Feature flag to allow autogenerated routes to get Fastly annotations

images/kubectl-build-deploy-dind/build-deploy-docker-compose.sh

@@ -502,11 +502,8 @@ else
   echo "pre-rollout tasks are currently disabled LAGOON_PREROLLOUT_DISABLED is set to true"
 fi
 
-
-
-
 ##############################################
-### CREATE OPENSHIFT SERVICES, ROUTES and SERVICEBROKERS
+### CREATE OPENSHIFT SERVICES, ROUTES and SERVICEBROKERS  PART 1
 ##############################################
 
 YAML_FOLDER="/kubectl-build-deploy/lagoon/services-routes"
@@ -600,51 +597,6 @@ LAGOON_PR_NUMBER=${PR_NUMBER}\n\
 " >> /kubectl-build-deploy/values.env
 fi
 
-for SERVICE_TYPES_ENTRY in "${SERVICE_TYPES[@]}"
-do
-  echo "=== BEGIN route processing for service ${SERVICE_TYPES_ENTRY} ==="
-  IFS=':' read -ra SERVICE_TYPES_ENTRY_SPLIT <<< "$SERVICE_TYPES_ENTRY"
-
-  TEMPLATE_PARAMETERS=()
-
-  SERVICE_NAME=${SERVICE_TYPES_ENTRY_SPLIT[0]}
-  SERVICE_TYPE=${SERVICE_TYPES_ENTRY_SPLIT[1]}
-
-  touch /kubectl-build-deploy/${SERVICE_NAME}-values.yaml
-
-  HELM_SERVICE_TEMPLATE="templates/service.yaml"
-  if [ -f /kubectl-build-deploy/helmcharts/${SERVICE_TYPE}/$HELM_SERVICE_TEMPLATE ]; then
-    cat /kubectl-build-deploy/values.yaml
-    helm template ${SERVICE_NAME} /kubectl-build-deploy/helmcharts/${SERVICE_TYPE} -s $HELM_SERVICE_TEMPLATE -f /kubectl-build-deploy/values.yaml "${HELM_ARGUMENTS[@]}" > $YAML_FOLDER/${SERVICE_NAME}.yaml
-  fi
-
-  if [ $ROUTES_AUTOGENERATE_ENABLED == "true" ]; then
-    HELM_INGRESS_TEMPLATE="templates/ingress.yaml"
-    if [ -f /kubectl-build-deploy/helmcharts/${SERVICE_TYPE}/$HELM_INGRESS_TEMPLATE ]; then
-
-      # The very first generated route is set as MAIN_GENERATED_ROUTE
-      if [ -z "${MAIN_GENERATED_ROUTE+x}" ]; then
-        MAIN_GENERATED_ROUTE=$SERVICE_NAME
-      fi
-
-      helm template ${SERVICE_NAME} /kubectl-build-deploy/helmcharts/${SERVICE_TYPE} -s $HELM_INGRESS_TEMPLATE -f /kubectl-build-deploy/values.yaml "${HELM_ARGUMENTS[@]}" > $YAML_FOLDER/${SERVICE_NAME}.yaml
-    fi
-  fi
-
-  HELM_DBAAS_TEMPLATE="templates/dbaas.yaml"
-  if [ -f /kubectl-build-deploy/helmcharts/${SERVICE_TYPE}/$HELM_DBAAS_TEMPLATE ]; then
-    # Load the requested class and plan for this service
-    DBAAS_ENVIRONMENT="${MAP_SERVICE_NAME_TO_DBAAS_ENVIRONMENT["${SERVICE_NAME}"]}"
-    yq write -i -- /kubectl-build-deploy/${SERVICE_NAME}-values.yaml 'environment' $DBAAS_ENVIRONMENT
-    helm template ${SERVICE_NAME} /kubectl-build-deploy/helmcharts/${SERVICE_TYPE} -s $HELM_DBAAS_TEMPLATE -f /kubectl-build-deploy/values.yaml -f /kubectl-build-deploy/${SERVICE_NAME}-values.yaml "${HELM_ARGUMENTS[@]}" > $YAML_FOLDER/${SERVICE_NAME}.yaml
-    DBAAS+=("${SERVICE_NAME}:${SERVICE_TYPE}")
-  fi
-
-done
-
-TEMPLATE_PARAMETERS=()
-
-
 ##############################################
 ### CUSTOM FASTLY API SECRETS .lagoon.yml
 ##############################################
@@ -665,7 +617,6 @@ TEMPLATE_PARAMETERS=()
 #
 # support for multiple api-secrets is possible in the instance that a customer uses 2 separate services in different accounts in the one project
 
