Merge branch 'release/v4.0.0'

cloudogu · Oct 29, 2024 · b7d6bea · b7d6bea
2 parents 9ec7cb3 + 2a397a8
commit b7d6bea
Show file tree

Hide file tree

Showing 24 changed files with 160 additions and 353 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -7,6 +7,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [v4.0.0] - 2024-10-29
+### Changed
+- **Breaking**: Updated k8s-ces-setup configuration in vagrant environment and terraform module to support the new structure of the container registry secret. #96
+For terraform variable declaration see `container_registry_secrets` in [variables.tf](terraform/ces-module/variables.tf).
+- Update default setup helm chart version to 3.0.0 in terraform module `ces-module`.
+
 ## [v3.1.0] - 2024-09-19
 ### Changed
 - Replace terraform kubernetes generic manifests resources with explicit corresponding resources (e.g. daemonsets) because they need the kubeconfig already in plan phase and prevent a single `terraform apply` #87

diff --git a/docs/operations/ces_installation_de.md b/docs/operations/ces_installation_de.md
@@ -198,10 +198,10 @@ müssen benötigte Credentials mit einem `values.yaml` File konfiguriert werden.
 Minimales Beispiel:
 
 ```yaml
-docker_registry_secret:
-  url: https://registry.cloudogu.com
-  username:
-  password:
+container_registry_secrets:
+  - url: https://registry.cloudogu.com
+    username:
+    password:
 
 dogu_registry_secret:
   url: https://dogu.cloudogu.com/api/v2/dogus

diff --git a/docs/operations/ces_installation_en.md b/docs/operations/ces_installation_en.md
@@ -197,10 +197,10 @@ required credentials must be configured with a `values.yaml` file.
 Minimal example:
 
 ```yaml
-docker_registry_secret:
-  url: https://registry.cloudogu.com
-  username:
-  password:
+container_registry_secrets:
+  - url: https://registry.cloudogu.com
+    username:
+    password:
 
 dogu_registry_secret:
   url: https://dogu.cloudogu.com/api/v2/dogus

diff --git a/externalcloud/.env.template b/externalcloud/.env.template
diff --git a/externalcloud/createNamespace.sh b/externalcloud/createNamespace.sh
diff --git a/externalcloud/install.sh b/externalcloud/install.sh
diff --git a/externalcloud/installLatestK8sCesSetup.sh b/externalcloud/installLatestK8sCesSetup.sh
diff --git a/externalcloud/setup.json b/externalcloud/setup.json
diff --git a/externalcloud/syncFQDN.sh b/externalcloud/syncFQDN.sh
diff --git a/image/scripts/dev/additionalValues.yaml.tpl b/image/scripts/dev/additionalValues.yaml.tpl
@@ -1,7 +1,7 @@
-docker_registry_secret:
-  url: DOCKER_REGISTRY_SECRET_URL
-  username: "DOCKER_REGISTRY_SECRET_USERNAME"
-  password: "DOCKER_REGISTRY_SECRET_PASSWORD" # Base64 encoded password
+container_registry_secrets:
+  - url: CONTAINER_REGISTRY_SECRET_URL
+    username: "CONTAINER_REGISTRY_SECRET_USERNAME"
+    password: "CONTAINER_REGISTRY_SECRET_PASSWORD" # Base64 encoded password
 dogu_registry_secret:
   url: DOGU_REGISTRY_SECRET_URL
   urlschema: "DOGU_REGISTRY_SECRET_URL_SCHEMA"
@@ -28,7 +28,4 @@ components:
           attacherReplicaCount: DEFAULTCLASSREPLICACOUNT
           provisionerReplicaCount: DEFAULTCLASSREPLICACOUNT
           resizerReplicaCount: DEFAULTCLASSREPLICACOUNT
-          snapshotterReplicaCount: DEFAULTCLASSREPLICACOUNT
-        longhornUI:
-          # Scale this up, if UI is needed
-          replicas: 0
+          snapshotterReplicaCount: DEFAULTCLASSREPLICACOUNT
diff --git a/image/scripts/dev/installLatestK8sCesSetup.sh b/image/scripts/dev/installLatestK8sCesSetup.sh
@@ -44,9 +44,9 @@ applyResources() {
 
   # Replace values in yaml template
   cp ${ADDITIONAL_VALUES_TEMPLATE} ${ADDITIONAL_VALUES_YAML}
-  sed --in-place "s|DOCKER_REGISTRY_SECRET_URL|${image_registry_url}|g" ${ADDITIONAL_VALUES_YAML}
-  sed --in-place "s|DOCKER_REGISTRY_SECRET_USERNAME|${image_registry_username}|g" ${ADDITIONAL_VALUES_YAML}
-  sed --in-place "s|DOCKER_REGISTRY_SECRET_PASSWORD|${image_registry_password}|g" ${ADDITIONAL_VALUES_YAML}
+  sed --in-place "s|CONTAINER_REGISTRY_SECRET_URL|${image_registry_url}|g" ${ADDITIONAL_VALUES_YAML}
+  sed --in-place "s|CONTAINER_REGISTRY_SECRET_USERNAME|${image_registry_username}|g" ${ADDITIONAL_VALUES_YAML}
+  sed --in-place "s|CONTAINER_REGISTRY_SECRET_PASSWORD|${image_registry_password}|g" ${ADDITIONAL_VALUES_YAML}
   sed --in-place "s|DOGU_REGISTRY_SECRET_URL|${dogu_registry_url}|g" ${ADDITIONAL_VALUES_YAML}
   sed --in-place "s|DOGU_REGISTRY_SECRET_URL_SCHEMA|${dogu_registry_urlschema}|g" ${ADDITIONAL_VALUES_YAML}
   sed --in-place "s|DOGU_REGISTRY_SECRET_USERNAME|${dogu_registry_username}|g" ${ADDITIONAL_VALUES_YAML}

