Merge branch 'release/v4.1.2'

cloudogu · Dec 19, 2024 · b518325 · b518325
2 parents b7d6bea + a413434
commit b518325
Show file tree

Hide file tree

Showing 12 changed files with 226 additions and 93 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -7,6 +7,18 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [v4.1.2] - 2024-12-19
+### Added
+- [#102] Add networkpolicy for dev docker registry.
+
+## [v4.1.1] - 2024-11-18
+### Changed
+- [#100] update k8s-ces-setup in terraform to 3.0.4
+
+## [v4.1.0] - 2024-11-15
+### Added
+- [#98] added possibilty to modify components in terraform setup
+
 ## [v4.0.0] - 2024-10-29
 ### Changed
 - **Breaking**: Updated k8s-ces-setup configuration in vagrant environment and terraform module to support the new structure of the container registry secret. #96

diff --git a/docs/development/building_basebox_de.md b/docs/development/building_basebox_de.md
@@ -8,6 +8,8 @@ Aufwand für die Erstellung einer neuen Entwicklungsinstanz über Vagrant zu red
 
 - `git` installiert
 - `packer` installiert (siehe [packer.io](https://www.packer.io/))
+- packer-virtualbox-plugin via `packer plugins install github.com/hashicorp/virtualbox`
+- packer-vagrant-plugin via `packer plugins install github.com/hashicorp/vagrant`
 - VirtualBox installiert
 - Verstehen der [Struktur der Projektdateien](structure_of_the_files_de.md)
 

diff --git a/image/scripts/dev/docker-registry/docker-registry.yaml b/image/scripts/dev/docker-registry/docker-registry.yaml
@@ -195,4 +195,26 @@ spec:
             name: docker-registry-config
         - name: docker-registry-proxy-config
           configMap:
-            name: docker-registry-proxy-config
+            name: docker-registry-proxy-config
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: local-registry-ingress
+  namespace: ecosystem
+spec:
+  ingress:
+    - from:
+        - ipBlock:
+            cidr: 0.0.0.0/0
+        - podSelector: {}
+      ports:
+        - port: 30099
+          protocol: TCP
+        - port: 30098
+          protocol: TCP
+  podSelector:
+    matchLabels:
+      app: docker-registry
+  policyTypes:
+    - Ingress
diff --git a/terraform/ces-module/main.tf b/terraform/ces-module/main.tf
@@ -16,7 +16,23 @@ terraform {
 locals {
   split_fqdn = split(".", var.ces_fqdn)
   # Top Level Domain extracted from fully qualified domain name. k3ces.local is used for development mode and empty fqdn.
-  tld        = var.ces_fqdn != "" ? "${element( split(".", var.ces_fqdn), length(local.split_fqdn) - 2)}.${element(local.split_fqdn, length(local.split_fqdn) - 1)}" : "k3ces.local"
+  topLevelDomain = var.ces_fqdn != "" ? "${element( split(".", var.ces_fqdn), length(local.split_fqdn) - 2)}.${element(local.split_fqdn, length(local.split_fqdn) - 1)}" : "k3ces.local"
+  splitComponentNamespaces = [
+    for componentStr in var.components :
+    {
+      namespace = split("/", componentStr)[0]
+      rest      = split("/", componentStr)[1] //provoke error here, so that the build fails if no namespace or name is given
+    }
+  ]
+  parsedComponents = [
+    for namespaceAndRest in local.splitComponentNamespaces :
+    {
+      namespace = namespaceAndRest.namespace
+      name      = split(":", namespaceAndRest.rest)[0]
+      version   = length(split(":", namespaceAndRest.rest)) == 2 ? split(":", namespaceAndRest.rest)[1] : "latest"
+      deployNamespace = split(":", namespaceAndRest.rest)[0] != "k8s-longhorn" ? var.ces_namespace : "longhorn-system"
+    }
+  ]
 }
 