-
 ## any fastly api secrets will be prefixed with this, so that we always add this to whatever the customer provides
 FASTLY_API_SECRET_PREFIX="fastly-api-"
 
@@ -770,6 +721,101 @@ if [ ! -z "$LAGOON_ENVIRONMENT_VARIABLES" ]; then
   fi
 fi
 
+##############################################
+### CREATE OPENSHIFT SERVICES, ROUTES and SERVICEBROKERS PART 2
+##############################################
+
+for SERVICE_TYPES_ENTRY in "${SERVICE_TYPES[@]}"
+do
+  echo "=== BEGIN route processing for service ${SERVICE_TYPES_ENTRY} ==="
+  IFS=':' read -ra SERVICE_TYPES_ENTRY_SPLIT <<< "$SERVICE_TYPES_ENTRY"
+
+  TEMPLATE_PARAMETERS=()
+
+  SERVICE_NAME=${SERVICE_TYPES_ENTRY_SPLIT[0]}
+  SERVICE_TYPE=${SERVICE_TYPES_ENTRY_SPLIT[1]}
+
+  touch /kubectl-build-deploy/${SERVICE_NAME}-values.yaml
+
+  HELM_SERVICE_TEMPLATE="templates/service.yaml"
+  if [ -f /kubectl-build-deploy/helmcharts/${SERVICE_TYPE}/$HELM_SERVICE_TEMPLATE ]; then
+    cat /kubectl-build-deploy/values.yaml
+    helm template ${SERVICE_NAME} /kubectl-build-deploy/helmcharts/${SERVICE_TYPE} -s $HELM_SERVICE_TEMPLATE -f /kubectl-build-deploy/values.yaml "${HELM_ARGUMENTS[@]}" > $YAML_FOLDER/${SERVICE_NAME}.yaml
+  fi
+
+  if [ $ROUTES_AUTOGENERATE_ENABLED == "true" ]; then
+    HELM_INGRESS_TEMPLATE="templates/ingress.yaml"
+    if [ -f /kubectl-build-deploy/helmcharts/${SERVICE_TYPE}/$HELM_INGRESS_TEMPLATE ]; then
+
+      # The very first generated route is set as MAIN_GENERATED_ROUTE
+      if [ -z "${MAIN_GENERATED_ROUTE+x}" ]; then
+        MAIN_GENERATED_ROUTE=$SERVICE_NAME
+      fi
+
+
+      ROUTE_FASTLY_SERVICE_WATCH=false
+      # if the builddeploy controller is injecting a featureflag value, load it in
+      if [ -z $LAGOON_FASTLY_AUTOGENERATED_FEATURE_FLAG ]; then
+        LAGOON_FASTLY_AUTOGENERATED=$LAGOON_FASTLY_AUTOGENERATED_FEATURE_FLAG
+      fi
+      # if the lagoon api has an envvar override, use it instead
+      if [ ! -z "$LAGOON_PROJECT_VARIABLES" ]; then
+        LAGOON_FASTLY_AUTOGENERATED=($(echo $LAGOON_PROJECT_VARIABLES | jq -r '.[] | select(.name == "LAGOON_FASTLY_AUTOGENERATED") | "\(.value)"'))
+      fi
+      if [ ! -z "$LAGOON_ENVIRONMENT_VARIABLES" ]; then
+        TEMP_LAGOON_FASTLY_AUTOGENERATED=($(echo $LAGOON_ENVIRONMENT_VARIABLES | jq -r '.[] | select(.name == "LAGOON_FASTLY_AUTOGENERATED") | "\(.value)"'))
+        if [ ! -z $TEMP_LAGOON_FASTLY_AUTOGENERATED ]; then
+          LAGOON_FASTLY_AUTOGENERATED=$TEMP_LAGOON_FASTLY_AUTOGENERATED
+        fi
+      fi
+      # Create the fastly values required
+      FASTLY_ARGS=()
+      # if the feature is enabled, then do what is required to generated the labels/annotations etc
