├── .github
├── dependabot.yml
├── pull_request_template.md
└── workflows
│ ├── lint-test-matrix.yaml
│ ├── lint-test.yaml
│ ├── pr-labeller.yaml
│ ├── release-tracker.yaml
│ ├── release.yaml
│ └── test-suite.yaml
├── .gitignore
├── LICENSE
├── Makefile
├── README.md
├── SECURITY.md
├── broker-core-certificate-request.yaml
├── charts
├── lagoon-build-deploy
│ ├── .helmignore
│ ├── Chart.yaml
│ ├── README.md
│ ├── ci
│ │ └── linter-values.yaml
│ ├── crds
│ │ ├── crd.lagoon.sh_lagoonbuilds.yaml
│ │ └── crd.lagoon.sh_lagoontasks.yaml
│ ├── templates
│ │ ├── NOTES.txt
│ │ ├── _helpers.tpl
│ │ ├── clusterrolebinding.yaml
│ │ ├── deployment.yaml
│ │ ├── secret.yaml
│ │ ├── service.yaml
│ │ ├── serviceaccount.yaml
│ │ └── servicemonitor.yaml
│ └── values.yaml
├── lagoon-core
│ ├── .gitignore
│ ├── .helmignore
│ ├── Chart.lock
│ ├── Chart.yaml
│ ├── README.md
│ ├── broker-tls
│ │ ├── README.md
│ │ ├── ca-config.json
│ │ ├── ca-csr.json
│ │ └── server.json
│ ├── ci
│ │ ├── linter-values.yaml
│ │ └── testlagoon-main-override.yaml
│ ├── nats-tls
│ │ ├── README.md
│ │ ├── ca-config.json
│ │ ├── ca-csr.json
│ │ ├── client.json
│ │ └── server.json
│ ├── templates
│ │ ├── NOTES.txt
│ │ ├── _helpers.tpl
│ │ ├── actions-handler.deployment.yaml
│ │ ├── actions-handler.hpa.yaml
│ │ ├── api-db.secret.yaml
│ │ ├── api-db.service.yaml
│ │ ├── api-db.statefulset.yaml
│ │ ├── api-redis.deployment.yaml
│ │ ├── api-redis.pvc.yaml
│ │ ├── api-redis.service.yaml
│ │ ├── api.deployment.yaml
│ │ ├── api.hpa.yaml
│ │ ├── api.ingress.yaml
│ │ ├── api.migratedb.job.yaml
│ │ ├── api.secret.yaml
│ │ ├── api.service.yaml
│ │ ├── auth-server.deployment.yaml
│ │ ├── auth-server.hpa.yaml
│ │ ├── auth-server.service.yaml
│ │ ├── backup-handler.deployment.yaml
│ │ ├── backup-handler.hpa.yaml
│ │ ├── backup-handler.ingress.yaml
│ │ ├── backup-handler.service.yaml
│ │ ├── broker.flag-enable.job.yaml
│ │ ├── broker.hpa.yaml
│ │ ├── broker.ingress.yaml
│ │ ├── broker.role.yaml
│ │ ├── broker.rolebinding.yaml
│ │ ├── broker.secret.yaml
│ │ ├── broker.service.yaml
│ │ ├── broker.serviceaccount.yaml
│ │ ├── broker.servicemonitor.yaml
│ │ ├── broker.statefulset.yaml
│ │ ├── drush-alias.deployment.yaml
│ │ ├── drush-alias.hpa.yaml
│ │ ├── drush-alias.ingress.yaml
│ │ ├── drush-alias.service.yaml
│ │ ├── insights-handler.deployment.yaml
│ │ ├── insights-handler.hpa.yaml
│ │ ├── insights-trivy.deployment.yaml
│ │ ├── insights-trivy.service.yaml
│ │ ├── k8up.schedule.yaml
│ │ ├── k8up.secret.yaml
│ │ ├── keycloak-db.service.yaml
│ │ ├── keycloak-db.statefulset.yaml
│ │ ├── keycloak.configmap.yaml
│ │ ├── keycloak.deployment.yaml
│ │ ├── keycloak.ingress.yaml
│ │ ├── keycloak.secret.yaml
│ │ ├── keycloak.service.yaml
│ │ ├── logs2notifications.deployment.yaml
│ │ ├── logs2notifications.hpa.yaml
│ │ ├── nats-concentrator.service.yaml
│ │ ├── nats.secret.yaml
│ │ ├── opensearch-sync.deployment.yaml
│ │ ├── opensearch-sync.secret.yaml
│ │ ├── secret.yaml
│ │ ├── ssh-portal-api.deployment.yaml
│ │ ├── ssh-portal-api.hpa.yaml
│ │ ├── ssh-portal-api.service.yaml
│ │ ├── ssh-portal-api.servicemonitor.yaml
│ │ ├── ssh-token.deployment.yaml
│ │ ├── ssh-token.hpa.yaml
│ │ ├── ssh-token.secret.yaml
│ │ ├── ssh-token.service.yaml
│ │ ├── ssh-token.servicemonitor.yaml
│ │ ├── ssh.deployment.yaml
│ │ ├── ssh.hpa.yaml
│ │ ├── ssh.secret.yaml
│ │ ├── ssh.service.yaml
│ │ ├── tests
│ │ │ └── test-connection.yaml
│ │ ├── ui.deployment.yaml
│ │ ├── ui.hpa.yaml
│ │ ├── ui.ingress.yaml
│ │ ├── ui.service.yaml
│ │ ├── webhook-handler.deployment.yaml
│ │ ├── webhook-handler.hpa.yaml
│ │ ├── webhook-handler.ingress.yaml
│ │ ├── webhook-handler.service.yaml
│ │ ├── webhooks2tasks.deployment.yaml
│ │ └── webhooks2tasks.hpa.yaml
│ └── values.yaml
├── lagoon-docker-host
│ ├── .gitignore
│ ├── .helmignore
│ ├── Chart.yaml
│ ├── README.md
│ ├── ci
│ │ └── linter-values.yaml
│ ├── templates
│ │ ├── NOTES.txt
│ │ ├── _helpers.tpl
│ │ ├── docker-host.clusterrole.yaml
│ │ ├── docker-host.networkpolicy.yaml
│ │ ├── docker-host.rolebinding.yaml
│ │ ├── docker-host.service.yaml
│ │ ├── docker-host.serviceaccount.yaml
│ │ ├── docker-host.statefulset.yaml
│ │ └── tests
│ │ │ └── test-connection.yaml
│ └── values.yaml
├── lagoon-logging
│ ├── .gitignore
│ ├── .helmignore
│ ├── Chart.lock
│ ├── Chart.yaml
│ ├── README.md
│ ├── ci
│ │ └── linter-values.yaml
│ ├── templates
│ │ ├── NOTES.txt
│ │ ├── _helpers.tpl
│ │ ├── cdn-logs-collector.fluent-conf.configmap.yaml
│ │ ├── cdn-logs-collector.secret.yaml
│ │ ├── cdn-logs-collector.service.yaml
│ │ ├── cdn-logs-collector.servicemonitor.yaml
│ │ ├── cdn-logs-collector.statefulset.yaml
│ │ ├── clusterflow.yaml
│ │ ├── clusteroutput.yaml
│ │ ├── logging.yaml
│ │ ├── logs-dispatcher.clusterrolebinding.yaml
│ │ ├── logs-dispatcher.env.configmap.yaml
│ │ ├── logs-dispatcher.fluent-conf.configmap.yaml
│ │ ├── logs-dispatcher.secret.yaml
│ │ ├── logs-dispatcher.service.yaml
│ │ ├── logs-dispatcher.serviceaccount.yaml
│ │ ├── logs-dispatcher.servicemonitor.yaml
│ │ ├── logs-dispatcher.source-lagoon.configmap.yaml
│ │ ├── logs-dispatcher.statefulset.yaml
│ │ ├── logs-dispatcher.store.configmap.yaml
│ │ ├── openshift-haproxy-logs-collector.fluent-bit-conf.configmap.yaml
│ │ ├── openshift-haproxy-logs-collector.service.yaml
│ │ ├── openshift-haproxy-logs-collector.servicemonitor.yaml
│ │ ├── openshift-haproxy-logs-collector.statefulset.yaml
│ │ └── tests
│ │ │ ├── cdn-service-annotations.yaml
│ │ │ ├── test-connection.yaml
│ │ │ └── test-logs-dispatcher-processing.yaml
│ ├── test-parser-regex.rb
│ └── values.yaml
├── lagoon-logs-concentrator
│ ├── .helmignore
│ ├── Chart.yaml
│ ├── README.md
│ ├── ca-config.json
│ ├── ca-csr.json
│ ├── ci
│ │ └── linter-values.yaml
│ ├── client.json
│ ├── server.json
│ ├── templates
│ │ ├── NOTES.txt
│ │ ├── _helpers.tpl
│ │ ├── env.configmap.yaml
│ │ ├── fluent-conf.configmap.yaml
│ │ ├── hpa.yaml
│ │ ├── metrics-service.yaml
│ │ ├── secret.yaml
│ │ ├── service.yaml
│ │ ├── serviceaccount.yaml
│ │ ├── servicemonitor.yaml
│ │ ├── statefulset.yaml
│ │ └── tests
│ │ │ └── test-connection.yaml
│ └── values.yaml
├── lagoon-remote
│ ├── .gitignore
│ ├── .helmignore
│ ├── Chart.lock
│ ├── Chart.yaml
│ ├── README.md
│ ├── ci
│ │ └── linter-values.yaml
│ ├── templates
│ │ ├── NOTES.txt
│ │ ├── _helpers.tpl
│ │ ├── application-logs.service.yaml
│ │ ├── dbaas.service.yaml
│ │ ├── docker-host.clusterrole.yaml
│ │ ├── docker-host.networkpolicy.yaml
│ │ ├── docker-host.rolebinding.yaml
│ │ ├── docker-host.service.yaml
│ │ ├── docker-host.serviceaccount.yaml
│ │ ├── docker-host.statefulset.yaml
│ │ ├── global-broker.secret.yaml
│ │ ├── insights-remote.clusterrole.yaml
│ │ ├── insights-remote.clusterrolebinding.yaml
│ │ ├── insights-remote.deployment.yaml
│ │ ├── insights-remote.secrets.yaml
│ │ ├── insights-remote.service.yaml
│ │ ├── insights-remote.serviceaccount.yaml
│ │ ├── mxout.service.yaml
│ │ ├── nats.secret.yaml
│ │ ├── priorityclasses.yaml
│ │ ├── router-logs.service.yaml
│ │ ├── ssh-core.clusterrole.yaml
│ │ ├── ssh-core.clusterrolebinding.yaml
│ │ ├── ssh-core.secret.yaml
│ │ ├── ssh-core.serviceaccount.yaml
│ │ ├── ssh-portal.clusterrole.yaml
│ │ ├── ssh-portal.clusterrolebinding.yaml
│ │ ├── ssh-portal.deployment.yaml
│ │ ├── ssh-portal.secret.yaml
│ │ ├── ssh-portal.service.yaml
│ │ ├── ssh-portal.serviceaccount.yaml
│ │ ├── ssh-portal.servicemonitor.yaml
│ │ ├── storage-calculator.clusterrole.yaml
│ │ ├── storage-calculator.clusterrolebinding.yaml
│ │ ├── storage-calculator.deployment.yaml
│ │ ├── storage-calculator.leader-elect-role.yaml
│ │ ├── storage-calculator.leader-elect-rolebinding.yaml
│ │ ├── storage-calculator.secret.yaml
│ │ ├── storage-calculator.service.yaml
│ │ ├── storage-calculator.serviceaccount.yaml
│ │ ├── storage-calculator.servicemonitor.yaml
│ │ ├── sysctl-configure.clusterrole.yaml
│ │ ├── sysctl-configure.clusterrolebinding.yaml
│ │ ├── sysctl-configure.daemonset.yaml
│ │ └── sysctl-configure.serviceaccount.yaml
│ └── values.yaml
└── lagoon-test
│ ├── .helmignore
│ ├── Chart.yaml
│ ├── README.md
│ ├── ci
│ ├── .gitignore
│ └── linter-values.yaml.tpl
│ ├── templates
│ ├── NOTES.txt
│ ├── _helpers.tpl
│ ├── local-api-data-watcher-pusher.job.yaml
│ ├── local-git.deployment.yaml
│ ├── local-git.service.yaml
│ ├── secret.yaml
│ ├── test.clusterrolebinding.yaml
│ ├── test.serviceaccount.yaml
│ └── tests
│ │ ├── test-connection.yaml
│ │ └── test-suite.yaml
│ └── values.yaml
├── ci
├── calico
│ ├── README.md
│ ├── custom-resources.yaml
│ └── tigera-operator.yaml
└── storageclass
│ └── local-path-bulk.yaml
├── default.ct.yaml
├── icon.png
├── renovate.json
├── test-suite-lint.ct.yaml
├── test-suite-run.ct.yaml
├── test-suite.certmanager-issuer-ss.yaml
├── test-suite.kind-config.calico.yaml.tpl
├── test-suite.kind-config.yaml.tpl
└── test-suite.metallb-pool.yaml.tpl
/.github/dependabot.yml:
--------------------------------------------------------------------------------
1 | # TODO: Configure helm package-ecosystem once
2 | # https://github.com/dependabot/dependabot-core/issues/2237 is closed.
3 | version: 2
4 | updates:
5 | - package-ecosystem: github-actions
6 | directory: /
7 | schedule:
8 | interval: daily
9 | labels:
10 | - dependencies
11 | - needs-testing
12 |
--------------------------------------------------------------------------------
/.github/pull_request_template.md:
--------------------------------------------------------------------------------
1 |
12 |
17 |
--------------------------------------------------------------------------------
/.github/workflows/release.yaml:
--------------------------------------------------------------------------------
1 | name: Release Charts
2 |
3 | on:
4 | push:
5 | branches:
6 | - main
7 |
8 | jobs:
9 | release:
10 | runs-on: ubuntu-latest
11 | steps:
12 | - name: Checkout
13 | uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
14 | with:
15 | fetch-depth: "0"
16 |
17 | - name: Configure Git
18 | run: |
19 | git config user.name "$GITHUB_ACTOR"
20 | git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
21 |
22 | - name: Add dependency chart repos
23 | run: |
24 | helm repo add lagoon https://uselagoon.github.io/lagoon-charts/
25 | helm repo add amazeeio https://amazeeio.github.io/charts/
26 | helm repo add nats https://nats-io.github.io/k8s/helm/charts/
27 | helm repo add kube-logging https://kube-logging.github.io/helm-charts
28 |
29 | - name: Run chart-releaser
30 | uses: helm/chart-releaser-action@cae68fefc6b5f367a0275617c9f83181ba54714f # v1.7.0
31 | env:
32 | CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
33 | # don't upload a chart if an existing tag exists
34 | CR_SKIP_EXISTING: "true"
35 |
--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | /test-suite.kind-config.yaml
2 | /test-suite.kind-config.calico.yaml
3 | certs/
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # Lagoon Helm charts
2 |
3 | [](https://github.com/uselagoon/lagoon-charts/actions)
4 |
5 | This repository contains [Helm](https://helm.sh/) charts related to [Lagoon](https://github.com/amazeeio/lagoon/).
6 |
7 | ## Usage
8 |
9 | See [here](https://uselagoon.github.io/lagoon-charts/).
10 |
11 | ## Contribute
12 |
13 | Branch/fork and add/edit a chart in the `charts/` directory.
14 | When you create a PR your change will be automatically linted and tested.
15 | PRs are not mergeable until lint + test passes.
16 |
17 | Releases are automatically made for any change which is merged to `main`.
18 |
19 | ### How CI works on PRs
20 |
21 | * All charts except `lagoon-test` are automatically linted, installed, and tested.
22 | * `lagoon-test` is special since it is used purely for development and consists of test fixtures for the full Lagoon test suite.
23 | * Any change to `lagoon-core`, `lagoon-remote`, or `lagoon-test` trigger a second CI job which installs the three charts together and runs the full test suite.
24 |
25 | ### New charts
26 |
27 | Please ensure that any new chart:
28 |
29 | * is installable into `kind`, which is used in the CI environment.
30 | You can add a `ci/linter-values.yaml` file if necessary ([example](https://github.com/uselagoon/lagoon-charts/blob/master/charts/lagoon-logging/ci/linter-values.yaml)).
31 | * has some kind of test, even if it is just a simple connection test ([example](https://github.com/uselagoon/lagoon-charts/blob/master/charts/lagoon-logging/templates/tests/test-connection.yaml)).
32 | * has a useful `templates/NOTES.txt`.
33 | * has a `README.md` with some basic information about the chart.
34 |
35 | #### Bonus points: well-tuned probes
36 |
37 | The CI runs in a [constrained environment](https://docs.github.com/en/actions/reference/virtual-environments-for-github-hosted-runners#supported-runners-and-hardware-resources) which makes it a good place to test how your chart handles slow-starting pods.
38 | Ideally pods should never be killed due to failing probes during chart-install, even if they do eventually start and the chart installation succeeds.
39 | Documentation on probes for pod startup is [here](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes).
40 |
41 | ## Development tips
42 |
43 | ### Run chart-testing (lint) locally
44 |
45 | ```bash
46 | docker run --rm --interactive --detach --network host --name ct "--volume=$(pwd):/workdir" "--workdir=/workdir" --volume=$(pwd)/default.ct.yaml:/etc/ct/ct.yaml quay.io/helmpack/chart-testing:latest cat
47 | docker exec ct git config --global --add safe.directory /workdir
48 | docker exec ct ct lint
49 | ```
50 |
51 | ### Run chart-testing (install) locally
52 |
53 | Prerequisite: install [ct](https://github.com/helm/chart-testing).
54 |
55 | ```bash
56 | kind create cluster -n chart-testing
57 | ct install --charts=charts/lagoon-logging
58 | kind delete cluster -n chart-testing
59 | ```
60 |
--------------------------------------------------------------------------------
/SECURITY.md:
--------------------------------------------------------------------------------
1 | # Security Policy
2 |
3 | ## Supported Versions
4 |
5 | Only the latest [MINOR version](https://semver.org/) of each chart will receive patch updates.
6 |
7 | ## Reporting a Vulnerability
8 |
9 | See https://www.amazee.io/.well-known/security.txt for how to report a vulnerability.
10 |
--------------------------------------------------------------------------------
/broker-core-certificate-request.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: cert-manager.io/v1
2 | kind: Certificate
3 | metadata:
4 | name: lagoon-core-broker
5 | spec:
6 | secretName: lagoon-core-broker-tls
7 | isCA: false
8 | usages:
9 | - server auth
10 | - client auth
11 | commonName: "lagoon-core-broker"
12 | dnsNames:
13 | - "lagoon-core-broker"
14 | - "lagoon-core-broker.lagoon-core.svc"
15 | issuerRef:
16 | kind: ClusterIssuer
17 | name: lagoon-testing-issuer
--------------------------------------------------------------------------------
/charts/lagoon-build-deploy/.helmignore:
--------------------------------------------------------------------------------
1 | # Patterns to ignore when building packages.
2 | # This supports shell glob matching, relative path matching, and
3 | # negation (prefixed with !). Only one pattern per line.
4 | .DS_Store
5 | # Common VCS dirs
6 | .git/
7 | .gitignore
8 | .bzr/
9 | .bzrignore
10 | .hg/
11 | .hgignore
12 | .svn/
13 | # Common backup files
14 | *.swp
15 | *.bak
16 | *.tmp
17 | *.orig
18 | *~
19 | # Various IDEs
20 | .project
21 | .idea/
22 | *.tmproj
23 | .vscode/
24 |
--------------------------------------------------------------------------------
/charts/lagoon-build-deploy/Chart.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v2
2 | name: lagoon-build-deploy
3 | description:
4 | A Helm chart for Kubernetes which installs Lagoon remote controllers which are used for handling build and task pods
5 | (https://github.com/uselagoon/remote-controller).
6 | home: https://github.com/uselagoon/lagoon-charts
7 | icon: https://raw.githubusercontent.com/uselagoon/lagoon-charts/main/icon.png
8 | maintainers:
9 | - name: shreddedbacon
10 | email: ben.jackson@amazee.io
11 | url: https://amazee.io
12 | - name: smlx
13 | email: scott.leggett@amazee.io
14 | url: https://amazee.io
15 | kubeVersion: ">= 1.25.0-0"
16 |
17 | type: application
18 |
19 | version: 0.34.2
20 |
21 | appVersion: v0.23.0
22 |
23 | annotations:
24 | artifacthub.io/changes: |
25 | - kind: fixed
26 | description: fix verifypeer reference with quotes (again)
27 | artifacthub.io/crds: |
28 | - kind: LagoonBuild
29 | version: v1beta2
30 | name: lagoonbuild
31 | displayName: LagoonBuild
32 | description: This is the CRD used for managing LagoonBuilds
33 | - kind: LagoonTask
34 | version: v1beta2
35 | name: lagoontask
36 | displayName: LagoonTask
37 | description: This is the CRD used for managing LagoonTasks
38 |
--------------------------------------------------------------------------------
/charts/lagoon-build-deploy/README.md:
--------------------------------------------------------------------------------
1 | # Lagoon Remote Controller
2 |
3 | This chart installs the [Lagoon Remote Controller](https://github.com/uselagoon/remote-controller).
4 |
5 | ## Configuration
6 |
7 | See the comments in `values.yaml`, and the [Lagoon Remote Controller](https://github.com/uselagoon/remote-controller) repository.
8 |
9 | ## Install
10 |
11 | For simple use of Lagoon, you shouldn't install this chart directly.
12 | Instead it is configured as a dependency of the [Lagoon Remote](https://github.com/uselagoon/lagoon-charts/tree/main/charts/lagoon-remote) chart.
13 |
14 | ## Custom Resource Definitions (CRDs)
15 |
16 | When additions or changes are made to the CRDs, you will need to install the changes before installing the newer chart version.