diff --git a/terraform/ces-module/main.tf b/terraform/ces-module/main.tf
@@ -35,9 +35,7 @@ resource "helm_release" "k8s-ces-setup" {
         "dogu_registry_username"     = var.dogu_registry_username
         "dogu_registry_password"     = var.dogu_registry_password
         "dogu_registry_url_schema"   = var.dogu_registry_url_schema
-        "docker_registry_url"        = var.image_registry_url
-        "docker_registry_username"   = var.image_registry_username
-        "docker_registry_password"   = var.image_registry_password
+        "container_registry_secrets" = var.container_registry_secrets
         "helm_registry_host"         = var.helm_registry_host
         "helm_registry_schema"       = var.helm_registry_schema
         "helm_registry_plain_http"   = var.helm_registry_plain_http

diff --git a/terraform/ces-module/values.yaml.tftpl b/terraform/ces-module/values.yaml.tftpl
@@ -14,9 +14,8 @@ components:
   #    version: latest
   #    helmRepositoryNamespace: k8s
   #    deployNamespace: longhorn-system
-  k8s-etcd:
-    version: latest
-    helmRepositoryNamespace: k8s
+  k8s-blueprint-operator: null
+  k8s-blueprint-operator-crd: null
   k8s-dogu-operator:
     version: latest
     helmRepositoryNamespace: k8s
@@ -63,10 +62,12 @@ ${resource_patches}
 
 # Credentials for the docker registry used by the components.
 # It is mandatory to set username and the base64-encoded password.
-docker_registry_secret:
-  url: "${docker_registry_url}"
-  username: "${docker_registry_username}"
-  password: "${docker_registry_password}"
+container_registry_secrets:
+%{ for secret in container_registry_secrets ~}
+  - url: "${secret.url}"
+    username: "${secret.username}"
+    password: "${secret.password}"
+%{ endfor ~}
 
 # Credentials for the dogu registry used by the components.
 # It is mandatory to set username and the base64-encoded password.

diff --git a/terraform/ces-module/variables.tf b/terraform/ces-module/variables.tf
@@ -1,7 +1,7 @@
 variable "setup_chart_version" {
   description = "The version of the k8s-ces-setup chart"
   type        = string
-  default     = "1.0.0"
+  default     = "3.0.0"
 }
 
 variable "setup_chart_namespace" {
@@ -81,20 +81,13 @@ variable "additional_components" {
   default = []
 }
 
-variable "image_registry_url" {
-  description = "The url for the docker-image-registry"
-  type        = string
-}
-
-variable "image_registry_username" {
-  description = "The username for the docker-image-registry"
-  type        = string
-}
-
-variable "image_registry_password" {
-  description = "The base64-encoded password for the docker-image-registry"
-  type        = string
-  sensitive   = true
+variable "container_registry_secrets" {
+  description = "A list of credentials for container registries used by dogus and components. The password must be base64 encoded. The regular configuration would contain registry.cloudogu.com as url."
+  type        = list(object({
+    url      = string
+    username = string
+    password = string
+  }))
 }
 
 variable "dogu_registry_username" {

diff --git a/terraform/examples/ces_azure_aks/main.tf b/terraform/examples/ces_azure_aks/main.tf
@@ -53,18 +53,18 @@ module "azure" {
   azure_resource_group_location = var.azure_resource_group_location
 }
 
-module "kubelet_private_registry" {
-  depends_on = [module.azure]
-  source     = "../../kubelet-private-registry"
-
-  private_registries = [
-    {
-      "url"      = var.image_registry_url
-      "username" = var.image_registry_username
-      "password" = var.image_registry_password
-    }
-  ]
-}
+#module "kubelet_private_registry" {
+#  depends_on = [module.azure]
+#  source     = "../../kubelet-private-registry"
+#
+#  private_registries = [
+#    {
+#      "url"      = var.image_registry_url
+#      "username" = var.image_registry_username
+#      "password" = var.image_registry_password
+#    }
+#  ]
+#}
 
 module "ces" {
   depends_on = [module.azure]
@@ -79,13 +79,10 @@ module "ces" {
   resource_patches      = file(var.resource_patches_file)
 
   # Configure access for the registries. Passwords need to be base64-encoded.
-  image_registry_url      = var.image_registry_url
-  image_registry_username = var.image_registry_username
-  image_registry_password = var.image_registry_password
-
-  dogu_registry_username = var.dogu_registry_username
-  dogu_registry_password = var.dogu_registry_password
-  dogu_registry_endpoint = var.dogu_registry_endpoint
+  container_registry_secrets = var.container_registry_secrets
+  dogu_registry_username     = var.dogu_registry_username
+  dogu_registry_password     = var.dogu_registry_password
+  dogu_registry_endpoint     = var.dogu_registry_endpoint
 
   helm_registry_host       = var.helm_registry_host
   helm_registry_schema     = var.helm_registry_schema

diff --git a/terraform/examples/ces_azure_aks/secretVars.tfvars.template b/terraform/examples/ces_azure_aks/secretVars.tfvars.template
@@ -1,6 +1,11 @@
 // EcoSystem Credentials
-image_registry_username = "username"
-image_registry_password = "cGFzc3dvcmQ=" # Base64-encoded
+container_registry_secrets = [
+  {
+    url      = "registry.cloudougu.com"
+    username = "username"
+    password = "cGFzc3dvcmQ=" # Base64-encoded
+  }
+]
 dogu_registry_username  = "username"
 dogu_registry_password  = "cGFzc3dvcmQ=" # Base64-encoded
 helm_registry_username  = "username"