 resource "helm_release" "k8s-ces-setup" {
@@ -31,32 +47,34 @@ resource "helm_release" "k8s-ces-setup" {
   values = [
     templatefile("${path.module}/values.yaml.tftpl",
       {
-        "dogu_registry_endpoint"     = var.dogu_registry_endpoint
-        "dogu_registry_username"     = var.dogu_registry_username
-        "dogu_registry_password"     = var.dogu_registry_password
-        "dogu_registry_url_schema"   = var.dogu_registry_url_schema
-        "container_registry_secrets" = var.container_registry_secrets
-        "helm_registry_host"         = var.helm_registry_host
-        "helm_registry_schema"       = var.helm_registry_schema
-        "helm_registry_plain_http"   = var.helm_registry_plain_http
-        "helm_registry_insecure_tls" = var.helm_registry_insecure_tls
-        "helm_registry_username"     = var.helm_registry_username
-        "helm_registry_password"     = var.helm_registry_password
-        "additional_components"      = var.additional_components
-        "setup_json"                 = yamlencode(templatefile(
+        "dogu_registry_endpoint"       = var.dogu_registry_endpoint
+        "dogu_registry_username"       = var.dogu_registry_username
+        "dogu_registry_password"       = var.dogu_registry_password
+        "dogu_registry_url_schema"     = var.dogu_registry_url_schema
+        "container_registry_secrets"   = var.container_registry_secrets
+        "helm_registry_host"           = var.helm_registry_host
+        "helm_registry_schema"         = var.helm_registry_schema
+        "helm_registry_plain_http"     = var.helm_registry_plain_http
+        "helm_registry_insecure_tls"   = var.helm_registry_insecure_tls
+        "helm_registry_username"       = var.helm_registry_username
+        "helm_registry_password"       = var.helm_registry_password
+        "component_operator_chart"     = var.component_operator_chart
+        "component_operator_crd_chart" = var.component_operator_crd_chart
+        "components"                   = local.parsedComponents
+        "setup_json"                   = yamlencode(templatefile(
           "${path.module}/setup.json.tftpl",
           {
             # https://docs.cloudogu.com/en/docs/system-components/ces-setup/operations/setup-json/
-            "admin_username" = var.ces_admin_username,
-            "admin_password" = var.ces_admin_password,
-            "admin_email"    = var.ces_admin_email,
-            "default_dogu"   = var.default_dogu,
-            "dogus"          = var.dogus,
-            "fqdn" : var.ces_fqdn,
-            "domain" : local.tld
-            "certificateType" : var.ces_certificate_path == null ? "selfsigned" : "external"
-            "certificate" : var.ces_certificate_path != null ? replace(file(var.ces_certificate_path), "\n", "\\n") : ""
-            "certificateKey" : var.ces_certificate_key_path != null ? replace(file(var.ces_certificate_key_path), "\n", "\\n") : ""
+            "admin_username"  = var.ces_admin_username
+            "admin_password"  = var.ces_admin_password
+            "admin_email"     = var.ces_admin_email
+            "default_dogu"    = var.default_dogu
+            "dogus"           = var.dogus
+            "fqdn"            = var.ces_fqdn
+            "domain"          = local.topLevelDomain
+            "certificateType" = var.ces_certificate_path == null ? "selfsigned" : "external"
+            "certificate"     = var.ces_certificate_path != null ? replace(file(var.ces_certificate_path), "\n", "\\n") : ""
+            "certificateKey"  = var.ces_certificate_key_path != null ? replace(file(var.ces_certificate_key_path), "\n", "\\n") : ""
           }
         ))
         "resource_patches" = var.resource_patches

diff --git a/terraform/ces-module/values.yaml.tftpl b/terraform/ces-module/values.yaml.tftpl
@@ -1,36 +1,25 @@
 # Chart of the component operator
 # Format: <namespace>/<name>:<version>
-# component_operator_crd_chart: "k8s/k8s-component-operator-crd:latest"
-# component_operator_chart: "k8s/k8s-component-operator:latest"
+component_operator_crd_chart: "${component_operator_crd_chart}"
+component_operator_chart: "${component_operator_chart}"
 