+      if [ ! -z $LAGOON_FASTLY_AUTOGENERATED ] && [ $LAGOON_FASTLY_AUTOGENERATED = 'enabled' ]; then
+        # work out if there are any lagoon api variable overrides for the annotations that are being added
+        . /kubectl-build-deploy/scripts/exec-fastly-annotations.sh
+        # if we get any other populated service id overrides in any of the steps in exec-fastly-annotations.sh
+        # make it available to the ingress creation here by overriding what may be defined in the lagoon.yml
+        # `LAGOON_FASTLY_SERVICE_ID` is created in the exec-fastly-annotations.sh script
+        if [ ! -z "$LAGOON_FASTLY_SERVICE_ID" ]; then
+          ROUTE_FASTLY_SERVICE_ID=$LAGOON_FASTLY_SERVICE_ID
+          ROUTE_FASTLY_SERVICE_WATCH=$LAGOON_FASTLY_SERVICE_WATCH
+          if [ ! -z $LAGOON_FASTLY_SERVICE_API_SECRET ]; then
+            ROUTE_FASTLY_SERVICE_API_SECRET=$LAGOON_FASTLY_SERVICE_API_SECRET
+          fi
+        fi
+        if [ ! -z "$ROUTE_FASTLY_SERVICE_ID" ]; then
+          FASTLY_ARGS+=(--set fastly.serviceId=${ROUTE_FASTLY_SERVICE_ID})
+          if [ ! -z "$ROUTE_FASTLY_SERVICE_API_SECRET" ]; then
+            if contains $FASTLY_API_SECRETS "${FASTLY_API_SECRET_PREFIX}${ROUTE_FASTLY_SERVICE_API_SECRET}"; then
+              FASTLY_ARGS+=(--set fastly.apiSecretName=${FASTLY_API_SECRET_PREFIX}${ROUTE_FASTLY_SERVICE_API_SECRET})
+            else
+              echo "$ROUTE_FASTLY_SERVICE_API_SECRET requested, but not found in .lagoon.yml file"; exit 1;
+            fi
+          fi
+          ROUTE_FASTLY_SERVICE_WATCH=true
+        fi
+      fi
+      # finally template the autogenerated route
+      helm template ${SERVICE_NAME} /kubectl-build-deploy/helmcharts/${SERVICE_TYPE} \
+        -s $HELM_INGRESS_TEMPLATE \
+        "${FASTLY_ARGS[@]}" --set fastly.watch="${ROUTE_FASTLY_SERVICE_WATCH}" \
+        -f /kubectl-build-deploy/values.yaml "${HELM_ARGUMENTS[@]}" > $YAML_FOLDER/${SERVICE_NAME}.yaml
+    fi
+  fi
+
+  HELM_DBAAS_TEMPLATE="templates/dbaas.yaml"
+  if [ -f /kubectl-build-deploy/helmcharts/${SERVICE_TYPE}/$HELM_DBAAS_TEMPLATE ]; then
+    # Load the requested class and plan for this service
+    DBAAS_ENVIRONMENT="${MAP_SERVICE_NAME_TO_DBAAS_ENVIRONMENT["${SERVICE_NAME}"]}"
+    yq write -i -- /kubectl-build-deploy/${SERVICE_NAME}-values.yaml 'environment' $DBAAS_ENVIRONMENT
+    helm template ${SERVICE_NAME} /kubectl-build-deploy/helmcharts/${SERVICE_TYPE} -s $HELM_DBAAS_TEMPLATE -f /kubectl-build-deploy/values.yaml -f /kubectl-build-deploy/${SERVICE_NAME}-values.yaml "${HELM_ARGUMENTS[@]}" > $YAML_FOLDER/${SERVICE_NAME}.yaml
+    DBAAS+=("${SERVICE_NAME}:${SERVICE_TYPE}")
+  fi
+done
+
