diff --git a/Dockerfile b/Dockerfile index 56433b36..a7b13ffa 100644 --- a/Dockerfile +++ b/Dockerfile @@ -78,13 +78,11 @@ RUN apk add -U --repository http://dl-cdn.alpinelinux.org/alpine/edge/testing au && apk upgrade --no-cache openssh openssh-keygen openssh-client-common openssh-client-default \ && apk add --no-cache openssl curl jq parallel bash git py-pip skopeo \ && git config --global user.email "lagoon@lagoon.io" && git config --global user.name lagoon \ - && pip install --break-system-packages shyaml yq + && pip install --break-system-packages yq RUN architecture=$(case $(uname -m) in x86_64 | amd64) echo "amd64" ;; aarch64 | arm64 | armv8) echo "arm64" ;; *) echo "amd64" ;; esac) \ && curl -Lo /usr/bin/kubectl https://dl.k8s.io/release/$KUBECTL_VERSION/bin/linux/${architecture}/kubectl \ && chmod +x /usr/bin/kubectl \ - && curl -Lo /usr/bin/yq3 https://github.com/mikefarah/yq/releases/download/3.3.2/yq_linux_${architecture} \ - && chmod +x /usr/bin/yq3 \ && curl -Lo /usr/bin/yq https://github.com/mikefarah/yq/releases/download/v4.35.2/yq_linux_${architecture} \ && chmod +x /usr/bin/yq \ && curl -Lo /tmp/helm.tar.gz https://get.helm.sh/helm-${HELM_VERSION}-linux-${architecture}.tar.gz \ diff --git a/cmd/root.go b/cmd/root.go index e88ae3cc..72b7e839 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -153,6 +153,8 @@ func init() { "Ignore missing env_file files (true by default, subject to change).") rootCmd.PersistentFlags().StringP("images", "", "", "JSON representation of service:image reference") + rootCmd.PersistentFlags().StringP("dbaas-creds", "", "", + "JSON representation of dbaas credential references") } // initConfig reads in config file and ENV variables if set. diff --git a/cmd/template_lagoonenv.go b/cmd/template_lagoonenv.go new file mode 100644 index 00000000..7f1a9495 --- /dev/null +++ b/cmd/template_lagoonenv.go @@ -0,0 +1,120 @@ +package cmd + +import ( + "encoding/json" + "fmt" + "os" + "strings" + + "github.com/spf13/cobra" + generator "github.com/uselagoon/build-deploy-tool/internal/generator" + "github.com/uselagoon/build-deploy-tool/internal/helpers" + servicestemplates "github.com/uselagoon/build-deploy-tool/internal/templating" +) + +type DBaaSCredRefs []map[string]string + +var lagoonEnvGeneration = &cobra.Command{ + Use: "lagoon-env", + Aliases: []string{"le"}, + Short: "Generate the lagoon-env secret template for a Lagoon build", + RunE: func(cmd *cobra.Command, args []string) error { + generator, err := generator.GenerateInput(*rootCmd, true) + if err != nil { + return err + } + routes, err := cmd.Flags().GetString("routes") + if err != nil { + return fmt.Errorf("error reading routes flag: %v", err) + } + secretName, err := cmd.Flags().GetString("secret-name") + if err != nil { + return fmt.Errorf("error reading secret-name flag: %v", err) + } + dbaasCreds, err := rootCmd.PersistentFlags().GetString("dbaas-creds") + if err != nil { + return fmt.Errorf("error reading dbaas creds flag: %v", err) + } + configMapVars, err := cmd.Flags().GetString("configmap-vars") + if err != nil { + return fmt.Errorf("error reading configmap variables flag: %v", err) + } + dbaasCredRefs, err := loadCredsFromFile(dbaasCreds) + if err != nil { + return err + } + cmVars := map[string]string{} + if err := json.Unmarshal([]byte(configMapVars), &cmVars); err != nil { + return fmt.Errorf("error unmarshalling lagoon-env configmap variables payload: %v", err) + } + generator.ConfigMapVars = cmVars + dbCreds := map[string]string{} + for _, v := range *dbaasCredRefs { + for k, v1 := range v { + dbCreds[k] = v1 + } + } + generator.DBaaSVariables = dbCreds + return LagoonEnvTemplateGeneration(secretName, generator, routes) + }, +} + +func loadCredsFromFile(file string) (*DBaaSCredRefs, error) { + dbaasCredRefs := &DBaaSCredRefs{} + dbaasCredJSON, err := os.ReadFile(file) + if err != nil { + return nil, fmt.Errorf("couldn't read file %v: %v", file, err) + } + if err := json.Unmarshal(dbaasCredJSON, dbaasCredRefs); err != nil { + return nil, fmt.Errorf("error unmarshalling dbaas creds payload: %v", err) + } + return dbaasCredRefs, nil +} + +// LagoonEnvTemplateGeneration . +func LagoonEnvTemplateGeneration( + name string, + g generator.GeneratorInput, + routes string, +) error { + lagoonBuild, err := generator.NewGenerator( + g, + ) + if err != nil { + return err + } + savedTemplates := g.SavedTemplatesPath + // if the routes have been passed from the command line, use them instead. we do this since lagoon currently doesn't enforce route state to match + // what is in the `.lagoon.yml` file, so there may be items that exist in the cluster that don't exist in yaml + // eventually once route state enforcement is enforced, or the tool can reconcile what is in the cluster itself rather than in bash + // then this can be removed + // https://github.com/uselagoon/build-deploy-tool/blob/f527a89ad5efb46e19a2f59d9ff3ffbff541e2a2/legacy/build-deploy-docker-compose.sh#L1090 + if routes != "" { + lagoonBuild.BuildValues.Routes = strings.Split(routes, ",") + } + cm, err := servicestemplates.GenerateLagoonEnvSecret(name, *lagoonBuild.BuildValues) + if err != nil { + return fmt.Errorf("couldn't generate template: %v", err) + } + templateBytes, err := servicestemplates.TemplateSecret(cm) + if err != nil { + return fmt.Errorf("couldn't generate template: %v", err) + } + if len(templateBytes) > 0 { + if g.Debug { + fmt.Printf("Templating lagoon-env secret %s\n", fmt.Sprintf("%s/%s-secret.yaml", savedTemplates, name)) + } + helpers.WriteTemplateFile(fmt.Sprintf("%s/%s-secret.yaml", savedTemplates, name), templateBytes) + } + return nil +} + +func init() { + templateCmd.AddCommand(lagoonEnvGeneration) + lagoonEnvGeneration.Flags().StringP("routes", "R", "", + "The routes from the environment") + lagoonEnvGeneration.Flags().StringP("secret-name", "S", "", + "The name of the secret") + lagoonEnvGeneration.Flags().StringP("configmap-vars", "N", "", + "Any variables from the legacy configmap that need to be retained") +} diff --git a/cmd/template_lagoonenv_test.go b/cmd/template_lagoonenv_test.go new file mode 100644 index 00000000..841d1401 --- /dev/null +++ b/cmd/template_lagoonenv_test.go @@ -0,0 +1,378 @@ +package cmd + +import ( + "fmt" + "os" + "reflect" + "testing" + + "github.com/andreyvit/diff" + "github.com/uselagoon/build-deploy-tool/internal/dbaasclient" + "github.com/uselagoon/build-deploy-tool/internal/helpers" + "github.com/uselagoon/build-deploy-tool/internal/lagoon" + "github.com/uselagoon/build-deploy-tool/internal/testdata" +) + +func TestLagoonEnvTemplateGeneration(t *testing.T) { + tests := []struct { + name string + description string + secretName string + args testdata.TestData + configMapVars map[string]string + templatePath string + want string + dbaasCreds string + vars []helpers.EnvironmentVariable + }{ + { + name: "test-basic-deployment-lagoon-env", + description: "a basic deployment lagoon-env secret", + args: testdata.GetSeedData( + testdata.TestData{ + ProjectName: "example-project", + EnvironmentName: "main", + Branch: "main", + LagoonYAML: "internal/testdata/basic/lagoon.yml", + ProjectVariables: []lagoon.EnvironmentVariable{ + { + Name: "MY_SPECIAL_VARIABLE1", + Value: "myspecialvariable1", + Scope: "global", + }, + { + Name: "MY_SPECIAL_VARIABLE2", + Value: "myspecialvariable2", + Scope: "runtime", + }, + { + Name: "MY_SPECIAL_VARIABLE3", + Value: "myspecialvariable3", + Scope: "build", + }, + { + Name: "MY_SPECIAL_VARIABLE", + Value: "myspecialvariable", + Scope: "global", + }, + { + Name: "LAGOON_SYSTEM_CORE_VERSION", + Value: "v2.19.0", + Scope: "internal_system", + }, + { + Name: "REGISTRY_PASSWORD", + Value: "myenvvarregistrypassword", + Scope: "container_registry", + }, + }, + EnvVariables: []lagoon.EnvironmentVariable{ + { + Name: "MY_SPECIAL_VARIABLE2", + Value: "myspecialvariable2-env-override", + Scope: "global", + }, + { + Name: "MY_SPECIAL_VARIABLE4", + Value: "myspecialvariable4", + Scope: "runtime", + }, + }, + }, true), + templatePath: "testoutput", + secretName: "lagoon-env", + want: "internal/testdata/basic/secret-templates/test-basic-deployment-lagoon-env", + }, + { + name: "test-basic-deployment-mariadbcreds-lagoon-env", + description: "test a basic deployment with mariadb creds", + args: testdata.GetSeedData( + testdata.TestData{ + ProjectName: "example-project", + EnvironmentName: "main", + Branch: "main", + LagoonYAML: "internal/testdata/basic/lagoon.yml", + ProjectVariables: []lagoon.EnvironmentVariable{ + { + Name: "MY_SPECIAL_VARIABLE1", + Value: "myspecialvariable1", + Scope: "global", + }, + { + Name: "MY_SPECIAL_VARIABLE2", + Value: "myspecialvariable2", + Scope: "runtime", + }, + { + Name: "MY_SPECIAL_VARIABLE3", + Value: "myspecialvariable3", + Scope: "build", + }, + { + Name: "MY_SPECIAL_VARIABLE", + Value: "myspecialvariable", + Scope: "global", + }, + { + Name: "LAGOON_SYSTEM_CORE_VERSION", + Value: "v2.19.0", + Scope: "internal_system", + }, + { + Name: "REGISTRY_PASSWORD", + Value: "myenvvarregistrypassword", + Scope: "container_registry", + }, + }, + EnvVariables: []lagoon.EnvironmentVariable{ + { + Name: "MY_SPECIAL_VARIABLE2", + Value: "myspecialvariable2-env-override", + Scope: "global", + }, + { + Name: "MY_SPECIAL_VARIABLE4", + Value: "myspecialvariable4", + Scope: "runtime", + }, + }, + }, true), + dbaasCreds: "internal/testdata/basic/basic-mariadb-creds.json", + templatePath: "testoutput", + secretName: "lagoon-env", + want: "internal/testdata/basic/secret-templates/test-basic-deployment-mariadbcreds-lagoon-env", + }, + { + name: "lagoon-env-with-configmap-vars", + description: "test generating a lagoon-env secret when an existing configmap exists with variables that aren't in the api", + args: testdata.GetSeedData( + testdata.TestData{ + ProjectName: "example-project", + EnvironmentName: "main", + Branch: "main", + LagoonYAML: "internal/testdata/basic/lagoon.yml", + ProjectVariables: []lagoon.EnvironmentVariable{ + { + Name: "MY_SPECIAL_VARIABLE1", + Value: "myspecialvariable1", + Scope: "global", + }, + { + Name: "MY_SPECIAL_VARIABLE2", + Value: "myspecialvariable2", + Scope: "runtime", + }, + { + Name: "MY_SPECIAL_VARIABLE3", + Value: "myspecialvariable3", + Scope: "build", + }, + { + Name: "MY_SPECIAL_VARIABLE", + Value: "myspecialvariable", + Scope: "global", + }, + { + Name: "LAGOON_SYSTEM_CORE_VERSION", + Value: "v2.19.0", + Scope: "internal_system", + }, + { + Name: "REGISTRY_PASSWORD", + Value: "myenvvarregistrypassword", + Scope: "container_registry", + }, + }, + EnvVariables: []lagoon.EnvironmentVariable{ + { + Name: "MY_SPECIAL_VARIABLE2", + Value: "myspecialvariable2-env-override", + Scope: "global", + }, + { + Name: "MY_SPECIAL_VARIABLE4", + Value: "myspecialvariable4", + Scope: "runtime", + }, + }, + }, true), + configMapVars: map[string]string{ + "MY_SPECIAL_VARIABLE": "myspecialvariable", + "MY_SPECIAL_VARIABLE1": "myspecialvariable1", + "MY_SPECIAL_VARIABLE2": "myspecialvariable2", + "MY_SPECIAL_VARIABLE3": "myspecialvariable3", + "MY_SPECIAL_VARIABLE4": "myspecialvariable4", + }, + templatePath: "testoutput", + secretName: "lagoon-env", + want: "internal/testdata/basic/secret-templates/lagoon-env-with-configmap-vars", + }, + { + name: "lagoon-platform-env-with-configmap-vars", + description: `test generating a lagoon-platform-env secret when an existing configmap exists with variables that aren't in the api. + same as lagoon-env-with-configmap-vars, just the the variables not in the API at the time of creation`, + args: testdata.GetSeedData( + testdata.TestData{ + ProjectName: "example-project", + EnvironmentName: "main", + Branch: "main", + LagoonYAML: "internal/testdata/basic/lagoon.yml", + ProjectVariables: []lagoon.EnvironmentVariable{ + { + Name: "MY_SPECIAL_VARIABLE1", + Value: "myspecialvariable1", + Scope: "global", + }, + { + Name: "MY_SPECIAL_VARIABLE2", + Value: "myspecialvariable2", + Scope: "runtime", + }, + { + Name: "MY_SPECIAL_VARIABLE3", + Value: "myspecialvariable3", + Scope: "build", + }, + { + Name: "MY_SPECIAL_VARIABLE", + Value: "myspecialvariable", + Scope: "global", + }, + { + Name: "LAGOON_SYSTEM_CORE_VERSION", + Value: "v2.19.0", + Scope: "internal_system", + }, + { + Name: "REGISTRY_PASSWORD", + Value: "myenvvarregistrypassword", + Scope: "container_registry", + }, + }, + EnvVariables: []lagoon.EnvironmentVariable{ + { + Name: "MY_SPECIAL_VARIABLE2", + Value: "myspecialvariable2-env-override", + Scope: "global", + }, + { + Name: "MY_SPECIAL_VARIABLE4", + Value: "myspecialvariable4", + Scope: "runtime", + }, + }, + }, true), + configMapVars: map[string]string{ + "MY_SPECIAL_VARIABLE": "myspecialvariable", + "MY_SPECIAL_VARIABLE1": "myspecialvariable1", + "MY_SPECIAL_VARIABLE2": "myspecialvariable2", + "MY_SPECIAL_VARIABLE3": "myspecialvariable3", + "MY_SPECIAL_VARIABLE4": "myspecialvariable4", + }, + templatePath: "testoutput", + secretName: "lagoon-platform-env", + want: "internal/testdata/basic/secret-templates/lagoon-platform-env-with-configmap-vars", + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + helpers.UnsetEnvVars(tt.vars) //unset variables before running tests + for _, envVar := range tt.vars { + err := os.Setenv(envVar.Name, envVar.Value) + if err != nil { + t.Errorf("%v", err) + } + } + // set the environment variables from args + savedTemplates := tt.templatePath + generator, err := testdata.SetupEnvironment(*rootCmd, savedTemplates, tt.args) + if err != nil { + t.Errorf("%v", err) + } + + err = os.MkdirAll(savedTemplates, 0755) + if err != nil { + t.Errorf("couldn't create directory %v: %v", savedTemplates, err) + } + + defer os.RemoveAll(savedTemplates) + + ts := dbaasclient.TestDBaaSHTTPServer() + defer ts.Close() + err = os.Setenv("DBAAS_OPERATOR_HTTP", ts.URL) + if err != nil { + t.Errorf("%v", err) + } + dbaasCreds := &DBaaSCredRefs{} + if tt.dbaasCreds != "" { + dbaasCreds, err = loadCredsFromFile(tt.dbaasCreds) + if err != nil { + t.Errorf("%v", err) + } + dbCreds := map[string]string{} + for _, v := range *dbaasCreds { + for k, v1 := range v { + dbCreds[k] = v1 + } + } + generator.DBaaSVariables = dbCreds + } + generator.ConfigMapVars = tt.configMapVars + err = LagoonEnvTemplateGeneration(tt.secretName, generator, "") + if err != nil { + t.Errorf("%v", err) + } + + files, err := os.ReadDir(savedTemplates) + if err != nil { + t.Errorf("couldn't read directory %v: %v", savedTemplates, err) + } + results, err := os.ReadDir(tt.want) + if err != nil { + t.Errorf("couldn't read directory %v: %v", tt.want, err) + } + if len(files) != len(results) { + for _, f := range files { + f1, err := os.ReadFile(fmt.Sprintf("%s/%s", savedTemplates, f.Name())) + if err != nil { + t.Errorf("couldn't read file %v: %v", savedTemplates, err) + } + fmt.Println(string(f1)) + } + t.Errorf("number of generated templates doesn't match results %v/%v: %v", len(files), len(results), err) + } + fCount := 0 + for _, f := range files { + for _, r := range results { + if f.Name() == r.Name() { + fCount++ + f1, err := os.ReadFile(fmt.Sprintf("%s/%s", savedTemplates, f.Name())) + if err != nil { + t.Errorf("couldn't read file %v: %v", savedTemplates, err) + } + r1, err := os.ReadFile(fmt.Sprintf("%s/%s", tt.want, f.Name())) + if err != nil { + t.Errorf("couldn't read file %v: %v", tt.want, err) + } + if !reflect.DeepEqual(f1, r1) { + t.Errorf("LagoonEnvTemplateGeneration() = \n%v", diff.LineDiff(string(r1), string(f1))) + } + } + } + } + if fCount != len(files) { + for _, f := range files { + f1, err := os.ReadFile(fmt.Sprintf("%s/%s", savedTemplates, f.Name())) + if err != nil { + t.Errorf("couldn't read file %v: %v", savedTemplates, err) + } + fmt.Println(string(f1)) + } + t.Errorf("resulting templates do not match") + } + t.Cleanup(func() { + helpers.UnsetEnvVars(tt.vars) + }) + }) + } +} diff --git a/internal/generator/build_data.go b/internal/generator/build_data.go index efdbb67c..e34fc4cf 100644 --- a/internal/generator/build_data.go +++ b/internal/generator/build_data.go @@ -9,13 +9,15 @@ import ( ) // this creates a bunch of standard environment variables that are injected into the `lagoon-env` configmap normally -func collectBuildVariables(buildValues BuildValues) []lagoon.EnvironmentVariable { +func collectLagoonEnvConfigmapVariables(buildValues BuildValues) []lagoon.EnvironmentVariable { vars := []lagoon.EnvironmentVariable{} vars = append(vars, lagoon.EnvironmentVariable{Name: "LAGOON_PROJECT", Value: buildValues.Project, Scope: "runtime"}) vars = append(vars, lagoon.EnvironmentVariable{Name: "LAGOON_ENVIRONMENT", Value: buildValues.Environment, Scope: "runtime"}) vars = append(vars, lagoon.EnvironmentVariable{Name: "LAGOON_ENVIRONMENT_TYPE", Value: buildValues.EnvironmentType, Scope: "runtime"}) vars = append(vars, lagoon.EnvironmentVariable{Name: "LAGOON_GIT_SHA", Value: buildValues.GitSHA, Scope: "runtime"}) vars = append(vars, lagoon.EnvironmentVariable{Name: "LAGOON_KUBERNETES", Value: buildValues.Kubernetes, Scope: "runtime"}) + // LAGOON_GIT_SAFE_BRANCH is pointing to the enviornment name, therefore also is filled if this environment + // is created by a PR or Promote workflow. This technically wrong, therefore will be removed vars = append(vars, lagoon.EnvironmentVariable{Name: "LAGOON_GIT_SAFE_BRANCH", Value: buildValues.Environment, Scope: "runtime"}) //deprecated??? (https://github.com/uselagoon/lagoon/blob/1053965321495213591f4c9110f90a9d9dcfc946/images/kubectl-build-deploy-dind/build-deploy-docker-compose.sh#L748) if buildValues.BuildType == "branch" { vars = append(vars, lagoon.EnvironmentVariable{Name: "LAGOON_GIT_BRANCH", Value: buildValues.Branch, Scope: "runtime"}) @@ -26,15 +28,23 @@ func collectBuildVariables(buildValues BuildValues) []lagoon.EnvironmentVariable vars = append(vars, lagoon.EnvironmentVariable{Name: "LAGOON_PR_TITLE", Value: buildValues.PRTitle, Scope: "runtime"}) vars = append(vars, lagoon.EnvironmentVariable{Name: "LAGOON_PR_NUMBER", Value: buildValues.PRNumber, Scope: "runtime"}) } - if buildValues.ActiveEnvironment != "" { - vars = append(vars, lagoon.EnvironmentVariable{Name: "LAGOON_ACTIVE_ENVIRONMENT", Value: buildValues.ActiveEnvironment, Scope: "runtime"}) - } - if buildValues.StandbyEnvironment != "" { - vars = append(vars, lagoon.EnvironmentVariable{Name: "LAGOON_STANDBY_ENVIRONMENT", Value: buildValues.StandbyEnvironment, Scope: "runtime"}) - } + // @TODO: check if these would actually be useful, they've never been used by anything before + // commenting out for now + // if buildValues.ActiveEnvironment != "" { + // vars = append( vars, lagoon.EnvironmentVariable{Name: "LAGOON_ACTIVE_ENVIRONMENT", Value: buildValues.ActiveEnvironment, Scope: "runtime"}) + // } + // if buildValues.StandbyEnvironment != "" { + // vars = append( vars, lagoon.EnvironmentVariable{Name: "LAGOON_STANDBY_ENVIRONMENT", Value: buildValues.StandbyEnvironment, Scope: "runtime"}) + // } vars = append(vars, lagoon.EnvironmentVariable{Name: "LAGOON_ROUTE", Value: buildValues.Route, Scope: "runtime"}) vars = append(vars, lagoon.EnvironmentVariable{Name: "LAGOON_ROUTES", Value: strings.Join(buildValues.Routes, ","), Scope: "runtime"}) vars = append(vars, lagoon.EnvironmentVariable{Name: "LAGOON_AUTOGENERATED_ROUTES", Value: strings.Join(buildValues.AutogeneratedRoutes, ","), Scope: "runtime"}) + // add the api/token/ssh configuration variables to envvars + vars = append(vars, lagoon.EnvironmentVariable{Name: "LAGOON_CONFIG_API_HOST", Value: buildValues.ConfigAPIHost, Scope: "runtime"}) + vars = append(vars, lagoon.EnvironmentVariable{Name: "LAGOON_CONFIG_TOKEN_HOST", Value: buildValues.ConfigTokenHost, Scope: "runtime"}) + vars = append(vars, lagoon.EnvironmentVariable{Name: "LAGOON_CONFIG_TOKEN_PORT", Value: buildValues.ConfigTokenPort, Scope: "runtime"}) + vars = append(vars, lagoon.EnvironmentVariable{Name: "LAGOON_CONFIG_SSH_HOST", Value: buildValues.ConfigSSHHost, Scope: "runtime"}) + vars = append(vars, lagoon.EnvironmentVariable{Name: "LAGOON_CONFIG_SSH_PORT", Value: buildValues.ConfigSSHPort, Scope: "runtime"}) return vars } diff --git a/internal/generator/buildvalues.go b/internal/generator/buildvalues.go index d0a641ac..c4f6eeec 100644 --- a/internal/generator/buildvalues.go +++ b/internal/generator/buildvalues.go @@ -82,6 +82,14 @@ type BuildValues struct { ForcePullImages []string `json:"forcePullImages"` Volumes []ComposeVolume `json:"volumes,omitempty" description:"stores any additional persistent volume definitions"` PodSpreadConstraints bool `json:"podSpreadConstraints"` + PodAntiAffinity bool `json:"podAntiAffinity"` + ConfigAPIHost string `json:"configAPIHost"` + ConfigTokenHost string `json:"configTokenHost"` + ConfigTokenPort string `json:"configTokenPort"` + ConfigSSHHost string `json:"configSSHHost"` + ConfigSSHPort string `json:"configSSHPort"` + LagoonEnvVariables map[string]string `json:"lagoonEnvVariables" description:"map of variables that will be saved into the lagoon-env secret"` + LagoonPlatformEnvVariables map[string]string `json:"agoonPlatformEnvVariables" description:"map of variables that will be saved into the lagoon-platform-env secret"` } type Resources struct { diff --git a/internal/generator/generator.go b/internal/generator/generator.go index df8ed8b0..7602cb1a 100644 --- a/internal/generator/generator.go +++ b/internal/generator/generator.go @@ -65,6 +65,13 @@ type GeneratorInput struct { DynamicDBaaSSecrets []string ImageCacheBuildArgsJSON string SSHPrivateKey string + ConfigAPIHost string + ConfigTokenHost string + ConfigTokenPort string + ConfigSSHHost string + ConfigSSHPort string + DBaaSVariables map[string]string + ConfigMapVars map[string]string } func NewGenerator( @@ -113,6 +120,16 @@ func NewGenerator( // this is used by CI systems to influence builds, it is rarely used and should probably be abandoned buildValues.IsCI = helpers.GetEnvBool("CI", generator.CI, generator.Debug) + // add dbaas credentials to build values for injection into configmap + buildValues.LagoonPlatformEnvVariables = generator.ConfigMapVars + + // set the lagoon config variables + buildValues.ConfigAPIHost = helpers.GetEnv("LAGOON_CONFIG_API_HOST", generator.ConfigAPIHost, generator.Debug) + buildValues.ConfigTokenHost = helpers.GetEnv("LAGOON_CONFIG_TOKEN_HOST", generator.ConfigTokenHost, generator.Debug) + buildValues.ConfigTokenPort = helpers.GetEnv("LAGOON_CONFIG_TOKEN_PORT", generator.ConfigTokenPort, generator.Debug) + buildValues.ConfigSSHHost = helpers.GetEnv("LAGOON_CONFIG_SSH_HOST", generator.ConfigSSHHost, generator.Debug) + buildValues.ConfigSSHPort = helpers.GetEnv("LAGOON_CONFIG_SSH_PORT", generator.ConfigSSHPort, generator.Debug) + buildValues.ConfigMapSha = configMapSha buildValues.BuildName = buildName buildValues.Kubernetes = kubernetes @@ -120,6 +137,7 @@ func NewGenerator( buildValues.ImageRegistry = imageRegistry buildValues.SourceRepository = sourceRepository buildValues.PromotionSourceEnvironment = promotionSourceEnvironment + // get the image references values from the build images output buildValues.ImageReferences = generator.ImageReferences defaultBackupSchedule := helpers.GetEnv("DEFAULT_BACKUP_SCHEDULE", generator.DefaultBackupSchedule, generator.Debug) @@ -249,12 +267,9 @@ func NewGenerator( envVars := []lagoon.EnvironmentVariable{} json.Unmarshal([]byte(projectVariables), &projectVars) json.Unmarshal([]byte(environmentVariables), &envVars) - mergedVariables := lagoon.MergeVariables(projectVars, envVars) - // collect a bunch of the default LAGOON_X based build variables that are injected into `lagoon-env` and make them available - configVars := collectBuildVariables(buildValues) - // add the calculated build runtime variables into the existing variable slice - // this will later be used to add `runtime|global` scope into the `lagoon-env` configmap - buildValues.EnvironmentVariables = lagoon.MergeVariables(mergedVariables, configVars) + + // set the environment variables to all the known merged variables so far + buildValues.EnvironmentVariables = lagoon.MergeVariables(projectVars, envVars) // if the core version is provided from the API, set the buildvalues LagoonVersion to this instead lagoonCoreVersion, _ := lagoon.GetLagoonVariable("LAGOON_SYSTEM_CORE_VERSION", []string{"internal_system"}, buildValues.EnvironmentVariables) @@ -461,6 +476,34 @@ func NewGenerator( } /* end route generation configuration */ + // collect a bunch of the default LAGOON_X based build variables that are injected into `lagoon-env` and make them available + configVars := collectLagoonEnvConfigmapVariables(buildValues) + + // add the calculated build runtime variables into the existing variable slice + // this will later be used to add `runtime|global` scope into the `lagoon-env` configmap + buildValues.EnvironmentVariables = lagoon.MergeVariables(buildValues.EnvironmentVariables, configVars) + + // work out the variables to use in the lagoon-env secret + lagoonEnv := map[string]string{} + for _, v := range buildValues.EnvironmentVariables { + if v.Scope == "global" || v.Scope == "runtime" { + lagoonEnv[v.Name] = v.Value + } + } + // add dbaas variables to lagoon-env + for k, v := range generator.DBaaSVariables { + lagoonEnv[k] = v + } + buildValues.LagoonEnvVariables = lagoonEnv + // filter out variables that exist in the lagoon-env secret from the platform-env secret + for ck := range buildValues.LagoonEnvVariables { + for k := range buildValues.LagoonPlatformEnvVariables { + if k == ck { + delete(buildValues.LagoonPlatformEnvVariables, k) + } + } + } + // finally return the generator values, this should be a mostly complete version of the resulting data needed for a build // another step will collect the current or known state of a build. // the output of the generator and the output of that state collector will eventually replace a lot of the legacy BASH script diff --git a/internal/templating/template_helpers.go b/internal/templating/template_helpers.go index 4b90e7fa..4a418785 100644 --- a/internal/templating/template_helpers.go +++ b/internal/templating/template_helpers.go @@ -1,8 +1,12 @@ package templating import ( + "fmt" + "github.com/uselagoon/build-deploy-tool/internal/generator" "github.com/uselagoon/build-deploy-tool/internal/helpers" + corev1 "k8s.io/api/core/v1" + "sigs.k8s.io/yaml" ) // LinkedServiceCalculator checks the provided services to see if there are any linked services @@ -49,3 +53,13 @@ func LinkedServiceCalculator(services []generator.ServiceValues) []generator.Ser } return retServices } + +func TemplateSecret(item corev1.Secret) ([]byte, error) { + separator := []byte("---\n") + iBytes, err := yaml.Marshal(item) + if err != nil { + return nil, fmt.Errorf("couldn't generate template: %v", err) + } + templateYAML := append(separator[:], iBytes[:]...) + return templateYAML, nil +} diff --git a/internal/templating/template_lagoonenv.go b/internal/templating/template_lagoonenv.go new file mode 100644 index 00000000..b46e00c0 --- /dev/null +++ b/internal/templating/template_lagoonenv.go @@ -0,0 +1,59 @@ +package templating + +import ( + "github.com/uselagoon/build-deploy-tool/internal/generator" + corev1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// GenerateLagoonEnvSecret generates the lagoon template to apply. +func GenerateLagoonEnvSecret( + name string, + buildValues generator.BuildValues, +) (corev1.Secret, error) { + + // add the default labels + labels := map[string]string{ + "app.kubernetes.io/managed-by": "build-deploy-tool", + "app.kubernetes.io/instance": name, + "app.kubernetes.io/name": name, + "lagoon.sh/template": "lagoon-env-0.1.0", + "lagoon.sh/project": buildValues.Project, + "lagoon.sh/environment": buildValues.Environment, + "lagoon.sh/environmentType": buildValues.EnvironmentType, + "lagoon.sh/buildType": buildValues.BuildType, + } + + // add the default annotations + annotations := map[string]string{} + + // add any additional labels + if buildValues.BuildType == "branch" { + annotations["lagoon.sh/branch"] = buildValues.Branch + } else if buildValues.BuildType == "pullrequest" { + annotations["lagoon.sh/prNumber"] = buildValues.PRNumber + annotations["lagoon.sh/prHeadBranch"] = buildValues.PRHeadBranch + annotations["lagoon.sh/prBaseBranch"] = buildValues.PRBaseBranch + } + + lagoonEnv := corev1.Secret{ + TypeMeta: metav1.TypeMeta{ + Kind: "Secret", + APIVersion: corev1.SchemeGroupVersion.Version, + }, + ObjectMeta: metav1.ObjectMeta{ + Name: name, + Labels: labels, + Annotations: annotations, + }, + } + // pick which values to save into the secret based on the name + switch name { + case "lagoon-platform-env": + lagoonEnv.StringData = buildValues.LagoonPlatformEnvVariables + default: + lagoonEnv.StringData = buildValues.LagoonEnvVariables + } + + return lagoonEnv, nil +} diff --git a/internal/templating/template_lagoonenv_test.go b/internal/templating/template_lagoonenv_test.go new file mode 100644 index 00000000..4be63470 --- /dev/null +++ b/internal/templating/template_lagoonenv_test.go @@ -0,0 +1,120 @@ +package templating + +import ( + "os" + "reflect" + "testing" + + "github.com/andreyvit/diff" + "github.com/uselagoon/build-deploy-tool/internal/generator" + "github.com/uselagoon/build-deploy-tool/internal/lagoon" +) + +func TestGenerateLagoonEnvSecret(t *testing.T) { + tests := []struct { + name string + secretName string + description string + buildValues generator.BuildValues + want string + wantErr bool + }{ + { + name: "test1", + description: "", + secretName: "lagoon-env", + buildValues: generator.BuildValues{ + Project: "example-project", + Environment: "environment-name", + EnvironmentType: "production", + Namespace: "myexample-project-environment-name", + BuildType: "branch", + LagoonVersion: "v2.x.x", + Kubernetes: "generator.local", + Branch: "environment-name", + LagoonEnvVariables: map[string]string{ + "MY_SPECIAL_VARIABLE1": "myspecialvariable1", + "MY_SPECIAL_VARIABLE2": "myspecialvariable2", + "MY_SPECIAL_VARIABLE": "myspecialvariable", + }, + EnvironmentVariables: []lagoon.EnvironmentVariable{ + { + Name: "MY_SPECIAL_VARIABLE1", + Value: "myspecialvariable1", + Scope: "global", + }, + { + Name: "MY_SPECIAL_VARIABLE2", + Value: "myspecialvariable2", + Scope: "runtime", + }, + { + Name: "MY_SPECIAL_VARIABLE3", + Value: "myspecialvariable3", + Scope: "build", + }, + { + Name: "MY_SPECIAL_VARIABLE", + Value: "myspecialvariable", + Scope: "global", + }, + { + Name: "LAGOON_SYSTEM_CORE_VERSION", + Value: "v2.19.0", + Scope: "internal_system", + }, + { + Name: "REGISTRY_PASSWORD", + Value: "myenvvarregistrypassword", + Scope: "container_registry", + }, + }, + }, + want: "test-resources/lagoonenv/lagoon-env-1.yaml", + }, + { + name: "test2", + secretName: "lagoon-platform-env", + buildValues: generator.BuildValues{ + Project: "example-project", + Environment: "environment-name", + EnvironmentType: "production", + Namespace: "myexample-project-environment-name", + BuildType: "branch", + LagoonVersion: "v2.x.x", + Kubernetes: "generator.local", + Branch: "environment-name", + LagoonEnvVariables: map[string]string{ + "MY_SPECIAL_VARIABLE1": "myspecialvariable1", + "MY_SPECIAL_VARIABLE2": "myspecialvariable2", + "MY_SPECIAL_VARIABLE": "myspecialvariable", + }, + LagoonPlatformEnvVariables: map[string]string{ + "MY_SPECIAL_VARIABLE3": "myspecialvariable3", + "MY_SPECIAL_VARIABLE4": "myspecialvariable4", + }, + }, + want: "test-resources/lagoonenv/lagoon-platform-env-1.yaml", + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + got, err := GenerateLagoonEnvSecret(tt.secretName, tt.buildValues) + if (err != nil) != tt.wantErr { + t.Errorf("GenerateLagoonEnvSecret() error = %v, wantErr %v", err, tt.wantErr) + return + } + r1, err := os.ReadFile(tt.want) + if err != nil { + t.Errorf("couldn't read file %v: %v", tt.want, err) + } + templateBytes, err := TemplateSecret(got) + if err != nil { + t.Errorf("couldn't generate template: %v", err) + } + if !reflect.DeepEqual(string(templateBytes), string(r1)) { + t.Errorf("GenerateLagoonEnvSecret() = \n%v", diff.LineDiff(string(r1), string(templateBytes))) + } + }) + } +} diff --git a/internal/templating/template_registrysecret.go b/internal/templating/template_registrysecret.go index dc9da115..723fa5f3 100644 --- a/internal/templating/template_registrysecret.go +++ b/internal/templating/template_registrysecret.go @@ -10,7 +10,6 @@ import ( apivalidation "k8s.io/apimachinery/pkg/api/validation" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" metavalidation "k8s.io/apimachinery/pkg/apis/meta/v1/validation" - "sigs.k8s.io/yaml" ) // GenerateRegistrySecretTemplate generates the lagoon template to apply. @@ -105,13 +104,3 @@ func GenerateRegistrySecretTemplate( } return result, nil } - -func TemplateSecret(item corev1.Secret) ([]byte, error) { - separator := []byte("---\n") - iBytes, err := yaml.Marshal(item) - if err != nil { - return nil, fmt.Errorf("couldn't generate template: %v", err) - } - templateYAML := append(separator[:], iBytes[:]...) - return templateYAML, nil -} diff --git a/internal/templating/templates_cronjob.go b/internal/templating/templates_cronjob.go index 713c7ee8..1fed2050 100644 --- a/internal/templating/templates_cronjob.go +++ b/internal/templating/templates_cronjob.go @@ -338,7 +338,13 @@ func GenerateCronjobTemplate( container.Container.Env = append(container.Container.Env, envvars...) container.Container.EnvFrom = []corev1.EnvFromSource{ { - ConfigMapRef: &corev1.ConfigMapEnvSource{ + SecretRef: &corev1.SecretEnvSource{ + LocalObjectReference: corev1.LocalObjectReference{ + Name: "lagoon-platform-env", + }, + }, + }, { + SecretRef: &corev1.SecretEnvSource{ LocalObjectReference: corev1.LocalObjectReference{ Name: "lagoon-env", }, diff --git a/internal/templating/templates_deployment.go b/internal/templating/templates_deployment.go index 04acc6d0..e02cbf4e 100644 --- a/internal/templating/templates_deployment.go +++ b/internal/templating/templates_deployment.go @@ -481,7 +481,13 @@ func GenerateDeploymentTemplate( // consume the lagoon-env configmap here container.Container.EnvFrom = []corev1.EnvFromSource{ { - ConfigMapRef: &corev1.ConfigMapEnvSource{ + SecretRef: &corev1.SecretEnvSource{ + LocalObjectReference: corev1.LocalObjectReference{ + Name: "lagoon-platform-env", + }, + }, + }, { + SecretRef: &corev1.SecretEnvSource{ LocalObjectReference: corev1.LocalObjectReference{ Name: "lagoon-env", }, @@ -606,7 +612,13 @@ func GenerateDeploymentTemplate( linkedContainer.Container.Env = append(linkedContainer.Container.Env, envvars...) linkedContainer.Container.EnvFrom = []corev1.EnvFromSource{ { - ConfigMapRef: &corev1.ConfigMapEnvSource{ + SecretRef: &corev1.SecretEnvSource{ + LocalObjectReference: corev1.LocalObjectReference{ + Name: "lagoon-platform-env", + }, + }, + }, { + SecretRef: &corev1.SecretEnvSource{ LocalObjectReference: corev1.LocalObjectReference{ Name: "lagoon-env", }, diff --git a/internal/templating/test-resources/cronjob/result-cli-1.yaml b/internal/templating/test-resources/cronjob/result-cli-1.yaml index a1640223..d2c5b8da 100644 --- a/internal/templating/test-resources/cronjob/result-cli-1.yaml +++ b/internal/templating/test-resources/cronjob/result-cli-1.yaml @@ -54,7 +54,9 @@ spec: - name: SERVICE_NAME value: myservice envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example.com/example-project/environment-name/myservice@latest imagePullPolicy: Always @@ -144,7 +146,9 @@ spec: - name: SERVICE_NAME value: myservice envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example.com/example-project/environment-name/myservice@latest imagePullPolicy: Always @@ -234,7 +238,9 @@ spec: - name: SERVICE_NAME value: myservice-persist envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example.com/example-project/environment-name/myservice-persistent@latest imagePullPolicy: Always diff --git a/internal/templating/test-resources/cronjob/result-cli-2.yaml b/internal/templating/test-resources/cronjob/result-cli-2.yaml index 3b8c4db1..28b11b66 100644 --- a/internal/templating/test-resources/cronjob/result-cli-2.yaml +++ b/internal/templating/test-resources/cronjob/result-cli-2.yaml @@ -54,7 +54,9 @@ spec: - name: SERVICE_NAME value: myservice envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example.com/example-project/environment-name/myservice@latest imagePullPolicy: Always @@ -149,7 +151,9 @@ spec: - name: SERVICE_NAME value: myservice envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example.com/example-project/environment-name/myservice@latest imagePullPolicy: Always @@ -244,7 +248,9 @@ spec: - name: SERVICE_NAME value: myservice-persist envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example.com/example-project/environment-name/myservice-persistent@latest imagePullPolicy: Always diff --git a/internal/templating/test-resources/deployment/result-basic-1.yaml b/internal/templating/test-resources/deployment/result-basic-1.yaml index af7cfb0a..ee9c7f96 100644 --- a/internal/templating/test-resources/deployment/result-basic-1.yaml +++ b/internal/templating/test-resources/deployment/result-basic-1.yaml @@ -55,7 +55,9 @@ spec: - name: SERVICE_NAME value: myservice envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example.com/example-project/environment-name/myservice@latest imagePullPolicy: Always @@ -148,7 +150,9 @@ spec: - name: SERVICE_NAME value: myservice-po envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example.com/example-project/environment-name/myservice-po@latest imagePullPolicy: Always @@ -238,7 +242,9 @@ spec: - name: SERVICE_NAME value: myservice-persist envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example.com/example-project/environment-name/myservice-persist@latest imagePullPolicy: Always @@ -328,7 +334,9 @@ spec: - name: SERVICE_NAME value: myservice-persist-po envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example.com/example-project/environment-name/myservice-persist-po@latest imagePullPolicy: Always @@ -418,7 +426,9 @@ spec: - name: SERVICE_NAME value: myservice-persist-posize envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example.com/example-project/environment-name/myservice-persist-posize@latest imagePullPolicy: Always diff --git a/internal/templating/test-resources/deployment/result-basic-2.yaml b/internal/templating/test-resources/deployment/result-basic-2.yaml index 7670d3d0..29466b34 100644 --- a/internal/templating/test-resources/deployment/result-basic-2.yaml +++ b/internal/templating/test-resources/deployment/result-basic-2.yaml @@ -62,7 +62,9 @@ spec: - name: SERVICE_NAME value: myservice-po envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example.com/example-project/environment-name/myservice-po@latest imagePullPolicy: Always diff --git a/internal/templating/test-resources/deployment/result-basic-3.yaml b/internal/templating/test-resources/deployment/result-basic-3.yaml index 83897642..afb000f9 100644 --- a/internal/templating/test-resources/deployment/result-basic-3.yaml +++ b/internal/templating/test-resources/deployment/result-basic-3.yaml @@ -62,7 +62,9 @@ spec: - name: SERVICE_NAME value: myservice-po envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example.com/example-project/environment-name/myservice-po@latest imagePullPolicy: Always diff --git a/internal/templating/test-resources/deployment/result-basic-4.yaml b/internal/templating/test-resources/deployment/result-basic-4.yaml index ac282848..916a8c54 100644 --- a/internal/templating/test-resources/deployment/result-basic-4.yaml +++ b/internal/templating/test-resources/deployment/result-basic-4.yaml @@ -53,7 +53,9 @@ spec: - name: SERVICE_NAME value: myservice envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example.com/example-project/environment-name/myservice@latest imagePullPolicy: Always diff --git a/internal/templating/test-resources/deployment/result-basic-5.yaml b/internal/templating/test-resources/deployment/result-basic-5.yaml index fd1de1a0..a81997ac 100644 --- a/internal/templating/test-resources/deployment/result-basic-5.yaml +++ b/internal/templating/test-resources/deployment/result-basic-5.yaml @@ -52,7 +52,9 @@ spec: - name: SERVICE_NAME value: myservice envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example.com/example-project/environment-name/myservice@latest imagePullPolicy: Always diff --git a/internal/templating/test-resources/deployment/result-cli-1.yaml b/internal/templating/test-resources/deployment/result-cli-1.yaml index d2f2ab60..72531e24 100644 --- a/internal/templating/test-resources/deployment/result-cli-1.yaml +++ b/internal/templating/test-resources/deployment/result-cli-1.yaml @@ -52,7 +52,9 @@ spec: - name: SERVICE_NAME value: myservice envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example.com/example-project/environment-name/myservice@latest imagePullPolicy: Always @@ -140,7 +142,9 @@ spec: - name: SERVICE_NAME value: myservice-persist envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example.com/example-project/environment-name/myservice-persist@latest imagePullPolicy: Always diff --git a/internal/templating/test-resources/deployment/result-elasticsearch-1.yaml b/internal/templating/test-resources/deployment/result-elasticsearch-1.yaml index 72aefce0..46223772 100644 --- a/internal/templating/test-resources/deployment/result-elasticsearch-1.yaml +++ b/internal/templating/test-resources/deployment/result-elasticsearch-1.yaml @@ -56,7 +56,9 @@ spec: - name: SERVICE_NAME value: myservice envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example.com/example-project/environment-name/myservice@latest imagePullPolicy: Always @@ -171,7 +173,9 @@ spec: - name: SERVICE_NAME value: myservice-size envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example.com/example-project/environment-name/myservice-size@latest imagePullPolicy: Always diff --git a/internal/templating/test-resources/deployment/result-mariadb-1.yaml b/internal/templating/test-resources/deployment/result-mariadb-1.yaml index 2c0de445..495d6892 100644 --- a/internal/templating/test-resources/deployment/result-mariadb-1.yaml +++ b/internal/templating/test-resources/deployment/result-mariadb-1.yaml @@ -57,7 +57,9 @@ spec: - name: SERVICE_NAME value: mariadb envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example.com/example-project/environment-name/mariadb@latest imagePullPolicy: Always diff --git a/internal/templating/test-resources/deployment/result-mariadb-2.yaml b/internal/templating/test-resources/deployment/result-mariadb-2.yaml index ffddb32f..f566116a 100644 --- a/internal/templating/test-resources/deployment/result-mariadb-2.yaml +++ b/internal/templating/test-resources/deployment/result-mariadb-2.yaml @@ -56,7 +56,9 @@ spec: - name: SERVICE_NAME value: mariadb envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example.com/example-project/environment-name/mariadb@latest imagePullPolicy: Always diff --git a/internal/templating/test-resources/deployment/result-mongodb-1.yaml b/internal/templating/test-resources/deployment/result-mongodb-1.yaml index c443b1bc..528afc60 100644 --- a/internal/templating/test-resources/deployment/result-mongodb-1.yaml +++ b/internal/templating/test-resources/deployment/result-mongodb-1.yaml @@ -56,7 +56,9 @@ spec: - name: SERVICE_NAME value: mongodb envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example.com/example-project/environment-name/mongodb@latest imagePullPolicy: Always diff --git a/internal/templating/test-resources/deployment/result-nginx-1.yaml b/internal/templating/test-resources/deployment/result-nginx-1.yaml index 88f501d0..3a7bdc2d 100644 --- a/internal/templating/test-resources/deployment/result-nginx-1.yaml +++ b/internal/templating/test-resources/deployment/result-nginx-1.yaml @@ -54,7 +54,9 @@ spec: - name: SERVICE_NAME value: nginx envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example.com/example-project/environment-name/nginx@latest imagePullPolicy: Always @@ -93,7 +95,9 @@ spec: - name: SERVICE_NAME value: nginx envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example.com/example-project/environment-name/php@latest imagePullPolicy: Always @@ -186,7 +190,9 @@ spec: - name: SERVICE_NAME value: nginx-2 envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example.com/example-project/environment-name/nginx2@latest imagePullPolicy: Always @@ -228,7 +234,9 @@ spec: - name: SERVICE_NAME value: nginx-2 envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example.com/example-project/environment-name/php2@latest imagePullPolicy: Always diff --git a/internal/templating/test-resources/deployment/result-nginx-2.yaml b/internal/templating/test-resources/deployment/result-nginx-2.yaml index 9ec06a60..61aef11a 100644 --- a/internal/templating/test-resources/deployment/result-nginx-2.yaml +++ b/internal/templating/test-resources/deployment/result-nginx-2.yaml @@ -54,7 +54,9 @@ spec: - name: SERVICE_NAME value: nginx envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example.com/example-project/environment-name/nginx@latest imagePullPolicy: Always @@ -89,7 +91,9 @@ spec: - name: SERVICE_NAME value: nginx envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example.com/example-project/environment-name/php@latest imagePullPolicy: Always @@ -179,7 +183,9 @@ spec: - name: SERVICE_NAME value: nginx-2 envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example.com/example-project/environment-name/nginx2@latest imagePullPolicy: Always @@ -217,7 +223,9 @@ spec: - name: SERVICE_NAME value: nginx-2 envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example.com/example-project/environment-name/php2@latest imagePullPolicy: Always diff --git a/internal/templating/test-resources/deployment/result-node-1.yaml b/internal/templating/test-resources/deployment/result-node-1.yaml index 702b388f..4555d436 100644 --- a/internal/templating/test-resources/deployment/result-node-1.yaml +++ b/internal/templating/test-resources/deployment/result-node-1.yaml @@ -52,7 +52,9 @@ spec: - name: SERVICE_NAME value: node envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example.com/example-project/environment-name/node@latest imagePullPolicy: Always @@ -140,7 +142,9 @@ spec: - name: SERVICE_NAME value: node-persist envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example.com/example-project/environment-name/node-persist@latest imagePullPolicy: Always diff --git a/internal/templating/test-resources/deployment/result-opensearch-1.yaml b/internal/templating/test-resources/deployment/result-opensearch-1.yaml index d24c1acf..529723a2 100644 --- a/internal/templating/test-resources/deployment/result-opensearch-1.yaml +++ b/internal/templating/test-resources/deployment/result-opensearch-1.yaml @@ -56,7 +56,9 @@ spec: - name: SERVICE_NAME value: myservice envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example.com/example-project/environment-name/myservice@latest imagePullPolicy: Always @@ -171,7 +173,9 @@ spec: - name: SERVICE_NAME value: myservice-size envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example.com/example-project/environment-name/myservice-size@latest imagePullPolicy: Always diff --git a/internal/templating/test-resources/deployment/result-postgres-1.yaml b/internal/templating/test-resources/deployment/result-postgres-1.yaml index 93060c38..61098bbe 100644 --- a/internal/templating/test-resources/deployment/result-postgres-1.yaml +++ b/internal/templating/test-resources/deployment/result-postgres-1.yaml @@ -57,7 +57,9 @@ spec: - name: SERVICE_NAME value: postgres envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example.com/example-project/environment-name/postgres@latest imagePullPolicy: Always diff --git a/internal/templating/test-resources/deployment/result-postgres-single-1.yaml b/internal/templating/test-resources/deployment/result-postgres-single-1.yaml index 33ec20a5..afcb3752 100644 --- a/internal/templating/test-resources/deployment/result-postgres-single-1.yaml +++ b/internal/templating/test-resources/deployment/result-postgres-single-1.yaml @@ -57,7 +57,9 @@ spec: - name: SERVICE_NAME value: myservice envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example.com/example-project/environment-name/myservice@latest imagePullPolicy: Always diff --git a/internal/templating/test-resources/deployment/result-python-1.yaml b/internal/templating/test-resources/deployment/result-python-1.yaml index 27980c42..eccdc5ed 100644 --- a/internal/templating/test-resources/deployment/result-python-1.yaml +++ b/internal/templating/test-resources/deployment/result-python-1.yaml @@ -52,7 +52,9 @@ spec: - name: SERVICE_NAME value: python envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example.com/example-project/environment-name/python@latest imagePullPolicy: Always @@ -140,7 +142,9 @@ spec: - name: SERVICE_NAME value: python-persist envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example.com/example-project/environment-name/python-persist@latest imagePullPolicy: Always diff --git a/internal/templating/test-resources/deployment/result-rabbitmq-1.yaml b/internal/templating/test-resources/deployment/result-rabbitmq-1.yaml index 273e08d1..90e781e3 100644 --- a/internal/templating/test-resources/deployment/result-rabbitmq-1.yaml +++ b/internal/templating/test-resources/deployment/result-rabbitmq-1.yaml @@ -58,7 +58,9 @@ spec: - name: SERVICE_NAME value: rabbitmq envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example.com/example-project/environment-name/rabbitmq@latest imagePullPolicy: Always diff --git a/internal/templating/test-resources/deployment/result-redis-1.yaml b/internal/templating/test-resources/deployment/result-redis-1.yaml index fd6f8b8f..cf716a9c 100644 --- a/internal/templating/test-resources/deployment/result-redis-1.yaml +++ b/internal/templating/test-resources/deployment/result-redis-1.yaml @@ -52,7 +52,9 @@ spec: - name: SERVICE_NAME value: redis envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example.com/example-project/environment-name/redis@latest imagePullPolicy: Always @@ -144,7 +146,9 @@ spec: - name: SERVICE_NAME value: redis-persist envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example.com/example-project/environment-name/redis-persist@latest imagePullPolicy: Always diff --git a/internal/templating/test-resources/deployment/result-solr-1.yaml b/internal/templating/test-resources/deployment/result-solr-1.yaml index 9558ea01..e6467617 100644 --- a/internal/templating/test-resources/deployment/result-solr-1.yaml +++ b/internal/templating/test-resources/deployment/result-solr-1.yaml @@ -56,7 +56,9 @@ spec: - name: SERVICE_NAME value: solr envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example.com/example-project/environment-name/solr@latest imagePullPolicy: Always diff --git a/internal/templating/test-resources/deployment/result-valkey-1.yaml b/internal/templating/test-resources/deployment/result-valkey-1.yaml index 666aca17..5e84b032 100644 --- a/internal/templating/test-resources/deployment/result-valkey-1.yaml +++ b/internal/templating/test-resources/deployment/result-valkey-1.yaml @@ -52,7 +52,9 @@ spec: - name: SERVICE_NAME value: valkey envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example.com/example-project/environment-name/valkey@latest imagePullPolicy: Always @@ -146,7 +148,9 @@ spec: - name: SERVICE_NAME value: valkey-persist envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example.com/example-project/environment-name/valkey-persist@latest imagePullPolicy: Always diff --git a/internal/templating/test-resources/deployment/result-varnish-1.yaml b/internal/templating/test-resources/deployment/result-varnish-1.yaml index b0d5e6fb..77f88f13 100644 --- a/internal/templating/test-resources/deployment/result-varnish-1.yaml +++ b/internal/templating/test-resources/deployment/result-varnish-1.yaml @@ -52,7 +52,9 @@ spec: - name: SERVICE_NAME value: varnish envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example.com/example-project/environment-name/varnish@latest imagePullPolicy: Always @@ -146,7 +148,9 @@ spec: - name: SERVICE_NAME value: varnish-persist envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example.com/example-project/environment-name/varnish-persist@latest imagePullPolicy: Always diff --git a/internal/templating/test-resources/deployment/result-worker-1.yaml b/internal/templating/test-resources/deployment/result-worker-1.yaml index 305fb52a..babecba8 100644 --- a/internal/templating/test-resources/deployment/result-worker-1.yaml +++ b/internal/templating/test-resources/deployment/result-worker-1.yaml @@ -52,7 +52,9 @@ spec: - name: SERVICE_NAME value: worker envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example.com/example-project/environment-name/worker@latest imagePullPolicy: Always @@ -145,7 +147,9 @@ spec: - name: SERVICE_NAME value: worker-persist envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example.com/example-project/environment-name/worker-persist@latest imagePullPolicy: Always diff --git a/internal/templating/test-resources/lagoonenv/lagoon-env-1.yaml b/internal/templating/test-resources/lagoonenv/lagoon-env-1.yaml new file mode 100644 index 00000000..b12b2204 --- /dev/null +++ b/internal/templating/test-resources/lagoonenv/lagoon-env-1.yaml @@ -0,0 +1,21 @@ +--- +apiVersion: v1 +kind: Secret +metadata: + annotations: + lagoon.sh/branch: environment-name + creationTimestamp: null + labels: + app.kubernetes.io/instance: lagoon-env + app.kubernetes.io/managed-by: build-deploy-tool + app.kubernetes.io/name: lagoon-env + lagoon.sh/buildType: branch + lagoon.sh/environment: environment-name + lagoon.sh/environmentType: production + lagoon.sh/project: example-project + lagoon.sh/template: lagoon-env-0.1.0 + name: lagoon-env +stringData: + MY_SPECIAL_VARIABLE: myspecialvariable + MY_SPECIAL_VARIABLE1: myspecialvariable1 + MY_SPECIAL_VARIABLE2: myspecialvariable2 diff --git a/internal/templating/test-resources/lagoonenv/lagoon-platform-env-1.yaml b/internal/templating/test-resources/lagoonenv/lagoon-platform-env-1.yaml new file mode 100644 index 00000000..c2dd15a8 --- /dev/null +++ b/internal/templating/test-resources/lagoonenv/lagoon-platform-env-1.yaml @@ -0,0 +1,20 @@ +--- +apiVersion: v1 +kind: Secret +metadata: + annotations: + lagoon.sh/branch: environment-name + creationTimestamp: null + labels: + app.kubernetes.io/instance: lagoon-platform-env + app.kubernetes.io/managed-by: build-deploy-tool + app.kubernetes.io/name: lagoon-platform-env + lagoon.sh/buildType: branch + lagoon.sh/environment: environment-name + lagoon.sh/environmentType: production + lagoon.sh/project: example-project + lagoon.sh/template: lagoon-env-0.1.0 + name: lagoon-platform-env +stringData: + MY_SPECIAL_VARIABLE3: myspecialvariable3 + MY_SPECIAL_VARIABLE4: myspecialvariable4 diff --git a/internal/testdata/basic/basic-mariadb-creds.json b/internal/testdata/basic/basic-mariadb-creds.json new file mode 100644 index 00000000..a2793f6c --- /dev/null +++ b/internal/testdata/basic/basic-mariadb-creds.json @@ -0,0 +1,24 @@ +[ + { + "MARIADB_HOST": "mariadb-abcdef", + "MARIADB_USERNAME": "example-project-main_fO2Fo", + "MARIADB_PASSWORD": "juD9RzjCEKbOYucpI5jVqGmr", + "MARIADB_DATABASE": "example-project-main_LMq2Q", + "MARIADB_PORT": "3306" + }, + { + "MARIADB3_HOST": "mariadb3-abcdef", + "MARIADB3_USERNAME": "example-project-main_as24", + "MARIADB3_PASSWORD": "juD9RzjCEKbOYucpI5jVqGmr", + "MARIADB3_DATABASE": "example-project-main_sa241", + "MARIADB3_PORT": "3306", + "MARIADB3_READREPLICA_HOSTS": "readreplica-mariadb3-efg-321abc,readreplica-mariadb3-abc123-efg" + }, + { + "MARIADB2_HOST": "mariadb2-abcdef", + "MARIADB2_USERNAME": "example-project-main_f3d1o", + "MARIADB2_PASSWORD": "juD9RzjCEKbOYucpI5jVqGmr", + "MARIADB2_DATABASE": "example-project-main_df23s", + "MARIADB2_PORT": "3306" + } +] diff --git a/internal/testdata/basic/secret-templates/lagoon-env-with-configmap-vars/lagoon-env-secret.yaml b/internal/testdata/basic/secret-templates/lagoon-env-with-configmap-vars/lagoon-env-secret.yaml new file mode 100644 index 00000000..ed5e7bf6 --- /dev/null +++ b/internal/testdata/basic/secret-templates/lagoon-env-with-configmap-vars/lagoon-env-secret.yaml @@ -0,0 +1,37 @@ +--- +apiVersion: v1 +kind: Secret +metadata: + annotations: + lagoon.sh/branch: main + creationTimestamp: null + labels: + app.kubernetes.io/instance: lagoon-env + app.kubernetes.io/managed-by: build-deploy-tool + app.kubernetes.io/name: lagoon-env + lagoon.sh/buildType: branch + lagoon.sh/environment: main + lagoon.sh/environmentType: production + lagoon.sh/project: example-project + lagoon.sh/template: lagoon-env-0.1.0 + name: lagoon-env +stringData: + LAGOON_AUTOGENERATED_ROUTES: https://node-example-project-main.example.com + LAGOON_CONFIG_API_HOST: "" + LAGOON_CONFIG_SSH_HOST: "" + LAGOON_CONFIG_SSH_PORT: "" + LAGOON_CONFIG_TOKEN_HOST: "" + LAGOON_CONFIG_TOKEN_PORT: "" + LAGOON_ENVIRONMENT: main + LAGOON_ENVIRONMENT_TYPE: production + LAGOON_GIT_BRANCH: main + LAGOON_GIT_SAFE_BRANCH: main + LAGOON_GIT_SHA: abcdefg123456 + LAGOON_KUBERNETES: remote-cluster1 + LAGOON_PROJECT: example-project + LAGOON_ROUTE: https://example.com + LAGOON_ROUTES: https://node-example-project-main.example.com,https://example.com + MY_SPECIAL_VARIABLE: myspecialvariable + MY_SPECIAL_VARIABLE1: myspecialvariable1 + MY_SPECIAL_VARIABLE2: myspecialvariable2-env-override + MY_SPECIAL_VARIABLE4: myspecialvariable4 diff --git a/internal/testdata/basic/secret-templates/lagoon-platform-env-with-configmap-vars/lagoon-platform-env-secret.yaml b/internal/testdata/basic/secret-templates/lagoon-platform-env-with-configmap-vars/lagoon-platform-env-secret.yaml new file mode 100644 index 00000000..78aa8cd5 --- /dev/null +++ b/internal/testdata/basic/secret-templates/lagoon-platform-env-with-configmap-vars/lagoon-platform-env-secret.yaml @@ -0,0 +1,19 @@ +--- +apiVersion: v1 +kind: Secret +metadata: + annotations: + lagoon.sh/branch: main + creationTimestamp: null + labels: + app.kubernetes.io/instance: lagoon-platform-env + app.kubernetes.io/managed-by: build-deploy-tool + app.kubernetes.io/name: lagoon-platform-env + lagoon.sh/buildType: branch + lagoon.sh/environment: main + lagoon.sh/environmentType: production + lagoon.sh/project: example-project + lagoon.sh/template: lagoon-env-0.1.0 + name: lagoon-platform-env +stringData: + MY_SPECIAL_VARIABLE3: myspecialvariable3 diff --git a/internal/testdata/basic/secret-templates/test-basic-deployment-lagoon-env/lagoon-env-secret.yaml b/internal/testdata/basic/secret-templates/test-basic-deployment-lagoon-env/lagoon-env-secret.yaml new file mode 100644 index 00000000..ed5e7bf6 --- /dev/null +++ b/internal/testdata/basic/secret-templates/test-basic-deployment-lagoon-env/lagoon-env-secret.yaml @@ -0,0 +1,37 @@ +--- +apiVersion: v1 +kind: Secret +metadata: + annotations: + lagoon.sh/branch: main + creationTimestamp: null + labels: + app.kubernetes.io/instance: lagoon-env + app.kubernetes.io/managed-by: build-deploy-tool + app.kubernetes.io/name: lagoon-env + lagoon.sh/buildType: branch + lagoon.sh/environment: main + lagoon.sh/environmentType: production + lagoon.sh/project: example-project + lagoon.sh/template: lagoon-env-0.1.0 + name: lagoon-env +stringData: + LAGOON_AUTOGENERATED_ROUTES: https://node-example-project-main.example.com + LAGOON_CONFIG_API_HOST: "" + LAGOON_CONFIG_SSH_HOST: "" + LAGOON_CONFIG_SSH_PORT: "" + LAGOON_CONFIG_TOKEN_HOST: "" + LAGOON_CONFIG_TOKEN_PORT: "" + LAGOON_ENVIRONMENT: main + LAGOON_ENVIRONMENT_TYPE: production + LAGOON_GIT_BRANCH: main + LAGOON_GIT_SAFE_BRANCH: main + LAGOON_GIT_SHA: abcdefg123456 + LAGOON_KUBERNETES: remote-cluster1 + LAGOON_PROJECT: example-project + LAGOON_ROUTE: https://example.com + LAGOON_ROUTES: https://node-example-project-main.example.com,https://example.com + MY_SPECIAL_VARIABLE: myspecialvariable + MY_SPECIAL_VARIABLE1: myspecialvariable1 + MY_SPECIAL_VARIABLE2: myspecialvariable2-env-override + MY_SPECIAL_VARIABLE4: myspecialvariable4 diff --git a/internal/testdata/basic/secret-templates/test-basic-deployment-mariadbcreds-lagoon-env/lagoon-env-secret.yaml b/internal/testdata/basic/secret-templates/test-basic-deployment-mariadbcreds-lagoon-env/lagoon-env-secret.yaml new file mode 100644 index 00000000..8b4902dc --- /dev/null +++ b/internal/testdata/basic/secret-templates/test-basic-deployment-mariadbcreds-lagoon-env/lagoon-env-secret.yaml @@ -0,0 +1,53 @@ +--- +apiVersion: v1 +kind: Secret +metadata: + annotations: + lagoon.sh/branch: main + creationTimestamp: null + labels: + app.kubernetes.io/instance: lagoon-env + app.kubernetes.io/managed-by: build-deploy-tool + app.kubernetes.io/name: lagoon-env + lagoon.sh/buildType: branch + lagoon.sh/environment: main + lagoon.sh/environmentType: production + lagoon.sh/project: example-project + lagoon.sh/template: lagoon-env-0.1.0 + name: lagoon-env +stringData: + LAGOON_AUTOGENERATED_ROUTES: https://node-example-project-main.example.com + LAGOON_CONFIG_API_HOST: "" + LAGOON_CONFIG_SSH_HOST: "" + LAGOON_CONFIG_SSH_PORT: "" + LAGOON_CONFIG_TOKEN_HOST: "" + LAGOON_CONFIG_TOKEN_PORT: "" + LAGOON_ENVIRONMENT: main + LAGOON_ENVIRONMENT_TYPE: production + LAGOON_GIT_BRANCH: main + LAGOON_GIT_SAFE_BRANCH: main + LAGOON_GIT_SHA: abcdefg123456 + LAGOON_KUBERNETES: remote-cluster1 + LAGOON_PROJECT: example-project + LAGOON_ROUTE: https://example.com + LAGOON_ROUTES: https://node-example-project-main.example.com,https://example.com + MARIADB_DATABASE: example-project-main_LMq2Q + MARIADB_HOST: mariadb-abcdef + MARIADB_PASSWORD: juD9RzjCEKbOYucpI5jVqGmr + MARIADB_PORT: "3306" + MARIADB_USERNAME: example-project-main_fO2Fo + MARIADB2_DATABASE: example-project-main_df23s + MARIADB2_HOST: mariadb2-abcdef + MARIADB2_PASSWORD: juD9RzjCEKbOYucpI5jVqGmr + MARIADB2_PORT: "3306" + MARIADB2_USERNAME: example-project-main_f3d1o + MARIADB3_DATABASE: example-project-main_sa241 + MARIADB3_HOST: mariadb3-abcdef + MARIADB3_PASSWORD: juD9RzjCEKbOYucpI5jVqGmr + MARIADB3_PORT: "3306" + MARIADB3_READREPLICA_HOSTS: readreplica-mariadb3-efg-321abc,readreplica-mariadb3-abc123-efg + MARIADB3_USERNAME: example-project-main_as24 + MY_SPECIAL_VARIABLE: myspecialvariable + MY_SPECIAL_VARIABLE1: myspecialvariable1 + MY_SPECIAL_VARIABLE2: myspecialvariable2-env-override + MY_SPECIAL_VARIABLE4: myspecialvariable4 diff --git a/internal/testdata/basic/service-templates/test-basic-persistent-name/deployment-basic.yaml b/internal/testdata/basic/service-templates/test-basic-persistent-name/deployment-basic.yaml index 23ded318..e3e194ca 100644 --- a/internal/testdata/basic/service-templates/test-basic-persistent-name/deployment-basic.yaml +++ b/internal/testdata/basic/service-templates/test-basic-persistent-name/deployment-basic.yaml @@ -52,7 +52,9 @@ spec: - name: SERVICE_NAME value: basic envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example/example-project/main/basic@sha256:b2001babafaa8128fe89aa8fd11832cade59931d14c3de5b3ca32e2a010fbaa8 imagePullPolicy: Always diff --git a/internal/testdata/basic/service-templates/test-basic-persistent-names/deployment-basic.yaml b/internal/testdata/basic/service-templates/test-basic-persistent-names/deployment-basic.yaml index 23ded318..e3e194ca 100644 --- a/internal/testdata/basic/service-templates/test-basic-persistent-names/deployment-basic.yaml +++ b/internal/testdata/basic/service-templates/test-basic-persistent-names/deployment-basic.yaml @@ -52,7 +52,9 @@ spec: - name: SERVICE_NAME value: basic envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example/example-project/main/basic@sha256:b2001babafaa8128fe89aa8fd11832cade59931d14c3de5b3ca32e2a010fbaa8 imagePullPolicy: Always diff --git a/internal/testdata/basic/service-templates/test-basic-persistent-names/deployment-basic2.yaml b/internal/testdata/basic/service-templates/test-basic-persistent-names/deployment-basic2.yaml index 2cbc166a..21b3a84c 100644 --- a/internal/testdata/basic/service-templates/test-basic-persistent-names/deployment-basic2.yaml +++ b/internal/testdata/basic/service-templates/test-basic-persistent-names/deployment-basic2.yaml @@ -52,7 +52,9 @@ spec: - name: SERVICE_NAME value: basic2 envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example/example-project/main/basic2@sha256:b2001babafaa8128fe89aa8fd11832cade59931d14c3de5b3ca32e2a010fbaa8 imagePullPolicy: Always diff --git a/internal/testdata/basic/service-templates/test-basic-spot-affinity/deployment-node.yaml b/internal/testdata/basic/service-templates/test-basic-spot-affinity/deployment-node.yaml index 02c63353..8d3f299d 100644 --- a/internal/testdata/basic/service-templates/test-basic-spot-affinity/deployment-node.yaml +++ b/internal/testdata/basic/service-templates/test-basic-spot-affinity/deployment-node.yaml @@ -62,7 +62,9 @@ spec: - name: SERVICE_NAME value: node envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example/example-project/main/node@sha256:b2001babafaa8128fe89aa8fd11832cade59931d14c3de5b3ca32e2a010fbaa8 imagePullPolicy: Always diff --git a/internal/testdata/basic/service-templates/test1-basic-deployment/deployment-node.yaml b/internal/testdata/basic/service-templates/test1-basic-deployment/deployment-node.yaml index 5684eb16..715c33d3 100644 --- a/internal/testdata/basic/service-templates/test1-basic-deployment/deployment-node.yaml +++ b/internal/testdata/basic/service-templates/test1-basic-deployment/deployment-node.yaml @@ -52,7 +52,9 @@ spec: - name: SERVICE_NAME value: node envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example/example-project/main/node@sha256:b2001babafaa8128fe89aa8fd11832cade59931d14c3de5b3ca32e2a010fbaa8 imagePullPolicy: Always diff --git a/internal/testdata/basic/service-templates/test10-basic-no-native-cronjobs/deployment-node.yaml b/internal/testdata/basic/service-templates/test10-basic-no-native-cronjobs/deployment-node.yaml index 4d948d5c..3265d9ca 100644 --- a/internal/testdata/basic/service-templates/test10-basic-no-native-cronjobs/deployment-node.yaml +++ b/internal/testdata/basic/service-templates/test10-basic-no-native-cronjobs/deployment-node.yaml @@ -55,7 +55,9 @@ spec: - name: SERVICE_NAME value: node envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example/example-project/main/node@sha256:b2001babafaa8128fe89aa8fd11832cade59931d14c3de5b3ca32e2a010fbaa8 imagePullPolicy: Always diff --git a/internal/testdata/basic/service-templates/test11-basic-polysite-cronjobs/cronjob-cronjob-node-some-other-drush-cron.yaml b/internal/testdata/basic/service-templates/test11-basic-polysite-cronjobs/cronjob-cronjob-node-some-other-drush-cron.yaml index 5133d082..6670d804 100644 --- a/internal/testdata/basic/service-templates/test11-basic-polysite-cronjobs/cronjob-cronjob-node-some-other-drush-cron.yaml +++ b/internal/testdata/basic/service-templates/test11-basic-polysite-cronjobs/cronjob-cronjob-node-some-other-drush-cron.yaml @@ -54,7 +54,9 @@ spec: - name: SERVICE_NAME value: node envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example/example-project/main/node@sha256:b2001babafaa8128fe89aa8fd11832cade59931d14c3de5b3ca32e2a010fbaa8 imagePullPolicy: Always diff --git a/internal/testdata/basic/service-templates/test11-basic-polysite-cronjobs/deployment-node.yaml b/internal/testdata/basic/service-templates/test11-basic-polysite-cronjobs/deployment-node.yaml index a2d01522..339a34ef 100644 --- a/internal/testdata/basic/service-templates/test11-basic-polysite-cronjobs/deployment-node.yaml +++ b/internal/testdata/basic/service-templates/test11-basic-polysite-cronjobs/deployment-node.yaml @@ -54,7 +54,9 @@ spec: - name: SERVICE_NAME value: node envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example/example-project/main/node@sha256:b2001babafaa8128fe89aa8fd11832cade59931d14c3de5b3ca32e2a010fbaa8 imagePullPolicy: Always diff --git a/internal/testdata/basic/service-templates/test12-basic-persistent-custom-volumes/deployment-node.yaml b/internal/testdata/basic/service-templates/test12-basic-persistent-custom-volumes/deployment-node.yaml index 5567c6ba..7efa3212 100644 --- a/internal/testdata/basic/service-templates/test12-basic-persistent-custom-volumes/deployment-node.yaml +++ b/internal/testdata/basic/service-templates/test12-basic-persistent-custom-volumes/deployment-node.yaml @@ -52,7 +52,9 @@ spec: - name: SERVICE_NAME value: node envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example/example-project/main/node@sha256:b2001babafaa8128fe89aa8fd11832cade59931d14c3de5b3ca32e2a010fbaa8 imagePullPolicy: Always diff --git a/internal/testdata/basic/service-templates/test13-basic-custom-volumes/deployment-node.yaml b/internal/testdata/basic/service-templates/test13-basic-custom-volumes/deployment-node.yaml index 023013ad..e7d57304 100644 --- a/internal/testdata/basic/service-templates/test13-basic-custom-volumes/deployment-node.yaml +++ b/internal/testdata/basic/service-templates/test13-basic-custom-volumes/deployment-node.yaml @@ -52,7 +52,9 @@ spec: - name: SERVICE_NAME value: node envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example/example-project/main/node@sha256:b2001babafaa8128fe89aa8fd11832cade59931d14c3de5b3ca32e2a010fbaa8 imagePullPolicy: Always diff --git a/internal/testdata/basic/service-templates/test15-basic-custom-volume-no-backup/deployment-node.yaml b/internal/testdata/basic/service-templates/test15-basic-custom-volume-no-backup/deployment-node.yaml index 7ca41d5a..669acfcf 100644 --- a/internal/testdata/basic/service-templates/test15-basic-custom-volume-no-backup/deployment-node.yaml +++ b/internal/testdata/basic/service-templates/test15-basic-custom-volume-no-backup/deployment-node.yaml @@ -52,7 +52,9 @@ spec: - name: SERVICE_NAME value: node envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example/example-project/main/node@sha256:b2001babafaa8128fe89aa8fd11832cade59931d14c3de5b3ca32e2a010fbaa8 imagePullPolicy: Always diff --git a/internal/testdata/basic/service-templates/test3-funky-pvcs/deployment-lnd.yaml b/internal/testdata/basic/service-templates/test3-funky-pvcs/deployment-lnd.yaml index 62105f11..604cb193 100644 --- a/internal/testdata/basic/service-templates/test3-funky-pvcs/deployment-lnd.yaml +++ b/internal/testdata/basic/service-templates/test3-funky-pvcs/deployment-lnd.yaml @@ -52,7 +52,9 @@ spec: - name: SERVICE_NAME value: lnd envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example/example-project/main/lnd@sha256:b2001babafaa8128fe89aa8fd11832cade59931d14c3de5b3ca32e2a010fbaa8 imagePullPolicy: Always diff --git a/internal/testdata/basic/service-templates/test3-funky-pvcs/deployment-thunderhub.yaml b/internal/testdata/basic/service-templates/test3-funky-pvcs/deployment-thunderhub.yaml index ad515770..6932da06 100644 --- a/internal/testdata/basic/service-templates/test3-funky-pvcs/deployment-thunderhub.yaml +++ b/internal/testdata/basic/service-templates/test3-funky-pvcs/deployment-thunderhub.yaml @@ -52,7 +52,9 @@ spec: - name: SERVICE_NAME value: thunderhub envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example/example-project/main/thunderhub@sha256:b2001babafaa8128fe89aa8fd11832cade59931d14c3de5b3ca32e2a010fbaa8 imagePullPolicy: Always diff --git a/internal/testdata/basic/service-templates/test3-funky-pvcs/deployment-tor.yaml b/internal/testdata/basic/service-templates/test3-funky-pvcs/deployment-tor.yaml index 7748bd7a..62628033 100644 --- a/internal/testdata/basic/service-templates/test3-funky-pvcs/deployment-tor.yaml +++ b/internal/testdata/basic/service-templates/test3-funky-pvcs/deployment-tor.yaml @@ -52,7 +52,9 @@ spec: - name: SERVICE_NAME value: tor envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example/example-project/main/tor@sha256:b2001babafaa8128fe89aa8fd11832cade59931d14c3de5b3ca32e2a010fbaa8 imagePullPolicy: Always diff --git a/internal/testdata/basic/service-templates/test4-basic-worker/deployment-lnd.yaml b/internal/testdata/basic/service-templates/test4-basic-worker/deployment-lnd.yaml index 62105f11..604cb193 100644 --- a/internal/testdata/basic/service-templates/test4-basic-worker/deployment-lnd.yaml +++ b/internal/testdata/basic/service-templates/test4-basic-worker/deployment-lnd.yaml @@ -52,7 +52,9 @@ spec: - name: SERVICE_NAME value: lnd envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example/example-project/main/lnd@sha256:b2001babafaa8128fe89aa8fd11832cade59931d14c3de5b3ca32e2a010fbaa8 imagePullPolicy: Always diff --git a/internal/testdata/basic/service-templates/test4-basic-worker/deployment-tor.yaml b/internal/testdata/basic/service-templates/test4-basic-worker/deployment-tor.yaml index 19880623..90ab17c0 100644 --- a/internal/testdata/basic/service-templates/test4-basic-worker/deployment-tor.yaml +++ b/internal/testdata/basic/service-templates/test4-basic-worker/deployment-tor.yaml @@ -52,7 +52,9 @@ spec: - name: SERVICE_NAME value: tor envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example/example-project/main/tor@sha256:b2001babafaa8128fe89aa8fd11832cade59931d14c3de5b3ca32e2a010fbaa8 imagePullPolicy: Always diff --git a/internal/testdata/basic/service-templates/test5-basic-promote/deployment-node.yaml b/internal/testdata/basic/service-templates/test5-basic-promote/deployment-node.yaml index e7373c84..9a361e68 100644 --- a/internal/testdata/basic/service-templates/test5-basic-promote/deployment-node.yaml +++ b/internal/testdata/basic/service-templates/test5-basic-promote/deployment-node.yaml @@ -50,7 +50,9 @@ spec: - name: SERVICE_NAME value: node envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example/example-project/main/node@sha256:b2001babafaa8128fe89aa8fd11832cade59931d14c3de5b3ca32e2a010fbaa8 imagePullPolicy: Always diff --git a/internal/testdata/basic/service-templates/test6-basic-networkpolicy/deployment-node.yaml b/internal/testdata/basic/service-templates/test6-basic-networkpolicy/deployment-node.yaml index a3b58f00..20a61539 100644 --- a/internal/testdata/basic/service-templates/test6-basic-networkpolicy/deployment-node.yaml +++ b/internal/testdata/basic/service-templates/test6-basic-networkpolicy/deployment-node.yaml @@ -56,7 +56,9 @@ spec: - name: SERVICE_NAME value: node envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example/example-project/pr-123/node@sha256:b2001babafaa8128fe89aa8fd11832cade59931d14c3de5b3ca32e2a010fbaa8 imagePullPolicy: Always diff --git a/internal/testdata/basic/service-templates/test7-basic-dynamic-secrets/deployment-node.yaml b/internal/testdata/basic/service-templates/test7-basic-dynamic-secrets/deployment-node.yaml index ffbf7065..3bed2725 100644 --- a/internal/testdata/basic/service-templates/test7-basic-dynamic-secrets/deployment-node.yaml +++ b/internal/testdata/basic/service-templates/test7-basic-dynamic-secrets/deployment-node.yaml @@ -52,7 +52,9 @@ spec: - name: SERVICE_NAME value: node envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env - secretRef: name: mariadb-dbaas-a4hs12h3 diff --git a/internal/testdata/complex/service-templates/test-complex-persistent-names/deployment-cli.yaml b/internal/testdata/complex/service-templates/test-complex-persistent-names/deployment-cli.yaml index 814b9be2..063ecfe6 100644 --- a/internal/testdata/complex/service-templates/test-complex-persistent-names/deployment-cli.yaml +++ b/internal/testdata/complex/service-templates/test-complex-persistent-names/deployment-cli.yaml @@ -52,7 +52,9 @@ spec: - name: SERVICE_NAME value: cli envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example/example-project/main/cli@sha256:b2001babafaa8128fe89aa8fd11832cade59931d14c3de5b3ca32e2a010fbaa8 imagePullPolicy: Always diff --git a/internal/testdata/complex/service-templates/test-complex-persistent-names/deployment-gotenberg.yaml b/internal/testdata/complex/service-templates/test-complex-persistent-names/deployment-gotenberg.yaml index 1c5d9448..1df6f01f 100644 --- a/internal/testdata/complex/service-templates/test-complex-persistent-names/deployment-gotenberg.yaml +++ b/internal/testdata/complex/service-templates/test-complex-persistent-names/deployment-gotenberg.yaml @@ -52,7 +52,9 @@ spec: - name: SERVICE_NAME value: gotenberg envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example/example-project/main/gotenberg@sha256:b2001babafaa8128fe89aa8fd11832cade59931d14c3de5b3ca32e2a010fbaa8 imagePullPolicy: Always diff --git a/internal/testdata/complex/service-templates/test-complex-persistent-names/deployment-nginx.yaml b/internal/testdata/complex/service-templates/test-complex-persistent-names/deployment-nginx.yaml index b3bebcce..32d73866 100644 --- a/internal/testdata/complex/service-templates/test-complex-persistent-names/deployment-nginx.yaml +++ b/internal/testdata/complex/service-templates/test-complex-persistent-names/deployment-nginx.yaml @@ -54,7 +54,9 @@ spec: - name: SERVICE_NAME value: nginx envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example/example-project/main/nginx@sha256:b2001babafaa8128fe89aa8fd11832cade59931d14c3de5b3ca32e2a010fbaa8 imagePullPolicy: Always @@ -92,7 +94,9 @@ spec: - name: SERVICE_NAME value: nginx envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example/example-project/main/php@sha256:b2001babafaa8128fe89aa8fd11832cade59931d14c3de5b3ca32e2a010fbaa8 imagePullPolicy: Always diff --git a/internal/testdata/complex/service-templates/test-complex-persistent-names/deployment-opensearch.yaml b/internal/testdata/complex/service-templates/test-complex-persistent-names/deployment-opensearch.yaml index a5c9e32e..1fc2762f 100644 --- a/internal/testdata/complex/service-templates/test-complex-persistent-names/deployment-opensearch.yaml +++ b/internal/testdata/complex/service-templates/test-complex-persistent-names/deployment-opensearch.yaml @@ -56,7 +56,9 @@ spec: - name: SERVICE_NAME value: opensearch envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example/example-project/main/opensearch@sha256:b2001babafaa8128fe89aa8fd11832cade59931d14c3de5b3ca32e2a010fbaa8 imagePullPolicy: Always diff --git a/internal/testdata/complex/service-templates/test-complex-persistent-names/deployment-queue-worker-entity-index.yaml b/internal/testdata/complex/service-templates/test-complex-persistent-names/deployment-queue-worker-entity-index.yaml index 6390a099..d9ea1809 100644 --- a/internal/testdata/complex/service-templates/test-complex-persistent-names/deployment-queue-worker-entity-index.yaml +++ b/internal/testdata/complex/service-templates/test-complex-persistent-names/deployment-queue-worker-entity-index.yaml @@ -52,7 +52,9 @@ spec: - name: SERVICE_NAME value: queue-worker-entity-index envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example/example-project/main/queue-worker-entity-index@sha256:b2001babafaa8128fe89aa8fd11832cade59931d14c3de5b3ca32e2a010fbaa8 imagePullPolicy: Always diff --git a/internal/testdata/complex/service-templates/test-complex-persistent-names/deployment-queue-worker-priority-high.yaml b/internal/testdata/complex/service-templates/test-complex-persistent-names/deployment-queue-worker-priority-high.yaml index 5d9f03f0..3ffde8b5 100644 --- a/internal/testdata/complex/service-templates/test-complex-persistent-names/deployment-queue-worker-priority-high.yaml +++ b/internal/testdata/complex/service-templates/test-complex-persistent-names/deployment-queue-worker-priority-high.yaml @@ -52,7 +52,9 @@ spec: - name: SERVICE_NAME value: queue-worker-priority-high envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example/example-project/main/queue-worker-priority-high@sha256:b2001babafaa8128fe89aa8fd11832cade59931d14c3de5b3ca32e2a010fbaa8 imagePullPolicy: Always diff --git a/internal/testdata/complex/service-templates/test-complex-persistent-names/deployment-queue-worker-priority-instant.yaml b/internal/testdata/complex/service-templates/test-complex-persistent-names/deployment-queue-worker-priority-instant.yaml index 9a0b6db2..11aa4b7c 100644 --- a/internal/testdata/complex/service-templates/test-complex-persistent-names/deployment-queue-worker-priority-instant.yaml +++ b/internal/testdata/complex/service-templates/test-complex-persistent-names/deployment-queue-worker-priority-instant.yaml @@ -52,7 +52,9 @@ spec: - name: SERVICE_NAME value: queue-worker-priority-instant envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example/example-project/main/queue-worker-priority-instant@sha256:b2001babafaa8128fe89aa8fd11832cade59931d14c3de5b3ca32e2a010fbaa8 imagePullPolicy: Always diff --git a/internal/testdata/complex/service-templates/test-complex-persistent-names/deployment-queue-worker-priority-low.yaml b/internal/testdata/complex/service-templates/test-complex-persistent-names/deployment-queue-worker-priority-low.yaml index 10feb306..b1b14546 100644 --- a/internal/testdata/complex/service-templates/test-complex-persistent-names/deployment-queue-worker-priority-low.yaml +++ b/internal/testdata/complex/service-templates/test-complex-persistent-names/deployment-queue-worker-priority-low.yaml @@ -52,7 +52,9 @@ spec: - name: SERVICE_NAME value: queue-worker-priority-low envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example/example-project/main/queue-worker-priority-low@sha256:b2001babafaa8128fe89aa8fd11832cade59931d14c3de5b3ca32e2a010fbaa8 imagePullPolicy: Always diff --git a/internal/testdata/complex/service-templates/test-complex-persistent-names/deployment-queue-worker-priority-medium.yaml b/internal/testdata/complex/service-templates/test-complex-persistent-names/deployment-queue-worker-priority-medium.yaml index f070cd75..ecfdad81 100644 --- a/internal/testdata/complex/service-templates/test-complex-persistent-names/deployment-queue-worker-priority-medium.yaml +++ b/internal/testdata/complex/service-templates/test-complex-persistent-names/deployment-queue-worker-priority-medium.yaml @@ -52,7 +52,9 @@ spec: - name: SERVICE_NAME value: queue-worker-priority-medium envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example/example-project/main/queue-worker-priority-medium@sha256:b2001babafaa8128fe89aa8fd11832cade59931d14c3de5b3ca32e2a010fbaa8 imagePullPolicy: Always diff --git a/internal/testdata/complex/service-templates/test-complex-persistent-names/deployment-rabbitmq.yaml b/internal/testdata/complex/service-templates/test-complex-persistent-names/deployment-rabbitmq.yaml index 8975f817..144d8794 100644 --- a/internal/testdata/complex/service-templates/test-complex-persistent-names/deployment-rabbitmq.yaml +++ b/internal/testdata/complex/service-templates/test-complex-persistent-names/deployment-rabbitmq.yaml @@ -52,7 +52,9 @@ spec: - name: SERVICE_NAME value: rabbitmq envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example/example-project/main/rabbitmq@sha256:b2001babafaa8128fe89aa8fd11832cade59931d14c3de5b3ca32e2a010fbaa8 imagePullPolicy: Always diff --git a/internal/testdata/complex/service-templates/test-complex-persistent-names/deployment-redis-persist.yaml b/internal/testdata/complex/service-templates/test-complex-persistent-names/deployment-redis-persist.yaml index 3cadb864..aee06d12 100644 --- a/internal/testdata/complex/service-templates/test-complex-persistent-names/deployment-redis-persist.yaml +++ b/internal/testdata/complex/service-templates/test-complex-persistent-names/deployment-redis-persist.yaml @@ -56,7 +56,9 @@ spec: - name: SERVICE_NAME value: redis-persist envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example/example-project/main/redis-persist@sha256:b2001babafaa8128fe89aa8fd11832cade59931d14c3de5b3ca32e2a010fbaa8 imagePullPolicy: Always diff --git a/internal/testdata/complex/service-templates/test-complex-persistent-names/deployment-redis-session.yaml b/internal/testdata/complex/service-templates/test-complex-persistent-names/deployment-redis-session.yaml index 4801af1f..bebc051f 100644 --- a/internal/testdata/complex/service-templates/test-complex-persistent-names/deployment-redis-session.yaml +++ b/internal/testdata/complex/service-templates/test-complex-persistent-names/deployment-redis-session.yaml @@ -56,7 +56,9 @@ spec: - name: SERVICE_NAME value: redis-session envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example/example-project/main/redis-session@sha256:b2001babafaa8128fe89aa8fd11832cade59931d14c3de5b3ca32e2a010fbaa8 imagePullPolicy: Always diff --git a/internal/testdata/complex/service-templates/test-complex-persistent-names/deployment-redis.yaml b/internal/testdata/complex/service-templates/test-complex-persistent-names/deployment-redis.yaml index 667e1a96..e72ffbd0 100644 --- a/internal/testdata/complex/service-templates/test-complex-persistent-names/deployment-redis.yaml +++ b/internal/testdata/complex/service-templates/test-complex-persistent-names/deployment-redis.yaml @@ -52,7 +52,9 @@ spec: - name: SERVICE_NAME value: redis envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example/example-project/main/redis@sha256:b2001babafaa8128fe89aa8fd11832cade59931d14c3de5b3ca32e2a010fbaa8 imagePullPolicy: Always diff --git a/internal/testdata/complex/service-templates/test14-complex-custom-volumes/deployment-cli.yaml b/internal/testdata/complex/service-templates/test14-complex-custom-volumes/deployment-cli.yaml index af6122d3..f1b8e093 100644 --- a/internal/testdata/complex/service-templates/test14-complex-custom-volumes/deployment-cli.yaml +++ b/internal/testdata/complex/service-templates/test14-complex-custom-volumes/deployment-cli.yaml @@ -52,7 +52,9 @@ spec: - name: SERVICE_NAME value: cli envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example/example-project/main/cli@sha256:b2001babafaa8128fe89aa8fd11832cade59931d14c3de5b3ca32e2a010fbaa8 imagePullPolicy: Always diff --git a/internal/testdata/complex/service-templates/test14-complex-custom-volumes/deployment-mariadb.yaml b/internal/testdata/complex/service-templates/test14-complex-custom-volumes/deployment-mariadb.yaml index 3c3d4f5f..514aea9d 100644 --- a/internal/testdata/complex/service-templates/test14-complex-custom-volumes/deployment-mariadb.yaml +++ b/internal/testdata/complex/service-templates/test14-complex-custom-volumes/deployment-mariadb.yaml @@ -57,7 +57,9 @@ spec: - name: SERVICE_NAME value: mariadb envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example/example-project/main/mariadb@sha256:b2001babafaa8128fe89aa8fd11832cade59931d14c3de5b3ca32e2a010fbaa8 imagePullPolicy: Always diff --git a/internal/testdata/complex/service-templates/test14-complex-custom-volumes/deployment-nginx.yaml b/internal/testdata/complex/service-templates/test14-complex-custom-volumes/deployment-nginx.yaml index 69c99ce7..5a625119 100644 --- a/internal/testdata/complex/service-templates/test14-complex-custom-volumes/deployment-nginx.yaml +++ b/internal/testdata/complex/service-templates/test14-complex-custom-volumes/deployment-nginx.yaml @@ -54,7 +54,9 @@ spec: - name: SERVICE_NAME value: nginx envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example/example-project/main/nginx@sha256:b2001babafaa8128fe89aa8fd11832cade59931d14c3de5b3ca32e2a010fbaa8 imagePullPolicy: Always @@ -94,7 +96,9 @@ spec: - name: SERVICE_NAME value: nginx envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example/example-project/main/php@sha256:b2001babafaa8128fe89aa8fd11832cade59931d14c3de5b3ca32e2a010fbaa8 imagePullPolicy: Always diff --git a/internal/testdata/complex/service-templates/test2-nginx-php/cronjob-cronjob-cli-drush-cron2.yaml b/internal/testdata/complex/service-templates/test2-nginx-php/cronjob-cronjob-cli-drush-cron2.yaml index 71513956..2671b2bf 100644 --- a/internal/testdata/complex/service-templates/test2-nginx-php/cronjob-cronjob-cli-drush-cron2.yaml +++ b/internal/testdata/complex/service-templates/test2-nginx-php/cronjob-cronjob-cli-drush-cron2.yaml @@ -54,7 +54,9 @@ spec: - name: SERVICE_NAME value: cli envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example/example-project/main/cli@sha256:b2001babafaa8128fe89aa8fd11832cade59931d14c3de5b3ca32e2a010fbaa8 imagePullPolicy: Always diff --git a/internal/testdata/complex/service-templates/test2-nginx-php/deployment-cli.yaml b/internal/testdata/complex/service-templates/test2-nginx-php/deployment-cli.yaml index f7a10935..45de8ae1 100644 --- a/internal/testdata/complex/service-templates/test2-nginx-php/deployment-cli.yaml +++ b/internal/testdata/complex/service-templates/test2-nginx-php/deployment-cli.yaml @@ -54,7 +54,9 @@ spec: - name: SERVICE_NAME value: cli envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example/example-project/main/cli@sha256:b2001babafaa8128fe89aa8fd11832cade59931d14c3de5b3ca32e2a010fbaa8 imagePullPolicy: Always diff --git a/internal/testdata/complex/service-templates/test2-nginx-php/deployment-nginx-php.yaml b/internal/testdata/complex/service-templates/test2-nginx-php/deployment-nginx-php.yaml index f5beceff..f9ba0fae 100644 --- a/internal/testdata/complex/service-templates/test2-nginx-php/deployment-nginx-php.yaml +++ b/internal/testdata/complex/service-templates/test2-nginx-php/deployment-nginx-php.yaml @@ -54,7 +54,9 @@ spec: - name: SERVICE_NAME value: nginx-php envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example/example-project/main/nginx@sha256:b2001babafaa8128fe89aa8fd11832cade59931d14c3de5b3ca32e2a010fbaa8 imagePullPolicy: Always @@ -92,7 +94,9 @@ spec: - name: SERVICE_NAME value: nginx-php envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example/example-project/main/php@sha256:b2001babafaa8128fe89aa8fd11832cade59931d14c3de5b3ca32e2a010fbaa8 imagePullPolicy: Always diff --git a/internal/testdata/complex/service-templates/test2-nginx-php/deployment-redis.yaml b/internal/testdata/complex/service-templates/test2-nginx-php/deployment-redis.yaml index 667e1a96..e72ffbd0 100644 --- a/internal/testdata/complex/service-templates/test2-nginx-php/deployment-redis.yaml +++ b/internal/testdata/complex/service-templates/test2-nginx-php/deployment-redis.yaml @@ -52,7 +52,9 @@ spec: - name: SERVICE_NAME value: redis envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example/example-project/main/redis@sha256:b2001babafaa8128fe89aa8fd11832cade59931d14c3de5b3ca32e2a010fbaa8 imagePullPolicy: Always diff --git a/internal/testdata/complex/service-templates/test2-nginx-php/deployment-varnish.yaml b/internal/testdata/complex/service-templates/test2-nginx-php/deployment-varnish.yaml index 470d1dd8..4781075f 100644 --- a/internal/testdata/complex/service-templates/test2-nginx-php/deployment-varnish.yaml +++ b/internal/testdata/complex/service-templates/test2-nginx-php/deployment-varnish.yaml @@ -52,7 +52,9 @@ spec: - name: SERVICE_NAME value: varnish envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example/example-project/main/varnish@sha256:b2001babafaa8128fe89aa8fd11832cade59931d14c3de5b3ca32e2a010fbaa8 imagePullPolicy: Always diff --git a/internal/testdata/complex/service-templates/test2b-nginx-php/cronjob-cronjob-cli-drush-cron2.yaml b/internal/testdata/complex/service-templates/test2b-nginx-php/cronjob-cronjob-cli-drush-cron2.yaml index 0f77f760..691ebf98 100644 --- a/internal/testdata/complex/service-templates/test2b-nginx-php/cronjob-cronjob-cli-drush-cron2.yaml +++ b/internal/testdata/complex/service-templates/test2b-nginx-php/cronjob-cronjob-cli-drush-cron2.yaml @@ -54,7 +54,9 @@ spec: - name: SERVICE_NAME value: cli envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example/example-project/main/cli@sha256:b2001babafaa8128fe89aa8fd11832cade59931d14c3de5b3ca32e2a010fbaa8 imagePullPolicy: Always diff --git a/internal/testdata/complex/service-templates/test2b-nginx-php/deployment-cli.yaml b/internal/testdata/complex/service-templates/test2b-nginx-php/deployment-cli.yaml index ac370e98..7bc8a7e1 100644 --- a/internal/testdata/complex/service-templates/test2b-nginx-php/deployment-cli.yaml +++ b/internal/testdata/complex/service-templates/test2b-nginx-php/deployment-cli.yaml @@ -54,7 +54,9 @@ spec: - name: SERVICE_NAME value: cli envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example/example-project/main/cli@sha256:b2001babafaa8128fe89aa8fd11832cade59931d14c3de5b3ca32e2a010fbaa8 imagePullPolicy: Always diff --git a/internal/testdata/complex/service-templates/test2b-nginx-php/deployment-nginx-php.yaml b/internal/testdata/complex/service-templates/test2b-nginx-php/deployment-nginx-php.yaml index 71cdbbae..3a2aa1ac 100644 --- a/internal/testdata/complex/service-templates/test2b-nginx-php/deployment-nginx-php.yaml +++ b/internal/testdata/complex/service-templates/test2b-nginx-php/deployment-nginx-php.yaml @@ -54,7 +54,9 @@ spec: - name: SERVICE_NAME value: nginx-php envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example/example-project/main/nginx@sha256:b2001babafaa8128fe89aa8fd11832cade59931d14c3de5b3ca32e2a010fbaa8 imagePullPolicy: Always @@ -92,7 +94,9 @@ spec: - name: SERVICE_NAME value: nginx-php envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example/example-project/main/php@sha256:b2001babafaa8128fe89aa8fd11832cade59931d14c3de5b3ca32e2a010fbaa8 imagePullPolicy: Always diff --git a/internal/testdata/complex/service-templates/test2b-nginx-php/deployment-redis.yaml b/internal/testdata/complex/service-templates/test2b-nginx-php/deployment-redis.yaml index 605ae453..0d0b21cc 100644 --- a/internal/testdata/complex/service-templates/test2b-nginx-php/deployment-redis.yaml +++ b/internal/testdata/complex/service-templates/test2b-nginx-php/deployment-redis.yaml @@ -52,7 +52,9 @@ spec: - name: SERVICE_NAME value: redis envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example/example-project/main/redis@sha256:b2001babafaa8128fe89aa8fd11832cade59931d14c3de5b3ca32e2a010fbaa8 imagePullPolicy: Always diff --git a/internal/testdata/complex/service-templates/test2b-nginx-php/deployment-varnish.yaml b/internal/testdata/complex/service-templates/test2b-nginx-php/deployment-varnish.yaml index a1f2743d..4236a7c8 100644 --- a/internal/testdata/complex/service-templates/test2b-nginx-php/deployment-varnish.yaml +++ b/internal/testdata/complex/service-templates/test2b-nginx-php/deployment-varnish.yaml @@ -52,7 +52,9 @@ spec: - name: SERVICE_NAME value: varnish envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example/example-project/main/varnish@sha256:b2001babafaa8128fe89aa8fd11832cade59931d14c3de5b3ca32e2a010fbaa8 imagePullPolicy: Always diff --git a/internal/testdata/complex/service-templates/test2c-nginx-php/cronjob-cronjob-cli-drush-cron2.yaml b/internal/testdata/complex/service-templates/test2c-nginx-php/cronjob-cronjob-cli-drush-cron2.yaml index 9e9a0d27..c40fa71d 100644 --- a/internal/testdata/complex/service-templates/test2c-nginx-php/cronjob-cronjob-cli-drush-cron2.yaml +++ b/internal/testdata/complex/service-templates/test2c-nginx-php/cronjob-cronjob-cli-drush-cron2.yaml @@ -64,7 +64,9 @@ spec: - name: SERVICE_NAME value: cli envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example/example-project/main/cli@sha256:b2001babafaa8128fe89aa8fd11832cade59931d14c3de5b3ca32e2a010fbaa8 imagePullPolicy: Always diff --git a/internal/testdata/complex/service-templates/test2c-nginx-php/deployment-cli.yaml b/internal/testdata/complex/service-templates/test2c-nginx-php/deployment-cli.yaml index ac370e98..7bc8a7e1 100644 --- a/internal/testdata/complex/service-templates/test2c-nginx-php/deployment-cli.yaml +++ b/internal/testdata/complex/service-templates/test2c-nginx-php/deployment-cli.yaml @@ -54,7 +54,9 @@ spec: - name: SERVICE_NAME value: cli envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example/example-project/main/cli@sha256:b2001babafaa8128fe89aa8fd11832cade59931d14c3de5b3ca32e2a010fbaa8 imagePullPolicy: Always diff --git a/internal/testdata/complex/service-templates/test2c-nginx-php/deployment-nginx-php.yaml b/internal/testdata/complex/service-templates/test2c-nginx-php/deployment-nginx-php.yaml index 4cbac49c..268582ad 100644 --- a/internal/testdata/complex/service-templates/test2c-nginx-php/deployment-nginx-php.yaml +++ b/internal/testdata/complex/service-templates/test2c-nginx-php/deployment-nginx-php.yaml @@ -64,7 +64,9 @@ spec: - name: SERVICE_NAME value: nginx-php envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example/example-project/main/nginx@sha256:b2001babafaa8128fe89aa8fd11832cade59931d14c3de5b3ca32e2a010fbaa8 imagePullPolicy: Always @@ -102,7 +104,9 @@ spec: - name: SERVICE_NAME value: nginx-php envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example/example-project/main/php@sha256:b2001babafaa8128fe89aa8fd11832cade59931d14c3de5b3ca32e2a010fbaa8 imagePullPolicy: Always diff --git a/internal/testdata/complex/service-templates/test2c-nginx-php/deployment-redis.yaml b/internal/testdata/complex/service-templates/test2c-nginx-php/deployment-redis.yaml index 605ae453..0d0b21cc 100644 --- a/internal/testdata/complex/service-templates/test2c-nginx-php/deployment-redis.yaml +++ b/internal/testdata/complex/service-templates/test2c-nginx-php/deployment-redis.yaml @@ -52,7 +52,9 @@ spec: - name: SERVICE_NAME value: redis envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example/example-project/main/redis@sha256:b2001babafaa8128fe89aa8fd11832cade59931d14c3de5b3ca32e2a010fbaa8 imagePullPolicy: Always diff --git a/internal/testdata/complex/service-templates/test2c-nginx-php/deployment-varnish.yaml b/internal/testdata/complex/service-templates/test2c-nginx-php/deployment-varnish.yaml