec: type: string type: object type: array + ignoredInterfaces: + description: IgnoredInterfaces indicates the network interfaces that + needs to be excluded when reading device routes. + items: + type: string + type: array listenPort: description: ListenPort is the port where BGP protocol should listen. Defaults to 179 @@ -201,6 +206,7 @@ spec: listKind: BGPPeerList plural: bgppeers singular: bgppeer + preserveUnknownFields: false scope: Cluster versions: - name: v1 @@ -291,12 +297,23 @@ spec: remote AS number comes from the remote node's NodeBGPSpec.ASNumber, or the global default if that is not set. type: string + reachableBy: + description: Add an exact, i.e. /32, static route toward peer IP in + order to prevent route flapping. ReachableBy contains the address + of the gateway which peer can be reached by. + type: string sourceAddress: description: Specifies whether and how to configure a source address for the peerings generated by this BGPPeer resource. Default value "UseNodeIP" means to configure the node IP as the source address. "None" means not to configure a source address. type: string + ttlSecurity: + description: TTLSecurity enables the generalized TTL security mechanism + (GTSM) which protects against spoofed packets by ignoring received + packets with a smaller than expected TTL value. The provided value + is the number of hops (edges) between the peers. + type: integer type: object type: object served: true @@ -321,6 +338,7 @@ spec: listKind: BlockAffinityList plural: blockaffinities singular: blockaffinity + preserveUnknownFields: false scope: Cluster versions: - name: v1 @@ -386,6 +404,7 @@ spec: listKind: CalicoNodeStatusList plural: caliconodestatuses singular: caliconodestatus + preserveUnknownFields: false scope: Cluster versions: - name: v1 @@ -647,6 +666,7 @@ spec: listKind: ClusterInformationList plural: clusterinformations singular: clusterinformation + preserveUnknownFields: false scope: Cluster versions: - name: v1 @@ -712,6 +732,7 @@ spec: listKind: FelixConfigurationList plural: felixconfigurations singular: felixconfiguration + preserveUnknownFields: false scope: Cluster versions: - name: v1 @@ -781,15 +802,16 @@ spec: [Default: false]' type: boolean bpfEnforceRPF: - description: 'BPFEnforceRPF enforce strict RPF on all interfaces with - BPF programs regardless of what is the per-interfaces or global - setting. Possible values are Disabled or Strict. [Default: Strict]' + description: 'BPFEnforceRPF enforce strict RPF on all host interfaces + with BPF programs regardless of what is the per-interfaces or global + setting. Possible values are Disabled, Strict or Loose. [Default: + Strict]' type: string bpfExtToServiceConnmark: description: 'BPFExtToServiceConnmark in BPF mode, control a 32bit mark that is set on connections from an external client to a local service. This mark allows us to control how packets of that connection - are routed within the host and how is routing intepreted by RPF + are routed within the host and how is routing interpreted by RPF check. [Default: 0]' type: integer bpfExternalServiceMode: @@ -802,6 +824,11 @@ spec: node appears to use the IP of the ingress node; this requires a permissive L2 network. [Default: Tunnel]' type: string + bpfHostConntrackBypass: + description: 'BPFHostConntrackBypass Controls whether to bypass Linux + conntrack in BPF mode for workloads and services. [Default: true + - bypass Linux conntrack]' + type: boolean bpfKubeProxyEndpointSlicesEnabled: description: BPFKubeProxyEndpointSlicesEnabled in BPF mode, controls whether Felix's embedded kube-proxy accepts EndpointSlices or not. @@ -818,6 +845,14 @@ spec: kube-proxy. Lower values give reduced set-up latency. Higher values reduce Felix CPU usage by batching up more work. [Default: 1s]' type: string + bpfL3IfacePattern: + description: BPFL3IfacePattern is a regular expression that allows + to list tunnel devices like wireguard or vxlan (i.e., L3 devices) + in addition to BPFDataIfacePattern. That is, tunnel interfaces not + created by Calico, that Calico workload traffic flows over as well + as any interfaces that handle incoming traffic to nodeports and + services from outside the cluster. + type: string bpfLogLevel: description: 'BPFLogLevel controls the log level of the BPF programs when in BPF dataplane mode. One of "Off", "Info", or "Debug". The @@ -837,6 +872,11 @@ spec: policy. Selectors such as "all()" can result in large numbers of entries (one entry per endpoint in that case). type: integer + bpfMapSizeIfState: + description: BPFMapSizeIfState sets the size for ifstate map. The + ifstate map must be large enough to hold an entry for each device + (host + workloads) on a host. + type: integer bpfMapSizeNATAffinity: type: integer bpfMapSizeNATBackend: @@ -869,6 +909,11 @@ spec: are inclusive. [Default: 20000:29999]' pattern: ^.* x-kubernetes-int-or-string: true + bpfPolicyDebugEnabled: + description: BPFPolicyDebugEnabled when true, Felix records detailed + information about the BPF policy programs, which can be examined + with the calico-bpf command-line tool. + type: boolean chainInsertMode: description: 'ChainInsertMode controls whether Felix hooks the kernel''s top-level iptables chains by inserting a rule at the top of the @@ -883,11 +928,12 @@ spec: to use. Only used if UseInternalDataplaneDriver is set to false. type: string dataplaneWatchdogTimeout: - description: 'DataplaneWatchdogTimeout is the readiness/liveness timeout - used for Felix''s (internal) dataplane driver. Increase this value + description: "DataplaneWatchdogTimeout is the readiness/liveness timeout + used for Felix's (internal) dataplane driver. Increase this value if you experience spurious non-ready or non-live events when Felix is under heavy load. Decrease the value to get felix to report non-live - or non-ready more quickly. [Default: 90s]' + or non-ready more quickly. [Default: 90s] \n Deprecated: replaced + by the generic HealthTimeoutOverrides." type: string debugDisableLogDropping: type: boolean @@ -991,16 +1037,21 @@ spec: type: object type: array featureDetectOverride: - description: FeatureDetectOverride is used to override the feature - detection. Values are specified in a comma separated list with no - spaces, example; "SNATFullyRandom=true,MASQFullyRandom=false,RestoreSupportsLock=". - "true" or "false" will force the feature, empty or omitted values - are auto-detected. + description: FeatureDetectOverride is used to override feature detection + based on auto-detected platform capabilities. Values are specified + in a comma separated list with no spaces, example; "SNATFullyRandom=true,MASQFullyRandom=false,RestoreSupportsLock=". "true" + or "false" will force the feature, empty or omitted values are auto-detected. + type: string + featureGates: + description: FeatureGates is used to enable or disable tech-preview + Calico features. Values are specified in a comma separated list + with no spaces, example; "BPFConnectTimeLoadBalancingWorkaround=enabled,XyZ=false". + This is used to enable features that are not fully production ready. type: string floatingIPs: - default: Disabled description: FloatingIPs configures whether or not Felix will program - floating IP addresses. + non-OpenStack floating IP addresses. (OpenStack-derived floating + IPs are always programmed, regardless of this setting.) enum: - Enabled - Disabled @@ -1017,6 +1068,23 @@ spec: type: string healthPort: type: integer + healthTimeoutOverrides: + description: HealthTimeoutOverrides allows the internal watchdog timeouts + of individual subcomponents to be overriden. This is useful for + working around "false positive" liveness timeouts that can occur + in particularly stressful workloads or if CPU is constrained. For + a list of active subcomponents, see Felix's logs. + items: + properties: + name: + type: string + timeout: + type: string + required: + - name + - timeout + type: object + type: array interfaceExclude: description: 'InterfaceExclude is a comma-separated list of interfaces that Felix should exclude when monitoring for host endpoints. The @@ -1058,7 +1126,7 @@ spec: type: string iptablesBackend: description: IptablesBackend specifies which backend of iptables will - be used. The default is legacy. + be used. The default is Auto. type: string iptablesFilterAllowAction: type: string @@ -1260,6 +1328,10 @@ spec: information. - WorkloadIPs: use workload endpoints to construct routes. - CalicoIPAM: the default - use IPAM data to construct routes.' type: string + routeSyncDisabled: + description: RouteSyncDisabled will disable all operations performed + on the route table. Set to true to run in network-policy mode only. + type: boolean routeTableRange: description: Deprecated in favor of RouteTableRanges. Calico programs additional Linux route tables for various purposes. RouteTableRange @@ -1321,8 +1393,8 @@ spec: type: boolean vxlanEnabled: description: 'VXLANEnabled overrides whether Felix should create the - VXLAN tunnel device for VXLAN networking. Optional as Felix determines - this based on the existing IP pools. [Default: nil (unset)]' + VXLAN tunnel device for IPv4 VXLAN networking. Optional as Felix + determines this based on the existing IP pools. [Default: nil (unset)]' type: boolean vxlanMTU: description: 'VXLANMTU is the MTU to set on the IPv4 VXLAN tunnel @@ -1337,7 +1409,13 @@ spec: vxlanVNI: type: integer wireguardEnabled: - description: 'WireguardEnabled controls whether Wireguard is enabled. + description: 'WireguardEnabled controls whether Wireguard is enabled + for IPv4 (encapsulating IPv4 traffic over an IPv4 underlay network). + [Default: false]' + type: boolean + wireguardEnabledV6: + description: 'WireguardEnabledV6 controls whether Wireguard is enabled + for IPv6 (encapsulating IPv6 traffic over an IPv6 underlay network). [Default: false]' type: boolean wireguardHostEncryptionEnabled: @@ -1346,7 +1424,11 @@ spec: type: boolean wireguardInterfaceName: description: 'WireguardInterfaceName specifies the name to use for - the Wireguard interface. [Default: wg.calico]' + the IPv4 Wireguard interface. [Default: wireguard.cali]' + type: string + wireguardInterfaceNameV6: + description: 'WireguardInterfaceNameV6 specifies the name to use for + the IPv6 Wireguard interface. [Default: wg-v6.cali]' type: string wireguardKeepAlive: description: 'WireguardKeepAlive controls Wireguard PersistentKeepalive @@ -1354,11 +1436,19 @@ spec: type: string wireguardListeningPort: description: 'WireguardListeningPort controls the listening port used - by Wireguard. [Default: 51820]' + by IPv4 Wireguard. [Default: 51820]' + type: integer + wireguardListeningPortV6: + description: 'WireguardListeningPortV6 controls the listening port + used by IPv6 Wireguard. [Default: 51821]' type: integer wireguardMTU: - description: 'WireguardMTU controls the MTU on the Wireguard interface. - See Configuring MTU [Default: 1420]' + description: 'WireguardMTU controls the MTU on the IPv4 Wireguard + interface. See Configuring MTU [Default: 1440]' + type: integer + wireguardMTUV6: + description: 'WireguardMTUV6 controls the MTU on the IPv6 Wireguard + interface. See Configuring MTU [Default: 1420]' type: integer wireguardRoutingRulePriority: description: 'WireguardRoutingRulePriority controls the priority value @@ -1404,6 +1494,7 @@ spec: listKind: GlobalNetworkPolicyList plural: globalnetworkpolicies singular: globalnetworkpolicy + preserveUnknownFields: false scope: Cluster versions: - name: v1 @@ -2260,6 +2351,7 @@ spec: listKind: GlobalNetworkSetList plural: globalnetworksets singular: globalnetworkset + preserveUnknownFields: false scope: Cluster versions: - name: v1 @@ -2314,6 +2406,7 @@ spec: listKind: HostEndpointList plural: hostendpoints singular: hostendpoint + preserveUnknownFields: false scope: Cluster versions: - name: v1 @@ -2423,6 +2516,7 @@ spec: listKind: IPAMBlockList plural: ipamblocks singular: ipamblock + preserveUnknownFields: false scope: Cluster versions: - name: v1 @@ -2543,6 +2637,7 @@ spec: listKind: IPAMConfigList plural: ipamconfigs singular: ipamconfig + preserveUnknownFields: false scope: Cluster versions: - name: v1 @@ -2570,6 +2665,8 @@ spec: maxBlocksPerHost: description: MaxBlocksPerHost, if non-zero, is the max number of blocks that can be affine to each host. + maximum: 2147483647 + minimum: 0 type: integer strictAffinity: type: boolean @@ -2600,6 +2697,7 @@ spec: listKind: IPAMHandleList plural: ipamhandles singular: ipamhandle + preserveUnknownFields: false scope: Cluster versions: - name: v1 @@ -2657,6 +2755,7 @@ spec: listKind: IPPoolList plural: ippools singular: ippool + preserveUnknownFields: false scope: Cluster versions: - name: v1 @@ -2728,7 +2827,7 @@ spec: for internal use only.' type: boolean natOutgoing: - description: When nat-outgoing is true, packets sent from Calico networked + description: When natOutgoing is true, packets sent from Calico networked containers in this pool to destinations outside of this pool will be masqueraded. type: boolean @@ -2770,6 +2869,7 @@ spec: listKind: IPReservationList plural: ipreservations singular: ipreservation + preserveUnknownFields: false scope: Cluster versions: - name: v1 @@ -2822,6 +2922,7 @@ spec: listKind: KubeControllersConfigurationList plural: kubecontrollersconfigurations singular: kubecontrollersconfiguration + preserveUnknownFields: false scope: Cluster versions: - name: v1 @@ -3076,6 +3177,7 @@ spec: listKind: NetworkPolicyList plural: networkpolicies singular: networkpolicy + preserveUnknownFields: false scope: Namespaced versions: - name: v1 @@ -3913,6 +4015,7 @@ spec: listKind: NetworkSetList plural: networksets singular: networkset + preserveUnknownFields: false scope: Namespaced versions: - name: v1 @@ -3954,6 +4057,8 @@ status: --- # Source: crds/operator.tigera.io_apiservers_crd.yaml + +--- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -3989,6 +4094,1308 @@ spec: type: object spec: description: Specification of the desired state for the Tigera API server. + properties: + apiServerDeployment: + description: APIServerDeployment configures the calico-apiserver (or + tigera-apiserver in Enterprise) Deployment. If used in conjunction + with ControlPlaneNodeSelector or ControlPlaneTolerations, then these + overrides take precedence. + properties: + metadata: + description: Metadata is a subset of a Kubernetes object's metadata + that is added to the Deployment. + properties: + annotations: + additionalProperties: + type: string + description: Annotations is a map of arbitrary non-identifying + metadata. Each of these key/value pairs are added to the + object's annotations provided the key does not already exist + in the object's annotations. + type: object + labels: + additionalProperties: + type: string + description: Labels is a map of string keys and values that + may match replicaset and service selectors. Each of these + key/value pairs are added to the object's labels provided + the key does not already exist in the object's labels. + type: object + type: object + spec: + description: Spec is the specification of the API server Deployment. + properties: + minReadySeconds: + description: MinReadySeconds is the minimum number of seconds + for which a newly created Deployment pod should be ready + without any of its container crashing, for it to be considered + available. If specified, this overrides any minReadySeconds + value that may be set on the API server Deployment. If omitted, + the API server Deployment will use its default value for + minReadySeconds. + format: int32 + maximum: 2147483647 + minimum: 0 + type: integer + template: + description: Template describes the API server Deployment + pod that will be created. + properties: + metadata: + description: Metadata is a subset of a Kubernetes object's + metadata that is added to the pod's metadata. + properties: + annotations: + additionalProperties: + type: string + description: Annotations is a map of arbitrary non-identifying + metadata. Each of these key/value pairs are added + to the object's annotations provided the key does + not already exist in the object's annotations. + type: object + labels: + additionalProperties: + type: string + description: Labels is a map of string keys and values + that may match replicaset and service selectors. + Each of these key/value pairs are added to the object's + labels provided the key does not already exist in + the object's labels. + type: object + type: object + spec: + description: Spec is the API server Deployment's PodSpec. + properties: + affinity: + description: 'Affinity is a group of affinity scheduling + rules for the API server pods. If specified, this + overrides any affinity that may be set on the API + server Deployment. If omitted, the API server Deployment + will use its default value for affinity. WARNING: + Please note that this field will override the default + API server Deployment affinity.' + properties: + nodeAffinity: + description: Describes node affinity scheduling + rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to + schedule pods to nodes that satisfy the + affinity expressions specified by this field, + but it may choose a node that violates one + or more of the expressions. The node that + is most preferred is the one with the greatest + sum of weights, i.e. for each node that + meets all of the scheduling requirements + (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum + by iterating through the elements of this + field and adding "weight" to the sum if + the node matches the corresponding matchExpressions; + the node(s) with the highest sum are the + most preferred. + items: + description: An empty preferred scheduling + term matches all objects with implicit + weight 0 (i.e. it's a no-op). A null preferred + scheduling term matches no objects (i.e. + is also a no-op). + properties: + preference: + description: A node selector term, associated + with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector + requirements by node's labels. + items: + description: A node selector requirement + is a selector that contains + values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key + that the selector applies + to. + type: string + operator: + description: Represents a + key's relationship to a + set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string + values. If the operator + is In or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the values + array must be empty. If + the operator is Gt or Lt, + the values array must have + a single element, which + will be interpreted as an + integer. This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector + requirements by node's fields. + items: + description: A node selector requirement + is a selector that contains + values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key + that the selector applies + to. + type: string + operator: + description: Represents a + key's relationship to a + set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string + values. If the operator + is In or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the values + array must be empty. If + the operator is Gt or Lt, + the values array must have + a single element, which + will be interpreted as an + integer. This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with + matching the corresponding nodeSelectorTerm, + in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements + specified by this field are not met at scheduling + time, the pod will not be scheduled onto + the node. If the affinity requirements specified + by this field cease to be met at some point + during pod execution (e.g. due to an update), + the system may or may not try to eventually + evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node + selector terms. The terms are ORed. + items: + description: A null or empty node selector + term matches no objects. The requirements + of them are ANDed. The TopologySelectorTerm + type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector + requirements by node's labels. + items: + description: A node selector requirement + is a selector that contains + values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key + that the selector applies + to. + type: string + operator: + description: Represents a + key's relationship to a + set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string + values. If the operator + is In or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the values + array must be empty. If + the operator is Gt or Lt, + the values array must have + a single element, which + will be interpreted as an + integer. This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector + requirements by node's fields. + items: + description: A node selector requirement + is a selector that contains + values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key + that the selector applies + to. + type: string + operator: + description: Represents a + key's relationship to a + set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string + values. If the operator + is In or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the values + array must be empty. If + the operator is Gt or Lt, + the values array must have + a single element, which + will be interpreted as an + integer. This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling + rules (e.g. co-locate this pod in the same node, + zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to + schedule pods to nodes that satisfy the + affinity expressions specified by this field, + but it may choose a node that violates one + or more of the expressions. The node that + is most preferred is the one with the greatest + sum of weights, i.e. for each node that + meets all of the scheduling requirements + (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum + by iterating through the elements of this + field and adding "weight" to the sum if + the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest + sum are the most preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added + per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity + term, associated with the corresponding + weight. + properties: + labelSelector: + description: A label query over + a set of resources, in this case + pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator + represents a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is + an array of string values. + If the operator is In + or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the + values array must be + empty. This array is + replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in the + matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over + the set of namespaces that the + term applies to. The term is applied + to the union of the namespaces + selected by this field and the + ones listed in the namespaces + field. null selector and null + or empty namespaces list means + "this pod's namespace". An empty + selector ({}) matches all namespaces. + This field is beta-level and is + only honored when PodAffinityNamespaceSelector + feature is enabled. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator + represents a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is + an array of string values. + If the operator is In + or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the + values array must be + empty. This array is + replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in the + matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + a static list of namespace names + that the term applies to. The + term is applied to the union of + the namespaces listed in this + field and the ones selected by + namespaceSelector. null or empty + namespaces list and null namespaceSelector + means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be + co-located (affinity) or not co-located + (anti-affinity) with the pods + matching the labelSelector in + the specified namespaces, where + co-located is defined as running + on a node whose value of the label + with key topologyKey matches that + of any node on which any of the + selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with + matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements + specified by this field are not met at scheduling + time, the pod will not be scheduled onto + the node. If the affinity requirements specified + by this field cease to be met at some point + during pod execution (e.g. due to a pod + label update), the system may or may not + try to eventually evict the pod from its + node. When there are multiple elements, + the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all + terms must be satisfied. + items: + description: Defines a set of pods (namely + those matching the labelSelector relative + to the given namespace(s)) that this pod + should be co-located (affinity) or not + co-located (anti-affinity) with, where + co-located is defined as running on a + node whose value of the label with key + matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set + of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is + a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector + requirement is a selector that + contains values, a key, and + an operator that relates the + key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In or + NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be + empty. This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single + {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator is + "In", and the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the + set of namespaces that the term applies + to. The term is applied to the union + of the namespaces selected by this + field and the ones listed in the namespaces + field. null selector and null or empty + namespaces list means "this pod's + namespace". An empty selector ({}) + matches all namespaces. This field + is beta-level and is only honored + when PodAffinityNamespaceSelector + feature is enabled. + properties: + matchExpressions: + description: matchExpressions is + a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector + requirement is a selector that + contains values, a key, and + an operator that relates the + key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In or + NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be + empty. This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single + {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator is + "In", and the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a + static list of namespace names that + the term applies to. The term is applied + to the union of the namespaces listed + in this field and the ones selected + by namespaceSelector. null or empty + namespaces list and null namespaceSelector + means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where + co-located is defined as running on + a node whose value of the label with + key topologyKey matches that of any + node on which any of the selected + pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling + rules (e.g. avoid putting this pod in the same + node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to + schedule pods to nodes that satisfy the + anti-affinity expressions specified by this + field, but it may choose a node that violates + one or more of the expressions. The node + that is most preferred is the one with the + greatest sum of weights, i.e. for each node + that meets all of the scheduling requirements + (resource request, requiredDuringScheduling + anti-affinity expressions, etc.), compute + a sum by iterating through the elements + of this field and adding "weight" to the + sum if the node has pods which matches the + corresponding podAffinityTerm; the node(s) + with the highest sum are the most preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added + per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity + term, associated with the corresponding + weight. + properties: + labelSelector: + description: A label query over + a set of resources, in this case + pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator + represents a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is + an array of string values. + If the operator is In + or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the + values array must be + empty. This array is + replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in the + matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over + the set of namespaces that the + term applies to. The term is applied + to the union of the namespaces + selected by this field and the + ones listed in the namespaces + field. null selector and null + or empty namespaces list means + "this pod's namespace". An empty + selector ({}) matches all namespaces. + This field is beta-level and is + only honored when PodAffinityNamespaceSelector + feature is enabled. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator + represents a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is + an array of string values. + If the operator is In + or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the + values array must be + empty. This array is + replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in the + matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + a static list of namespace names + that the term applies to. The + term is applied to the union of + the namespaces listed in this + field and the ones selected by + namespaceSelector. null or empty + namespaces list and null namespaceSelector + means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be + co-located (affinity) or not co-located + (anti-affinity) with the pods + matching the labelSelector in + the specified namespaces, where + co-located is defined as running + on a node whose value of the label + with key topologyKey matches that + of any node on which any of the + selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with + matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements + specified by this field are not met at scheduling + time, the pod will not be scheduled onto + the node. If the anti-affinity requirements + specified by this field cease to be met + at some point during pod execution (e.g. + due to a pod label update), the system may + or may not try to eventually evict the pod + from its node. When there are multiple elements, + the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all + terms must be satisfied. + items: + description: Defines a set of pods (namely + those matching the labelSelector relative + to the given namespace(s)) that this pod + should be co-located (affinity) or not + co-located (anti-affinity) with, where + co-located is defined as running on a + node whose value of the label with key + matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set + of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is + a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector + requirement is a selector that + contains values, a key, and + an operator that relates the + key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In or + NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be + empty. This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single + {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator is + "In", and the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the + set of namespaces that the term applies + to. The term is applied to the union + of the namespaces selected by this + field and the ones listed in the namespaces + field. null selector and null or empty + namespaces list means "this pod's + namespace". An empty selector ({}) + matches all namespaces. This field + is beta-level and is only honored + when PodAffinityNamespaceSelector + feature is enabled. + properties: + matchExpressions: + description: matchExpressions is + a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector + requirement is a selector that + contains values, a key, and + an operator that relates the + key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In or + NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be + empty. This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single + {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator is + "In", and the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a + static list of namespace names that + the term applies to. The term is applied + to the union of the namespaces listed + in this field and the ones selected + by namespaceSelector. null or empty + namespaces list and null namespaceSelector + means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where + co-located is defined as running on + a node whose value of the label with + key topologyKey matches that of any + node on which any of the selected + pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + containers: + description: Containers is a list of API server containers. + If specified, this overrides the specified API server + Deployment containers. If omitted, the API server + Deployment will use its default values for its containers. + items: + description: APIServerDeploymentContainer is an + API server Deployment container. + properties: + name: + description: Name is an enum which identifies + the API server Deployment container by name. + enum: + - calico-apiserver + - tigera-queryserver + type: string + resources: + description: Resources allows customization + of limits and requests for compute resources + such as cpu and memory. If specified, this + overrides the named API server Deployment + container's resources. If omitted, the API + server Deployment will use its default value + for this container's resources. If used in + conjunction with the deprecated ComponentResources, + then this value takes precedence. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum + amount of compute resources allowed. More + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum + amount of compute resources required. + If Requests is omitted for a container, + it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + required: + - name + type: object + type: array + initContainers: + description: InitContainers is a list of API server + init containers. If specified, this overrides the + specified API server Deployment init containers. + If omitted, the API server Deployment will use its + default values for its init containers. + items: + description: APIServerDeploymentInitContainer is + an API server Deployment init container. + properties: + name: + description: Name is an enum which identifies + the API server Deployment init container by + name. + enum: + - calico-apiserver-certs-key-cert-provisioner + type: string + resources: + description: Resources allows customization + of limits and requests for compute resources + such as cpu and memory. If specified, this + overrides the named API server Deployment + init container's resources. If omitted, the + API server Deployment will use its default + value for this init container's resources. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum + amount of compute resources allowed. More + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum + amount of compute resources required. + If Requests is omitted for a container, + it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + required: + - name + type: object + type: array + nodeSelector: + additionalProperties: + type: string + description: 'NodeSelector is the API server pod''s + scheduling constraints. If specified, each of the + key/value pairs are added to the API server Deployment + nodeSelector provided the key does not already exist + in the object''s nodeSelector. If used in conjunction + with ControlPlaneNodeSelector, that nodeSelector + is set on the API server Deployment and each of + this field''s key/value pairs are added to the API + server Deployment nodeSelector provided the key + does not already exist in the object''s nodeSelector. + If omitted, the API server Deployment will use its + default value for nodeSelector. WARNING: Please + note that this field will modify the default API + server Deployment nodeSelector.' + type: object + tolerations: + description: 'Tolerations is the API server pod''s + tolerations. If specified, this overrides any tolerations + that may be set on the API server Deployment. If + omitted, the API server Deployment will use its + default value for tolerations. WARNING: Please note + that this field will override the default API server + Deployment tolerations.' + items: + description: The pod this Toleration is attached + to tolerates any taint that matches the triple + using the matching operator + . + properties: + effect: + description: Effect indicates the taint effect + to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, + PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration + applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; + this combination means to match all values + and all keys. + type: string + operator: + description: Operator represents a key's relationship + to the value. Valid operators are Exists and + Equal. Defaults to Equal. Exists is equivalent + to wildcard for value, so that a pod can tolerate + all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the + period of time the toleration (which must + be of effect NoExecute, otherwise this field + is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint + forever (do not evict). Zero and negative + values will be treated as 0 (evict immediately) + by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration + matches to. If the operator is Exists, the + value should be empty, otherwise just a regular + string. + type: string + type: object + type: array + type: object + type: object + type: object + type: object type: object status: description: Most recently observed status for the Tigera API server. @@ -4002,9 +5409,17 @@ spec: storage: true subresources: status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] --- # Source: crds/operator.tigera.io_imagesets_crd.yaml + +--- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -4025,7 +5440,7 @@ spec: openAPIV3Schema: description: ImageSet is used to specify image digests for the images that the operator deploys. The name of the ImageSet is expected to be in the - format `-`. The `variant` used is `enterprise` if the + format `-`. The `variant` used is `enterprise` if the InstallationSpec Variant is `TigeraSecureEnterprise` otherwise it is `calico`. The `release` must match the version of the variant that the operator is built to deploy, this version can be obtained by passing the `--version` @@ -4083,6 +5498,8 @@ status: --- # Source: crds/operator.tigera.io_installations_crd.yaml + +--- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -4122,6 +5539,1255 @@ spec: description: Specification of the desired state for the Calico or Calico Enterprise installation. properties: + calicoKubeControllersDeployment: + description: CalicoKubeControllersDeployment configures the calico-kube-controllers + Deployment. If used in conjunction with the deprecated ComponentResources, + then these overrides take precedence. + properties: + metadata: + description: Metadata is a subset of a Kubernetes object's metadata + that is added to the Deployment. + properties: + annotations: + additionalProperties: + type: string + description: Annotations is a map of arbitrary non-identifying + metadata. Each of these key/value pairs are added to the + object's annotations provided the key does not already exist + in the object's annotations. + type: object + labels: + additionalProperties: + type: string + description: Labels is a map of string keys and values that + may match replicaset and service selectors. Each of these + key/value pairs are added to the object's labels provided + the key does not already exist in the object's labels. + type: object + type: object + spec: + description: Spec is the specification of the calico-kube-controllers + Deployment. + properties: + minReadySeconds: + description: MinReadySeconds is the minimum number of seconds + for which a newly created Deployment pod should be ready + without any of its container crashing, for it to be considered + available. If specified, this overrides any minReadySeconds + value that may be set on the calico-kube-controllers Deployment. + If omitted, the calico-kube-controllers Deployment will + use its default value for minReadySeconds. + format: int32 + maximum: 2147483647 + minimum: 0 + type: integer + template: + description: Template describes the calico-kube-controllers + Deployment pod that will be created. + properties: + metadata: + description: Metadata is a subset of a Kubernetes object's + metadata that is added to the pod's metadata. + properties: + annotations: + additionalProperties: + type: string + description: Annotations is a map of arbitrary non-identifying + metadata. Each of these key/value pairs are added + to the object's annotations provided the key does + not already exist in the object's annotations. + type: object + labels: + additionalProperties: + type: string + description: Labels is a map of string keys and values + that may match replicaset and service selectors. + Each of these key/value pairs are added to the object's + labels provided the key does not already exist in + the object's labels. + type: object + type: object + spec: + description: Spec is the calico-kube-controllers Deployment's + PodSpec. + properties: + affinity: + description: 'Affinity is a group of affinity scheduling + rules for the calico-kube-controllers pods. If specified, + this overrides any affinity that may be set on the + calico-kube-controllers Deployment. If omitted, + the calico-kube-controllers Deployment will use + its default value for affinity. WARNING: Please + note that this field will override the default calico-kube-controllers + Deployment affinity.' + properties: + nodeAffinity: + description: Describes node affinity scheduling + rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to + schedule pods to nodes that satisfy the + affinity expressions specified by this field, + but it may choose a node that violates one + or more of the expressions. The node that + is most preferred is the one with the greatest + sum of weights, i.e. for each node that + meets all of the scheduling requirements + (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum + by iterating through the elements of this + field and adding "weight" to the sum if + the node matches the corresponding matchExpressions; + the node(s) with the highest sum are the + most preferred. + items: + description: An empty preferred scheduling + term matches all objects with implicit + weight 0 (i.e. it's a no-op). A null preferred + scheduling term matches no objects (i.e. + is also a no-op). + properties: + preference: + description: A node selector term, associated + with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector + requirements by node's labels. + items: + description: A node selector requirement + is a selector that contains + values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key + that the selector applies + to. + type: string + operator: + description: Represents a + key's relationship to a + set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string + values. If the operator + is In or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the values + array must be empty. If + the operator is Gt or Lt, + the values array must have + a single element, which + will be interpreted as an + integer. This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector + requirements by node's fields. + items: + description: A node selector requirement + is a selector that contains + values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key + that the selector applies + to. + type: string + operator: + description: Represents a + key's relationship to a + set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string + values. If the operator + is In or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the values + array must be empty. If + the operator is Gt or Lt, + the values array must have + a single element, which + will be interpreted as an + integer. This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with + matching the corresponding nodeSelectorTerm, + in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements + specified by this field are not met at scheduling + time, the pod will not be scheduled onto + the node. If the affinity requirements specified + by this field cease to be met at some point + during pod execution (e.g. due to an update), + the system may or may not try to eventually + evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node + selector terms. The terms are ORed. + items: + description: A null or empty node selector + term matches no objects. The requirements + of them are ANDed. The TopologySelectorTerm + type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector + requirements by node's labels. + items: + description: A node selector requirement + is a selector that contains + values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key + that the selector applies + to. + type: string + operator: + description: Represents a + key's relationship to a + set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string + values. If the operator + is In or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the values + array must be empty. If + the operator is Gt or Lt, + the values array must have + a single element, which + will be interpreted as an + integer. This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector + requirements by node's fields. + items: + description: A node selector requirement + is a selector that contains + values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key + that the selector applies + to. + type: string + operator: + description: Represents a + key's relationship to a + set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string + values. If the operator + is In or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the values + array must be empty. If + the operator is Gt or Lt, + the values array must have + a single element, which + will be interpreted as an + integer. This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling + rules (e.g. co-locate this pod in the same node, + zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to + schedule pods to nodes that satisfy the + affinity expressions specified by this field, + but it may choose a node that violates one + or more of the expressions. The node that + is most preferred is the one with the greatest + sum of weights, i.e. for each node that + meets all of the scheduling requirements + (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum + by iterating through the elements of this + field and adding "weight" to the sum if + the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest + sum are the most preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added + per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity + term, associated with the corresponding + weight. + properties: + labelSelector: + description: A label query over + a set of resources, in this case + pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator + represents a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is + an array of string values. + If the operator is In + or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the + values array must be + empty. This array is + replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in the + matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over + the set of namespaces that the + term applies to. The term is applied + to the union of the namespaces + selected by this field and the + ones listed in the namespaces + field. null selector and null + or empty namespaces list means + "this pod's namespace". An empty + selector ({}) matches all namespaces. + This field is beta-level and is + only honored when PodAffinityNamespaceSelector + feature is enabled. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator + represents a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is + an array of string values. + If the operator is In + or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the + values array must be + empty. This array is + replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in the + matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + a static list of namespace names + that the term applies to. The + term is applied to the union of + the namespaces listed in this + field and the ones selected by + namespaceSelector. null or empty + namespaces list and null namespaceSelector + means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be + co-located (affinity) or not co-located + (anti-affinity) with the pods + matching the labelSelector in + the specified namespaces, where + co-located is defined as running + on a node whose value of the label + with key topologyKey matches that + of any node on which any of the + selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with + matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements + specified by this field are not met at scheduling + time, the pod will not be scheduled onto + the node. If the affinity requirements specified + by this field cease to be met at some point + during pod execution (e.g. due to a pod + label update), the system may or may not + try to eventually evict the pod from its + node. When there are multiple elements, + the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all + terms must be satisfied. + items: + description: Defines a set of pods (namely + those matching the labelSelector relative + to the given namespace(s)) that this pod + should be co-located (affinity) or not + co-located (anti-affinity) with, where + co-located is defined as running on a + node whose value of the label with key + matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set + of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is + a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector + requirement is a selector that + contains values, a key, and + an operator that relates the + key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In or + NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be + empty. This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single + {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator is + "In", and the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the + set of namespaces that the term applies + to. The term is applied to the union + of the namespaces selected by this + field and the ones listed in the namespaces + field. null selector and null or empty + namespaces list means "this pod's + namespace". An empty selector ({}) + matches all namespaces. This field + is beta-level and is only honored + when PodAffinityNamespaceSelector + feature is enabled. + properties: + matchExpressions: + description: matchExpressions is + a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector + requirement is a selector that + contains values, a key, and + an operator that relates the + key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In or + NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be + empty. This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single + {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator is + "In", and the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a + static list of namespace names that + the term applies to. The term is applied + to the union of the namespaces listed + in this field and the ones selected + by namespaceSelector. null or empty + namespaces list and null namespaceSelector + means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where + co-located is defined as running on + a node whose value of the label with + key topologyKey matches that of any + node on which any of the selected + pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling + rules (e.g. avoid putting this pod in the same + node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to + schedule pods to nodes that satisfy the + anti-affinity expressions specified by this + field, but it may choose a node that violates + one or more of the expressions. The node + that is most preferred is the one with the + greatest sum of weights, i.e. for each node + that meets all of the scheduling requirements + (resource request, requiredDuringScheduling + anti-affinity expressions, etc.), compute + a sum by iterating through the elements + of this field and adding "weight" to the + sum if the node has pods which matches the + corresponding podAffinityTerm; the node(s) + with the highest sum are the most preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added + per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity + term, associated with the corresponding + weight. + properties: + labelSelector: + description: A label query over + a set of resources, in this case + pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator + represents a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is + an array of string values. + If the operator is In + or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the + values array must be + empty. This array is + replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in the + matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over + the set of namespaces that the + term applies to. The term is applied + to the union of the namespaces + selected by this field and the + ones listed in the namespaces + field. null selector and null + or empty namespaces list means + "this pod's namespace". An empty + selector ({}) matches all namespaces. + This field is beta-level and is + only honored when PodAffinityNamespaceSelector + feature is enabled. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator + represents a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is + an array of string values. + If the operator is In + or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the + values array must be + empty. This array is + replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in the + matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + a static list of namespace names + that the term applies to. The + term is applied to the union of + the namespaces listed in this + field and the ones selected by + namespaceSelector. null or empty + namespaces list and null namespaceSelector + means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be + co-located (affinity) or not co-located + (anti-affinity) with the pods + matching the labelSelector in + the specified namespaces, where + co-located is defined as running + on a node whose value of the label + with key topologyKey matches that + of any node on which any of the + selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with + matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements + specified by this field are not met at scheduling + time, the pod will not be scheduled onto + the node. If the anti-affinity requirements + specified by this field cease to be met + at some point during pod execution (e.g. + due to a pod label update), the system may + or may not try to eventually evict the pod + from its node. When there are multiple elements, + the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all + terms must be satisfied. + items: + description: Defines a set of pods (namely + those matching the labelSelector relative + to the given namespace(s)) that this pod + should be co-located (affinity) or not + co-located (anti-affinity) with, where + co-located is defined as running on a + node whose value of the label with key + matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set + of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is + a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector + requirement is a selector that + contains values, a key, and + an operator that relates the + key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In or + NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be + empty. This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single + {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator is + "In", and the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the + set of namespaces that the term applies + to. The term is applied to the union + of the namespaces selected by this + field and the ones listed in the namespaces + field. null selector and null or empty + namespaces list means "this pod's + namespace". An empty selector ({}) + matches all namespaces. This field + is beta-level and is only honored + when PodAffinityNamespaceSelector + feature is enabled. + properties: + matchExpressions: + description: matchExpressions is + a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector + requirement is a selector that + contains values, a key, and + an operator that relates the + key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In or + NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be + empty. This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single + {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator is + "In", and the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a + static list of namespace names that + the term applies to. The term is applied + to the union of the namespaces listed + in this field and the ones selected + by namespaceSelector. null or empty + namespaces list and null namespaceSelector + means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where + co-located is defined as running on + a node whose value of the label with + key topologyKey matches that of any + node on which any of the selected + pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + containers: + description: Containers is a list of calico-kube-controllers + containers. If specified, this overrides the specified + calico-kube-controllers Deployment containers. If + omitted, the calico-kube-controllers Deployment + will use its default values for its containers. + items: + description: CalicoKubeControllersDeploymentContainer + is a calico-kube-controllers Deployment container. + properties: + name: + description: Name is an enum which identifies + the calico-kube-controllers Deployment container + by name. + enum: + - calico-kube-controllers + type: string + resources: + description: Resources allows customization + of limits and requests for compute resources + such as cpu and memory. If specified, this + overrides the named calico-kube-controllers + Deployment container's resources. If omitted, + the calico-kube-controllers Deployment will + use its default value for this container's + resources. If used in conjunction with the + deprecated ComponentResources, then this value + takes precedence. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum + amount of compute resources allowed. More + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum + amount of compute resources required. + If Requests is omitted for a container, + it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + required: + - name + type: object + type: array + nodeSelector: + additionalProperties: + type: string + description: 'NodeSelector is the calico-kube-controllers + pod''s scheduling constraints. If specified, each + of the key/value pairs are added to the calico-kube-controllers + Deployment nodeSelector provided the key does not + already exist in the object''s nodeSelector. If + used in conjunction with ControlPlaneNodeSelector, + that nodeSelector is set on the calico-kube-controllers + Deployment and each of this field''s key/value pairs + are added to the calico-kube-controllers Deployment + nodeSelector provided the key does not already exist + in the object''s nodeSelector. If omitted, the calico-kube-controllers + Deployment will use its default value for nodeSelector. + WARNING: Please note that this field will modify + the default calico-kube-controllers Deployment nodeSelector.' + type: object + tolerations: + description: 'Tolerations is the calico-kube-controllers + pod''s tolerations. If specified, this overrides + any tolerations that may be set on the calico-kube-controllers + Deployment. If omitted, the calico-kube-controllers + Deployment will use its default value for tolerations. + WARNING: Please note that this field will override + the default calico-kube-controllers Deployment tolerations.' + items: + description: The pod this Toleration is attached + to tolerates any taint that matches the triple + using the matching operator + . + properties: + effect: + description: Effect indicates the taint effect + to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, + PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration + applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; + this combination means to match all values + and all keys. + type: string + operator: + description: Operator represents a key's relationship + to the value. Valid operators are Exists and + Equal. Defaults to Equal. Exists is equivalent + to wildcard for value, so that a pod can tolerate + all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the + period of time the toleration (which must + be of effect NoExecute, otherwise this field + is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint + forever (do not evict). Zero and negative + values will be treated as 0 (evict immediately) + by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration + matches to. If the operator is Exists, the + value should be empty, otherwise just a regular + string. + type: string + type: object + type: array + type: object + type: object + type: object + type: object calicoNetwork: description: CalicoNetwork specifies networking configuration options for Calico. @@ -4165,6 +6831,12 @@ spec: description: CIDR contains the address range for the IP Pool in classless inter-domain routing format. type: string + disableBGPExport: + default: false + description: 'DisableBGPExport specifies whether routes + from this IP pool''s CIDR are exported over BGP. Default: + false' + type: boolean encapsulation: description: 'Encapsulation specifies the encapsulation type that will be used with the IP Pool. Default: IPIP' @@ -4289,6 +6961,2547 @@ spec: type: string type: object type: object + calicoNodeDaemonSet: + description: CalicoNodeDaemonSet configures the calico-node DaemonSet. + If used in conjunction with the deprecated ComponentResources, then + these overrides take precedence. + properties: + metadata: + description: Metadata is a subset of a Kubernetes object's metadata + that is added to the DaemonSet. + properties: + annotations: + additionalProperties: + type: string + description: Annotations is a map of arbitrary non-identifying + metadata. Each of these key/value pairs are added to the + object's annotations provided the key does not already exist + in the object's annotations. + type: object + labels: + additionalProperties: + type: string + description: Labels is a map of string keys and values that + may match replicaset and service selectors. Each of these + key/value pairs are added to the object's labels provided + the key does not already exist in the object's labels. + type: object + type: object + spec: + description: Spec is the specification of the calico-node DaemonSet. + properties: + minReadySeconds: + description: MinReadySeconds is the minimum number of seconds + for which a newly created DaemonSet pod should be ready + without any of its container crashing, for it to be considered + available. If specified, this overrides any minReadySeconds + value that may be set on the calico-node DaemonSet. If omitted, + the calico-node DaemonSet will use its default value for + minReadySeconds. + format: int32 + maximum: 2147483647 + minimum: 0 + type: integer + template: + description: Template describes the calico-node DaemonSet + pod that will be created. + properties: + metadata: + description: Metadata is a subset of a Kubernetes object's + metadata that is added to the pod's metadata. + properties: + annotations: + additionalProperties: + type: string + description: Annotations is a map of arbitrary non-identifying + metadata. Each of these key/value pairs are added + to the object's annotations provided the key does + not already exist in the object's annotations. + type: object + labels: + additionalProperties: + type: string + description: Labels is a map of string keys and values + that may match replicaset and service selectors. + Each of these key/value pairs are added to the object's + labels provided the key does not already exist in + the object's labels. + type: object + type: object + spec: + description: Spec is the calico-node DaemonSet's PodSpec. + properties: + affinity: + description: 'Affinity is a group of affinity scheduling + rules for the calico-node pods. If specified, this + overrides any affinity that may be set on the calico-node + DaemonSet. If omitted, the calico-node DaemonSet + will use its default value for affinity. WARNING: + Please note that this field will override the default + calico-node DaemonSet affinity.' + properties: + nodeAffinity: + description: Describes node affinity scheduling + rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to + schedule pods to nodes that satisfy the + affinity expressions specified by this field, + but it may choose a node that violates one + or more of the expressions. The node that + is most preferred is the one with the greatest + sum of weights, i.e. for each node that + meets all of the scheduling requirements + (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum + by iterating through the elements of this + field and adding "weight" to the sum if + the node matches the corresponding matchExpressions; + the node(s) with the highest sum are the + most preferred. + items: + description: An empty preferred scheduling + term matches all objects with implicit + weight 0 (i.e. it's a no-op). A null preferred + scheduling term matches no objects (i.e. + is also a no-op). + properties: + preference: + description: A node selector term, associated + with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector + requirements by node's labels. + items: + description: A node selector requirement + is a selector that contains + values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key + that the selector applies + to. + type: string + operator: + description: Represents a + key's relationship to a + set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string + values. If the operator + is In or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the values + array must be empty. If + the operator is Gt or Lt, + the values array must have + a single element, which + will be interpreted as an + integer. This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector + requirements by node's fields. + items: + description: A node selector requirement + is a selector that contains + values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key + that the selector applies + to. + type: string + operator: + description: Represents a + key's relationship to a + set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string + values. If the operator + is In or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the values + array must be empty. If + the operator is Gt or Lt, + the values array must have + a single element, which + will be interpreted as an + integer. This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with + matching the corresponding nodeSelectorTerm, + in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements + specified by this field are not met at scheduling + time, the pod will not be scheduled onto + the node. If the affinity requirements specified + by this field cease to be met at some point + during pod execution (e.g. due to an update), + the system may or may not try to eventually + evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node + selector terms. The terms are ORed. + items: + description: A null or empty node selector + term matches no objects. The requirements + of them are ANDed. The TopologySelectorTerm + type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector + requirements by node's labels. + items: + description: A node selector requirement + is a selector that contains + values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key + that the selector applies + to. + type: string + operator: + description: Represents a + key's relationship to a + set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string + values. If the operator + is In or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the values + array must be empty. If + the operator is Gt or Lt, + the values array must have + a single element, which + will be interpreted as an + integer. This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector + requirements by node's fields. + items: + description: A node selector requirement + is a selector that contains + values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key + that the selector applies + to. + type: string + operator: + description: Represents a + key's relationship to a + set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string + values. If the operator + is In or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the values + array must be empty. If + the operator is Gt or Lt, + the values array must have + a single element, which + will be interpreted as an + integer. This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling + rules (e.g. co-locate this pod in the same node, + zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to + schedule pods to nodes that satisfy the + affinity expressions specified by this field, + but it may choose a node that violates one + or more of the expressions. The node that + is most preferred is the one with the greatest + sum of weights, i.e. for each node that + meets all of the scheduling requirements + (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum + by iterating through the elements of this + field and adding "weight" to the sum if + the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest + sum are the most preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added + per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity + term, associated with the corresponding + weight. + properties: + labelSelector: + description: A label query over + a set of resources, in this case + pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator + represents a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is + an array of string values. + If the operator is In + or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the + values array must be + empty. This array is + replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in the + matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over + the set of namespaces that the + term applies to. The term is applied + to the union of the namespaces + selected by this field and the + ones listed in the namespaces + field. null selector and null + or empty namespaces list means + "this pod's namespace". An empty + selector ({}) matches all namespaces. + This field is beta-level and is + only honored when PodAffinityNamespaceSelector + feature is enabled. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator + represents a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is + an array of string values. + If the operator is In + or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the + values array must be + empty. This array is + replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in the + matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + a static list of namespace names + that the term applies to. The + term is applied to the union of + the namespaces listed in this + field and the ones selected by + namespaceSelector. null or empty + namespaces list and null namespaceSelector + means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be + co-located (affinity) or not co-located + (anti-affinity) with the pods + matching the labelSelector in + the specified namespaces, where + co-located is defined as running + on a node whose value of the label + with key topologyKey matches that + of any node on which any of the + selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with + matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements + specified by this field are not met at scheduling + time, the pod will not be scheduled onto + the node. If the affinity requirements specified + by this field cease to be met at some point + during pod execution (e.g. due to a pod + label update), the system may or may not + try to eventually evict the pod from its + node. When there are multiple elements, + the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all + terms must be satisfied. + items: + description: Defines a set of pods (namely + those matching the labelSelector relative + to the given namespace(s)) that this pod + should be co-located (affinity) or not + co-located (anti-affinity) with, where + co-located is defined as running on a + node whose value of the label with key + matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set + of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is + a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector + requirement is a selector that + contains values, a key, and + an operator that relates the + key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In or + NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be + empty. This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single + {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator is + "In", and the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the + set of namespaces that the term applies + to. The term is applied to the union + of the namespaces selected by this + field and the ones listed in the namespaces + field. null selector and null or empty + namespaces list means "this pod's + namespace". An empty selector ({}) + matches all namespaces. This field + is beta-level and is only honored + when PodAffinityNamespaceSelector + feature is enabled. + properties: + matchExpressions: + description: matchExpressions is + a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector + requirement is a selector that + contains values, a key, and + an operator that relates the + key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In or + NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be + empty. This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single + {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator is + "In", and the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a + static list of namespace names that + the term applies to. The term is applied + to the union of the namespaces listed + in this field and the ones selected + by namespaceSelector. null or empty + namespaces list and null namespaceSelector + means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where + co-located is defined as running on + a node whose value of the label with + key topologyKey matches that of any + node on which any of the selected + pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling + rules (e.g. avoid putting this pod in the same + node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to + schedule pods to nodes that satisfy the + anti-affinity expressions specified by this + field, but it may choose a node that violates + one or more of the expressions. The node + that is most preferred is the one with the + greatest sum of weights, i.e. for each node + that meets all of the scheduling requirements + (resource request, requiredDuringScheduling + anti-affinity expressions, etc.), compute + a sum by iterating through the elements + of this field and adding "weight" to the + sum if the node has pods which matches the + corresponding podAffinityTerm; the node(s) + with the highest sum are the most preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added + per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity + term, associated with the corresponding + weight. + properties: + labelSelector: + description: A label query over + a set of resources, in this case + pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator + represents a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is + an array of string values. + If the operator is In + or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the + values array must be + empty. This array is + replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in the + matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over + the set of namespaces that the + term applies to. The term is applied + to the union of the namespaces + selected by this field and the + ones listed in the namespaces + field. null selector and null + or empty namespaces list means + "this pod's namespace". An empty + selector ({}) matches all namespaces. + This field is beta-level and is + only honored when PodAffinityNamespaceSelector + feature is enabled. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator + represents a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is + an array of string values. + If the operator is In + or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the + values array must be + empty. This array is + replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in the + matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + a static list of namespace names + that the term applies to. The + term is applied to the union of + the namespaces listed in this + field and the ones selected by + namespaceSelector. null or empty + namespaces list and null namespaceSelector + means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be + co-located (affinity) or not co-located + (anti-affinity) with the pods + matching the labelSelector in + the specified namespaces, where + co-located is defined as running + on a node whose value of the label + with key topologyKey matches that + of any node on which any of the + selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with + matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements + specified by this field are not met at scheduling + time, the pod will not be scheduled onto + the node. If the anti-affinity requirements + specified by this field cease to be met + at some point during pod execution (e.g. + due to a pod label update), the system may + or may not try to eventually evict the pod + from its node. When there are multiple elements, + the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all + terms must be satisfied. + items: + description: Defines a set of pods (namely + those matching the labelSelector relative + to the given namespace(s)) that this pod + should be co-located (affinity) or not + co-located (anti-affinity) with, where + co-located is defined as running on a + node whose value of the label with key + matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set + of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is + a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector + requirement is a selector that + contains values, a key, and + an operator that relates the + key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In or + NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be + empty. This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single + {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator is + "In", and the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the + set of namespaces that the term applies + to. The term is applied to the union + of the namespaces selected by this + field and the ones listed in the namespaces + field. null selector and null or empty + namespaces list means "this pod's + namespace". An empty selector ({}) + matches all namespaces. This field + is beta-level and is only honored + when PodAffinityNamespaceSelector + feature is enabled. + properties: + matchExpressions: + description: matchExpressions is + a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector + requirement is a selector that + contains values, a key, and + an operator that relates the + key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In or + NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be + empty. This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single + {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator is + "In", and the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a + static list of namespace names that + the term applies to. The term is applied + to the union of the namespaces listed + in this field and the ones selected + by namespaceSelector. null or empty + namespaces list and null namespaceSelector + means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where + co-located is defined as running on + a node whose value of the label with + key topologyKey matches that of any + node on which any of the selected + pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + containers: + description: Containers is a list of calico-node containers. + If specified, this overrides the specified calico-node + DaemonSet containers. If omitted, the calico-node + DaemonSet will use its default values for its containers. + items: + description: CalicoNodeDaemonSetContainer is a calico-node + DaemonSet container. + properties: + name: + description: Name is an enum which identifies + the calico-node DaemonSet container by name. + enum: + - calico-node + type: string + resources: + description: Resources allows customization + of limits and requests for compute resources + such as cpu and memory. If specified, this + overrides the named calico-node DaemonSet + container's resources. If omitted, the calico-node + DaemonSet will use its default value for this + container's resources. If used in conjunction + with the deprecated ComponentResources, then + this value takes precedence. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum + amount of compute resources allowed. More + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum + amount of compute resources required. + If Requests is omitted for a container, + it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + required: + - name + type: object + type: array + initContainers: + description: InitContainers is a list of calico-node + init containers. If specified, this overrides the + specified calico-node DaemonSet init containers. + If omitted, the calico-node DaemonSet will use its + default values for its init containers. + items: + description: CalicoNodeDaemonSetInitContainer is + a calico-node DaemonSet init container. + properties: + name: + description: Name is an enum which identifies + the calico-node DaemonSet init container by + name. + enum: + - install-cni + - hostpath-init + - flexvol-driver + - mount-bpffs + - node-certs-key-cert-provisioner + - calico-node-prometheus-server-tls-key-cert-provisioner + type: string + resources: + description: Resources allows customization + of limits and requests for compute resources + such as cpu and memory. If specified, this + overrides the named calico-node DaemonSet + init container's resources. If omitted, the + calico-node DaemonSet will use its default + value for this container's resources. If used + in conjunction with the deprecated ComponentResources, + then this value takes precedence. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum + amount of compute resources allowed. More + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum + amount of compute resources required. + If Requests is omitted for a container, + it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + required: + - name + type: object + type: array + nodeSelector: + additionalProperties: + type: string + description: 'NodeSelector is the calico-node pod''s + scheduling constraints. If specified, each of the + key/value pairs are added to the calico-node DaemonSet + nodeSelector provided the key does not already exist + in the object''s nodeSelector. If omitted, the calico-node + DaemonSet will use its default value for nodeSelector. + WARNING: Please note that this field will modify + the default calico-node DaemonSet nodeSelector.' + type: object + tolerations: + description: 'Tolerations is the calico-node pod''s + tolerations. If specified, this overrides any tolerations + that may be set on the calico-node DaemonSet. If + omitted, the calico-node DaemonSet will use its + default value for tolerations. WARNING: Please note + that this field will override the default calico-node + DaemonSet tolerations.' + items: + description: The pod this Toleration is attached + to tolerates any taint that matches the triple + using the matching operator + . + properties: + effect: + description: Effect indicates the taint effect + to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, + PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration + applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; + this combination means to match all values + and all keys. + type: string + operator: + description: Operator represents a key's relationship + to the value. Valid operators are Exists and + Equal. Defaults to Equal. Exists is equivalent + to wildcard for value, so that a pod can tolerate + all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the + period of time the toleration (which must + be of effect NoExecute, otherwise this field + is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint + forever (do not evict). Zero and negative + values will be treated as 0 (evict immediately) + by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration + matches to. If the operator is Exists, the + value should be empty, otherwise just a regular + string. + type: string + type: object + type: array + type: object + type: object + type: object + type: object + calicoWindowsUpgradeDaemonSet: + description: CalicoWindowsUpgradeDaemonSet configures the calico-windows-upgrade + DaemonSet. + properties: + metadata: + description: Metadata is a subset of a Kubernetes object's metadata + that is added to the Deployment. + properties: + annotations: + additionalProperties: + type: string + description: Annotations is a map of arbitrary non-identifying + metadata. Each of these key/value pairs are added to the + object's annotations provided the key does not already exist + in the object's annotations. + type: object + labels: + additionalProperties: + type: string + description: Labels is a map of string keys and values that + may match replicaset and service selectors. Each of these + key/value pairs are added to the object's labels provided + the key does not already exist in the object's labels. + type: object + type: object + spec: + description: Spec is the specification of the calico-windows-upgrade + DaemonSet. + properties: + minReadySeconds: + description: MinReadySeconds is the minimum number of seconds + for which a newly created Deployment pod should be ready + without any of its container crashing, for it to be considered + available. If specified, this overrides any minReadySeconds + value that may be set on the calico-windows-upgrade DaemonSet. + If omitted, the calico-windows-upgrade DaemonSet will use + its default value for minReadySeconds. + format: int32 + maximum: 2147483647 + minimum: 0 + type: integer + template: + description: Template describes the calico-windows-upgrade + DaemonSet pod that will be created. + properties: + metadata: + description: Metadata is a subset of a Kubernetes object's + metadata that is added to the pod's metadata. + properties: + annotations: + additionalProperties: + type: string + description: Annotations is a map of arbitrary non-identifying + metadata. Each of these key/value pairs are added + to the object's annotations provided the key does + not already exist in the object's annotations. + type: object + labels: + additionalProperties: + type: string + description: Labels is a map of string keys and values + that may match replicaset and service selectors. + Each of these key/value pairs are added to the object's + labels provided the key does not already exist in + the object's labels. + type: object + type: object + spec: + description: Spec is the calico-windows-upgrade DaemonSet's + PodSpec. + properties: + affinity: + description: 'Affinity is a group of affinity scheduling + rules for the calico-windows-upgrade pods. If specified, + this overrides any affinity that may be set on the + calico-windows-upgrade DaemonSet. If omitted, the + calico-windows-upgrade DaemonSet will use its default + value for affinity. WARNING: Please note that this + field will override the default calico-windows-upgrade + DaemonSet affinity.' + properties: + nodeAffinity: + description: Describes node affinity scheduling + rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to + schedule pods to nodes that satisfy the + affinity expressions specified by this field, + but it may choose a node that violates one + or more of the expressions. The node that + is most preferred is the one with the greatest + sum of weights, i.e. for each node that + meets all of the scheduling requirements + (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum + by iterating through the elements of this + field and adding "weight" to the sum if + the node matches the corresponding matchExpressions; + the node(s) with the highest sum are the + most preferred. + items: + description: An empty preferred scheduling + term matches all objects with implicit + weight 0 (i.e. it's a no-op). A null preferred + scheduling term matches no objects (i.e. + is also a no-op). + properties: + preference: + description: A node selector term, associated + with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector + requirements by node's labels. + items: + description: A node selector requirement + is a selector that contains + values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key + that the selector applies + to. + type: string + operator: + description: Represents a + key's relationship to a + set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string + values. If the operator + is In or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the values + array must be empty. If + the operator is Gt or Lt, + the values array must have + a single element, which + will be interpreted as an + integer. This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector + requirements by node's fields. + items: + description: A node selector requirement + is a selector that contains + values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key + that the selector applies + to. + type: string + operator: + description: Represents a + key's relationship to a + set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string + values. If the operator + is In or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the values + array must be empty. If + the operator is Gt or Lt, + the values array must have + a single element, which + will be interpreted as an + integer. This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with + matching the corresponding nodeSelectorTerm, + in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements + specified by this field are not met at scheduling + time, the pod will not be scheduled onto + the node. If the affinity requirements specified + by this field cease to be met at some point + during pod execution (e.g. due to an update), + the system may or may not try to eventually + evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node + selector terms. The terms are ORed. + items: + description: A null or empty node selector + term matches no objects. The requirements + of them are ANDed. The TopologySelectorTerm + type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector + requirements by node's labels. + items: + description: A node selector requirement + is a selector that contains + values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key + that the selector applies + to. + type: string + operator: + description: Represents a + key's relationship to a + set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string + values. If the operator + is In or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the values + array must be empty. If + the operator is Gt or Lt, + the values array must have + a single element, which + will be interpreted as an + integer. This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector + requirements by node's fields. + items: + description: A node selector requirement + is a selector that contains + values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key + that the selector applies + to. + type: string + operator: + description: Represents a + key's relationship to a + set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string + values. If the operator + is In or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the values + array must be empty. If + the operator is Gt or Lt, + the values array must have + a single element, which + will be interpreted as an + integer. This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling + rules (e.g. co-locate this pod in the same node, + zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to + schedule pods to nodes that satisfy the + affinity expressions specified by this field, + but it may choose a node that violates one + or more of the expressions. The node that + is most preferred is the one with the greatest + sum of weights, i.e. for each node that + meets all of the scheduling requirements + (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum + by iterating through the elements of this + field and adding "weight" to the sum if + the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest + sum are the most preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added + per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity + term, associated with the corresponding + weight. + properties: + labelSelector: + description: A label query over + a set of resources, in this case + pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator + represents a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is + an array of string values. + If the operator is In + or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the + values array must be + empty. This array is + replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in the + matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over + the set of namespaces that the + term applies to. The term is applied + to the union of the namespaces + selected by this field and the + ones listed in the namespaces + field. null selector and null + or empty namespaces list means + "this pod's namespace". An empty + selector ({}) matches all namespaces. + This field is beta-level and is + only honored when PodAffinityNamespaceSelector + feature is enabled. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator + represents a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is + an array of string values. + If the operator is In + or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the + values array must be + empty. This array is + replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in the + matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + a static list of namespace names + that the term applies to. The + term is applied to the union of + the namespaces listed in this + field and the ones selected by + namespaceSelector. null or empty + namespaces list and null namespaceSelector + means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be + co-located (affinity) or not co-located + (anti-affinity) with the pods + matching the labelSelector in + the specified namespaces, where + co-located is defined as running + on a node whose value of the label + with key topologyKey matches that + of any node on which any of the + selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with + matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements + specified by this field are not met at scheduling + time, the pod will not be scheduled onto + the node. If the affinity requirements specified + by this field cease to be met at some point + during pod execution (e.g. due to a pod + label update), the system may or may not + try to eventually evict the pod from its + node. When there are multiple elements, + the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all + terms must be satisfied. + items: + description: Defines a set of pods (namely + those matching the labelSelector relative + to the given namespace(s)) that this pod + should be co-located (affinity) or not + co-located (anti-affinity) with, where + co-located is defined as running on a + node whose value of the label with key + matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set + of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is + a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector + requirement is a selector that + contains values, a key, and + an operator that relates the + key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In or + NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be + empty. This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single + {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator is + "In", and the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the + set of namespaces that the term applies + to. The term is applied to the union + of the namespaces selected by this + field and the ones listed in the namespaces + field. null selector and null or empty + namespaces list means "this pod's + namespace". An empty selector ({}) + matches all namespaces. This field + is beta-level and is only honored + when PodAffinityNamespaceSelector + feature is enabled. + properties: + matchExpressions: + description: matchExpressions is + a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector + requirement is a selector that + contains values, a key, and + an operator that relates the + key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In or + NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be + empty. This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single + {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator is + "In", and the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a + static list of namespace names that + the term applies to. The term is applied + to the union of the namespaces listed + in this field and the ones selected + by namespaceSelector. null or empty + namespaces list and null namespaceSelector + means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where + co-located is defined as running on + a node whose value of the label with + key topologyKey matches that of any + node on which any of the selected + pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling + rules (e.g. avoid putting this pod in the same + node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to + schedule pods to nodes that satisfy the + anti-affinity expressions specified by this + field, but it may choose a node that violates + one or more of the expressions. The node + that is most preferred is the one with the + greatest sum of weights, i.e. for each node + that meets all of the scheduling requirements + (resource request, requiredDuringScheduling + anti-affinity expressions, etc.), compute + a sum by iterating through the elements + of this field and adding "weight" to the + sum if the node has pods which matches the + corresponding podAffinityTerm; the node(s) + with the highest sum are the most preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added + per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity + term, associated with the corresponding + weight. + properties: + labelSelector: + description: A label query over + a set of resources, in this case + pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator + represents a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is + an array of string values. + If the operator is In + or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the + values array must be + empty. This array is + replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in the + matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over + the set of namespaces that the + term applies to. The term is applied + to the union of the namespaces + selected by this field and the + ones listed in the namespaces + field. null selector and null + or empty namespaces list means + "this pod's namespace". An empty + selector ({}) matches all namespaces. + This field is beta-level and is + only honored when PodAffinityNamespaceSelector + feature is enabled. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator + represents a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is + an array of string values. + If the operator is In + or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the + values array must be + empty. This array is + replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in the + matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + a static list of namespace names + that the term applies to. The + term is applied to the union of + the namespaces listed in this + field and the ones selected by + namespaceSelector. null or empty + namespaces list and null namespaceSelector + means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be + co-located (affinity) or not co-located + (anti-affinity) with the pods + matching the labelSelector in + the specified namespaces, where + co-located is defined as running + on a node whose value of the label + with key topologyKey matches that + of any node on which any of the + selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with + matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements + specified by this field are not met at scheduling + time, the pod will not be scheduled onto + the node. If the anti-affinity requirements + specified by this field cease to be met + at some point during pod execution (e.g. + due to a pod label update), the system may + or may not try to eventually evict the pod + from its node. When there are multiple elements, + the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all + terms must be satisfied. + items: + description: Defines a set of pods (namely + those matching the labelSelector relative + to the given namespace(s)) that this pod + should be co-located (affinity) or not + co-located (anti-affinity) with, where + co-located is defined as running on a + node whose value of the label with key + matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set + of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is + a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector + requirement is a selector that + contains values, a key, and + an operator that relates the + key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In or + NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be + empty. This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single + {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator is + "In", and the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the + set of namespaces that the term applies + to. The term is applied to the union + of the namespaces selected by this + field and the ones listed in the namespaces + field. null selector and null or empty + namespaces list means "this pod's + namespace". An empty selector ({}) + matches all namespaces. This field + is beta-level and is only honored + when PodAffinityNamespaceSelector + feature is enabled. + properties: + matchExpressions: + description: matchExpressions is + a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector + requirement is a selector that + contains values, a key, and + an operator that relates the + key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In or + NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be + empty. This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single + {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator is + "In", and the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a + static list of namespace names that + the term applies to. The term is applied + to the union of the namespaces listed + in this field and the ones selected + by namespaceSelector. null or empty + namespaces list and null namespaceSelector + means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where + co-located is defined as running on + a node whose value of the label with + key topologyKey matches that of any + node on which any of the selected + pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + containers: + description: Containers is a list of calico-windows-upgrade + containers. If specified, this overrides the specified + calico-windows-upgrade DaemonSet containers. If + omitted, the calico-windows-upgrade DaemonSet will + use its default values for its containers. + items: + description: CalicoWindowsUpgradeDaemonSetContainer + is a calico-windows-upgrade DaemonSet container. + properties: + name: + description: Name is an enum which identifies + the calico-windows-upgrade DaemonSet container + by name. + enum: + - calico-windows-upgrade + type: string + resources: + description: Resources allows customization + of limits and requests for compute resources + such as cpu and memory. If specified, this + overrides the named calico-windows-upgrade + DaemonSet container's resources. If omitted, + the calico-windows-upgrade DaemonSet will + use its default value for this container's + resources. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum + amount of compute resources allowed. More + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum + amount of compute resources required. + If Requests is omitted for a container, + it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + required: + - name + type: object + type: array + nodeSelector: + additionalProperties: + type: string + description: 'NodeSelector is the calico-windows-upgrade + pod''s scheduling constraints. If specified, each + of the key/value pairs are added to the calico-windows-upgrade + DaemonSet nodeSelector provided the key does not + already exist in the object''s nodeSelector. If + omitted, the calico-windows-upgrade DaemonSet will + use its default value for nodeSelector. WARNING: + Please note that this field will modify the default + calico-windows-upgrade DaemonSet nodeSelector.' + type: object + tolerations: + description: 'Tolerations is the calico-windows-upgrade + pod''s tolerations. If specified, this overrides + any tolerations that may be set on the calico-windows-upgrade + DaemonSet. If omitted, the calico-windows-upgrade + DaemonSet will use its default value for tolerations. + WARNING: Please note that this field will override + the default calico-windows-upgrade DaemonSet tolerations.' + items: + description: The pod this Toleration is attached + to tolerates any taint that matches the triple + using the matching operator + . + properties: + effect: + description: Effect indicates the taint effect + to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, + PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration + applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; + this combination means to match all values + and all keys. + type: string + operator: + description: Operator represents a key's relationship + to the value. Valid operators are Exists and + Equal. Defaults to Equal. Exists is equivalent + to wildcard for value, so that a pod can tolerate + all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the + period of time the toleration (which must + be of effect NoExecute, otherwise this field + is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint + forever (do not evict). Zero and negative + values will be treated as 0 (evict immediately) + by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration + matches to. If the operator is Exists, the + value should be empty, otherwise just a regular + string. + type: string + type: object + type: array + type: object + type: object + type: object + type: object certificateManagement: description: CertificateManagement configures pods to submit a CertificateSigningRequest to the certificates.k8s.io/v1beta1 API in order to obtain TLS certificates. @@ -4385,12 +9598,14 @@ spec: - type type: object componentResources: - description: ComponentResources can be used to customize the resource - requirements for each component. Node, Typha, and KubeControllers - are supported for installations. + description: Deprecated. Please use CalicoNodeDaemonSet, TyphaDeployment, + and KubeControllersDeployment. ComponentResources can be used to + customize the resource requirements for each component. Node, Typha, + and KubeControllers are supported for installations. items: - description: The ComponentResource struct associates a ResourceRequirements - with a component by name + description: Deprecated. Please use component resource config fields + in Installation.Spec instead. The ComponentResource struct associates + a ResourceRequirements with a component by name properties: componentName: description: ComponentName is an enum which identifies the component @@ -4487,6 +9702,14 @@ spec: type: string type: object type: array + fipsMode: + description: 'FIPSMode uses images and features only that are using + FIPS 140-2 validated cryptographic modules and standards. Default: + Disabled' + enum: + - Enabled + - Disabled + type: string flexVolumePath: description: FlexVolumePath optionally specifies a custom path for FlexVolume. If not specified, FlexVolume will be enabled by default. @@ -4527,6 +9750,11 @@ spec: type: string type: object type: array + kubeletVolumePluginPath: + description: 'KubeletVolumePluginPath optionally specifies enablement + of Calico CSI plugin. If not specified, CSI will be enabled by default. + If set to ''None'', CSI will be disabled. Default: /var/lib/kubelet' + type: string kubernetesProvider: description: KubernetesProvider specifies a particular provider of the Kubernetes platform and enables provider-specific configuration. @@ -4587,7 +9815,7 @@ spec: on any given node can double if the readiness check fails, and so resource intensive daemonsets should take into account that they may cause evictions during disruption. This is - an alpha field and requires enabling DaemonSetUpdateSurge + beta field and enabled/disabled by DaemonSetUpdateSurge feature gate.' x-kubernetes-int-or-string: true maxUnavailable: @@ -4598,18 +9826,17 @@ spec: be unavailable during the update. Value can be an absolute number (ex: 5) or a percentage of total number of DaemonSet pods at the start of the update (ex: 10%). Absolute number - is calculated from percentage by rounding down to a minimum - of one. This cannot be 0 if MaxSurge is 0 Default value - is 1. Example: when this is set to 30%, at most 30% of the - total number of nodes that should be running the daemon - pod (i.e. status.desiredNumberScheduled) can have their - pods stopped for an update at any given time. The update - starts by stopping at most 30% of those DaemonSet pods and - then brings up new DaemonSet pods in their place. Once the - new pods are available, it then proceeds onto other DaemonSet - pods, thus ensuring that at least 70% of original number - of DaemonSet pods are available at all times during the - update.' + is calculated from percentage by rounding up. This cannot + be 0 if MaxSurge is 0 Default value is 1. Example: when + this is set to 30%, at most 30% of the total number of nodes + that should be running the daemon pod (i.e. status.desiredNumberScheduled) + can have their pods stopped for an update at any given time. + The update starts by stopping at most 30% of those DaemonSet + pods and then brings up new DaemonSet pods in their place. + Once the new pods are available, it then proceeds onto other + DaemonSet pods, thus ensuring that at least 70% of original + number of DaemonSet pods are available at all times during + the update.' x-kubernetes-int-or-string: true type: object type: @@ -4632,7 +9859,8 @@ spec: above format." type: string typhaAffinity: - description: TyphaAffinity allows configuration of node affinity characteristics + description: Deprecated. Please use Installation.Spec.TyphaDeployment + instead. TyphaAffinity allows configuration of node affinity characteristics for Typha pods. properties: nodeAffinity: @@ -4843,6 +10071,1301 @@ spec: type: object type: object type: object + typhaDeployment: + description: TyphaDeployment configures the typha Deployment. If used + in conjunction with the deprecated ComponentResources or TyphaAffinity, + then these overrides take precedence. + properties: + metadata: + description: Metadata is a subset of a Kubernetes object's metadata + that is added to the Deployment. + properties: + annotations: + additionalProperties: + type: string + description: Annotations is a map of arbitrary non-identifying + metadata. Each of these key/value pairs are added to the + object's annotations provided the key does not already exist + in the object's annotations. + type: object + labels: + additionalProperties: + type: string + description: Labels is a map of string keys and values that + may match replicaset and service selectors. Each of these + key/value pairs are added to the object's labels provided + the key does not already exist in the object's labels. + type: object + type: object + spec: + description: Spec is the specification of the typha Deployment. + properties: + minReadySeconds: + description: MinReadySeconds is the minimum number of seconds + for which a newly created Deployment pod should be ready + without any of its container crashing, for it to be considered + available. If specified, this overrides any minReadySeconds + value that may be set on the typha Deployment. If omitted, + the typha Deployment will use its default value for minReadySeconds. + format: int32 + maximum: 2147483647 + minimum: 0 + type: integer + template: + description: Template describes the typha Deployment pod that + will be created. + properties: + metadata: + description: Metadata is a subset of a Kubernetes object's + metadata that is added to the pod's metadata. + properties: + annotations: + additionalProperties: + type: string + description: Annotations is a map of arbitrary non-identifying + metadata. Each of these key/value pairs are added + to the object's annotations provided the key does + not already exist in the object's annotations. + type: object + labels: + additionalProperties: + type: string + description: Labels is a map of string keys and values + that may match replicaset and service selectors. + Each of these key/value pairs are added to the object's + labels provided the key does not already exist in + the object's labels. + type: object + type: object + spec: + description: Spec is the typha Deployment's PodSpec. + properties: + affinity: + description: 'Affinity is a group of affinity scheduling + rules for the typha pods. If specified, this overrides + any affinity that may be set on the typha Deployment. + If omitted, the typha Deployment will use its default + value for affinity. If used in conjunction with + the deprecated TyphaAffinity, then this value takes + precedence. WARNING: Please note that this field + will override the default calico-typha Deployment + affinity.' + properties: + nodeAffinity: + description: Describes node affinity scheduling + rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to + schedule pods to nodes that satisfy the + affinity expressions specified by this field, + but it may choose a node that violates one + or more of the expressions. The node that + is most preferred is the one with the greatest + sum of weights, i.e. for each node that + meets all of the scheduling requirements + (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum + by iterating through the elements of this + field and adding "weight" to the sum if + the node matches the corresponding matchExpressions; + the node(s) with the highest sum are the + most preferred. + items: + description: An empty preferred scheduling + term matches all objects with implicit + weight 0 (i.e. it's a no-op). A null preferred + scheduling term matches no objects (i.e. + is also a no-op). + properties: + preference: + description: A node selector term, associated + with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector + requirements by node's labels. + items: + description: A node selector requirement + is a selector that contains + values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key + that the selector applies + to. + type: string + operator: + description: Represents a + key's relationship to a + set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string + values. If the operator + is In or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the values + array must be empty. If + the operator is Gt or Lt, + the values array must have + a single element, which + will be interpreted as an + integer. This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector + requirements by node's fields. + items: + description: A node selector requirement + is a selector that contains + values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key + that the selector applies + to. + type: string + operator: + description: Represents a + key's relationship to a + set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string + values. If the operator + is In or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the values + array must be empty. If + the operator is Gt or Lt, + the values array must have + a single element, which + will be interpreted as an + integer. This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with + matching the corresponding nodeSelectorTerm, + in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements + specified by this field are not met at scheduling + time, the pod will not be scheduled onto + the node. If the affinity requirements specified + by this field cease to be met at some point + during pod execution (e.g. due to an update), + the system may or may not try to eventually + evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node + selector terms. The terms are ORed. + items: + description: A null or empty node selector + term matches no objects. The requirements + of them are ANDed. The TopologySelectorTerm + type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector + requirements by node's labels. + items: + description: A node selector requirement + is a selector that contains + values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key + that the selector applies + to. + type: string + operator: + description: Represents a + key's relationship to a + set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string + values. If the operator + is In or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the values + array must be empty. If + the operator is Gt or Lt, + the values array must have + a single element, which + will be interpreted as an + integer. This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector + requirements by node's fields. + items: + description: A node selector requirement + is a selector that contains + values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key + that the selector applies + to. + type: string + operator: + description: Represents a + key's relationship to a + set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string + values. If the operator + is In or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the values + array must be empty. If + the operator is Gt or Lt, + the values array must have + a single element, which + will be interpreted as an + integer. This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling + rules (e.g. co-locate this pod in the same node, + zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to + schedule pods to nodes that satisfy the + affinity expressions specified by this field, + but it may choose a node that violates one + or more of the expressions. The node that + is most preferred is the one with the greatest + sum of weights, i.e. for each node that + meets all of the scheduling requirements + (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum + by iterating through the elements of this + field and adding "weight" to the sum if + the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest + sum are the most preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added + per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity + term, associated with the corresponding + weight. + properties: + labelSelector: + description: A label query over + a set of resources, in this case + pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator + represents a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is + an array of string values. + If the operator is In + or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the + values array must be + empty. This array is + replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in the + matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over + the set of namespaces that the + term applies to. The term is applied + to the union of the namespaces + selected by this field and the + ones listed in the namespaces + field. null selector and null + or empty namespaces list means + "this pod's namespace". An empty + selector ({}) matches all namespaces. + This field is beta-level and is + only honored when PodAffinityNamespaceSelector + feature is enabled. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator + represents a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is + an array of string values. + If the operator is In + or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the + values array must be + empty. This array is + replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in the + matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + a static list of namespace names + that the term applies to. The + term is applied to the union of + the namespaces listed in this + field and the ones selected by + namespaceSelector. null or empty + namespaces list and null namespaceSelector + means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be + co-located (affinity) or not co-located + (anti-affinity) with the pods + matching the labelSelector in + the specified namespaces, where + co-located is defined as running + on a node whose value of the label + with key topologyKey matches that + of any node on which any of the + selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with + matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements + specified by this field are not met at scheduling + time, the pod will not be scheduled onto + the node. If the affinity requirements specified + by this field cease to be met at some point + during pod execution (e.g. due to a pod + label update), the system may or may not + try to eventually evict the pod from its + node. When there are multiple elements, + the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all + terms must be satisfied. + items: + description: Defines a set of pods (namely + those matching the labelSelector relative + to the given namespace(s)) that this pod + should be co-located (affinity) or not + co-located (anti-affinity) with, where + co-located is defined as running on a + node whose value of the label with key + matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set + of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is + a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector + requirement is a selector that + contains values, a key, and + an operator that relates the + key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In or + NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be + empty. This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single + {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator is + "In", and the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the + set of namespaces that the term applies + to. The term is applied to the union + of the namespaces selected by this + field and the ones listed in the namespaces + field. null selector and null or empty + namespaces list means "this pod's + namespace". An empty selector ({}) + matches all namespaces. This field + is beta-level and is only honored + when PodAffinityNamespaceSelector + feature is enabled. + properties: + matchExpressions: + description: matchExpressions is + a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector + requirement is a selector that + contains values, a key, and + an operator that relates the + key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In or + NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be + empty. This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single + {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator is + "In", and the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a + static list of namespace names that + the term applies to. The term is applied + to the union of the namespaces listed + in this field and the ones selected + by namespaceSelector. null or empty + namespaces list and null namespaceSelector + means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where + co-located is defined as running on + a node whose value of the label with + key topologyKey matches that of any + node on which any of the selected + pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling + rules (e.g. avoid putting this pod in the same + node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to + schedule pods to nodes that satisfy the + anti-affinity expressions specified by this + field, but it may choose a node that violates + one or more of the expressions. The node + that is most preferred is the one with the + greatest sum of weights, i.e. for each node + that meets all of the scheduling requirements + (resource request, requiredDuringScheduling + anti-affinity expressions, etc.), compute + a sum by iterating through the elements + of this field and adding "weight" to the + sum if the node has pods which matches the + corresponding podAffinityTerm; the node(s) + with the highest sum are the most preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added + per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity + term, associated with the corresponding + weight. + properties: + labelSelector: + description: A label query over + a set of resources, in this case + pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator + represents a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is + an array of string values. + If the operator is In + or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the + values array must be + empty. This array is + replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in the + matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over + the set of namespaces that the + term applies to. The term is applied + to the union of the namespaces + selected by this field and the + ones listed in the namespaces + field. null selector and null + or empty namespaces list means + "this pod's namespace". An empty + selector ({}) matches all namespaces. + This field is beta-level and is + only honored when PodAffinityNamespaceSelector + feature is enabled. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator + represents a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is + an array of string values. + If the operator is In + or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the + values array must be + empty. This array is + replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in the + matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + a static list of namespace names + that the term applies to. The + term is applied to the union of + the namespaces listed in this + field and the ones selected by + namespaceSelector. null or empty + namespaces list and null namespaceSelector + means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be + co-located (affinity) or not co-located + (anti-affinity) with the pods + matching the labelSelector in + the specified namespaces, where + co-located is defined as running + on a node whose value of the label + with key topologyKey matches that + of any node on which any of the + selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with + matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements + specified by this field are not met at scheduling + time, the pod will not be scheduled onto + the node. If the anti-affinity requirements + specified by this field cease to be met + at some point during pod execution (e.g. + due to a pod label update), the system may + or may not try to eventually evict the pod + from its node. When there are multiple elements, + the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all + terms must be satisfied. + items: + description: Defines a set of pods (namely + those matching the labelSelector relative + to the given namespace(s)) that this pod + should be co-located (affinity) or not + co-located (anti-affinity) with, where + co-located is defined as running on a + node whose value of the label with key + matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set + of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is + a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector + requirement is a selector that + contains values, a key, and + an operator that relates the + key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In or + NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be + empty. This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single + {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator is + "In", and the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the + set of namespaces that the term applies + to. The term is applied to the union + of the namespaces selected by this + field and the ones listed in the namespaces + field. null selector and null or empty + namespaces list means "this pod's + namespace". An empty selector ({}) + matches all namespaces. This field + is beta-level and is only honored + when PodAffinityNamespaceSelector + feature is enabled. + properties: + matchExpressions: + description: matchExpressions is + a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector + requirement is a selector that + contains values, a key, and + an operator that relates the + key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In or + NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be + empty. This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single + {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator is + "In", and the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a + static list of namespace names that + the term applies to. The term is applied + to the union of the namespaces listed + in this field and the ones selected + by namespaceSelector. null or empty + namespaces list and null namespaceSelector + means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where + co-located is defined as running on + a node whose value of the label with + key topologyKey matches that of any + node on which any of the selected + pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + containers: + description: Containers is a list of typha containers. + If specified, this overrides the specified typha + Deployment containers. If omitted, the typha Deployment + will use its default values for its containers. + items: + description: TyphaDeploymentContainer is a typha + Deployment container. + properties: + name: + description: Name is an enum which identifies + the typha Deployment container by name. + enum: + - calico-typha + type: string + resources: + description: Resources allows customization + of limits and requests for compute resources + such as cpu and memory. If specified, this + overrides the named typha Deployment container's + resources. If omitted, the typha Deployment + will use its default value for this container's + resources. If used in conjunction with the + deprecated ComponentResources, then this value + takes precedence. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum + amount of compute resources allowed. More + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum + amount of compute resources required. + If Requests is omitted for a container, + it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + required: + - name + type: object + type: array + initContainers: + description: InitContainers is a list of typha init + containers. If specified, this overrides the specified + typha Deployment init containers. If omitted, the + typha Deployment will use its default values for + its init containers. + items: + description: TyphaDeploymentInitContainer is a typha + Deployment init container. + properties: + name: + description: Name is an enum which identifies + the typha Deployment init container by name. + enum: + - typha-certs-key-cert-provisioner + type: string + resources: + description: Resources allows customization + of limits and requests for compute resources + such as cpu and memory. If specified, this + overrides the named typha Deployment init + container's resources. If omitted, the typha + Deployment will use its default value for + this init container's resources. If used in + conjunction with the deprecated ComponentResources, + then this value takes precedence. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum + amount of compute resources allowed. More + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum + amount of compute resources required. + If Requests is omitted for a container, + it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + required: + - name + type: object + type: array + nodeSelector: + additionalProperties: + type: string + description: 'NodeSelector is the calico-typha pod''s + scheduling constraints. If specified, each of the + key/value pairs are added to the calico-typha Deployment + nodeSelector provided the key does not already exist + in the object''s nodeSelector. If omitted, the calico-typha + Deployment will use its default value for nodeSelector. + WARNING: Please note that this field will modify + the default calico-typha Deployment nodeSelector.' + type: object + tolerations: + description: 'Tolerations is the typha pod''s tolerations. + If specified, this overrides any tolerations that + may be set on the typha Deployment. If omitted, + the typha Deployment will use its default value + for tolerations. WARNING: Please note that this + field will override the default calico-typha Deployment + tolerations.' + items: + description: The pod this Toleration is attached + to tolerates any taint that matches the triple + using the matching operator + . + properties: + effect: + description: Effect indicates the taint effect + to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, + PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration + applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; + this combination means to match all values + and all keys. + type: string + operator: + description: Operator represents a key's relationship + to the value. Valid operators are Exists and + Equal. Defaults to Equal. Exists is equivalent + to wildcard for value, so that a pod can tolerate + all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the + period of time the toleration (which must + be of effect NoExecute, otherwise this field + is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint + forever (do not evict). Zero and negative + values will be treated as 0 (evict immediately) + by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration + matches to. If the operator is Exists, the + value should be empty, otherwise just a regular + string. + type: string + type: object + type: array + type: object + type: object + type: object + type: object typhaMetricsPort: description: TyphaMetricsPort specifies which port calico/typha serves prometheus metrics on. By default, metrics are not enabled. @@ -4864,6 +11387,1355 @@ spec: description: Computed is the final installation including overlaid resources. properties: + calicoKubeControllersDeployment: + description: CalicoKubeControllersDeployment configures the calico-kube-controllers + Deployment. If used in conjunction with the deprecated ComponentResources, + then these overrides take precedence. + properties: + metadata: + description: Metadata is a subset of a Kubernetes object's + metadata that is added to the Deployment. + properties: + annotations: + additionalProperties: + type: string + description: Annotations is a map of arbitrary non-identifying + metadata. Each of these key/value pairs are added to + the object's annotations provided the key does not already + exist in the object's annotations. + type: object + labels: + additionalProperties: + type: string + description: Labels is a map of string keys and values + that may match replicaset and service selectors. Each + of these key/value pairs are added to the object's labels + provided the key does not already exist in the object's + labels. + type: object + type: object + spec: + description: Spec is the specification of the calico-kube-controllers + Deployment. + properties: + minReadySeconds: + description: MinReadySeconds is the minimum number of + seconds for which a newly created Deployment pod should + be ready without any of its container crashing, for + it to be considered available. If specified, this overrides + any minReadySeconds value that may be set on the calico-kube-controllers + Deployment. If omitted, the calico-kube-controllers + Deployment will use its default value for minReadySeconds. + format: int32 + maximum: 2147483647 + minimum: 0 + type: integer + template: + description: Template describes the calico-kube-controllers + Deployment pod that will be created. + properties: + metadata: + description: Metadata is a subset of a Kubernetes + object's metadata that is added to the pod's metadata. + properties: + annotations: + additionalProperties: + type: string + description: Annotations is a map of arbitrary + non-identifying metadata. Each of these key/value + pairs are added to the object's annotations + provided the key does not already exist in the + object's annotations. + type: object + labels: + additionalProperties: + type: string + description: Labels is a map of string keys and + values that may match replicaset and service + selectors. Each of these key/value pairs are + added to the object's labels provided the key + does not already exist in the object's labels. + type: object + type: object + spec: + description: Spec is the calico-kube-controllers Deployment's + PodSpec. + properties: + affinity: + description: 'Affinity is a group of affinity + scheduling rules for the calico-kube-controllers + pods. If specified, this overrides any affinity + that may be set on the calico-kube-controllers + Deployment. If omitted, the calico-kube-controllers + Deployment will use its default value for affinity. + WARNING: Please note that this field will override + the default calico-kube-controllers Deployment + affinity.' + properties: + nodeAffinity: + description: Describes node affinity scheduling + rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer + to schedule pods to nodes that satisfy + the affinity expressions specified by + this field, but it may choose a node + that violates one or more of the expressions. + The node that is most preferred is the + one with the greatest sum of weights, + i.e. for each node that meets all of + the scheduling requirements (resource + request, requiredDuringScheduling affinity + expressions, etc.), compute a sum by + iterating through the elements of this + field and adding "weight" to the sum + if the node matches the corresponding + matchExpressions; the node(s) with the + highest sum are the most preferred. + items: + description: An empty preferred scheduling + term matches all objects with implicit + weight 0 (i.e. it's a no-op). A null + preferred scheduling term matches + no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, + associated with the corresponding + weight. + properties: + matchExpressions: + description: A list of node + selector requirements by node's + labels. + items: + description: A node selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: The label + key that the selector + applies to. + type: string + operator: + description: Represents + a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array + of string values. If + the operator is In or + NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the + values array must be + empty. If the operator + is Gt or Lt, the values + array must have a single + element, which will + be interpreted as an + integer. This array + is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node + selector requirements by node's + fields. + items: + description: A node selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: The label + key that the selector + applies to. + type: string + operator: + description: Represents + a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array + of string values. If + the operator is In or + NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the + values array must be + empty. If the operator + is Gt or Lt, the values + array must have a single + element, which will + be interpreted as an + integer. This array + is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with + matching the corresponding nodeSelectorTerm, + in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements + specified by this field are not met + at scheduling time, the pod will not + be scheduled onto the node. If the affinity + requirements specified by this field + cease to be met at some point during + pod execution (e.g. due to an update), + the system may or may not try to eventually + evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node + selector terms. The terms are ORed. + items: + description: A null or empty node + selector term matches no objects. + The requirements of them are ANDed. + The TopologySelectorTerm type + implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node + selector requirements by node's + labels. + items: + description: A node selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: The label + key that the selector + applies to. + type: string + operator: + description: Represents + a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array + of string values. If + the operator is In or + NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the + values array must be + empty. If the operator + is Gt or Lt, the values + array must have a single + element, which will + be interpreted as an + integer. This array + is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node + selector requirements by node's + fields. + items: + description: A node selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: The label + key that the selector + applies to. + type: string + operator: + description: Represents + a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array + of string values. If + the operator is In or + NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the + values array must be + empty. If the operator + is Gt or Lt, the values + array must have a single + element, which will + be interpreted as an + integer. This array + is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling + rules (e.g. co-locate this pod in the same + node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer + to schedule pods to nodes that satisfy + the affinity expressions specified by + this field, but it may choose a node + that violates one or more of the expressions. + The node that is most preferred is the + one with the greatest sum of weights, + i.e. for each node that meets all of + the scheduling requirements (resource + request, requiredDuringScheduling affinity + expressions, etc.), compute a sum by + iterating through the elements of this + field and adding "weight" to the sum + if the node has pods which matches the + corresponding podAffinityTerm; the node(s) + with the highest sum are the most preferred. + items: + description: The weights of all of the + matched WeightedPodAffinityTerm fields + are added per-node to find the most + preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity + term, associated with the corresponding + weight. + properties: + labelSelector: + description: A label query over + a set of resources, in this + case pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key + and values. + properties: + key: + description: key is + the label key that + the selector applies + to. + type: string + operator: + description: operator + represents a key's + relationship to + a set of values. + Valid operators + are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values + is an array of string + values. If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or DoesNotExist, + the values array + must be empty. This + array is replaced + during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single {key,value} + in the matchLabels map + is equivalent to an element + of matchExpressions, whose + key field is "key", the + operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over + the set of namespaces that + the term applies to. The term + is applied to the union of + the namespaces selected by + this field and the ones listed + in the namespaces field. null + selector and null or empty + namespaces list means "this + pod's namespace". An empty + selector ({}) matches all + namespaces. This field is + beta-level and is only honored + when PodAffinityNamespaceSelector + feature is enabled. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key + and values. + properties: + key: + description: key is + the label key that + the selector applies + to. + type: string + operator: + description: operator + represents a key's + relationship to + a set of values. + Valid operators + are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values + is an array of string + values. If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or DoesNotExist, + the values array + must be empty. This + array is replaced + during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single {key,value} + in the matchLabels map + is equivalent to an element + of matchExpressions, whose + key field is "key", the + operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + a static list of namespace + names that the term applies + to. The term is applied to + the union of the namespaces + listed in this field and the + ones selected by namespaceSelector. + null or empty namespaces list + and null namespaceSelector + means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should + be co-located (affinity) or + not co-located (anti-affinity) + with the pods matching the + labelSelector in the specified + namespaces, where co-located + is defined as running on a + node whose value of the label + with key topologyKey matches + that of any node on which + any of the selected pods is + running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with + matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements + specified by this field are not met + at scheduling time, the pod will not + be scheduled onto the node. If the affinity + requirements specified by this field + cease to be met at some point during + pod execution (e.g. due to a pod label + update), the system may or may not try + to eventually evict the pod from its + node. When there are multiple elements, + the lists of nodes corresponding to + each podAffinityTerm are intersected, + i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely + those matching the labelSelector relative + to the given namespace(s)) that this + pod should be co-located (affinity) + or not co-located (anti-affinity) + with, where co-located is defined + as running on a node whose value of + the label with key matches + that of any node on which a pod of + the set of pods is running + properties: + labelSelector: + description: A label query over + a set of resources, in this case + pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator + represents a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is + an array of string values. + If the operator is In + or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the + values array must be + empty. This array is + replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in the + matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over + the set of namespaces that the + term applies to. The term is applied + to the union of the namespaces + selected by this field and the + ones listed in the namespaces + field. null selector and null + or empty namespaces list means + "this pod's namespace". An empty + selector ({}) matches all namespaces. + This field is beta-level and is + only honored when PodAffinityNamespaceSelector + feature is enabled. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator + represents a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is + an array of string values. + If the operator is In + or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the + values array must be + empty. This array is + replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in the + matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + a static list of namespace names + that the term applies to. The + term is applied to the union of + the namespaces listed in this + field and the ones selected by + namespaceSelector. null or empty + namespaces list and null namespaceSelector + means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be + co-located (affinity) or not co-located + (anti-affinity) with the pods + matching the labelSelector in + the specified namespaces, where + co-located is defined as running + on a node whose value of the label + with key topologyKey matches that + of any node on which any of the + selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling + rules (e.g. avoid putting this pod in the + same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer + to schedule pods to nodes that satisfy + the anti-affinity expressions specified + by this field, but it may choose a node + that violates one or more of the expressions. + The node that is most preferred is the + one with the greatest sum of weights, + i.e. for each node that meets all of + the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity + expressions, etc.), compute a sum by + iterating through the elements of this + field and adding "weight" to the sum + if the node has pods which matches the + corresponding podAffinityTerm; the node(s) + with the highest sum are the most preferred. + items: + description: The weights of all of the + matched WeightedPodAffinityTerm fields + are added per-node to find the most + preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity + term, associated with the corresponding + weight. + properties: + labelSelector: + description: A label query over + a set of resources, in this + case pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key + and values. + properties: + key: + description: key is + the label key that + the selector applies + to. + type: string + operator: + description: operator + represents a key's + relationship to + a set of values. + Valid operators + are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values + is an array of string + values. If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or DoesNotExist, + the values array + must be empty. This + array is replaced + during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single {key,value} + in the matchLabels map + is equivalent to an element + of matchExpressions, whose + key field is "key", the + operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over + the set of namespaces that + the term applies to. The term + is applied to the union of + the namespaces selected by + this field and the ones listed + in the namespaces field. null + selector and null or empty + namespaces list means "this + pod's namespace". An empty + selector ({}) matches all + namespaces. This field is + beta-level and is only honored + when PodAffinityNamespaceSelector + feature is enabled. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key + and values. + properties: + key: + description: key is + the label key that + the selector applies + to. + type: string + operator: + description: operator + represents a key's + relationship to + a set of values. + Valid operators + are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values + is an array of string + values. If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or DoesNotExist, + the values array + must be empty. This + array is replaced + during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single {key,value} + in the matchLabels map + is equivalent to an element + of matchExpressions, whose + key field is "key", the + operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + a static list of namespace + names that the term applies + to. The term is applied to + the union of the namespaces + listed in this field and the + ones selected by namespaceSelector. + null or empty namespaces list + and null namespaceSelector + means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should + be co-located (affinity) or + not co-located (anti-affinity) + with the pods matching the + labelSelector in the specified + namespaces, where co-located + is defined as running on a + node whose value of the label + with key topologyKey matches + that of any node on which + any of the selected pods is + running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with + matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements + specified by this field are not met + at scheduling time, the pod will not + be scheduled onto the node. If the anti-affinity + requirements specified by this field + cease to be met at some point during + pod execution (e.g. due to a pod label + update), the system may or may not try + to eventually evict the pod from its + node. When there are multiple elements, + the lists of nodes corresponding to + each podAffinityTerm are intersected, + i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely + those matching the labelSelector relative + to the given namespace(s)) that this + pod should be co-located (affinity) + or not co-located (anti-affinity) + with, where co-located is defined + as running on a node whose value of + the label with key matches + that of any node on which a pod of + the set of pods is running + properties: + labelSelector: + description: A label query over + a set of resources, in this case + pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator + represents a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is + an array of string values. + If the operator is In + or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the + values array must be + empty. This array is + replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in the + matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over + the set of namespaces that the + term applies to. The term is applied + to the union of the namespaces + selected by this field and the + ones listed in the namespaces + field. null selector and null + or empty namespaces list means + "this pod's namespace". An empty + selector ({}) matches all namespaces. + This field is beta-level and is + only honored when PodAffinityNamespaceSelector + feature is enabled. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator + represents a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is + an array of string values. + If the operator is In + or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the + values array must be + empty. This array is + replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in the + matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + a static list of namespace names + that the term applies to. The + term is applied to the union of + the namespaces listed in this + field and the ones selected by + namespaceSelector. null or empty + namespaces list and null namespaceSelector + means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be + co-located (affinity) or not co-located + (anti-affinity) with the pods + matching the labelSelector in + the specified namespaces, where + co-located is defined as running + on a node whose value of the label + with key topologyKey matches that + of any node on which any of the + selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + containers: + description: Containers is a list of calico-kube-controllers + containers. If specified, this overrides the + specified calico-kube-controllers Deployment + containers. If omitted, the calico-kube-controllers + Deployment will use its default values for its + containers. + items: + description: CalicoKubeControllersDeploymentContainer + is a calico-kube-controllers Deployment container. + properties: + name: + description: Name is an enum which identifies + the calico-kube-controllers Deployment + container by name. + enum: + - calico-kube-controllers + type: string + resources: + description: Resources allows customization + of limits and requests for compute resources + such as cpu and memory. If specified, + this overrides the named calico-kube-controllers + Deployment container's resources. If omitted, + the calico-kube-controllers Deployment + will use its default value for this container's + resources. If used in conjunction with + the deprecated ComponentResources, then + this value takes precedence. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum + amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the + minimum amount of compute resources + required. If Requests is omitted for + a container, it defaults to Limits + if that is explicitly specified, otherwise + to an implementation-defined value. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + required: + - name + type: object + type: array + nodeSelector: + additionalProperties: + type: string + description: 'NodeSelector is the calico-kube-controllers + pod''s scheduling constraints. If specified, + each of the key/value pairs are added to the + calico-kube-controllers Deployment nodeSelector + provided the key does not already exist in the + object''s nodeSelector. If used in conjunction + with ControlPlaneNodeSelector, that nodeSelector + is set on the calico-kube-controllers Deployment + and each of this field''s key/value pairs are + added to the calico-kube-controllers Deployment + nodeSelector provided the key does not already + exist in the object''s nodeSelector. If omitted, + the calico-kube-controllers Deployment will + use its default value for nodeSelector. WARNING: + Please note that this field will modify the + default calico-kube-controllers Deployment nodeSelector.' + type: object + tolerations: + description: 'Tolerations is the calico-kube-controllers + pod''s tolerations. If specified, this overrides + any tolerations that may be set on the calico-kube-controllers + Deployment. If omitted, the calico-kube-controllers + Deployment will use its default value for tolerations. + WARNING: Please note that this field will override + the default calico-kube-controllers Deployment + tolerations.' + items: + description: The pod this Toleration is attached + to tolerates any taint that matches the triple + using the matching operator + . + properties: + effect: + description: Effect indicates the taint + effect to match. Empty means match all + taint effects. When specified, allowed + values are NoSchedule, PreferNoSchedule + and NoExecute. + type: string + key: + description: Key is the taint key that the + toleration applies to. Empty means match + all taint keys. If the key is empty, operator + must be Exists; this combination means + to match all values and all keys. + type: string + operator: + description: Operator represents a key's + relationship to the value. Valid operators + are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, + so that a pod can tolerate all taints + of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents + the period of time the toleration (which + must be of effect NoExecute, otherwise + this field is ignored) tolerates the taint. + By default, it is not set, which means + tolerate the taint forever (do not evict). + Zero and negative values will be treated + as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the + toleration matches to. If the operator + is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + type: object + type: object + type: object + type: object calicoNetwork: description: CalicoNetwork specifies networking configuration options for Calico. @@ -4908,6 +12780,12 @@ spec: description: CIDR contains the address range for the IP Pool in classless inter-domain routing format. type: string + disableBGPExport: + default: false + description: 'DisableBGPExport specifies whether routes + from this IP pool''s CIDR are exported over BGP. Default: + false' + type: boolean encapsulation: description: 'Encapsulation specifies the encapsulation type that will be used with the IP Pool. Default: @@ -5035,6 +12913,2748 @@ spec: type: string type: object type: object + calicoNodeDaemonSet: + description: CalicoNodeDaemonSet configures the calico-node DaemonSet. + If used in conjunction with the deprecated ComponentResources, + then these overrides take precedence. + properties: + metadata: + description: Metadata is a subset of a Kubernetes object's + metadata that is added to the DaemonSet. + properties: + annotations: + additionalProperties: + type: string + description: Annotations is a map of arbitrary non-identifying + metadata. Each of these key/value pairs are added to + the object's annotations provided the key does not already + exist in the object's annotations. + type: object + labels: + additionalProperties: + type: string + description: Labels is a map of string keys and values + that may match replicaset and service selectors. Each + of these key/value pairs are added to the object's labels + provided the key does not already exist in the object's + labels. + type: object + type: object + spec: + description: Spec is the specification of the calico-node + DaemonSet. + properties: + minReadySeconds: + description: MinReadySeconds is the minimum number of + seconds for which a newly created DaemonSet pod should + be ready without any of its container crashing, for + it to be considered available. If specified, this overrides + any minReadySeconds value that may be set on the calico-node + DaemonSet. If omitted, the calico-node DaemonSet will + use its default value for minReadySeconds. + format: int32 + maximum: 2147483647 + minimum: 0 + type: integer + template: + description: Template describes the calico-node DaemonSet + pod that will be created. + properties: + metadata: + description: Metadata is a subset of a Kubernetes + object's metadata that is added to the pod's metadata. + properties: + annotations: + additionalProperties: + type: string + description: Annotations is a map of arbitrary + non-identifying metadata. Each of these key/value + pairs are added to the object's annotations + provided the key does not already exist in the + object's annotations. + type: object + labels: + additionalProperties: + type: string + description: Labels is a map of string keys and + values that may match replicaset and service + selectors. Each of these key/value pairs are + added to the object's labels provided the key + does not already exist in the object's labels. + type: object + type: object + spec: + description: Spec is the calico-node DaemonSet's PodSpec. + properties: + affinity: + description: 'Affinity is a group of affinity + scheduling rules for the calico-node pods. If + specified, this overrides any affinity that + may be set on the calico-node DaemonSet. If + omitted, the calico-node DaemonSet will use + its default value for affinity. WARNING: Please + note that this field will override the default + calico-node DaemonSet affinity.' + properties: + nodeAffinity: + description: Describes node affinity scheduling + rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer + to schedule pods to nodes that satisfy + the affinity expressions specified by + this field, but it may choose a node + that violates one or more of the expressions. + The node that is most preferred is the + one with the greatest sum of weights, + i.e. for each node that meets all of + the scheduling requirements (resource + request, requiredDuringScheduling affinity + expressions, etc.), compute a sum by + iterating through the elements of this + field and adding "weight" to the sum + if the node matches the corresponding + matchExpressions; the node(s) with the + highest sum are the most preferred. + items: + description: An empty preferred scheduling + term matches all objects with implicit + weight 0 (i.e. it's a no-op). A null + preferred scheduling term matches + no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, + associated with the corresponding + weight. + properties: + matchExpressions: + description: A list of node + selector requirements by node's + labels. + items: + description: A node selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: The label + key that the selector + applies to. + type: string + operator: + description: Represents + a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array + of string values. If + the operator is In or + NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the + values array must be + empty. If the operator + is Gt or Lt, the values + array must have a single + element, which will + be interpreted as an + integer. This array + is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node + selector requirements by node's + fields. + items: + description: A node selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: The label + key that the selector + applies to. + type: string + operator: + description: Represents + a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array + of string values. If + the operator is In or + NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the + values array must be + empty. If the operator + is Gt or Lt, the values + array must have a single + element, which will + be interpreted as an + integer. This array + is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with + matching the corresponding nodeSelectorTerm, + in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements + specified by this field are not met + at scheduling time, the pod will not + be scheduled onto the node. If the affinity + requirements specified by this field + cease to be met at some point during + pod execution (e.g. due to an update), + the system may or may not try to eventually + evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node + selector terms. The terms are ORed. + items: + description: A null or empty node + selector term matches no objects. + The requirements of them are ANDed. + The TopologySelectorTerm type + implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node + selector requirements by node's + labels. + items: + description: A node selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: The label + key that the selector + applies to. + type: string + operator: + description: Represents + a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array + of string values. If + the operator is In or + NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the + values array must be + empty. If the operator + is Gt or Lt, the values + array must have a single + element, which will + be interpreted as an + integer. This array + is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node + selector requirements by node's + fields. + items: + description: A node selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: The label + key that the selector + applies to. + type: string + operator: + description: Represents + a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array + of string values. If + the operator is In or + NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the + values array must be + empty. If the operator + is Gt or Lt, the values + array must have a single + element, which will + be interpreted as an + integer. This array + is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling + rules (e.g. co-locate this pod in the same + node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer + to schedule pods to nodes that satisfy + the affinity expressions specified by + this field, but it may choose a node + that violates one or more of the expressions. + The node that is most preferred is the + one with the greatest sum of weights, + i.e. for each node that meets all of + the scheduling requirements (resource + request, requiredDuringScheduling affinity + expressions, etc.), compute a sum by + iterating through the elements of this + field and adding "weight" to the sum + if the node has pods which matches the + corresponding podAffinityTerm; the node(s) + with the highest sum are the most preferred. + items: + description: The weights of all of the + matched WeightedPodAffinityTerm fields + are added per-node to find the most + preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity + term, associated with the corresponding + weight. + properties: + labelSelector: + description: A label query over + a set of resources, in this + case pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key + and values. + properties: + key: + description: key is + the label key that + the selector applies + to. + type: string + operator: + description: operator + represents a key's + relationship to + a set of values. + Valid operators + are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values + is an array of string + values. If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or DoesNotExist, + the values array + must be empty. This + array is replaced + during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single {key,value} + in the matchLabels map + is equivalent to an element + of matchExpressions, whose + key field is "key", the + operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over + the set of namespaces that + the term applies to. The term + is applied to the union of + the namespaces selected by + this field and the ones listed + in the namespaces field. null + selector and null or empty + namespaces list means "this + pod's namespace". An empty + selector ({}) matches all + namespaces. This field is + beta-level and is only honored + when PodAffinityNamespaceSelector + feature is enabled. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key + and values. + properties: + key: + description: key is + the label key that + the selector applies + to. + type: string + operator: + description: operator + represents a key's + relationship to + a set of values. + Valid operators + are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values + is an array of string + values. If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or DoesNotExist, + the values array + must be empty. This + array is replaced + during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single {key,value} + in the matchLabels map + is equivalent to an element + of matchExpressions, whose + key field is "key", the + operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + a static list of namespace + names that the term applies + to. The term is applied to + the union of the namespaces + listed in this field and the + ones selected by namespaceSelector. + null or empty namespaces list + and null namespaceSelector + means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should + be co-located (affinity) or + not co-located (anti-affinity) + with the pods matching the + labelSelector in the specified + namespaces, where co-located + is defined as running on a + node whose value of the label + with key topologyKey matches + that of any node on which + any of the selected pods is + running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with + matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements + specified by this field are not met + at scheduling time, the pod will not + be scheduled onto the node. If the affinity + requirements specified by this field + cease to be met at some point during + pod execution (e.g. due to a pod label + update), the system may or may not try + to eventually evict the pod from its + node. When there are multiple elements, + the lists of nodes corresponding to + each podAffinityTerm are intersected, + i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely + those matching the labelSelector relative + to the given namespace(s)) that this + pod should be co-located (affinity) + or not co-located (anti-affinity) + with, where co-located is defined + as running on a node whose value of + the label with key matches + that of any node on which a pod of + the set of pods is running + properties: + labelSelector: + description: A label query over + a set of resources, in this case + pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator + represents a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is + an array of string values. + If the operator is In + or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the + values array must be + empty. This array is + replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in the + matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over + the set of namespaces that the + term applies to. The term is applied + to the union of the namespaces + selected by this field and the + ones listed in the namespaces + field. null selector and null + or empty namespaces list means + "this pod's namespace". An empty + selector ({}) matches all namespaces. + This field is beta-level and is + only honored when PodAffinityNamespaceSelector + feature is enabled. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator + represents a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is + an array of string values. + If the operator is In + or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the + values array must be + empty. This array is + replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in the + matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + a static list of namespace names + that the term applies to. The + term is applied to the union of + the namespaces listed in this + field and the ones selected by + namespaceSelector. null or empty + namespaces list and null namespaceSelector + means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be + co-located (affinity) or not co-located + (anti-affinity) with the pods + matching the labelSelector in + the specified namespaces, where + co-located is defined as running + on a node whose value of the label + with key topologyKey matches that + of any node on which any of the + selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling + rules (e.g. avoid putting this pod in the + same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer + to schedule pods to nodes that satisfy + the anti-affinity expressions specified + by this field, but it may choose a node + that violates one or more of the expressions. + The node that is most preferred is the + one with the greatest sum of weights, + i.e. for each node that meets all of + the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity + expressions, etc.), compute a sum by + iterating through the elements of this + field and adding "weight" to the sum + if the node has pods which matches the + corresponding podAffinityTerm; the node(s) + with the highest sum are the most preferred. + items: + description: The weights of all of the + matched WeightedPodAffinityTerm fields + are added per-node to find the most + preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity + term, associated with the corresponding + weight. + properties: + labelSelector: + description: A label query over + a set of resources, in this + case pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key + and values. + properties: + key: + description: key is + the label key that + the selector applies + to. + type: string + operator: + description: operator + represents a key's + relationship to + a set of values. + Valid operators + are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values + is an array of string + values. If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or DoesNotExist, + the values array + must be empty. This + array is replaced + during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single {key,value} + in the matchLabels map + is equivalent to an element + of matchExpressions, whose + key field is "key", the + operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over + the set of namespaces that + the term applies to. The term + is applied to the union of + the namespaces selected by + this field and the ones listed + in the namespaces field. null + selector and null or empty + namespaces list means "this + pod's namespace". An empty + selector ({}) matches all + namespaces. This field is + beta-level and is only honored + when PodAffinityNamespaceSelector + feature is enabled. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key + and values. + properties: + key: + description: key is + the label key that + the selector applies + to. + type: string + operator: + description: operator + represents a key's + relationship to + a set of values. + Valid operators + are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values + is an array of string + values. If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or DoesNotExist, + the values array + must be empty. This + array is replaced + during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single {key,value} + in the matchLabels map + is equivalent to an element + of matchExpressions, whose + key field is "key", the + operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + a static list of namespace + names that the term applies + to. The term is applied to + the union of the namespaces + listed in this field and the + ones selected by namespaceSelector. + null or empty namespaces list + and null namespaceSelector + means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should + be co-located (affinity) or + not co-located (anti-affinity) + with the pods matching the + labelSelector in the specified + namespaces, where co-located + is defined as running on a + node whose value of the label + with key topologyKey matches + that of any node on which + any of the selected pods is + running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with + matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements + specified by this field are not met + at scheduling time, the pod will not + be scheduled onto the node. If the anti-affinity + requirements specified by this field + cease to be met at some point during + pod execution (e.g. due to a pod label + update), the system may or may not try + to eventually evict the pod from its + node. When there are multiple elements, + the lists of nodes corresponding to + each podAffinityTerm are intersected, + i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely + those matching the labelSelector relative + to the given namespace(s)) that this + pod should be co-located (affinity) + or not co-located (anti-affinity) + with, where co-located is defined + as running on a node whose value of + the label with key matches + that of any node on which a pod of + the set of pods is running + properties: + labelSelector: + description: A label query over + a set of resources, in this case + pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator + represents a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is + an array of string values. + If the operator is In + or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the + values array must be + empty. This array is + replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in the + matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over + the set of namespaces that the + term applies to. The term is applied + to the union of the namespaces + selected by this field and the + ones listed in the namespaces + field. null selector and null + or empty namespaces list means + "this pod's namespace". An empty + selector ({}) matches all namespaces. + This field is beta-level and is + only honored when PodAffinityNamespaceSelector + feature is enabled. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator + represents a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is + an array of string values. + If the operator is In + or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the + values array must be + empty. This array is + replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in the + matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + a static list of namespace names + that the term applies to. The + term is applied to the union of + the namespaces listed in this + field and the ones selected by + namespaceSelector. null or empty + namespaces list and null namespaceSelector + means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be + co-located (affinity) or not co-located + (anti-affinity) with the pods + matching the labelSelector in + the specified namespaces, where + co-located is defined as running + on a node whose value of the label + with key topologyKey matches that + of any node on which any of the + selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + containers: + description: Containers is a list of calico-node + containers. If specified, this overrides the + specified calico-node DaemonSet containers. + If omitted, the calico-node DaemonSet will use + its default values for its containers. + items: + description: CalicoNodeDaemonSetContainer is + a calico-node DaemonSet container. + properties: + name: + description: Name is an enum which identifies + the calico-node DaemonSet container by + name. + enum: + - calico-node + type: string + resources: + description: Resources allows customization + of limits and requests for compute resources + such as cpu and memory. If specified, + this overrides the named calico-node DaemonSet + container's resources. If omitted, the + calico-node DaemonSet will use its default + value for this container's resources. + If used in conjunction with the deprecated + ComponentResources, then this value takes + precedence. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum + amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the + minimum amount of compute resources + required. If Requests is omitted for + a container, it defaults to Limits + if that is explicitly specified, otherwise + to an implementation-defined value. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + required: + - name + type: object + type: array + initContainers: + description: InitContainers is a list of calico-node + init containers. If specified, this overrides + the specified calico-node DaemonSet init containers. + If omitted, the calico-node DaemonSet will use + its default values for its init containers. + items: + description: CalicoNodeDaemonSetInitContainer + is a calico-node DaemonSet init container. + properties: + name: + description: Name is an enum which identifies + the calico-node DaemonSet init container + by name. + enum: + - install-cni + - hostpath-init + - flexvol-driver + - mount-bpffs + - node-certs-key-cert-provisioner + - calico-node-prometheus-server-tls-key-cert-provisioner + type: string + resources: + description: Resources allows customization + of limits and requests for compute resources + such as cpu and memory. If specified, + this overrides the named calico-node DaemonSet + init container's resources. If omitted, + the calico-node DaemonSet will use its + default value for this container's resources. + If used in conjunction with the deprecated + ComponentResources, then this value takes + precedence. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum + amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the + minimum amount of compute resources + required. If Requests is omitted for + a container, it defaults to Limits + if that is explicitly specified, otherwise + to an implementation-defined value. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + required: + - name + type: object + type: array + nodeSelector: + additionalProperties: + type: string + description: 'NodeSelector is the calico-node + pod''s scheduling constraints. If specified, + each of the key/value pairs are added to the + calico-node DaemonSet nodeSelector provided + the key does not already exist in the object''s + nodeSelector. If omitted, the calico-node DaemonSet + will use its default value for nodeSelector. + WARNING: Please note that this field will modify + the default calico-node DaemonSet nodeSelector.' + type: object + tolerations: + description: 'Tolerations is the calico-node pod''s + tolerations. If specified, this overrides any + tolerations that may be set on the calico-node + DaemonSet. If omitted, the calico-node DaemonSet + will use its default value for tolerations. + WARNING: Please note that this field will override + the default calico-node DaemonSet tolerations.' + items: + description: The pod this Toleration is attached + to tolerates any taint that matches the triple + using the matching operator + . + properties: + effect: + description: Effect indicates the taint + effect to match. Empty means match all + taint effects. When specified, allowed + values are NoSchedule, PreferNoSchedule + and NoExecute. + type: string + key: + description: Key is the taint key that the + toleration applies to. Empty means match + all taint keys. If the key is empty, operator + must be Exists; this combination means + to match all values and all keys. + type: string + operator: + description: Operator represents a key's + relationship to the value. Valid operators + are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, + so that a pod can tolerate all taints + of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents + the period of time the toleration (which + must be of effect NoExecute, otherwise + this field is ignored) tolerates the taint. + By default, it is not set, which means + tolerate the taint forever (do not evict). + Zero and negative values will be treated + as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the + toleration matches to. If the operator + is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + type: object + type: object + type: object + type: object + calicoWindowsUpgradeDaemonSet: + description: CalicoWindowsUpgradeDaemonSet configures the calico-windows-upgrade + DaemonSet. + properties: + metadata: + description: Metadata is a subset of a Kubernetes object's + metadata that is added to the Deployment. + properties: + annotations: + additionalProperties: + type: string + description: Annotations is a map of arbitrary non-identifying + metadata. Each of these key/value pairs are added to + the object's annotations provided the key does not already + exist in the object's annotations. + type: object + labels: + additionalProperties: + type: string + description: Labels is a map of string keys and values + that may match replicaset and service selectors. Each + of these key/value pairs are added to the object's labels + provided the key does not already exist in the object's + labels. + type: object + type: object + spec: + description: Spec is the specification of the calico-windows-upgrade + DaemonSet. + properties: + minReadySeconds: + description: MinReadySeconds is the minimum number of + seconds for which a newly created Deployment pod should + be ready without any of its container crashing, for + it to be considered available. If specified, this overrides + any minReadySeconds value that may be set on the calico-windows-upgrade + DaemonSet. If omitted, the calico-windows-upgrade DaemonSet + will use its default value for minReadySeconds. + format: int32 + maximum: 2147483647 + minimum: 0 + type: integer + template: + description: Template describes the calico-windows-upgrade + DaemonSet pod that will be created. + properties: + metadata: + description: Metadata is a subset of a Kubernetes + object's metadata that is added to the pod's metadata. + properties: + annotations: + additionalProperties: + type: string + description: Annotations is a map of arbitrary + non-identifying metadata. Each of these key/value + pairs are added to the object's annotations + provided the key does not already exist in the + object's annotations. + type: object + labels: + additionalProperties: + type: string + description: Labels is a map of string keys and + values that may match replicaset and service + selectors. Each of these key/value pairs are + added to the object's labels provided the key + does not already exist in the object's labels. + type: object + type: object + spec: + description: Spec is the calico-windows-upgrade DaemonSet's + PodSpec. + properties: + affinity: + description: 'Affinity is a group of affinity + scheduling rules for the calico-windows-upgrade + pods. If specified, this overrides any affinity + that may be set on the calico-windows-upgrade + DaemonSet. If omitted, the calico-windows-upgrade + DaemonSet will use its default value for affinity. + WARNING: Please note that this field will override + the default calico-windows-upgrade DaemonSet + affinity.' + properties: + nodeAffinity: + description: Describes node affinity scheduling + rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer + to schedule pods to nodes that satisfy + the affinity expressions specified by + this field, but it may choose a node + that violates one or more of the expressions. + The node that is most preferred is the + one with the greatest sum of weights, + i.e. for each node that meets all of + the scheduling requirements (resource + request, requiredDuringScheduling affinity + expressions, etc.), compute a sum by + iterating through the elements of this + field and adding "weight" to the sum + if the node matches the corresponding + matchExpressions; the node(s) with the + highest sum are the most preferred. + items: + description: An empty preferred scheduling + term matches all objects with implicit + weight 0 (i.e. it's a no-op). A null + preferred scheduling term matches + no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, + associated with the corresponding + weight. + properties: + matchExpressions: + description: A list of node + selector requirements by node's + labels. + items: + description: A node selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: The label + key that the selector + applies to. + type: string + operator: + description: Represents + a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array + of string values. If + the operator is In or + NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the + values array must be + empty. If the operator + is Gt or Lt, the values + array must have a single + element, which will + be interpreted as an + integer. This array + is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node + selector requirements by node's + fields. + items: + description: A node selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: The label + key that the selector + applies to. + type: string + operator: + description: Represents + a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array + of string values. If + the operator is In or + NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the + values array must be + empty. If the operator + is Gt or Lt, the values + array must have a single + element, which will + be interpreted as an + integer. This array + is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with + matching the corresponding nodeSelectorTerm, + in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements + specified by this field are not met + at scheduling time, the pod will not + be scheduled onto the node. If the affinity + requirements specified by this field + cease to be met at some point during + pod execution (e.g. due to an update), + the system may or may not try to eventually + evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node + selector terms. The terms are ORed. + items: + description: A null or empty node + selector term matches no objects. + The requirements of them are ANDed. + The TopologySelectorTerm type + implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node + selector requirements by node's + labels. + items: + description: A node selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: The label + key that the selector + applies to. + type: string + operator: + description: Represents + a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array + of string values. If + the operator is In or + NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the + values array must be + empty. If the operator + is Gt or Lt, the values + array must have a single + element, which will + be interpreted as an + integer. This array + is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node + selector requirements by node's + fields. + items: + description: A node selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: The label + key that the selector + applies to. + type: string + operator: + description: Represents + a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array + of string values. If + the operator is In or + NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the + values array must be + empty. If the operator + is Gt or Lt, the values + array must have a single + element, which will + be interpreted as an + integer. This array + is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling + rules (e.g. co-locate this pod in the same + node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer + to schedule pods to nodes that satisfy + the affinity expressions specified by + this field, but it may choose a node + that violates one or more of the expressions. + The node that is most preferred is the + one with the greatest sum of weights, + i.e. for each node that meets all of + the scheduling requirements (resource + request, requiredDuringScheduling affinity + expressions, etc.), compute a sum by + iterating through the elements of this + field and adding "weight" to the sum + if the node has pods which matches the + corresponding podAffinityTerm; the node(s) + with the highest sum are the most preferred. + items: + description: The weights of all of the + matched WeightedPodAffinityTerm fields + are added per-node to find the most + preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity + term, associated with the corresponding + weight. + properties: + labelSelector: + description: A label query over + a set of resources, in this + case pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key + and values. + properties: + key: + description: key is + the label key that + the selector applies + to. + type: string + operator: + description: operator + represents a key's + relationship to + a set of values. + Valid operators + are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values + is an array of string + values. If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or DoesNotExist, + the values array + must be empty. This + array is replaced + during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single {key,value} + in the matchLabels map + is equivalent to an element + of matchExpressions, whose + key field is "key", the + operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over + the set of namespaces that + the term applies to. The term + is applied to the union of + the namespaces selected by + this field and the ones listed + in the namespaces field. null + selector and null or empty + namespaces list means "this + pod's namespace". An empty + selector ({}) matches all + namespaces. This field is + beta-level and is only honored + when PodAffinityNamespaceSelector + feature is enabled. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key + and values. + properties: + key: + description: key is + the label key that + the selector applies + to. + type: string + operator: + description: operator + represents a key's + relationship to + a set of values. + Valid operators + are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values + is an array of string + values. If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or DoesNotExist, + the values array + must be empty. This + array is replaced + during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single {key,value} + in the matchLabels map + is equivalent to an element + of matchExpressions, whose + key field is "key", the + operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + a static list of namespace + names that the term applies + to. The term is applied to + the union of the namespaces + listed in this field and the + ones selected by namespaceSelector. + null or empty namespaces list + and null namespaceSelector + means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should + be co-located (affinity) or + not co-located (anti-affinity) + with the pods matching the + labelSelector in the specified + namespaces, where co-located + is defined as running on a + node whose value of the label + with key topologyKey matches + that of any node on which + any of the selected pods is + running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with + matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements + specified by this field are not met + at scheduling time, the pod will not + be scheduled onto the node. If the affinity + requirements specified by this field + cease to be met at some point during + pod execution (e.g. due to a pod label + update), the system may or may not try + to eventually evict the pod from its + node. When there are multiple elements, + the lists of nodes corresponding to + each podAffinityTerm are intersected, + i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely + those matching the labelSelector relative + to the given namespace(s)) that this + pod should be co-located (affinity) + or not co-located (anti-affinity) + with, where co-located is defined + as running on a node whose value of + the label with key matches + that of any node on which a pod of + the set of pods is running + properties: + labelSelector: + description: A label query over + a set of resources, in this case + pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator + represents a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is + an array of string values. + If the operator is In + or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the + values array must be + empty. This array is + replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in the + matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over + the set of namespaces that the + term applies to. The term is applied + to the union of the namespaces + selected by this field and the + ones listed in the namespaces + field. null selector and null + or empty namespaces list means + "this pod's namespace". An empty + selector ({}) matches all namespaces. + This field is beta-level and is + only honored when PodAffinityNamespaceSelector + feature is enabled. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator + represents a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is + an array of string values. + If the operator is In + or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the + values array must be + empty. This array is + replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in the + matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + a static list of namespace names + that the term applies to. The + term is applied to the union of + the namespaces listed in this + field and the ones selected by + namespaceSelector. null or empty + namespaces list and null namespaceSelector + means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be + co-located (affinity) or not co-located + (anti-affinity) with the pods + matching the labelSelector in + the specified namespaces, where + co-located is defined as running + on a node whose value of the label + with key topologyKey matches that + of any node on which any of the + selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling + rules (e.g. avoid putting this pod in the + same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer + to schedule pods to nodes that satisfy + the anti-affinity expressions specified + by this field, but it may choose a node + that violates one or more of the expressions. + The node that is most preferred is the + one with the greatest sum of weights, + i.e. for each node that meets all of + the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity + expressions, etc.), compute a sum by + iterating through the elements of this + field and adding "weight" to the sum + if the node has pods which matches the + corresponding podAffinityTerm; the node(s) + with the highest sum are the most preferred. + items: + description: The weights of all of the + matched WeightedPodAffinityTerm fields + are added per-node to find the most + preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity + term, associated with the corresponding + weight. + properties: + labelSelector: + description: A label query over + a set of resources, in this + case pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key + and values. + properties: + key: + description: key is + the label key that + the selector applies + to. + type: string + operator: + description: operator + represents a key's + relationship to + a set of values. + Valid operators + are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values + is an array of string + values. If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or DoesNotExist, + the values array + must be empty. This + array is replaced + during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single {key,value} + in the matchLabels map + is equivalent to an element + of matchExpressions, whose + key field is "key", the + operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over + the set of namespaces that + the term applies to. The term + is applied to the union of + the namespaces selected by + this field and the ones listed + in the namespaces field. null + selector and null or empty + namespaces list means "this + pod's namespace". An empty + selector ({}) matches all + namespaces. This field is + beta-level and is only honored + when PodAffinityNamespaceSelector + feature is enabled. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key + and values. + properties: + key: + description: key is + the label key that + the selector applies + to. + type: string + operator: + description: operator + represents a key's + relationship to + a set of values. + Valid operators + are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values + is an array of string + values. If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or DoesNotExist, + the values array + must be empty. This + array is replaced + during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single {key,value} + in the matchLabels map + is equivalent to an element + of matchExpressions, whose + key field is "key", the + operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + a static list of namespace + names that the term applies + to. The term is applied to + the union of the namespaces + listed in this field and the + ones selected by namespaceSelector. + null or empty namespaces list + and null namespaceSelector + means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should + be co-located (affinity) or + not co-located (anti-affinity) + with the pods matching the + labelSelector in the specified + namespaces, where co-located + is defined as running on a + node whose value of the label + with key topologyKey matches + that of any node on which + any of the selected pods is + running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with + matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements + specified by this field are not met + at scheduling time, the pod will not + be scheduled onto the node. If the anti-affinity + requirements specified by this field + cease to be met at some point during + pod execution (e.g. due to a pod label + update), the system may or may not try + to eventually evict the pod from its + node. When there are multiple elements, + the lists of nodes corresponding to + each podAffinityTerm are intersected, + i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely + those matching the labelSelector relative + to the given namespace(s)) that this + pod should be co-located (affinity) + or not co-located (anti-affinity) + with, where co-located is defined + as running on a node whose value of + the label with key matches + that of any node on which a pod of + the set of pods is running + properties: + labelSelector: + description: A label query over + a set of resources, in this case + pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator + represents a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is + an array of string values. + If the operator is In + or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the + values array must be + empty. This array is + replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in the + matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over + the set of namespaces that the + term applies to. The term is applied + to the union of the namespaces + selected by this field and the + ones listed in the namespaces + field. null selector and null + or empty namespaces list means + "this pod's namespace". An empty + selector ({}) matches all namespaces. + This field is beta-level and is + only honored when PodAffinityNamespaceSelector + feature is enabled. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator + represents a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is + an array of string values. + If the operator is In + or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the + values array must be + empty. This array is + replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in the + matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + a static list of namespace names + that the term applies to. The + term is applied to the union of + the namespaces listed in this + field and the ones selected by + namespaceSelector. null or empty + namespaces list and null namespaceSelector + means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be + co-located (affinity) or not co-located + (anti-affinity) with the pods + matching the labelSelector in + the specified namespaces, where + co-located is defined as running + on a node whose value of the label + with key topologyKey matches that + of any node on which any of the + selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + containers: + description: Containers is a list of calico-windows-upgrade + containers. If specified, this overrides the + specified calico-windows-upgrade DaemonSet containers. + If omitted, the calico-windows-upgrade DaemonSet + will use its default values for its containers. + items: + description: CalicoWindowsUpgradeDaemonSetContainer + is a calico-windows-upgrade DaemonSet container. + properties: + name: + description: Name is an enum which identifies + the calico-windows-upgrade DaemonSet container + by name. + enum: + - calico-windows-upgrade + type: string + resources: + description: Resources allows customization + of limits and requests for compute resources + such as cpu and memory. If specified, + this overrides the named calico-windows-upgrade + DaemonSet container's resources. If omitted, + the calico-windows-upgrade DaemonSet will + use its default value for this container's + resources. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum + amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the + minimum amount of compute resources + required. If Requests is omitted for + a container, it defaults to Limits + if that is explicitly specified, otherwise + to an implementation-defined value. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + required: + - name + type: object + type: array + nodeSelector: + additionalProperties: + type: string + description: 'NodeSelector is the calico-windows-upgrade + pod''s scheduling constraints. If specified, + each of the key/value pairs are added to the + calico-windows-upgrade DaemonSet nodeSelector + provided the key does not already exist in the + object''s nodeSelector. If omitted, the calico-windows-upgrade + DaemonSet will use its default value for nodeSelector. + WARNING: Please note that this field will modify + the default calico-windows-upgrade DaemonSet + nodeSelector.' + type: object + tolerations: + description: 'Tolerations is the calico-windows-upgrade + pod''s tolerations. If specified, this overrides + any tolerations that may be set on the calico-windows-upgrade + DaemonSet. If omitted, the calico-windows-upgrade + DaemonSet will use its default value for tolerations. + WARNING: Please note that this field will override + the default calico-windows-upgrade DaemonSet + tolerations.' + items: + description: The pod this Toleration is attached + to tolerates any taint that matches the triple + using the matching operator + . + properties: + effect: + description: Effect indicates the taint + effect to match. Empty means match all + taint effects. When specified, allowed + values are NoSchedule, PreferNoSchedule + and NoExecute. + type: string + key: + description: Key is the taint key that the + toleration applies to. Empty means match + all taint keys. If the key is empty, operator + must be Exists; this combination means + to match all values and all keys. + type: string + operator: + description: Operator represents a key's + relationship to the value. Valid operators + are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, + so that a pod can tolerate all taints + of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents + the period of time the toleration (which + must be of effect NoExecute, otherwise + this field is ignored) tolerates the taint. + By default, it is not set, which means + tolerate the taint forever (do not evict). + Zero and negative values will be treated + as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the + toleration matches to. If the operator + is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + type: object + type: object + type: object + type: object certificateManagement: description: CertificateManagement configures pods to submit a CertificateSigningRequest to the certificates.k8s.io/v1beta1 @@ -5133,12 +15753,15 @@ spec: - type type: object componentResources: - description: ComponentResources can be used to customize the resource - requirements for each component. Node, Typha, and KubeControllers - are supported for installations. + description: Deprecated. Please use CalicoNodeDaemonSet, TyphaDeployment, + and KubeControllersDeployment. ComponentResources can be used + to customize the resource requirements for each component. Node, + Typha, and KubeControllers are supported for installations. items: - description: The ComponentResource struct associates a ResourceRequirements - with a component by name + description: Deprecated. Please use component resource config + fields in Installation.Spec instead. The ComponentResource + struct associates a ResourceRequirements with a component + by name properties: componentName: description: ComponentName is an enum which identifies the @@ -5238,6 +15861,14 @@ spec: type: string type: object type: array + fipsMode: + description: 'FIPSMode uses images and features only that are + using FIPS 140-2 validated cryptographic modules and standards. + Default: Disabled' + enum: + - Enabled + - Disabled + type: string flexVolumePath: description: FlexVolumePath optionally specifies a custom path for FlexVolume. If not specified, FlexVolume will be enabled @@ -5278,6 +15909,12 @@ spec: type: string type: object type: array + kubeletVolumePluginPath: + description: 'KubeletVolumePluginPath optionally specifies enablement + of Calico CSI plugin. If not specified, CSI will be enabled + by default. If set to ''None'', CSI will be disabled. Default: + /var/lib/kubelet' + type: string kubernetesProvider: description: KubernetesProvider specifies a particular provider of the Kubernetes platform and enables provider-specific configuration. @@ -5339,8 +15976,8 @@ spec: by the daemonset on any given node can double if the readiness check fails, and so resource intensive daemonsets should take into account that they may cause evictions - during disruption. This is an alpha field and requires - enabling DaemonSetUpdateSurge feature gate.' + during disruption. This is beta field and enabled/disabled + by DaemonSetUpdateSurge feature gate.' x-kubernetes-int-or-string: true maxUnavailable: anyOf: @@ -5351,10 +15988,10 @@ spec: absolute number (ex: 5) or a percentage of total number of DaemonSet pods at the start of the update (ex: 10%). Absolute number is calculated from percentage by rounding - down to a minimum of one. This cannot be 0 if MaxSurge - is 0 Default value is 1. Example: when this is set to - 30%, at most 30% of the total number of nodes that should - be running the daemon pod (i.e. status.desiredNumberScheduled) + up. This cannot be 0 if MaxSurge is 0 Default value + is 1. Example: when this is set to 30%, at most 30% + of the total number of nodes that should be running + the daemon pod (i.e. status.desiredNumberScheduled) can have their pods stopped for an update at any given time. The update starts by stopping at most 30% of those DaemonSet pods and then brings up new DaemonSet pods @@ -5385,7 +16022,8 @@ spec: the above format." type: string typhaAffinity: - description: TyphaAffinity allows configuration of node affinity + description: Deprecated. Please use Installation.Spec.TyphaDeployment + instead. TyphaAffinity allows configuration of node affinity characteristics for Typha pods. properties: nodeAffinity: @@ -5605,6 +16243,1403 @@ spec: type: object type: object type: object + typhaDeployment: + description: TyphaDeployment configures the typha Deployment. + If used in conjunction with the deprecated ComponentResources + or TyphaAffinity, then these overrides take precedence. + properties: + metadata: + description: Metadata is a subset of a Kubernetes object's + metadata that is added to the Deployment. + properties: + annotations: + additionalProperties: + type: string + description: Annotations is a map of arbitrary non-identifying + metadata. Each of these key/value pairs are added to + the object's annotations provided the key does not already + exist in the object's annotations. + type: object + labels: + additionalProperties: + type: string + description: Labels is a map of string keys and values + that may match replicaset and service selectors. Each + of these key/value pairs are added to the object's labels + provided the key does not already exist in the object's + labels. + type: object + type: object + spec: + description: Spec is the specification of the typha Deployment. + properties: + minReadySeconds: + description: MinReadySeconds is the minimum number of + seconds for which a newly created Deployment pod should + be ready without any of its container crashing, for + it to be considered available. If specified, this overrides + any minReadySeconds value that may be set on the typha + Deployment. If omitted, the typha Deployment will use + its default value for minReadySeconds. + format: int32 + maximum: 2147483647 + minimum: 0 + type: integer + template: + description: Template describes the typha Deployment pod + that will be created. + properties: + metadata: + description: Metadata is a subset of a Kubernetes + object's metadata that is added to the pod's metadata. + properties: + annotations: + additionalProperties: + type: string + description: Annotations is a map of arbitrary + non-identifying metadata. Each of these key/value + pairs are added to the object's annotations + provided the key does not already exist in the + object's annotations. + type: object + labels: + additionalProperties: + type: string + description: Labels is a map of string keys and + values that may match replicaset and service + selectors. Each of these key/value pairs are + added to the object's labels provided the key + does not already exist in the object's labels. + type: object + type: object + spec: + description: Spec is the typha Deployment's PodSpec. + properties: + affinity: + description: 'Affinity is a group of affinity + scheduling rules for the typha pods. If specified, + this overrides any affinity that may be set + on the typha Deployment. If omitted, the typha + Deployment will use its default value for affinity. + If used in conjunction with the deprecated TyphaAffinity, + then this value takes precedence. WARNING: Please + note that this field will override the default + calico-typha Deployment affinity.' + properties: + nodeAffinity: + description: Describes node affinity scheduling + rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer + to schedule pods to nodes that satisfy + the affinity expressions specified by + this field, but it may choose a node + that violates one or more of the expressions. + The node that is most preferred is the + one with the greatest sum of weights, + i.e. for each node that meets all of + the scheduling requirements (resource + request, requiredDuringScheduling affinity + expressions, etc.), compute a sum by + iterating through the elements of this + field and adding "weight" to the sum + if the node matches the corresponding + matchExpressions; the node(s) with the + highest sum are the most preferred. + items: + description: An empty preferred scheduling + term matches all objects with implicit + weight 0 (i.e. it's a no-op). A null + preferred scheduling term matches + no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, + associated with the corresponding + weight. + properties: + matchExpressions: + description: A list of node + selector requirements by node's + labels. + items: + description: A node selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: The label + key that the selector + applies to. + type: string + operator: + description: Represents + a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array + of string values. If + the operator is In or + NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the + values array must be + empty. If the operator + is Gt or Lt, the values + array must have a single + element, which will + be interpreted as an + integer. This array + is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node + selector requirements by node's + fields. + items: + description: A node selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: The label + key that the selector + applies to. + type: string + operator: + description: Represents + a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array + of string values. If + the operator is In or + NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the + values array must be + empty. If the operator + is Gt or Lt, the values + array must have a single + element, which will + be interpreted as an + integer. This array + is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with + matching the corresponding nodeSelectorTerm, + in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements + specified by this field are not met + at scheduling time, the pod will not + be scheduled onto the node. If the affinity + requirements specified by this field + cease to be met at some point during + pod execution (e.g. due to an update), + the system may or may not try to eventually + evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node + selector terms. The terms are ORed. + items: + description: A null or empty node + selector term matches no objects. + The requirements of them are ANDed. + The TopologySelectorTerm type + implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node + selector requirements by node's + labels. + items: + description: A node selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: The label + key that the selector + applies to. + type: string + operator: + description: Represents + a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array + of string values. If + the operator is In or + NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the + values array must be + empty. If the operator + is Gt or Lt, the values + array must have a single + element, which will + be interpreted as an + integer. This array + is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node + selector requirements by node's + fields. + items: + description: A node selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: The label + key that the selector + applies to. + type: string + operator: + description: Represents + a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array + of string values. If + the operator is In or + NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the + values array must be + empty. If the operator + is Gt or Lt, the values + array must have a single + element, which will + be interpreted as an + integer. This array + is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling + rules (e.g. co-locate this pod in the same + node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer + to schedule pods to nodes that satisfy + the affinity expressions specified by + this field, but it may choose a node + that violates one or more of the expressions. + The node that is most preferred is the + one with the greatest sum of weights, + i.e. for each node that meets all of + the scheduling requirements (resource + request, requiredDuringScheduling affinity + expressions, etc.), compute a sum by + iterating through the elements of this + field and adding "weight" to the sum + if the node has pods which matches the + corresponding podAffinityTerm; the node(s) + with the highest sum are the most preferred. + items: + description: The weights of all of the + matched WeightedPodAffinityTerm fields + are added per-node to find the most + preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity + term, associated with the corresponding + weight. + properties: + labelSelector: + description: A label query over + a set of resources, in this + case pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key + and values. + properties: + key: + description: key is + the label key that + the selector applies + to. + type: string + operator: + description: operator + represents a key's + relationship to + a set of values. + Valid operators + are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values + is an array of string + values. If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or DoesNotExist, + the values array + must be empty. This + array is replaced + during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single {key,value} + in the matchLabels map + is equivalent to an element + of matchExpressions, whose + key field is "key", the + operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over + the set of namespaces that + the term applies to. The term + is applied to the union of + the namespaces selected by + this field and the ones listed + in the namespaces field. null + selector and null or empty + namespaces list means "this + pod's namespace". An empty + selector ({}) matches all + namespaces. This field is + beta-level and is only honored + when PodAffinityNamespaceSelector + feature is enabled. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key + and values. + properties: + key: + description: key is + the label key that + the selector applies + to. + type: string + operator: + description: operator + represents a key's + relationship to + a set of values. + Valid operators + are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values + is an array of string + values. If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or DoesNotExist, + the values array + must be empty. This + array is replaced + during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single {key,value} + in the matchLabels map + is equivalent to an element + of matchExpressions, whose + key field is "key", the + operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + a static list of namespace + names that the term applies + to. The term is applied to + the union of the namespaces + listed in this field and the + ones selected by namespaceSelector. + null or empty namespaces list + and null namespaceSelector + means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should + be co-located (affinity) or + not co-located (anti-affinity) + with the pods matching the + labelSelector in the specified + namespaces, where co-located + is defined as running on a + node whose value of the label + with key topologyKey matches + that of any node on which + any of the selected pods is + running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with + matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements + specified by this field are not met + at scheduling time, the pod will not + be scheduled onto the node. If the affinity + requirements specified by this field + cease to be met at some point during + pod execution (e.g. due to a pod label + update), the system may or may not try + to eventually evict the pod from its + node. When there are multiple elements, + the lists of nodes corresponding to + each podAffinityTerm are intersected, + i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely + those matching the labelSelector relative + to the given namespace(s)) that this + pod should be co-located (affinity) + or not co-located (anti-affinity) + with, where co-located is defined + as running on a node whose value of + the label with key matches + that of any node on which a pod of + the set of pods is running + properties: + labelSelector: + description: A label query over + a set of resources, in this case + pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator + represents a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is + an array of string values. + If the operator is In + or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the + values array must be + empty. This array is + replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in the + matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over + the set of namespaces that the + term applies to. The term is applied + to the union of the namespaces + selected by this field and the + ones listed in the namespaces + field. null selector and null + or empty namespaces list means + "this pod's namespace". An empty + selector ({}) matches all namespaces. + This field is beta-level and is + only honored when PodAffinityNamespaceSelector + feature is enabled. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator + represents a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is + an array of string values. + If the operator is In + or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the + values array must be + empty. This array is + replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in the + matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + a static list of namespace names + that the term applies to. The + term is applied to the union of + the namespaces listed in this + field and the ones selected by + namespaceSelector. null or empty + namespaces list and null namespaceSelector + means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be + co-located (affinity) or not co-located + (anti-affinity) with the pods + matching the labelSelector in + the specified namespaces, where + co-located is defined as running + on a node whose value of the label + with key topologyKey matches that + of any node on which any of the + selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling + rules (e.g. avoid putting this pod in the + same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer + to schedule pods to nodes that satisfy + the anti-affinity expressions specified + by this field, but it may choose a node + that violates one or more of the expressions. + The node that is most preferred is the + one with the greatest sum of weights, + i.e. for each node that meets all of + the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity + expressions, etc.), compute a sum by + iterating through the elements of this + field and adding "weight" to the sum + if the node has pods which matches the + corresponding podAffinityTerm; the node(s) + with the highest sum are the most preferred. + items: + description: The weights of all of the + matched WeightedPodAffinityTerm fields + are added per-node to find the most + preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity + term, associated with the corresponding + weight. + properties: + labelSelector: + description: A label query over + a set of resources, in this + case pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key + and values. + properties: + key: + description: key is + the label key that + the selector applies + to. + type: string + operator: + description: operator + represents a key's + relationship to + a set of values. + Valid operators + are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values + is an array of string + values. If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or DoesNotExist, + the values array + must be empty. This + array is replaced + during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single {key,value} + in the matchLabels map + is equivalent to an element + of matchExpressions, whose + key field is "key", the + operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over + the set of namespaces that + the term applies to. The term + is applied to the union of + the namespaces selected by + this field and the ones listed + in the namespaces field. null + selector and null or empty + namespaces list means "this + pod's namespace". An empty + selector ({}) matches all + namespaces. This field is + beta-level and is only honored + when PodAffinityNamespaceSelector + feature is enabled. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key + and values. + properties: + key: + description: key is + the label key that + the selector applies + to. + type: string + operator: + description: operator + represents a key's + relationship to + a set of values. + Valid operators + are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values + is an array of string + values. If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or DoesNotExist, + the values array + must be empty. This + array is replaced + during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single {key,value} + in the matchLabels map + is equivalent to an element + of matchExpressions, whose + key field is "key", the + operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + a static list of namespace + names that the term applies + to. The term is applied to + the union of the namespaces + listed in this field and the + ones selected by namespaceSelector. + null or empty namespaces list + and null namespaceSelector + means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should + be co-located (affinity) or + not co-located (anti-affinity) + with the pods matching the + labelSelector in the specified + namespaces, where co-located + is defined as running on a + node whose value of the label + with key topologyKey matches + that of any node on which + any of the selected pods is + running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with + matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements + specified by this field are not met + at scheduling time, the pod will not + be scheduled onto the node. If the anti-affinity + requirements specified by this field + cease to be met at some point during + pod execution (e.g. due to a pod label + update), the system may or may not try + to eventually evict the pod from its + node. When there are multiple elements, + the lists of nodes corresponding to + each podAffinityTerm are intersected, + i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely + those matching the labelSelector relative + to the given namespace(s)) that this + pod should be co-located (affinity) + or not co-located (anti-affinity) + with, where co-located is defined + as running on a node whose value of + the label with key matches + that of any node on which a pod of + the set of pods is running + properties: + labelSelector: + description: A label query over + a set of resources, in this case + pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator + represents a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is + an array of string values. + If the operator is In + or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the + values array must be + empty. This array is + replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in the + matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over + the set of namespaces that the + term applies to. The term is applied + to the union of the namespaces + selected by this field and the + ones listed in the namespaces + field. null selector and null + or empty namespaces list means + "this pod's namespace". An empty + selector ({}) matches all namespaces. + This field is beta-level and is + only honored when PodAffinityNamespaceSelector + feature is enabled. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator + represents a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is + an array of string values. + If the operator is In + or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the + values array must be + empty. This array is + replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in the + matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + a static list of namespace names + that the term applies to. The + term is applied to the union of + the namespaces listed in this + field and the ones selected by + namespaceSelector. null or empty + namespaces list and null namespaceSelector + means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be + co-located (affinity) or not co-located + (anti-affinity) with the pods + matching the labelSelector in + the specified namespaces, where + co-located is defined as running + on a node whose value of the label + with key topologyKey matches that + of any node on which any of the + selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + containers: + description: Containers is a list of typha containers. + If specified, this overrides the specified typha + Deployment containers. If omitted, the typha + Deployment will use its default values for its + containers. + items: + description: TyphaDeploymentContainer is a typha + Deployment container. + properties: + name: + description: Name is an enum which identifies + the typha Deployment container by name. + enum: + - calico-typha + type: string + resources: + description: Resources allows customization + of limits and requests for compute resources + such as cpu and memory. If specified, + this overrides the named typha Deployment + container's resources. If omitted, the + typha Deployment will use its default + value for this container's resources. + If used in conjunction with the deprecated + ComponentResources, then this value takes + precedence. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum + amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the + minimum amount of compute resources + required. If Requests is omitted for + a container, it defaults to Limits + if that is explicitly specified, otherwise + to an implementation-defined value. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + required: + - name + type: object + type: array + initContainers: + description: InitContainers is a list of typha + init containers. If specified, this overrides + the specified typha Deployment init containers. + If omitted, the typha Deployment will use its + default values for its init containers. + items: + description: TyphaDeploymentInitContainer is + a typha Deployment init container. + properties: + name: + description: Name is an enum which identifies + the typha Deployment init container by + name. + enum: + - typha-certs-key-cert-provisioner + type: string + resources: + description: Resources allows customization + of limits and requests for compute resources + such as cpu and memory. If specified, + this overrides the named typha Deployment + init container's resources. If omitted, + the typha Deployment will use its default + value for this init container's resources. + If used in conjunction with the deprecated + ComponentResources, then this value takes + precedence. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum + amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the + minimum amount of compute resources + required. If Requests is omitted for + a container, it defaults to Limits + if that is explicitly specified, otherwise + to an implementation-defined value. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + required: + - name + type: object + type: array + nodeSelector: + additionalProperties: + type: string + description: 'NodeSelector is the calico-typha + pod''s scheduling constraints. If specified, + each of the key/value pairs are added to the + calico-typha Deployment nodeSelector provided + the key does not already exist in the object''s + nodeSelector. If omitted, the calico-typha Deployment + will use its default value for nodeSelector. + WARNING: Please note that this field will modify + the default calico-typha Deployment nodeSelector.' + type: object + tolerations: + description: 'Tolerations is the typha pod''s + tolerations. If specified, this overrides any + tolerations that may be set on the typha Deployment. + If omitted, the typha Deployment will use its + default value for tolerations. WARNING: Please + note that this field will override the default + calico-typha Deployment tolerations.' + items: + description: The pod this Toleration is attached + to tolerates any taint that matches the triple + using the matching operator + . + properties: + effect: + description: Effect indicates the taint + effect to match. Empty means match all + taint effects. When specified, allowed + values are NoSchedule, PreferNoSchedule + and NoExecute. + type: string + key: + description: Key is the taint key that the + toleration applies to. Empty means match + all taint keys. If the key is empty, operator + must be Exists; this combination means + to match all values and all keys. + type: string + operator: + description: Operator represents a key's + relationship to the value. Valid operators + are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, + so that a pod can tolerate all taints + of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents + the period of time the toleration (which + must be of effect NoExecute, otherwise + this field is ignored) tolerates the taint. + By default, it is not set, which means + tolerate the taint forever (do not evict). + Zero and negative values will be treated + as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the + toleration matches to. If the operator + is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + type: object + type: object + type: object + type: object typhaMetricsPort: description: TyphaMetricsPort specifies which port calico/typha serves prometheus metrics on. By default, metrics are not enabled. @@ -5618,6 +17653,78 @@ spec: - TigeraSecureEnterprise type: string type: object + conditions: + description: Conditions represents the latest observed set of conditions + for the component. A component may be one or more of Ready, Progressing, + Degraded or other customer types. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: + \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type + \ // +patchStrategy=merge // +listType=map // +listMapKey=type + \ Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` + \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array imageSet: description: ImageSet is the name of the ImageSet being used, if there is an ImageSet that is being used. If an ImageSet is not being used @@ -5651,6 +17758,8 @@ status: --- # Source: crds/operator.tigera.io_tigerastatuses_crd.yaml + +--- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -5724,6 +17833,14 @@ spec: description: Optionally, a detailed message providing additional context. type: string + observedGeneration: + description: observedGeneration represents the generation that + the condition was set based upon. For instance, if generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer reason: description: A brief reason explaining the condition. type: string @@ -5757,59 +17874,14 @@ status: storedVersions: [] --- -# Source: tigera-operator/templates/tigera-operator/02-podsecuritypolicy-tigera-operator.yaml -# This should not be rendered for an OpenShift install. -# OpenShift uses SecurityContextConstraints instead. -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: tigera-operator - annotations: - seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*' -spec: - privileged: false - allowPrivilegeEscalation: false - requiredDropCapabilities: - - ALL - volumes: - - 'hostPath' - - 'configMap' - - 'emptyDir' - - 'projected' - - 'secret' - - 'downwardAPI' - # Assume that persistentVolumes set up by the cluster admin are safe to use. - - 'persistentVolumeClaim' - hostNetwork: true - hostPorts: - - min: 0 - max: 65535 - hostIPC: false - hostPID: false - runAsUser: - rule: 'MustRunAsNonRoot' - seLinux: - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - readOnlyRootFilesystem: false ---- # Source: tigera-operator/templates/tigera-operator/02-serviceaccount-tigera-operator.yaml apiVersion: v1 kind: ServiceAccount metadata: name: tigera-operator namespace: tigera-operator +imagePullSecrets: + [] --- # Source: tigera-operator/templates/tigera-operator/02-role-tigera-operator.yaml # Permissions required when running the operator for a Calico cluster. @@ -5980,7 +18052,7 @@ rules: verbs: - list - watch - - create + - create - update # Needed for operator lock - apiGroups: @@ -5994,6 +18066,17 @@ rules: - update - delete - watch + - apiGroups: + - storage.k8s.io + resources: + - csidrivers + verbs: + - list + - watch + - update + - get + - create + - delete # Add the appropriate pod security policy permissions - apiGroups: - policy @@ -6021,6 +18104,7 @@ rules: - certificatesigningrequests verbs: - list + - watch --- # Source: tigera-operator/templates/tigera-operator/02-rolebinding-tigera-operator.yaml kind: ClusterRoleBinding @@ -6068,7 +18152,7 @@ spec: dnsPolicy: ClusterFirstWithHostNet containers: - name: tigera-operator - image: quay.io/tigera/operator:v1.27.12 + image: quay.io/tigera/operator:v1.29.0 imagePullPolicy: IfNotPresent command: - operator @@ -6086,7 +18170,7 @@ spec: - name: OPERATOR_NAME value: "tigera-operator" - name: TIGERA_OPERATOR_INIT_IMAGE_VERSION - value: v1.27.12 + value: v1.29.0 envFrom: - configMapRef: name: kubernetes-services-endpoint @@ -6095,4 +18179,3 @@ spec: - name: var-lib-calico hostPath: path: /var/lib/calico - diff --git a/ci/storageclass/local-path-bulk.yaml b/ci/storageclass/local-path-bulk.yaml new file mode 100644 index 00000000..39908e8b --- /dev/null +++ b/ci/storageclass/local-path-bulk.yaml @@ -0,0 +1,7 @@ +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + name: bulk +provisioner: rancher.io/local-path +reclaimPolicy: Delete +volumeBindingMode: WaitForFirstConsumer diff --git a/test-suite.kind-config.calico.yaml.tpl b/test-suite.kind-config.calico.yaml.tpl index 684658c4..d4869849 100644 --- a/test-suite.kind-config.calico.yaml.tpl +++ b/test-suite.kind-config.calico.yaml.tpl @@ -1,5 +1,6 @@ kind: Cluster apiVersion: kind.x-k8s.io/v1alpha4 +name: chart-testing networking: disableDefaultCNI: true podSubnet: 192.168.0.0/16 diff --git a/test-suite.kind-config.yaml.tpl b/test-suite.kind-config.yaml.tpl index 282156c4..da546684 100644 --- a/test-suite.kind-config.yaml.tpl +++ b/test-suite.kind-config.yaml.tpl @@ -1,5 +1,6 @@ kind: Cluster apiVersion: kind.x-k8s.io/v1alpha4 +name: chart-testing containerdConfigPatches: - |- [plugins."io.containerd.grpc.v1.cri".registry.configs."registry.${KIND_NODE_IP}.nip.io:32443".tls] From 5020ffef148cc56b7514274a55347888758d0cc7 Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Fri, 20 Jan 2023 16:32:41 +1100 Subject: [PATCH 111/167] configured dynamic apiVersion for HorizontalPodAutoscaler (#542) --- .github/workflows/lint-test-matrix.yaml | 1 + charts/lagoon-core/Chart.yaml | 4 ++-- charts/lagoon-core/ci/linter-values.yaml | 2 ++ charts/lagoon-core/templates/_helpers.tpl | 11 +++++++++++ .../lagoon-core/templates/actions-handler.hpa.yaml | 2 +- charts/lagoon-core/templates/api.hpa.yaml | 2 +- charts/lagoon-core/templates/auth-server.hpa.yaml | 2 +- charts/lagoon-core/templates/backup-handler.hpa.yaml | 2 +- charts/lagoon-core/templates/broker.hpa.yaml | 2 +- charts/lagoon-core/templates/drush-alias.hpa.yaml | 2 +- .../lagoon-core/templates/insights-handler.hpa.yaml | 2 +- .../templates/logs2notifications.hpa.yaml | 12 ++++++++---- charts/lagoon-core/templates/ssh-portal-api.hpa.yaml | 10 +++++++--- charts/lagoon-core/templates/ssh-token.hpa.yaml | 10 +++++++--- charts/lagoon-core/templates/ssh.hpa.yaml | 2 +- charts/lagoon-core/templates/ui.hpa.yaml | 2 +- .../lagoon-core/templates/webhook-handler.hpa.yaml | 2 +- charts/lagoon-core/templates/webhooks2tasks.hpa.yaml | 2 +- charts/lagoon-logs-concentrator/Chart.yaml | 8 ++------ .../lagoon-logs-concentrator/templates/_helpers.tpl | 11 +++++++++++ charts/lagoon-logs-concentrator/templates/hpa.yaml | 2 +- 21 files changed, 63 insertions(+), 30 deletions(-) diff --git a/.github/workflows/lint-test-matrix.yaml b/.github/workflows/lint-test-matrix.yaml index a5d99e46..e495604a 100644 --- a/.github/workflows/lint-test-matrix.yaml +++ b/.github/workflows/lint-test-matrix.yaml @@ -15,6 +15,7 @@ jobs: - v1.22.15@sha256:7d9708c4b0873f0fe2e171e2b1b7f45ae89482617778c1c875f1053d4cef2e41 - v1.24.7@sha256:577c630ce8e509131eab1aea12c022190978dd2f745aac5eb1fe65c0807eb315 - v1.25.3@sha256:f52781bc0d7a19fb6c405c2af83abfeb311f130707a0e219175677e366cc45d1 + - v1.26.0@sha256:691e24bd2417609db7e589e1a479b902d2e209892a10ce375fab60a8407c7352 steps: - name: Checkout uses: actions/checkout@v3 diff --git a/charts/lagoon-core/Chart.yaml b/charts/lagoon-core/Chart.yaml index 87dbd1c2..6237294b 100644 --- a/charts/lagoon-core/Chart.yaml +++ b/charts/lagoon-core/Chart.yaml @@ -21,7 +21,7 @@ type: application # time you make changes to the chart and its templates, including the app # version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 1.21.0 +version: 1.22.0 # This is the version number of the application being deployed. This version # number should be incremented each time you make changes to the application. @@ -41,4 +41,4 @@ dependencies: annotations: artifacthub.io/changes: | - kind: changed - description: Update ssh-portal-api and ssh-token to v0.27.2. + description: configured dynamic apiVersion for HorizontalPodAutoscaler diff --git a/charts/lagoon-core/ci/linter-values.yaml b/charts/lagoon-core/ci/linter-values.yaml index 96886343..b45baa19 100644 --- a/charts/lagoon-core/ci/linter-values.yaml +++ b/charts/lagoon-core/ci/linter-values.yaml @@ -90,6 +90,8 @@ backupHandler: replicaCount: 1 image: repository: uselagoon/backup-handler + autoscaling: + enabled: true insightsHandler: image: diff --git a/charts/lagoon-core/templates/_helpers.tpl b/charts/lagoon-core/templates/_helpers.tpl index 2abd89ee..28bddf5f 100644 --- a/charts/lagoon-core/templates/_helpers.tpl +++ b/charts/lagoon-core/templates/_helpers.tpl @@ -673,3 +673,14 @@ app.kubernetes.io/name: {{ include "lagoon-core.name" . }} app.kubernetes.io/component: {{ include "lagoon-core.sshToken.fullname" . }} app.kubernetes.io/instance: {{ .Release.Name }} {{- end }} + +{{/* +Get HorizontalPodAutoscaler API Version - can be removed once Kubernetes 1.23 is the minimum +*/}} +{{- define "lagoon-core.hpa.apiVersion" -}} + {{- if (.Capabilities.APIVersions.Has "autoscaling/v2") -}} + autoscaling/v2 + {{- else -}} + autoscaling/v2beta2 + {{- end -}} +{{- end -}} diff --git a/charts/lagoon-core/templates/actions-handler.hpa.yaml b/charts/lagoon-core/templates/actions-handler.hpa.yaml index 37a60f71..0766cf98 100644 --- a/charts/lagoon-core/templates/actions-handler.hpa.yaml +++ b/charts/lagoon-core/templates/actions-handler.hpa.yaml @@ -1,5 +1,5 @@ {{- if and .Values.actionsHandler.enabled .Values.actionsHandler.autoscaling.enabled -}} -apiVersion: autoscaling/v2beta2 +apiVersion: {{ include "lagoon-core.hpa.apiVersion" . }} kind: HorizontalPodAutoscaler metadata: name: {{ include "lagoon-core.actionsHandler.fullname" . }} diff --git a/charts/lagoon-core/templates/api.hpa.yaml b/charts/lagoon-core/templates/api.hpa.yaml index 2ffe28fc..37c8c9ba 100644 --- a/charts/lagoon-core/templates/api.hpa.yaml +++ b/charts/lagoon-core/templates/api.hpa.yaml @@ -1,5 +1,5 @@ {{- if .Values.api.autoscaling.enabled -}} -apiVersion: autoscaling/v2beta2 +apiVersion: {{ include "lagoon-core.hpa.apiVersion" . }} kind: HorizontalPodAutoscaler metadata: name: {{ include "lagoon-core.api.fullname" . }} diff --git a/charts/lagoon-core/templates/auth-server.hpa.yaml b/charts/lagoon-core/templates/auth-server.hpa.yaml index 795beb79..a921136a 100644 --- a/charts/lagoon-core/templates/auth-server.hpa.yaml +++ b/charts/lagoon-core/templates/auth-server.hpa.yaml @@ -1,5 +1,5 @@ {{- if and .Values.ssh.enabled .Values.authServer.autoscaling.enabled -}} -apiVersion: autoscaling/v2beta2 +apiVersion: {{ include "lagoon-core.hpa.apiVersion" . }} kind: HorizontalPodAutoscaler metadata: name: {{ include "lagoon-core.authServer.fullname" . }} diff --git a/charts/lagoon-core/templates/backup-handler.hpa.yaml b/charts/lagoon-core/templates/backup-handler.hpa.yaml index 94d1284f..dfe335a9 100644 --- a/charts/lagoon-core/templates/backup-handler.hpa.yaml +++ b/charts/lagoon-core/templates/backup-handler.hpa.yaml @@ -1,5 +1,5 @@ {{- if and .Values.backupHandler.enabled .Values.backupHandler.autoscaling.enabled -}} -apiVersion: autoscaling/v2beta2 +apiVersion: {{ include "lagoon-core.hpa.apiVersion" . }} kind: HorizontalPodAutoscaler metadata: name: {{ include "lagoon-core.backupHandler.fullname" . }} diff --git a/charts/lagoon-core/templates/broker.hpa.yaml b/charts/lagoon-core/templates/broker.hpa.yaml index 7898993f..0ac81290 100644 --- a/charts/lagoon-core/templates/broker.hpa.yaml +++ b/charts/lagoon-core/templates/broker.hpa.yaml @@ -1,5 +1,5 @@ {{- if .Values.broker.autoscaling.enabled -}} -apiVersion: autoscaling/v2beta2 +apiVersion: {{ include "lagoon-core.hpa.apiVersion" . }} kind: HorizontalPodAutoscaler metadata: name: {{ include "lagoon-core.broker.fullname" . }} diff --git a/charts/lagoon-core/templates/drush-alias.hpa.yaml b/charts/lagoon-core/templates/drush-alias.hpa.yaml index 35886210..a5daaa8d 100644 --- a/charts/lagoon-core/templates/drush-alias.hpa.yaml +++ b/charts/lagoon-core/templates/drush-alias.hpa.yaml @@ -1,5 +1,5 @@ {{- if .Values.drushAlias.autoscaling.enabled -}} -apiVersion: autoscaling/v2beta2 +apiVersion: {{ include "lagoon-core.hpa.apiVersion" . }} kind: HorizontalPodAutoscaler metadata: name: {{ include "lagoon-core.drushAlias.fullname" . }} diff --git a/charts/lagoon-core/templates/insights-handler.hpa.yaml b/charts/lagoon-core/templates/insights-handler.hpa.yaml index 23c5ccfc..e17df3ef 100644 --- a/charts/lagoon-core/templates/insights-handler.hpa.yaml +++ b/charts/lagoon-core/templates/insights-handler.hpa.yaml @@ -1,5 +1,5 @@ {{- if .Values.insightsHandler.autoscaling.enabled -}} -apiVersion: autoscaling/v2beta2 +apiVersion: {{ include "lagoon-core.hpa.apiVersion" . }} kind: HorizontalPodAutoscaler metadata: name: {{ include "lagoon-core.insightsHandler.fullname" . }} diff --git a/charts/lagoon-core/templates/logs2notifications.hpa.yaml b/charts/lagoon-core/templates/logs2notifications.hpa.yaml index 5b439fdb..bc7521de 100644 --- a/charts/lagoon-core/templates/logs2notifications.hpa.yaml +++ b/charts/lagoon-core/templates/logs2notifications.hpa.yaml @@ -1,8 +1,8 @@ {{- if .Values.logs2notifications.autoscaling.enabled -}} -apiVersion: autoscaling/v2beta1 +apiVersion: {{ include "lagoon-core.hpa.apiVersion" . }} kind: HorizontalPodAutoscaler metadata: - name: {{ include "lagoon-core..fullname" . }} + name: {{ include "lagoon-core.logs2notifications.fullname" . }} labels: {{- include "lagoon-core.logs2notifications.labels" . | nindent 4 }} spec: @@ -17,12 +17,16 @@ spec: - type: Resource resource: name: cpu - targetAverageUtilization: {{ .Values.logs2notifications.autoscaling.targetCPUUtilizationPercentage }} + target: + averageUtilization: {{ .Values.logs2notifications.autoscaling.targetCPUUtilizationPercentage }} + type: Utilization {{- end }} {{- if .Values.logs2notifications.autoscaling.targetMemoryUtilizationPercentage }} - type: Resource resource: name: memory - targetAverageUtilization: {{ .Values.logs2notifications.autoscaling.targetMemoryUtilizationPercentage }} + target: + averageUtilization: {{ .Values.logs2notifications.autoscaling.targetMemoryUtilizationPercentage }} + type: Utilization {{- end }} {{- end }} diff --git a/charts/lagoon-core/templates/ssh-portal-api.hpa.yaml b/charts/lagoon-core/templates/ssh-portal-api.hpa.yaml index 8e0ae96e..455900f2 100644 --- a/charts/lagoon-core/templates/ssh-portal-api.hpa.yaml +++ b/charts/lagoon-core/templates/ssh-portal-api.hpa.yaml @@ -1,5 +1,5 @@ {{- if and .Values.sshPortalAPI.enabled .Values.sshPortalAPI.autoscaling.enabled -}} -apiVersion: autoscaling/v2beta1 +apiVersion: {{ include "lagoon-core.hpa.apiVersion" . }} kind: HorizontalPodAutoscaler metadata: name: {{ include "lagoon-core.sshPortalAPI.fullname" . }} @@ -17,12 +17,16 @@ spec: - type: Resource resource: name: cpu - targetAverageUtilization: {{ .Values.sshPortalAPI.autoscaling.targetCPUUtilizationPercentage }} + target: + averageUtilization: {{ .Values.sshPortalAPI.autoscaling.targetCPUUtilizationPercentage }} + type: Utilization {{- end }} {{- if .Values.sshPortalAPI.autoscaling.targetMemoryUtilizationPercentage }} - type: Resource resource: name: memory - targetAverageUtilization: {{ .Values.sshPortalAPI.autoscaling.targetMemoryUtilizationPercentage }} + target: + averageUtilization: {{ .Values.sshPortalAPI.autoscaling.targetMemoryUtilizationPercentage }} + type: Utilization {{- end }} {{- end }} diff --git a/charts/lagoon-core/templates/ssh-token.hpa.yaml b/charts/lagoon-core/templates/ssh-token.hpa.yaml index 2fd1c834..e2c19916 100644 --- a/charts/lagoon-core/templates/ssh-token.hpa.yaml +++ b/charts/lagoon-core/templates/ssh-token.hpa.yaml @@ -1,5 +1,5 @@ {{- if and .Values.sshToken.enabled .Values.sshToken.autoscaling.enabled -}} -apiVersion: autoscaling/v2beta1 +apiVersion: {{ include "lagoon-core.hpa.apiVersion" . }} kind: HorizontalPodAutoscaler metadata: name: {{ include "lagoon-core.sshToken.fullname" . }} @@ -17,12 +17,16 @@ spec: - type: Resource resource: name: cpu - targetAverageUtilization: {{ .Values.sshToken.autoscaling.targetCPUUtilizationPercentage }} + target: + averageUtilization: {{ .Values.sshToken.autoscaling.targetCPUUtilizationPercentage }} + type: Utilization {{- end }} {{- if .Values.sshToken.autoscaling.targetMemoryUtilizationPercentage }} - type: Resource resource: name: memory - targetAverageUtilization: {{ .Values.sshToken.autoscaling.targetMemoryUtilizationPercentage }} + target: + averageUtilization: {{ .Values.sshToken.autoscaling.targetMemoryUtilizationPercentage }} + type: Utilization {{- end }} {{- end }} diff --git a/charts/lagoon-core/templates/ssh.hpa.yaml b/charts/lagoon-core/templates/ssh.hpa.yaml index abe657ff..fa0b2c57 100644 --- a/charts/lagoon-core/templates/ssh.hpa.yaml +++ b/charts/lagoon-core/templates/ssh.hpa.yaml @@ -1,5 +1,5 @@ {{- if and .Values.ssh.enabled .Values.ssh.autoscaling.enabled -}} -apiVersion: autoscaling/v2beta2 +apiVersion: {{ include "lagoon-core.hpa.apiVersion" . }} kind: HorizontalPodAutoscaler metadata: name: {{ include "lagoon-core.ssh.fullname" . }} diff --git a/charts/lagoon-core/templates/ui.hpa.yaml b/charts/lagoon-core/templates/ui.hpa.yaml index f5a0f84b..5dcba06c 100644 --- a/charts/lagoon-core/templates/ui.hpa.yaml +++ b/charts/lagoon-core/templates/ui.hpa.yaml @@ -1,5 +1,5 @@ {{- if and .Values.ui.enabled .Values.ui.autoscaling.enabled -}} -apiVersion: autoscaling/v2beta2 +apiVersion: {{ include "lagoon-core.hpa.apiVersion" . }} kind: HorizontalPodAutoscaler metadata: name: {{ include "lagoon-core.ui.fullname" . }} diff --git a/charts/lagoon-core/templates/webhook-handler.hpa.yaml b/charts/lagoon-core/templates/webhook-handler.hpa.yaml index fd5d8688..1a16132f 100644 --- a/charts/lagoon-core/templates/webhook-handler.hpa.yaml +++ b/charts/lagoon-core/templates/webhook-handler.hpa.yaml @@ -1,5 +1,5 @@ {{- if .Values.webhookHandler.autoscaling.enabled -}} -apiVersion: autoscaling/v2beta2 +apiVersion: {{ include "lagoon-core.hpa.apiVersion" . }} kind: HorizontalPodAutoscaler metadata: name: {{ include "lagoon-core.webhookHandler.fullname" . }} diff --git a/charts/lagoon-core/templates/webhooks2tasks.hpa.yaml b/charts/lagoon-core/templates/webhooks2tasks.hpa.yaml index a6c82bff..6e39947a 100644 --- a/charts/lagoon-core/templates/webhooks2tasks.hpa.yaml +++ b/charts/lagoon-core/templates/webhooks2tasks.hpa.yaml @@ -1,5 +1,5 @@ {{- if .Values.webhooks2tasks.autoscaling.enabled -}} -apiVersion: autoscaling/v2beta2 +apiVersion: {{ include "lagoon-core.hpa.apiVersion" . }} kind: HorizontalPodAutoscaler metadata: name: {{ include "lagoon-core.webhooks2tasks.fullname" . }} diff --git a/charts/lagoon-logs-concentrator/Chart.yaml b/charts/lagoon-logs-concentrator/Chart.yaml index 52f32a0e..477e2c1c 100644 --- a/charts/lagoon-logs-concentrator/Chart.yaml +++ b/charts/lagoon-logs-concentrator/Chart.yaml @@ -19,7 +19,7 @@ type: application # time you make changes to the chart and its templates, including the app # version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.43.0 +version: 0.44.0 # This section is used to collect a changelog for artifacthub.io # It should be started afresh for each release @@ -27,8 +27,4 @@ version: 0.43.0 annotations: artifacthub.io/changes: | - kind: changed - description: Use version v3.1.0 of logs-concentrator which adds the opensearch fluentd plugin. - - kind: changed - description: Switch default chart configuration from Elasticsearch to Opensearch. - - kind: removed - description: Default chart support for Elasticsearch. + description: configured dynamic apiVersion for HorizontalPodAutoscaler diff --git a/charts/lagoon-logs-concentrator/templates/_helpers.tpl b/charts/lagoon-logs-concentrator/templates/_helpers.tpl index e9dfc9e1..6c1edd76 100644 --- a/charts/lagoon-logs-concentrator/templates/_helpers.tpl +++ b/charts/lagoon-logs-concentrator/templates/_helpers.tpl @@ -61,3 +61,14 @@ Create the name of the service account to use {{- default "default" .Values.serviceAccount.name }} {{- end }} {{- end }} + +{{/* +Get HorizontalPodAutoscaler API Version - can be removed once Kubernetes 1.23 is the minimum +*/}} +{{- define "lagoon-logs-concentrator.hpa.apiVersion" -}} + {{- if (.Capabilities.APIVersions.Has "autoscaling/v2") -}} + autoscaling/v2 + {{- else -}} + autoscaling/v2beta2 + {{- end -}} +{{- end -}} diff --git a/charts/lagoon-logs-concentrator/templates/hpa.yaml b/charts/lagoon-logs-concentrator/templates/hpa.yaml index 33f1d5ba..ee824389 100644 --- a/charts/lagoon-logs-concentrator/templates/hpa.yaml +++ b/charts/lagoon-logs-concentrator/templates/hpa.yaml @@ -1,5 +1,5 @@ {{- if .Values.autoscaling.enabled }} -apiVersion: autoscaling/v2beta2 +apiVersion: {{ include "lagoon-logs-concentrator.hpa.apiVersion" . }} kind: HorizontalPodAutoscaler metadata: name: {{ include "lagoon-logs-concentrator.fullname" . }} From 1d4c778fc785d2ed2abe689f69b23b5a62e9aed2 Mon Sep 17 00:00:00 2001 From: Scott Leggett Date: Fri, 25 Nov 2022 16:58:54 +0800 Subject: [PATCH 112/167] feat: add new startup probe to api-data-watcher-pusher --- .../local-api-data-watcher-pusher.deployment.yaml | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/charts/lagoon-test/templates/local-api-data-watcher-pusher.deployment.yaml b/charts/lagoon-test/templates/local-api-data-watcher-pusher.deployment.yaml index 07b4627d..eadd3040 100644 --- a/charts/lagoon-test/templates/local-api-data-watcher-pusher.deployment.yaml +++ b/charts/lagoon-test/templates/local-api-data-watcher-pusher.deployment.yaml @@ -49,16 +49,13 @@ spec: key: JWTSECRET - name: TOKEN value: {{ required "A valid .Values.token required!" .Values.token | quote }} - readinessProbe: + startupProbe: exec: command: - - /bin/sh - - -c - # this container uses wget to inject test fixtures into the lagoon api. - # once wget stops running, it's good to go. - - "for i in $(seq 4); do pgrep wget && exit 1 || sleep 1; done" - initialDelaySeconds: 32 - timeoutSeconds: 8 + - test + - -f + - /tmp/api-data-pushed + failureThreshold: 90 resources: {{- toYaml .Values.localAPIDataWatcherPusher.resources | nindent 10 }} {{- with .Values.localAPIDataWatcherPusher.nodeSelector }} From 508c6b129276ec1052437e5db436aee6531f72c6 Mon Sep 17 00:00:00 2001 From: Scott Leggett Date: Tue, 13 Dec 2022 10:02:24 +0800 Subject: [PATCH 113/167] chore: bump lagoon-test chart version --- charts/lagoon-test/Chart.yaml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/charts/lagoon-test/Chart.yaml b/charts/lagoon-test/Chart.yaml index 1bcaa8ef..38c29dbe 100644 --- a/charts/lagoon-test/Chart.yaml +++ b/charts/lagoon-test/Chart.yaml @@ -11,7 +11,7 @@ kubeVersion: ">= 1.21.0-0" type: application -version: 0.41.0 +version: 0.42.0 appVersion: v2.10.0 @@ -24,4 +24,5 @@ annotations: description: added services test and deprecated old tests - kind: changed description: introduced minimum kubernetes version 1.21 - + - kind: changed + description: Use new startup probe on api-data-watcher-pusher. From c28b0440252884db3fb9f192323b9c9d1ecf439c Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Fri, 20 Jan 2023 16:47:04 +1100 Subject: [PATCH 114/167] lagoon-remote chart version bump --- charts/lagoon-remote/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/lagoon-remote/Chart.yaml b/charts/lagoon-remote/Chart.yaml index 963a18ac..20acc22a 100644 --- a/charts/lagoon-remote/Chart.yaml +++ b/charts/lagoon-remote/Chart.yaml @@ -19,7 +19,7 @@ type: application # This is the chart version. This version number should be incremented each # time you make changes to the chart and its templates, including the app # version. -version: 0.73.0 +version: 0.74.0 dependencies: - name: lagoon-build-deploy From 4cee30a5ec6ba9f29b59763358693fb988a14c8c Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Mon, 23 Jan 2023 12:14:21 +1100 Subject: [PATCH 115/167] use updated APIdwp image --- charts/lagoon-test/ci/linter-values.yaml.tpl | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/charts/lagoon-test/ci/linter-values.yaml.tpl b/charts/lagoon-test/ci/linter-values.yaml.tpl index 221725a5..4ea7a4d7 100644 --- a/charts/lagoon-test/ci/linter-values.yaml.tpl +++ b/charts/lagoon-test/ci/linter-values.yaml.tpl @@ -11,9 +11,14 @@ localGit: image: repository: ${imageRegistry}/local-git +# localAPIDataWatcherPusher: +# image: +# repository: ${imageRegistry}/local-api-data-watcher-pusher + localAPIDataWatcherPusher: image: - repository: ${imageRegistry}/local-api-data-watcher-pusher + repository: testlagoon/local-api-data-watcher-pusher + tag: main tests: image: From 3771e940ec8c165e31705e382f7ad9dcb39aeee0 Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Mon, 23 Jan 2023 14:28:28 +1100 Subject: [PATCH 116/167] use testlagoon for tests image --- charts/lagoon-test/ci/linter-values.yaml.tpl | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/charts/lagoon-test/ci/linter-values.yaml.tpl b/charts/lagoon-test/ci/linter-values.yaml.tpl index 4ea7a4d7..a964b5c6 100644 --- a/charts/lagoon-test/ci/linter-values.yaml.tpl +++ b/charts/lagoon-test/ci/linter-values.yaml.tpl @@ -20,9 +20,15 @@ localAPIDataWatcherPusher: repository: testlagoon/local-api-data-watcher-pusher tag: main +# tests: +# image: +# repository: ${imageRegistry}/tests +# tests: ${tests} + tests: image: - repository: ${imageRegistry}/tests + repository: testlagoon/tests + tag: main tests: ${tests} imageTag: ${imageTag} From 3104685c261cfc1599beee492da45412a61f105c Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Mon, 23 Jan 2023 15:01:06 +1100 Subject: [PATCH 117/167] fix test suite --- .github/workflows/test-suite.yaml | 2 +- charts/lagoon-test/ci/linter-values.yaml.tpl | 7 ++++++- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/.github/workflows/test-suite.yaml b/.github/workflows/test-suite.yaml index 3ec1a906..7b5a6734 100644 --- a/.github/workflows/test-suite.yaml +++ b/.github/workflows/test-suite.yaml @@ -17,7 +17,6 @@ jobs: - features-kubernetes-2 - features-variables - services - - ssh-portal - tasks ## Re-enable any of these tests in your branch for specific testing ## - bitbucket @@ -30,6 +29,7 @@ jobs: ## - nginx ## - node ## - python + ## - ssh-legacy ## - workflows steps: diff --git a/charts/lagoon-test/ci/linter-values.yaml.tpl b/charts/lagoon-test/ci/linter-values.yaml.tpl index a964b5c6..6dc02700 100644 --- a/charts/lagoon-test/ci/linter-values.yaml.tpl +++ b/charts/lagoon-test/ci/linter-values.yaml.tpl @@ -7,9 +7,14 @@ token: "${token}" webhookHost: "${webhookHandler}" webhookRepoPrefix: "${webhookRepoPrefix}" +# localGit: +# image: +# repository: ${imageRegistry}/local-git + localGit: image: - repository: ${imageRegistry}/local-git + repository: testlagoon/local-git + tag: main # localAPIDataWatcherPusher: # image: From b1bf7066b8edd7dab87823ce2d7c8efa6ffacc7a Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Tue, 31 Jan 2023 12:53:31 +1100 Subject: [PATCH 118/167] update docker-host image to v3.2.0 --- charts/lagoon-remote/Chart.yaml | 2 ++ charts/lagoon-remote/values.yaml | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/charts/lagoon-remote/Chart.yaml b/charts/lagoon-remote/Chart.yaml index 20acc22a..da5d5632 100644 --- a/charts/lagoon-remote/Chart.yaml +++ b/charts/lagoon-remote/Chart.yaml @@ -46,3 +46,5 @@ annotations: artifacthub.io/changes: | - kind: changed description: introduced minimum kubernetes version 1.21 + - kind: changed + description: update docker-host image to v3.2.0 diff --git a/charts/lagoon-remote/values.yaml b/charts/lagoon-remote/values.yaml index 6d95d38a..bd375a16 100644 --- a/charts/lagoon-remote/values.yaml +++ b/charts/lagoon-remote/values.yaml @@ -27,7 +27,7 @@ dockerHost: repository: uselagoon/docker-host pullPolicy: Always # Overrides the image tag whose default is "latest". - tag: "v3.1.0" + tag: "v3.2.0" name: docker-host From a25febd44bff4345ad96b81e593263106bcd08f0 Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Thu, 2 Feb 2023 15:29:27 +1100 Subject: [PATCH 119/167] update docker-host image to v3.3.0 --- charts/lagoon-remote/Chart.yaml | 2 +- charts/lagoon-remote/values.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/lagoon-remote/Chart.yaml b/charts/lagoon-remote/Chart.yaml index da5d5632..d2a26190 100644 --- a/charts/lagoon-remote/Chart.yaml +++ b/charts/lagoon-remote/Chart.yaml @@ -47,4 +47,4 @@ annotations: - kind: changed description: introduced minimum kubernetes version 1.21 - kind: changed - description: update docker-host image to v3.2.0 + description: update docker-host image to v3.3.0 diff --git a/charts/lagoon-remote/values.yaml b/charts/lagoon-remote/values.yaml index bd375a16..f5d08216 100644 --- a/charts/lagoon-remote/values.yaml +++ b/charts/lagoon-remote/values.yaml @@ -27,7 +27,7 @@ dockerHost: repository: uselagoon/docker-host pullPolicy: Always # Overrides the image tag whose default is "latest". - tag: "v3.2.0" + tag: "v3.3.0" name: docker-host From 6b8c339c1bb0040b708d41dbac7b1eefa332e301 Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Fri, 3 Feb 2023 11:13:58 +1100 Subject: [PATCH 120/167] use lagoon-core appVersion v2.12.0 --- charts/lagoon-core/Chart.yaml | 4 +++- charts/lagoon-test/Chart.yaml | 4 +++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/charts/lagoon-core/Chart.yaml b/charts/lagoon-core/Chart.yaml index 2e6660c9..117e4583 100644 --- a/charts/lagoon-core/Chart.yaml +++ b/charts/lagoon-core/Chart.yaml @@ -27,7 +27,7 @@ version: 1.23.0 # number should be incremented each time you make changes to the application. # Versions are not expected to follow Semantic Versioning. They should reflect # the version the application is using. -appVersion: v2.11.0 +appVersion: v2.12.0 dependencies: - name: nats @@ -42,3 +42,5 @@ annotations: artifacthub.io/changes: | - kind: changed description: introduced minimum kubernetes version 1.21 + - kind: changed + description: update Lagoon appVersion to v2.12.0 diff --git a/charts/lagoon-test/Chart.yaml b/charts/lagoon-test/Chart.yaml index 38c29dbe..8dfcc991 100644 --- a/charts/lagoon-test/Chart.yaml +++ b/charts/lagoon-test/Chart.yaml @@ -13,7 +13,7 @@ type: application version: 0.42.0 -appVersion: v2.10.0 +appVersion: v2.12.0 # This section is used to collect a changelog for artifacthub.io # It should be started afresh for each release @@ -26,3 +26,5 @@ annotations: description: introduced minimum kubernetes version 1.21 - kind: changed description: Use new startup probe on api-data-watcher-pusher. + - kind: changed + description: update Lagoon appVersion to v2.12.0 From 772a085426641ba6334a4299a553d05d9593084c Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Fri, 3 Feb 2023 11:52:16 +1100 Subject: [PATCH 121/167] bump remote-controller to v0.9.0 in lagoon-build-deploy chart (#545) Co-authored-by: shreddedbacon --- charts/lagoon-build-deploy/Chart.yaml | 8 +++++--- .../crds/crd.lagoon.sh_lagoonbuilds.yaml | 16 ---------------- .../crds/crd.lagoon.sh_lagoontasks.yaml | 16 ---------------- 3 files changed, 5 insertions(+), 35 deletions(-) diff --git a/charts/lagoon-build-deploy/Chart.yaml b/charts/lagoon-build-deploy/Chart.yaml index 32e39b3d..5acc408d 100644 --- a/charts/lagoon-build-deploy/Chart.yaml +++ b/charts/lagoon-build-deploy/Chart.yaml @@ -16,11 +16,13 @@ kubeVersion: ">= 1.19.0-0" type: application -version: 0.18.1 +version: 0.19.0 -appVersion: v0.7.2 +appVersion: v0.9.0 annotations: artifacthub.io/changes: | - kind: changed - description: bump remote-controller to v0.7.2 + description: bump remote-controller to v0.9.0 + - kind: changed + description: remove monitoringUrls from CRDs (require CRDs to be updated, see installation notes) diff --git a/charts/lagoon-build-deploy/crds/crd.lagoon.sh_lagoonbuilds.yaml b/charts/lagoon-build-deploy/crds/crd.lagoon.sh_lagoonbuilds.yaml index 6525d28a..cd93f697 100644 --- a/charts/lagoon-build-deploy/crds/crd.lagoon.sh_lagoonbuilds.yaml +++ b/charts/lagoon-build-deploy/crds/crd.lagoon.sh_lagoonbuilds.yaml @@ -239,10 +239,6 @@ spec: type: string logLink: type: string - monitoringUrls: - items: - type: string - type: array project: type: string projectId: @@ -332,10 +328,6 @@ spec: type: string logLink: type: string - monitoringUrls: - items: - type: string - type: array project: type: string projectId: @@ -427,10 +419,6 @@ spec: type: string logLink: type: string - monitoringUrls: - items: - type: string - type: array project: type: string projectId: @@ -524,10 +512,6 @@ spec: type: string logLink: type: string - monitoringUrls: - items: - type: string - type: array project: type: string projectId: diff --git a/charts/lagoon-build-deploy/crds/crd.lagoon.sh_lagoontasks.yaml b/charts/lagoon-build-deploy/crds/crd.lagoon.sh_lagoontasks.yaml index 94465abf..74f095ad 100644 --- a/charts/lagoon-build-deploy/crds/crd.lagoon.sh_lagoontasks.yaml +++ b/charts/lagoon-build-deploy/crds/crd.lagoon.sh_lagoontasks.yaml @@ -210,10 +210,6 @@ spec: type: string logLink: type: string - monitoringUrls: - items: - type: string - type: array project: type: string projectId: @@ -303,10 +299,6 @@ spec: type: string logLink: type: string - monitoringUrls: - items: - type: string - type: array project: type: string projectId: @@ -398,10 +390,6 @@ spec: type: string logLink: type: string - monitoringUrls: - items: - type: string - type: array project: type: string projectId: @@ -495,10 +483,6 @@ spec: type: string logLink: type: string - monitoringUrls: - items: - type: string - type: array project: type: string projectId: From a9df50f83934227ccda8da0d57a284d425e5929e Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Fri, 3 Feb 2023 12:01:02 +1100 Subject: [PATCH 122/167] update lagoon-build-deploy chart to v0.19.0 --- charts/lagoon-remote/Chart.lock | 6 +++--- charts/lagoon-remote/Chart.yaml | 4 +++- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/charts/lagoon-remote/Chart.lock b/charts/lagoon-remote/Chart.lock index 70f738f7..ff38a176 100644 --- a/charts/lagoon-remote/Chart.lock +++ b/charts/lagoon-remote/Chart.lock @@ -1,7 +1,7 @@ dependencies: - name: lagoon-build-deploy repository: https://uselagoon.github.io/lagoon-charts/ - version: 0.18.1 + version: 0.19.0 - name: dioscuri repository: https://amazeeio.github.io/charts/ version: 0.4.1 @@ -11,5 +11,5 @@ dependencies: - name: nats repository: https://nats-io.github.io/k8s/helm/charts/ version: 0.18.3 -digest: sha256:1018b08ca55534e25872062782c15d58d4ae03129374ce015e62306ce319b353 -generated: "2022-11-24T11:53:05.091683188+11:00" +digest: sha256:8a65f7fdd1dd221e3e780b71b9c3e31e6918cb93f6e652527afc6302c294ab34 +generated: "2023-02-03T12:00:16.291578794+11:00" diff --git a/charts/lagoon-remote/Chart.yaml b/charts/lagoon-remote/Chart.yaml index d2a26190..bab52198 100644 --- a/charts/lagoon-remote/Chart.yaml +++ b/charts/lagoon-remote/Chart.yaml @@ -23,7 +23,7 @@ version: 0.74.0 dependencies: - name: lagoon-build-deploy - version: ~0.18.0 + version: ~0.19.0 repository: https://uselagoon.github.io/lagoon-charts/ condition: lagoon-build-deploy.enabled - name: dioscuri @@ -48,3 +48,5 @@ annotations: description: introduced minimum kubernetes version 1.21 - kind: changed description: update docker-host image to v3.3.0 + - kind: changed + description: update lagoon-build-deploy chart to v0.19.0 From 7ffed32d3542c33b94c7fec4d10c4b09526f080a Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Fri, 3 Feb 2023 17:29:41 +1100 Subject: [PATCH 123/167] remove linter overrides --- charts/lagoon-core/ci/linter-values.yaml | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/charts/lagoon-core/ci/linter-values.yaml b/charts/lagoon-core/ci/linter-values.yaml index b45baa19..4d8f1d1d 100644 --- a/charts/lagoon-core/ci/linter-values.yaml +++ b/charts/lagoon-core/ci/linter-values.yaml @@ -23,13 +23,6 @@ defaultIngressClassName: nginx lagoonAPIURL: https://api.example.com/graphql keycloakAPIURL: https://keycloak.example.com/auth -buildDeployImage: - default: - image: uselagoon/build-deploy-image:latest - edge: - enabled: true - image: uselagoon/build-deploy-image:edge - api: replicaCount: 1 image: @@ -84,14 +77,11 @@ ui: replicaCount: 1 image: repository: uselagoon/ui - tag: main backupHandler: replicaCount: 1 image: repository: uselagoon/backup-handler - autoscaling: - enabled: true insightsHandler: image: From 7537ae263ce22a6e29c3f275d2f47e28f2fbb526 Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Fri, 3 Feb 2023 18:13:00 +1100 Subject: [PATCH 124/167] fixup test image overrides --- charts/lagoon-test/ci/linter-values.yaml.tpl | 22 +++----------------- 1 file changed, 3 insertions(+), 19 deletions(-) diff --git a/charts/lagoon-test/ci/linter-values.yaml.tpl b/charts/lagoon-test/ci/linter-values.yaml.tpl index 6dc02700..221725a5 100644 --- a/charts/lagoon-test/ci/linter-values.yaml.tpl +++ b/charts/lagoon-test/ci/linter-values.yaml.tpl @@ -7,33 +7,17 @@ token: "${token}" webhookHost: "${webhookHandler}" webhookRepoPrefix: "${webhookRepoPrefix}" -# localGit: -# image: -# repository: ${imageRegistry}/local-git - localGit: image: - repository: testlagoon/local-git - tag: main - -# localAPIDataWatcherPusher: -# image: -# repository: ${imageRegistry}/local-api-data-watcher-pusher + repository: ${imageRegistry}/local-git localAPIDataWatcherPusher: image: - repository: testlagoon/local-api-data-watcher-pusher - tag: main - -# tests: -# image: -# repository: ${imageRegistry}/tests -# tests: ${tests} + repository: ${imageRegistry}/local-api-data-watcher-pusher tests: image: - repository: testlagoon/tests - tag: main + repository: ${imageRegistry}/tests tests: ${tests} imageTag: ${imageTag} From 3d080a266a227db221e48bc6feef09b0c3b682ac Mon Sep 17 00:00:00 2001 From: Scott Leggett Date: Wed, 15 Feb 2023 13:23:54 +0800 Subject: [PATCH 125/167] feat: bump ssh-portal-api and ssh-token services to the latest version --- charts/lagoon-core/values.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/lagoon-core/values.yaml b/charts/lagoon-core/values.yaml index 4e668329..c2997025 100644 --- a/charts/lagoon-core/values.yaml +++ b/charts/lagoon-core/values.yaml @@ -747,7 +747,7 @@ sshPortalAPI: repository: ghcr.io/uselagoon/lagoon-ssh-portal/ssh-portal-api pullPolicy: IfNotPresent # Overrides the image tag whose default is the chart appVersion. - tag: "v0.27.2" + tag: "v0.28.0" podAnnotations: {} @@ -814,7 +814,7 @@ sshToken: repository: ghcr.io/uselagoon/lagoon-ssh-portal/ssh-token pullPolicy: IfNotPresent # Overrides the image tag whose default is the chart appVersion. - tag: "v0.27.2" + tag: "v0.28.0" podAnnotations: {} From 3d61f6d6a3c73b7ecd53d983b38486daacb9af8b Mon Sep 17 00:00:00 2001 From: Scott Leggett Date: Wed, 15 Feb 2023 13:24:18 +0800 Subject: [PATCH 126/167] feat: bump ssh-portal to the latest version --- charts/lagoon-remote/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/lagoon-remote/values.yaml b/charts/lagoon-remote/values.yaml index f5d08216..db46930a 100644 --- a/charts/lagoon-remote/values.yaml +++ b/charts/lagoon-remote/values.yaml @@ -122,7 +122,7 @@ sshPortal: repository: ghcr.io/uselagoon/lagoon-ssh-portal/ssh-portal pullPolicy: Always # Overrides the image tag whose default is the chart appVersion. - tag: "v0.27.2" + tag: "v0.28.0" service: type: LoadBalancer From 2a1923b18dea9e9b44fb827f0c1dcd9a92aa227a Mon Sep 17 00:00:00 2001 From: Scott Leggett Date: Wed, 15 Feb 2023 13:29:06 +0800 Subject: [PATCH 127/167] chore: bump lagoon-core chart version --- charts/lagoon-core/Chart.yaml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/charts/lagoon-core/Chart.yaml b/charts/lagoon-core/Chart.yaml index 117e4583..eb586b15 100644 --- a/charts/lagoon-core/Chart.yaml +++ b/charts/lagoon-core/Chart.yaml @@ -21,7 +21,7 @@ type: application # time you make changes to the chart and its templates, including the app # version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 1.23.0 +version: 1.24.0 # This is the version number of the application being deployed. This version # number should be incremented each time you make changes to the application. @@ -41,6 +41,4 @@ dependencies: annotations: artifacthub.io/changes: | - kind: changed - description: introduced minimum kubernetes version 1.21 - - kind: changed - description: update Lagoon appVersion to v2.12.0 + description: update ssh-token and ssh-portal-api services to v0.28.0 From 8c9dc9e8cd7bc2738aae9bda56967a879a0b994c Mon Sep 17 00:00:00 2001 From: Scott Leggett Date: Wed, 15 Feb 2023 13:29:58 +0800 Subject: [PATCH 128/167] chore: bump lagoon-remote chart version --- charts/lagoon-remote/Chart.yaml | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/charts/lagoon-remote/Chart.yaml b/charts/lagoon-remote/Chart.yaml index bab52198..d5aaacda 100644 --- a/charts/lagoon-remote/Chart.yaml +++ b/charts/lagoon-remote/Chart.yaml @@ -19,7 +19,7 @@ type: application # This is the chart version. This version number should be incremented each # time you make changes to the chart and its templates, including the app # version. -version: 0.74.0 +version: 0.75.0 dependencies: - name: lagoon-build-deploy @@ -45,8 +45,4 @@ dependencies: annotations: artifacthub.io/changes: | - kind: changed - description: introduced minimum kubernetes version 1.21 - - kind: changed - description: update docker-host image to v3.3.0 - - kind: changed - description: update lagoon-build-deploy chart to v0.19.0 + description: update ssh-portal service to v0.28.0 From 6814c053d9501d6f55cdd88304b151eb74749f20 Mon Sep 17 00:00:00 2001 From: Scott Leggett Date: Thu, 16 Feb 2023 10:55:12 +0800 Subject: [PATCH 129/167] feat: add interface to new ssh-portal feature in lagoon-core chart This boolean blockDeveloperSSH value now allows Lagoon administrators to block users with Developer role from SSH access to Lagoon environments. --- .../lagoon-core/templates/ssh-portal-api.deployment.yaml | 4 ++++ charts/lagoon-core/templates/ssh-token.deployment.yaml | 4 ++++ charts/lagoon-core/values.yaml | 9 +++++++++ 3 files changed, 17 insertions(+) diff --git a/charts/lagoon-core/templates/ssh-portal-api.deployment.yaml b/charts/lagoon-core/templates/ssh-portal-api.deployment.yaml index 4d309aa4..cd114421 100644 --- a/charts/lagoon-core/templates/ssh-portal-api.deployment.yaml +++ b/charts/lagoon-core/templates/ssh-portal-api.deployment.yaml @@ -43,6 +43,10 @@ spec: - name: DEBUG value: "true" {{- end }} + {{- if .Values.blockDeveloperSSH }} + - name: BLOCK_DEVELOPER_SSH + value: "true" + {{- end }} - name: KEYCLOAK_BASE_URL value: http://{{ include "lagoon-core.keycloak.fullname" . }}:{{ .Values.keycloak.service.port }}/ - name: KEYCLOAK_SERVICE_API_CLIENT_SECRET diff --git a/charts/lagoon-core/templates/ssh-token.deployment.yaml b/charts/lagoon-core/templates/ssh-token.deployment.yaml index a050fd65..5df4197d 100644 --- a/charts/lagoon-core/templates/ssh-token.deployment.yaml +++ b/charts/lagoon-core/templates/ssh-token.deployment.yaml @@ -38,6 +38,10 @@ spec: - name: DEBUG value: "true" {{- end }} + {{- if .Values.blockDeveloperSSH }} + - name: BLOCK_DEVELOPER_SSH + value: "true" + {{- end }} - name: KEYCLOAK_BASE_URL value: http://{{ include "lagoon-core.keycloak.fullname" . }}:{{ .Values.keycloak.service.port }}/ - name: KEYCLOAK_AUTH_SERVER_CLIENT_SECRET diff --git a/charts/lagoon-core/values.yaml b/charts/lagoon-core/values.yaml index c2997025..9abb3a55 100644 --- a/charts/lagoon-core/values.yaml +++ b/charts/lagoon-core/values.yaml @@ -84,6 +84,15 @@ podSecurityContext: # on the service level, if not set it falls back to chart appVersion. imageTag: "" +# This value is false by default, which means that Developers can SSH to +# Development environments as per the Lagoon documentation +# (https://docs.lagoon.sh/administering-lagoon/rbac/#developer). +# Set this to true to: +# * block Developers from SSH access to Lagoon environments; and +# * stop Developers from getting a redirect message when trying to SSH into the +# ssh-token service. +# blockDeveloperSSH: false + # the following services are part of the lagoon-core chart api: From 3812a07a6b1df8721ead8d9140c9583c08e52a2f Mon Sep 17 00:00:00 2001 From: Brandon Williams Date: Mon, 20 Feb 2023 11:37:13 -0600 Subject: [PATCH 130/167] fix: allow overriding build-deploy-image when installing lagoon-core via makefile --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 374e2ae5..f42d93ee 100644 --- a/Makefile +++ b/Makefile @@ -174,7 +174,7 @@ install-lagoon-core: install-minio --values ./charts/lagoon-core/ci/linter-values.yaml \ $$([ $(IMAGE_TAG) ] && echo '--set imageTag=$(IMAGE_TAG)') \ $$([ $(OVERRIDE_ACTIVE_STANDBY_TASK_IMAGE) ] && echo '--set overwriteActiveStandbyTaskImage=$(OVERRIDE_ACTIVE_STANDBY_TASK_IMAGE)') \ - $$([ $(OVERRIDE_BUILD_DEPLOY_DIND_IMAGE) ] && echo '--set buildDeployImage.edge.image=$(OVERRIDE_BUILD_DEPLOY_DIND_IMAGE)') \ + $$([ $(OVERRIDE_BUILD_DEPLOY_DIND_IMAGE) ] && echo '--set buildDeployImage.default.image=$(OVERRIDE_BUILD_DEPLOY_DIND_IMAGE)') \ $$([ $(DISABLE_CORE_HARBOR) ] && echo '--set api.additionalEnvs.DISABLE_CORE_HARBOR=$(DISABLE_CORE_HARBOR)') \ $$([ $(OPENSEARCH_INTEGRATION_ENABLED) ] && echo '--set api.additionalEnvs.OPENSEARCH_INTEGRATION_ENABLED=$(OPENSEARCH_INTEGRATION_ENABLED)') \ --set "keycloakAPIURL=http://lagoon-keycloak.$$($(KUBECTL) get nodes -o jsonpath='{.items[0].status.addresses[0].address}').nip.io:32080/auth" \ From cbbd615dfe73851a589f9f8024c918ed53fe911a Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Tue, 21 Feb 2023 13:40:27 +1100 Subject: [PATCH 131/167] chore: update helm dependencies --- .github/workflows/lint-test-matrix.yaml | 2 +- Makefile | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/lint-test-matrix.yaml b/.github/workflows/lint-test-matrix.yaml index e495604a..8d10a01c 100644 --- a/.github/workflows/lint-test-matrix.yaml +++ b/.github/workflows/lint-test-matrix.yaml @@ -13,7 +13,7 @@ jobs: kindest_node_version: - v1.21.14@sha256:9d9eb5fb26b4fbc0c6d95fa8c790414f9750dd583f5d7cee45d92e8c26670aa1 - v1.22.15@sha256:7d9708c4b0873f0fe2e171e2b1b7f45ae89482617778c1c875f1053d4cef2e41 - - v1.24.7@sha256:577c630ce8e509131eab1aea12c022190978dd2f745aac5eb1fe65c0807eb315 + - v1.23.13@sha256:ef453bb7c79f0e3caba88d2067d4196f427794086a7d0df8df4f019d5e336b61 - v1.25.3@sha256:f52781bc0d7a19fb6c405c2af83abfeb311f130707a0e219175677e366cc45d1 - v1.26.0@sha256:691e24bd2417609db7e589e1a479b902d2e209892a10ce375fab60a8407c7352 steps: diff --git a/Makefile b/Makefile index 374e2ae5..1563075c 100644 --- a/Makefile +++ b/Makefile @@ -82,7 +82,7 @@ install-ingress: --set controller.config.proxy-body-size=100m \ --set controller.watchIngressWithoutClass=true \ --set controller.ingressClassResource.default=true \ - --version=4.3.0 \ + --version=4.5.2 \ ingress-nginx \ ingress-nginx/ingress-nginx @@ -102,7 +102,7 @@ install-registry: install-ingress --set clair.enabled=false \ --set notary.enabled=false \ --set trivy.enabled=false \ - --version=1.10.1 \ + --version=1.11.0 \ registry \ harbor/harbor @@ -116,7 +116,7 @@ install-mariadb: --wait \ --timeout $(TIMEOUT) \ $$($(KUBECTL) get ns mariadb > /dev/null 2>&1 && echo --set auth.rootPassword=$$($(KUBECTL) get secret --namespace mariadb mariadb -o json | $(JQ) -r '.data."mariadb-root-password" | @base64d')) \ - --version=11.3.4 \ + --version=11.4.7 \ mariadb \ bitnami/mariadb @@ -158,7 +158,7 @@ install-minio: install-ingress --timeout $(TIMEOUT) \ --set auth.rootUser=lagoonFilesAccessKey,auth.rootPassword=lagoonFilesSecretKey \ --set defaultBuckets=lagoon-files \ - --version=11.10.13 \ + --version=12.1.17 \ minio \ bitnami/minio From 3497eb191b75f24aba52299d9427182956456a2e Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Tue, 21 Feb 2023 13:44:11 +1100 Subject: [PATCH 132/167] force action run From 2a244190e165ce52984d4d013b000c951f73e659 Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Tue, 21 Feb 2023 13:54:25 +1100 Subject: [PATCH 133/167] correct minio version --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 1563075c..9b9a805d 100644 --- a/Makefile +++ b/Makefile @@ -158,7 +158,7 @@ install-minio: install-ingress --timeout $(TIMEOUT) \ --set auth.rootUser=lagoonFilesAccessKey,auth.rootPassword=lagoonFilesSecretKey \ --set defaultBuckets=lagoon-files \ - --version=12.1.17 \ + --version=12.1.7 \ minio \ bitnami/minio From 839a5be4b715c2bb7b0a86ceaee99d684bda3ac0 Mon Sep 17 00:00:00 2001 From: Brandon Williams Date: Mon, 27 Feb 2023 18:56:06 -0600 Subject: [PATCH 134/167] fix: disable HSTS by default when installing ingress-nginx via makefile --- Makefile | 1 + 1 file changed, 1 insertion(+) diff --git a/Makefile b/Makefile index 9b9a805d..77b5a06f 100644 --- a/Makefile +++ b/Makefile @@ -80,6 +80,7 @@ install-ingress: --set controller.service.nodePorts.http=32080 \ --set controller.service.nodePorts.https=32443 \ --set controller.config.proxy-body-size=100m \ + --set controller.config.hsts="false" \ --set controller.watchIngressWithoutClass=true \ --set controller.ingressClassResource.default=true \ --version=4.5.2 \ From 3dcf71c39ea3dc7934d9b0e305295ae1ae5988a0 Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Tue, 28 Feb 2023 14:55:07 +1100 Subject: [PATCH 135/167] force action run From 147dde26c545935169d332e2fb404d195b868681 Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Wed, 8 Mar 2023 10:43:59 +1100 Subject: [PATCH 136/167] update Lagoon appVersion to v2.13.0 --- charts/lagoon-core/Chart.yaml | 6 +++--- charts/lagoon-test/Chart.yaml | 12 +++--------- 2 files changed, 6 insertions(+), 12 deletions(-) diff --git a/charts/lagoon-core/Chart.yaml b/charts/lagoon-core/Chart.yaml index eb586b15..e504a048 100644 --- a/charts/lagoon-core/Chart.yaml +++ b/charts/lagoon-core/Chart.yaml @@ -21,13 +21,13 @@ type: application # time you make changes to the chart and its templates, including the app # version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 1.24.0 +version: 1.25.0 # This is the version number of the application being deployed. This version # number should be incremented each time you make changes to the application. # Versions are not expected to follow Semantic Versioning. They should reflect # the version the application is using. -appVersion: v2.12.0 +appVersion: v2.13.0 dependencies: - name: nats @@ -41,4 +41,4 @@ dependencies: annotations: artifacthub.io/changes: | - kind: changed - description: update ssh-token and ssh-portal-api services to v0.28.0 + description: update Lagoon appVersion to v2.13.0 diff --git a/charts/lagoon-test/Chart.yaml b/charts/lagoon-test/Chart.yaml index 8dfcc991..aa12efdd 100644 --- a/charts/lagoon-test/Chart.yaml +++ b/charts/lagoon-test/Chart.yaml @@ -11,20 +11,14 @@ kubeVersion: ">= 1.21.0-0" type: application -version: 0.42.0 +version: 0.43.0 -appVersion: v2.12.0 +appVersion: v2.13.0 # This section is used to collect a changelog for artifacthub.io # It should be started afresh for each release # Valid supported kinds are added, changed, deprecated, removed, fixed and security annotations: artifacthub.io/changes: | - - kind: added - description: added services test and deprecated old tests - kind: changed - description: introduced minimum kubernetes version 1.21 - - kind: changed - description: Use new startup probe on api-data-watcher-pusher. - - kind: changed - description: update Lagoon appVersion to v2.12.0 + description: update Lagoon appVersion to v2.13.0 From e0f175f655c2a1b79201bb2c971f7d5265060743 Mon Sep 17 00:00:00 2001 From: Chris Date: Wed, 15 Mar 2023 11:05:21 +1100 Subject: [PATCH 137/167] First pass at handling migrations via helm --- charts/lagoon-core/templates/api-db.job.yaml | 54 +++++++++++++++++++ .../lagoon-core/templates/api.deployment.yaml | 26 --------- 2 files changed, 54 insertions(+), 26 deletions(-) create mode 100644 charts/lagoon-core/templates/api-db.job.yaml diff --git a/charts/lagoon-core/templates/api-db.job.yaml b/charts/lagoon-core/templates/api-db.job.yaml new file mode 100644 index 00000000..b07026ee --- /dev/null +++ b/charts/lagoon-core/templates/api-db.job.yaml @@ -0,0 +1,54 @@ +apiVersion: v1 +kind: Job +metadata: + name: api-db-migration-job + labels: + {{- include "lagoon-core.api.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": pre-upgrade + "helm.sh/hook-weight": "-5" +spec: + selector: + matchLabels: + {{- include "lagoon-core.api.selectorLabels" . | nindent 6 }} + template: + metadata: + spec: + restartPolicy: Never + securityContext: + {{- toYaml .Values.api.securityContext | nindent 10 }} + terminationGracePeriodSeconds: 120 + containers: + - name: api-init + args: + - ./node_modules/.bin/knex migrate:list --cwd /app/services/api/database; + ./node_modules/.bin/knex migrate:latest --cwd /app/services/api/database + image: {{ .Values.api.image.repository }}:{{ coalesce .Values.api.image.tag .Values.imageTag .Chart.AppVersion }} + imagePullPolicy: {{ .Values.api.image.pullPolicy }} + command: + - /bin/sh + - -c + securityContext: + {{- toYaml .Values.api.securityContext | nindent 10 }} + env: + - name: API_DB_HOST + value: {{ include "lagoon-core.apiDB.fullname" . }} + - name: API_DB_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "lagoon-core.apiDB.fullname" . }} + key: API_DB_PASSWORD + - name: LAGOON_VERSION + value: {{ .Chart.AppVersion | replace "-" "." }} + {{- range $key, $val := .Values.api.additionalEnvs }} + - name: {{ $key }} + value: {{ $val | quote }} + {{- end }} + {{- with .Values.api.nodeSelector }} + nodeSelector: + {{ toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.api.tolerations }} + tolerations: + {{ toYaml . | nindent 8 }} + {{- end }} \ No newline at end of file diff --git a/charts/lagoon-core/templates/api.deployment.yaml b/charts/lagoon-core/templates/api.deployment.yaml index 01ac6992..91fb93fc 100644 --- a/charts/lagoon-core/templates/api.deployment.yaml +++ b/charts/lagoon-core/templates/api.deployment.yaml @@ -198,32 +198,6 @@ spec: {{- with .Values.api.tolerations }} tolerations: {{- toYaml . | nindent 8 }} - {{- end }} - initContainers: - - name: api-init - args: - - ./node_modules/.bin/knex migrate:list --cwd /app/services/api/database; - ./node_modules/.bin/knex migrate:latest --cwd /app/services/api/database; - command: - - /bin/sh - - -c - securityContext: - {{- toYaml .Values.api.securityContext | nindent 10 }} - image: "{{ .Values.api.image.repository }}:{{ coalesce .Values.api.image.tag .Values.imageTag .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.api.image.pullPolicy }} - env: - - name: API_DB_HOST - value: {{ include "lagoon-core.apiDB.fullname" . }} - - name: API_DB_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "lagoon-core.apiDB.fullname" . }} - key: API_DB_PASSWORD - - name: LAGOON_VERSION - value: {{ .Chart.AppVersion | replace "-" "." }} - {{- range $key, $val := .Values.api.additionalEnvs }} - - name: {{ $key }} - value: {{ $val | quote }} {{- end }} resources: {{- toYaml .Values.api.resources | nindent 10 }} From 5c864c0149392bde83b3378985e6c912a1b3d01b Mon Sep 17 00:00:00 2001 From: Chris Date: Wed, 15 Mar 2023 16:24:15 +1100 Subject: [PATCH 138/167] Fixed errors & updated naming --- charts/lagoon-core/templates/_helpers.tpl | 6 ++++++ charts/lagoon-core/templates/api.deployment.yaml | 10 ---------- .../{api-db.job.yaml => api.migratedb.job.yaml} | 10 +++++----- 3 files changed, 11 insertions(+), 15 deletions(-) rename charts/lagoon-core/templates/{api-db.job.yaml => api.migratedb.job.yaml} (89%) diff --git a/charts/lagoon-core/templates/_helpers.tpl b/charts/lagoon-core/templates/_helpers.tpl index 28bddf5f..b385141b 100644 --- a/charts/lagoon-core/templates/_helpers.tpl +++ b/charts/lagoon-core/templates/_helpers.tpl @@ -75,6 +75,12 @@ app.kubernetes.io/component: {{ include "lagoon-core.api.fullname" . }} app.kubernetes.io/instance: {{ .Release.Name }} {{- end }} +{{/* +Create a default fully qualified app name for api-migratedb-job. +*/}} +{{- define "lagoon-core.apiMigrateDB.fullname" -}} +{{- include "lagoon-core.fullname" . }}-api-migratedb +{{- end }} {{/* diff --git a/charts/lagoon-core/templates/api.deployment.yaml b/charts/lagoon-core/templates/api.deployment.yaml index 91fb93fc..87bfdd46 100644 --- a/charts/lagoon-core/templates/api.deployment.yaml +++ b/charts/lagoon-core/templates/api.deployment.yaml @@ -199,13 +199,3 @@ spec: tolerations: {{- toYaml . | nindent 8 }} {{- end }} - resources: - {{- toYaml .Values.api.resources | nindent 10 }} - {{- with .Values.api.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.api.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} diff --git a/charts/lagoon-core/templates/api-db.job.yaml b/charts/lagoon-core/templates/api.migratedb.job.yaml similarity index 89% rename from charts/lagoon-core/templates/api-db.job.yaml rename to charts/lagoon-core/templates/api.migratedb.job.yaml index b07026ee..50b829b3 100644 --- a/charts/lagoon-core/templates/api-db.job.yaml +++ b/charts/lagoon-core/templates/api.migratedb.job.yaml @@ -1,18 +1,18 @@ -apiVersion: v1 +apiVersion: batch/v1 kind: Job metadata: - name: api-db-migration-job + name: {{ include "lagoon-core.apiMigrateDB.fullname" . }} labels: {{- include "lagoon-core.api.labels" . | nindent 4 }} annotations: "helm.sh/hook": pre-upgrade "helm.sh/hook-weight": "-5" spec: - selector: - matchLabels: - {{- include "lagoon-core.api.selectorLabels" . | nindent 6 }} + backoffLimit: 2 template: metadata: + labels: + {{- include "lagoon-core.api.selectorLabels" . | nindent 8 }} spec: restartPolicy: Never securityContext: From 710d9868f008e236ea27c2b0314a7ad856b62cc0 Mon Sep 17 00:00:00 2001 From: Chris Date: Wed, 15 Mar 2023 16:58:25 +1100 Subject: [PATCH 139/167] Updated lagoon-core chart --- charts/lagoon-core/Chart.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/lagoon-core/Chart.yaml b/charts/lagoon-core/Chart.yaml index e504a048..3fb0118c 100644 --- a/charts/lagoon-core/Chart.yaml +++ b/charts/lagoon-core/Chart.yaml @@ -21,7 +21,7 @@ type: application # time you make changes to the chart and its templates, including the app # version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 1.25.0 +version: 1.25.1 # This is the version number of the application being deployed. This version # number should be incremented each time you make changes to the application. @@ -41,4 +41,4 @@ dependencies: annotations: artifacthub.io/changes: | - kind: changed - description: update Lagoon appVersion to v2.13.0 + description: added a job to handle migrations instead of utilizing the api init container From d29f28ce0324ec77c9bbeee78febef68ca60cf7b Mon Sep 17 00:00:00 2001 From: Chris Date: Wed, 15 Mar 2023 18:20:19 +1100 Subject: [PATCH 140/167] Updated container name --- charts/lagoon-core/templates/api.migratedb.job.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/lagoon-core/templates/api.migratedb.job.yaml b/charts/lagoon-core/templates/api.migratedb.job.yaml index 50b829b3..e8e7d6fa 100644 --- a/charts/lagoon-core/templates/api.migratedb.job.yaml +++ b/charts/lagoon-core/templates/api.migratedb.job.yaml @@ -19,7 +19,7 @@ spec: {{- toYaml .Values.api.securityContext | nindent 10 }} terminationGracePeriodSeconds: 120 containers: - - name: api-init + - name: api-migratedb args: - ./node_modules/.bin/knex migrate:list --cwd /app/services/api/database; ./node_modules/.bin/knex migrate:latest --cwd /app/services/api/database From c10c567d013f99c291ff31a17f47c299b5b7f789 Mon Sep 17 00:00:00 2001 From: Chris Date: Thu, 16 Mar 2023 13:06:16 +1100 Subject: [PATCH 141/167] Fixing indentation --- charts/lagoon-core/templates/api.migratedb.job.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/lagoon-core/templates/api.migratedb.job.yaml b/charts/lagoon-core/templates/api.migratedb.job.yaml index e8e7d6fa..9d6c6841 100644 --- a/charts/lagoon-core/templates/api.migratedb.job.yaml +++ b/charts/lagoon-core/templates/api.migratedb.job.yaml @@ -16,7 +16,7 @@ spec: spec: restartPolicy: Never securityContext: - {{- toYaml .Values.api.securityContext | nindent 10 }} + {{- toYaml .Values.api.securityContext | nindent 8 }} terminationGracePeriodSeconds: 120 containers: - name: api-migratedb From b82b8926791311cf0b66a9582e7daebb4d156a2a Mon Sep 17 00:00:00 2001 From: Chris Date: Fri, 17 Mar 2023 09:38:10 +1100 Subject: [PATCH 142/167] Updated job --- .../templates/api.migratedb.job.yaml | 20 ++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/charts/lagoon-core/templates/api.migratedb.job.yaml b/charts/lagoon-core/templates/api.migratedb.job.yaml index 9d6c6841..9344d985 100644 --- a/charts/lagoon-core/templates/api.migratedb.job.yaml +++ b/charts/lagoon-core/templates/api.migratedb.job.yaml @@ -43,12 +43,14 @@ spec: {{- range $key, $val := .Values.api.additionalEnvs }} - name: {{ $key }} value: {{ $val | quote }} - {{- end }} - {{- with .Values.api.nodeSelector }} - nodeSelector: - {{ toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.api.tolerations }} - tolerations: - {{ toYaml . | nindent 8 }} - {{- end }} \ No newline at end of file + {{- end }} + resources: + {{- toYaml .Values.api.resources | nindent 10 }} + {{- with .Values.api.nodeSelector }} + nodeSelector: + {{ toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.api.tolerations }} + tolerations: + {{ toYaml . | nindent 8 }} + {{- end }} \ No newline at end of file From bd3bdd9868a4afa2317134ce72808f94c8cb67dd Mon Sep 17 00:00:00 2001 From: Chris Date: Fri, 17 Mar 2023 14:23:01 +1100 Subject: [PATCH 143/167] Added post-install hook to job --- charts/lagoon-core/templates/api.migratedb.job.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/lagoon-core/templates/api.migratedb.job.yaml b/charts/lagoon-core/templates/api.migratedb.job.yaml index 9344d985..74e40cc5 100644 --- a/charts/lagoon-core/templates/api.migratedb.job.yaml +++ b/charts/lagoon-core/templates/api.migratedb.job.yaml @@ -5,7 +5,7 @@ metadata: labels: {{- include "lagoon-core.api.labels" . | nindent 4 }} annotations: - "helm.sh/hook": pre-upgrade + "helm.sh/hook": post-install, pre-upgrade "helm.sh/hook-weight": "-5" spec: backoffLimit: 2 From 6184a1e235893d4d91ad0f95c2c7cc1ed0763e12 Mon Sep 17 00:00:00 2001 From: shreddedbacon Date: Fri, 24 Mar 2023 15:05:24 +1100 Subject: [PATCH 144/167] feat: add ephemeral storage limit configuration --- charts/lagoon-build-deploy/Chart.yaml | 4 ++-- charts/lagoon-build-deploy/templates/deployment.yaml | 4 ++++ charts/lagoon-build-deploy/values.yaml | 2 ++ 3 files changed, 8 insertions(+), 2 deletions(-) diff --git a/charts/lagoon-build-deploy/Chart.yaml b/charts/lagoon-build-deploy/Chart.yaml index ce8ac0ea..22d47d15 100644 --- a/charts/lagoon-build-deploy/Chart.yaml +++ b/charts/lagoon-build-deploy/Chart.yaml @@ -16,11 +16,11 @@ kubeVersion: ">= 1.21.0-0" type: application -version: 0.20.0 +version: 0.20.1 appVersion: v0.9.0 annotations: artifacthub.io/changes: | - kind: changed - description: introduced minimum kubernetes version 1.21 + description: introduced ephemeral storage limit configuration diff --git a/charts/lagoon-build-deploy/templates/deployment.yaml b/charts/lagoon-build-deploy/templates/deployment.yaml index 201e4754..c135bc47 100644 --- a/charts/lagoon-build-deploy/templates/deployment.yaml +++ b/charts/lagoon-build-deploy/templates/deployment.yaml @@ -226,6 +226,10 @@ spec: - name: ADMIN_LAGOON_FEATURE_FLAG_CONTAINER_MEMORY_LIMIT value: {{ . | quote}} {{- end }} + {{- with .Values.adminLagoonFeatureFlag.ephemeralStorageLimit }} + - name: ADMIN_LAGOON_FEATURE_FLAG_EPHEMERAL_STORAGE_LIMIT + value: {{ . | quote}} + {{- end }} - name: PENDING_MESSAGE_CRON value: {{ .Values.pendingMessageCron | quote }} - name: RABBITMQ_HOSTNAME diff --git a/charts/lagoon-build-deploy/values.yaml b/charts/lagoon-build-deploy/values.yaml index ced8a736..5320ced3 100644 --- a/charts/lagoon-build-deploy/values.yaml +++ b/charts/lagoon-build-deploy/values.yaml @@ -87,6 +87,8 @@ timeoutForLongRunningTaskPods: 6 adminLagoonFeatureFlag: # Set the memory resource limit for containers deployed by Lagoon. containerMemoryLimit: 16Gi + # Set the ephemeral storage limit for containers deployed by Lagoon. + # ephemeralStorageLimit: 4Gi # rootlessBuildPods tells the build-deploy controller to create build pods # which do not run as root. See https://github.com/amazeeio/lagoon/pull/2481 From 6d5833be9ac46a0084cce3a1536ac4028b0fd82c Mon Sep 17 00:00:00 2001 From: shreddedbacon Date: Fri, 24 Mar 2023 17:15:37 +1100 Subject: [PATCH 145/167] chore: support requests as well, with notes on what it can mean --- charts/lagoon-build-deploy/templates/deployment.yaml | 4 ++++ charts/lagoon-build-deploy/values.yaml | 7 +++++++ 2 files changed, 11 insertions(+) diff --git a/charts/lagoon-build-deploy/templates/deployment.yaml b/charts/lagoon-build-deploy/templates/deployment.yaml index c135bc47..9ed627a1 100644 --- a/charts/lagoon-build-deploy/templates/deployment.yaml +++ b/charts/lagoon-build-deploy/templates/deployment.yaml @@ -226,6 +226,10 @@ spec: - name: ADMIN_LAGOON_FEATURE_FLAG_CONTAINER_MEMORY_LIMIT value: {{ . | quote}} {{- end }} + {{- with .Values.adminLagoonFeatureFlag.ephemeralStorageRequests }} + - name: ADMIN_LAGOON_FEATURE_FLAG_EPHEMERAL_STORAGE_REQUESTS + value: {{ . | quote}} + {{- end }} {{- with .Values.adminLagoonFeatureFlag.ephemeralStorageLimit }} - name: ADMIN_LAGOON_FEATURE_FLAG_EPHEMERAL_STORAGE_LIMIT value: {{ . | quote}} diff --git a/charts/lagoon-build-deploy/values.yaml b/charts/lagoon-build-deploy/values.yaml index 5320ced3..2ddab0d5 100644 --- a/charts/lagoon-build-deploy/values.yaml +++ b/charts/lagoon-build-deploy/values.yaml @@ -88,6 +88,13 @@ adminLagoonFeatureFlag: # Set the memory resource limit for containers deployed by Lagoon. containerMemoryLimit: 16Gi # Set the ephemeral storage limit for containers deployed by Lagoon. + # Setting just the limit will also set requests to be the same value. + # See the kubernetes docs before using these values to ensure you know what they do based on your workloads and nodes allocatable values + # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#setting-requests-and-limits-for-local-ephemeral-storage + # Specifically how pods with requests are scheduled here https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#how-pods-with-ephemeral-storage-requests-are-scheduled + # You need to be aware that setting the limit or requests will impact how your pods are scheduled + # You may need to set the requests to be a very low value to maintain your desired pod density for Lagoon deployed environments + # ephemeralStorageRequests: 100Mi # ephemeralStorageLimit: 4Gi # rootlessBuildPods tells the build-deploy controller to create build pods From 8e0e971127b2ec93e858af649c4a2823e18a6f6f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 27 Mar 2023 01:03:55 +0000 Subject: [PATCH 146/167] chore(deps): bump helm/chart-testing-action from 2.3.1 to 2.4.0 Bumps [helm/chart-testing-action](https://github.com/helm/chart-testing-action) from 2.3.1 to 2.4.0. - [Release notes](https://github.com/helm/chart-testing-action/releases) - [Commits](https://github.com/helm/chart-testing-action/compare/v2.3.1...v2.4.0) --- updated-dependencies: - dependency-name: helm/chart-testing-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/lint-test-matrix.yaml | 2 +- .github/workflows/lint-test.yaml | 2 +- .github/workflows/test-suite.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/lint-test-matrix.yaml b/.github/workflows/lint-test-matrix.yaml index 8d10a01c..5e7f3504 100644 --- a/.github/workflows/lint-test-matrix.yaml +++ b/.github/workflows/lint-test-matrix.yaml @@ -26,7 +26,7 @@ jobs: run: sudo apt-get -y install python3-wheel - name: Set up chart-testing - uses: helm/chart-testing-action@v2.3.1 + uses: helm/chart-testing-action@v2.4.0 - name: Run chart-testing (list-changed) id: list-changed diff --git a/.github/workflows/lint-test.yaml b/.github/workflows/lint-test.yaml index 2ee6e09b..94ae6b73 100644 --- a/.github/workflows/lint-test.yaml +++ b/.github/workflows/lint-test.yaml @@ -76,7 +76,7 @@ jobs: run: sudo apt-get -y install python3-wheel - name: Set up chart-testing - uses: helm/chart-testing-action@v2.3.1 + uses: helm/chart-testing-action@v2.4.0 - name: Run chart-testing (list-changed) id: list-changed diff --git a/.github/workflows/test-suite.yaml b/.github/workflows/test-suite.yaml index 7b5a6734..c85f0e67 100644 --- a/.github/workflows/test-suite.yaml +++ b/.github/workflows/test-suite.yaml @@ -48,7 +48,7 @@ jobs: run: sudo apt-get -y install python3-wheel - name: Set up chart-testing - uses: helm/chart-testing-action@v2.3.1 + uses: helm/chart-testing-action@v2.4.0 - name: Run chart-testing (list-changed) id: list-changed From c85aec9a9a024cf89f9001030c1c3981b9cb2fb1 Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Tue, 28 Mar 2023 07:35:57 +1100 Subject: [PATCH 147/167] update Lagoon appVersion to v2.14.0 --- charts/lagoon-core/Chart.yaml | 6 ++++-- charts/lagoon-test/Chart.yaml | 6 +++--- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/charts/lagoon-core/Chart.yaml b/charts/lagoon-core/Chart.yaml index 3fb0118c..3566405f 100644 --- a/charts/lagoon-core/Chart.yaml +++ b/charts/lagoon-core/Chart.yaml @@ -21,13 +21,13 @@ type: application # time you make changes to the chart and its templates, including the app # version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 1.25.1 +version: 1.26.0 # This is the version number of the application being deployed. This version # number should be incremented each time you make changes to the application. # Versions are not expected to follow Semantic Versioning. They should reflect # the version the application is using. -appVersion: v2.13.0 +appVersion: v2.14.0 dependencies: - name: nats @@ -42,3 +42,5 @@ annotations: artifacthub.io/changes: | - kind: changed description: added a job to handle migrations instead of utilizing the api init container + - kind: changed + description: update Lagoon appVersion to v2.14.0 diff --git a/charts/lagoon-test/Chart.yaml b/charts/lagoon-test/Chart.yaml index aa12efdd..b9c74d8c 100644 --- a/charts/lagoon-test/Chart.yaml +++ b/charts/lagoon-test/Chart.yaml @@ -11,9 +11,9 @@ kubeVersion: ">= 1.21.0-0" type: application -version: 0.43.0 +version: 0.44.0 -appVersion: v2.13.0 +appVersion: v2.14.0 # This section is used to collect a changelog for artifacthub.io # It should be started afresh for each release @@ -21,4 +21,4 @@ appVersion: v2.13.0 annotations: artifacthub.io/changes: | - kind: changed - description: update Lagoon appVersion to v2.13.0 + description: update Lagoon appVersion to v2.14.0 From 575f921bd6f0c84b9b3ca475ba1733ff24457170 Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Tue, 28 Mar 2023 08:33:01 +1100 Subject: [PATCH 148/167] update remote-controller appVersion to v0.11.0 --- charts/lagoon-build-deploy/Chart.yaml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/charts/lagoon-build-deploy/Chart.yaml b/charts/lagoon-build-deploy/Chart.yaml index 22d47d15..cd6bacc6 100644 --- a/charts/lagoon-build-deploy/Chart.yaml +++ b/charts/lagoon-build-deploy/Chart.yaml @@ -16,11 +16,13 @@ kubeVersion: ">= 1.21.0-0" type: application -version: 0.20.1 +version: 0.21.0 -appVersion: v0.9.0 +appVersion: v0.11.0 annotations: artifacthub.io/changes: | - kind: changed description: introduced ephemeral storage limit configuration + - kind: changed + description: update remote-controller appVersion to v0.11.0 From af2e6a1a8207db579a8ee30da17a3f06009d4160 Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Tue, 28 Mar 2023 08:50:50 +1100 Subject: [PATCH 149/167] Force actions run From a8fda7072b15bef0f6955c3472cc43a7844f3b5d Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Tue, 28 Mar 2023 11:43:32 +1100 Subject: [PATCH 150/167] update lagoon-build-deploy subchart to 0.21.0 --- charts/lagoon-remote/Chart.lock | 6 +++--- charts/lagoon-remote/Chart.yaml | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/charts/lagoon-remote/Chart.lock b/charts/lagoon-remote/Chart.lock index ff38a176..19250192 100644 --- a/charts/lagoon-remote/Chart.lock +++ b/charts/lagoon-remote/Chart.lock @@ -1,7 +1,7 @@ dependencies: - name: lagoon-build-deploy repository: https://uselagoon.github.io/lagoon-charts/ - version: 0.19.0 + version: 0.21.0 - name: dioscuri repository: https://amazeeio.github.io/charts/ version: 0.4.1 @@ -11,5 +11,5 @@ dependencies: - name: nats repository: https://nats-io.github.io/k8s/helm/charts/ version: 0.18.3 -digest: sha256:8a65f7fdd1dd221e3e780b71b9c3e31e6918cb93f6e652527afc6302c294ab34 -generated: "2023-02-03T12:00:16.291578794+11:00" +digest: sha256:e966d8557fe3b2320e8a5de60d97ac07b09abde1582f4d64ab5464b2c8a3c0fe +generated: "2023-03-28T11:42:36.364832993+11:00" diff --git a/charts/lagoon-remote/Chart.yaml b/charts/lagoon-remote/Chart.yaml index d5aaacda..969a28a7 100644 --- a/charts/lagoon-remote/Chart.yaml +++ b/charts/lagoon-remote/Chart.yaml @@ -19,11 +19,11 @@ type: application # This is the chart version. This version number should be incremented each # time you make changes to the chart and its templates, including the app # version. -version: 0.75.0 +version: 0.76.0 dependencies: - name: lagoon-build-deploy - version: ~0.19.0 + version: ~0.21.0 repository: https://uselagoon.github.io/lagoon-charts/ condition: lagoon-build-deploy.enabled - name: dioscuri @@ -45,4 +45,4 @@ dependencies: annotations: artifacthub.io/changes: | - kind: changed - description: update ssh-portal service to v0.28.0 + description: update lagoon-build-deploy subchart to 0.21.0 From 30c8d95df01360080ea598bade630c106270d361 Mon Sep 17 00:00:00 2001 From: shreddedbacon Date: Wed, 29 Mar 2023 18:36:27 +1100 Subject: [PATCH 151/167] chore: bump remote-controller version to v0.11.1 --- charts/lagoon-build-deploy/Chart.yaml | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/charts/lagoon-build-deploy/Chart.yaml b/charts/lagoon-build-deploy/Chart.yaml index cd6bacc6..c118de4f 100644 --- a/charts/lagoon-build-deploy/Chart.yaml +++ b/charts/lagoon-build-deploy/Chart.yaml @@ -16,13 +16,11 @@ kubeVersion: ">= 1.21.0-0" type: application -version: 0.21.0 +version: 0.21.1 -appVersion: v0.11.0 +appVersion: v0.11.1 annotations: artifacthub.io/changes: | - kind: changed - description: introduced ephemeral storage limit configuration - - kind: changed - description: update remote-controller appVersion to v0.11.0 + description: update remote-controller appVersion to v0.11.1 From 6f4a718f1866c95936d65859cbf02b27f93b3355 Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Wed, 29 Mar 2023 19:43:23 +1100 Subject: [PATCH 152/167] update chart.lock --- charts/lagoon-remote/Chart.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/lagoon-remote/Chart.lock b/charts/lagoon-remote/Chart.lock index 19250192..72818989 100644 --- a/charts/lagoon-remote/Chart.lock +++ b/charts/lagoon-remote/Chart.lock @@ -1,7 +1,7 @@ dependencies: - name: lagoon-build-deploy repository: https://uselagoon.github.io/lagoon-charts/ - version: 0.21.0 + version: 0.21.1 - name: dioscuri repository: https://amazeeio.github.io/charts/ version: 0.4.1 @@ -11,5 +11,5 @@ dependencies: - name: nats repository: https://nats-io.github.io/k8s/helm/charts/ version: 0.18.3 -digest: sha256:e966d8557fe3b2320e8a5de60d97ac07b09abde1582f4d64ab5464b2c8a3c0fe -generated: "2023-03-28T11:42:36.364832993+11:00" +digest: sha256:2eb0c097563b20360e6775e20be53a9e1a80ec6ae2a0151a9557aa7282f739e0 +generated: "2023-03-29T19:42:25.75332838+11:00" From 654bf295eb14f21bfa17f43b3d7e579c4f350b56 Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Wed, 29 Mar 2023 19:44:17 +1100 Subject: [PATCH 153/167] update Lagoon appVersion to v2.14.1 --- charts/lagoon-core/Chart.yaml | 4 ++-- charts/lagoon-test/Chart.yaml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/lagoon-core/Chart.yaml b/charts/lagoon-core/Chart.yaml index 3566405f..a795f651 100644 --- a/charts/lagoon-core/Chart.yaml +++ b/charts/lagoon-core/Chart.yaml @@ -27,7 +27,7 @@ version: 1.26.0 # number should be incremented each time you make changes to the application. # Versions are not expected to follow Semantic Versioning. They should reflect # the version the application is using. -appVersion: v2.14.0 +appVersion: v2.14.1 dependencies: - name: nats @@ -43,4 +43,4 @@ annotations: - kind: changed description: added a job to handle migrations instead of utilizing the api init container - kind: changed - description: update Lagoon appVersion to v2.14.0 + description: update Lagoon appVersion to v2.14.1 diff --git a/charts/lagoon-test/Chart.yaml b/charts/lagoon-test/Chart.yaml index b9c74d8c..1d0d3426 100644 --- a/charts/lagoon-test/Chart.yaml +++ b/charts/lagoon-test/Chart.yaml @@ -13,7 +13,7 @@ type: application version: 0.44.0 -appVersion: v2.14.0 +appVersion: v2.14.1 # This section is used to collect a changelog for artifacthub.io # It should be started afresh for each release @@ -21,4 +21,4 @@ appVersion: v2.14.0 annotations: artifacthub.io/changes: | - kind: changed - description: update Lagoon appVersion to v2.14.0 + description: update Lagoon appVersion to v2.14.1 From 0792fc63b1169f02bbabb6d546f024c3c767353d Mon Sep 17 00:00:00 2001 From: Scott Leggett Date: Thu, 30 Mar 2023 12:50:17 +0800 Subject: [PATCH 154/167] fix: reference the Opensearch CA certificate value correctly --- charts/lagoon-core/templates/opensearch-sync.secret.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/lagoon-core/templates/opensearch-sync.secret.yaml b/charts/lagoon-core/templates/opensearch-sync.secret.yaml index 3bce6a5f..0cdbc276 100644 --- a/charts/lagoon-core/templates/opensearch-sync.secret.yaml +++ b/charts/lagoon-core/templates/opensearch-sync.secret.yaml @@ -7,5 +7,5 @@ metadata: labels: {{- include "lagoon-core.opensearchSync.labels" . | nindent 4 }} stringData: - OPENSEARCH_CA_CERTIFICATE: {{ required "A valid .Values.opensearchSync.opensearchCACertificate required!" .Values.opensearchSync.caCertificate | quote }} + OPENSEARCH_CA_CERTIFICATE: {{ required "A valid .Values.opensearchSync.opensearchCACertificate required!" .Values.opensearchSync.opensearchCACertificate | quote }} {{- end }} From 436afcf01c32e37dcb4fb4397c0f77d583da1437 Mon Sep 17 00:00:00 2001 From: Scott Leggett Date: Thu, 30 Mar 2023 12:50:52 +0800 Subject: [PATCH 155/167] feat: bump lagoon-opensearch-sync to v0.5.0 --- charts/lagoon-core/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/lagoon-core/values.yaml b/charts/lagoon-core/values.yaml index 9abb3a55..dec71e50 100644 --- a/charts/lagoon-core/values.yaml +++ b/charts/lagoon-core/values.yaml @@ -796,7 +796,7 @@ opensearchSync: repository: ghcr.io/uselagoon/lagoon-opensearch-sync pullPolicy: Always # Overrides the image tag whose default is the chart appVersion. - tag: "v0.4.1" + tag: "v0.5.0" # debug logging toggle debug: false From 05a9ce66a04771c231b5be722d5d696a362b7ee7 Mon Sep 17 00:00:00 2001 From: Scott Leggett Date: Thu, 30 Mar 2023 12:51:39 +0800 Subject: [PATCH 156/167] chore: bump lagoon-core chart version --- charts/lagoon-core/Chart.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/lagoon-core/Chart.yaml b/charts/lagoon-core/Chart.yaml index a795f651..7da3dbb3 100644 --- a/charts/lagoon-core/Chart.yaml +++ b/charts/lagoon-core/Chart.yaml @@ -21,7 +21,7 @@ type: application # time you make changes to the chart and its templates, including the app # version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 1.26.0 +version: 1.27.0 # This is the version number of the application being deployed. This version # number should be incremented each time you make changes to the application. @@ -40,7 +40,7 @@ dependencies: # Valid supported kinds are added, changed, deprecated, removed, fixed and security annotations: artifacthub.io/changes: | + - kind: fixed + description: reference the Opensearch CA certificate correctly for lagoon-opensearch-sync template - kind: changed - description: added a job to handle migrations instead of utilizing the api init container - - kind: changed - description: update Lagoon appVersion to v2.14.1 + description: update lagoon-opensearch-sync to v0.5.0 From cf2ef42c755b34d5e178361a38e6961e3052dfe6 Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Tue, 11 Apr 2023 17:11:27 +1000 Subject: [PATCH 157/167] update Lagoon appVersion to v2.14.2 --- charts/lagoon-core/Chart.yaml | 8 +++----- charts/lagoon-test/Chart.yaml | 6 +++--- 2 files changed, 6 insertions(+), 8 deletions(-) diff --git a/charts/lagoon-core/Chart.yaml b/charts/lagoon-core/Chart.yaml index 7da3dbb3..f12b82a5 100644 --- a/charts/lagoon-core/Chart.yaml +++ b/charts/lagoon-core/Chart.yaml @@ -21,13 +21,13 @@ type: application # time you make changes to the chart and its templates, including the app # version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 1.27.0 +version: 1.28.0 # This is the version number of the application being deployed. This version # number should be incremented each time you make changes to the application. # Versions are not expected to follow Semantic Versioning. They should reflect # the version the application is using. -appVersion: v2.14.1 +appVersion: v2.14.2 dependencies: - name: nats @@ -40,7 +40,5 @@ dependencies: # Valid supported kinds are added, changed, deprecated, removed, fixed and security annotations: artifacthub.io/changes: | - - kind: fixed - description: reference the Opensearch CA certificate correctly for lagoon-opensearch-sync template - kind: changed - description: update lagoon-opensearch-sync to v0.5.0 + description: update Lagoon appVersion to v2.14.2 diff --git a/charts/lagoon-test/Chart.yaml b/charts/lagoon-test/Chart.yaml index 1d0d3426..53c783fa 100644 --- a/charts/lagoon-test/Chart.yaml +++ b/charts/lagoon-test/Chart.yaml @@ -11,9 +11,9 @@ kubeVersion: ">= 1.21.0-0" type: application -version: 0.44.0 +version: 0.45.0 -appVersion: v2.14.1 +appVersion: v2.14.2 # This section is used to collect a changelog for artifacthub.io # It should be started afresh for each release @@ -21,4 +21,4 @@ appVersion: v2.14.1 annotations: artifacthub.io/changes: | - kind: changed - description: update Lagoon appVersion to v2.14.1 + description: update Lagoon appVersion to v2.14.2 From 92c8d1f999d5c376fec824f1461135ca466e1d5a Mon Sep 17 00:00:00 2001 From: shreddedbacon Date: Mon, 8 May 2023 10:32:18 +1000 Subject: [PATCH 158/167] chore: bump remote-controller to v0.12.0 --- charts/lagoon-build-deploy/Chart.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/lagoon-build-deploy/Chart.yaml b/charts/lagoon-build-deploy/Chart.yaml index c118de4f..8178e863 100644 --- a/charts/lagoon-build-deploy/Chart.yaml +++ b/charts/lagoon-build-deploy/Chart.yaml @@ -16,11 +16,11 @@ kubeVersion: ">= 1.21.0-0" type: application -version: 0.21.1 +version: 0.22.0 -appVersion: v0.11.1 +appVersion: v0.12.0 annotations: artifacthub.io/changes: | - kind: changed - description: update remote-controller appVersion to v0.11.1 + description: update remote-controller appVersion to v0.12.0 From bad7ad59c8dc3f8f8f537d651b39dcd63230fb7d Mon Sep 17 00:00:00 2001 From: shreddedbacon Date: Mon, 8 May 2023 13:24:23 +1000 Subject: [PATCH 159/167] chore: bump lagoon-build-deploy subchart --- charts/lagoon-remote/Chart.lock | 6 +++--- charts/lagoon-remote/Chart.yaml | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/charts/lagoon-remote/Chart.lock b/charts/lagoon-remote/Chart.lock index 72818989..9d772790 100644 --- a/charts/lagoon-remote/Chart.lock +++ b/charts/lagoon-remote/Chart.lock @@ -1,7 +1,7 @@ dependencies: - name: lagoon-build-deploy repository: https://uselagoon.github.io/lagoon-charts/ - version: 0.21.1 + version: 0.22.0 - name: dioscuri repository: https://amazeeio.github.io/charts/ version: 0.4.1 @@ -11,5 +11,5 @@ dependencies: - name: nats repository: https://nats-io.github.io/k8s/helm/charts/ version: 0.18.3 -digest: sha256:2eb0c097563b20360e6775e20be53a9e1a80ec6ae2a0151a9557aa7282f739e0 -generated: "2023-03-29T19:42:25.75332838+11:00" +digest: sha256:10455412d7c67ba412139825412301795bce15d2d21476324c147aa88d0cdd10 +generated: "2023-05-08T13:23:41.167070051+10:00" diff --git a/charts/lagoon-remote/Chart.yaml b/charts/lagoon-remote/Chart.yaml index 969a28a7..ac8d2030 100644 --- a/charts/lagoon-remote/Chart.yaml +++ b/charts/lagoon-remote/Chart.yaml @@ -19,11 +19,11 @@ type: application # This is the chart version. This version number should be incremented each # time you make changes to the chart and its templates, including the app # version. -version: 0.76.0 +version: 0.77.0 dependencies: - name: lagoon-build-deploy - version: ~0.21.0 + version: ~0.22.0 repository: https://uselagoon.github.io/lagoon-charts/ condition: lagoon-build-deploy.enabled - name: dioscuri @@ -45,4 +45,4 @@ dependencies: annotations: artifacthub.io/changes: | - kind: changed - description: update lagoon-build-deploy subchart to 0.21.0 + description: update lagoon-build-deploy subchart to 0.22.0 From 2e8dcf556a0eb1e930aa86a011aa5d3d05283d02 Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Fri, 12 May 2023 14:46:20 +1000 Subject: [PATCH 160/167] update Lagoon appVersion to v2.15.0 --- charts/lagoon-core/Chart.yaml | 6 +++--- charts/lagoon-test/Chart.yaml | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/charts/lagoon-core/Chart.yaml b/charts/lagoon-core/Chart.yaml index f12b82a5..f295d29e 100644 --- a/charts/lagoon-core/Chart.yaml +++ b/charts/lagoon-core/Chart.yaml @@ -21,13 +21,13 @@ type: application # time you make changes to the chart and its templates, including the app # version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 1.28.0 +version: 1.29.0 # This is the version number of the application being deployed. This version # number should be incremented each time you make changes to the application. # Versions are not expected to follow Semantic Versioning. They should reflect # the version the application is using. -appVersion: v2.14.2 +appVersion: v2.15.0 dependencies: - name: nats @@ -41,4 +41,4 @@ dependencies: annotations: artifacthub.io/changes: | - kind: changed - description: update Lagoon appVersion to v2.14.2 + description: update Lagoon appVersion to v2.15.0 diff --git a/charts/lagoon-test/Chart.yaml b/charts/lagoon-test/Chart.yaml index 53c783fa..f72b6baf 100644 --- a/charts/lagoon-test/Chart.yaml +++ b/charts/lagoon-test/Chart.yaml @@ -11,9 +11,9 @@ kubeVersion: ">= 1.21.0-0" type: application -version: 0.45.0 +version: 0.46.0 -appVersion: v2.14.2 +appVersion: v2.15.0 # This section is used to collect a changelog for artifacthub.io # It should be started afresh for each release @@ -21,4 +21,4 @@ appVersion: v2.14.2 annotations: artifacthub.io/changes: | - kind: changed - description: update Lagoon appVersion to v2.14.2 + description: update Lagoon appVersion to v2.15.0 From a9201ba7d83ac0f5b322c62d4da87f2148ee414e Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Fri, 12 May 2023 18:31:42 +1000 Subject: [PATCH 161/167] allow more time for testing --- test-suite-lint.ct.yaml | 2 +- test-suite-run.ct.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/test-suite-lint.ct.yaml b/test-suite-lint.ct.yaml index a281f86c..17dc40f5 100644 --- a/test-suite-lint.ct.yaml +++ b/test-suite-lint.ct.yaml @@ -8,4 +8,4 @@ excluded-charts: - lagoon-logs-concentrator - lagoon-build-deploy - lagoon-gatekeeper -helm-extra-args: --timeout 10m +helm-extra-args: --timeout 20m diff --git a/test-suite-run.ct.yaml b/test-suite-run.ct.yaml index defb2526..a24596d3 100644 --- a/test-suite-run.ct.yaml +++ b/test-suite-run.ct.yaml @@ -6,4 +6,4 @@ namespace: lagoon # release-label is required when specifying namespace: # https://github.com/helm/chart-testing/blob/v3.1.1/pkg/config/config.go#L117 release-label: app.kubernetes.io/instance -helm-extra-args: --timeout 40m +helm-extra-args: --timeout 60m From d41bb809e4c41ea418522d5ef4fb9119d485de73 Mon Sep 17 00:00:00 2001 From: Scott Leggett Date: Tue, 9 May 2023 14:37:23 +0800 Subject: [PATCH 162/167] feat: add feature to post-process router logs This feature allows injecting snippets of fluentd configuration into the router logs processing pipeline directly before the logs are sent to the output. This feature is designed to allow injecting logic to manipulate or add fields to router log records which make the log records easier to use in Opensearch Dashboards. For example this can be used to inject a boolean field into log records which can be used instead of a slow Opensearch regex search. --- ...logs-dispatcher.fluent-conf.configmap.yaml | 3 +++ charts/lagoon-logging/values.yaml | 27 +++++++++++++++++++ 2 files changed, 30 insertions(+) diff --git a/charts/lagoon-logging/templates/logs-dispatcher.fluent-conf.configmap.yaml b/charts/lagoon-logging/templates/logs-dispatcher.fluent-conf.configmap.yaml index 1eb548c8..b142d9b3 100644 --- a/charts/lagoon-logging/templates/logs-dispatcher.fluent-conf.configmap.yaml +++ b/charts/lagoon-logging/templates/logs-dispatcher.fluent-conf.configmap.yaml @@ -296,6 +296,9 @@ data: _dummy_ ${record['kubernetes'].delete('pod_name'); record['kubernetes'].delete('container_name'); record['kubernetes'].delete('pod_id'); nil} + {{- with .Values.routerLogsPostProcess }} + {{- . | nindent 6 }} + {{- end }} @type relabel @label @OUTPUT diff --git a/charts/lagoon-logging/values.yaml b/charts/lagoon-logging/values.yaml index dab2e9e6..d85363cb 100644 --- a/charts/lagoon-logging/values.yaml +++ b/charts/lagoon-logging/values.yaml @@ -368,6 +368,33 @@ keepIngressNginxController: false # # fluentbitPrivileged: true +# Optional post-processing of router logs. +# +# This value allows you to insert a snippet of fluentd configuration into the +# router logs processing pipeline directly before output. This can be used to +# perform additional custom parsing of router logs. Please only use +# ..., and do not retag records in this field to avoid +# breaking the log pipeline. +# +# This example will: +# * set is_facet_page to true if the request_query field contains "f[0]". +# * set is_search_page to true if the request_query field contains "search_api". +# * set is_search_bot to true if the http_user_agent field is FooBot or BarBot. +# +# routerLogsPostProcess: |- +# +# @type record_modifier +# +# is_facet_page ${!record["request_query"]&.match(/f\[0\]/).nil?} +# +# +# is_search_page ${!record["request_query"]&.match(/search_api/).nil?} +# +# +# is_search_bot ${!record["http_user_agent"]&.match(/\A(FooBot|BarBot)\z/).nil?} +# +# + # Install test fixtures into the cluster. # This should _only_ be used in a test cluster, because it creates namespaces for testing. # Do not set testFixtures.create=true in a production environment. From 96600ff37c3ff9619f66bfd2a17cb5b42b88b691 Mon Sep 17 00:00:00 2001 From: Scott Leggett Date: Tue, 9 May 2023 15:42:45 +0800 Subject: [PATCH 163/167] chore: bump lagoon-logging chart version --- charts/lagoon-logging/Chart.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/lagoon-logging/Chart.yaml b/charts/lagoon-logging/Chart.yaml index e5fba8c9..c1e8174e 100644 --- a/charts/lagoon-logging/Chart.yaml +++ b/charts/lagoon-logging/Chart.yaml @@ -19,7 +19,7 @@ type: application # time you make changes to the chart and its templates, including the app # version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.75.0 +version: 0.76.0 dependencies: - name: logging-operator @@ -32,5 +32,5 @@ dependencies: # Valid supported kinds are added, changed, deprecated, removed, fixed and security annotations: artifacthub.io/changes: | - - kind: changed - description: introduced minimum kubernetes version 1.21 + - kind: added + description: added chart option to inject a configuration snippet for post-processing router logs From b2641e5e456b72a4e0d91bc657ad64c4dbcb6ae2 Mon Sep 17 00:00:00 2001 From: Scott Leggett Date: Mon, 29 May 2023 14:20:31 +0800 Subject: [PATCH 164/167] feat: add configuration for logging-operator metrics ServiceMonitor Enable the fluentbit ServiceMonitor by default. --- charts/lagoon-logging/templates/logging.yaml | 8 ++++++++ charts/lagoon-logging/values.yaml | 12 ++++++++++++ 2 files changed, 20 insertions(+) diff --git a/charts/lagoon-logging/templates/logging.yaml b/charts/lagoon-logging/templates/logging.yaml index d55cdadf..3393d950 100644 --- a/charts/lagoon-logging/templates/logging.yaml +++ b/charts/lagoon-logging/templates/logging.yaml @@ -12,6 +12,10 @@ spec: fsGroup: 0 scaling: replicas: {{ .Values.fluentdReplicaCount }} + {{- with .Values.fluentdMetrics }} + metrics: + {{- toYaml . | nindent 6 }} + {{- end }} fluentbit: # Enable a default liveness check to avoid stuck pods. # At the time of writing this just hits the metrics endpoint. @@ -26,4 +30,8 @@ spec: tolerations: {{- toYaml . | nindent 4 }} {{- end }} + {{- with .Values.fluentbitMetrics }} + metrics: + {{- toYaml . | nindent 6 }} + {{- end }} controlNamespace: {{ .Release.Namespace | quote }} diff --git a/charts/lagoon-logging/values.yaml b/charts/lagoon-logging/values.yaml index d85363cb..7505be41 100644 --- a/charts/lagoon-logging/values.yaml +++ b/charts/lagoon-logging/values.yaml @@ -261,6 +261,18 @@ fluentbitTolerations: key: lagoon.sh/spot operator: Exists +# Expose metrics of the Logging Operator's fluentbit daemonset and fluentd +# statefulset via a Prometheus Operator compatible ServiceMonitor object. +# +# The fluentd serviceMonitor is disabled by default until a use-case is found. +# +# See here for full documentation of this field: +# https://kube-logging.dev/docs/operation/logging-operator-monitoring/#metrics-variables +fluentbitMetrics: + serviceMonitor: true +# fluentdMetrics: +# serviceMonitor: true + # This chart assumes the container runtime is containerd, which puts the log # message in the `message` field of the log record. # From 71f17abe723f3892c2d99b022433b2e214e235ab Mon Sep 17 00:00:00 2001 From: Scott Leggett Date: Mon, 29 May 2023 14:25:18 +0800 Subject: [PATCH 165/167] chore: bump lagoon-logging chart version --- charts/lagoon-logging/Chart.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/lagoon-logging/Chart.yaml b/charts/lagoon-logging/Chart.yaml index c1e8174e..b8133717 100644 --- a/charts/lagoon-logging/Chart.yaml +++ b/charts/lagoon-logging/Chart.yaml @@ -19,7 +19,7 @@ type: application # time you make changes to the chart and its templates, including the app # version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.76.0 +version: 0.77.0 dependencies: - name: logging-operator @@ -33,4 +33,4 @@ dependencies: annotations: artifacthub.io/changes: | - kind: added - description: added chart option to inject a configuration snippet for post-processing router logs + description: add chart option to configure logging-operator subchart metrics, and enable the fluentbit ServiceMonitor by default From b023309daf09db5c8b3980916997f7634c4517c3 Mon Sep 17 00:00:00 2001 From: Scott Leggett Date: Wed, 31 May 2023 14:26:16 +0800 Subject: [PATCH 166/167] chore: bump lagoon-opensearch-sync service to v0.7.0 --- charts/lagoon-core/values.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/lagoon-core/values.yaml b/charts/lagoon-core/values.yaml index dec71e50..577b4ae1 100644 --- a/charts/lagoon-core/values.yaml +++ b/charts/lagoon-core/values.yaml @@ -794,9 +794,9 @@ opensearchSync: enabled: false image: repository: ghcr.io/uselagoon/lagoon-opensearch-sync - pullPolicy: Always + pullPolicy: IfNotPresent # Overrides the image tag whose default is the chart appVersion. - tag: "v0.5.0" + tag: "v0.7.0" # debug logging toggle debug: false From 97933f83205a37f87f1fbd4739cbc66c067ae12b Mon Sep 17 00:00:00 2001 From: Scott Leggett Date: Wed, 31 May 2023 14:27:21 +0800 Subject: [PATCH 167/167] chore: bump lagoon-core chart version --- charts/lagoon-core/Chart.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/lagoon-core/Chart.yaml b/charts/lagoon-core/Chart.yaml index f295d29e..0e3fd53c 100644 --- a/charts/lagoon-core/Chart.yaml +++ b/charts/lagoon-core/Chart.yaml @@ -21,7 +21,7 @@ type: application # time you make changes to the chart and its templates, including the app # version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 1.29.0 +version: 1.30.0 # This is the version number of the application being deployed. This version # number should be incremented each time you make changes to the application. @@ -41,4 +41,4 @@ dependencies: annotations: artifacthub.io/changes: | - kind: changed - description: update Lagoon appVersion to v2.15.0 + description: bump lagoon-opensearch-sync version to v0.7.0