+TEMPLATE_PARAMETERS=()
+
 ##############################################
 ### CUSTOM ROUTES FROM .lagoon.yml
 ##############################################
@@ -824,6 +870,7 @@ if [ "${ENVIRONMENT_TYPE}" == "production" ]; then
           . /kubectl-build-deploy/scripts/exec-fastly-annotations.sh
           # if we get any other populated service id overrides in any of the steps in exec-fastly-annotations.sh
           # make it available to the ingress creation here by overriding what may be defined in the lagoon.yml
+          # `LAGOON_FASTLY_SERVICE_ID` is created in the exec-fastly-annotations.sh script
           if [ ! -z "$LAGOON_FASTLY_SERVICE_ID" ]; then
             ROUTE_FASTLY_SERVICE_ID=$LAGOON_FASTLY_SERVICE_ID
             ROUTE_FASTLY_SERVICE_WATCH=$LAGOON_FASTLY_SERVICE_WATCH
@@ -942,6 +989,7 @@ if [ "${ENVIRONMENT_TYPE}" == "production" ]; then
           . /kubectl-build-deploy/scripts/exec-fastly-annotations.sh
           # if we get any other populated service id overrides in any of the steps in exec-fastly-annotations.sh
           # make it available to the ingress creation here by overriding what may be defined in the lagoon.yml
+          # `LAGOON_FASTLY_SERVICE_ID` is created in the exec-fastly-annotations.sh script
           if [ ! -z "$LAGOON_FASTLY_SERVICE_ID" ]; then
             ROUTE_FASTLY_SERVICE_ID=$LAGOON_FASTLY_SERVICE_ID
             ROUTE_FASTLY_SERVICE_WATCH=$LAGOON_FASTLY_SERVICE_WATCH
@@ -1067,6 +1115,7 @@ if [ -n "$(cat .lagoon.yml | shyaml keys ${PROJECT}.environments.${BRANCH//./\\.
       . /kubectl-build-deploy/scripts/exec-fastly-annotations.sh
       # if we get any other populated service id overrides in any of the steps in exec-fastly-annotations.sh
       # make it available to the ingress creation here by overriding what may be defined in the lagoon.yml
+      # `LAGOON_FASTLY_SERVICE_ID` is created in the exec-fastly-annotations.sh script
       if [ ! -z "$LAGOON_FASTLY_SERVICE_ID" ]; then
         ROUTE_FASTLY_SERVICE_ID=$LAGOON_FASTLY_SERVICE_ID
         ROUTE_FASTLY_SERVICE_WATCH=$LAGOON_FASTLY_SERVICE_WATCH
@@ -1184,6 +1233,7 @@ else
       . /kubectl-build-deploy/scripts/exec-fastly-annotations.sh
       # if we get any other populated service id overrides in any of the steps in exec-fastly-annotations.sh
       # make it available to the ingress creation here by overriding what may be defined in the lagoon.yml
+      # `LAGOON_FASTLY_SERVICE_ID` is created in the exec-fastly-annotations.sh script
       if [ ! -z "$LAGOON_FASTLY_SERVICE_ID" ]; then
         ROUTE_FASTLY_SERVICE_ID=$LAGOON_FASTLY_SERVICE_ID
         ROUTE_FASTLY_SERVICE_WATCH=$LAGOON_FASTLY_SERVICE_WATCH