index a1f2743d..4236a7c8 100644 --- a/internal/testdata/complex/service-templates/test2c-nginx-php/deployment-varnish.yaml +++ b/internal/testdata/complex/service-templates/test2c-nginx-php/deployment-varnish.yaml @@ -52,7 +52,9 @@ spec: - name: SERVICE_NAME value: varnish envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example/example-project/main/varnish@sha256:b2001babafaa8128fe89aa8fd11832cade59931d14c3de5b3ca32e2a010fbaa8 imagePullPolicy: Always diff --git a/internal/testdata/complex/service-templates/test2d-nginx-php/cronjob-cronjob-cli-drush-cron2.yaml b/internal/testdata/complex/service-templates/test2d-nginx-php/cronjob-cronjob-cli-drush-cron2.yaml index e0cae640..4dfe7c74 100644 --- a/internal/testdata/complex/service-templates/test2d-nginx-php/cronjob-cronjob-cli-drush-cron2.yaml +++ b/internal/testdata/complex/service-templates/test2d-nginx-php/cronjob-cronjob-cli-drush-cron2.yaml @@ -54,7 +54,9 @@ spec: - name: SERVICE_NAME value: cli envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example/example-project/main/cli@sha256:b2001babafaa8128fe89aa8fd11832cade59931d14c3de5b3ca32e2a010fbaa8 imagePullPolicy: Always diff --git a/internal/testdata/complex/service-templates/test2d-nginx-php/deployment-cli.yaml b/internal/testdata/complex/service-templates/test2d-nginx-php/deployment-cli.yaml index ff652092..6a0b1df1 100644 --- a/internal/testdata/complex/service-templates/test2d-nginx-php/deployment-cli.yaml +++ b/internal/testdata/complex/service-templates/test2d-nginx-php/deployment-cli.yaml @@ -54,7 +54,9 @@ spec: - name: SERVICE_NAME value: cli envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example/example-project/main/cli@sha256:b2001babafaa8128fe89aa8fd11832cade59931d14c3de5b3ca32e2a010fbaa8 imagePullPolicy: Always diff --git a/internal/testdata/complex/service-templates/test2d-nginx-php/deployment-nginx-php.yaml b/internal/testdata/complex/service-templates/test2d-nginx-php/deployment-nginx-php.yaml index f600d28b..abee8da0 100644 --- a/internal/testdata/complex/service-templates/test2d-nginx-php/deployment-nginx-php.yaml +++ b/internal/testdata/complex/service-templates/test2d-nginx-php/deployment-nginx-php.yaml @@ -54,7 +54,9 @@ spec: - name: SERVICE_NAME value: nginx-php envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example/example-project/main/nginx@sha256:b2001babafaa8128fe89aa8fd11832cade59931d14c3de5b3ca32e2a010fbaa8 imagePullPolicy: Always @@ -96,7 +98,9 @@ spec: - name: SERVICE_NAME value: nginx-php envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example/example-project/main/php@sha256:b2001babafaa8128fe89aa8fd11832cade59931d14c3de5b3ca32e2a010fbaa8 imagePullPolicy: Always diff --git a/internal/testdata/complex/service-templates/test2d-nginx-php/deployment-redis.yaml b/internal/testdata/complex/service-templates/test2d-nginx-php/deployment-redis.yaml index 31cb9318..85273669 100644 --- a/internal/testdata/complex/service-templates/test2d-nginx-php/deployment-redis.yaml +++ b/internal/testdata/complex/service-templates/test2d-nginx-php/deployment-redis.yaml @@ -52,7 +52,9 @@ spec: - name: SERVICE_NAME value: redis envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example/example-project/main/redis@sha256:b2001babafaa8128fe89aa8fd11832cade59931d14c3de5b3ca32e2a010fbaa8 imagePullPolicy: Always diff --git a/internal/testdata/complex/service-templates/test2d-nginx-php/deployment-varnish.yaml b/internal/testdata/complex/service-templates/test2d-nginx-php/deployment-varnish.yaml index 392f0697..e7c2f6a3 100644 --- a/internal/testdata/complex/service-templates/test2d-nginx-php/deployment-varnish.yaml +++ b/internal/testdata/complex/service-templates/test2d-nginx-php/deployment-varnish.yaml @@ -52,7 +52,9 @@ spec: - name: SERVICE_NAME value: varnish envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example/example-project/main/varnish@sha256:b2001babafaa8128fe89aa8fd11832cade59931d14c3de5b3ca32e2a010fbaa8 imagePullPolicy: Always diff --git a/internal/testdata/complex/service-templates/test8-multiple-services/deployment-mariadb-10-5.yaml b/internal/testdata/complex/service-templates/test8-multiple-services/deployment-mariadb-10-5.yaml index bfdef32a..04e1c204 100644 --- a/internal/testdata/complex/service-templates/test8-multiple-services/deployment-mariadb-10-5.yaml +++ b/internal/testdata/complex/service-templates/test8-multiple-services/deployment-mariadb-10-5.yaml @@ -57,7 +57,9 @@ spec: - name: SERVICE_NAME value: mariadb-10-5 envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example/example-project/main/mariadb-10-5@sha256:b2001babafaa8128fe89aa8fd11832cade59931d14c3de5b3ca32e2a010fbaa8 imagePullPolicy: Always diff --git a/internal/testdata/complex/service-templates/test8-multiple-services/deployment-opensearch-2.yaml b/internal/testdata/complex/service-templates/test8-multiple-services/deployment-opensearch-2.yaml index 5c4a4108..c48b1719 100644 --- a/internal/testdata/complex/service-templates/test8-multiple-services/deployment-opensearch-2.yaml +++ b/internal/testdata/complex/service-templates/test8-multiple-services/deployment-opensearch-2.yaml @@ -56,7 +56,9 @@ spec: - name: SERVICE_NAME value: opensearch-2 envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example/example-project/main/opensearch-2@sha256:b2001babafaa8128fe89aa8fd11832cade59931d14c3de5b3ca32e2a010fbaa8 imagePullPolicy: Always diff --git a/internal/testdata/complex/service-templates/test8-multiple-services/deployment-postgres-11.yaml b/internal/testdata/complex/service-templates/test8-multiple-services/deployment-postgres-11.yaml index 4830e706..720f4219 100644 --- a/internal/testdata/complex/service-templates/test8-multiple-services/deployment-postgres-11.yaml +++ b/internal/testdata/complex/service-templates/test8-multiple-services/deployment-postgres-11.yaml @@ -57,7 +57,9 @@ spec: - name: SERVICE_NAME value: postgres-11 envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example/example-project/main/postgres-11@sha256:b2001babafaa8128fe89aa8fd11832cade59931d14c3de5b3ca32e2a010fbaa8 imagePullPolicy: Always diff --git a/internal/testdata/complex/service-templates/test8-multiple-services/deployment-redis-6.yaml b/internal/testdata/complex/service-templates/test8-multiple-services/deployment-redis-6.yaml index 5f4ce0b3..56405294 100644 --- a/internal/testdata/complex/service-templates/test8-multiple-services/deployment-redis-6.yaml +++ b/internal/testdata/complex/service-templates/test8-multiple-services/deployment-redis-6.yaml @@ -52,7 +52,9 @@ spec: - name: SERVICE_NAME value: redis-6 envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example/example-project/main/redis-6@sha256:b2001babafaa8128fe89aa8fd11832cade59931d14c3de5b3ca32e2a010fbaa8 imagePullPolicy: Always diff --git a/internal/testdata/complex/service-templates/test8-multiple-services/deployment-redis-7.yaml b/internal/testdata/complex/service-templates/test8-multiple-services/deployment-redis-7.yaml index d87cf544..7f0b2b33 100644 --- a/internal/testdata/complex/service-templates/test8-multiple-services/deployment-redis-7.yaml +++ b/internal/testdata/complex/service-templates/test8-multiple-services/deployment-redis-7.yaml @@ -52,7 +52,9 @@ spec: - name: SERVICE_NAME value: redis-7 envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example/example-project/main/redis-7@sha256:b2001babafaa8128fe89aa8fd11832cade59931d14c3de5b3ca32e2a010fbaa8 imagePullPolicy: Always diff --git a/internal/testdata/complex/service-templates/test8-multiple-services/deployment-solr-8.yaml b/internal/testdata/complex/service-templates/test8-multiple-services/deployment-solr-8.yaml index ed987ec7..d0345465 100644 --- a/internal/testdata/complex/service-templates/test8-multiple-services/deployment-solr-8.yaml +++ b/internal/testdata/complex/service-templates/test8-multiple-services/deployment-solr-8.yaml @@ -56,7 +56,9 @@ spec: - name: SERVICE_NAME value: solr-8 envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example/example-project/main/solr-8@sha256:b2001babafaa8128fe89aa8fd11832cade59931d14c3de5b3ca32e2a010fbaa8 imagePullPolicy: Always diff --git a/internal/testdata/complex/service-templates/test8-multiple-services/deployment-web.yaml b/internal/testdata/complex/service-templates/test8-multiple-services/deployment-web.yaml index 9d15af59..897dc3ac 100644 --- a/internal/testdata/complex/service-templates/test8-multiple-services/deployment-web.yaml +++ b/internal/testdata/complex/service-templates/test8-multiple-services/deployment-web.yaml @@ -52,7 +52,9 @@ spec: - name: SERVICE_NAME value: web envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example/example-project/main/web@sha256:b2001babafaa8128fe89aa8fd11832cade59931d14c3de5b3ca32e2a010fbaa8 imagePullPolicy: Always diff --git a/internal/testdata/complex/service-templates/test9-meta-dbaas-types/deployment-mariadb-10-11.yaml b/internal/testdata/complex/service-templates/test9-meta-dbaas-types/deployment-mariadb-10-11.yaml index a06d7e09..0090caa9 100644 --- a/internal/testdata/complex/service-templates/test9-meta-dbaas-types/deployment-mariadb-10-11.yaml +++ b/internal/testdata/complex/service-templates/test9-meta-dbaas-types/deployment-mariadb-10-11.yaml @@ -57,7 +57,9 @@ spec: - name: SERVICE_NAME value: mariadb-10-11 envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example/example-project/main/mariadb-10-11@sha256:b2001babafaa8128fe89aa8fd11832cade59931d14c3de5b3ca32e2a010fbaa8 imagePullPolicy: Always diff --git a/internal/testdata/complex/service-templates/test9-meta-dbaas-types/deployment-mariadb-10-5.yaml b/internal/testdata/complex/service-templates/test9-meta-dbaas-types/deployment-mariadb-10-5.yaml index ffe813fe..548863ac 100644 --- a/internal/testdata/complex/service-templates/test9-meta-dbaas-types/deployment-mariadb-10-5.yaml +++ b/internal/testdata/complex/service-templates/test9-meta-dbaas-types/deployment-mariadb-10-5.yaml @@ -57,7 +57,9 @@ spec: - name: SERVICE_NAME value: mariadb-10-5 envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example/example-project/main/mariadb-10-5@sha256:b2001babafaa8128fe89aa8fd11832cade59931d14c3de5b3ca32e2a010fbaa8 imagePullPolicy: Always diff --git a/internal/testdata/complex/service-templates/test9-meta-dbaas-types/deployment-mongo-4.yaml b/internal/testdata/complex/service-templates/test9-meta-dbaas-types/deployment-mongo-4.yaml index ab6a6678..4cfc3321 100644 --- a/internal/testdata/complex/service-templates/test9-meta-dbaas-types/deployment-mongo-4.yaml +++ b/internal/testdata/complex/service-templates/test9-meta-dbaas-types/deployment-mongo-4.yaml @@ -56,7 +56,9 @@ spec: - name: SERVICE_NAME value: mongo-4 envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example/example-project/main/mongo-4@sha256:b2001babafaa8128fe89aa8fd11832cade59931d14c3de5b3ca32e2a010fbaa8 imagePullPolicy: Always diff --git a/internal/testdata/complex/service-templates/test9-meta-dbaas-types/deployment-postgres-11.yaml b/internal/testdata/complex/service-templates/test9-meta-dbaas-types/deployment-postgres-11.yaml index 37d2360b..ac283fa9 100644 --- a/internal/testdata/complex/service-templates/test9-meta-dbaas-types/deployment-postgres-11.yaml +++ b/internal/testdata/complex/service-templates/test9-meta-dbaas-types/deployment-postgres-11.yaml @@ -57,7 +57,9 @@ spec: - name: SERVICE_NAME value: postgres-11 envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example/example-project/main/postgres-11@sha256:b2001babafaa8128fe89aa8fd11832cade59931d14c3de5b3ca32e2a010fbaa8 imagePullPolicy: Always diff --git a/internal/testdata/complex/service-templates/test9-meta-dbaas-types/deployment-postgres-15.yaml b/internal/testdata/complex/service-templates/test9-meta-dbaas-types/deployment-postgres-15.yaml index 40799a7d..eb1c121a 100644 --- a/internal/testdata/complex/service-templates/test9-meta-dbaas-types/deployment-postgres-15.yaml +++ b/internal/testdata/complex/service-templates/test9-meta-dbaas-types/deployment-postgres-15.yaml @@ -57,7 +57,9 @@ spec: - name: SERVICE_NAME value: postgres-15 envFrom: - - configMapRef: + - secretRef: + name: lagoon-platform-env + - secretRef: name: lagoon-env image: harbor.example/example-project/main/postgres-15@sha256:b2001babafaa8128fe89aa8fd11832cade59931d14c3de5b3ca32e2a010fbaa8 imagePullPolicy: Always diff --git a/legacy/build-deploy-docker-compose.sh b/legacy/build-deploy-docker-compose.sh index 9a3f510b..c30c2690 100755 --- a/legacy/build-deploy-docker-compose.sh +++ b/legacy/build-deploy-docker-compose.sh @@ -161,8 +161,19 @@ if [ ! -z "$(featureFlag IMAGECACHE_REGISTRY)" ]; then [[ $last_char != "/" ]] && IMAGECACHE_REGISTRY="$IMAGECACHE_REGISTRY/"; : fi -# Load path of docker-compose that should be used -DOCKER_COMPOSE_YAML=($(cat .lagoon.yml | shyaml get-value docker-compose-yaml)) +set +e +currentStepEnd="$(date +"%Y-%m-%d %H:%M:%S")" +patchBuildStep "${buildStartTime}" "${buildStartTime}" "${currentStepEnd}" "${NAMESPACE}" "initialSetup" "Initial Environment Setup" "false" +previousStepEnd=${currentStepEnd} + +# Validate `lagoon.yml` first to try detect any errors here first +beginBuildStep ".lagoon.yml Validation" "lagoonYmlValidation" +############################################## +### RUN lagoon-yml validation against the final data which may have overrides +### from .lagoon.override.yml file or LAGOON_YAML_OVERRIDE environment variable +############################################## +lyvOutput=$(bash -c 'build-deploy-tool validate lagoon-yml; exit $?' 2>&1) +lyvExit=$? echo "Updating lagoon-yaml configmap with a pre-deploy version of the .lagoon.yml file" if kubectl -n ${NAMESPACE} get configmap lagoon-yaml &> /dev/null; then @@ -181,6 +192,39 @@ if kubectl -n ${NAMESPACE} get configmap lagoon-yaml &> /dev/null; then # create it kubectl -n ${NAMESPACE} create configmap lagoon-yaml --from-file=pre-deploy=.lagoon.yml fi + +if [ "${lyvExit}" != "0" ]; then + currentStepEnd="$(date +"%Y-%m-%d %H:%M:%S")" + patchBuildStep "${buildStartTime}" "${previousStepEnd}" "${currentStepEnd}" "${NAMESPACE}" "lagoonYmlValidationError" ".lagoon.yml Validation" "false" + previousStepEnd=${currentStepEnd} + echo " +############################################## +Warning! +There are issues with your .lagoon.yml file that must be fixed. +Refer to the .lagoon.yml docs for the correct syntax +https://docs.lagoon.sh/using-lagoon-the-basics/lagoon-yml/ +############################################## +" + echo "${lyvOutput}" + echo " +##############################################" + exit 1 +fi + +# The attempt to valid the `docker-compose.yaml` file +beginBuildStep "Docker Compose Validation" "dockerComposeValidation" + +# Load path of docker-compose that should be used +DOCKER_COMPOSE_YAML=($(cat .lagoon.yml | yq -o json | jq -r '."docker-compose-yaml"')) + +DOCKER_COMPOSE_WARNING_COUNT=0 +############################################## +### RUN docker compose config check against the provided docker-compose file +### use the `build-validate` built in validater to run over the provided docker-compose file +############################################## +dccOutput=$(bash -c 'build-deploy-tool validate docker-compose --docker-compose '${DOCKER_COMPOSE_YAML}'; exit $?' 2>&1) +dccExit=$? + echo "Updating docker-compose-yaml configmap with a pre-deploy version of the docker-compose.yml file" if kubectl -n ${NAMESPACE} get configmap docker-compose-yaml &> /dev/null; then # replace it @@ -199,18 +243,6 @@ if kubectl -n ${NAMESPACE} get configmap docker-compose-yaml &> /dev/null; then kubectl -n ${NAMESPACE} create configmap docker-compose-yaml --from-file=pre-deploy=${DOCKER_COMPOSE_YAML} fi -set +e -currentStepEnd="$(date +"%Y-%m-%d %H:%M:%S")" -patchBuildStep "${buildStartTime}" "${buildStartTime}" "${currentStepEnd}" "${NAMESPACE}" "initialSetup" "Initial Environment Setup" "false" -previousStepEnd=${currentStepEnd} -beginBuildStep "Docker Compose Validation" "dockerComposeValidation" -DOCKER_COMPOSE_WARNING_COUNT=0 -############################################## -### RUN docker compose config check against the provided docker-compose file -### use the `build-validate` built in validater to run over the provided docker-compose file -############################################## -dccOutput=$(bash -c 'build-deploy-tool validate docker-compose --docker-compose '${DOCKER_COMPOSE_YAML}'; exit $?' 2>&1) -dccExit=$? if [ "${dccExit}" != "0" ]; then currentStepEnd="$(date +"%Y-%m-%d %H:%M:%S")" patchBuildStep "${buildStartTime}" "${previousStepEnd}" "${currentStepEnd}" "${NAMESPACE}" "dockerComposeValidationError" "Docker Compose Validation" "false" @@ -307,42 +339,6 @@ else patchBuildStep "${buildStartTime}" "${previousStepEnd}" "${currentStepEnd}" "${NAMESPACE}" "dockerComposeValidation" "Docker Compose Validation" "false" previousStepEnd=${currentStepEnd} fi - - -if [[ "$DOCKER_COMPOSE_VALIDATION_ERROR" == "true" ]]; then - # drop the exit here if this should be an error - echo "> You can instruct Lagoon to change this to a warning by setting the following variable" - echo "> '${DOCKER_COMPOSE_VALIDATION_ERROR_VARIABLE}=disabled' as a GLOBAL scoped variable to this environment or project." - echo "> A future release of Lagoon will not be able to change this error." - echo "> You should correct the issue as soon as possible to prevent future build failures." - exit 1 -fi - -beginBuildStep ".lagoon.yml Validation" "lagoonYmlValidation" -############################################## -### RUN lagoon-yml validation against the final data which may have overrides -### from .lagoon.override.yml file or LAGOON_YAML_OVERRIDE environment variable -############################################## -lyvOutput=$(bash -c 'build-deploy-tool validate lagoon-yml; exit $?' 2>&1) -lyvExit=$? - -if [ "${lyvExit}" != "0" ]; then - currentStepEnd="$(date +"%Y-%m-%d %H:%M:%S")" - patchBuildStep "${buildStartTime}" "${previousStepEnd}" "${currentStepEnd}" "${NAMESPACE}" "lagoonYmlValidationError" ".lagoon.yml Validation" "false" - previousStepEnd=${currentStepEnd} - echo " -############################################## -Warning! -There are issues with your .lagoon.yml file that must be fixed. -Refer to the .lagoon.yml docs for the correct syntax -${LAGOON_FEATURE_FLAG_DEFAULT_DOCUMENTATION_URL}/using-lagoon-the-basics/lagoon-yml/ -############################################## -" - echo "${lyvOutput}" - echo " -##############################################" - exit 1 -fi set -e # Validate .lagoon.yml only, no overrides. lagoon-linter still has checks that @@ -365,7 +361,7 @@ fi # # export LAGOON_GIT_SHA=`git rev-parse HEAD` # -INJECT_GIT_SHA=$(cat .lagoon.yml | shyaml get-value environment_variables.git_sha false) +INJECT_GIT_SHA=$(cat .lagoon.yml | yq -o json | jq -r '.environment_variables.git_sha // false') if [ "$INJECT_GIT_SHA" == "true" ] then # export this so the build-deploy-tool can read it @@ -379,10 +375,10 @@ currentStepEnd="$(date +"%Y-%m-%d %H:%M:%S")" patchBuildStep "${buildStartTime}" "${previousStepEnd}" "${currentStepEnd}" "${NAMESPACE}" "lagoonYmlValidation" ".lagoon.yml Validation" "false" previousStepEnd=${currentStepEnd} beginBuildStep "Configure Variables" "configuringVariables" -DEPLOY_TYPE=$(cat .lagoon.yml | shyaml get-value environments.${BRANCH//./\\.}.deploy-type default) +DEPLOY_TYPE=$(cat .lagoon.yml | yq -o json | jq -r '.environments.'\"${BRANCH//.\//.}\"'."deploy-type" // "default"') # Load all Services that are defined -COMPOSE_SERVICES=($(cat $DOCKER_COMPOSE_YAML | shyaml keys services)) +COMPOSE_SERVICES=($(cat $DOCKER_COMPOSE_YAML | yq -o json | jq -r '.services | keys_unsorted | .[]')) ############################################## ### CACHE IMAGE LIST GENERATION @@ -413,6 +409,10 @@ declare -A IMAGES_PUSH declare -A IMAGES_PROMOTE # this array stores the hashes of the built images declare -A IMAGE_HASHES +# this array stores the dbaas consumer specs +declare -A MARIADB_DBAAS_CONSUMER_SPECS +declare -A POSTGRES_DBAAS_CONSUMER_SPECS +declare -A MONGODB_DBAAS_CONSUMER_SPECS # this sets CAPABILITIES which is used by some processes in this build . /kubectl-build-deploy/scripts/kubectl-get-cluster-capabilities.sh @@ -451,16 +451,16 @@ DBAAS=($(build-deploy-tool identify dbaas)) for COMPOSE_SERVICE in "${COMPOSE_SERVICES[@]}" do # The name of the service can be overridden, if not we use the actual servicename - SERVICE_NAME=$(cat $DOCKER_COMPOSE_YAML | shyaml get-value services.$COMPOSE_SERVICE.labels.lagoon\\.name default) + SERVICE_NAME=$(cat $DOCKER_COMPOSE_YAML | yq -o json | jq -r '.services.'\"$COMPOSE_SERVICE\"'.labels."lagoon.name" // "default"') if [ "$SERVICE_NAME" == "default" ]; then SERVICE_NAME=$COMPOSE_SERVICE fi # Load the servicetype. If it's "none" we will not care about this service at all - SERVICE_TYPE=$(cat $DOCKER_COMPOSE_YAML | shyaml get-value services.$COMPOSE_SERVICE.labels.lagoon\\.type custom) + SERVICE_TYPE=$(cat $DOCKER_COMPOSE_YAML | yq -o json | jq -r '.services.'\"$COMPOSE_SERVICE\"'.labels."lagoon.type" // "custom"') # Allow the servicetype to be overriden by environment in .lagoon.yml - ENVIRONMENT_SERVICE_TYPE_OVERRIDE=$(cat .lagoon.yml | shyaml get-value environments.${BRANCH//./\\.}.types.$SERVICE_NAME false) + ENVIRONMENT_SERVICE_TYPE_OVERRIDE=$(cat .lagoon.yml | yq -o json | jq -r '.environments.'\"${BRANCH//./\\.}\"'.types.'\"$SERVICE_NAME\"' // false') if [ ! $ENVIRONMENT_SERVICE_TYPE_OVERRIDE == "false" ]; then SERVICE_TYPE=$ENVIRONMENT_SERVICE_TYPE_OVERRIDE fi @@ -495,7 +495,7 @@ do # For DeploymentConfigs with multiple Services inside (like nginx-php), we allow to define the service type of within the # deploymentconfig via lagoon.deployment.servicetype. If this is not set we use the Compose Service Name - DEPLOYMENT_SERVICETYPE=$(cat $DOCKER_COMPOSE_YAML | shyaml get-value services.$COMPOSE_SERVICE.labels.lagoon\\.deployment\\.servicetype default) + DEPLOYMENT_SERVICETYPE=$(cat $DOCKER_COMPOSE_YAML | yq -o json | jq -r '.services.'\"$COMPOSE_SERVICE\"'.labels."lagoon.deployment.servicetype" // "default"') if [ "$DEPLOYMENT_SERVICETYPE" == "default" ]; then DEPLOYMENT_SERVICETYPE=$COMPOSE_SERVICE fi @@ -731,23 +731,23 @@ YAML_FOLDER="/kubectl-build-deploy/lagoon/services-routes" mkdir -p $YAML_FOLDER # BC for routes.insecure, which is now called routes.autogenerate.insecure -BC_ROUTES_AUTOGENERATE_INSECURE=$(cat .lagoon.yml | shyaml get-value routes.insecure false) +BC_ROUTES_AUTOGENERATE_INSECURE=$(cat .lagoon.yml | yq -o json | jq -r '.routes.insecure // false') if [ ! $BC_ROUTES_AUTOGENERATE_INSECURE == "false" ]; then echo "=== routes.insecure is now defined in routes.autogenerate.insecure, pleae update your .lagoon.yml file" # update the .lagoon.yml with the new location for build-deploy-tool to read - yq3 write -i -- .lagoon.yml 'routes.autogenerate.insecure' $BC_ROUTES_AUTOGENERATE_INSECURE + yq -i '.routes.autogenerate.insecure = "'${BC_ROUTES_AUTOGENERATE_INSECURE}'"' .lagoon.yml fi touch /kubectl-build-deploy/values.yaml -yq3 write -i -- /kubectl-build-deploy/values.yaml 'project' $PROJECT -yq3 write -i -- /kubectl-build-deploy/values.yaml 'environment' $ENVIRONMENT -yq3 write -i -- /kubectl-build-deploy/values.yaml 'environmentType' $ENVIRONMENT_TYPE -yq3 write -i -- /kubectl-build-deploy/values.yaml 'namespace' $NAMESPACE -yq3 write -i -- /kubectl-build-deploy/values.yaml 'gitSha' $LAGOON_GIT_SHA -yq3 write -i -- /kubectl-build-deploy/values.yaml 'buildType' $BUILD_TYPE -yq3 write -i -- /kubectl-build-deploy/values.yaml 'kubernetes' $KUBERNETES -yq3 write -i -- /kubectl-build-deploy/values.yaml 'lagoonVersion' $LAGOON_VERSION +yq -i '.project = "'${PROJECT}'"' /kubectl-build-deploy/values.yaml +yq -i '.environmentType = "'${ENVIRONMENT}'"' /kubectl-build-deploy/values.yaml +yq -i '.environmentType = "'${ENVIRONMENT_TYPE}'"' /kubectl-build-deploy/values.yaml +yq -i '.namespace = "'${NAMESPACE}'"' /kubectl-build-deploy/values.yaml +yq -i '.gitSha = "'${LAGOON_GIT_SHA}'"' /kubectl-build-deploy/values.yaml +yq -i '.buildType = "'${BUILD_TYPE}'"' /kubectl-build-deploy/values.yaml +yq -i '.kubernetes = "'${KUBERNETES}'"' /kubectl-build-deploy/values.yaml +yq -i '.lagoonVersion = "'${LAGOON_VERSION}'"' /kubectl-build-deploy/values.yaml # check for ROOTLESS_WORKLOAD feature flag, disabled by default if [ "${SCC_CHECK}" != "false" ]; then @@ -755,44 +755,21 @@ if [ "${SCC_CHECK}" != "false" ]; then # this applies it to all deployments in this environment because we don't isolate by service type its applied to all OPENSHIFT_SUPPLEMENTAL_GROUP=$(kubectl get namespace ${NAMESPACE} -o json | jq -r '.metadata.annotations."openshift.io/sa.scc.supplemental-groups"' | cut -c -10) echo "Setting openshift fsGroup to ${OPENSHIFT_SUPPLEMENTAL_GROUP}" - yq3 write -i -- /kubectl-build-deploy/values.yaml 'podSecurityContext.fsGroup' $OPENSHIFT_SUPPLEMENTAL_GROUP + yq -i '.podSecurityContext.fsGroup = "'${OPENSHIFT_SUPPLEMENTAL_GROUP}'"' /kubectl-build-deploy/values.yaml fi -echo -e "\ -LAGOON_PROJECT=${PROJECT}\n\ -LAGOON_ENVIRONMENT=${ENVIRONMENT}\n\ -LAGOON_ENVIRONMENT_TYPE=${ENVIRONMENT_TYPE}\n\ -LAGOON_GIT_SHA=${LAGOON_GIT_SHA}\n\ -LAGOON_KUBERNETES=${KUBERNETES}\n\ -" >> /kubectl-build-deploy/values.env - -# DEPRECATED: will be removed with Lagoon 3.0.0 -# LAGOON_GIT_SAFE_BRANCH is pointing to the enviornment name, therefore also is filled if this environment -# is created by a PR or Promote workflow. This technically wrong, therefore will be removed -echo -e "\ -LAGOON_GIT_SAFE_BRANCH=${ENVIRONMENT}\n\ -" >> /kubectl-build-deploy/values.env -if [ "$BUILD_TYPE" == "branch" ]; then - yq3 write -i -- /kubectl-build-deploy/values.yaml 'branch' $BRANCH - echo -e "\ -LAGOON_GIT_BRANCH=${BRANCH}\n\ -" >> /kubectl-build-deploy/values.env + +if [ "$BUILD_TYPE" == "branch" ]; then + yq -i '.branch = "'${BRANCH}'"' /kubectl-build-deploy/values.yaml fi if [ "$BUILD_TYPE" == "pullrequest" ]; then - yq3 write -i -- /kubectl-build-deploy/values.yaml 'prHeadBranch' "$PR_HEAD_BRANCH" - yq3 write -i -- /kubectl-build-deploy/values.yaml 'prBaseBranch' "$PR_BASE_BRANCH" - yq3 write -i -- /kubectl-build-deploy/values.yaml 'prTitle' "$PR_TITLE" - yq3 write -i -- /kubectl-build-deploy/values.yaml 'prNumber' "$PR_NUMBER" - - echo -e "\ -LAGOON_PR_HEAD_BRANCH=${PR_HEAD_BRANCH}\n\ -LAGOON_PR_BASE_BRANCH=${PR_BASE_BRANCH}\n\ -LAGOON_PR_TITLE=${PR_TITLE}\n\ -LAGOON_PR_NUMBER=${PR_NUMBER}\n\ -" >> /kubectl-build-deploy/values.env + yq -i '.prHeadBranch = "'${PR_HEAD_BRANCH}'"' /kubectl-build-deploy/values.yaml + yq -i '.prBaseBranch = "'${PR_BASE_BRANCH}'"' /kubectl-build-deploy/values.yaml + yq -i '.prTitle = "'${PR_TITLE}'"' /kubectl-build-deploy/values.yaml + yq -i '.prNumber = "'${PR_NUMBER}'"' /kubectl-build-deploy/values.yaml fi currentStepEnd="$(date +"%Y-%m-%d %H:%M:%S")" @@ -1102,74 +1079,9 @@ fi # Get list of autogenerated routes AUTOGENERATED_ROUTES=$(kubectl -n ${NAMESPACE} get ingress --sort-by='{.metadata.name}' -l "lagoon.sh/autogenerated=true" -o=go-template --template='{{range $indexItems, $ingress := .items}}{{if $indexItems}},{{end}}{{$tls := .spec.tls}}{{range $indexRule, $rule := .spec.rules}}{{if $indexRule}},{{end}}{{if $tls}}https://{{else}}http://{{end}}{{.host}}{{end}}{{end}}') -yq3 write -i -- /kubectl-build-deploy/values.yaml 'route' "$ROUTE" -yq3 write -i -- /kubectl-build-deploy/values.yaml 'routes' "$ROUTES" -yq3 write -i -- /kubectl-build-deploy/values.yaml 'autogeneratedRoutes' "$AUTOGENERATED_ROUTES" - - -# Add in Lagoon core api and ssh-portal details, if available -if [ ! -z "$LAGOON_CONFIG_API_HOST" ]; then - BUILD_ARGS+=(--build-arg LAGOON_CONFIG_API_HOST="${LAGOON_CONFIG_API_HOST}") - echo -e "LAGOON_CONFIG_API_HOST=${LAGOON_CONFIG_API_HOST}\n" >> /kubectl-build-deploy/values.env -fi - -if [ ! -z "$LAGOON_CONFIG_TOKEN_HOST" ]; then - BUILD_ARGS+=(--build-arg LAGOON_CONFIG_TOKEN_HOST="${LAGOON_CONFIG_TOKEN_HOST}") - echo -e "LAGOON_CONFIG_TOKEN_HOST=${LAGOON_CONFIG_TOKEN_HOST}\n" >> /kubectl-build-deploy/values.env -fi - -if [ ! -z "$LAGOON_CONFIG_TOKEN_PORT" ]; then - BUILD_ARGS+=(--build-arg LAGOON_CONFIG_TOKEN_PORT="${LAGOON_CONFIG_TOKEN_PORT}") - echo -e "LAGOON_CONFIG_TOKEN_PORT=${LAGOON_CONFIG_TOKEN_PORT}\n" >> /kubectl-build-deploy/values.env -fi - -if [ ! -z "$LAGOON_CONFIG_SSH_HOST" ]; then - BUILD_ARGS+=(--build-arg LAGOON_CONFIG_SSH_HOST="${LAGOON_CONFIG_SSH_HOST}") - echo -e "LAGOON_CONFIG_SSH_HOST=${LAGOON_CONFIG_SSH_HOST}\n" >> /kubectl-build-deploy/values.env -fi - -if [ ! -z "$LAGOON_CONFIG_SSH_PORT" ]; then - BUILD_ARGS+=(--build-arg LAGOON_CONFIG_SSH_PORT="${LAGOON_CONFIG_SSH_PORT}") - echo -e "LAGOON_CONFIG_SSH_PORT=${LAGOON_CONFIG_SSH_PORT}\n" >> /kubectl-build-deploy/values.env -fi - -echo -e "\ -LAGOON_ROUTE=${ROUTE}\n\ -LAGOON_ROUTES=${ROUTES}\n\ -LAGOON_AUTOGENERATED_ROUTES=${AUTOGENERATED_ROUTES}\n\ -" >> /kubectl-build-deploy/values.env - -# Generate a Config Map with project wide env variables -kubectl -n ${NAMESPACE} create configmap lagoon-env -o yaml --dry-run=client --from-env-file=/kubectl-build-deploy/values.env | kubectl apply -n ${NAMESPACE} -f - - -# Add environment variables from lagoon API -if [ ! -z "$LAGOON_PROJECT_VARIABLES" ]; then - HAS_PROJECT_RUNTIME_VARS=$(echo $LAGOON_PROJECT_VARIABLES | jq -r 'map( select(.scope == "runtime" or .scope == "global") )') - - if [ ! "$HAS_PROJECT_RUNTIME_VARS" = "[]" ]; then - kubectl patch \ - -n ${NAMESPACE} \ - configmap lagoon-env \ - -p "{\"data\":$(echo $LAGOON_PROJECT_VARIABLES | jq -r 'map( select(.scope == "runtime" or .scope == "global") ) | map( { (.name) : .value } ) | add | tostring')}" - fi -fi -if [ ! -z "$LAGOON_ENVIRONMENT_VARIABLES" ]; then - HAS_ENVIRONMENT_RUNTIME_VARS=$(echo $LAGOON_ENVIRONMENT_VARIABLES | jq -r 'map( select(.scope == "runtime" or .scope == "global") )') - - if [ ! "$HAS_ENVIRONMENT_RUNTIME_VARS" = "[]" ]; then - kubectl patch \ - -n ${NAMESPACE} \ - configmap lagoon-env \ - -p "{\"data\":$(echo $LAGOON_ENVIRONMENT_VARIABLES | jq -r 'map( select(.scope == "runtime" or .scope == "global") ) | map( { (.name) : .value } ) | add | tostring')}" - fi -fi - -if [ "$BUILD_TYPE" == "pullrequest" ]; then - kubectl patch \ - -n ${NAMESPACE} \ - configmap lagoon-env \ - -p "{\"data\":{\"LAGOON_PR_HEAD_BRANCH\":\"${PR_HEAD_BRANCH}\", \"LAGOON_PR_BASE_BRANCH\":\"${PR_BASE_BRANCH}\", \"LAGOON_PR_TITLE\":$(echo $PR_TITLE | jq -R)}}" -fi +yq -i '.route = "'${ROUTE}'"' /kubectl-build-deploy/values.yaml +yq -i '.routes = "'${ROUTES}'"' /kubectl-build-deploy/values.yaml +yq -i '.autogeneratedRoutes = "'${AUTOGENERATED_ROUTES}'"' /kubectl-build-deploy/values.yaml # loop through created DBAAS templates DBAAS=($(build-deploy-tool identify dbaas)) @@ -1189,19 +1101,25 @@ do mariadb-dbaas) # remove the image from images to pull unset IMAGES_PULL[$SERVICE_NAME] - . /kubectl-build-deploy/scripts/exec-kubectl-mariadb-dbaas.sh + CONSUMER_TYPE="mariadbconsumer" + . /kubectl-build-deploy/scripts/exec-kubectl-dbaas-wait.sh + MARIADB_DBAAS_CONSUMER_SPECS["${SERVICE_NAME}"]=$(kubectl -n ${NAMESPACE} get mariadbconsumer/${SERVICE_NAME} -o json | jq -r '.spec | @base64') ;; postgres-dbaas) # remove the image from images to pull unset IMAGES_PULL[$SERVICE_NAME] - . /kubectl-build-deploy/scripts/exec-kubectl-postgres-dbaas.sh + CONSUMER_TYPE="postgresqlconsumer" + . /kubectl-build-deploy/scripts/exec-kubectl-dbaas-wait.sh + POSTGRES_DBAAS_CONSUMER_SPECS["${SERVICE_NAME}"]=$(kubectl -n ${NAMESPACE} get postgresqlconsumer/${SERVICE_NAME} -o json | jq -r '.spec | @base64') ;; mongodb-dbaas) # remove the image from images to pull unset IMAGES_PULL[$SERVICE_NAME] - . /kubectl-build-deploy/scripts/exec-kubectl-mongodb-dbaas.sh + CONSUMER_TYPE="mongodbconsumer" + . /kubectl-build-deploy/scripts/exec-kubectl-dbaas-wait.sh + MONGODB_DBAAS_CONSUMER_SPECS["${SERVICE_NAME}"]=$(kubectl -n ${NAMESPACE} get mongodbconsumer/${SERVICE_NAME} -o json | jq -r '.spec | @base64') ;; *) @@ -1210,6 +1128,165 @@ do esac done +# convert specs into credential dump for ingestion by build-deploy-tool +DBAAS_VARIABLES="[]" +for SERVICE_NAME in "${!MARIADB_DBAAS_CONSUMER_SPECS[@]}" +do + SERVICE_NAME_UPPERCASE=$(echo "$SERVICE_NAME" | tr '[:lower:]' '[:upper:]' | tr '-' '_') + DB_HOST=$(echo ${MARIADB_DBAAS_CONSUMER_SPECS["$SERVICE_NAME"]} | jq -Rr '@base64d | fromjson | .consumer.services.primary') + DB_USER=$(echo ${MARIADB_DBAAS_CONSUMER_SPECS["$SERVICE_NAME"]} | jq -Rr '@base64d | fromjson | .consumer.username') + DB_PASSWORD=$(echo ${MARIADB_DBAAS_CONSUMER_SPECS["$SERVICE_NAME"]} | jq -Rr '@base64d | fromjson | .consumer.password') + DB_NAME=$(echo ${MARIADB_DBAAS_CONSUMER_SPECS["$SERVICE_NAME"]} | jq -Rr '@base64d | fromjson | .consumer.database') + DB_PORT=$(echo ${MARIADB_DBAAS_CONSUMER_SPECS["$SERVICE_NAME"]} | jq -Rr '@base64d | fromjson | .provider.port') + DB_CONSUMER='{"'${SERVICE_NAME_UPPERCASE}'_HOST":"'${DB_HOST}'", "'${SERVICE_NAME_UPPERCASE}'_USERNAME":"'${DB_USER}'","'${SERVICE_NAME_UPPERCASE}'_PASSWORD":"'${DB_PASSWORD}'","'${SERVICE_NAME_UPPERCASE}'_DATABASE":"'${DB_NAME}'","'${SERVICE_NAME_UPPERCASE}'_PORT":"'${DB_PORT}'"}' + if DB_READREPLICA_HOSTS=$(echo ${MARIADB_DBAAS_CONSUMER_SPECS["$SERVICE_NAME"]} | jq -Rr '@base64d | fromjson | .consumer.services.replicas | .[]' 2>/dev/null); then + if [ "$DB_READREPLICA_HOSTS" != "null" ]; then + DB_READREPLICA_HOSTS=$(echo "$DB_READREPLICA_HOSTS" | sed 's/^\|$//g' | paste -sd, -) + DB_CONSUMER=$(echo "${DB_CONSUMER}" | jq '. + {"'${SERVICE_NAME_UPPERCASE}'_READREPLICA_HOSTS":"'${DB_READREPLICA_HOSTS}'"}') + fi + fi + DBAAS_VARIABLES=$(echo "$DBAAS_VARIABLES" | jq '. + '$(echo "$DB_CONSUMER" | jq -sMrc)'') +done + +for SERVICE_NAME in "${!POSTGRES_DBAAS_CONSUMER_SPECS[@]}" +do + SERVICE_NAME_UPPERCASE=$(echo "$SERVICE_NAME" | tr '[:lower:]' '[:upper:]' | tr '-' '_') + DB_HOST=$(echo ${POSTGRES_DBAAS_CONSUMER_SPECS["$SERVICE_NAME"]} | jq -Rr '@base64d | fromjson | .consumer.services.primary') + DB_USER=$(echo ${POSTGRES_DBAAS_CONSUMER_SPECS["$SERVICE_NAME"]} | jq -Rr '@base64d | fromjson | .consumer.username') + DB_PASSWORD=$(echo ${POSTGRES_DBAAS_CONSUMER_SPECS["$SERVICE_NAME"]} | jq -Rr '@base64d | fromjson | .consumer.password') + DB_NAME=$(echo ${POSTGRES_DBAAS_CONSUMER_SPECS["$SERVICE_NAME"]} | jq -Rr '@base64d | fromjson | .consumer.database') + DB_PORT=$(echo ${POSTGRES_DBAAS_CONSUMER_SPECS["$SERVICE_NAME"]} | jq -Rr '@base64d | fromjson | .provider.port') + DB_CONSUMER='{"'${SERVICE_NAME_UPPERCASE}'_HOST":"'${DB_HOST}'", "'${SERVICE_NAME_UPPERCASE}'_USERNAME":"'${DB_USER}'","'${SERVICE_NAME_UPPERCASE}'_PASSWORD":"'${DB_PASSWORD}'","'${SERVICE_NAME_UPPERCASE}'_DATABASE":"'${DB_NAME}'","'${SERVICE_NAME_UPPERCASE}'_PORT":"'${DB_PORT}'"}' + if DB_READREPLICA_HOSTS=$(echo ${POSTGRES_DBAAS_CONSUMER_SPECS["$SERVICE_NAME"]} | jq -Rr '@base64d | fromjson | .consumer.services.replicas | .[]' 2>/dev/null); then + if [ "$DB_READREPLICA_HOSTS" != "null" ]; then + DB_READREPLICA_HOSTS=$(echo "$DB_READREPLICA_HOSTS" | sed 's/^\|$//g' | paste -sd, -) + DB_CONSUMER=$(echo "${DB_CONSUMER}" | jq '. + {"'${SERVICE_NAME_UPPERCASE}'_READREPLICA_HOSTS":"'${DB_READREPLICA_HOSTS}'"}') + fi + fi + DBAAS_VARIABLES=$(echo "$DBAAS_VARIABLES" | jq '. + '$(echo "$DB_CONSUMER" | jq -sMrc)'') +done + +for SERVICE_NAME in "${!MONGODB_DBAAS_CONSUMER_SPECS[@]}" +do + SERVICE_NAME_UPPERCASE=$(echo "$SERVICE_NAME" | tr '[:lower:]' '[:upper:]' | tr '-' '_') + DB_HOST=$(echo ${MONGODB_DBAAS_CONSUMER_SPECS["$SERVICE_NAME"]} | jq -Rr '@base64d | fromjson | .consumer.services.primary') + DB_USER=$(echo ${MONGODB_DBAAS_CONSUMER_SPECS["$SERVICE_NAME"]} | jq -Rr '@base64d | fromjson | .consumer.username') + DB_PASSWORD=$(echo ${MONGODB_DBAAS_CONSUMER_SPECS["$SERVICE_NAME"]} | jq -Rr '@base64d | fromjson | .consumer.password') + DB_NAME=$(echo ${MONGODB_DBAAS_CONSUMER_SPECS["$SERVICE_NAME"]} | jq -Rr '@base64d | fromjson | .consumer.database') + DB_PORT=$(echo ${MONGODB_DBAAS_CONSUMER_SPECS["$SERVICE_NAME"]} | jq -Rr '@base64d | fromjson | .provider.port') + DB_AUTHSOURCE=$(echo ${MONGODB_DBAAS_CONSUMER_SPECS["$SERVICE_NAME"]} | jq -Rr '@base64d | fromjson | .provider.auth.source') + DB_AUTHMECHANISM=$(echo ${MONGODB_DBAAS_CONSUMER_SPECS["$SERVICE_NAME"]} | jq -Rr '@base64d | fromjson | .provider.auth.mechanism') + DB_AUTHTLS=$(echo ${MONGODB_DBAAS_CONSUMER_SPECS["$SERVICE_NAME"]} | jq -Rr '@base64d | fromjson | .provider.auth.tls') + DB_CONSUMER='{"'${SERVICE_NAME_UPPERCASE}'_HOST":"'${DB_HOST}'", "'${SERVICE_NAME_UPPERCASE}'_USERNAME":"'${DB_USER}'", "'${SERVICE_NAME_UPPERCASE}'_PASSWORD":"'${DB_PASSWORD}'", "'${SERVICE_NAME_UPPERCASE}'_DATABASE":"'${DB_NAME}'", "'${SERVICE_NAME_UPPERCASE}'_PORT":"'${DB_PORT}'", "'${SERVICE_NAME_UPPERCASE}'_AUTHSOURCE":"'${DB_AUTHSOURCE}'", "'${SERVICE_NAME_UPPERCASE}'_AUTHMECHANISM":"'${DB_AUTHMECHANISM}'", "'${SERVICE_NAME_UPPERCASE}'_AUTHTLS":"'${DB_AUTHTLS}'"}' + DBAAS_VARIABLES=$(echo "$DBAAS_VARIABLES" | jq '. + '$(echo "$DB_CONSUMER" | jq -sMrc)'') +done +echo "$DBAAS_VARIABLES" | jq -Mr > /kubectl-build-deploy/dbaas-creds.json + +# Generate the lagoon-env secret +LAGOON_ENV_YAML_FOLDER="/kubectl-build-deploy/lagoon/lagoon-env" +mkdir -p $LAGOON_ENV_YAML_FOLDER +# for now, pass the `--routes` flag to the template command so that the routes from the cluster are used in the `lagoon-env` secret LAGOON_ROUTES as this is how it used to be +# since this tool currently has no kube scrape, and the ones the tool generates are only the ones it knows about currently +# we have to source them this way for now. In the future though, we'll be able to omit this flag and remove it from the tool +# also would be part of https://github.com/uselagoon/build-deploy-tool/blob/f527a89ad5efb46e19a2f59d9ff3ffbff541e2a2/legacy/build-deploy-docker-compose.sh#L1090 +echo "Updating lagoon-env secret" +build-deploy-tool template lagoon-env \ + --secret-name "lagoon-env" \ + --saved-templates-path ${LAGOON_ENV_YAML_FOLDER} \ + --dbaas-creds /kubectl-build-deploy/dbaas-creds.json \ + --routes "${ROUTES}" +kubectl apply -n ${NAMESPACE} -f ${LAGOON_ENV_YAML_FOLDER}/lagoon-env-secret.yaml + +if kubectl -n ${NAMESPACE} get configmap lagoon-env &> /dev/null; then + # this section will only run once on the initial change from configmap to secret + # convert the existing configmap into a secret and then remove anything that the API has provided to the `lagoon-env` secret + # this is going to make it so that anything that isn't in the API is added to a new secret called `lagoon-platform-env` which is where non-api variables can be added + # by platform operators without impacting the main lagoon-env secret, this is to fix https://github.com/uselagoon/build-deploy-tool/issues/136 + # this will also make it so that if a user has deleted a variable from the api in the past, it will still exist in the lagoon-platform-env secret so that there + # is no change in behaviour for the user and not seeing unexpectedly a variable they may have deleted they were still relying on + # unfortunately, variables that remain in the lagoon-platform-env secret will never be deleted + # this secret may end up being empty if everything in the API is correct and there are no discrepancies. + CURRENT_CONFIGMAP_VARS=$(kubectl -n ${NAMESPACE} get configmap lagoon-env -o json | jq -cr '.data') + build-deploy-tool template lagoon-env \ + --secret-name "lagoon-platform-env" \ + --saved-templates-path ${LAGOON_ENV_YAML_FOLDER} \ + --dbaas-creds /kubectl-build-deploy/dbaas-creds.json \ + --configmap-vars "${CURRENT_CONFIGMAP_VARS}" \ + --routes "${ROUTES}" + kubectl apply -n ${NAMESPACE} -f ${LAGOON_ENV_YAML_FOLDER}/lagoon-platform-env-secret.yaml + # the old lagoon-env configmap will be removed at the end of the applying deployments step so that in the event of a failure between this point + # and the rollouts completing, the configmap will still exist if the failure occurs before the deployments are applied +fi + +# now remove any vars from the lagoon-env secret that were deleted from the API +EXISTING_LAGOONENV_VARS=$(kubectl -n ${NAMESPACE} get secret lagoon-env -o json 2> /dev/null | jq -r '.data | keys[]') +# if there were existing vars in the secret +# work out which ones no longer exist in the API and run patch op remove on them +if [ ! -z "$EXISTING_LAGOONENV_VARS" ]; then + # get what is in the secret now that the patch operations to add what is in the API has been done already + CURRENT_LAGOONENV_VARS=$(kubectl -n ${NAMESPACE} get secret lagoon-env -o json | jq -r '.data | keys[]') + # get the keys of the vars that were added from the api + API_PROJECT_VARS=$(echo $LAGOON_PROJECT_VARIABLES | jq -r 'map( select(.scope == "runtime" or .scope == "global") ) | map( { (.name) : .value } ) | add | keys[]') + API_ENVIRONMENT_VARS=$(echo $LAGOON_ENVIRONMENT_VARIABLES | jq -r 'map( select(.scope == "runtime" or .scope == "global") ) | map( { (.name) : .value } ) | add | keys[]') + # get all the unique keys from the API and current secret + # and remove anything that isn't in the API anymore from the secret + VARS_TO_REMOVE1=$(comm -23 <(echo $CURRENT_LAGOONENV_VARS | tr ' ' '\n' | sort) <(echo $API_ENVIRONMENT_VARS | tr ' ' '\n' | sort)) + VARS_TO_REMOVE2=$(comm -23 <(echo $VARS_TO_REMOVE1 | tr ' ' '\n' | sort) <(echo $API_PROJECT_VARS | tr ' ' '\n' | sort)) + + # now work out the patch operations to remove the unneeded keys from the secret + REMOVE_OPERATION_JSON="" + # if there are vars to remove, then craft the remove operation patch + if [ ! -z "$VARS_TO_REMOVE2" ]; then + for VAR_TO_REMOVE in $VARS_TO_REMOVE2 + do + REMOVE_OPERATION_JSON="${REMOVE_OPERATION_JSON:+$REMOVE_OPERATION_JSON, }$(echo -n {\"op\": \"remove\", \"path\": \"/data/$VAR_TO_REMOVE\"})" + done + # then actually apply the patch to remove the vars from the secret + kubectl patch \ + -n ${NAMESPACE} \ + secret lagoon-env \ + --type=json -p "[$REMOVE_OPERATION_JSON]" + fi +fi + +# do a comparison between what is in the current lagoon-env secret and the lagoon-platform-env secret +# collect the current vars from both secrets +CURRENT_LAGOONPLATFORMENV_VARS=$(kubectl -n ${NAMESPACE} get secret lagoon-platform-env -o json 2> /dev/null | jq -r '.data | keys[]') +CURRENT_LAGOONENV_VARS=$(kubectl -n ${NAMESPACE} get secret lagoon-env -o json 2> /dev/null | jq -r '.data | keys[]') +if [[ ! -z "${CURRENT_LAGOONPLATFORMENV_VARS}" ]] && [[ ! -z "${CURRENT_LAGOONENV_VARS}" ]]; then + # since the lagoon-platform-env secret is never populated by machine, only human + # we can check if a user has added a variable that may have previously existed and was deleted from the API has been added again + # then we can remove it from the `lagoon-platform-env` secret, allowing for the user to delete it again from the API + # the variable will then correctly get deleted from the `lagoon-env` secret like it should in the step prior to this + + # get variable names present in BOTH secrets, if it exists in both, we need to remove it from the `lagoon-platform-env` secret + # this will then allow its deletion from the main `lagoon-env` secret if it ever gets deleted from the lagoon api + # the preference is for variables in the API to exist, rather than being set manually in kubernetes, hence the `lagoon-platform-env` secret remains + # mostly untouched except to remove variables from if they're ever detected from the lagoon api + # yes, this means that the value of the variables could be different, but the assumption will be that a user adding the variable to the api + # assumes they understand what it does, as it would have overwritten a variable in the lagoon-env configmap in the past anyway + # so this process is just to correct the bug with removing variables from the api should remove them from the secret too + VARS_TO_REMOVE=$(comm -12 <(echo $CURRENT_LAGOONPLATFORMENV_VARS | tr ' ' '\n' | sort) <(echo $CURRENT_LAGOONENV_VARS | tr ' ' '\n' | sort)) + # now work out the patch operations to remove the unneeded keys from the secret + REMOVE_OPERATION_JSON="" + # if there are vars to remove, then craft the remove operation patch + if [ ! -z "$VARS_TO_REMOVE" ]; then + for VAR_TO_REMOVE in $VARS_TO_REMOVE + do + REMOVE_OPERATION_JSON="${REMOVE_OPERATION_JSON:+$REMOVE_OPERATION_JSON, }$(echo -n {\"op\": \"remove\", \"path\": \"/data/$VAR_TO_REMOVE\"})" + done + # then actually apply the patch to remove the vars from the secret + kubectl patch \ + -n ${NAMESPACE} \ + secret lagoon-platform-env \ + --type=json -p "[$REMOVE_OPERATION_JSON]" + fi +fi + +# display a warning if there are variables present in the `lagoon-platform-env` secret that don't exist in the api +# and instruct the user to either add the variable to the API, or contact support if they are unsure what the variable is +# insert warning message generator here? + currentStepEnd="$(date +"%Y-%m-%d %H:%M:%S")" patchBuildStep "${buildStartTime}" "${previousStepEnd}" "${currentStepEnd}" "${NAMESPACE}" "updateConfigmapComplete" "Update Configmap" "false" previousStepEnd=${currentStepEnd} @@ -1219,11 +1296,15 @@ beginBuildStep "Image Push to Registry" "pushingImages" ### REDEPLOY DEPLOYMENTS IF CONFIG MAP CHANGES ############################################## -CONFIG_MAP_SHA=$(kubectl -n ${NAMESPACE} get configmap lagoon-env -o yaml | shyaml get-value data | sha256sum | awk '{print $1}') +# calculate the combined lagoon-env and lagoon-platform-env sha to determine if changes to any secrets have been made +# which will force the deployments to restart as required +LAGOONENV_SHA=$(kubectl --insecure-skip-tls-verify -n ${NAMESPACE} get secret lagoon-env -o yaml | yq -M '.data' | sha256sum | awk '{print $1}') +LAGOONPLATFORMENV_SHA=$(kubectl --insecure-skip-tls-verify -n ${NAMESPACE} get secret lagoon-platform-env -o yaml | yq -M '.data' | sha256sum | awk '{print $1}') +CONFIG_MAP_SHA=$(echo $LAGOONENV_SHA$LAGOONPLATFORMENV_SHA | sha256sum | awk '{print $1}') export CONFIG_MAP_SHA -# write the configmap to the values file so when we `exec-kubectl-resources-with-images.sh` the deployments will get the value of the config map -# which will cause a change in the deployment and trigger a rollout if only the configmap has changed -yq3 write -i -- /kubectl-build-deploy/values.yaml 'configMapSha' $CONFIG_MAP_SHA +# write the secret to the values file so when we `exec-kubectl-resources-with-images.sh` the deployments will get the value of the secret +# which will cause a change in the deployment and trigger a rollout if only the secret has changed +yq -i '.configMapSha = "'${CONFIG_MAP_SHA}'"' /kubectl-build-deploy/values.yaml ############################################## ### PUSH IMAGES TO REGISTRY @@ -1502,10 +1583,10 @@ do SERVICE_NAME=${SERVICE_TYPES_ENTRY_SPLIT[0]} SERVICE_TYPE=${SERVICE_TYPES_ENTRY_SPLIT[1]} - SERVICE_ROLLOUT_TYPE=$(cat $DOCKER_COMPOSE_YAML | shyaml get-value services.${SERVICE_NAME}.labels.lagoon\\.rollout deployment) + SERVICE_ROLLOUT_TYPE=$(cat $DOCKER_COMPOSE_YAML | yq -o json | jq -r '.services.'\"$SERVICE_NAME\"'.labels."lagoon.rollout" // "deployment"') # Allow the rollout type to be overriden by environment in .lagoon.yml - ENVIRONMENT_SERVICE_ROLLOUT_TYPE=$(cat .lagoon.yml | shyaml get-value environments.${BRANCH//./\\.}.rollouts.${SERVICE_NAME} false) + ENVIRONMENT_SERVICE_ROLLOUT_TYPE=$(cat .lagoon.yml | yq -o json | jq -r '.environments.'\"${BRANCH//./\\.}\"'.rollouts.'\"$SERVICE_NAME\"' // false') if [ ! $ENVIRONMENT_SERVICE_ROLLOUT_TYPE == "false" ]; then SERVICE_ROLLOUT_TYPE=$ENVIRONMENT_SERVICE_ROLLOUT_TYPE fi @@ -1538,6 +1619,13 @@ do fi done +if kubectl -n ${NAMESPACE} get configmap lagoon-env &> /dev/null; then + # now delete the configmap after all the lagoon-env and lagoon-platform-env calcs have been done + # and the deployments have rolled out successfully, this makes less problems rolling back if a build fails + # somewhere between the new secret being created, and the deployments rolling out + kubectl -n ${NAMESPACE} delete configmap lagoon-env +fi + currentStepEnd="$(date +"%Y-%m-%d %H:%M:%S")" patchBuildStep "${buildStartTime}" "${previousStepEnd}" "${currentStepEnd}" "${NAMESPACE}" "deploymentApplyComplete" "Applying Deployments" "false" previousStepEnd=${currentStepEnd} diff --git a/legacy/scripts/exec-kubectl-dbaas-wait.sh b/legacy/scripts/exec-kubectl-dbaas-wait.sh new file mode 100644 index 00000000..c3b64984 --- /dev/null +++ b/legacy/scripts/exec-kubectl-dbaas-wait.sh @@ -0,0 +1,24 @@ +#!/bin/bash + +# The operator can sometimes take a bit, wait until the details are available +# We added a timeout of 5 minutes (60 retries) before exit +OPERATOR_COUNTER=1 +OPERATOR_TIMEOUT=60 +# use the secret name from the consumer to prevent credential clash +until [ "$(kubectl -n ${NAMESPACE} get ${CONSUMER_TYPE}/${SERVICE_NAME} -o json | jq -r '.spec.consumer.database')" != "null" ]; +do +if [ $OPERATOR_COUNTER -lt $OPERATOR_TIMEOUT ]; then + consumer_failed=$(kubectl -n ${NAMESPACE} get ${CONSUMER_TYPE}/${SERVICE_NAME} -o json | jq -r '.metadata.annotations."dbaas.amazee.io/failed"') + if [ "${consumer_failed}" == "true" ]; then + echo "Failed to provision a database. Contact your support team to investigate." + exit 1 + fi + let OPERATOR_COUNTER=OPERATOR_COUNTER+1 + echo "Service for ${SERVICE_NAME} not available yet, waiting for 5 secs" + sleep 5 +else + echo "Timeout of $OPERATOR_TIMEOUT for ${SERVICE_NAME} creation reached" + exit 1 +fi +done + diff --git a/legacy/scripts/exec-kubectl-mariadb-dbaas.sh b/legacy/scripts/exec-kubectl-mariadb-dbaas.sh deleted file mode 100644 index 87a8525f..00000000 --- a/legacy/scripts/exec-kubectl-mariadb-dbaas.sh +++ /dev/null @@ -1,47 +0,0 @@ -#!/bin/bash - -# The operator can sometimes take a bit, wait until the details are available -# We added a timeout of 5 minutes (60 retries) before exit -OPERATOR_COUNTER=1 -OPERATOR_TIMEOUT=60 -# use the secret name from the consumer to prevent credential clash -until kubectl -n ${NAMESPACE} get mariadbconsumer/${SERVICE_NAME} -o yaml | shyaml get-value spec.consumer.database -do -if [ $OPERATOR_COUNTER -lt $OPERATOR_TIMEOUT ]; then - consumer_failed=$(kubectl -n ${NAMESPACE} get mariadbconsumer/${SERVICE_NAME} -o json | jq -r '.metadata.annotations."dbaas.amazee.io/failed"') - if [ "${consumer_failed}" == "true" ]; then - echo "Failed to provision a database. Contact your support team to investigate." - exit 1 - fi - let OPERATOR_COUNTER=OPERATOR_COUNTER+1 - echo "Service for ${SERVICE_NAME} not available yet, waiting for 5 secs" - sleep 5 -else - echo "Timeout of $OPERATOR_TIMEOUT for ${SERVICE_NAME} creation reached" - exit 1 -fi -done - -# Grab the details from the consumer spec -DB_HOST=$(kubectl -n ${NAMESPACE} get mariadbconsumer/${SERVICE_NAME} -o yaml | shyaml get-value spec.consumer.services.primary) -DB_USER=$(kubectl -n ${NAMESPACE} get mariadbconsumer/${SERVICE_NAME} -o yaml | shyaml get-value spec.consumer.username) -DB_PASSWORD=$(kubectl -n ${NAMESPACE} get mariadbconsumer/${SERVICE_NAME} -o yaml | shyaml get-value spec.consumer.password) -DB_NAME=$(kubectl -n ${NAMESPACE} get mariadbconsumer/${SERVICE_NAME} -o yaml | shyaml get-value spec.consumer.database) -DB_PORT=$(kubectl -n ${NAMESPACE} get mariadbconsumer/${SERVICE_NAME} -o yaml | shyaml get-value spec.provider.port) - -# Add credentials to our configmap, prefixed with the name of the servicename of this servicebroker -kubectl patch \ - -n ${NAMESPACE} \ - configmap lagoon-env \ - -p "{\"data\":{\"${SERVICE_NAME_UPPERCASE}_HOST\":\"${DB_HOST}\", \"${SERVICE_NAME_UPPERCASE}_USERNAME\":\"${DB_USER}\", \"${SERVICE_NAME_UPPERCASE}_PASSWORD\":\"${DB_PASSWORD}\", \"${SERVICE_NAME_UPPERCASE}_DATABASE\":\"${DB_NAME}\", \"${SERVICE_NAME_UPPERCASE}_PORT\":\"${DB_PORT}\"}}" - -# only add the DB_READREPLICA_HOSTS variable if it exists in the consumer spec -# since the operator can support multiple replica hosts being defined, we should comma seperate them here -if DB_READREPLICA_HOSTS=$(kubectl -n ${NAMESPACE} get mariadbconsumer/${SERVICE_NAME} -o yaml | shyaml get-value spec.consumer.services.replicas); then - DB_READREPLICA_HOSTS=$(echo $DB_READREPLICA_HOSTS | cut -c 3- | rev | cut -c 1- | rev | sed 's/^\|$//g' | paste -sd, -) - yq3 write -i -- /kubectl-build-deploy/${SERVICE_NAME}-values.yaml 'readReplicaHosts' $DB_READREPLICA_HOSTS - kubectl patch \ - -n ${NAMESPACE} \ - configmap lagoon-env \ - -p "{\"data\":{\"${SERVICE_NAME_UPPERCASE}_READREPLICA_HOSTS\":\"${DB_READREPLICA_HOSTS}\"}}" -fi diff --git a/legacy/scripts/exec-kubectl-mongodb-dbaas.sh b/legacy/scripts/exec-kubectl-mongodb-dbaas.sh deleted file mode 100644 index fc4211bf..00000000 --- a/legacy/scripts/exec-kubectl-mongodb-dbaas.sh +++ /dev/null @@ -1,39 +0,0 @@ -#!/bin/bash - -# The operator can sometimes take a bit, wait until the details are available -# We added a timeout of 5 minutes (60 retries) before exit -OPERATOR_COUNTER=1 -OPERATOR_TIMEOUT=60 -# use the secret name from the consumer to prevent credential clash -until kubectl -n ${NAMESPACE} get mongodbconsumer/${SERVICE_NAME} -o yaml | shyaml get-value spec.consumer.database -do -if [ $OPERATOR_COUNTER -lt $OPERATOR_TIMEOUT ]; then - consumer_failed=$(kubectl -n ${NAMESPACE} get mongodbconsumer/${SERVICE_NAME} -o json | jq -r '.metadata.annotations."dbaas.amazee.io/failed"') - if [ "${consumer_failed}" == "true" ]; then - echo "Failed to provision a database. Contact your support team to investigate." - exit 1 - fi - let OPERATOR_COUNTER=OPERATOR_COUNTER+1 - echo "Service for ${SERVICE_NAME} not available yet, waiting for 5 secs" - sleep 5 -else - echo "Timeout of $OPERATOR_TIMEOUT for ${SERVICE_NAME} creation reached" - exit 1 -fi -done - -# Grab the details from the consumer spec -DB_HOST=$(kubectl -n ${NAMESPACE} get mongodbconsumer/${SERVICE_NAME} -o yaml | shyaml get-value spec.consumer.services.primary) -DB_USER=$(kubectl -n ${NAMESPACE} get mongodbconsumer/${SERVICE_NAME} -o yaml | shyaml get-value spec.consumer.username) -DB_PASSWORD=$(kubectl -n ${NAMESPACE} get mongodbconsumer/${SERVICE_NAME} -o yaml | shyaml get-value spec.consumer.password) -DB_NAME=$(kubectl -n ${NAMESPACE} get mongodbconsumer/${SERVICE_NAME} -o yaml | shyaml get-value spec.consumer.database) -DB_PORT=$(kubectl -n ${NAMESPACE} get mongodbconsumer/${SERVICE_NAME} -o yaml | shyaml get-value spec.provider.port) -DB_AUTHSOURCE=$(kubectl -n ${NAMESPACE} get mongodbconsumer/${SERVICE_NAME} -o yaml | shyaml get-value spec.provider.auth.source) -DB_AUTHMECHANISM=$(kubectl -n ${NAMESPACE} get mongodbconsumer/${SERVICE_NAME} -o yaml | shyaml get-value spec.provider.auth.mechanism) -DB_AUTHTLS=$(kubectl -n ${NAMESPACE} get mongodbconsumer/${SERVICE_NAME} -o yaml | shyaml get-value spec.provider.auth.tls) - -# Add credentials to our configmap, prefixed with the name of the servicename of this servicebroker -kubectl patch \ - -n ${NAMESPACE} \ - configmap lagoon-env \ - -p "{\"data\":{\"${SERVICE_NAME_UPPERCASE}_HOST\":\"${DB_HOST}\", \"${SERVICE_NAME_UPPERCASE}_USERNAME\":\"${DB_USER}\", \"${SERVICE_NAME_UPPERCASE}_PASSWORD\":\"${DB_PASSWORD}\", \"${SERVICE_NAME_UPPERCASE}_DATABASE\":\"${DB_NAME}\", \"${SERVICE_NAME_UPPERCASE}_PORT\":\"${DB_PORT}\", \"${SERVICE_NAME_UPPERCASE}_AUTHSOURCE\":\"${DB_AUTHSOURCE}\", \"${SERVICE_NAME_UPPERCASE}_AUTHMECHANISM\":\"${DB_AUTHMECHANISM}\", \"${SERVICE_NAME_UPPERCASE}_AUTHTLS\":\"${DB_AUTHTLS}\" }}" diff --git a/legacy/scripts/exec-kubectl-postgres-dbaas.sh b/legacy/scripts/exec-kubectl-postgres-dbaas.sh deleted file mode 100644 index 54b4dd29..00000000 --- a/legacy/scripts/exec-kubectl-postgres-dbaas.sh +++ /dev/null @@ -1,47 +0,0 @@ -#!/bin/bash - -# The operator can sometimes take a bit, wait until the details are available -# We added a timeout of 5 minutes (60 retries) before exit -OPERATOR_COUNTER=1 -OPERATOR_TIMEOUT=60 -# use the secret name from the consumer to prevent credential clash -until kubectl -n ${NAMESPACE} get postgresqlconsumer/${SERVICE_NAME} -o yaml | shyaml get-value spec.consumer.database -do -if [ $OPERATOR_COUNTER -lt $OPERATOR_TIMEOUT ]; then - consumer_failed=$(kubectl -n ${NAMESPACE} get postgresqlconsumer/${SERVICE_NAME} -o json | jq -r '.metadata.annotations."dbaas.amazee.io/failed"') - if [ "${consumer_failed}" == "true" ]; then - echo "Failed to provision a database. Contact your support team to investigate." - exit 1 - fi - let OPERATOR_COUNTER=OPERATOR_COUNTER+1 - echo "Service for ${SERVICE_NAME} not available yet, waiting for 5 secs" - sleep 5 -else - echo "Timeout of $OPERATOR_TIMEOUT for ${SERVICE_NAME} creation reached" - exit 1 -fi -done - -# Grab the details from the consumer spec -DB_HOST=$(kubectl -n ${NAMESPACE} get postgresqlconsumer/${SERVICE_NAME} -o yaml | shyaml get-value spec.consumer.services.primary) -DB_USER=$(kubectl -n ${NAMESPACE} get postgresqlconsumer/${SERVICE_NAME} -o yaml | shyaml get-value spec.consumer.username) -DB_PASSWORD=$(kubectl -n ${NAMESPACE} get postgresqlconsumer/${SERVICE_NAME} -o yaml | shyaml get-value spec.consumer.password) -DB_NAME=$(kubectl -n ${NAMESPACE} get postgresqlconsumer/${SERVICE_NAME} -o yaml | shyaml get-value spec.consumer.database) -DB_PORT=$(kubectl -n ${NAMESPACE} get postgresqlconsumer/${SERVICE_NAME} -o yaml | shyaml get-value spec.provider.port) - -# Add credentials to our configmap, prefixed with the name of the servicename of this servicebroker -kubectl patch \ - -n ${NAMESPACE} \ - configmap lagoon-env \ - -p "{\"data\":{\"${SERVICE_NAME_UPPERCASE}_HOST\":\"${DB_HOST}\", \"${SERVICE_NAME_UPPERCASE}_USERNAME\":\"${DB_USER}\", \"${SERVICE_NAME_UPPERCASE}_PASSWORD\":\"${DB_PASSWORD}\", \"${SERVICE_NAME_UPPERCASE}_DATABASE\":\"${DB_NAME}\", \"${SERVICE_NAME_UPPERCASE}_PORT\":\"${DB_PORT}\"}}" - -# only add the DB_READREPLICA_HOSTS variable if it exists in the consumer spec -# since the operator can support multiple replica hosts being defined, we should comma seperate them here -if DB_READREPLICA_HOSTS=$(kubectl -n ${NAMESPACE} get postgresqlconsumer/${SERVICE_NAME} -o yaml | shyaml get-value spec.consumer.services.replicas); then - DB_READREPLICA_HOSTS=$(echo $DB_READREPLICA_HOSTS | cut -c 3- | rev | cut -c 1- | rev | sed 's/^\|$//g' | paste -sd, -) - yq3 write -i -- /kubectl-build-deploy/${SERVICE_NAME}-values.yaml 'readReplicaHosts' $DB_READREPLICA_HOSTS - kubectl patch \ - -n ${NAMESPACE} \ - configmap lagoon-env \ - -p "{\"data\":{\"${SERVICE_NAME_UPPERCASE}_READREPLICA_HOSTS\":\"${DB_READREPLICA_HOSTS}\"}}" -fi