17 |
18 | ### lagoon-remote
19 |
20 | If you're installing `lagoon-remote` you can use the following to update or install the latest CRDs
21 |
22 | ```
23 | helm show crds lagoon/lagoon-build-deploy --version \
24 | $(curl -s "https://raw.githubusercontent.com/uselagoon/lagoon-charts/lagoon-remote-${LAGOON_REMOTE_CHART_VERSION}/charts/lagoon-remote/Chart.lock" \
25 | | grep -A2 "lagoon-build-deploy" \
26 | | grep "version" \
27 | | awk '{print $2}')
28 | ```
29 | ### lagoon-build-deploy
30 |
31 | If you're installing `lagoon-build-deploy` as its own component, then the following can be used
32 |
33 | ```
34 | helm show crds lagoon/lagoon-build-deploy --version ${LAGOON_BUILD_DEPLOY_CHART_VERSION}
35 | ```
36 |
37 | ## ServiceAccounts
38 |
39 | This chart installs a single service account with a `cluster-admin` `ClusterRoleBinding`.
40 |
--------------------------------------------------------------------------------
/charts/lagoon-build-deploy/ci/linter-values.yaml:
--------------------------------------------------------------------------------
1 | rabbitMQUsername: lagoon
2 | rabbitMQPassword: ci
3 | rabbitMQHostname: lagoon-core-broker.lagoon-core.svc:5671
4 | lagoonTargetName: ci-local-control-k8s
5 | sshPortalHost: lagoon-remote-ssh-portal.lagoon.svc
6 | sshPortalPort: 22
7 | lagoonTokenHost: lagoon-core-token.lagoon-core.svc
8 | lagoonTokenPort: 22
9 | lagoonAPIHost: http://lagoon-core-api.lagoon-core.svc:80
10 | extraArgs:
11 | - "--skip-tls-verify=true"
12 | broker:
13 | tls:
14 | enabled: true
15 | tlsCA:
16 | enabled: true
17 | secretName: lagoon-remote-broker-tls
18 |
--------------------------------------------------------------------------------
/charts/lagoon-build-deploy/templates/NOTES.txt:
--------------------------------------------------------------------------------
1 | Lagoon Remote configured with target name "{{ .Values.lagoonTargetName }}", and RabbitMQ host "{{ .Values.rabbitMQHostname }}".
2 |
3 | Please ensure you install the updated CRDs manually after installing this release:
4 |
5 | helm show crds lagoon/lagoon-build-deploy --version {{ .Chart.Version }} | kubectl apply -f -
--------------------------------------------------------------------------------
/charts/lagoon-build-deploy/templates/_helpers.tpl:
--------------------------------------------------------------------------------
1 | {{/*
2 | Expand the name of the chart.
3 | */}}
4 | {{- define "lagoon-build-deploy.name" -}}
5 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
6 | {{- end }}
7 |
8 | {{/*
9 | Create a default fully qualified app name.
10 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
11 | If release name contains chart name it will be used as a full name.
12 | */}}
13 | {{- define "lagoon-build-deploy.fullname" -}}
14 | {{- $name := default .Chart.Name .Values.nameOverride }}
15 | {{- if contains $name .Release.Name }}
16 | {{- .Release.Name | trunc 63 | trimSuffix "-" }}
17 | {{- else }}
18 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
19 | {{- end }}
20 | {{- end }}
21 |
22 | {{/*
23 | Create chart name and version as used by the chart label.
24 | */}}
25 | {{- define "lagoon-build-deploy.chart" -}}
26 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
27 | {{- end }}
28 |
29 | {{/*
30 | Common labels
31 | */}}
32 | {{- define "lagoon-build-deploy.labels" -}}
33 | helm.sh/chart: {{ include "lagoon-build-deploy.chart" . }}
34 | {{ include "lagoon-build-deploy.selectorLabels" . }}
35 | {{- if .Chart.AppVersion }}
36 | app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
37 | {{- end }}
38 | app.kubernetes.io/managed-by: {{ .Release.Service }}
39 | {{- end }}
40 |
41 | {{/*
42 | Selector labels
43 | */}}
44 | {{- define "lagoon-build-deploy.selectorLabels" -}}
45 | app.kubernetes.io/name: {{ include "lagoon-build-deploy.name" . }}
46 | app.kubernetes.io/instance: {{ .Release.Name }}
47 | {{- end }}
48 |
49 | {{/*
50 | Create the name of the service account to use
51 | */}}
52 | {{- define "lagoon-build-deploy.serviceAccountName" -}}
53 | {{- default (include "lagoon-build-deploy.fullname" .) .Values.serviceAccount.name }}
54 | {{- end }}
55 |
--------------------------------------------------------------------------------
/charts/lagoon-build-deploy/templates/clusterrolebinding.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: rbac.authorization.k8s.io/v1
2 | kind: ClusterRoleBinding
3 | metadata:
4 | name: {{ include "lagoon-build-deploy.fullname" . }}
5 | labels:
6 | {{- include "lagoon-build-deploy.labels" . | nindent 4 }}
7 | subjects:
8 | - kind: ServiceAccount
9 | name: {{ include "lagoon-build-deploy.serviceAccountName" . }}
10 | namespace: {{ .Release.Namespace | quote }}
11 | roleRef:
12 | kind: ClusterRole
13 | name: cluster-admin
14 | apiGroup: rbac.authorization.k8s.io
15 | ---
16 | kind: ClusterRole
17 | apiVersion: rbac.authorization.k8s.io/v1
18 | metadata:
19 | name: {{ include "lagoon-build-deploy.fullname" . }}-builds
20 | labels:
21 | {{- include "lagoon-build-deploy.labels" . | nindent 4 }}
22 | # Add these permissions to the "admin" and "edit" default roles.
23 | rbac.authorization.k8s.io/aggregate-to-admin: "true"
24 | rbac.authorization.k8s.io/aggregate-to-edit: "true"
25 | rules:
26 | - apiGroups: ["crd.lagoon.sh"]
27 | resources: ["lagoonbuilds"]
28 | verbs: ["*"]
29 | ---
30 | kind: ClusterRole
31 | apiVersion: rbac.authorization.k8s.io/v1
32 | metadata:
33 | name: {{ include "lagoon-build-deploy.fullname" . }}-tasks
34 | labels:
35 | {{- include "lagoon-build-deploy.labels" . | nindent 4 }}
36 | # Add these permissions to the "admin" and "edit" default roles.
37 | rbac.authorization.k8s.io/aggregate-to-admin: "true"
38 | rbac.authorization.k8s.io/aggregate-to-edit: "true"
39 | rules:
40 | - apiGroups: ["crd.lagoon.sh"]
41 | resources: ["lagoontasks"]
42 | verbs: ["*"]
43 |
--------------------------------------------------------------------------------
/charts/lagoon-build-deploy/templates/secret.yaml:
--------------------------------------------------------------------------------
1 | {{- $rabbitMQUsername := coalesce (.Values.global).rabbitMQUsername .Values.rabbitMQUsername }}
2 | {{- $rabbitMQPassword := coalesce (.Values.global).rabbitMQPassword .Values.rabbitMQPassword }}
3 |
4 | apiVersion: v1
5 | kind: Secret
6 | type: Opaque
7 | metadata:
8 | name: {{ include "lagoon-build-deploy.fullname" . }}
9 | labels:
10 | {{- include "lagoon-build-deploy.labels" . | nindent 4 }}
11 | stringData:
12 | RABBITMQ_PASSWORD: {{ required "A valid rabbitMQPassword required!" $rabbitMQPassword | quote }}
13 | RABBITMQ_USERNAME: {{ required "A valid rabbitMQUsername required!" $rabbitMQUsername | quote }}
14 | {{- if .Values.harbor.enabled }}
15 | HARBOR_PASSWORD: {{ .Values.harbor.adminPassword | quote }}
16 | HARBOR_USERNAME: {{ .Values.harbor.adminUser | quote }}
17 | {{- end }}
18 | {{- if .Values.broker.tlsCA.secretData }}
19 | ---
20 | apiVersion: v1
21 | kind: Secret
22 | type: Opaque
23 | metadata:
24 | name: {{ .Values.broker.tlsCA.secretName }}
25 | labels:
26 | {{- include "lagoon-build-deploy.labels" . | nindent 4 }}
27 | stringData:
28 | {{- with .Values.broker.tlsCA.secretData }}
29 | {{- . | toYaml | nindent 2 }}
30 | {{- end }}
31 | {{- end }}
32 |
--------------------------------------------------------------------------------
/charts/lagoon-build-deploy/templates/service.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Service
3 | metadata:
4 | name: {{ include "lagoon-build-deploy.fullname" . }}
5 | labels:
6 | {{- include "lagoon-build-deploy.labels" . | nindent 4 }}
7 | spec:
8 | type: {{ .Values.service.type }}
9 | ports:
10 | - port: {{ .Values.service.port }}
11 | targetPort: https
12 | protocol: TCP
13 | name: https
14 | selector:
15 | {{- include "lagoon-build-deploy.selectorLabels" . | nindent 4 }}
16 |
--------------------------------------------------------------------------------
/charts/lagoon-build-deploy/templates/serviceaccount.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: ServiceAccount
3 | metadata:
4 | name: {{ include "lagoon-build-deploy.serviceAccountName" . }}
5 | labels:
6 | {{- include "lagoon-build-deploy.labels" . | nindent 4 }}
7 | {{- with .Values.serviceAccount.annotations }}
8 | annotations:
9 | {{- toYaml . | nindent 4 }}
10 | {{- end }}
11 |
--------------------------------------------------------------------------------
/charts/lagoon-build-deploy/templates/servicemonitor.yaml:
--------------------------------------------------------------------------------
1 | {{- if .Values.enableServiceMonitor }}
2 | kind: ServiceMonitor
3 | apiVersion: monitoring.coreos.com/v1
4 | metadata:
5 | name: {{ include "lagoon-build-deploy.fullname" . }}
6 | labels:
7 | {{- include "lagoon-build-deploy.labels" . | nindent 4 }}
8 | spec:
9 | endpoints:
10 | - interval: {{ .Values.metrics.interval }}
11 | path: /metrics
12 | port: https
13 | scheme: https
14 | bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
15 | tlsConfig:
16 | insecureSkipVerify: true
17 | namespaceSelector:
18 | matchNames:
19 | - lagoon
20 | selector:
21 | matchLabels:
22 | {{- include "lagoon-build-deploy.selectorLabels" . | nindent 6 }}
23 | {{- end }}
--------------------------------------------------------------------------------
/charts/lagoon-core/.gitignore:
--------------------------------------------------------------------------------
1 | /charts
2 |
--------------------------------------------------------------------------------
/charts/lagoon-core/.helmignore:
--------------------------------------------------------------------------------
1 | # Patterns to ignore when building packages.
2 | # This supports shell glob matching, relative path matching, and
3 | # negation (prefixed with !). Only one pattern per line.
4 | .DS_Store
5 | # Common VCS dirs
6 | .git/
7 | .gitignore
8 | .bzr/
9 | .bzrignore
10 | .hg/
11 | .hgignore
12 | .svn/
13 | # Common backup files
14 | *.swp
15 | *.bak
16 | *.tmp
17 | *.orig
18 | *~
19 | # Various IDEs
20 | .project
21 | .idea/
22 | *.tmproj
23 | .vscode/
24 |
--------------------------------------------------------------------------------
/charts/lagoon-core/Chart.lock:
--------------------------------------------------------------------------------
1 | dependencies:
2 | - name: nats
3 | repository: https://nats-io.github.io/k8s/helm/charts/
4 | version: 1.2.11
5 | digest: sha256:c286a5f62fc246b48600ca95fa3738962d74bcb8b40c0d09de1c54edb1fe7435
6 | generated: "2025-03-14T06:51:20.211279+11:00"
7 |
--------------------------------------------------------------------------------
/charts/lagoon-core/Chart.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v2
2 | name: lagoon-core
3 | description: >
4 | A Helm chart for Kubernetes which deploys Lagoon's core components.
5 | home: https://github.com/uselagoon/lagoon-charts
6 | icon: https://raw.githubusercontent.com/uselagoon/lagoon-charts/main/icon.png
7 | maintainers:
8 | - name: smlx
9 | email: scott.leggett@amazee.io
10 | url: https://amazee.io
11 | - name: shreddedbacon
12 | email: ben.jackson@amazee.io
13 | url: https://amazee.io
14 | kubeVersion: ">= 1.25.0-0"
15 |
16 | # Application charts are a collection of templates that can be packaged into
17 | # versioned archives to be deployed.
18 | type: application
19 |
20 | # This is the chart version. This version number should be incremented each
21 | # time you make changes to the chart and its templates, including the app
22 | # version.
23 | # Versions are expected to follow Semantic Versioning (https://semver.org/)
24 | version: 1.53.0
25 |
26 | # This is the version number of the application being deployed. This version
27 | # number should be incremented each time you make changes to the application.
28 | # Versions are not expected to follow Semantic Versioning. They should reflect
29 | # the version the application is using.
30 | appVersion: v2.25.0
31 |
32 | dependencies:
33 | - name: nats
34 | version: ~1.2.0
35 | repository: https://nats-io.github.io/k8s/helm/charts/
36 | condition: nats.enabled
37 |
38 | # This section is used to collect a changelog for artifacthub.io
39 | # It should be started afresh for each release
40 | # Valid supported kinds are added, changed, deprecated, removed, fixed and security
41 | annotations:
42 | artifacthub.io/changes: |
43 | - kind: changed
44 | description: update lagoon appVersion to 2.25.0
45 | - kind: changed
46 | description: Lagoon Workflows subsystem removed
47 | - kind: changed
48 | description: tls support for rabbitmq
49 | - kind: changed
50 | description: update uselagoon/insights-handler to v0.0.7
51 | - kind: changed
52 | description: update aquasec/trivy to v0.62.1
53 |
--------------------------------------------------------------------------------
/charts/lagoon-core/broker-tls/README.md:
--------------------------------------------------------------------------------
1 | # Broker TLS
2 |
3 | This directory contains example configuration for generating certificates for broker connections.
4 |
--------------------------------------------------------------------------------
/charts/lagoon-core/broker-tls/ca-config.json:
--------------------------------------------------------------------------------
1 | {
2 | "signing": {
3 | "default": {
4 | "expiry": "87600h"
5 | },
6 | "profiles": {
7 | "server": {
8 | "expiry": "87600h",
9 | "usages": [
10 | "signing",
11 | "key encipherment",
12 | "server auth"
13 | ]
14 | },
15 | "client": {
16 | "expiry": "87600h",
17 | "usages": [
18 | "signing",
19 | "key encipherment",
20 | "client auth"
21 | ]
22 | }
23 | }
24 | }
25 | }
26 |
--------------------------------------------------------------------------------
/charts/lagoon-core/broker-tls/ca-csr.json:
--------------------------------------------------------------------------------
1 | {
2 | "CN": "broker-ca.example.com",
3 | "hosts": [
4 | "broker-ca.example.com"
5 | ],
6 | "key": {
7 | "algo": "ecdsa",
8 | "size": 256
9 | },
10 | "ca": {
11 | "expiry": "87600h"
12 | }
13 | }
14 |
--------------------------------------------------------------------------------
/charts/lagoon-core/broker-tls/server.json:
--------------------------------------------------------------------------------
1 | {
2 | "hosts": [
3 | "lagoon-core-broker",
4 | "lagoon-core-broker.lagoon-core.svc"
5 | ],
6 | "CN": "lagoon-core-broker",
7 | "key": {
8 | "algo": "ecdsa",
9 | "size": 256
10 | }
11 | }
12 |
--------------------------------------------------------------------------------
/charts/lagoon-core/ci/testlagoon-main-override.yaml:
--------------------------------------------------------------------------------
1 | imageTag: "main"
2 |
3 | api:
4 | image:
5 | repository: testlagoon/api
6 |
7 | apiDB:
8 | image:
9 | repository: testlagoon/api-db
10 |
11 | apiRedis:
12 | image:
13 | repository: testlagoon/api-redis
14 |
15 | apiSidecarHandler:
16 | image:
17 | repository: testlagoon/api-sidecar-handler
18 |
19 | actionsHandler:
20 | image:
21 | repository: testlagoon/actions-handler
22 |
23 | keycloak:
24 | image:
25 | repository: testlagoon/keycloak
26 |
27 | keycloakDB:
28 | image:
29 | repository: testlagoon/keycloak-db
30 |
31 | broker:
32 | image:
33 | repository: testlagoon/broker
34 |
35 | authServer:
36 | image:
37 | repository: testlagoon/auth-server
38 |
39 | webhooks2tasks:
40 | image:
41 | repository: testlagoon/webhooks2tasks
42 |
43 | webhookHandler:
44 | image:
45 | repository: testlagoon/webhook-handler
46 |
47 | backupHandler:
48 | image:
49 | repository: testlagoon/backup-handler
50 |
51 | logs2notifications:
52 | image:
53 | repository: testlagoon/logs2notifications
54 |
55 | ssh:
56 | image:
57 | repository: testlagoon/ssh
58 |
59 | controllerhandler:
60 | image:
61 | repository: testlagoon/controllerhandler
62 |
--------------------------------------------------------------------------------
/charts/lagoon-core/nats-tls/README.md:
--------------------------------------------------------------------------------
1 | # NATS TLS
2 |
3 | This directory contains example configuration for generating certificates for NATS leafnode connections.
4 | These are used to generate the `ci/nats/*.pem` certificates.
5 |
6 | See the `lagoon-core` chart README for instructions on generating your own certificates.