images/kubectl-build-deploy-dind/helmcharts/kibana/templates/ingress.yaml

@@ -20,6 +20,15 @@ metadata:
     ingress.kubernetes.io/ssl-redirect: "true"
     {{- end }}
     kubernetes.io/tls-acme: "true"
+    # use a specific fastly service
+    {{- if .Values.fastly.serviceId }}
+    fastly.amazee.io/service-id: "{{ .Values.fastly.serviceId }}"
+    {{- end }}
+    fastly.amazee.io/watch: "{{ .Values.fastly.watch }}"
+    # use a custom secret for this ingress (customer supplied fastly integration)
+    {{- if .Values.fastly.apiSecretName }}
+    fastly.amazee.io/api-secret-name: "{{ .Values.fastly.apiSecretName }}"
+    {{- end }}
     {{- include "kibana.annotations" . | nindent 4 }}
 spec:
   tls:

images/kubectl-build-deploy-dind/helmcharts/kibana/values.yaml

@@ -36,6 +36,12 @@ service:
   type: ClusterIP
   port: 5601
 
+## example fastly block
+fastly:
+  watch: false
+#   serviceId: ''
+#   apiSecretName: ''
+
 ingress:
   enabled: false
   annotations: {}

images/kubectl-build-deploy-dind/helmcharts/nginx-php-persistent/templates/ingress.yaml

@@ -20,6 +20,15 @@ metadata:
     ingress.kubernetes.io/ssl-redirect: "true"
     {{- end }}
     kubernetes.io/tls-acme: "true"
+    # use a specific fastly service
+    {{- if .Values.fastly.serviceId }}
+    fastly.amazee.io/service-id: "{{ .Values.fastly.serviceId }}"
+    {{- end }}
+    fastly.amazee.io/watch: "{{ .Values.fastly.watch }}"
+    # use a custom secret for this ingress (customer supplied fastly integration)
+    {{- if .Values.fastly.apiSecretName }}
+    fastly.amazee.io/api-secret-name: "{{ .Values.fastly.apiSecretName }}"
+    {{- end }}
     {{- include "nginx-php-persistent.annotations" . | nindent 4 }}
 spec:
   tls:

images/kubectl-build-deploy-dind/helmcharts/nginx-php-persistent/values.yaml

@@ -34,6 +34,12 @@ service:
   type: ClusterIP
   port: 8080
 
+## example fastly block
+fastly:
+  watch: false
+#   serviceId: ''
+#   apiSecretName: ''
+
 resources:
   nginx:
     # limits:

images/kubectl-build-deploy-dind/helmcharts/nginx-php/templates/ingress.yaml

@@ -20,6 +20,15 @@ metadata:
     ingress.kubernetes.io/ssl-redirect: "true"
     {{- end }}
     kubernetes.io/tls-acme: "true"
+    # use a specific fastly service
+    {{- if .Values.fastly.serviceId }}
+    fastly.amazee.io/service-id: "{{ .Values.fastly.serviceId }}"
+    {{- end }}
+    fastly.amazee.io/watch: "{{ .Values.fastly.watch }}"
+    # use a custom secret for this ingress (customer supplied fastly integration)
+    {{- if .Values.fastly.apiSecretName }}
+    fastly.amazee.io/api-secret-name: "{{ .Values.fastly.apiSecretName }}"
+    {{- end }}
     {{- include "nginx-php.annotations" . | nindent 4 }}
 spec:
   tls:

images/kubectl-build-deploy-dind/helmcharts/nginx-php/values.yaml

@@ -31,6 +31,12 @@ service:
   type: ClusterIP
   port: 8080
 
+## example fastly block
+fastly:
+  watch: false
+#   serviceId: ''
+#   apiSecretName: ''
+
 resources:
   nginx:
     # limits:

images/kubectl-build-deploy-dind/helmcharts/nginx/templates/ingress.yaml

@@ -20,6 +20,15 @@ metadata:
     ingress.kubernetes.io/ssl-redirect: "true"
     {{- end }}
     kubernetes.io/tls-acme: "true"
+    # use a specific fastly service
+    {{- if .Values.fastly.serviceId }}
+    fastly.amazee.io/service-id: "{{ .Values.fastly.serviceId }}"
+    {{- end }}
+    fastly.amazee.io/watch: "{{ .Values.fastly.watch }}"
+    # use a custom secret for this ingress (customer supplied fastly integration)
+    {{- if .Values.fastly.apiSecretName }}
+    fastly.amazee.io/api-secret-name: "{{ .Values.fastly.apiSecretName }}"
+    {{- end }}
     {{- include "nginx.annotations" . | nindent 4 }}
 spec:
   tls:

images/kubectl-build-deploy-dind/helmcharts/nginx/values.yaml

@@ -36,6 +36,12 @@ service:
   type: ClusterIP
   port: 8080
 
+## example fastly block
+fastly:
+  watch: false
+#   serviceId: ''
+#   apiSecretName: ''
+
 ingress:
   enabled: false
   annotations: {}

images/kubectl-build-deploy-dind/helmcharts/node-persistent/templates/ingress.yaml

@@ -20,6 +20,15 @@ metadata:
     ingress.kubernetes.io/ssl-redirect: "true"
     {{- end }}
     kubernetes.io/tls-acme: "true"
+    # use a specific fastly service
+    {{- if .Values.fastly.serviceId }}
+    fastly.amazee.io/service-id: "{{ .Values.fastly.serviceId }}"
+    {{- end }}
+    fastly.amazee.io/watch: "{{ .Values.fastly.watch }}"
+    # use a custom secret for this ingress (customer supplied fastly integration)
+    {{- if .Values.fastly.apiSecretName }}
+    fastly.amazee.io/api-secret-name: "{{ .Values.fastly.apiSecretName }}"
+    {{- end }}
     {{- include "node-persistent.annotations" . | nindent 4 }}
 spec:
   tls:

images/kubectl-build-deploy-dind/helmcharts/node-persistent/values.yaml

@@ -32,6 +32,12 @@ service:
   type: ClusterIP
   port: 3000
 
+## example fastly block
+fastly:
+  watch: false
+#   serviceId: ''
+#   apiSecretName: ''
+
 resources:
   # limits:
   #   cpu: 100m

images/kubectl-build-deploy-dind/helmcharts/node/templates/ingress.yaml

@@ -20,6 +20,15 @@ metadata:
     ingress.kubernetes.io/ssl-redirect: "true"
     {{- end }}
     kubernetes.io/tls-acme: "true"
+    # use a specific fastly service
+    {{- if .Values.fastly.serviceId }}
+    fastly.amazee.io/service-id: "{{ .Values.fastly.serviceId }}"
+    {{- end }}
+    fastly.amazee.io/watch: "{{ .Values.fastly.watch }}"
+    # use a custom secret for this ingress (customer supplied fastly integration)
+    {{- if .Values.fastly.apiSecretName }}
+    fastly.amazee.io/api-secret-name: "{{ .Values.fastly.apiSecretName }}"
+    {{- end }}
     {{- include "node.annotations" . | nindent 4 }}
 spec:
   tls:

images/kubectl-build-deploy-dind/helmcharts/node/values.yaml

@@ -29,6 +29,12 @@ service:
   type: ClusterIP
   port: 3000
 
+## example fastly block
+fastly:
+  watch: false
+#   serviceId: ''
+#   apiSecretName: ''
+
 resources:
   # limits:
   #   cpu: 100m

images/kubectl-build-deploy-dind/helmcharts/python/templates/ingress.yaml

@@ -20,6 +20,15 @@ metadata:
     ingress.kubernetes.io/ssl-redirect: "true"
     {{- end }}
     kubernetes.io/tls-acme: "true"
+    # use a specific fastly service
+    {{- if .Values.fastly.serviceId }}
+    fastly.amazee.io/service-id: "{{ .Values.fastly.serviceId }}"
+    {{- end }}
+    fastly.amazee.io/watch: "{{ .Values.fastly.watch }}"
+    # use a custom secret for this ingress (customer supplied fastly integration)
+    {{- if .Values.fastly.apiSecretName }}
+    fastly.amazee.io/api-secret-name: "{{ .Values.fastly.apiSecretName }}"
+    {{- end }}
     {{- include "python.annotations" . | nindent 4 }}
 spec:
   tls: