diff --git a/CHANGELOG.md b/CHANGELOG.md index 7091c35..8bfb968 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,18 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +## [v4.1.2] - 2024-12-19 +### Added +- [#102] Add networkpolicy for dev docker registry. + +## [v4.1.1] - 2024-11-18 +### Changed +- [#100] update k8s-ces-setup in terraform to 3.0.4 + +## [v4.1.0] - 2024-11-15 +### Added +- [#98] added possibilty to modify components in terraform setup + ## [v4.0.0] - 2024-10-29 ### Changed - **Breaking**: Updated k8s-ces-setup configuration in vagrant environment and terraform module to support the new structure of the container registry secret. #96 diff --git a/docs/development/building_basebox_de.md b/docs/development/building_basebox_de.md index d078669..f19a7b1 100644 --- a/docs/development/building_basebox_de.md +++ b/docs/development/building_basebox_de.md @@ -8,6 +8,8 @@ Aufwand für die Erstellung einer neuen Entwicklungsinstanz über Vagrant zu red - `git` installiert - `packer` installiert (siehe [packer.io](https://www.packer.io/)) +- packer-virtualbox-plugin via `packer plugins install github.com/hashicorp/virtualbox` +- packer-vagrant-plugin via `packer plugins install github.com/hashicorp/vagrant` - VirtualBox installiert - Verstehen der [Struktur der Projektdateien](structure_of_the_files_de.md) diff --git a/image/scripts/dev/docker-registry/docker-registry.yaml b/image/scripts/dev/docker-registry/docker-registry.yaml index 4e4e4bc..3c85285 100644 --- a/image/scripts/dev/docker-registry/docker-registry.yaml +++ b/image/scripts/dev/docker-registry/docker-registry.yaml @@ -195,4 +195,26 @@ spec: name: docker-registry-config - name: docker-registry-proxy-config configMap: - name: docker-registry-proxy-config \ No newline at end of file + name: docker-registry-proxy-config +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: local-registry-ingress + namespace: ecosystem +spec: + ingress: + - from: + - ipBlock: + cidr: 0.0.0.0/0 + - podSelector: {} + ports: + - port: 30099 + protocol: TCP + - port: 30098 + protocol: TCP + podSelector: + matchLabels: + app: docker-registry + policyTypes: + - Ingress \ No newline at end of file diff --git a/terraform/ces-module/main.tf b/terraform/ces-module/main.tf index c95cf0d..f27cb28 100644 --- a/terraform/ces-module/main.tf +++ b/terraform/ces-module/main.tf @@ -16,7 +16,23 @@ terraform { locals { split_fqdn = split(".", var.ces_fqdn) # Top Level Domain extracted from fully qualified domain name. k3ces.local is used for development mode and empty fqdn. - tld = var.ces_fqdn != "" ? "${element( split(".", var.ces_fqdn), length(local.split_fqdn) - 2)}.${element(local.split_fqdn, length(local.split_fqdn) - 1)}" : "k3ces.local" + topLevelDomain = var.ces_fqdn != "" ? "${element( split(".", var.ces_fqdn), length(local.split_fqdn) - 2)}.${element(local.split_fqdn, length(local.split_fqdn) - 1)}" : "k3ces.local" + splitComponentNamespaces = [ + for componentStr in var.components : + { + namespace = split("/", componentStr)[0] + rest = split("/", componentStr)[1] //provoke error here, so that the build fails if no namespace or name is given + } + ] + parsedComponents = [ + for namespaceAndRest in local.splitComponentNamespaces : + { + namespace = namespaceAndRest.namespace + name = split(":", namespaceAndRest.rest)[0] + version = length(split(":", namespaceAndRest.rest)) == 2 ? split(":", namespaceAndRest.rest)[1] : "latest" + deployNamespace = split(":", namespaceAndRest.rest)[0] != "k8s-longhorn" ? var.ces_namespace : "longhorn-system" + } + ] } resource "helm_release" "k8s-ces-setup" { @@ -31,32 +47,34 @@ resource "helm_release" "k8s-ces-setup" { values = [ templatefile("${path.module}/values.yaml.tftpl", { - "dogu_registry_endpoint" = var.dogu_registry_endpoint - "dogu_registry_username" = var.dogu_registry_username - "dogu_registry_password" = var.dogu_registry_password - "dogu_registry_url_schema" = var.dogu_registry_url_schema - "container_registry_secrets" = var.container_registry_secrets - "helm_registry_host" = var.helm_registry_host - "helm_registry_schema" = var.helm_registry_schema - "helm_registry_plain_http" = var.helm_registry_plain_http - "helm_registry_insecure_tls" = var.helm_registry_insecure_tls - "helm_registry_username" = var.helm_registry_username - "helm_registry_password" = var.helm_registry_password - "additional_components" = var.additional_components - "setup_json" = yamlencode(templatefile( + "dogu_registry_endpoint" = var.dogu_registry_endpoint + "dogu_registry_username" = var.dogu_registry_username + "dogu_registry_password" = var.dogu_registry_password + "dogu_registry_url_schema" = var.dogu_registry_url_schema + "container_registry_secrets" = var.container_registry_secrets + "helm_registry_host" = var.helm_registry_host + "helm_registry_schema" = var.helm_registry_schema + "helm_registry_plain_http" = var.helm_registry_plain_http + "helm_registry_insecure_tls" = var.helm_registry_insecure_tls + "helm_registry_username" = var.helm_registry_username + "helm_registry_password" = var.helm_registry_password + "component_operator_chart" = var.component_operator_chart + "component_operator_crd_chart" = var.component_operator_crd_chart + "components" = local.parsedComponents + "setup_json" = yamlencode(templatefile( "${path.module}/setup.json.tftpl", { # https://docs.cloudogu.com/en/docs/system-components/ces-setup/operations/setup-json/ - "admin_username" = var.ces_admin_username, - "admin_password" = var.ces_admin_password, - "admin_email" = var.ces_admin_email, - "default_dogu" = var.default_dogu, - "dogus" = var.dogus, - "fqdn" : var.ces_fqdn, - "domain" : local.tld - "certificateType" : var.ces_certificate_path == null ? "selfsigned" : "external" - "certificate" : var.ces_certificate_path != null ? replace(file(var.ces_certificate_path), "\n", "\\n") : "" - "certificateKey" : var.ces_certificate_key_path != null ? replace(file(var.ces_certificate_key_path), "\n", "\\n") : "" + "admin_username" = var.ces_admin_username + "admin_password" = var.ces_admin_password + "admin_email" = var.ces_admin_email + "default_dogu" = var.default_dogu + "dogus" = var.dogus + "fqdn" = var.ces_fqdn + "domain" = local.topLevelDomain + "certificateType" = var.ces_certificate_path == null ? "selfsigned" : "external" + "certificate" = var.ces_certificate_path != null ? replace(file(var.ces_certificate_path), "\n", "\\n") : "" + "certificateKey" = var.ces_certificate_key_path != null ? replace(file(var.ces_certificate_key_path), "\n", "\\n") : "" } )) "resource_patches" = var.resource_patches diff --git a/terraform/ces-module/values.yaml.tftpl b/terraform/ces-module/values.yaml.tftpl index 07e4f61..d186dea 100644 --- a/terraform/ces-module/values.yaml.tftpl +++ b/terraform/ces-module/values.yaml.tftpl @@ -1,7 +1,7 @@ # Chart of the component operator # Format: /: -# component_operator_crd_chart: "k8s/k8s-component-operator-crd:latest" -# component_operator_chart: "k8s/k8s-component-operator:latest" +component_operator_crd_chart: "${component_operator_crd_chart}" +component_operator_chart: "${component_operator_chart}" # Components to be installed by the k8s-ces-setup. # Mandatory components are listed below as the default. Moreover, one can specify components like k8s-ces-control or @@ -9,28 +9,17 @@ # # Format: /: components: - # Use longhorn if your cluster has no storage provisioner. - # k8s-longhorn: - # version: latest - # helmRepositoryNamespace: k8s - # deployNamespace: longhorn-system - k8s-blueprint-operator: null - k8s-blueprint-operator-crd: null - k8s-dogu-operator: - version: latest - helmRepositoryNamespace: k8s - k8s-dogu-operator-crd: - version: latest - helmRepositoryNamespace: k8s - k8s-service-discovery: - version: latest - helmRepositoryNamespace: k8s -%{ for component in additional_components ~} +%{ for component in components ~} ${component.name}: version: ${component.version} helmRepositoryNamespace: ${component.namespace} deployNamespace: ${component.deployNamespace} %{ endfor ~} +# Use longhorn if your cluster has no storage provisioner. +# k8s-longhorn: +# version: latest +# helmRepositoryNamespace: k8s +# deployNamespace: longhorn-system # k8s-snapshot-controller: # version: latest # helmRepositoryNamespace: k8s diff --git a/terraform/ces-module/variables.tf b/terraform/ces-module/variables.tf index 956c662..ead0d6a 100644 --- a/terraform/ces-module/variables.tf +++ b/terraform/ces-module/variables.tf @@ -1,7 +1,7 @@ variable "setup_chart_version" { description = "The version of the k8s-ces-setup chart" type = string - default = "3.0.0" + default = "3.0.4" } variable "setup_chart_namespace" { @@ -59,9 +59,9 @@ variable "default_dogu" { } variable "dogus" { - description = "A list of Dogus to install" - type = list(string) - default = [ + description = "A list of Dogus to install, optional with version like official/cas:7.0.8-3" + type = list(string) + default = [ "official/ldap", "official/postfix", "k8s/nginx-static", @@ -70,20 +70,31 @@ variable "dogus" { ] } -variable "additional_components" { - description = "A list of additional components to install" - type = list(object({ - name = string - version = string - namespace = string - deployNamespace = string - })) - default = [] +variable "component_operator_crd_chart" { + description = "The helm chart of the component crd. Optional with version like k8s/k8s-component-operator-crd:1.2.1" + type = string + default = "k8s/k8s-component-operator-crd:latest" +} + +variable "component_operator_chart" { + description = "The helm chart of the component operator. Optional with version like k8s/k8s-component-operator:1.2.1" + type = string + default = "k8s/k8s-component-operator:latest" +} + +variable "components" { + description = "A list of components to install, optional with version like k8s/k8s-dogu-operator:3.0.1" + type = list(string) + default = [ + "k8s/k8s-dogu-operator", + "k8s/k8s-dogu-operator-crd", + "k8s/k8s-service-discovery", + ] } variable "container_registry_secrets" { description = "A list of credentials for container registries used by dogus and components. The password must be base64 encoded. The regular configuration would contain registry.cloudogu.com as url." - type = list(object({ + type = list(object({ url = string username = string password = string @@ -153,13 +164,14 @@ variable "resource_patches" { variable "is_setup_applied_matching_resource" { description = "This variable defines a resource with its kind, api and field selector and is used to determine if the setup has already been executed or not." - type = object({ + type = object({ kind = string api = string field_selector = string }) default = { - kind = "CustomResourceDefinition", api = "apiextensions.k8s.io/v1", + kind = "CustomResourceDefinition", + api = "apiextensions.k8s.io/v1", field_selector = "metadata.name==dogus.k8s.cloudogu.com" } } \ No newline at end of file diff --git a/terraform/examples/ces_azure_aks/main.tf b/terraform/examples/ces_azure_aks/main.tf index 3eb1f12..e8e4d61 100644 --- a/terraform/examples/ces_azure_aks/main.tf +++ b/terraform/examples/ces_azure_aks/main.tf @@ -71,12 +71,15 @@ module "ces" { source = "../../ces-module" # Configure CES installation options - setup_chart_version = var.setup_chart_version - setup_chart_namespace = var.setup_chart_namespace - ces_fqdn = var.ces_fqdn - ces_admin_password = var.ces_admin_password - dogus = var.dogus - resource_patches = file(var.resource_patches_file) + setup_chart_version = var.setup_chart_version + setup_chart_namespace = var.setup_chart_namespace + ces_fqdn = var.ces_fqdn + ces_admin_password = var.ces_admin_password + dogus = var.dogus + resource_patches = file(var.resource_patches_file) + component_operator_chart = var.component_operator_chart + component_operator_crd_chart = var.component_operator_crd_chart + components = var.components # Configure access for the registries. Passwords need to be base64-encoded. container_registry_secrets = var.container_registry_secrets diff --git a/terraform/examples/ces_azure_aks/variables.tf b/terraform/examples/ces_azure_aks/variables.tf index 78cc218..524f596 100644 --- a/terraform/examples/ces_azure_aks/variables.tf +++ b/terraform/examples/ces_azure_aks/variables.tf @@ -96,7 +96,7 @@ variable "ces_admin_password" { } variable "dogus" { - description = "A list of Dogus to install" + description = "A list of Dogus to install, optional with version like official/cas:7.0.8-3" type = list(string) default = [ "official/ldap", @@ -110,6 +110,28 @@ variable "dogus" { ] } +variable "component_operator_crd_chart" { + description = "The helm chart of the component crd. Optional with version like k8s/k8s-component-operator-crd:1.2.1" + type = string + default = "k8s/k8s-component-operator-crd:latest" +} + +variable "component_operator_chart" { + description = "The helm chart of the component operator. Optional with version like k8s/k8s-component-operator:1.2.1" + type = string + default = "k8s/k8s-component-operator:latest" +} + +variable "components" { + description = "A list of components to install, optional with version like k8s/k8s-dogu-operator:3.0.1" + type = list(string) + default = [ + "k8s/k8s-dogu-operator", + "k8s/k8s-dogu-operator-crd", + "k8s/k8s-service-discovery", + ] +} + variable "ces_fqdn" { description = "Fully qualified domain name of the EcoSystem, e.g. 'www.ecosystem.my-domain.com'" type = string @@ -125,7 +147,7 @@ variable "setup_chart_namespace" { variable "setup_chart_version" { description = "The version of the k8s-ces-setup chart" type = string - default = "3.0.0" + default = "3.0.4" } variable "resource_patches_file" { diff --git a/terraform/examples/ces_google_gke/ces_cluster/main.tf b/terraform/examples/ces_google_gke/ces_cluster/main.tf index 09b7b12..46c6eaa 100644 --- a/terraform/examples/ces_google_gke/ces_cluster/main.tf +++ b/terraform/examples/ces_google_gke/ces_cluster/main.tf @@ -95,13 +95,16 @@ module "ces" { source = "../../../ces-module" # Configure CES installation options - setup_chart_version = var.setup_chart_version - setup_chart_namespace = var.setup_chart_namespace - ces_fqdn = var.ces_fqdn - ces_admin_username = var.ces_admin_username - ces_admin_password = var.ces_admin_password - dogus = var.dogus - resource_patches = file(var.resource_patches_file) + setup_chart_version = var.setup_chart_version + setup_chart_namespace = var.setup_chart_namespace + ces_fqdn = var.ces_fqdn + ces_admin_username = var.ces_admin_username + ces_admin_password = var.ces_admin_password + dogus = var.dogus + resource_patches = file(var.resource_patches_file) + component_operator_chart = var.component_operator_chart + component_operator_crd_chart = var.component_operator_crd_chart + components = var.components # Configure access for the registries. Passwords need to be base64-encoded. container_registry_secrets = var.container_registry_secrets diff --git a/terraform/examples/ces_google_gke/ces_cluster/variables_ces.tf b/terraform/examples/ces_google_gke/ces_cluster/variables_ces.tf index 373d40f..2bb6bb4 100644 --- a/terraform/examples/ces_google_gke/ces_cluster/variables_ces.tf +++ b/terraform/examples/ces_google_gke/ces_cluster/variables_ces.tf @@ -77,7 +77,7 @@ variable "ces_admin_password" { } variable "dogus" { - description = "A list of Dogus to install" + description = "A list of Dogus to install, optional with version like official/cas:7.0.8-3" type = list(string) default = [ "official/ldap", @@ -91,6 +91,28 @@ variable "dogus" { ] } +variable "component_operator_crd_chart" { + description = "The helm chart of the component crd. Optional with version like k8s/k8s-component-operator-crd:1.2.1" + type = string + default = "k8s/k8s-component-operator-crd:latest" +} + +variable "component_operator_chart" { + description = "The helm chart of the component operator. Optional with version like k8s/k8s-component-operator:1.2.1" + type = string + default = "k8s/k8s-component-operator:latest" +} + +variable "components" { + description = "A list of components to install, optional with version like k8s/k8s-dogu-operator:3.0.1" + type = list(string) + default = [ + "k8s/k8s-dogu-operator", + "k8s/k8s-dogu-operator-crd", + "k8s/k8s-service-discovery", + ] +} + variable "ces_fqdn" { description = "Fully qualified domain name of the EcoSystem, e.g. 'www.ecosystem.my-domain.com'" type = string @@ -106,7 +128,7 @@ variable "setup_chart_namespace" { variable "setup_chart_version" { description = "The version of the k8s-ces-setup chart" type = string - default = "3.0.0" + default = "3.0.4" } variable "resource_patches_file" { diff --git a/terraform/examples/ces_local/main.tf b/terraform/examples/ces_local/main.tf index cea95c0..0d8f5de 100644 --- a/terraform/examples/ces_local/main.tf +++ b/terraform/examples/ces_local/main.tf @@ -29,14 +29,16 @@ module "ces" { source = "../../ces-module" # Configure CES installation options - setup_chart_version = var.setup_chart_version - setup_chart_namespace = var.setup_chart_namespace - ces_fqdn = var.ces_fqdn - ces_admin_username = var.ces_admin_username - ces_admin_password = var.ces_admin_password - dogus = var.dogus - additional_components = var.additional_components - resource_patches = file(var.resource_patches_file) + setup_chart_version = var.setup_chart_version + setup_chart_namespace = var.setup_chart_namespace + ces_fqdn = var.ces_fqdn + ces_admin_username = var.ces_admin_username + ces_admin_password = var.ces_admin_password + dogus = var.dogus + component_operator_chart = var.component_operator_chart + component_operator_crd_chart = var.component_operator_crd_chart + components = var.components + resource_patches = file(var.resource_patches_file) # Configure access for the registries. Passwords need to be base64-encoded. container_registry_secrets = var.container_registry_secrets diff --git a/terraform/examples/ces_local/variables_ces.tf b/terraform/examples/ces_local/variables_ces.tf index cf9da8f..9b25ac4 100644 --- a/terraform/examples/ces_local/variables_ces.tf +++ b/terraform/examples/ces_local/variables_ces.tf @@ -78,17 +78,43 @@ variable "ces_admin_password" { } variable "dogus" { - description = "A list of Dogus to install" - type = list(string) - default = [ + description = "A list of Dogus to install, optional with version like official/cas:7.0.8-3" + type = list(string) + default = [ "official/ldap", "official/postfix", "k8s/nginx-static", "k8s/nginx-ingress", - "official/cas", - "official/jenkins", - "official/nexus", - "official/scm" + "official/cas" + ] +} + +variable "ces_namespace" { + description = "The namespace for the CES" + type = string + default = "ecosystem" +} + +variable "component_operator_crd_chart" { + description = "The helm chart of the component crd. Optional with version like k8s/k8s-component-operator-crd:1.2.1" + type = string + default = "k8s/k8s-component-operator-crd:latest" +} + +variable "component_operator_chart" { + description = "The helm chart of the component operator. Optional with version like k8s/k8s-component-operator:1.2.1" + type = string + default = "k8s/k8s-component-operator:latest" +} + +variable "components" { + description = "A list of components to install, optional with version like k8s/k8s-dogu-operator:3.0.1" + type = list(string) + default = [ + "k8s/k8s-dogu-operator", + "k8s/k8s-dogu-operator-crd", + "k8s/k8s-service-discovery", + "k8s/k8s-longhorn", ] } @@ -118,7 +144,7 @@ variable "setup_chart_namespace" { variable "setup_chart_version" { description = "The version of the k8s-ces-setup chart" type = string - default = "3.0.0" + default = "3.0.4" } variable "resource_patches_file" {