 # Components to be installed by the k8s-ces-setup.
 # Mandatory components are listed below as the default. Moreover, one can specify components like k8s-ces-control or
 # k8s-backup-operator.
 #
 # Format: <namespace>/<name>: <version>
 components:
-  # Use longhorn if your cluster has no storage provisioner.
-  #  k8s-longhorn:
-  #    version: latest
-  #    helmRepositoryNamespace: k8s
-  #    deployNamespace: longhorn-system
-  k8s-blueprint-operator: null
-  k8s-blueprint-operator-crd: null
-  k8s-dogu-operator:
-    version: latest
-    helmRepositoryNamespace: k8s
-  k8s-dogu-operator-crd:
-    version: latest
-    helmRepositoryNamespace: k8s
-  k8s-service-discovery:
-    version: latest
-    helmRepositoryNamespace: k8s
-%{ for component in additional_components ~}
+%{ for component in components ~}
   ${component.name}:
     version: ${component.version}
     helmRepositoryNamespace: ${component.namespace}
     deployNamespace: ${component.deployNamespace}
 %{ endfor ~}
+# Use longhorn if your cluster has no storage provisioner.
+#  k8s-longhorn:
+#    version: latest
+#    helmRepositoryNamespace: k8s
+#    deployNamespace: longhorn-system
 #  k8s-snapshot-controller:
 #    version: latest
 #    helmRepositoryNamespace: k8s

diff --git a/terraform/ces-module/variables.tf b/terraform/ces-module/variables.tf
@@ -1,7 +1,7 @@
 variable "setup_chart_version" {
   description = "The version of the k8s-ces-setup chart"
   type        = string
-  default     = "3.0.0"
+  default     = "3.0.4"
 }
 
 variable "setup_chart_namespace" {
@@ -59,9 +59,9 @@ variable "default_dogu" {
 }
 
 variable "dogus" {
-  description = "A list of Dogus to install"
-  type        = list(string)
-  default     = [
+  description = "A list of Dogus to install, optional with version like official/cas:7.0.8-3"
+  type = list(string)
+  default = [
     "official/ldap",
     "official/postfix",
     "k8s/nginx-static",
@@ -70,20 +70,31 @@ variable "dogus" {
   ]
 }
 
-variable "additional_components" {
-  description = "A list of additional components to install"
-  type        = list(object({
-    name            = string
-    version         = string
-    namespace       = string
-    deployNamespace = string
-  }))
-  default = []
+variable "component_operator_crd_chart" {
+  description = "The helm chart of the component crd. Optional with version like k8s/k8s-component-operator-crd:1.2.1"
+  type = string
+  default = "k8s/k8s-component-operator-crd:latest"
+}
+
+variable "component_operator_chart" {
+  description = "The helm chart of the component operator. Optional with version like k8s/k8s-component-operator:1.2.1"
+  type = string
+  default = "k8s/k8s-component-operator:latest"
+}
+
+variable "components" {
+  description = "A list of components to install, optional with version like k8s/k8s-dogu-operator:3.0.1"
+  type = list(string)
+  default = [
+    "k8s/k8s-dogu-operator",
+    "k8s/k8s-dogu-operator-crd",
+    "k8s/k8s-service-discovery",
+  ]
 }
 
 variable "container_registry_secrets" {
   description = "A list of credentials for container registries used by dogus and components. The password must be base64 encoded. The regular configuration would contain registry.cloudogu.com as url."
-  type        = list(object({
+  type = list(object({
     url      = string
     username = string
     password = string
@@ -153,13 +164,14 @@ variable "resource_patches" {
 
 variable "is_setup_applied_matching_resource" {
   description = "This variable defines a resource with its kind, api and field selector and is used to determine if the setup has already been executed or not."
-  type        = object({
+  type = object({
     kind           = string
     api            = string
     field_selector = string
   })
   default = {
-    kind           = "CustomResourceDefinition", api = "apiextensions.k8s.io/v1",
+    kind           = "CustomResourceDefinition",
+    api            = "apiextensions.k8s.io/v1",
     field_selector = "metadata.name==dogus.k8s.cloudogu.com"
   }
 }
diff --git a/terraform/examples/ces_azure_aks/main.tf b/terraform/examples/ces_azure_aks/main.tf
@@ -71,12 +71,15 @@ module "ces" {
   source     = "../../ces-module"
 
   # Configure CES installation options
-  setup_chart_version   = var.setup_chart_version
-  setup_chart_namespace = var.setup_chart_namespace
-  ces_fqdn              = var.ces_fqdn
-  ces_admin_password    = var.ces_admin_password
-  dogus                 = var.dogus
-  resource_patches      = file(var.resource_patches_file)
+  setup_chart_version          = var.setup_chart_version
+  setup_chart_namespace        = var.setup_chart_namespace
+  ces_fqdn                     = var.ces_fqdn
+  ces_admin_password           = var.ces_admin_password
+  dogus                        = var.dogus
+  resource_patches             = file(var.resource_patches_file)
+  component_operator_chart     = var.component_operator_chart
+  component_operator_crd_chart = var.component_operator_crd_chart
+  components                   = var.components
 
   # Configure access for the registries. Passwords need to be base64-encoded.
   container_registry_secrets = var.container_registry_secrets

diff --git a/terraform/examples/ces_azure_aks/variables.tf b/terraform/examples/ces_azure_aks/variables.tf
@@ -96,7 +96,7 @@ variable "ces_admin_password" {
 }
 
 variable "dogus" {
-  description = "A list of Dogus to install"
+  description = "A list of Dogus to install, optional with version like official/cas:7.0.8-3"
   type        = list(string)
   default     = [
     "official/ldap",
@@ -110,6 +110,28 @@ variable "dogus" {
   ]
 }
 
+variable "component_operator_crd_chart" {
+  description = "The helm chart of the component crd. Optional with version like k8s/k8s-component-operator-crd:1.2.1"
+  type = string
+  default = "k8s/k8s-component-operator-crd:latest"
+}
+
+variable "component_operator_chart" {
+  description = "The helm chart of the component operator. Optional with version like k8s/k8s-component-operator:1.2.1"
+  type = string
+  default = "k8s/k8s-component-operator:latest"
+}
+
+variable "components" {
+  description = "A list of components to install, optional with version like k8s/k8s-dogu-operator:3.0.1"
+  type = list(string)
+  default = [
+    "k8s/k8s-dogu-operator",
+    "k8s/k8s-dogu-operator-crd",
+    "k8s/k8s-service-discovery",
+  ]
+}
+
 variable "ces_fqdn" {
   description = "Fully qualified domain name of the EcoSystem, e.g. 'www.ecosystem.my-domain.com'"
   type        = string
@@ -125,7 +147,7 @@ variable "setup_chart_namespace" {
 variable "setup_chart_version" {
   description = "The version of the k8s-ces-setup chart"
   type        = string
-  default     = "3.0.0"
+  default     = "3.0.4"
 }
 
 variable "resource_patches_file" {

diff --git a/terraform/examples/ces_google_gke/ces_cluster/main.tf b/terraform/examples/ces_google_gke/ces_cluster/main.tf
@@ -95,13 +95,16 @@ module "ces" {
   source     = "../../../ces-module"
 
   # Configure CES installation options
-  setup_chart_version   = var.setup_chart_version
-  setup_chart_namespace = var.setup_chart_namespace
-  ces_fqdn              = var.ces_fqdn
-  ces_admin_username    = var.ces_admin_username
-  ces_admin_password    = var.ces_admin_password
-  dogus                 = var.dogus
-  resource_patches      = file(var.resource_patches_file)
+  setup_chart_version          = var.setup_chart_version
+  setup_chart_namespace        = var.setup_chart_namespace
+  ces_fqdn                     = var.ces_fqdn
+  ces_admin_username           = var.ces_admin_username
+  ces_admin_password           = var.ces_admin_password
+  dogus                        = var.dogus
+  resource_patches             = file(var.resource_patches_file)
+  component_operator_chart     = var.component_operator_chart
+  component_operator_crd_chart = var.component_operator_crd_chart
+  components                   = var.components
 
   # Configure access for the registries. Passwords need to be base64-encoded.
   container_registry_secrets = var.container_registry_secrets