7 |
--------------------------------------------------------------------------------
/charts/lagoon-core/nats-tls/ca-config.json:
--------------------------------------------------------------------------------
1 | {
2 | "signing": {
3 | "default": {
4 | "expiry": "87600h"
5 | },
6 | "profiles": {
7 | "server": {
8 | "expiry": "87600h",
9 | "usages": [
10 | "signing",
11 | "key encipherment",
12 | "server auth"
13 | ]
14 | },
15 | "client": {
16 | "expiry": "87600h",
17 | "usages": [
18 | "signing",
19 | "key encipherment",
20 | "client auth"
21 | ]
22 | }
23 | }
24 | }
25 | }
26 |
--------------------------------------------------------------------------------
/charts/lagoon-core/nats-tls/ca-csr.json:
--------------------------------------------------------------------------------
1 | {
2 | "CN": "nats-ca.example.com",
3 | "hosts": [
4 | "nats-ca.example.com"
5 | ],
6 | "key": {
7 | "algo": "ecdsa",
8 | "size": 256
9 | },
10 | "ca": {
11 | "expiry": "87600h"
12 | }
13 | }
14 |
--------------------------------------------------------------------------------
/charts/lagoon-core/nats-tls/client.json:
--------------------------------------------------------------------------------
1 | {
2 | "hosts": [
3 | "ci-ssh-portal"
4 | ],
5 | "CN": "ci-ssh-portal",
6 | "key": {
7 | "algo": "ecdsa",
8 | "size": 256
9 | }
10 | }
11 |
--------------------------------------------------------------------------------
/charts/lagoon-core/nats-tls/server.json:
--------------------------------------------------------------------------------
1 | {
2 | "hosts": [
3 | "lagoon-core-nats-concentrator",
4 | "lagoon-core-nats-concentrator.lagoon-core.svc"
5 | ],
6 | "CN": "lagoon-core-nats-concentrator",
7 | "key": {
8 | "algo": "ecdsa",
9 | "size": 256
10 | }
11 | }
12 |
--------------------------------------------------------------------------------
/charts/lagoon-core/templates/actions-handler.hpa.yaml:
--------------------------------------------------------------------------------
1 | {{- if and .Values.actionsHandler.enabled .Values.actionsHandler.autoscaling.enabled -}}
2 | apiVersion: autoscaling/v2
3 | kind: HorizontalPodAutoscaler
4 | metadata:
5 | name: {{ include "lagoon-core.actionsHandler.fullname" . }}
6 | labels:
7 | {{- include "lagoon-core.actionsHandler.labels" . | nindent 4 }}
8 | spec:
9 | scaleTargetRef:
10 | apiVersion: apps/v1
11 | kind: Deployment
12 | name: {{ include "lagoon-core.actionsHandler.fullname" . }}
13 | minReplicas: {{ .Values.actionsHandler.autoscaling.minReplicas }}
14 | maxReplicas: {{ .Values.actionsHandler.autoscaling.maxReplicas }}
15 | metrics:
16 | {{- if .Values.actionsHandler.autoscaling.targetCPUUtilizationPercentage }}
17 | - type: Resource
18 | resource:
19 | name: cpu
20 | target:
21 | averageUtilization: {{ .Values.actionsHandler.autoscaling.targetCPUUtilizationPercentage }}
22 | type: Utilization
23 | {{- end }}
24 | {{- if .Values.actionsHandler.autoscaling.targetMemoryUtilizationPercentage }}
25 | - type: Resource
26 | resource:
27 | name: memory
28 | target:
29 | averageUtilization: {{ .Values.actionsHandler.autoscaling.targetMemoryUtilizationPercentage }}
30 | type: Utilization
31 | {{- end }}
32 | {{- end }}
33 |
--------------------------------------------------------------------------------
/charts/lagoon-core/templates/api-db.secret.yaml:
--------------------------------------------------------------------------------
1 | {{/*
2 | This somewhat complex logic is intended to:
3 | * generate a random secret value automatically on chart install
4 | * not overwrite the randomly generated value on upgrade
5 | * allow overriding if the value is explicitly defined
6 | */}}
7 | {{- $data := index (lookup "v1" "Secret" .Release.Namespace (include "lagoon-core.apiDB.fullname" .)) "data" | default dict }}
8 | {{- $apiDBPassword := coalesce .Values.apiDBPassword (ternary (randAlpha 32) (index $data "API_DB_PASSWORD" | default "" | b64dec) (index $data "API_DB_PASSWORD" | empty)) }}
9 | apiVersion: v1
10 | kind: Secret
11 | type: Opaque
12 | metadata:
13 | name: {{ include "lagoon-core.apiDB.fullname" . }}
14 | labels:
15 | {{- include "lagoon-core.apiDB.labels" . | nindent 4 }}
16 | stringData:
17 | API_DB_PASSWORD: {{ $apiDBPassword | quote }}
18 |
--------------------------------------------------------------------------------
/charts/lagoon-core/templates/api-db.service.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Service
3 | metadata:
4 | name: {{ include "lagoon-core.apiDB.fullname" . }}-headless
5 | labels:
6 | {{- include "lagoon-core.apiDB.labels" . | nindent 4 }}
7 | spec:
8 | type: {{ .Values.apiDB.service.type }}
9 | ports:
10 | - port: {{ .Values.apiDB.service.port }}
11 | targetPort: mariadb
12 | name: mariadb
13 | clusterIP: None
14 | selector:
15 | {{- include "lagoon-core.apiDB.selectorLabels" . | nindent 4 }}
16 | ---
17 | apiVersion: v1
18 | kind: Service
19 | metadata:
20 | name: {{ include "lagoon-core.apiDB.fullname" . }}
21 | labels:
22 | {{- include "lagoon-core.apiDB.labels" . | nindent 4 }}
23 | spec:
24 | type: {{ .Values.apiDB.service.type }}
25 | ports:
26 | - port: {{ .Values.apiDB.service.port }}
27 | targetPort: mariadb
28 | name: mariadb
29 | selector:
30 | {{- include "lagoon-core.apiDB.selectorLabels" . | nindent 4 }}
31 |
--------------------------------------------------------------------------------
/charts/lagoon-core/templates/api-redis.pvc.yaml:
--------------------------------------------------------------------------------
1 | {{- if .Values.apiRedis.persistence.enabled -}}
2 | apiVersion: v1
3 | kind: PersistentVolumeClaim
4 | metadata:
5 | name: {{ include "lagoon-core.apiRedis.fullname" . }}-data
6 | labels:
7 | {{- include "lagoon-core.apiRedis.labels" . | nindent 4 }}
8 | spec:
9 | accessModes:
10 | - ReadWriteOnce
11 | resources:
12 | requests:
13 | storage: {{ .Values.apiRedis.persistence.size | quote }}
14 | {{- with .Values.apiRedis.persistence.storageClass }}
15 | storageClassName: {{ . | quote }}
16 | {{- end }}
17 | {{- end }}
18 |
--------------------------------------------------------------------------------
/charts/lagoon-core/templates/api-redis.service.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Service
3 | metadata:
4 | name: {{ include "lagoon-core.apiRedis.fullname" . }}
5 | labels:
6 | {{- include "lagoon-core.apiRedis.labels" . | nindent 4 }}
7 | spec:
8 | type: {{ .Values.apiRedis.service.type }}
9 | ports:
10 | - port: {{ .Values.apiRedis.service.port }}
11 | targetPort: redis
12 | name: redis
13 | selector:
14 | {{- include "lagoon-core.apiRedis.selectorLabels" . | nindent 4 }}
15 |
--------------------------------------------------------------------------------
/charts/lagoon-core/templates/api.hpa.yaml:
--------------------------------------------------------------------------------
1 | {{- if .Values.api.autoscaling.enabled -}}
2 | apiVersion: autoscaling/v2
3 | kind: HorizontalPodAutoscaler
4 | metadata:
5 | name: {{ include "lagoon-core.api.fullname" . }}
6 | labels:
7 | {{- include "lagoon-core.api.labels" . | nindent 4 }}
8 | spec:
9 | scaleTargetRef:
10 | apiVersion: apps/v1
11 | kind: Deployment
12 | name: {{ include "lagoon-core.api.fullname" . }}
13 | minReplicas: {{ .Values.api.autoscaling.minReplicas }}
14 | maxReplicas: {{ .Values.api.autoscaling.maxReplicas }}
15 | metrics:
16 | {{- if .Values.api.autoscaling.targetCPUUtilizationPercentage }}
17 | - type: Resource
18 | resource:
19 | name: cpu
20 | target:
21 | averageUtilization: {{ .Values.api.autoscaling.targetCPUUtilizationPercentage }}
22 | type: Utilization
23 | {{- end }}
24 | {{- if .Values.api.autoscaling.targetMemoryUtilizationPercentage }}
25 | - type: Resource
26 | resource:
27 | name: memory
28 | target:
29 | averageUtilization: {{ .Values.api.autoscaling.targetMemoryUtilizationPercentage }}
30 | type: Utilization
31 | {{- end }}
32 | {{- end }}
33 |
--------------------------------------------------------------------------------
/charts/lagoon-core/templates/api.ingress.yaml:
--------------------------------------------------------------------------------
1 | {{- if .Values.api.ingress.enabled -}}
2 | {{- $fullName := include "lagoon-core.api.fullname" . -}}
3 | {{- $svcPort := .Values.api.service.port -}}
4 | apiVersion: networking.k8s.io/v1
5 | kind: Ingress
6 | metadata:
7 | name: {{ $fullName }}
8 | labels:
9 | {{- include "lagoon-core.api.labels" . | nindent 4 }}
10 | annotations:
11 | {{- with coalesce .Values.api.ingress.ingressClassName .Values.defaultIngressClassName }}
12 | acme.cert-manager.io/http01-ingress-class: {{ . }}
13 | {{- end }}
14 | {{- with .Values.api.ingress.annotations }}
15 | {{- toYaml . | nindent 4 }}
16 | {{- end }}
17 | spec:
18 | {{- with coalesce .Values.api.ingress.ingressClassName .Values.defaultIngressClassName }}
19 | ingressClassName: {{ . }}
20 | {{- end }}
21 | {{- if .Values.api.ingress.tls }}
22 | tls:
23 | {{- range .Values.api.ingress.tls }}
24 | - hosts:
25 | {{- range .hosts }}
26 | - {{ . | quote }}
27 | {{- end }}
28 | secretName: {{ .secretName }}
29 | {{- end }}
30 | {{- end }}
31 | rules:
32 | {{- range .Values.api.ingress.hosts }}
33 | - host: {{ .host | quote }}
34 | http:
35 | paths:
36 | {{- range .paths }}
37 | - path: {{ . }}
38 | pathType: Prefix
39 | backend:
40 | service:
41 | name: {{ $fullName }}
42 | port:
43 | number: {{ $svcPort }}
44 | {{- end }}
45 | {{- end }}
46 | {{- end }}
47 |
--------------------------------------------------------------------------------
/charts/lagoon-core/templates/api.migratedb.job.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: batch/v1
2 | kind: Job
3 | metadata:
4 | name: {{ include "lagoon-core.apiMigrateDB.fullname" . }}
5 | labels:
6 | {{- include "lagoon-core.api.labels" . | nindent 4 }}
7 | annotations:
8 | "helm.sh/hook": post-install, pre-upgrade
9 | "helm.sh/hook-weight": "-5"
10 | spec:
11 | backoffLimit: 2
12 | template:
13 | metadata:
14 | labels:
15 | {{- include "lagoon-core.api.selectorLabels" . | nindent 8 }}
16 | spec:
17 | restartPolicy: Never
18 | securityContext:
19 | {{- toYaml .Values.api.securityContext | nindent 8 }}
20 | terminationGracePeriodSeconds: 120
21 | containers:
22 | - name: api-migratedb
23 | args:
24 | - ./node_modules/.bin/knex migrate:list --cwd /app/services/api/database;
25 | ./node_modules/.bin/knex migrate:latest --cwd /app/services/api/database
26 | image: {{ .Values.api.image.repository }}:{{ coalesce .Values.api.image.tag .Values.imageTag .Chart.AppVersion }}
27 | imagePullPolicy: {{ .Values.api.image.pullPolicy }}
28 | command:
29 | - /bin/sh
30 | - -c
31 | securityContext:
32 | {{- toYaml .Values.api.securityContext | nindent 10 }}
33 | env:
34 | - name: API_DB_HOST
35 | value: {{ include "lagoon-core.apiDB.fullname" . }}
36 | - name: API_DB_PASSWORD
37 | valueFrom:
38 | secretKeyRef:
39 | name: {{ include "lagoon-core.apiDB.fullname" . }}
40 | key: API_DB_PASSWORD
41 | - name: LAGOON_VERSION
42 | value: {{ .Chart.AppVersion | replace "-" "." }}
43 | {{- range $key, $val := .Values.api.additionalEnvs }}
44 | - name: {{ $key }}
45 | value: {{ $val | quote }}
46 | {{- end }}
47 | resources:
48 | {{- toYaml .Values.api.resources | nindent 10 }}
49 | {{- with .Values.api.nodeSelector }}
50 | nodeSelector:
51 | {{ toYaml . | nindent 8 }}
52 | {{- end }}
53 | {{- with .Values.api.tolerations }}
54 | tolerations:
55 | {{ toYaml . | nindent 8 }}
56 | {{- end }}
--------------------------------------------------------------------------------
/charts/lagoon-core/templates/api.secret.yaml:
--------------------------------------------------------------------------------
1 | {{/*
2 | This somewhat complex logic is intended to:
3 | * generate a random secret value automatically on chart install
4 | * not overwrite the randomly generated value on upgrade
5 | * allow overriding if the value is explicitly defined
6 | */}}
7 | {{- $data := index (lookup "v1" "Secret" .Release.Namespace (include "lagoon-core.api.fullname" .)) "data" | default dict }}
8 | {{- $logsDBAdminPassword := coalesce .Values.logsDBAdminPassword (ternary (randAlpha 32) (index $data "LOGSDB_ADMIN_PASSWORD" | default "" | b64dec) (index $data "LOGSDB_ADMIN_PASSWORD" | empty)) }}
9 | {{- $redisPassword := coalesce .Values.redisPassword (ternary (randAlpha 32) (index $data "REDIS_PASSWORD" | default "" | b64dec) (index $data "REDIS_PASSWORD" | empty)) }}
10 | apiVersion: v1
11 | kind: Secret
12 | type: Opaque
13 | metadata:
14 | name: {{ include "lagoon-core.api.fullname" . }}
15 | labels:
16 | {{- include "lagoon-core.api.labels" . | nindent 4 }}
17 | stringData:
18 | REDIS_PASSWORD: {{ $redisPassword | quote }}
19 | LOGSDB_ADMIN_PASSWORD: {{ $logsDBAdminPassword | quote }}
20 | HARBOR_ADMIN_PASSWORD: {{ required "A valid .Values.harborAdminPassword required!" .Values.harborAdminPassword | quote }}
21 | S3_FILES_ACCESS_KEY_ID: {{ required "A valid .Values.s3FilesAccessKeyID required!" .Values.s3FilesAccessKeyID | quote }}
22 | S3_FILES_SECRET_ACCESS_KEY: {{ required "A valid .Values.s3FilesSecretAccessKey required!" .Values.s3FilesSecretAccessKey | quote }}
23 | S3_BAAS_ACCESS_KEY_ID: {{ required "A valid .Values.s3BAASAccessKeyID required!" .Values.s3BAASAccessKeyID | quote }}
24 | S3_BAAS_SECRET_ACCESS_KEY: {{ required "A valid .Values.s3BAASSecretAccessKey required!" .Values.s3BAASSecretAccessKey | quote }}
25 | {{- with .Values.gitlabAPIToken }}
26 | GITLAB_API_TOKEN: {{ . | quote }}
27 | {{- end }}
28 |
--------------------------------------------------------------------------------
/charts/lagoon-core/templates/api.service.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Service
3 | metadata:
4 | name: {{ include "lagoon-core.api.fullname" . }}
5 | labels:
6 | {{- include "lagoon-core.api.labels" . | nindent 4 }}
7 | spec:
8 | type: {{ .Values.api.service.type }}
9 | ports:
10 | - port: {{ .Values.api.service.port }}
11 | targetPort: http-3000
12 | name: http-3000
13 | selector:
14 | {{- include "lagoon-core.api.selectorLabels" . | nindent 4 }}
15 |
--------------------------------------------------------------------------------
/charts/lagoon-core/templates/auth-server.hpa.yaml:
--------------------------------------------------------------------------------
1 | {{- if and .Values.ssh.enabled .Values.authServer.autoscaling.enabled -}}
2 | apiVersion: autoscaling/v2
3 | kind: HorizontalPodAutoscaler
4 | metadata:
5 | name: {{ include "lagoon-core.authServer.fullname" . }}
6 | labels:
7 | {{- include "lagoon-core.authServer.labels" . | nindent 4 }}
8 | spec:
9 | scaleTargetRef:
10 | apiVersion: apps/v1
11 | kind: Deployment
12 | name: {{ include "lagoon-core.authServer.fullname" . }}
13 | minReplicas: {{ .Values.authServer.autoscaling.minReplicas }}
14 | maxReplicas: {{ .Values.authServer.autoscaling.maxReplicas }}
15 | metrics:
16 | {{- if .Values.authServer.autoscaling.targetCPUUtilizationPercentage }}
17 | - type: Resource
18 | resource:
19 | name: cpu
20 | target:
21 | averageUtilization: {{ .Values.authServer.autoscaling.targetCPUUtilizationPercentage }}
22 | type: Utilization
23 | {{- end }}
24 | {{- if .Values.authServer.autoscaling.targetMemoryUtilizationPercentage }}
25 | - type: Resource
26 | resource:
27 | name: memory
28 | target:
29 | averageUtilization: {{ .Values.authServer.autoscaling.targetMemoryUtilizationPercentage }}
30 | type: Utilization
31 | {{- end }}
32 | {{- end }}
33 |
--------------------------------------------------------------------------------
/charts/lagoon-core/templates/auth-server.service.yaml:
--------------------------------------------------------------------------------
1 | {{- if .Values.ssh.enabled -}}
2 | apiVersion: v1
3 | kind: Service
4 | metadata:
5 | name: {{ include "lagoon-core.authServer.fullname" . }}
6 | labels:
7 | {{- include "lagoon-core.authServer.labels" . | nindent 4 }}
8 | {{- with .Values.authServer.service.annotations }}
9 | annotations:
10 | {{- toYaml . | nindent 4 }}
11 | {{- end }}
12 | spec:
13 | type: {{ .Values.authServer.service.type }}
14 | ports:
15 | - port: {{ .Values.authServer.service.port }}
16 | targetPort: http-3000
17 | name: http
18 | selector:
19 | {{- include "lagoon-core.authServer.selectorLabels" . | nindent 4 }}
20 | {{- end }}
21 |
--------------------------------------------------------------------------------
/charts/lagoon-core/templates/backup-handler.hpa.yaml:
--------------------------------------------------------------------------------
1 | {{- if and .Values.backupHandler.enabled .Values.backupHandler.autoscaling.enabled -}}
2 | apiVersion: autoscaling/v2
3 | kind: HorizontalPodAutoscaler
4 | metadata:
5 | name: {{ include "lagoon-core.backupHandler.fullname" . }}
6 | labels:
7 | {{- include "lagoon-core.backupHandler.labels" . | nindent 4 }}
8 | spec:
9 | scaleTargetRef:
10 | apiVersion: apps/v1
11 | kind: Deployment
12 | name: {{ include "lagoon-core.backupHandler.fullname" . }}
13 | minReplicas: {{ .Values.backupHandler.autoscaling.minReplicas }}
14 | maxReplicas: {{ .Values.backupHandler.autoscaling.maxReplicas }}
15 | metrics:
16 | {{- if .Values.backupHandler.autoscaling.targetCPUUtilizationPercentage }}
17 | - type: Resource
18 | resource:
19 | name: cpu
20 | target:
21 | averageUtilization: {{ .Values.backupHandler.autoscaling.targetCPUUtilizationPercentage }}
22 | type: Utilization
23 | {{- end }}
24 | {{- if .Values.backupHandler.autoscaling.targetMemoryUtilizationPercentage }}
25 | - type: Resource
26 | resource:
27 | name: memory
28 | target:
29 | averageUtilization: {{ .Values.backupHandler.autoscaling.targetMemoryUtilizationPercentage }}
30 | type: Utilization
31 | {{- end }}
32 | {{- end }}
33 |
--------------------------------------------------------------------------------
/charts/lagoon-core/templates/backup-handler.ingress.yaml:
--------------------------------------------------------------------------------
1 | {{- if and .Values.backupHandler.enabled .Values.backupHandler.ingress.enabled -}}
2 | {{- $fullName := include "lagoon-core.backupHandler.fullname" . -}}
3 | {{- $svcPort := .Values.backupHandler.service.port -}}
4 | apiVersion: networking.k8s.io/v1
5 | kind: Ingress
6 | metadata:
7 | name: {{ $fullName }}
8 | labels:
9 | {{- include "lagoon-core.backupHandler.labels" . | nindent 4 }}
10 | annotations:
11 | {{- with coalesce .Values.backupHandler.ingress.ingressClassName .Values.defaultIngressClassName }}
12 | acme.cert-manager.io/http01-ingress-class: {{ . }}
13 | {{- end }}
14 | {{- with .Values.backupHandler.ingress.annotations }}
15 | {{- toYaml . | nindent 4 }}
16 | {{- end }}
17 | spec:
18 | {{- with coalesce .Values.backupHandler.ingress.ingressClassName .Values.defaultIngressClassName }}
19 | ingressClassName: {{ . }}
20 | {{- end }}
21 | {{- if .Values.backupHandler.ingress.tls }}
22 | tls:
23 | {{- range .Values.backupHandler.ingress.tls }}
24 | - hosts:
25 | {{- range .hosts }}
26 | - {{ . | quote }}
27 | {{- end }}
28 | secretName: {{ .secretName }}
29 | {{- end }}
30 | {{- end }}
31 | rules:
32 | {{- range .Values.backupHandler.ingress.hosts }}
33 | - host: {{ .host | quote }}
34 | http:
35 | paths:
36 | {{- range .paths }}
37 | - path: {{ . }}
38 | pathType: Prefix
39 | backend:
40 | service:
41 | name: {{ $fullName }}
42 | port:
43 | number: {{ $svcPort }}
44 | {{- end }}
45 | {{- end }}
46 | {{- end }}
47 |
--------------------------------------------------------------------------------
/charts/lagoon-core/templates/backup-handler.service.yaml:
--------------------------------------------------------------------------------
1 | {{- if .Values.backupHandler.enabled -}}
2 | apiVersion: v1
3 | kind: Service
4 | metadata:
5 | name: {{ include "lagoon-core.backupHandler.fullname" . }}
6 | labels:
7 | {{- include "lagoon-core.backupHandler.labels" . | nindent 4 }}
8 | spec:
9 | type: {{ .Values.backupHandler.service.type }}
10 | ports:
11 | - port: {{ .Values.backupHandler.service.port }}
12 | targetPort: http-3000
13 | name: http-3000
14 | selector:
15 | {{- include "lagoon-core.backupHandler.selectorLabels" . | nindent 4 }}
16 | {{- end }}
17 |
--------------------------------------------------------------------------------
/charts/lagoon-core/templates/broker.flag-enable.job.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: batch/v1
2 | kind: Job
3 | metadata:
4 | name: {{ include "lagoon-core.brokerFlagEnable.fullname" . }}
5 | labels:
6 | {{- include "lagoon-core.broker.labels" . | nindent 4 }}
7 | annotations:
8 | "helm.sh/hook": pre-upgrade
9 | "helm.sh/hook-weight": "-5"
10 | spec:
11 | backoffLimit: 2
12 | template:
13 | metadata:
14 | labels:
15 | {{- include "lagoon-core.broker.selectorLabels" . | nindent 8 }}
16 | spec:
17 | restartPolicy: Never
18 | securityContext:
19 | {{- toYaml .Values.broker.securityContext | nindent 8 }}
20 | terminationGracePeriodSeconds: 120
21 | containers:
22 | - name: broker-flag-enable
23 | args:
24 | - /enable-feature-flags.sh
25 | image: "{{ .Values.broker.image.repository }}:{{ coalesce .Values.broker.image.tag .Values.imageTag .Chart.AppVersion }}"
26 | imagePullPolicy: {{ .Values.broker.image.pullPolicy }}
27 | command:
28 | - /bin/sh
29 | - -c
30 | securityContext:
31 | {{- toYaml .Values.broker.securityContext | nindent 10 }}
32 | env:
33 | - name: RABBITMQ_DEFAULT_PASS
34 | valueFrom:
35 | secretKeyRef:
36 | name: {{ include "lagoon-core.broker.fullname" . }}
37 | key: RABBITMQ_PASSWORD
38 | - name: RABBITMQ_DEFAULT_USER
39 | valueFrom:
40 | secretKeyRef:
41 | name: {{ include "lagoon-core.broker.fullname" . }}
42 | key: RABBITMQ_USERNAME
43 | - name: RABBITMQ_USE_LONGNAME
44 | value: "true"
45 | # these variables are used by the /cluster-rabbit.sh entrypoint
46 | - name: POD_NAMESPACE
47 | value: {{ .Release.Namespace | quote }}
48 | - name: SERVICE_NAME
49 | value: {{ include "lagoon-core.broker.fullname" . }}
50 | {{- range $key, $val := .Values.broker.additionalEnvs }}
51 | - name: {{ $key }}
52 | value: {{ $val | quote }}
53 | {{- end }}
54 | resources:
55 | {{- toYaml .Values.broker.resources | nindent 10 }}
56 | {{- with .Values.broker.nodeSelector }}
57 | nodeSelector:
58 | {{ toYaml . | nindent 8 }}
59 | {{- end }}
60 | {{- with .Values.broker.tolerations }}
61 | tolerations:
62 | {{ toYaml . | nindent 8 }}
63 | {{- end }}
64 |
--------------------------------------------------------------------------------
/charts/lagoon-core/templates/broker.hpa.yaml:
--------------------------------------------------------------------------------
1 | {{- if .Values.broker.autoscaling.enabled -}}
2 | apiVersion: autoscaling/v2
3 | kind: HorizontalPodAutoscaler
4 | metadata:
5 | name: {{ include "lagoon-core.broker.fullname" . }}
6 | labels:
7 | {{- include "lagoon-core.broker.labels" . | nindent 4 }}
8 | spec:
9 | scaleTargetRef:
10 | apiVersion: apps/v1
11 | kind: StatefulSet
12 | name: {{ include "lagoon-core.broker.fullname" . }}
13 | minReplicas: {{ .Values.broker.autoscaling.minReplicas }}
14 | maxReplicas: {{ .Values.broker.autoscaling.maxReplicas }}
15 | metrics:
16 | {{- if .Values.broker.autoscaling.targetCPUUtilizationPercentage }}
17 | - type: Resource
18 | resource:
19 | name: cpu
20 | target:
21 | averageUtilization: {{ .Values.broker.autoscaling.targetCPUUtilizationPercentage }}
22 | type: Utilization
23 | {{- end }}
24 | {{- if .Values.broker.autoscaling.targetMemoryUtilizationPercentage }}
25 | - type: Resource
26 | resource:
27 | name: memory
28 | target:
29 | averageUtilization: {{ .Values.broker.autoscaling.targetMemoryUtilizationPercentage }}
30 | type: Utilization
31 | {{- end }}
32 | {{- end }}
33 |
--------------------------------------------------------------------------------
/charts/lagoon-core/templates/broker.ingress.yaml:
--------------------------------------------------------------------------------
1 | {{- if .Values.broker.ingress.enabled -}}
2 | {{- $fullName := include "lagoon-core.broker.fullname" . -}}
3 | {{- $svcPort := .Values.broker.service.ports.http -}}
4 | apiVersion: networking.k8s.io/v1
5 | kind: Ingress
6 | metadata:
7 | name: {{ $fullName }}
8 | labels:
9 | {{- include "lagoon-core.broker.labels" . | nindent 4 }}
10 | annotations:
11 | {{- with coalesce .Values.broker.ingress.ingressClassName .Values.defaultIngressClassName }}
12 | acme.cert-manager.io/http01-ingress-class: {{ . }}
13 | {{- end }}
14 | {{- with .Values.broker.ingress.annotations }}
15 | {{- toYaml . | nindent 4 }}
16 | {{- end }}
17 | spec:
18 | {{- with coalesce .Values.broker.ingress.ingressClassName .Values.defaultIngressClassName }}
19 | ingressClassName: {{ . }}
20 | {{- end }}
21 | {{- if .Values.broker.ingress.tls }}
22 | tls:
23 | {{- range .Values.broker.ingress.tls }}
24 | - hosts:
25 | {{- range .hosts }}
26 | - {{ . | quote }}
27 | {{- end }}
28 | secretName: {{ .secretName }}
29 | {{- end }}
30 | {{- end }}
31 | rules:
32 | {{- range .Values.broker.ingress.hosts }}
33 | - host: {{ .host | quote }}
34 | http:
35 | paths:
36 | {{- range .paths }}
37 | - path: {{ . }}
38 | pathType: Prefix
39 | backend:
40 | service:
41 | name: {{ $fullName }}
42 | port:
43 | number: {{ $svcPort }}
44 | {{- end }}
45 | {{- end }}
46 | {{- end }}
47 |
--------------------------------------------------------------------------------
/charts/lagoon-core/templates/broker.role.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: rbac.authorization.k8s.io/v1
2 | kind: Role
3 | metadata:
4 | name: {{ include "lagoon-core.broker.fullname" . }}-endpoint-reader
5 | labels:
6 | {{- include "lagoon-core.broker.labels" . | nindent 4 }}
7 | rules:
8 | - apiGroups:
9 | - ""
10 | resources:
11 | - endpoints
12 | verbs:
13 | - get
14 |
--------------------------------------------------------------------------------
/charts/lagoon-core/templates/broker.rolebinding.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: rbac.authorization.k8s.io/v1
2 | kind: RoleBinding
3 | metadata:
4 | name: {{ include "lagoon-core.broker.fullname" . }}-endpoint-reader
5 | labels:
6 | {{- include "lagoon-core.broker.labels" . | nindent 4 }}
7 | subjects:
8 | - kind: ServiceAccount
9 | name: {{ include "lagoon-core.broker.serviceAccountName" . }}
10 | roleRef:
11 | apiGroup: rbac.authorization.k8s.io
12 | kind: Role
13 | name: {{ include "lagoon-core.broker.fullname" . }}-endpoint-reader
14 |
--------------------------------------------------------------------------------
/charts/lagoon-core/templates/broker.secret.yaml:
--------------------------------------------------------------------------------
1 | {{/*
2 | This somewhat complex logic is intended to:
3 | * generate a random secret value automatically on chart install
4 | * not overwrite the randomly generated value on upgrade
5 | * allow overriding if the value is explicitly defined
6 | */}}
7 | {{- $data := index (lookup "v1" "Secret" .Release.Namespace (include "lagoon-core.broker.fullname" .)) "data" | default dict }}
8 | {{- $rabbitMQPassword := coalesce .Values.rabbitMQPassword (ternary (randAlpha 32) (index $data "RABBITMQ_PASSWORD" | default "" | b64dec) (index $data "RABBITMQ_PASSWORD" | empty)) }}
9 | apiVersion: v1
10 | kind: Secret
11 | type: Opaque
12 | metadata:
13 | name: {{ include "lagoon-core.broker.fullname" . }}
14 | labels:
15 | {{- include "lagoon-core.broker.labels" . | nindent 4 }}
16 | stringData:
17 | RABBITMQ_PASSWORD: {{ $rabbitMQPassword | quote }}
18 | RABBITMQ_USERNAME: {{ required "A valid .Values.rabbitMQUsername required!" .Values.rabbitMQUsername | quote }}
19 | {{- if .Values.broker.tls.secretData }}
20 | ---
21 | apiVersion: v1
22 | kind: Secret
23 | type: Opaque
24 | metadata:
25 | name: {{ .Values.broker.tls.secretName }}
26 | labels:
27 | {{- include "lagoon-core.labels" . | nindent 4 }}
28 | stringData:
29 | {{- with .Values.broker.tls.secretData }}
30 | {{- . | toYaml | nindent 2 }}
31 | {{- end }}
32 | {{- end }}
33 | {{- if .Values.broker.tls.enabled }}
34 | ---
35 | apiVersion: v1
36 | kind: Secret
37 | type: Opaque
38 | metadata:
39 | name: {{ include "lagoon-core.broker.fullname" . }}-tls-conf
40 | labels:
41 | {{- include "lagoon-core.broker.labels" . | nindent 4 }}
42 | stringData:
43 | tls.conf: |
44 | ## tls-listener configuration
45 | listeners.ssl.default = {{ .Values.broker.service.ports.amqps }}
46 | ## tls certificate configurations
47 | ssl_options.cacertfile = /ca.crt
48 | ssl_options.certfile = /tls.crt
49 | ssl_options.keyfile = /tls.key
50 | ssl_options.verify = {{ .Values.broker.tls.verify }}
51 | ssl_options.fail_if_no_peer_cert = {{ .Values.broker.tls.failIfNoPeerCert }}
52 | {{- end}}
53 |
--------------------------------------------------------------------------------
/charts/lagoon-core/templates/broker.service.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Service
3 | metadata:
4 | name: {{ include "lagoon-core.broker.fullname" . }}-headless
5 | labels:
6 | {{- include "lagoon-core.broker.labels" . | nindent 4 }}
7 | spec:
8 | type: {{ .Values.broker.service.type }}
9 | ports:
10 | - port: {{ .Values.broker.service.ports.epmd }}
11 | targetPort: epmd
12 | name: epmd
13 | - port: {{ .Values.broker.service.ports.amqp }}
14 | targetPort: amqp
15 | name: amqp
16 | - port: {{ .Values.broker.service.ports.amqps }}
17 | targetPort: amqps
18 | name: amqps
19 | - port: {{ .Values.broker.service.ports.http }}
20 | targetPort: http
21 | name: http
22 | clusterIP: None
23 | selector:
24 | {{- include "lagoon-core.broker.selectorLabels" . | nindent 4 }}
25 | ---
26 | apiVersion: v1
27 | kind: Service
28 | metadata:
29 | name: {{ include "lagoon-core.broker.fullname" . }}
30 | labels:
31 | {{- include "lagoon-core.broker.labels" . | nindent 4 }}
32 | spec:
33 | type: {{ .Values.broker.service.type }}
34 | ports:
35 | - port: {{ .Values.broker.service.ports.epmd }}
36 | targetPort: epmd
37 | name: epmd
38 | - port: {{ .Values.broker.service.ports.amqp }}
39 | targetPort: amqp
40 | name: amqp
41 | - port: {{ .Values.broker.service.ports.amqps }}
42 | targetPort: amqps
43 | name: amqps
44 | - port: {{ .Values.broker.service.ports.http }}
45 | targetPort: http
46 | name: http
47 | - port: {{ .Values.broker.service.ports.metrics }}
48 | targetPort: metrics
49 | name: metrics
50 | selector:
51 | {{- include "lagoon-core.broker.selectorLabels" . | nindent 4 }}
52 | ---
53 | {{- if or (.Values.broker.service.amqpExternal.enabled) (.Values.broker.service.amqpsExternal.enabled) }}
54 | apiVersion: v1
55 | kind: Service
56 | metadata:
57 | name: {{ include "lagoon-core.broker.fullname" . }}-amqp-ext
58 | labels:
59 | {{- include "lagoon-core.broker.labels" . | nindent 4 }}
60 | {{- with .Values.broker.service.amqpExternal.annotations }}
61 | annotations:
62 | {{- toYaml . | nindent 4 }}
63 | {{- end }}
64 | spec:
65 | type: {{ .Values.broker.service.amqpExternal.type }}
66 | {{- with .Values.broker.service.amqpExternal.externalTrafficPolicy }}
67 | externalTrafficPolicy: {{ . }}
68 | {{- end }}
69 | {{- with .Values.broker.service.amqpExternal.loadBalancerSourceRanges }}
70 | loadBalancerSourceRanges:
71 | {{- toYaml . | nindent 2 }}
72 | {{- end }}
73 | ports:
74 | {{- if .Values.broker.service.amqpExternal.enabled }}
75 | - port: {{ .Values.broker.service.amqpExternal.port }}
76 | targetPort: amqp
77 | name: amqp
78 | {{- end }}
79 | {{- if .Values.broker.service.amqpsExternal.enabled }}
80 | - port: {{ .Values.broker.service.amqpsExternal.port }}
81 | targetPort: amqps
82 | name: amqps
83 | {{- end }}
84 | selector:
85 | {{- include "lagoon-core.broker.selectorLabels" . | nindent 4 }}
86 | {{- end }}
87 |
--------------------------------------------------------------------------------
/charts/lagoon-core/templates/broker.serviceaccount.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: ServiceAccount
3 | metadata:
4 | name: {{ include "lagoon-core.broker.serviceAccountName" . }}
5 | labels:
6 | {{- include "lagoon-core.broker.labels" . | nindent 4 }}
7 | {{- with .Values.broker.serviceAccount.annotations }}
8 | annotations:
9 | {{- toYaml . | nindent 4 }}
10 | {{- end }}
11 |
--------------------------------------------------------------------------------
/charts/lagoon-core/templates/broker.servicemonitor.yaml:
--------------------------------------------------------------------------------
1 | {{- if .Values.broker.serviceMonitor.enabled -}}
2 | apiVersion: monitoring.coreos.com/v1
3 | kind: ServiceMonitor
4 | metadata:
5 | name: {{ include "lagoon-core.broker.fullname" . }}
6 | labels:
7 | {{- include "lagoon-core.broker.labels" . | nindent 4 }}
8 | spec:
9 | endpoints:
10 | - port: metrics
11 | - interval: 30s
12 | params:
13 | family:
14 | - queue_coarse_metrics
15 | - queue_metrics
16 | path: /metrics/detailed
17 | port: metrics
18 | scrapeTimeout: 29s
19 | namespaceSelector:
20 | matchNames:
21 | - {{ .Release.Namespace }}
22 | selector:
23 | matchLabels:
24 | {{- include "lagoon-core.broker.selectorLabels" . | nindent 6 }}
25 | {{- end }}
26 |
--------------------------------------------------------------------------------
/charts/lagoon-core/templates/drush-alias.hpa.yaml:
--------------------------------------------------------------------------------
1 | {{- if .Values.drushAlias.autoscaling.enabled -}}
2 | apiVersion: autoscaling/v2
3 | kind: HorizontalPodAutoscaler
4 | metadata:
5 | name: {{ include "lagoon-core.drushAlias.fullname" . }}
6 | labels:
7 | {{- include "lagoon-core.drushAlias.labels" . | nindent 4 }}
8 | spec:
9 | scaleTargetRef:
10 | apiVersion: apps/v1
11 | kind: Deployment
12 | name: {{ include "lagoon-core.drushAlias.fullname" . }}
13 | minReplicas: {{ .Values.drushAlias.autoscaling.minReplicas }}
14 | maxReplicas: {{ .Values.drushAlias.autoscaling.maxReplicas }}
15 | metrics:
16 | {{- if .Values.drushAlias.autoscaling.targetCPUUtilizationPercentage }}
17 | - type: Resource
18 | resource:
19 | name: cpu
20 | target:
21 | averageUtilization: {{ .Values.drushAlias.autoscaling.targetCPUUtilizationPercentage }}
22 | type: Utilization
23 | {{- end }}
24 | {{- if .Values.drushAlias.autoscaling.targetMemoryUtilizationPercentage }}
25 | - type: Resource
26 | resource:
27 | name: memory
28 | target:
29 | averageUtilization: {{ .Values.drushAlias.autoscaling.targetMemoryUtilizationPercentage }}
30 | type: Utilization
31 | {{- end }}
32 | {{- end }}
33 |
--------------------------------------------------------------------------------
/charts/lagoon-core/templates/drush-alias.ingress.yaml:
--------------------------------------------------------------------------------
1 | {{- if and .Values.drushAlias.enabled .Values.drushAlias.ingress.enabled -}}
2 | {{- $fullName := include "lagoon-core.drushAlias.fullname" . -}}
3 | {{- $svcPort := .Values.drushAlias.service.port -}}
4 | apiVersion: networking.k8s.io/v1
5 | kind: Ingress
6 | metadata:
7 | name: {{ $fullName }}
8 | labels:
9 | {{- include "lagoon-core.drushAlias.labels" . | nindent 4 }}
10 | annotations:
11 | {{- with coalesce .Values.drushAlias.ingress.ingressClassName .Values.defaultIngressClassName }}
12 | acme.cert-manager.io/http01-ingress-class: {{ . }}
13 | {{- end }}
14 | {{- with .Values.drushAlias.ingress.annotations }}
15 | {{- toYaml . | nindent 4 }}
16 | {{- end }}
17 | spec:
18 | {{- with coalesce .Values.drushAlias.ingress.ingressClassName .Values.defaultIngressClassName }}
19 | ingressClassName: {{ . }}
20 | {{- end }}
21 | {{- if .Values.drushAlias.ingress.tls }}
22 | tls:
23 | {{- range .Values.drushAlias.ingress.tls }}
24 | - hosts:
25 | {{- range .hosts }}
26 | - {{ . | quote }}
27 | {{- end }}
28 | secretName: {{ .secretName }}
29 | {{- end }}
30 | {{- end }}
31 | rules:
32 | {{- range .Values.drushAlias.ingress.hosts }}
33 | - host: {{ .host | quote }}
34 | http:
35 | paths:
36 | {{- range .paths }}
37 | - path: {{ . }}
38 | pathType: Prefix
39 | backend:
40 | service:
41 | name: {{ $fullName }}
42 | port:
43 | number: {{ $svcPort }}
44 | {{- end }}
45 | {{- end }}
46 | {{- end }}
47 |
--------------------------------------------------------------------------------
/charts/lagoon-core/templates/drush-alias.service.yaml:
--------------------------------------------------------------------------------
1 | {{- if .Values.drushAlias.enabled -}}
2 | apiVersion: v1
3 | kind: Service
4 | metadata:
5 | name: {{ include "lagoon-core.drushAlias.fullname" . }}
6 | labels:
7 | {{- include "lagoon-core.drushAlias.labels" . | nindent 4 }}
8 | spec:
9 | type: {{ .Values.drushAlias.service.type }}
10 | ports:
11 | - port: {{ .Values.drushAlias.service.port }}
12 | targetPort: http-8080
13 | name: http-8080
14 | selector:
15 | {{- include "lagoon-core.drushAlias.selectorLabels" . | nindent 4 }}
16 | {{- end }}
17 |
--------------------------------------------------------------------------------
/charts/lagoon-core/templates/insights-handler.hpa.yaml:
--------------------------------------------------------------------------------
1 | {{- if .Values.insightsHandler.autoscaling.enabled -}}
2 | apiVersion: autoscaling/v2
3 | kind: HorizontalPodAutoscaler
4 | metadata:
5 | name: {{ include "lagoon-core.insightsHandler.fullname" . }}
6 | labels:
7 | {{- include "lagoon-core.insightsHandler.labels" . | nindent 4 }}
8 | spec:
9 | scaleTargetRef:
10 | apiVersion: apps/v1
11 | kind: Deployment
12 | name: {{ include "lagoon-core.insightsHandler.fullname" . }}
13 | minReplicas: {{ .Values.insightsHandler.autoscaling.minReplicas }}
14 | maxReplicas: {{ .Values.insightsHandler.autoscaling.maxReplicas }}
15 | metrics:
16 | {{- if .Values.insightsHandler.autoscaling.targetCPUUtilizationPercentage }}
17 | - type: Resource
18 | resource:
19 | name: cpu
20 | target:
21 | averageUtilization: {{ .Values.insightsHandler.autoscaling.targetCPUUtilizationPercentage }}
22 | type: Utilization
23 | {{- end }}
24 | {{- if .Values.insightsHandler.autoscaling.targetMemoryUtilizationPercentage }}
25 | - type: Resource
26 | resource:
27 | name: memory
28 | target:
29 | averageUtilization: {{ .Values.insightsHandler.autoscaling.targetMemoryUtilizationPercentage }}
30 | type: Utilization
31 | {{- end }}
32 | {{- end }}
33 |
--------------------------------------------------------------------------------
/charts/lagoon-core/templates/insights-trivy.deployment.yaml:
--------------------------------------------------------------------------------
1 | {{- if .Values.insightsHandler.trivy.enabled -}}
2 | apiVersion: apps/v1
3 | kind: Deployment
4 | metadata:
5 | name: {{ include "lagoon-core.insightsTrivy.fullname" . }}
6 | labels:
7 | {{- include "lagoon-core.insightsTrivy.labels" . | nindent 4 }}
8 | spec:
9 | selector:
10 | matchLabels:
11 | {{- include "lagoon-core.insightsTrivy.selectorLabels" . | nindent 6 }}
12 | template:
13 | metadata:
14 | annotations:
15 | {{- with .Values.insightsHandler.trivy.podAnnotations }}
16 | {{- toYaml . | nindent 8 }}
17 | {{- end }}
18 | labels:
19 | {{- include "lagoon-core.insightsTrivy.selectorLabels" . | nindent 8 }}
20 | spec:
21 | securityContext:
22 | {{- toYaml (coalesce .Values.insightsHandler.trivy.podSecurityContext .Values.podSecurityContext) | nindent 8 }}
23 | containers:
24 | - name: insights-trivy
25 | securityContext:
26 | {{- toYaml .Values.insightsHandler.trivy.securityContext | nindent 10 }}
27 | image: "{{ .Values.insightsHandler.trivy.image.repository }}:{{ coalesce .Values.insightsHandler.trivy.image.tag .Values.imageTag .Chart.AppVersion }}"
28 | imagePullPolicy: {{ .Values.insightsHandler.trivy.image.pullPolicy }}
29 | resources:
30 | {{- toYaml .Values.insightsHandler.trivy.resources | nindent 10 }}
31 | command: ["trivy", "server", "--cache-dir=/tmp", "--listen=0.0.0.0:4954", "-d"]
32 | ports:
33 | - containerPort: 4954
34 | protocol: TCP
35 | name: tcp-4954
36 | livenessProbe:
37 | httpGet:
38 | path: /healthz
39 | port: 4954
40 | readinessProbe:
41 | httpGet:
42 | path: /healthz
43 | port: 4954
44 | {{- with .Values.insightsHandler.trivy.nodeSelector }}
45 | nodeSelector:
46 | {{- toYaml . | nindent 8 }}
47 | {{- end }}
48 | affinity:
49 | podAntiAffinity:
50 | preferredDuringSchedulingIgnoredDuringExecution:
51 | - weight: 50
52 | podAffinityTerm:
53 | labelSelector:
54 | matchExpressions:
55 | - key: app.kubernetes.io/name
56 | operator: In
57 | values:
58 | - {{ include "lagoon-core.name" . }}
59 | - key: app.kubernetes.io/component
60 | operator: In
61 | values:
62 | - {{ include "lagoon-core.insightsTrivy.fullname" . }}
63 | - key: app.kubernetes.io/instance
64 | operator: In
65 | values:
66 | - {{ .Release.Name }}
67 | topologyKey: kubernetes.io/hostname
68 | {{- with .Values.insightsHandler.trivy.affinity }}
69 | {{- toYaml . | nindent 8 }}
70 | {{- end }}
71 | {{- with .Values.insightsHandler.trivy.tolerations }}
72 | tolerations:
73 | {{- toYaml . | nindent 8 }}
74 | {{- end }}
75 | {{- end }}
--------------------------------------------------------------------------------
/charts/lagoon-core/templates/insights-trivy.service.yaml:
--------------------------------------------------------------------------------
1 | {{- if .Values.insightsHandler.trivy.enabled -}}
2 | apiVersion: v1
3 | kind: Service
4 | metadata:
5 | name: {{ include "lagoon-core.insightsTrivy.fullname" . }}
6 | labels:
7 | {{- include "lagoon-core.insightsTrivy.labels" . | nindent 4 }}
8 | spec:
9 | type: {{ .Values.insightsHandler.trivy.service.type }}
10 | ports:
11 | - port: {{ .Values.insightsHandler.trivy.service.port }}
12 | targetPort: 4954
13 | name: tcp-4954
14 | selector:
15 | {{- include "lagoon-core.insightsTrivy.selectorLabels" . | nindent 4 }}
16 | {{- end }}
17 |
--------------------------------------------------------------------------------
/charts/lagoon-core/templates/k8up.schedule.yaml:
--------------------------------------------------------------------------------
1 | {{- if .Capabilities.APIVersions.Has "backup.appuio.ch/v1alpha1/Schedule" }}
2 | {{- $schedule := index (lookup "backup.appuio.ch/v1alpha1" "Schedule" .Release.Namespace (include "lagoon-core.fullname" . )) | default dict }}
3 | {{- $bucket := coalesce .Values.k8upBackupBucketName (dig "spec" "backend" "s3" "bucket" "" $schedule) (print "baas-" (include "lagoon-core.fullname" .) "-" (randAlphaNum 8 | lower)) }}
4 | apiVersion: backup.appuio.ch/v1alpha1
5 | kind: Schedule
6 | metadata:
7 | name: {{ include "lagoon-core.fullname" . }}
8 | labels:
9 | {{- include "lagoon-core.labels" . | nindent 4 }}
10 | spec:
11 | backend:
12 | repoPasswordSecretRef:
13 | key: repo-pw
14 | name: "{{ include "lagoon-core.fullname" . }}-baas-repo-pw"
15 | s3:
16 | bucket: {{ $bucket | quote }}
17 | {{ with .Values.k8upS3Endpoint }}
18 | endpoint: {{ . | quote }}
19 | {{ end }}
20 | backup:
21 | schedule: '15 * * * *'
22 | check:
23 | schedule: '45 3 * * *'
24 | prune:
25 | retention:
26 | keepHourly: 36
27 | keepDaily: 30
28 | keepWeekly: 12
29 | keepMonthly: 12
30 | schedule: '26 4 * * 0'
31 | {{- end }}
32 |
--------------------------------------------------------------------------------
/charts/lagoon-core/templates/k8up.secret.yaml:
--------------------------------------------------------------------------------
1 | {{- $data := index (lookup "v1" "Secret" .Release.Namespace (print (include "lagoon-core.fullname" . ) "-baas-repo-pw")) "data" | default dict }}
2 | {{- $baasRepoPw := coalesce (index $data "repo-pw" | default "" | b64dec ) (randAlphaNum 28) }}
3 | apiVersion: v1
4 | kind: Secret
5 | metadata:
6 | name: "{{ include "lagoon-core.fullname" . }}-baas-repo-pw"
7 | labels:
8 | {{- include "lagoon-core.labels" . | nindent 4 }}
9 | type: Opaque
10 | stringData:
11 | repo-pw: {{ $baasRepoPw | quote }}
12 |
--------------------------------------------------------------------------------
/charts/lagoon-core/templates/keycloak-db.service.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Service
3 | metadata:
4 | name: {{ include "lagoon-core.keycloakDB.fullname" . }}-headless
5 | labels:
6 | {{- include "lagoon-core.keycloakDB.labels" . | nindent 4 }}
7 | spec:
8 | type: {{ .Values.keycloakDB.service.type }}
9 | ports:
10 | - port: {{ .Values.keycloakDB.service.port }}
11 | targetPort: mariadb
12 | name: mariadb
13 | clusterIP: None
14 | selector:
15 | {{- include "lagoon-core.keycloakDB.selectorLabels" . | nindent 4 }}
16 | ---
17 | apiVersion: v1
18 | kind: Service
19 | metadata:
20 | name: {{ include "lagoon-core.keycloakDB.fullname" . }}
21 | labels:
22 | {{- include "lagoon-core.keycloakDB.labels" . | nindent 4 }}
23 | spec:
24 | type: {{ .Values.keycloakDB.service.type }}
25 | ports:
26 | - port: {{ .Values.keycloakDB.service.port }}
27 | targetPort: mariadb
28 | name: mariadb
29 | selector:
30 | {{- include "lagoon-core.keycloakDB.selectorLabels" . | nindent 4 }}
31 |
--------------------------------------------------------------------------------
/charts/lagoon-core/templates/keycloak.configmap.yaml:
--------------------------------------------------------------------------------
1 | {{- if .Values.keycloak.email.enabled -}}
2 | ---
3 | apiVersion: v1
4 | kind: ConfigMap
5 | metadata:
6 | name: {{ include "lagoon-core.keycloak.fullname" . }}-smtp-settings
7 | labels:
8 | {{- include "lagoon-core.keycloak.labels" . | nindent 4 }}
9 | data:
10 | keycloak-smtp-settings.json: |
11 | {"smtpServer":{{ .Values.keycloak.email.settings | toJson }}}
12 | {{ end -}}
13 | {{- if .Values.keycloak.realmSettings.enabled -}}
14 | ---
15 | apiVersion: v1
16 | kind: ConfigMap
17 | metadata:
18 | name: {{ include "lagoon-core.keycloak.fullname" . }}-realm-settings
19 | labels:
20 | {{- include "lagoon-core.keycloak.labels" . | nindent 4 }}
21 | data:
22 | keycloak-realm-settings.json: |
23 | {{ .Values.keycloak.realmSettings.options | toJson }}
24 | {{ end -}}
--------------------------------------------------------------------------------
/charts/lagoon-core/templates/keycloak.ingress.yaml:
--------------------------------------------------------------------------------
1 | {{- if .Values.keycloak.ingress.enabled -}}
2 | {{- $fullName := include "lagoon-core.keycloak.fullname" . -}}
3 | {{- $svcPort := .Values.keycloak.service.port -}}
4 | apiVersion: networking.k8s.io/v1
5 | kind: Ingress
6 | metadata:
7 | name: {{ $fullName }}
8 | labels:
9 | {{- include "lagoon-core.keycloak.labels" . | nindent 4 }}
10 | annotations:
11 | {{- with coalesce .Values.keycloak.ingress.ingressClassName .Values.defaultIngressClassName }}
12 | acme.cert-manager.io/http01-ingress-class: {{ . }}
13 | {{- end }}
14 | {{- with .Values.keycloak.ingress.annotations }}
15 | {{- toYaml . | nindent 4 }}
16 | {{- end }}
17 | spec:
18 | {{- with coalesce .Values.keycloak.ingress.ingressClassName .Values.defaultIngressClassName }}
19 | ingressClassName: {{ . }}
20 | {{- end }}
21 | {{- if .Values.keycloak.ingress.tls }}
22 | tls:
23 | {{- range .Values.keycloak.ingress.tls }}
24 | - hosts:
25 | {{- range .hosts }}
26 | - {{ . | quote }}
27 | {{- end }}
28 | secretName: {{ .secretName }}
29 | {{- end }}
30 | {{- end }}
31 | rules:
32 | {{- range .Values.keycloak.ingress.hosts }}
33 | - host: {{ .host | quote }}
34 | http:
35 | paths:
36 | {{- range .paths }}
37 | - path: {{ . }}
38 | pathType: Prefix
39 | backend:
40 | service:
41 | name: {{ $fullName }}
42 | port:
43 | number: {{ $svcPort }}
44 | {{- end }}
45 | {{- end }}
46 | {{- end }}
47 |
--------------------------------------------------------------------------------
/charts/lagoon-core/templates/keycloak.service.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Service
3 | metadata:
4 | name: {{ include "lagoon-core.keycloak.fullname" . }}
5 | labels:
6 | {{- include "lagoon-core.keycloak.labels" . | nindent 4 }}
7 | spec:
8 | type: {{ .Values.keycloak.service.type }}
9 | ports:
10 | - port: {{ .Values.keycloak.service.port }}
11 | targetPort: http-8080
12 | name: http-8080
13 | selector:
14 | {{- include "lagoon-core.keycloak.selectorLabels" . | nindent 4 }}
15 |
--------------------------------------------------------------------------------
/charts/lagoon-core/templates/logs2notifications.hpa.yaml:
--------------------------------------------------------------------------------
1 | {{- if .Values.logs2notifications.autoscaling.enabled -}}
2 | apiVersion: autoscaling/v2
3 | kind: HorizontalPodAutoscaler
4 | metadata:
5 | name: {{ include "lagoon-core.logs2notifications.fullname" . }}
6 | labels:
7 | {{- include "lagoon-core.logs2notifications.labels" . | nindent 4 }}
8 | spec:
9 | scaleTargetRef:
10 | apiVersion: apps/v1
11 | kind: Deployment
12 | name: {{ include "lagoon-core.logs2notifications.fullname" . }}
13 | minReplicas: {{ .Values.logs2notifications.autoscaling.minReplicas }}
14 | maxReplicas: {{ .Values.logs2notifications.autoscaling.maxReplicas }}
15 | metrics:
16 | {{- if .Values.logs2notifications.autoscaling.targetCPUUtilizationPercentage }}
17 | - type: Resource
18 | resource:
19 | name: cpu
20 | target:
21 | averageUtilization: {{ .Values.logs2notifications.autoscaling.targetCPUUtilizationPercentage }}
22 | type: Utilization
23 | {{- end }}
24 | {{- if .Values.logs2notifications.autoscaling.targetMemoryUtilizationPercentage }}
25 | - type: Resource
26 | resource:
27 | name: memory
28 | target:
29 | averageUtilization: {{ .Values.logs2notifications.autoscaling.targetMemoryUtilizationPercentage }}
30 | type: Utilization
31 | {{- end }}
32 | {{- end }}
33 |
--------------------------------------------------------------------------------
/charts/lagoon-core/templates/nats-concentrator.service.yaml:
--------------------------------------------------------------------------------
1 | {{- if .Values.nats.enabled -}}
2 | apiVersion: v1
3 | kind: Service
4 | metadata:
5 | name: {{ include "lagoon-core.fullname" . }}-nats-concentrator
6 | labels:
7 | {{- include "lagoon-core.labels" . | nindent 4 }}
8 | spec:
9 | type: {{ .Values.natsService.type }}
10 | ports:
11 | - name: leafnodes
12 | port: {{ .Values.natsService.leafnodes.port }}
13 | protocol: TCP
14 | targetPort: 7422
15 | selector:
16 | app.kubernetes.io/name: {{ .Values.nats.nameOverride | default "nats" | quote }}
17 | {{- end }}
18 |
--------------------------------------------------------------------------------
/charts/lagoon-core/templates/nats.secret.yaml:
--------------------------------------------------------------------------------
1 | {{- if .Values.nats.enabled -}}
2 | {{- if .Values.natsConfig.tls.secretData }}
3 | ---
4 | {{/*
5 | This secret must have a static name because the nats subchart is configured to
6 | use this secret via the lagoon-core values.yaml.
7 | */}}
8 | apiVersion: v1
9 | kind: Secret
10 | type: Opaque
11 | metadata:
12 | name: lagoon-core-nats-tls
13 | labels:
14 | {{- include "lagoon-core.labels" . | nindent 4 }}
15 | stringData:
16 | {{- with .Values.natsConfig.tls.secretData }}
17 | {{- . | toYaml | nindent 2 }}
18 | {{- end }}
19 | {{- end }}
20 | ---
21 | {{/*
22 | This secret must have a static name because the nats subchart is configured to
23 | use this secret via the lagoon-core values.yaml.
24 | */}}
25 | apiVersion: v1
26 | kind: Secret
27 | type: Opaque
28 | metadata:
29 | name: lagoon-core-nats-conf
30 | labels:
31 | {{- include "lagoon-core.labels" . | nindent 4 }}
32 | stringData:
33 | accounts.conf: |
34 | accounts: {
35 | lagoonRemote: {
36 | LAGOON_REMOTE = {
37 | publish: "lagoon.sshportal.remote",
38 | subscribe: "_INBOX.>"
39 | }
40 | SSHPORTAL_API = {
41 | publish: "_INBOX.>",
42 | subscribe: "lagoon.sshportal.api"
43 | }
44 | users: [
45 | {{- range .Values.natsConfig.users.lagoonRemote }}
46 | {
47 | user: {{ .user | quote }},
48 | permissions: $LAGOON_REMOTE
49 | },
50 | {{- end }}
51 | {
52 | user: "lagoon-core-local",
53 | permissions: $SSHPORTAL_API
54 | },
55 | ]
56 | }
57 | }
58 | no_auth_user: "lagoon-core-local"
59 | leafnodesAuthorization.conf: |
60 | authorization: {
61 | users: [
62 | {{- range .Values.natsConfig.users.lagoonRemote }}
63 | {
64 | user: {{ .user | quote }}
65 | password: {{ .password | quote }}
66 | account: lagoonRemote
67 | },
68 | {{- end }}
69 | ]
70 | }
71 | {{- end }}
72 |
--------------------------------------------------------------------------------
/charts/lagoon-core/templates/opensearch-sync.secret.yaml:
--------------------------------------------------------------------------------
1 | {{- if .Values.opensearchSync.enabled -}}
2 | apiVersion: v1
3 | kind: Secret
4 | type: Opaque
5 | metadata:
6 | name: {{ include "lagoon-core.opensearchSync.fullname" . }}
7 | labels:
8 | {{- include "lagoon-core.opensearchSync.labels" . | nindent 4 }}
9 | stringData:
10 | OPENSEARCH_CA_CERTIFICATE: {{ required "A valid .Values.opensearchSync.opensearchCACertificate required!" .Values.opensearchSync.opensearchCACertificate | quote }}
11 | {{- end }}
12 |
--------------------------------------------------------------------------------
/charts/lagoon-core/templates/secret.yaml:
--------------------------------------------------------------------------------
1 | {{/*
2 | This somewhat complex logic is intended to:
3 | * generate a random secret value automatically on chart install
4 | * not overwrite the randomly generated value on upgrade
5 | * allow overriding if the value is explicitly defined
6 | * check whether a legacy JWT secret exists and copy that
7 | */}}
8 | {{- $legacyjwtExist := index (lookup "v1" "Secret" .Release.Namespace (print (include "lagoon-core.fullname" . ) "-jwtsecret")) "data" | default dict }}
9 | {{- $secretsExist := index (lookup "v1" "Secret" .Release.Namespace (print (include "lagoon-core.fullname" . ) "-secrets")) "data" | default dict }}
10 | {{- $jwtSecret := coalesce .Values.jwtSecret (index $secretsExist "JWTSECRET" | default "" | b64dec) (index $legacyjwtExist "JWTSECRET" | default "" | b64dec) (randAlpha 32) }}
11 | {{- $projectSeed := coalesce .Values.projectSeed (index $secretsExist "PROJECTSEED" | default "" | b64dec) (index $legacyjwtExist "JWTSECRET" | default "" | b64dec) (randAlpha 32) }}
12 | apiVersion: v1
13 | kind: Secret
14 | type: Opaque
15 | metadata:
16 | name: {{ include "lagoon-core.fullname" . }}-secrets
17 | labels:
18 | {{- include "lagoon-core.labels" . | nindent 4 }}
19 | stringData:
20 | JWTSECRET: {{ $jwtSecret | quote }}
21 | PROJECTSEED: {{ $projectSeed | quote }}
22 |
--------------------------------------------------------------------------------
/charts/lagoon-core/templates/ssh-portal-api.hpa.yaml:
--------------------------------------------------------------------------------
1 | {{- if and .Values.sshPortalAPI.enabled .Values.sshPortalAPI.autoscaling.enabled -}}
2 | apiVersion: autoscaling/v2
3 | kind: HorizontalPodAutoscaler
4 | metadata:
5 | name: {{ include "lagoon-core.sshPortalAPI.fullname" . }}
6 | labels:
7 | {{- include "lagoon-core.sshPortalAPI.labels" . | nindent 4 }}
8 | spec:
9 | scaleTargetRef:
10 | apiVersion: apps/v1
11 | kind: Deployment
12 | name: {{ include "lagoon-core.sshPortalAPI.fullname" . }}
13 | minReplicas: {{ .Values.sshPortalAPI.autoscaling.minReplicas }}
14 | maxReplicas: {{ .Values.sshPortalAPI.autoscaling.maxReplicas }}
15 | metrics:
16 | {{- if .Values.sshPortalAPI.autoscaling.targetCPUUtilizationPercentage }}
17 | - type: Resource
18 | resource:
19 | name: cpu
20 | target:
21 | averageUtilization: {{ .Values.sshPortalAPI.autoscaling.targetCPUUtilizationPercentage }}
22 | type: Utilization
23 | {{- end }}
24 | {{- if .Values.sshPortalAPI.autoscaling.targetMemoryUtilizationPercentage }}
25 | - type: Resource
26 | resource:
27 | name: memory
28 | target:
29 | averageUtilization: {{ .Values.sshPortalAPI.autoscaling.targetMemoryUtilizationPercentage }}
30 | type: Utilization
31 | {{- end }}
32 | {{- end }}
33 |
--------------------------------------------------------------------------------
/charts/lagoon-core/templates/ssh-portal-api.service.yaml:
--------------------------------------------------------------------------------
1 | {{- if .Values.sshPortalAPI.enabled -}}
2 | apiVersion: v1
3 | kind: Service
4 | metadata:
5 | name: {{ include "lagoon-core.sshPortalAPI.fullname" . }}
6 | labels:
7 | {{- include "lagoon-core.sshPortalAPI.labels" . | nindent 4 }}
8 | spec:
9 | type: {{ .Values.sshPortalAPI.service.type }}
10 | ports:
11 | - port: {{ .Values.sshPortalAPI.service.ports.metrics }}
12 | targetPort: metrics
13 | name: metrics
14 | selector:
15 | {{- include "lagoon-core.sshPortalAPI.selectorLabels" . | nindent 4 }}
16 | {{- end }}
17 |
--------------------------------------------------------------------------------
/charts/lagoon-core/templates/ssh-portal-api.servicemonitor.yaml:
--------------------------------------------------------------------------------
1 | {{- if and .Values.sshPortalAPI.enabled .Values.sshPortalAPI.serviceMonitor.enabled -}}
2 | apiVersion: monitoring.coreos.com/v1
3 | kind: ServiceMonitor
4 | metadata:
5 | name: {{ include "lagoon-core.sshPortalAPI.fullname" . }}
6 | labels:
7 | {{- include "lagoon-core.sshPortalAPI.labels" . | nindent 4 }}
8 | spec:
9 | endpoints:
10 | - port: metrics
11 | namespaceSelector:
12 | matchNames:
13 | - {{ .Release.Namespace }}
14 | selector:
15 | matchLabels:
16 | {{- include "lagoon-core.sshPortalAPI.selectorLabels" . | nindent 6 }}
17 | {{- end }}
18 |
--------------------------------------------------------------------------------
/charts/lagoon-core/templates/ssh-token.hpa.yaml:
--------------------------------------------------------------------------------
1 | {{- if and .Values.sshToken.enabled .Values.sshToken.autoscaling.enabled -}}
2 | apiVersion: autoscaling/v2
3 | kind: HorizontalPodAutoscaler
4 | metadata:
5 | name: {{ include "lagoon-core.sshToken.fullname" . }}
6 | labels:
7 | {{- include "lagoon-core.sshToken.labels" . | nindent 4 }}
8 | spec:
9 | scaleTargetRef:
10 | apiVersion: apps/v1
11 | kind: Deployment
12 | name: {{ include "lagoon-core.sshToken.fullname" . }}
13 | minReplicas: {{ .Values.sshToken.autoscaling.minReplicas }}
14 | maxReplicas: {{ .Values.sshToken.autoscaling.maxReplicas }}
15 | metrics:
16 | {{- if .Values.sshToken.autoscaling.targetCPUUtilizationPercentage }}
17 | - type: Resource
18 | resource:
19 | name: cpu
20 | target:
21 | averageUtilization: {{ .Values.sshToken.autoscaling.targetCPUUtilizationPercentage }}
22 | type: Utilization
23 | {{- end }}
24 | {{- if .Values.sshToken.autoscaling.targetMemoryUtilizationPercentage }}
25 | - type: Resource
26 | resource:
27 | name: memory
28 | target:
29 | averageUtilization: {{ .Values.sshToken.autoscaling.targetMemoryUtilizationPercentage }}
30 | type: Utilization
31 | {{- end }}
32 | {{- end }}
33 |
--------------------------------------------------------------------------------
/charts/lagoon-core/templates/ssh-token.secret.yaml:
--------------------------------------------------------------------------------
1 | {{- if .Values.sshToken.enabled -}}
2 | apiVersion: v1
3 | kind: Secret
4 | type: Opaque
5 | metadata:
6 | name: {{ include "lagoon-core.sshToken.fullname" . }}
7 | labels:
8 | {{- include "lagoon-core.sshToken.labels" . | nindent 4 }}
9 | stringData:
10 | {{- with .Values.sshToken.hostKeys.ecdsa }}
11 | HOST_KEY_ECDSA: |-
12 | {{- . | nindent 4 }}
13 | {{- end }}
14 | {{- with .Values.sshToken.hostKeys.ed25519 }}
15 | HOST_KEY_ED25519: |-
16 | {{- . | nindent 4 }}
17 | {{- end }}
18 | {{- with .Values.sshToken.hostKeys.rsa }}
19 | HOST_KEY_RSA: |-
20 | {{- . | nindent 4 }}
21 | {{- end }}
22 | {{- end }}
23 |
--------------------------------------------------------------------------------
/charts/lagoon-core/templates/ssh-token.service.yaml:
--------------------------------------------------------------------------------
1 | {{- if .Values.sshToken.enabled -}}
2 | apiVersion: v1
3 | kind: Service
4 | metadata:
5 | name: {{ include "lagoon-core.sshToken.fullname" . }}
6 | labels:
7 | {{- include "lagoon-core.sshToken.labels" . | nindent 4 }}
8 | {{- with .Values.sshToken.service.annotations }}
9 | annotations:
10 | {{- toYaml . | nindent 4 }}
11 | {{- end }}
12 | spec:
13 | type: {{ .Values.sshToken.service.type }}
14 | {{- with .Values.sshToken.service.externalTrafficPolicy }}
15 | externalTrafficPolicy: {{ . }}
16 | {{- end }}
17 | {{- with .Values.sshToken.service.loadBalancerSourceRanges }}
18 | loadBalancerSourceRanges:
19 | {{- toYaml . | nindent 2 }}
20 | {{- end }}
21 | ports:
22 | - port: {{ .Values.sshToken.service.ports.sshserver }}
23 | targetPort: sshserver
24 | name: sshserver
25 | selector:
26 | {{- include "lagoon-core.sshToken.selectorLabels" . | nindent 4 }}
27 | ---
28 | apiVersion: v1
29 | kind: Service
30 | metadata:
31 | name: {{ include "lagoon-core.sshToken.fullname" . }}-metrics
32 | labels:
33 | metrics-only: "true"
34 | {{- include "lagoon-core.sshToken.labels" . | nindent 4 }}
35 | spec:
36 | type: {{ .Values.sshToken.metricsService.type }}
37 | ports:
38 | - port: {{ .Values.sshToken.metricsService.ports.metrics }}
39 | targetPort: metrics
40 | name: metrics
41 | selector:
42 | {{- include "lagoon-core.sshToken.selectorLabels" . | nindent 4 }}
43 | {{- end }}
44 |
--------------------------------------------------------------------------------
/charts/lagoon-core/templates/ssh-token.servicemonitor.yaml:
--------------------------------------------------------------------------------
1 | {{- if and .Values.sshToken.enabled .Values.sshToken.serviceMonitor.enabled -}}
2 | apiVersion: monitoring.coreos.com/v1
3 | kind: ServiceMonitor
4 | metadata:
5 | name: {{ include "lagoon-core.sshToken.fullname" . }}
6 | labels:
7 | {{- include "lagoon-core.sshToken.labels" . | nindent 4 }}
8 | spec:
9 | endpoints:
10 | - port: metrics
11 | namespaceSelector:
12 | matchNames:
13 | - {{ .Release.Namespace }}
14 | selector:
15 | matchLabels:
16 | {{- include "lagoon-core.sshToken.selectorLabels" . | nindent 6 }}
17 | {{- end }}
18 |
--------------------------------------------------------------------------------
/charts/lagoon-core/templates/ssh.hpa.yaml:
--------------------------------------------------------------------------------
1 | {{- if and .Values.ssh.enabled .Values.ssh.autoscaling.enabled -}}
2 | apiVersion: autoscaling/v2
3 | kind: HorizontalPodAutoscaler
4 | metadata:
5 | name: {{ include "lagoon-core.ssh.fullname" . }}
6 | labels:
7 | {{- include "lagoon-core.ssh.labels" . | nindent 4 }}
8 | spec:
9 | scaleTargetRef:
10 | apiVersion: apps/v1
11 | kind: Deployment
12 | name: {{ include "lagoon-core.ssh.fullname" . }}
13 | minReplicas: {{ .Values.ssh.autoscaling.minReplicas }}
14 | maxReplicas: {{ .Values.ssh.autoscaling.maxReplicas }}
15 | metrics:
16 | {{- if .Values.ssh.autoscaling.targetCPUUtilizationPercentage }}
17 | - type: Resource
18 | resource:
19 | name: cpu
20 | target:
21 | averageUtilization: {{ .Values.ssh.autoscaling.targetCPUUtilizationPercentage }}
22 | type: Utilization
23 | {{- end }}
24 | {{- if .Values.ssh.autoscaling.targetMemoryUtilizationPercentage }}
25 | - type: Resource
26 | resource:
27 | name: memory
28 | target:
29 | averageUtilization: {{ .Values.ssh.autoscaling.targetMemoryUtilizationPercentage }}
30 | type: Utilization
31 | {{- end }}
32 | {{- end }}
33 |
--------------------------------------------------------------------------------
/charts/lagoon-core/templates/ssh.secret.yaml:
--------------------------------------------------------------------------------
1 | {{- if .Values.ssh.enabled -}}
2 | apiVersion: v1
3 | kind: Secret
4 | type: Opaque
5 | metadata:
6 | name: {{ include "lagoon-core.ssh.fullname" . }}
7 | labels:
8 | {{- include "lagoon-core.ssh.labels" . | nindent 4 }}
9 | stringData:
10 | {{- with .Values.ssh.hostKeys.ecdsa }}
11 | HOST_KEY_ECDSA: |
12 | {{- . | nindent 4 }}
13 | {{- end }}
14 | {{- with .Values.ssh.hostKeys.ecdsaPub }}
15 | HOST_PUBKEY_ECDSA: |
16 | {{- . | nindent 4 }}
17 | {{- end }}
18 | {{- with .Values.ssh.hostKeys.ed25519 }}
19 | HOST_KEY_ED25519: |
20 | {{- . | nindent 4 }}
21 | {{- end }}
22 | {{- with .Values.ssh.hostKeys.ed25519Pub }}
23 | HOST_PUBKEY_ED25519: |
24 | {{- . | nindent 4 }}
25 | {{- end }}
26 | {{- with .Values.ssh.hostKeys.rsa }}
27 | HOST_KEY_RSA: |
28 | {{- . | nindent 4 }}
29 | {{- end }}
30 | {{- with .Values.ssh.hostKeys.rsaPub }}
31 | HOST_PUBKEY_RSA: |
32 | {{- . | nindent 4 }}
33 | {{- end }}
34 | {{- end }}
35 |
--------------------------------------------------------------------------------
/charts/lagoon-core/templates/ssh.service.yaml:
--------------------------------------------------------------------------------
1 | {{- if .Values.ssh.enabled -}}
2 | apiVersion: v1
3 | kind: Service
4 | metadata:
5 | name: {{ include "lagoon-core.ssh.fullname" . }}
6 | labels:
7 | {{- include "lagoon-core.ssh.labels" . | nindent 4 }}
8 | {{- with .Values.ssh.service.annotations }}
9 | annotations:
10 | {{- toYaml . | nindent 4 }}
11 | {{- end }}
12 | spec:
13 | type: {{ .Values.ssh.service.type }}
14 | {{- with .Values.ssh.service.externalTrafficPolicy }}
15 | externalTrafficPolicy: {{ . }}
16 | {{- end }}
17 | {{- with .Values.ssh.service.loadBalancerSourceRanges }}
18 | loadBalancerSourceRanges:
19 | {{- toYaml . | nindent 2 }}
20 | {{- end }}
21 | ports:
22 | - port: {{ .Values.ssh.service.port }}
23 | targetPort: ssh
24 | protocol: TCP
25 | name: ssh
26 | selector:
27 | {{- include "lagoon-core.ssh.selectorLabels" . | nindent 4 }}
28 | {{- end }}
29 |
--------------------------------------------------------------------------------
/charts/lagoon-core/templates/tests/test-connection.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Pod
3 | metadata:
4 | name: "{{ include "lagoon-core.api.fullname" . }}-test-connection"
5 | labels:
6 | {{- include "lagoon-core.api.labels" . | nindent 4 }}
7 | annotations:
8 | "helm.sh/hook": test-success
9 | spec:
10 | containers:
11 | - name: nc-api
12 | image: busybox:musl
13 | command:
14 | - nc
15 | args:
16 | - "-vzw5"
17 | - "{{ include "lagoon-core.api.fullname" . }}"
18 | - "{{ .Values.api.service.port }}"
19 | - name: nc-keycloak
20 | image: busybox:musl
21 | command:
22 | - nc
23 | args:
24 | - "-vzw5"
25 | - "{{ include "lagoon-core.keycloak.fullname" . }}"
26 | - "{{ .Values.keycloak.service.port }}"
27 | restartPolicy: Never
28 |
--------------------------------------------------------------------------------
/charts/lagoon-core/templates/ui.hpa.yaml:
--------------------------------------------------------------------------------
1 | {{- if and .Values.ui.enabled .Values.ui.autoscaling.enabled -}}
2 | apiVersion: autoscaling/v2
3 | kind: HorizontalPodAutoscaler
4 | metadata:
5 | name: {{ include "lagoon-core.ui.fullname" . }}
6 | labels:
7 | {{- include "lagoon-core.ui.labels" . | nindent 4 }}
8 | spec:
9 | scaleTargetRef:
10 | apiVersion: apps/v1
11 | kind: Deployment
12 | name: {{ include "lagoon-core.ui.fullname" . }}
13 | minReplicas: {{ .Values.ui.autoscaling.minReplicas }}
14 | maxReplicas: {{ .Values.ui.autoscaling.maxReplicas }}
15 | metrics:
16 | {{- if .Values.ui.autoscaling.targetCPUUtilizationPercentage }}
17 | - type: Resource
18 | resource:
19 | name: cpu
20 | target:
21 | averageUtilization: {{ .Values.ui.autoscaling.targetCPUUtilizationPercentage }}
22 | type: Utilization
23 | {{- end }}
24 | {{- if .Values.ui.autoscaling.targetMemoryUtilizationPercentage }}
25 | - type: Resource
26 | resource:
27 | name: memory
28 | target:
29 | averageUtilization: {{ .Values.ui.autoscaling.targetMemoryUtilizationPercentage }}
30 | type: Utilization
31 | {{- end }}
32 | {{- end }}
33 |
--------------------------------------------------------------------------------
/charts/lagoon-core/templates/ui.ingress.yaml:
--------------------------------------------------------------------------------
1 | {{- if and .Values.ui.enabled .Values.ui.ingress.enabled -}}
2 | {{- $fullName := include "lagoon-core.ui.fullname" . -}}
3 | {{- $svcPort := .Values.ui.service.port -}}
4 | apiVersion: networking.k8s.io/v1
5 | kind: Ingress
6 | metadata:
7 | name: {{ $fullName }}
8 | labels:
9 | {{- include "lagoon-core.ui.labels" . | nindent 4 }}
10 | annotations:
11 | {{- with coalesce .Values.ui.ingress.ingressClassName .Values.defaultIngressClassName }}
12 | acme.cert-manager.io/http01-ingress-class: {{ . }}
13 | {{- end }}
14 | {{- with .Values.ui.ingress.annotations }}
15 | {{- toYaml . | nindent 4 }}
16 | {{- end }}
17 | spec:
18 | {{- with coalesce .Values.ui.ingress.ingressClassName .Values.defaultIngressClassName }}
19 | ingressClassName: {{ . }}
20 | {{- end }}
21 | {{- if .Values.ui.ingress.tls }}
22 | tls:
23 | {{- range .Values.ui.ingress.tls }}
24 | - hosts:
25 | {{- range .hosts }}
26 | - {{ . | quote }}
27 | {{- end }}
28 | secretName: {{ .secretName }}
29 | {{- end }}
30 | {{- end }}
31 | rules:
32 | {{- range .Values.ui.ingress.hosts }}
33 | - host: {{ .host | quote }}
34 | http:
35 | paths:
36 | {{- range .paths }}
37 | - path: {{ . }}
38 | pathType: Prefix
39 | backend:
40 | service:
41 | name: {{ $fullName }}
42 | port:
43 | number: {{ $svcPort }}
44 | {{- end }}
45 | {{- end }}
46 | {{- end }}
47 |
--------------------------------------------------------------------------------
/charts/lagoon-core/templates/ui.service.yaml:
--------------------------------------------------------------------------------
1 | {{- if .Values.ui.enabled -}}
2 | apiVersion: v1
3 | kind: Service
4 | metadata:
5 | name: {{ include "lagoon-core.ui.fullname" . }}
6 | labels:
7 | {{- include "lagoon-core.ui.labels" . | nindent 4 }}
8 | spec:
9 | type: {{ .Values.ui.service.type }}
10 | ports:
11 | - port: {{ .Values.ui.service.port }}
12 | targetPort: http-3000
13 | name: http-3000
14 | selector:
15 | {{- include "lagoon-core.ui.selectorLabels" . | nindent 4 }}
16 | {{- end }}
17 |
--------------------------------------------------------------------------------
/charts/lagoon-core/templates/webhook-handler.hpa.yaml:
--------------------------------------------------------------------------------
1 | {{- if .Values.webhookHandler.autoscaling.enabled -}}
2 | apiVersion: autoscaling/v2
3 | kind: HorizontalPodAutoscaler
4 | metadata:
5 | name: {{ include "lagoon-core.webhookHandler.fullname" . }}
6 | labels:
7 | {{- include "lagoon-core.webhookHandler.labels" . | nindent 4 }}
8 | spec:
9 | scaleTargetRef:
10 | apiVersion: apps/v1
11 | kind: Deployment
12 | name: {{ include "lagoon-core.webhookHandler.fullname" . }}
13 | minReplicas: {{ .Values.webhookHandler.autoscaling.minReplicas }}
14 | maxReplicas: {{ .Values.webhookHandler.autoscaling.maxReplicas }}
15 | metrics:
16 | {{- if .Values.webhookHandler.autoscaling.targetCPUUtilizationPercentage }}
17 | - type: Resource
18 | resource:
19 | name: cpu
20 | target:
21 | averageUtilization: {{ .Values.webhookHandler.autoscaling.targetCPUUtilizationPercentage }}
22 | type: Utilization
23 | {{- end }}
24 | {{- if .Values.webhookHandler.autoscaling.targetMemoryUtilizationPercentage }}
25 | - type: Resource
26 | resource:
27 | name: memory
28 | target:
29 | averageUtilization: {{ .Values.webhookHandler.autoscaling.targetMemoryUtilizationPercentage }}
30 | type: Utilization
31 | {{- end }}
32 | {{- end }}
33 |
--------------------------------------------------------------------------------
/charts/lagoon-core/templates/webhook-handler.ingress.yaml:
--------------------------------------------------------------------------------
1 | {{- if and .Values.webhookHandler.enabled .Values.webhookHandler.ingress.enabled -}}
2 | {{- $fullName := include "lagoon-core.webhookHandler.fullname" . -}}
3 | {{- $svcPort := .Values.webhookHandler.service.port -}}
4 | apiVersion: networking.k8s.io/v1
5 | kind: Ingress
6 | metadata:
7 | name: {{ $fullName }}
8 | labels:
9 | {{- include "lagoon-core.webhookHandler.labels" . | nindent 4 }}
10 | annotations:
11 | {{- with coalesce .Values.webhookHandler.ingress.ingressClassName .Values.defaultIngressClassName }}
12 | acme.cert-manager.io/http01-ingress-class: {{ . }}
13 | {{- end }}
14 | {{- with .Values.webhookHandler.ingress.annotations }}
15 | {{- toYaml . | nindent 4 }}
16 | {{- end }}
17 | spec:
18 | {{- with coalesce .Values.webhookHandler.ingress.ingressClassName .Values.defaultIngressClassName }}
19 | ingressClassName: {{ . }}
20 | {{- end }}
21 | {{- if .Values.webhookHandler.ingress.tls }}
22 | tls:
23 | {{- range .Values.webhookHandler.ingress.tls }}
24 | - hosts:
25 | {{- range .hosts }}
26 | - {{ . | quote }}
27 | {{- end }}
28 | secretName: {{ .secretName }}
29 | {{- end }}
30 | {{- end }}
31 | rules:
32 | {{- range .Values.webhookHandler.ingress.hosts }}
33 | - host: {{ .host | quote }}
34 | http:
35 | paths:
36 | {{- range .paths }}
37 | - path: {{ . }}
38 | pathType: Prefix
39 | backend:
40 | service:
41 | name: {{ $fullName }}
42 | port:
43 | number: {{ $svcPort }}
44 | {{- end }}
45 | {{- end }}
46 | {{- end }}
47 |
--------------------------------------------------------------------------------
/charts/lagoon-core/templates/webhook-handler.service.yaml:
--------------------------------------------------------------------------------
1 | {{- if .Values.webhookHandler.enabled -}}
2 | apiVersion: v1
3 | kind: Service
4 | metadata:
5 | name: {{ include "lagoon-core.webhookHandler.fullname" . }}
6 | labels:
7 | {{- include "lagoon-core.webhookHandler.labels" . | nindent 4 }}
8 | spec:
9 | type: {{ .Values.webhookHandler.service.type }}
10 | ports:
11 | - port: {{ .Values.webhookHandler.service.port }}
12 | targetPort: http-3000
13 | name: http-3000
14 | selector:
15 | {{- include "lagoon-core.webhookHandler.selectorLabels" . | nindent 4 }}
16 | {{- end }}
17 |
--------------------------------------------------------------------------------
/charts/lagoon-core/templates/webhooks2tasks.hpa.yaml:
--------------------------------------------------------------------------------
1 | {{- if .Values.webhooks2tasks.autoscaling.enabled -}}
2 | apiVersion: autoscaling/v2
3 | kind: HorizontalPodAutoscaler
4 | metadata:
5 | name: {{ include "lagoon-core.webhooks2tasks.fullname" . }}
6 | labels:
7 | {{- include "lagoon-core.webhooks2tasks.labels" . | nindent 4 }}
8 | spec:
9 | scaleTargetRef:
10 | apiVersion: apps/v1
11 | kind: Deployment
12 | name: {{ include "lagoon-core.webhooks2tasks.fullname" . }}
13 | minReplicas: {{ .Values.webhooks2tasks.autoscaling.minReplicas }}
14 | maxReplicas: {{ .Values.webhooks2tasks.autoscaling.maxReplicas }}
15 | metrics:
16 | {{- if .Values.webhooks2tasks.autoscaling.targetCPUUtilizationPercentage }}
17 | - type: Resource
18 | resource:
19 | name: cpu
20 | target:
21 | averageUtilization: {{ .Values.webhooks2tasks.autoscaling.targetCPUUtilizationPercentage }}
22 | type: Utilization
23 | {{- end }}
24 | {{- if .Values.webhooks2tasks.autoscaling.targetMemoryUtilizationPercentage }}
25 | - type: Resource
26 | resource:
27 | name: memory
28 | target:
29 | averageUtilization: {{ .Values.webhooks2tasks.autoscaling.targetMemoryUtilizationPercentage }}
30 | type: Utilization
31 | {{- end }}
32 | {{- end }}
33 |
--------------------------------------------------------------------------------
/charts/lagoon-docker-host/.gitignore:
--------------------------------------------------------------------------------
1 | /charts
2 |
--------------------------------------------------------------------------------
/charts/lagoon-docker-host/.helmignore:
--------------------------------------------------------------------------------
1 | # Patterns to ignore when building packages.
2 | # This supports shell glob matching, relative path matching, and
3 | # negation (prefixed with !). Only one pattern per line.
4 | .DS_Store
5 | # Common VCS dirs
6 | .git/
7 | .gitignore
8 | .bzr/
9 | .bzrignore
10 | .hg/
11 | .hgignore
12 | .svn/
13 | # Common backup files
14 | *.swp
15 | *.bak
16 | *.tmp
17 | *~
18 | # Various IDEs
19 | .project
20 | .idea/
21 | *.tmproj
22 | .vscode/
23 |
--------------------------------------------------------------------------------
/charts/lagoon-docker-host/Chart.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v2
2 | name: lagoon-docker-host
3 | description: A Helm chart to run a lagoon-docker-host
4 | home: https://github.com/uselagoon/lagoon-charts
5 | icon: https://raw.githubusercontent.com/uselagoon/lagoon-charts/main/icon.png
6 | maintainers:
7 | - name: shreddedbacon
8 | email: ben.jackson@amazee.io
9 | url: https://amazee.io
10 | kubeVersion: ">= 1.23.0-0"
11 |
12 | # Application charts are a collection of templates that can be packaged into
13 | # versioned archives to be deployed.
14 | type: application
15 |
16 | # This is the chart version. This version number should be incremented each
17 | # time you make changes to the chart and its templates, including the app
18 | # version.
19 | version: 0.4.0
20 |
21 | appVersion: v3.5.0
22 |
23 | # This section is used to collect a changelog for artifacthub.io
24 | # It should be started afresh for each release
25 | # Valid supported kinds are added, changed, deprecated, removed, fixed and security
26 | annotations:
27 | artifacthub.io/changes: |
28 | - kind: changed
29 | description: changed docker-host to statefulset from deployment
30 |
--------------------------------------------------------------------------------
/charts/lagoon-docker-host/README.md:
--------------------------------------------------------------------------------
1 | # Lagoon Docker Host
2 |
3 | This chart installs a docker host service for [Lagoon](https://github.com/amazeeio/lagoon/).
4 | Install this chart into the cluster you want to deploy workloads to.
5 |
--------------------------------------------------------------------------------
/charts/lagoon-docker-host/ci/linter-values.yaml:
--------------------------------------------------------------------------------
1 | storage:
2 | size: 50Gi
3 | networkPolicy:
4 | # Specifies whether the docker-host network policy should be enabled
5 | enabled: true
6 | # Specify the policy to apply, useful to change who can access the docker-host
7 | # This default policy just replicates the existing docker-host
8 | policy:
9 | - namespaceSelector:
10 | matchExpressions:
11 | - key: lagoon.sh/environment
12 | operator: Exists
13 | podSelector:
14 | matchExpressions:
15 | - key: lagoon.sh/buildName
16 | operator: Exists
17 | - podSelector:
18 | matchExpressions:
19 | - key: app.kubernetes.io/name
20 | operator: In
21 | values:
22 | - lagoon-docker-host
23 |
--------------------------------------------------------------------------------
/charts/lagoon-docker-host/templates/_helpers.tpl:
--------------------------------------------------------------------------------
1 | {{/* vim: set filetype=mustache: */}}
2 | {{/*
3 | Expand the name of the chart.
4 | */}}
5 | {{- define "lagoon-docker-host.name" -}}
6 | {{- .Chart.Name | trunc 63 | trimSuffix "-" }}
7 | {{- end }}
8 |
9 | {{/*
10 | Create a default fully qualified app name.
11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
12 | If release name contains chart name it will be used as a full name.
13 | */}}
14 | {{- define "lagoon-docker-host.fullname" -}}
15 | {{- .Release.Name | trunc 63 | trimSuffix "-" }}
16 | {{- end }}
17 |
18 | {{/*
19 | Create chart name and version as used by the chart label.
20 | */}}
21 | {{- define "lagoon-docker-host.chart" -}}
22 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
23 | {{- end }}
24 |
25 | {{/*
26 | Common labels
27 | */}}
28 | {{- define "lagoon-docker-host.labels" -}}
29 | helm.sh/chart: {{ include "lagoon-docker-host.chart" . }}
30 | {{ include "lagoon-docker-host.selectorLabels" . }}
31 | {{- if .Chart.AppVersion }}
32 | app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
33 | {{- end }}
34 | app.kubernetes.io/managed-by: {{ .Release.Service }}
35 | {{- end }}
36 |
37 | {{/*
38 | Selector labels
39 | */}}
40 | {{- define "lagoon-docker-host.selectorLabels" -}}
41 | app.kubernetes.io/name: {{ include "lagoon-docker-host.name" . }}
42 | app.kubernetes.io/instance: {{ .Release.Name }}
43 | {{- end }}
44 |
45 |
46 |
47 | {{/*
48 | Create the name of the service account to use for dockerHost.
49 | */}}
50 | {{- define "lagoon-docker-host.dockerHost.serviceAccountName" -}}
51 | {{- default (include "lagoon-docker-host.dockerHost.fullname" .) .Values.serviceAccount.name }}
52 | {{- end }}
53 |
54 | {{/*
55 | Create a default fully qualified app name for dockerHost.
56 | */}}
57 | {{- define "lagoon-docker-host.dockerHost.fullname" -}}
58 | {{- include "lagoon-docker-host.fullname" . }}-docker-host
59 | {{- end }}
60 |
61 | {{/*
62 | Common labels dockerHost.
63 | */}}
64 | {{- define "lagoon-docker-host.dockerHost.labels" -}}
65 | helm.sh/chart: {{ include "lagoon-docker-host.chart" . }}
66 | {{ include "lagoon-docker-host.dockerHost.selectorLabels" . }}
67 | {{- if .Chart.AppVersion }}
68 | app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
69 | {{- end }}
70 | app.kubernetes.io/managed-by: {{ .Release.Service }}
71 | {{- end }}
72 |
73 | {{/*
74 | Selector labels dockerHost.
75 | */}}
76 | {{- define "lagoon-docker-host.dockerHost.selectorLabels" -}}
77 | app.kubernetes.io/name: {{ include "lagoon-docker-host.name" . }}
78 | app.kubernetes.io/component: {{ include "lagoon-docker-host.dockerHost.fullname" . }}
79 | app.kubernetes.io/instance: {{ .Release.Name }}
80 | {{- end }}
81 |
82 |
--------------------------------------------------------------------------------
/charts/lagoon-docker-host/templates/docker-host.clusterrole.yaml:
--------------------------------------------------------------------------------
1 | {{- if and .Values.serviceAccount.create .Values.global.openshift -}}
2 | apiVersion: rbac.authorization.k8s.io/v1
3 | kind: ClusterRole
4 | metadata:
5 | name: {{ include "lagoon-docker-host.dockerHost.fullname" . }}
6 | labels:
7 | {{- include "lagoon-docker-host.dockerHost.labels" . | nindent 4 }}
8 | rules:
9 | - apiGroups:
10 | - security.openshift.io
11 | resourceNames:
12 | - privileged
13 | resources:
14 | - securitycontextconstraints
15 | verbs:
16 | - use
17 | {{- end }}
18 |
--------------------------------------------------------------------------------
/charts/lagoon-docker-host/templates/docker-host.networkpolicy.yaml:
--------------------------------------------------------------------------------
1 | {{- if .Values.networkPolicy.enabled -}}
2 | apiVersion: networking.k8s.io/v1
3 | kind: NetworkPolicy
4 | metadata:
5 | name: {{ include "lagoon-docker-host.dockerHost.fullname" . }}
6 | labels:
7 | {{- include "lagoon-docker-host.dockerHost.labels" . | nindent 4 }}
8 | spec:
9 | ingress:
10 | - from:
11 | {{- toYaml .Values.networkPolicy.policy | nindent 4 }}
12 | podSelector:
13 | matchLabels:
14 | {{- include "lagoon-docker-host.dockerHost.selectorLabels" . | nindent 6 }}
15 | policyTypes:
16 | - Ingress
17 | {{- end }}
18 |
--------------------------------------------------------------------------------
/charts/lagoon-docker-host/templates/docker-host.rolebinding.yaml:
--------------------------------------------------------------------------------
1 | {{- if and .Values.serviceAccount.create .Values.global.openshift -}}
2 | apiVersion: rbac.authorization.k8s.io/v1
3 | kind: RoleBinding
4 | metadata:
5 | name: {{ include "lagoon-docker-host.dockerHost.fullname" . }}
6 | namespace: {{ .Release.Namespace | quote }}
7 | labels:
8 | {{- include "lagoon-docker-host.dockerHost.labels" . | nindent 4 }}
9 | roleRef:
10 | apiGroup: rbac.authorization.k8s.io
11 | kind: ClusterRole
12 | name: {{ include "lagoon-docker-host.dockerHost.fullname" . }}
13 | subjects:
14 | - kind: ServiceAccount
15 | name: {{ include "lagoon-docker-host.dockerHost.serviceAccountName" . }}
16 | namespace: {{ .Release.Namespace | quote }}
17 | {{- end }}
18 |
--------------------------------------------------------------------------------
/charts/lagoon-docker-host/templates/docker-host.service.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Service
3 | metadata:
4 | name: docker-host
5 | labels:
6 | {{- include "lagoon-docker-host.dockerHost.labels" . | nindent 4 }}
7 | spec:
8 | type: {{ .Values.service.type }}
9 | ports:
10 | - port: {{ .Values.service.port }}
11 | targetPort: docker-daemon
12 | protocol: TCP
13 | name: docker-daemon
14 | selector:
15 | {{- include "lagoon-docker-host.dockerHost.selectorLabels" . | nindent 4 }}
16 | sessionAffinity: ClientIP
17 | sessionAffinityConfig:
18 | clientIP:
19 | timeoutSeconds: 14400 # 4 hours
20 | {{- $name := include "lagoon-docker-host.dockerHost.fullname" . -}}
21 | {{- $labels := include "lagoon-docker-host.dockerHost.labels" . -}}
22 | {{- $stype := .Values.service.type -}}
23 | {{- $sport := .Values.service.port -}}
24 | {{- $replicaCount := .Values.replicaCount | int -}}
25 | {{- range $index0 := until $replicaCount -}}
26 | {{- $index1 := $index0 | add1 }}
27 | ---
28 | apiVersion: v1
29 | kind: Service
30 | metadata:
31 | name: docker-host-{{ $index0 }}
32 | labels:
33 | {{ $labels | indent 4 }}
34 | spec:
35 | type: {{ $stype }}
36 | ports:
37 | - port: {{ $sport }}
38 | targetPort: docker-daemon
39 | protocol: TCP
40 | name: docker-daemon
41 | sessionAffinity: ClientIP
42 | selector:
43 | statefulset.kubernetes.io/pod-name: {{ $name }}-{{ $index0 }}
44 | {{- end }}
--------------------------------------------------------------------------------
/charts/lagoon-docker-host/templates/docker-host.serviceaccount.yaml:
--------------------------------------------------------------------------------
1 | {{- if .Values.serviceAccount.create -}}
2 | apiVersion: v1
3 | kind: ServiceAccount
4 | metadata:
5 | name: {{ include "lagoon-docker-host.dockerHost.serviceAccountName" . }}
6 | labels:
7 | {{- include "lagoon-docker-host.dockerHost.labels" . | nindent 4 }}
8 | {{- end }}
9 |
--------------------------------------------------------------------------------
/charts/lagoon-docker-host/templates/tests/test-connection.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Pod
3 | metadata:
4 | name: "{{ include "lagoon-docker-host.dockerHost.fullname" . }}-test-connection"
5 | labels:
6 | {{- include "lagoon-docker-host.dockerHost.labels" . | nindent 4 }}
7 | annotations:
8 | "helm.sh/hook": test-success
9 | spec:
10 | containers:
11 | - name: nc
12 | image: busybox
13 | command: ['nc']
14 | args:
15 | - "-zvw5"
16 | - "docker-host"
17 | - "{{ .Values.service.port }}"
18 | restartPolicy: Never
19 |
--------------------------------------------------------------------------------
/charts/lagoon-docker-host/values.yaml:
--------------------------------------------------------------------------------
1 | global:
2 | # set to true to enable openshift support
3 | openshift: false
4 |
5 | image:
6 | repository: uselagoon/docker-host
7 | pullPolicy: Always
8 |
9 | name: docker-host
10 |
11 | pruneImagesUntil: 168h
12 |
13 | # TODO: change this up once new docker-host is released
14 | registry: registry.lagoon.svc:5000
15 | repositoryToUpdate: amazeeio|lagoon
16 |
17 | replicaCount: 1
18 |
19 | ## proxy configuration
20 | # httpProxy: ""
21 | # httpsProxy: ""
22 | # noProxy: ""
23 |
24 | # add extra environment variables if required
25 | extraEnvs:
26 |
27 | storage:
28 | create: true
29 | size: 750Gi
30 | # className sets the storageClassName for the docker-host PVC. This is
31 | # useful if the docker-host requires a specific storage class for features
32 | # such as increased IOPS.
33 | #
34 | # WARNING: On platforms such as AKS not all storage volume classes can be
35 | # bound to all node types. So if you configure a storage class that can't
36 | # be bound to any nodes in the cluster it will cause the docker-host pod to
37 | # fail to schedule. For example AKS requires Premium Storage suport on the
38 | # node for the managed-premium storage class.
39 | #
40 | # If className is not defined the chart will not set any specify storage
41 | # class on the PVC, effectively falling back to the cluster default.
42 | #
43 | # className: managed-premium
44 |
45 | networkPolicy:
46 | # Specifies whether the docker-host network policy should be enabled
47 | enabled: true
48 | # Specify the policy to apply, useful to change who can access the docker-host
49 | # This default policy just replicates the existing docker-host
50 | policy:
51 | - namespaceSelector:
52 | matchExpressions:
53 | - key: lagoon.sh/environment
54 | operator: Exists
55 | podSelector:
56 | matchExpressions:
57 | - key: lagoon.sh/buildName
58 | operator: Exists
59 |
60 | serviceAccount:
61 | # Specifies whether a service account should be created
62 | create: true
63 | # The name of the service account to use.
64 | # If not set and create is true, a name is generated using the fullname
65 | # template
66 | name:
67 |
68 | podSecurityContext: {}
69 |
70 | securityContext:
71 | privileged: true
72 | seLinuxOptions:
73 | # Ensures selinux relabeling is disabled, this would case the container never to start
74 | # as there can be so many files in the persistent storage
75 | type: spc_t
76 |
77 | resources: {}
78 |
79 | service:
80 | type: ClusterIP
81 | port: 2375
82 |
83 | tolerations:
84 | - key: lagoon/build
85 | effect: NoSchedule
86 | operator: Exists
87 | - key: lagoon/build
88 | effect: PreferNoSchedule
89 | operator: Exists
90 | - key: lagoon.sh/build
91 | effect: NoSchedule
92 | operator: Exists
93 | - key: lagoon.sh/build
94 | effect: PreferNoSchedule
95 | operator: Exists
96 |
--------------------------------------------------------------------------------
/charts/lagoon-logging/.gitignore:
--------------------------------------------------------------------------------
1 | /charts/*.tgz
2 |
--------------------------------------------------------------------------------
/charts/lagoon-logging/.helmignore:
--------------------------------------------------------------------------------
1 | # Patterns to ignore when building packages.
2 | # This supports shell glob matching, relative path matching, and
3 | # negation (prefixed with !). Only one pattern per line.
4 | .DS_Store
5 | # Common VCS dirs
6 | .git/
7 | .gitignore
8 | .bzr/
9 | .bzrignore
10 | .hg/
11 | .hgignore
12 | .svn/
13 | # Common backup files
14 | *.swp
15 | *.bak
16 | *.tmp
17 | *.orig
18 | *~
19 | # Various IDEs
20 | .project
21 | .idea/
22 | *.tmproj
23 | .vscode/
24 |
--------------------------------------------------------------------------------
/charts/lagoon-logging/Chart.lock:
--------------------------------------------------------------------------------
1 | dependencies:
2 | - name: logging-operator
3 | repository: oci://ghcr.io/kube-logging/helm-charts
4 | version: 4.11.4
5 | digest: sha256:3bb61af0b7c22f126b74d8487a651faf0bb2e5c937c76fb8302a21355d88f826
6 | generated: "2024-12-31T02:52:40.111452851Z"
7 |
--------------------------------------------------------------------------------
/charts/lagoon-logging/Chart.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v2
2 | name: lagoon-logging
3 | description: >
4 | A Helm chart for Kubernetes which installs the Lagoon container and router
5 | logs collection system.
6 | home: https://github.com/amazeeio/charts
7 | icon: https://raw.githubusercontent.com/uselagoon/lagoon-charts/main/icon.png
8 | maintainers:
9 | - name: smlx
10 | email: scott.leggett@amazee.io
11 | url: https://amazee.io
12 | kubeVersion: ">= 1.25.0-0"
13 |
14 | # Application charts are a collection of templates that can be packaged into
15 | # versioned archives to be deployed.
16 | type: application
17 |
18 | # This is the chart version. This version number should be incremented each
19 | # time you make changes to the chart and its templates, including the app
20 | # version.
21 | # Versions are expected to follow Semantic Versioning (https://semver.org/)
22 | version: 0.87.0
23 |
24 | # AppVersion is set here the same as the logging-operator chart version to
25 | # autopopulate the post-install CRD message.
26 | appVersion: 4.11.4
27 |
28 | dependencies:
29 | - name: logging-operator
30 | repository: oci://ghcr.io/kube-logging/helm-charts
31 | version: 4.11.4
32 | condition: logging-operator.enabled
33 |
34 | # This section is used to collect a changelog for artifacthub.io
35 | # It should be started afresh for each release
36 | # Valid supported kinds are added, changed, deprecated, removed, fixed and security
37 | annotations:
38 | artifacthub.io/containsSecurityUpdates: "true"
39 | artifacthub.io/changes: |
40 | - kind: changed
41 | description: this change intentionally left blank
42 | - kind: changed
43 | description: tls support for rabbitmq
44 |
--------------------------------------------------------------------------------
/charts/lagoon-logging/templates/NOTES.txt:
--------------------------------------------------------------------------------
1 | Thank you for installing {{ .Chart.Name }}.
2 |
3 | Your release is named {{ .Release.Name }} containing the logging-operator {{ .Chart.AppVersion }} release
4 |
5 | Your logs are now being sent to {{ coalesce .Values.forward.host }}:{{ .Values.forward.hostPort }}.
6 |
7 | Please ensure you install the updated CRDs manually after installing this release:
8 |
9 | helm show crds oci://ghcr.io/kube-logging/helm-charts/logging-operator --version {{ .Chart.AppVersion }} | kubectl apply -f -
10 |
--------------------------------------------------------------------------------
/charts/lagoon-logging/templates/cdn-logs-collector.fluent-conf.configmap.yaml:
--------------------------------------------------------------------------------
1 | {{- if .Values.cdnLogsCollector.enabled -}}
2 | apiVersion: v1
3 | kind: ConfigMap
4 | metadata:
5 | name: {{ include "lagoon-logging.cdnLogsCollector.fullname" . }}-fluent-conf
6 | labels:
7 | {{- include "lagoon-logging.cdnLogsCollector.labels" . | nindent 4 }}
8 | data:
9 | fluent.conf: |
10 |
11 | workers 2
12 | log_level error
13 |
14 |
15 | # prometheus metrics
16 |
17 | @type prometheus
18 |
19 |
20 | @type prometheus_monitor
21 |
22 |
23 | @type prometheus_output_monitor
24 |
25 |
26 |
27 | @type tcp
28 | @id in_tcp
29 | tag "lagoon.cdn"
30 | port 5140
31 |
32 | ca_path /fluentd/tls/ca.crt
33 | cert_path /fluentd/tls/server.crt
34 | private_key_path /fluentd/tls/server.key
35 | client_cert_auth true
36 |
37 |
38 | @type json
39 |
40 |
41 |
42 | # uncomment to debug
43 | #
44 | # @type stdout
45 | #
46 |
47 |
48 | @type forward
49 | @id out_forward
50 | # error out early
51 | verify_connection_at_startup true
52 |
53 | port 24226
54 | host "{{ include "lagoon-logging.logsDispatcher.fullname" . }}"
55 |
56 | # buffer chunks by tag
57 |
58 | @type file
59 | path /fluentd/buffer/forward
60 | # buffer params (per worker)
61 | total_limit_size 4GB
62 | # flush params
63 | flush_thread_count 4
64 | flush_interval 2s # flush every 2 seconds
65 | flush_thread_burst_interval 0 # don't sleep if there is more data to flush
66 | retry_max_interval 30s # limit exponential backoff period
67 | overflow_action drop_oldest_chunk
68 |
69 |
70 | {{- end }}
71 |
--------------------------------------------------------------------------------
/charts/lagoon-logging/templates/cdn-logs-collector.secret.yaml:
--------------------------------------------------------------------------------
1 | {{- if .Values.cdnLogsCollector.enabled -}}
2 | apiVersion: v1
3 | kind: Secret
4 | type: Opaque
5 | metadata:
6 | name: {{ include "lagoon-logging.cdnLogsCollector.fullname" . }}-tls
7 | labels:
8 | {{- include "lagoon-logging.cdnLogsCollector.labels" . | nindent 4 }}
9 | stringData:
10 | ca.crt: |
11 | {{- required "A valid .Values.cdnLogsCollector.tls.caCert required!" .Values.cdnLogsCollector.tls.caCert | nindent 4 }}
12 | server.crt: |
13 | {{- required "A valid .Values.cdnLogsCollector.tls.serverCert required!" .Values.cdnLogsCollector.tls.serverCert | nindent 4 }}
14 | server.key: |
15 | {{- required "A valid .Values.cdnLogsCollector.tls.serverKey required!" .Values.cdnLogsCollector.tls.serverKey | nindent 4 }}
16 | {{- end }}
17 |
--------------------------------------------------------------------------------
/charts/lagoon-logging/templates/cdn-logs-collector.service.yaml:
--------------------------------------------------------------------------------
1 | {{- if .Values.cdnLogsCollector.enabled -}}
2 | apiVersion: v1
3 | kind: Service
4 | metadata:
5 | name: {{ include "lagoon-logging.cdnLogsCollector.fullname" . }}
6 | labels:
7 | {{- include "lagoon-logging.cdnLogsCollector.labels" . | nindent 4 }}
8 | {{- with .Values.cdnLogsCollector.service.annotations }}
9 | annotations:
10 | {{- toYaml . | nindent 4 }}
11 | {{- end }}
12 | spec:
13 | type: {{ .Values.cdnLogsCollector.service.type }}
14 | selector:
15 | {{- include "lagoon-logging.cdnLogsCollector.selectorLabels" . | nindent 4 }}
16 | ports:
17 | - name: syslog
18 | port: 5140
19 | protocol: TCP
20 | targetPort: syslog
21 | {{- end }}
22 |
--------------------------------------------------------------------------------
/charts/lagoon-logging/templates/cdn-logs-collector.servicemonitor.yaml:
--------------------------------------------------------------------------------
1 | {{- if and .Values.cdnLogsCollector.enabled .Values.cdnLogsCollector.serviceMonitor.enabled }}
2 | apiVersion: monitoring.coreos.com/v1
3 | kind: ServiceMonitor
4 | metadata:
5 | name: {{ include "lagoon-logging.cdnLogsCollector.fullname" . }}
6 | labels:
7 | {{- include "lagoon-logging.cdnLogsCollector.labels" . | nindent 4 }}
8 | monitoring.lagoon.sh/monitorMe: 'true'
9 | spec:
10 | endpoints:
11 | - honorLabels: true
12 | path: /aggregated_metrics
13 | port: metrics
14 | scheme: http
15 | namespaceSelector:
16 | matchNames:
17 | - {{ .Release.Namespace }}
18 | selector:
19 | matchLabels:
20 | {{- include "lagoon-logging.cdnLogsCollector.selectorLabels" . | nindent 6 }}
21 | {{- end }}
22 |
--------------------------------------------------------------------------------
/charts/lagoon-logging/templates/clusterflow.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: logging.banzaicloud.io/v1beta1
2 | kind: ClusterFlow
3 | metadata:
4 | name: {{ include "lagoon-logging.fullname" . }}
5 | labels:
6 | {{- include "lagoon-logging.labels" . | nindent 4 }}
7 | spec:
8 | # match entries are considered in order
9 | # the empty "select: {}" indicates all namespaces/labels
10 | match:
11 | - exclude:
12 | namespaces:
13 | - {{ .Release.Namespace }}
14 | {{- with .Values.excludeNamespaces }}
15 | {{- toYaml . | nindent 6 }}
16 | {{- end }}
17 | {{- with .Values.extraExcludeNamespaces }}
18 | {{- toYaml . | nindent 6 }}
19 | {{- end }}
20 | {{- with .Values.selectNamespaces }}
21 | - select:
22 | namespaces:
23 | {{- toYaml . | nindent 6 }}
24 | {{- else }}
25 | - select: {}
26 | {{- end }}
27 | filters:
28 | - tag_normaliser: {}
29 | globalOutputRefs:
30 | - {{ include "lagoon-logging.fullname" . }}
31 |
--------------------------------------------------------------------------------
/charts/lagoon-logging/templates/clusteroutput.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: logging.banzaicloud.io/v1beta1
2 | kind: ClusterOutput
3 | metadata:
4 | name: {{ include "lagoon-logging.fullname" . }}
5 | labels:
6 | {{- include "lagoon-logging.labels" . | nindent 4 }}
7 | spec:
8 | forward:
9 | servers:
10 | - host: {{ include "lagoon-logging.logsDispatcher.fullname" . }}
11 | port: 24224
12 | buffer: {{- required "A valid .Values.clusterOutputBuffer required!" .Values.clusterOutputBuffer | toYaml | nindent 6 }}
13 |
--------------------------------------------------------------------------------
/charts/lagoon-logging/templates/logging.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: logging.banzaicloud.io/v1beta1
2 | kind: Logging
3 | metadata:
4 | name: {{ include "lagoon-logging.fullname" . }}
5 | labels:
6 | {{- include "lagoon-logging.labels" . | nindent 4 }}
7 | spec:
8 | enableRecreateWorkloadOnImmutableFieldChange: true
9 | fluentd:
10 | security:
11 | podSecurityContext:
12 | runAsUser: 100
13 | fsGroup: 0
14 | scaling:
15 | replicas: {{ .Values.fluentdReplicaCount }}
16 | {{- with .Values.fluentdAffinity }}
17 | affinity:
18 | {{- toYaml . | nindent 6 }}
19 | {{- end }}
20 | {{- with .Values.fluentdTolerations }}
21 | tolerations:
22 | {{- toYaml . | nindent 6 }}
23 | {{- end }}
24 | {{- with .Values.fluentdMetrics }}
25 | metrics:
26 | {{- toYaml . | nindent 6 }}
27 | {{- end }}
28 | fluentbit:
29 | # Enable a default liveness check to avoid stuck pods.
30 | # At the time of writing this just hits the metrics endpoint.
31 | # https://github.com/banzaicloud/logging-operator/blob/master/pkg/sdk/logging/api/v1beta1/logging_types.go#L452-L467
32 | livenessDefaultCheck: true
33 | filterKubernetes:
34 | namespace_labels: {{ default "Off" .Values.fluentbitNamespaceLabels | quote }}
35 | {{- if .Values.fluentbitPrivileged }}
36 | security:
37 | securityContext:
38 | privileged: true
39 | {{- end }}
40 | {{- with .Values.fluentbitTolerations }}
41 | tolerations:
42 | {{- toYaml . | nindent 4 }}
43 | {{- end }}
44 | {{- with .Values.fluentbitMetrics }}
45 | metrics:
46 | {{- toYaml . | nindent 6 }}
47 | {{- end }}
48 | controlNamespace: {{ .Release.Namespace | quote }}
49 |
--------------------------------------------------------------------------------
/charts/lagoon-logging/templates/logs-dispatcher.clusterrolebinding.yaml:
--------------------------------------------------------------------------------
1 | {{- if .Values.logsDispatcher.serviceAccount.create }}
2 | apiVersion: rbac.authorization.k8s.io/v1
3 | kind: ClusterRoleBinding
4 | metadata:
5 | name: {{ include "lagoon-logging.logsDispatcher.fullname" . }}
6 | labels:
7 | {{- include "lagoon-logging.logsDispatcher.labels" . | nindent 4 }}
8 | subjects:
9 | - kind: ServiceAccount
10 | name: {{ include "lagoon-logging.logsDispatcher.serviceAccountName" . }}
11 | namespace: {{ .Release.Namespace | quote }}
12 | roleRef:
13 | kind: ClusterRole
14 | name: view
15 | apiGroup: rbac.authorization.k8s.io
16 | {{- end }}
17 |
--------------------------------------------------------------------------------
/charts/lagoon-logging/templates/logs-dispatcher.env.configmap.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: ConfigMap
3 | metadata:
4 | name: {{ include "lagoon-logging.logsDispatcher.fullname" . }}-env
5 | labels:
6 | {{- include "lagoon-logging.logsDispatcher.labels" . | nindent 4 }}
7 | data:
8 | CLUSTER_NAME: >-
9 | {{ required "A valid .Values.clusterName required!" .Values.clusterName }}
10 | {{- if .Values.enableDefaultForwarding }}
11 | LOGS_FORWARD_HOST: >-
12 | {{ required "A valid .Values.forward.host required!" .Values.forward.host }}
13 | LOGS_FORWARD_HOSTNAME: >-
14 | {{ coalesce .Values.forward.hostName .Values.forward.host }}
15 | LOGS_FORWARD_HOST_PORT: >-
16 | {{ default "24224" .Values.forward.hostPort }}
17 | {{- end }}
18 | {{- if .Values.lagoonLogs.enabled }}
19 | RABBITMQ_HOST: {{ required "If .Values.lagoonLogs.enabled is true, a valid .Values.lagoonLogs.rabbitMQHost required!" .Values.lagoonLogs.rabbitMQHost }}
20 | {{- end }}
21 |
--------------------------------------------------------------------------------
/charts/lagoon-logging/templates/logs-dispatcher.secret.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Secret
3 | type: Opaque
4 | metadata:
5 | name: {{ include "lagoon-logging.logsDispatcher.fullname" . }}-env
6 | labels:
7 | {{- include "lagoon-logging.logsDispatcher.labels" . | nindent 4 }}
8 | stringData:
9 | {{- if .Values.enableDefaultForwarding }}
10 | LOGS_FORWARD_USERNAME: {{ required "A valid .Values.forward.username required!" .Values.forward.username }}
11 | LOGS_FORWARD_PASSWORD: {{ required "A valid .Values.forward.password required!" .Values.forward.password }}
12 | # self hostname should match the CN on the client certificate
13 | LOGS_FORWARD_SELF_HOSTNAME: {{ required "A valid .Values.forward.selfHostname required!" .Values.forward.selfHostname }}
14 | LOGS_FORWARD_SHARED_KEY: {{ required "A valid .Values.forward.sharedKey required!" .Values.forward.sharedKey }}
15 | {{- end }}
16 | {{- if .Values.lagoonLogs.enabled }}
17 | RABBITMQ_USER: {{ required "If .Values.lagoonLogs.enabled is true, a valid .Values.lagoonLogs.rabbitMQUser required!" .Values.lagoonLogs.rabbitMQUser }}
18 | RABBITMQ_PASSWORD: {{ required "If .Values.lagoonLogs.enabled is true, a valid .Values.lagoonLogs.rabbitMQPassword required!" .Values.lagoonLogs.rabbitMQPassword }}
19 | {{- end }}
20 | {{- if .Values.enableDefaultForwarding }}
21 | ---
22 | apiVersion: v1
23 | kind: Secret
24 | type: Opaque
25 | metadata:
26 | name: {{ include "lagoon-logging.logsDispatcher.fullname" . }}-tls
27 | labels:
28 | {{- include "lagoon-logging.logsDispatcher.labels" . | nindent 4 }}
29 | stringData:
30 | ca.crt: |
31 | {{- required "A valid .Values.tls.caCert required!" .Values.tls.caCert | nindent 4 }}
32 | client.crt: |
33 | {{- required "A valid .Values.tls.clientCert required!" .Values.tls.clientCert | nindent 4 }}
34 | client.key: |
35 | {{- required "A valid .Values.tls.clientKey required!" .Values.tls.clientKey | nindent 4 }}
36 | {{- end }}
37 | {{- if .Values.lagoonLogs.broker.tlsCA.secretData }}
38 | ---
39 | apiVersion: v1
40 | kind: Secret
41 | type: Opaque
42 | metadata:
43 | name: {{ .Values.lagoonLogs.broker.tlsCA.secretName }}
44 | labels:
45 | {{- include "lagoon-build-deploy.labels" . | nindent 4 }}
46 | stringData:
47 | {{- with .Values.lagoonLogs.broker.tlsCA.secretData }}
48 | {{- . | toYaml | nindent 2 }}
49 | {{- end }}
50 | {{- end }}
--------------------------------------------------------------------------------
/charts/lagoon-logging/templates/logs-dispatcher.service.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Service
3 | metadata:
4 | name: {{ include "lagoon-logging.logsDispatcher.fullname" . }}
5 | labels:
6 | {{- include "lagoon-logging.logsDispatcher.labels" . | nindent 4 }}
7 | spec:
8 | type: ClusterIP
9 | selector:
10 | {{- include "lagoon-logging.logsDispatcher.selectorLabels" . | nindent 4 }}
11 | ports:
12 | - name: forward
13 | port: 24224
14 | protocol: TCP
15 | targetPort: forward
16 | - name: haproxy-forward
17 | port: 24225
18 | protocol: TCP
19 | targetPort: haproxy-forward
20 | - name: cdn-forward
21 | port: 24226
22 | protocol: TCP
23 | targetPort: cdn-forward
24 | - name: metrics
25 | port: 24231
26 | protocol: TCP
27 | targetPort: metrics
28 | - name: application
29 | port: 5140
30 | protocol: UDP
31 | targetPort: application
32 |
--------------------------------------------------------------------------------
/charts/lagoon-logging/templates/logs-dispatcher.serviceaccount.yaml:
--------------------------------------------------------------------------------
1 | {{- if .Values.logsDispatcher.serviceAccount.create -}}
2 | apiVersion: v1
3 | kind: ServiceAccount
4 | metadata:
5 | name: {{ include "lagoon-logging.logsDispatcher.serviceAccountName" . }}
6 | labels:
7 | {{- include "lagoon-logging.logsDispatcher.labels" . | nindent 4 }}
8 | {{- with .Values.logsDispatcher.serviceAccount.annotations }}
9 | annotations:
10 | {{- toYaml . | nindent 4 }}
11 | {{- end }}
12 | {{- end }}
13 |
--------------------------------------------------------------------------------
/charts/lagoon-logging/templates/logs-dispatcher.servicemonitor.yaml:
--------------------------------------------------------------------------------
1 | {{- if .Values.logsDispatcher.serviceMonitor.enabled }}
2 | apiVersion: monitoring.coreos.com/v1
3 | kind: ServiceMonitor
4 | metadata:
5 | name: {{ include "lagoon-logging.logsDispatcher.fullname" . }}
6 | labels:
7 | {{- include "lagoon-logging.logsDispatcher.labels" . | nindent 4 }}
8 | monitoring.lagoon.sh/monitorMe: 'true'
9 | spec:
10 | endpoints:
11 | - honorLabels: true
12 | path: /aggregated_metrics
13 | port: metrics
14 | scheme: http
15 | namespaceSelector:
16 | matchNames:
17 | - {{ .Release.Namespace }}
18 | selector:
19 | matchLabels:
20 | {{- include "lagoon-logging.logsDispatcher.selectorLabels" . | nindent 6 }}
21 | {{- end }}
22 |
--------------------------------------------------------------------------------
/charts/lagoon-logging/templates/logs-dispatcher.source-lagoon.configmap.yaml:
--------------------------------------------------------------------------------
1 | {{- if .Values.lagoonLogs.enabled }}
2 | apiVersion: v1
3 | kind: ConfigMap
4 | metadata:
5 | name: {{ include "lagoon-logging.logsDispatcher.fullname" . }}-source-lagoon
6 | labels:
7 | {{- include "lagoon-logging.logsDispatcher.labels" . | nindent 4 }}
8 | data:
9 | lagoon.conf: |
10 | # lagoon logs from rabbitmq
11 |
12 | @type rabbitmq
13 | @id in_lagoon
14 | tag "lagoon.#{ENV['CLUSTER_NAME']}.lagoon"
15 | host "#{ENV['RABBITMQ_HOST']}"
16 | user "#{ENV['RABBITMQ_USER']}"
17 | pass "#{ENV['RABBITMQ_PASSWORD']}"
18 | # logstash default vhost
19 | vhost /
20 | exchange lagoon-logs
21 | exchange_type direct
22 | routing_key ""
23 | queue "lagoon-logs:logs-dispatcher"
24 | durable true
25 | {{- if .Values.lagoonLogs.broker.tls.enabled }}
26 | tls true
27 | {{- if .Values.lagoonLogs.broker.tlsCA.enabled }}
28 | tls_ca_certificates ["/lagoon-ca.crt"]
29 | {{- end }}
30 | verify_peer {{ .Values.lagoonLogs.tls.verifyPeer }}
31 | {{- end }}
32 |
33 | {{- end }}
34 |
--------------------------------------------------------------------------------
/charts/lagoon-logging/templates/logs-dispatcher.store.configmap.yaml:
--------------------------------------------------------------------------------
1 | {{- if .Values.exportLogs -}}
2 | apiVersion: v1
3 | kind: ConfigMap
4 | metadata:
5 | name: {{ include "lagoon-logging.logsDispatcher.fullname" . }}-store
6 | labels:
7 | {{- include "lagoon-logging.logsDispatcher.labels" . | nindent 4 }}
8 | data:
9 | {{- toYaml .Values.exportLogs | nindent 2 }}
10 | {{- end }}
11 |
--------------------------------------------------------------------------------
/charts/lagoon-logging/templates/openshift-haproxy-logs-collector.fluent-bit-conf.configmap.yaml:
--------------------------------------------------------------------------------
1 | {{- if .Values.openshiftHaproxyLogsCollector.enabled -}}
2 | apiVersion: v1
3 | kind: ConfigMap
4 | metadata:
5 | name: {{ include "lagoon-logging.openshiftHaproxyLogsCollector.fullname" . }}-conf
6 | labels:
7 | {{- include "lagoon-logging.openshiftHaproxyLogsCollector.labels" . | nindent 4 }}
8 | data:
9 | fluent-bit.conf: |
10 | [SERVICE]
11 | HTTP_Server On
12 | HTTP_Port 2020
13 | Parsers_File parsers.conf
14 | storage.path /fluent-bit/buffer
15 | Flush 2
16 | Log_Level warn
17 |
18 | [INPUT]
19 | Name syslog
20 | Mode udp
21 | Port 5141
22 | Parser haproxy
23 | Tag router_openshift
24 | # max IPv4 UDP payload size
25 | # this is also the max buffer size for udp as per
26 | # https://docs.fluentbit.io/manual/pipeline/inputs/syslog#considerations
27 | Buffer_Chunk_Size 65507
28 |
29 | [OUTPUT]
30 | Name forward
31 | Match router_openshift
32 | Host {{ include "lagoon-logging.logsDispatcher.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local
33 | Port 24225
34 | parsers.conf: |
35 | [PARSER]
36 | Name haproxy
37 | Format regex
38 | Regex ^\<(?:[0-9]{1,5})\>.{,15} (?\w+)\[(?\d+)\]: (?\S+):(?\d+) \[(?\S+)\] (?\S+) (?\S+):(?(?\S+):\S+\/pod:(?[^:]+):(?[^:]+)):\S+ (?[\d-]+)\/(?[\d-]+)\/(?[\d-]+)\/(?[\d-]+)\/(?[\d+-]+) (?\d+) (?[\d+]+) (?\S+) (?\S+) (?\S+) (?\d+)\/(?\d+)\/(?\d+)\/(?\d+)\/(?\d+) (?\d+)\/(?\d+) (\{(?.+)\|(?.+)?\} )?"(?(?\S+) (?\S+)(?: (?.+))?)"$
39 | Time_Key request_date
40 | Time_Format %d/%b/%Y:%T.%L
41 | Types pid:integer client_port:integer TR:integer Tw:integer Tc:integer Tr:integer Ta:integer bytes_read:integer actconn:integer feconn:integer beconn:integer srv_conn:integer retries:integer srv_queue:integer backend_queue:integer
42 | {{- end }}
43 |
--------------------------------------------------------------------------------
/charts/lagoon-logging/templates/openshift-haproxy-logs-collector.service.yaml:
--------------------------------------------------------------------------------
1 | {{- if .Values.openshiftHaproxyLogsCollector.enabled -}}
2 | apiVersion: v1
3 | kind: Service
4 | metadata:
5 | name: {{ include "lagoon-logging.openshiftHaproxyLogsCollector.fullname" . }}
6 | labels:
7 | {{- include "lagoon-logging.openshiftHaproxyLogsCollector.labels" . | nindent 4 }}
8 | spec:
9 | type: ClusterIP
10 | selector:
11 | {{- include "lagoon-logging.openshiftHaproxyLogsCollector.selectorLabels" . | nindent 4 }}
12 | ports:
13 | - name: metrics
14 | port: 2020
15 | protocol: TCP
16 | targetPort: metrics
17 | - name: haproxy-logs
18 | port: 5141
19 | protocol: UDP
20 | targetPort: haproxy-logs
21 | {{- end }}
22 |
--------------------------------------------------------------------------------
/charts/lagoon-logging/templates/openshift-haproxy-logs-collector.servicemonitor.yaml:
--------------------------------------------------------------------------------
1 | {{- if and .Values.openshiftHaproxyLogsCollector.enabled .Values.openshiftHaproxyLogsCollector.serviceMonitor.enabled -}}
2 | apiVersion: monitoring.coreos.com/v1
3 | kind: ServiceMonitor
4 | metadata:
5 | name: {{ include "lagoon-logging.openshiftHaproxyLogsCollector.fullname" . }}
6 | labels:
7 | {{- include "lagoon-logging.openshiftHaproxyLogsCollector.labels" . | nindent 4 }}
8 | monitoring.lagoon.sh/monitorMe: "true"
9 | spec:
10 | endpoints:
11 | - honorLabels: true
12 | path: /api/v1/metrics/prometheus
13 | port: metrics
14 | scheme: http
15 | namespaceSelector:
16 | matchNames:
17 | - {{ .Release.Namespace }}
18 | selector:
19 | matchLabels:
20 | {{- include "lagoon-logging.openshiftHaproxyLogsCollector.selectorLabels" . | nindent 6 }}
21 | {{- end }}
22 |
--------------------------------------------------------------------------------
/charts/lagoon-logging/templates/tests/cdn-service-annotations.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: rbac.authorization.k8s.io/v1
3 | kind: Role
4 | metadata:
5 | name: service-reader
6 | annotations:
7 | "helm.sh/hook": test
8 | "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
9 | "helm.sh/hook-weight": "-2"
10 | rules:
11 | - apiGroups: [""] # "" indicates the core API group
12 | resources: ["services"]
13 | verbs: ["get", "watch", "list"]
14 | ---
15 | apiVersion: rbac.authorization.k8s.io/v1
16 | kind: RoleBinding
17 | metadata:
18 | name: read-services
19 | annotations:
20 | "helm.sh/hook": test
21 | "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
22 | "helm.sh/hook-weight": "-1"
23 | subjects:
24 | - kind: Group
25 | name: system:serviceaccounts # all serviceaccounts
26 | apiGroup: rbac.authorization.k8s.io
27 | roleRef:
28 | kind: Role
29 | name: service-reader
30 | apiGroup: rbac.authorization.k8s.io
31 | ---
32 | apiVersion: v1
33 | kind: Pod
34 | metadata:
35 | name: {{ include "lagoon-logging.logsDispatcher.fullname" . }}-test-cdn-service-annotations
36 | labels:
37 | {{- include "lagoon-logging.logsDispatcher.labels" . | nindent 4 }}
38 | annotations:
39 | "helm.sh/hook": test
40 | "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
41 | "helm.sh/hook-weight": "0"
42 | spec:
43 | containers:
44 | - name: kubectl
45 | image: alpine:latest
46 | command:
47 | - sh
48 | args:
49 | - "-c"
50 | - |
51 | set -eu
52 | apk add --no-cache kubectl jq
53 | kubectl get svc -o json {{ include "lagoon-logging.cdnLogsCollector.fullname" . }} |
54 | jq -e '.metadata.annotations["sh.lagoon.chart.testKey"] == "lagoonTestValue"'
55 | restartPolicy: Never
56 |
--------------------------------------------------------------------------------
/charts/lagoon-logging/templates/tests/test-connection.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Pod
3 | metadata:
4 | name: "{{ include "lagoon-logging.logsDispatcher.fullname" . }}-test-connection"
5 | labels:
6 | {{- include "lagoon-logging.logsDispatcher.labels" . | nindent 4 }}
7 | annotations:
8 | "helm.sh/hook": test
9 | "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
10 | spec:
11 | containers:
12 | - name: nc
13 | image: busybox:musl
14 | command:
15 | - nc
16 | args:
17 | - "-vzw5"
18 | - "{{ include "lagoon-logging.logsDispatcher.fullname" . }}"
19 | - "24224"
20 | restartPolicy: Never
21 |
--------------------------------------------------------------------------------
/charts/lagoon-logging/test-parser-regex.rb:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env ruby
2 |
3 | # This script is for testing the regex used to parse haproxy logs.
4 | # Successfully parsed lines are printed to STDOUT.
5 | # Unmatched lines are prefixed with "ERROR matching: ".
6 | #
7 | # Usage:
8 | # ./test-parser-regex.rb /tmp/haproxy.log
9 | # OR
10 | # ./test-parser-regex.rb < /tmp/haproxy.log
11 |
12 | # current haproxy regex copied from the fluentd configmap
13 | regex = /^.{,15} (?\w+)\[(?\d+)\]: (?\S+):(?\d+) \[(?\S+)\] (?\S+) (?\S+):(?(?\S+):\S+\/pod:(?[^:]+):(?[^:]+)):\S+ (?[\d-]+)\/(?[\d-]+)\/(?[\d-]+)\/(?[\d-]+)\/(?[\d+-]+) (?\d+) (?[\d+]+) (?\S+) (?\S+) (?\S+) (?\d+)\/(?\d+)\/(?\d+)\/(?\d+)\/(?\d+) (?\d+)\/(?\d+) (\{(?.+)\|(?.+)?\} )?"(?(?\S+) (?\S+)(?: (?.+))?)"/
14 |
15 | # another example: the nginx parsing regex used by fluentd
16 | # based on https://docs.fluentd.org/parser/nginx#regexp-patterns, but with some
17 | # tweaks for forwarded_for.
18 | # regex = /^(?[^ ]*) (?[^ ]*) (?[^ ]*) \[(?