From 4a030ba7498f42b07677c9fc1014b8f562d54fc4 Mon Sep 17 00:00:00 2001 From: shreddedbacon Date: Mon, 17 Nov 2025 10:18:26 +1100 Subject: [PATCH 1/6] test: optional traefik installation --- Makefile | 68 ++++++++++++++++++++++++++++++++++++++------------------ 1 file changed, 46 insertions(+), 22 deletions(-) diff --git a/Makefile b/Makefile index f7a35fd881..6a9c8dfa9e 100644 --- a/Makefile +++ b/Makefile @@ -476,7 +476,7 @@ STERN_VERSION = v2.6.1 CHART_TESTING_VERSION = v3.11.0 K3D_IMAGE = docker.io/rancher/k3s:v1.31.1-k3s1 TESTS = [nginx,api,api-routes,features-kubernetes,bulk-deployment,features-kubernetes-2,features-variables,active-standby-kubernetes,tasks,drush,python,gitlab,github,bitbucket,services,services-2] -CHARTS_TREEISH = main +CHARTS_TREEISH = traefik CHARTS_REPOSITORY = https://github.com/uselagoon/lagoon-charts.git #CHARTS_REPOSITORY = ../lagoon-charts TASK_IMAGES = task-activestandby task-projectclone @@ -528,6 +528,17 @@ INSTALL_K8UP = false INSTALL_K8UP_VERSIONS = v2 REMOTE_CONTROLLER_K8UP_VERSION = v2 +INGRESS_CONTROLLER = traefik +ifeq ($(INGRESS_CONTROLLER),traefik) +INGRESS_CONTROLLER_NAMESPACE = ingress-traefik +INGRESS_CONTROLLER_SERVICE = ingress-traefik +INGRESS_CONTROLLER_CLASSNAME = traefik +else +INGRESS_CONTROLLER_NAMESPACE = ingress-nginx +INGRESS_CONTROLLER_SERVICE = ingress-nginx-controller +INGRESS_CONTROLLER_CLASSNAME = nginx +endif + # the following can be used to selectively leave out the installation of certain # dbaas provider types INSTALL_MARIADB_PROVIDER = @@ -717,6 +728,7 @@ helm/repos: local-dev/helm ifeq ($(INSTALL_UNAUTHENTICATED_REGISTRY),true) $(HELM) repo add twuni https://twuni.github.io/docker-registry.helm endif + $(HELM) repo add traefik https://traefik.github.io/charts $(HELM) repo update # stand up a k3d cluster configured appropriately for lagoon testing @@ -785,6 +797,10 @@ k3d/setup: k3d/cluster helm/repos $(addprefix local-dev/,$(K3D_TOOLS)) k3d/check DOCKER_NETWORK=$(DOCKER_NETWORK) \ JQ=$(JQ) HELM=$(HELM) KUBECTL=$(KUBECTL) \ USE_CALICO_CNI=false \ + INGRESS_CONTROLLER=$(INGRESS_CONTROLLER) \ + INGRESS_CONTROLLER_NAMESPACE=$(INGRESS_CONTROLLER_NAMESPACE) \ + INGRESS_CONTROLLER_SERVICE=$(INGRESS_CONTROLLER_SERVICE) \ + INGRESS_CONTROLLER_CLASSNAME=$(INGRESS_CONTROLLER_CLASSNAME) \ $$([ $(INSTALL_MAILPIT) ] && echo 'INSTALL_MAILPIT=$(INSTALL_MAILPIT)') \ $$([ $(INSTALL_PROMETHEUS) ] && echo 'INSTALL_PROMETHEUS=$(INSTALL_PROMETHEUS)') \ $$([ $(INSTALL_K8UP) ] && echo 'INSTALL_K8UP=$(INSTALL_K8UP)') \ @@ -825,13 +841,13 @@ k3d/install-lagoon: ifneq ($(INSTALL_STABLE_CORE),true) $(MAKE) build export KUBECONFIG="$$(realpath kubeconfig.k3d.$(CI_BUILD_TAG))" \ - && export IMAGE_REGISTRY="registry.$$($(KUBECTL) -n ingress-nginx get services ingress-nginx-controller -o jsonpath='{.status.loadBalancer.ingress[0].ip}').nip.io/library" \ + && export IMAGE_REGISTRY="registry.$$($(KUBECTL) -n $(INGRESS_CONTROLLER_NAMESPACE) get services $(INGRESS_CONTROLLER_SERVICE) -o jsonpath='{.status.loadBalancer.ingress[0].ip}').nip.io/library" \ && $(MAKE) k3d/push-images JQ=$(JQ) HELM=$(HELM) KUBECTL=$(KUBECTL) docker pull $(UI_IMAGE_REPO):$(UI_IMAGE_TAG) docker pull $(BETA_UI_IMAGE_REPO):$(BETA_UI_IMAGE_TAG) endif export KUBECONFIG="$$(realpath kubeconfig.k3d.$(CI_BUILD_TAG))" \ - && export IMAGE_REGISTRY="registry.$$($(KUBECTL) -n ingress-nginx get services ingress-nginx-controller -o jsonpath='{.status.loadBalancer.ingress[0].ip}').nip.io/library" \ + && export IMAGE_REGISTRY="registry.$$($(KUBECTL) -n $(INGRESS_CONTROLLER_NAMESPACE) get services $(INGRESS_CONTROLLER_SERVICE) -o jsonpath='{.status.loadBalancer.ingress[0].ip}').nip.io/library" \ && $(MAKE) k3d/push-remote-controller-image \ && cd lagoon-charts.k3d.lagoon \ && $(MAKE) install-lagoon \ @@ -846,18 +862,22 @@ endif SSHTOKEN_IMAGE_REPO=$(SSHTOKEN_IMAGE_REPO) SSHTOKEN_IMAGE_TAG=$(SSHTOKEN_IMAGE_TAG) \ SSHPORTAL_IMAGE_REPO=$(SSHPORTAL_IMAGE_REPO) SSHPORTAL_IMAGE_TAG=$(SSHPORTAL_IMAGE_TAG) \ INSIGHTS_HANDLER_IMAGE_REPO=$(INSIGHTS_HANDLER_IMAGE_REPO) INSIGHTS_HANDLER_IMAGE_TAG=$(INSIGHTS_HANDLER_IMAGE_TAG) \ - OVERRIDE_BUILD_DEPLOY_DIND_IMAGE="registry.$$($(KUBECTL) -n ingress-nginx get services ingress-nginx-controller -o jsonpath='{.status.loadBalancer.ingress[0].ip}').nip.io/library/build-deploy-image:$(CI_BUILD_TAG)" \ - OVERRIDE_REMOTE_CONTROLLER_IMAGETAG=$(CI_BUILD_TAG) \ - OVERRIDE_REMOTE_CONTROLLER_IMAGE_REPOSITORY="registry.$$($(KUBECTL) -n ingress-nginx get services ingress-nginx-controller -o jsonpath='{.status.loadBalancer.ingress[0].ip}').nip.io/library/remote-controller" \ - OVERRIDE_ACTIVE_STANDBY_TASK_IMAGE="registry.$$($(KUBECTL) -n ingress-nginx get services ingress-nginx-controller -o jsonpath='{.status.loadBalancer.ingress[0].ip}').nip.io/library/task-activestandby:$(SAFE_BRANCH_NAME)" \ - OVERRIDE_PROJECTCLONE_TASK_IMAGE="registry.$$($(KUBECTL) -n ingress-nginx get services ingress-nginx-controller -o jsonpath='{.status.loadBalancer.ingress[0].ip}').nip.io/library/task-projectclone:$(SAFE_BRANCH_NAME)" \ - IMAGE_REGISTRY="registry.$$($(KUBECTL) -n ingress-nginx get services ingress-nginx-controller -o jsonpath='{.status.loadBalancer.ingress[0].ip}').nip.io/library" \ + OVERRIDE_BUILD_DEPLOY_DIND_IMAGE="registry.$$($(KUBECTL) -n $(INGRESS_CONTROLLER_NAMESPACE) get services $(INGRESS_CONTROLLER_SERVICE) -o jsonpath='{.status.loadBalancer.ingress[0].ip}').nip.io/library/build-deploy-image:$(BUILD_DEPLOY_IMAGE_TAG)" \ + $$([ $(OVERRIDE_REMOTE_CONTROLLER_IMAGETAG) ] && echo 'OVERRIDE_REMOTE_CONTROLLER_IMAGETAG=$(OVERRIDE_REMOTE_CONTROLLER_IMAGETAG)') \ + $$([ $(OVERRIDE_REMOTE_CONTROLLER_IMAGE_REPOSITORY) ] && echo 'OVERRIDE_REMOTE_CONTROLLER_IMAGE_REPOSITORY=$(OVERRIDE_REMOTE_CONTROLLER_IMAGE_REPOSITORY)') \ + OVERRIDE_PROJECTCLONE_TASK_IMAGE="registry.$$($(KUBECTL) -n $(INGRESS_CONTROLLER_NAMESPACE) get services $(INGRESS_CONTROLLER_SERVICE) -o jsonpath='{.status.loadBalancer.ingress[0].ip}').nip.io/library/task-projectclone:$(SAFE_BRANCH_NAME)" \ + OVERRIDE_ACTIVE_STANDBY_TASK_IMAGE="registry.$$($(KUBECTL) -n $(INGRESS_CONTROLLER_NAMESPACE) get services $(INGRESS_CONTROLLER_SERVICE) -o jsonpath='{.status.loadBalancer.ingress[0].ip}').nip.io/library/task-activestandby:$(SAFE_BRANCH_NAME)" \ + IMAGE_REGISTRY="registry.$$($(KUBECTL) -n $(INGRESS_CONTROLLER_NAMESPACE) get services $(INGRESS_CONTROLLER_SERVICE) -o jsonpath='{.status.loadBalancer.ingress[0].ip}').nip.io/library" \ SKIP_INSTALL_REGISTRY=true \ CORE_DATABASE_VENDOR=$(DATABASE_VENDOR) \ LAGOON_FEATURE_FLAG_DEFAULT_ISOLATION_NETWORK_POLICY=enabled \ USE_CALICO_CNI=false \ LAGOON_SSH_PORTAL_LOADBALANCER=$(LAGOON_SSH_PORTAL_LOADBALANCER) \ LAGOON_FEATURE_FLAG_DEFAULT_ROOTLESS_WORKLOAD=enabled \ + INGRESS_CONTROLLER=$(INGRESS_CONTROLLER) \ + INGRESS_CONTROLLER_NAMESPACE=$(INGRESS_CONTROLLER_NAMESPACE) \ + INGRESS_CONTROLLER_SERVICE=$(INGRESS_CONTROLLER_SERVICE) \ + INGRESS_CONTROLLER_CLASSNAME=$(INGRESS_CONTROLLER_CLASSNAME) \ $$([ $(LAGOON_SEED_USERNAME) ] && echo 'LAGOON_SEED_USERNAME=$(LAGOON_SEED_USERNAME)') \ $$([ $(LAGOON_SEED_PASSWORD) ] && echo 'LAGOON_SEED_PASSWORD=$(LAGOON_SEED_PASSWORD)') \ $$([ $(LAGOON_SEED_ORGANIZATION) ] && echo 'LAGOON_SEED_ORGANIZATION=$(LAGOON_SEED_ORGANIZATION)') \ @@ -911,7 +931,7 @@ k3d/stable-local-stack: .PHONY: k3d/local-dev-patch k3d/local-dev-patch: export KUBECONFIG="$$(pwd)/kubeconfig.k3d.$(CI_BUILD_TAG)" && \ - export IMAGE_REGISTRY="registry.$$($(KUBECTL) -n ingress-nginx get services ingress-nginx-controller -o jsonpath='{.status.loadBalancer.ingress[0].ip}').nip.io/library" \ + export IMAGE_REGISTRY="registry.$$($(KUBECTL) -n $(INGRESS_CONTROLLER_NAMESPACE) get services $(INGRESS_CONTROLLER_SERVICE) -o jsonpath='{.status.loadBalancer.ingress[0].ip}').nip.io/library" \ && for image in $(LOCAL_DEV_SERVICES); do \ echo "building $$image" \ && cd services/$$image && yarn install && yarn build && cd ../..; \ @@ -948,7 +968,7 @@ IMAGES = $(K3D_SERVICES) $(LOCAL_DEV_SERVICES) $(TASK_IMAGES) .PHONY: k3d/push-images k3d/push-images: @export KUBECONFIG="$$(pwd)/kubeconfig.k3d.$(CI_BUILD_TAG)" && \ - export IMAGE_REGISTRY="registry.$$($(KUBECTL) -n ingress-nginx get services ingress-nginx-controller -o jsonpath='{.status.loadBalancer.ingress[0].ip}').nip.io/library" \ + export IMAGE_REGISTRY="registry.$$($(KUBECTL) -n $(INGRESS_CONTROLLER_NAMESPACE) get services $(INGRESS_CONTROLLER_SERVICE) -o jsonpath='{.status.loadBalancer.ingress[0].ip}').nip.io/library" \ && docker login -u admin -p Harbor12345 $$IMAGE_REGISTRY \ && for image in $(IMAGES); do \ docker tag $(CI_BUILD_TAG)/$$image $$IMAGE_REGISTRY/$$image:$(SAFE_BRANCH_NAME) \ @@ -959,7 +979,7 @@ k3d/push-images: .PHONY: k3d/push-local-build-image k3d/push-local-build-image: @export KUBECONFIG="$$(pwd)/kubeconfig.k3d.$(CI_BUILD_TAG)" && \ - export IMAGE_REGISTRY="registry.$$($(KUBECTL) -n ingress-nginx get services ingress-nginx-controller -o jsonpath='{.status.loadBalancer.ingress[0].ip}').nip.io/library" \ + export IMAGE_REGISTRY="registry.$$($(KUBECTL) -n $(INGRESS_CONTROLLER_NAMESPACE) get services $(INGRESS_CONTROLLER_SERVICE) -o jsonpath='{.status.loadBalancer.ingress[0].ip}').nip.io/library" \ && [ $(INSTALL_UNAUTHENTICATED_REGISTRY) = false ] && docker login -u admin -p Harbor12345 $$IMAGE_REGISTRY || true \ && docker tag lagoon/build-deploy-image:local $$IMAGE_REGISTRY/build-deploy-image:$(CI_BUILD_TAG) \ && docker push $$IMAGE_REGISTRY/build-deploy-image:$(CI_BUILD_TAG) @@ -968,7 +988,7 @@ k3d/push-local-build-image: .PHONY: k3d/push-stable-build-image k3d/push-stable-build-image: @export KUBECONFIG="$$(pwd)/kubeconfig.k3d.$(CI_BUILD_TAG)" && \ - export IMAGE_REGISTRY="registry.$$($(KUBECTL) -n ingress-nginx get services ingress-nginx-controller -o jsonpath='{.status.loadBalancer.ingress[0].ip}').nip.io/library" \ + export IMAGE_REGISTRY="registry.$$($(KUBECTL) -n $(INGRESS_CONTROLLER_NAMESPACE) get services $(INGRESS_CONTROLLER_SERVICE) -o jsonpath='{.status.loadBalancer.ingress[0].ip}').nip.io/library" \ && [ $(INSTALL_UNAUTHENTICATED_REGISTRY) = false ] && docker login -u admin -p Harbor12345 $$IMAGE_REGISTRY || true \ && docker pull $(BUILD_DEPLOY_IMAGE_REPO):$(BUILD_DEPLOY_IMAGE_TAG) \ && docker tag $(BUILD_DEPLOY_IMAGE_REPO):$(BUILD_DEPLOY_IMAGE_TAG) $$IMAGE_REGISTRY/build-deploy-image:$(CI_BUILD_TAG) \ @@ -977,7 +997,7 @@ k3d/push-stable-build-image: .PHONY: k3d/push-remote-controller-image k3d/push-remote-controller-image: @export KUBECONFIG="$$(pwd)/kubeconfig.k3d.$(CI_BUILD_TAG)" && \ - export IMAGE_REGISTRY="registry.$$($(KUBECTL) -n ingress-nginx get services ingress-nginx-controller -o jsonpath='{.status.loadBalancer.ingress[0].ip}').nip.io/library" \ + export IMAGE_REGISTRY="registry.$$($(KUBECTL) -n $(INGRESS_CONTROLLER_NAMESPACE) get services $(INGRESS_CONTROLLER_SERVICE) -o jsonpath='{.status.loadBalancer.ingress[0].ip}').nip.io/library" \ && [ $(INSTALL_UNAUTHENTICATED_REGISTRY) = false ] && docker login -u admin -p Harbor12345 $$IMAGE_REGISTRY || true \ && docker pull $(OVERRIDE_REMOTE_CONTROLLER_IMAGE_REPOSITORY):$(OVERRIDE_REMOTE_CONTROLLER_IMAGETAG) \ && docker tag $(OVERRIDE_REMOTE_CONTROLLER_IMAGE_REPOSITORY):$(OVERRIDE_REMOTE_CONTROLLER_IMAGETAG) $$IMAGE_REGISTRY/remote-controller:$(CI_BUILD_TAG) \ @@ -999,7 +1019,7 @@ k3d/rebuild-restart-service: .PHONY: k3d/get-lagoon-details k3d/get-lagoon-details: @export KUBECONFIG="$$(realpath ./kubeconfig.k3d.$(CI_BUILD_TAG))"; \ - IP="$$($(KUBECTL) -n ingress-nginx get services ingress-nginx-controller -o jsonpath='{.status.loadBalancer.ingress[0].ip}')"; \ + IP="$$($(KUBECTL) -n $(INGRESS_CONTROLLER_NAMESPACE) get services $(INGRESS_CONTROLLER_SERVICE) -o jsonpath='{.status.loadBalancer.ingress[0].ip}')"; \ echo "===========DETAILS============="; \ echo "Lagoon UI URL: $$( [ $(LAGOON_CORE_USE_HTTPS) = true ] && echo https || echo http )://lagoon-ui.$$IP.nip.io"; \ echo "Lagoon API URL: $$( [ $(LAGOON_CORE_USE_HTTPS) = true ] && echo https || echo http )://lagoon-api.$$IP.nip.io/graphql"; \ @@ -1038,7 +1058,7 @@ k3d/get-lagoon-cli-details: JWTUSER=localadmin; \ JWTAUDIENCE=api.dev; \ JWTSECRET=$$($(KUBECTL) get secret -n lagoon-core lagoon-core-secrets -o json | $(JQ) -r '.data.JWTSECRET | @base64d'); \ - LAGOON_API_IP=$$($(KUBECTL) -n ingress-nginx get services ingress-nginx-controller -o jsonpath='{.status.loadBalancer.ingress[0].ip}'); \ + LAGOON_API_IP=$$($(KUBECTL) -n $(INGRESS_CONTROLLER_NAMESPACE) get services $(INGRESS_CONTROLLER_SERVICE) -o jsonpath='{.status.loadBalancer.ingress[0].ip}'); \ SSH_TOKEN_IP=$$($(KUBECTL) -n lagoon-core get services lagoon-core-ssh-token -o jsonpath='{.status.loadBalancer.ingress[0].ip}'); \ SSH_TOKEN_PORT=$$($(KUBECTL) -n lagoon-core get services lagoon-core-ssh-token -o jsonpath='{.spec.ports[0].port}'); \ TOKEN=$$($(JWT) encode --alg HS256 --no-iat --payload role=admin --iss "$$JWTUSER" --aud "$$JWTAUDIENCE" --sub "$$JWTUSER" --secret "$$JWTSECRET"); \ @@ -1068,13 +1088,13 @@ k3d/seed-data: k3d/generate-user-keys export SSH_PORTAL_PORT="$$($(KUBECTL) -n lagoon get services lagoon-remote-ssh-portal -o jsonpath='{.spec.ports[0].port}')" && \ export TOKEN="$$($(KUBECTL) -n lagoon get secret lagoon-remote-ssh-core-token -o json | $(JQ) -r '.data.token | @base64d')" && \ export CONSOLE_URL="https://kubernetes.default.svc/" && \ - export ROUTER_PATTERN="\$${project}.\$${environment}.$$($(KUBECTL) -n ingress-nginx get services ingress-nginx-controller -o jsonpath='{.status.loadBalancer.ingress[0].ip}')" && \ + export ROUTER_PATTERN="\$${project}.\$${environment}.$$($(KUBECTL) -n $(INGRESS_CONTROLLER_NAMESPACE) get services $(INGRESS_CONTROLLER_SERVICE) -o jsonpath='{.status.loadBalancer.ingress[0].ip}')" && \ export SEED_DATA=$$(if [ $(INSTALL_STABLE_CORE) = true ]; then \ envsubst < <(curl -s https://raw.githubusercontent.com/uselagoon/lagoon/refs/tags/$(STABLE_CORE_CHART_APP_VERSION)/local-dev/k3d-seed-data/00-populate-kubernetes.gql) | sed 's/"/\\"/g' | sed 's/\\n/\\\\n/g' | awk -F'\n' '{if(NR == 1) {printf $$0} else {printf "\\n"$$0}}'; \ else \ envsubst < ./local-dev/k3d-seed-data/00-populate-kubernetes.gql | sed 's/"/\\"/g' | sed 's/\\n/\\\\n/g' | awk -F'\n' '{if(NR == 1) {printf $$0} else {printf "\\n"$$0}}'; \ fi) && \ - export LAGOON_API_HOST="$$([ $(LAGOON_CORE_USE_HTTPS) = true ] && echo "https" || echo "http")://lagoon-api.$$($(KUBECTL) -n ingress-nginx get services ingress-nginx-controller -o jsonpath='{.status.loadBalancer.ingress[0].ip}').nip.io/graphql" && \ + export LAGOON_API_HOST="$$([ $(LAGOON_CORE_USE_HTTPS) = true ] && echo "https" || echo "http")://lagoon-api.$$($(KUBECTL) -n $(INGRESS_CONTROLLER_NAMESPACE) get services $(INGRESS_CONTROLLER_SERVICE) -o jsonpath='{.status.loadBalancer.ingress[0].ip}').nip.io/graphql" && \ export SEED_DATA_JSON="{\"query\": \"$$SEED_DATA\"}" && \ curl -ks -XPOST -H 'Content-Type: application/json' -H "Authorization: bearer $${LAGOON_LEGACY_ADMIN}" "$${LAGOON_API_HOST}" -d "$$SEED_DATA_JSON" && \ echo "Loading API seed users" && \ @@ -1141,16 +1161,20 @@ endif && $(MAKE) fill-test-ci-values DOCKER_NETWORK=$(DOCKER_NETWORK) TESTS=$(TESTS) IMAGE_TAG=$(TEST_IMAGE_TAG) \ HELM=$(HELM) KUBECTL=$(KUBECTL) \ JQ=$(JQ) \ - OVERRIDE_BUILD_DEPLOY_DIND_IMAGE="registry.$$($(KUBECTL) -n ingress-nginx get services ingress-nginx-controller -o jsonpath='{.status.loadBalancer.ingress[0].ip}').nip.io/library/build-deploy-image:$(BUILD_DEPLOY_IMAGE_TAG)" \ - OVERRIDE_ACTIVE_STANDBY_TASK_IMAGE="registry.$$($(KUBECTL) -n ingress-nginx get services ingress-nginx-controller -o jsonpath='{.status.loadBalancer.ingress[0].ip}').nip.io/library/task-activestandby:$(SAFE_BRANCH_NAME)" \ - OVERRIDE_PROJECTCLONE_TASK_IMAGE="registry.$$($(KUBECTL) -n ingress-nginx get services ingress-nginx-controller -o jsonpath='{.status.loadBalancer.ingress[0].ip}').nip.io/library/task-projectclone:$(SAFE_BRANCH_NAME)" \ - IMAGE_REGISTRY=$$(if [ $(USE_STABLE_TESTS) = true ]; then echo 'uselagoon'; else echo "registry.$$($(KUBECTL) -n ingress-nginx get services ingress-nginx-controller -o jsonpath='{.status.loadBalancer.ingress[0].ip}').nip.io/library"; fi) \ + OVERRIDE_BUILD_DEPLOY_DIND_IMAGE="registry.$$($(KUBECTL) -n $(INGRESS_CONTROLLER_NAMESPACE) get services $(INGRESS_CONTROLLER_SERVICE) -o jsonpath='{.status.loadBalancer.ingress[0].ip}').nip.io/library/build-deploy-image:$(BUILD_DEPLOY_IMAGE_TAG)" \ + OVERRIDE_PROJECTCLONE_TASK_IMAGE="registry.$$($(KUBECTL) -n $(INGRESS_CONTROLLER_NAMESPACE) get services $(INGRESS_CONTROLLER_SERVICE) -o jsonpath='{.status.loadBalancer.ingress[0].ip}').nip.io/library/task-projectclone:$(SAFE_BRANCH_NAME)" \ + OVERRIDE_ACTIVE_STANDBY_TASK_IMAGE="registry.$$($(KUBECTL) -n $(INGRESS_CONTROLLER_NAMESPACE) get services $(INGRESS_CONTROLLER_SERVICE) -o jsonpath='{.status.loadBalancer.ingress[0].ip}').nip.io/library/task-activestandby:$(SAFE_BRANCH_NAME)" \ + IMAGE_REGISTRY=$$(if [ $(USE_STABLE_TESTS) = true ]; then echo 'uselagoon'; else echo "registry.$$($(KUBECTL) -n $(INGRESS_CONTROLLER_NAMESPACE) get services $(INGRESS_CONTROLLER_SERVICE) -o jsonpath='{.status.loadBalancer.ingress[0].ip}').nip.io/library"; fi) \ SKIP_ALL_DEPS=true \ CORE_DATABASE_VENDOR=$(DATABASE_VENDOR) \ LAGOON_FEATURE_FLAG_DEFAULT_ISOLATION_NETWORK_POLICY=enabled \ USE_CALICO_CNI=false \ LAGOON_SSH_PORTAL_LOADBALANCER=$(LAGOON_SSH_PORTAL_LOADBALANCER) \ LAGOON_FEATURE_FLAG_DEFAULT_ROOTLESS_WORKLOAD=enabled \ + INGRESS_CONTROLLER=$(INGRESS_CONTROLLER) \ + INGRESS_CONTROLLER_NAMESPACE=$(INGRESS_CONTROLLER_NAMESPACE) \ + INGRESS_CONTROLLER_SERVICE=$(INGRESS_CONTROLLER_SERVICE) \ + INGRESS_CONTROLLER_CLASSNAME=$(INGRESS_CONTROLLER_CLASSNAME) \ && docker run --rm --network host --name ct-$(CI_BUILD_TAG) \ --volume "$$(pwd)/test-suite-run.ct.yaml:/etc/ct/ct.yaml" \ --volume "$$(pwd):/workdir" \ From 8f23b68c4cc37277152131b1688e1263c844cb4f Mon Sep 17 00:00:00 2001 From: shreddedbacon Date: Mon, 8 Dec 2025 10:58:18 +1100 Subject: [PATCH 2/6] test: remove tests that dont work with traefik ingress-nginx support --- Jenkinsfile | 2 +- tests/files/active-standby/first/.lagoon.yml | 2 - tests/files/active-standby/second/.lagoon.yml | 2 - tests/tests/deploytarget/check-first.yaml | 44 ++++++------ tests/tests/deploytarget/check-second.yaml | 42 +++++------ tests/tests/features/ingress-annotations.yaml | 72 +++++++++---------- tests/tests/nginx/check-first.yaml | 44 ++++++------ tests/tests/nginx/check-fourth.yaml | 42 +++++------ tests/tests/nginx/check-second.yaml | 42 +++++------ tests/tests/nginx/nginx.yaml | 2 +- 10 files changed, 145 insertions(+), 149 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index 79410b76cd..4b0dd8c582 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -92,7 +92,7 @@ pipeline { sh script: "make local-dev-tools", label: "Configure k3d" sh script: "./local-dev/k3d cluster delete --all", label: "Delete any remnant clusters" sh script: "make k3d/stable-local-stack INSTALL_SEED_DATA=false BRANCH_NAME=${SAFEBRANCH_NAME} LAGOON_CORE_USE_HTTPS=false INSTALL_PROMETHEUS=false INSTALL_AERGIA=false", label: "Setup stable cluster" - sh script: "make k3d/retest TESTS=[nginx] BRANCH_NAME=${SAFEBRANCH_NAME} USE_STABLE_TESTS=true", label: "Run nginx smoketest" + sh script: "make k3d/retest TESTS=[nginx] BRANCH_NAME=${SAFEBRANCH_NAME} USE_STABLE_TESTS=false", label: "Run nginx smoketest" sh script: "make k3d/install-lagoon BRANCH_NAME=${SAFEBRANCH_NAME} INSTALL_PROMETHEUS=false INSTALL_AERGIA=false", label: "Run lagoon upgrade" sh script: "pkill -f './local-dev/stern'", label: "Closing off test-suite-0 log after test completion" // script { diff --git a/tests/files/active-standby/first/.lagoon.yml b/tests/files/active-standby/first/.lagoon.yml index f9888ae383..2795e0e4be 100644 --- a/tests/files/active-standby/first/.lagoon.yml +++ b/tests/files/active-standby/first/.lagoon.yml @@ -8,9 +8,7 @@ production_routes: routes: - nginx: - active-moving-route.com: - tls-acme: false standby: routes: - nginx: - standby-moving-route.com: - tls-acme: false diff --git a/tests/files/active-standby/second/.lagoon.yml b/tests/files/active-standby/second/.lagoon.yml index f9888ae383..2795e0e4be 100644 --- a/tests/files/active-standby/second/.lagoon.yml +++ b/tests/files/active-standby/second/.lagoon.yml @@ -8,9 +8,7 @@ production_routes: routes: - nginx: - active-moving-route.com: - tls-acme: false standby: routes: - nginx: - standby-moving-route.com: - tls-acme: false diff --git a/tests/tests/deploytarget/check-first.yaml b/tests/tests/deploytarget/check-first.yaml index 9c8f398549..00bae25d1a 100644 --- a/tests/tests/deploytarget/check-first.yaml +++ b/tests/tests/deploytarget/check-first.yaml @@ -88,28 +88,28 @@ tasks: - ansible.builtin.include_tasks: ../../checks/check-url-content-host.yaml -- name: "{{ testname }} - check if custom domain 'hsts-header.com' is created and has HSTS header set" - hosts: localhost - serial: 1 - vars: - url: "https://nginx.{{ project | regex_replace('_', '-') }}.{{ branch | regex_replace('/', '-') }}.{{ route_suffix_https }}" - host: "hsts-header.com" - expected_returncode: 200 - expected_header: "strict_transport_security" - expected_header_value: "max-age=15768000" - tasks: - - ansible.builtin.include_tasks: ../../checks/check-url-header.yaml - -- name: "{{ testname }} - check if custom domain 'hsts-header-null.com' is created and does not have HSTS header set" - hosts: localhost - serial: 1 - vars: - url: "https://nginx.{{ project | regex_replace('_', '-') }}.{{ branch | regex_replace('/', '-') }}.{{ route_suffix_https }}" - host: "hsts-header-null.com" - expected_returncode: 200 - expected_header: "strict_transport_security" - tasks: - - ansible.builtin.include_tasks: ../../checks/check-url-header-absent.yaml +# - name: "{{ testname }} - check if custom domain 'hsts-header.com' is created and has HSTS header set" +# hosts: localhost +# serial: 1 +# vars: +# url: "https://nginx.{{ project | regex_replace('_', '-') }}.{{ branch | regex_replace('/', '-') }}.{{ route_suffix_https }}" +# host: "hsts-header.com" +# expected_returncode: 200 +# expected_header: "strict_transport_security" +# expected_header_value: "max-age=15768000" +# tasks: +# - ansible.builtin.include_tasks: ../../checks/check-url-header.yaml + +# - name: "{{ testname }} - check if custom domain 'hsts-header-null.com' is created and does not have HSTS header set" +# hosts: localhost +# serial: 1 +# vars: +# url: "https://nginx.{{ project | regex_replace('_', '-') }}.{{ branch | regex_replace('/', '-') }}.{{ route_suffix_https }}" +# host: "hsts-header-null.com" +# expected_returncode: 200 +# expected_header: "strict_transport_security" +# tasks: +# - ansible.builtin.include_tasks: ../../checks/check-url-header-absent.yaml - name: "{{ testname }} - check if {{ project }} is redirecting correctly with no preserve'" hosts: localhost diff --git a/tests/tests/deploytarget/check-second.yaml b/tests/tests/deploytarget/check-second.yaml index db9e02281b..d6cbc08ca0 100644 --- a/tests/tests/deploytarget/check-second.yaml +++ b/tests/tests/deploytarget/check-second.yaml @@ -58,25 +58,25 @@ tasks: - ansible.builtin.include_tasks: ../../checks/check-url-returncode-host.yaml -- name: "{{ testname }} - SECOND TEST: check if custom domain 'hsts-header-null.com' now has HSTS header set" - hosts: localhost - serial: 1 - vars: - url: "https://nginx.{{ project | regex_replace('_', '-') }}.{{ branch | regex_replace('/', '-') }}.{{ route_suffix_https }}" - host: "hsts-header-null.com" - expected_returncode: 200 - expected_header: "strict_transport_security" - expected_header_value: "max-age=15768000" - tasks: - - ansible.builtin.include_tasks: ../../checks/check-url-header.yaml +# - name: "{{ testname }} - SECOND TEST: check if custom domain 'hsts-header-null.com' now has HSTS header set" +# hosts: localhost +# serial: 1 +# vars: +# url: "https://nginx.{{ project | regex_replace('_', '-') }}.{{ branch | regex_replace('/', '-') }}.{{ route_suffix_https }}" +# host: "hsts-header-null.com" +# expected_returncode: 200 +# expected_header: "strict_transport_security" +# expected_header_value: "max-age=15768000" +# tasks: +# - ansible.builtin.include_tasks: ../../checks/check-url-header.yaml -- name: "{{ testname }} - SECOND TEST: check if custom domain 'hsts-header.com' is created and does not have HSTS header set" - hosts: localhost - serial: 1 - vars: - url: "https://nginx.{{ project | regex_replace('_', '-') }}.{{ branch | regex_replace('/', '-') }}.{{ route_suffix_https }}" - host: "hsts-header.com" - expected_returncode: 200 - expected_header: "strict_transport_security" - tasks: - - ansible.builtin.include_tasks: ../../checks/check-url-header-absent.yaml +# - name: "{{ testname }} - SECOND TEST: check if custom domain 'hsts-header.com' is created and does not have HSTS header set" +# hosts: localhost +# serial: 1 +# vars: +# url: "https://nginx.{{ project | regex_replace('_', '-') }}.{{ branch | regex_replace('/', '-') }}.{{ route_suffix_https }}" +# host: "hsts-header.com" +# expected_returncode: 200 +# expected_header: "strict_transport_security" +# tasks: +# - ansible.builtin.include_tasks: ../../checks/check-url-header-absent.yaml diff --git a/tests/tests/features/ingress-annotations.yaml b/tests/tests/features/ingress-annotations.yaml index 2b1f90a641..42bb55aec3 100644 --- a/tests/tests/features/ingress-annotations.yaml +++ b/tests/tests/features/ingress-annotations.yaml @@ -31,45 +31,45 @@ tasks: - ansible.builtin.include_tasks: ../../checks/check-ingress-annotations.yaml -- name: "{{ testname }} - check if custom domain 'redirect-to-example.com' is created and redirects to https://example.com" - hosts: localhost - serial: 1 - vars: - url: "{{ check_url }}" - host: "redirect-to-example.com" - expected_redirect_location: "https://example.com/$" - tasks: - - ansible.builtin.include_tasks: ../../checks/check-url-redirect-host.yaml +# - name: "{{ testname }} - check if custom domain 'redirect-to-example.com' is created and redirects to https://example.com" +# hosts: localhost +# serial: 1 +# vars: +# url: "{{ check_url }}" +# host: "redirect-to-example.com" +# expected_redirect_location: "https://example.com/$" +# tasks: +# - ansible.builtin.include_tasks: ../../checks/check-url-redirect-host.yaml -- name: "{{ testname }} - check if custom domain 'redirect-to-example.com' is created and request to /asdf redirects to https://example.com/asdf" - hosts: localhost - serial: 1 - vars: - url: "http://node.{{ project | regex_replace('_', '-') }}.{{ branch | regex_replace('/', '-') }}.{{ route_suffix }}/asdf" - host: "redirect-to-example.com" - expected_redirect_location: "https://example.com/asdf$" - tasks: - - ansible.builtin.include_tasks: ../../checks/check-url-redirect-host.yaml +# - name: "{{ testname }} - check if custom domain 'redirect-to-example.com' is created and request to /asdf redirects to https://example.com/asdf" +# hosts: localhost +# serial: 1 +# vars: +# url: "http://node.{{ project | regex_replace('_', '-') }}.{{ branch | regex_replace('/', '-') }}.{{ route_suffix }}/asdf" +# host: "redirect-to-example.com" +# expected_redirect_location: "https://example.com/asdf$" +# tasks: +# - ansible.builtin.include_tasks: ../../checks/check-url-redirect-host.yaml -- name: "{{ testname }} - check if custom domain 'redirect-to-www.com' is created and redirects to https://www.redirect-to-www.com" - hosts: localhost - serial: 1 - vars: - url: "{{ check_url }}" - host: "redirect-to-www.com" - expected_redirect_location: "https://www.redirect-to-www.com/$" - tasks: - - ansible.builtin.include_tasks: ../../checks/check-url-redirect-host.yaml +# - name: "{{ testname }} - check if custom domain 'redirect-to-www.com' is created and redirects to https://www.redirect-to-www.com" +# hosts: localhost +# serial: 1 +# vars: +# url: "{{ check_url }}" +# host: "redirect-to-www.com" +# expected_redirect_location: "https://www.redirect-to-www.com/$" +# tasks: +# - ansible.builtin.include_tasks: ../../checks/check-url-redirect-host.yaml -- name: "{{ testname }} - check if custom domain 'www.redirect-from-www.com' is created and redirects to https://redirect-from-www.com" - hosts: localhost - serial: 1 - vars: - url: "{{ check_url }}" - host: "www.redirect-from-www.com" - expected_redirect_location: "https://redirect-from-www.com/$" - tasks: - - ansible.builtin.include_tasks: ../../checks/check-url-redirect-host.yaml +# - name: "{{ testname }} - check if custom domain 'www.redirect-from-www.com' is created and redirects to https://redirect-from-www.com" +# hosts: localhost +# serial: 1 +# vars: +# url: "{{ check_url }}" +# host: "www.redirect-from-www.com" +# expected_redirect_location: "https://redirect-from-www.com/$" +# tasks: +# - ansible.builtin.include_tasks: ../../checks/check-url-redirect-host.yaml - name: "{{ testname }} - api deleteEnvironment on {{ project }}, which should remove all resources" hosts: localhost diff --git a/tests/tests/nginx/check-first.yaml b/tests/tests/nginx/check-first.yaml index 97b8b9c3ab..9dc085eb87 100644 --- a/tests/tests/nginx/check-first.yaml +++ b/tests/tests/nginx/check-first.yaml @@ -98,28 +98,28 @@ tasks: - ansible.builtin.include_tasks: ../../checks/check-url-content-host.yaml -- name: "{{ testname }} - check if custom domain 'hsts-header.com' is created and has HSTS header set" - hosts: localhost - serial: 1 - vars: - url: "https://nginx.{{ project | regex_replace('_', '-') }}.{{ branch | regex_replace('/', '-') }}.{{ route_suffix_https }}" - host: "hsts-header.com" - expected_returncode: 200 - expected_header: "strict_transport_security" - expected_header_value: "max-age=15768000" - tasks: - - ansible.builtin.include_tasks: ../../checks/check-url-header.yaml - -- name: "{{ testname }} - check if custom domain 'hsts-header-null.com' is created and does not have HSTS header set" - hosts: localhost - serial: 1 - vars: - url: "https://nginx.{{ project | regex_replace('_', '-') }}.{{ branch | regex_replace('/', '-') }}.{{ route_suffix_https }}" - host: "hsts-header-null.com" - expected_returncode: 200 - expected_header: "strict_transport_security" - tasks: - - ansible.builtin.include_tasks: ../../checks/check-url-header-absent.yaml +# - name: "{{ testname }} - check if custom domain 'hsts-header.com' is created and has HSTS header set" +# hosts: localhost +# serial: 1 +# vars: +# url: "https://nginx.{{ project | regex_replace('_', '-') }}.{{ branch | regex_replace('/', '-') }}.{{ route_suffix_https }}" +# host: "hsts-header.com" +# expected_returncode: 200 +# expected_header: "strict_transport_security" +# expected_header_value: "max-age=15768000" +# tasks: +# - ansible.builtin.include_tasks: ../../checks/check-url-header.yaml + +# - name: "{{ testname }} - check if custom domain 'hsts-header-null.com' is created and does not have HSTS header set" +# hosts: localhost +# serial: 1 +# vars: +# url: "https://nginx.{{ project | regex_replace('_', '-') }}.{{ branch | regex_replace('/', '-') }}.{{ route_suffix_https }}" +# host: "hsts-header-null.com" +# expected_returncode: 200 +# expected_header: "strict_transport_security" +# tasks: +# - ansible.builtin.include_tasks: ../../checks/check-url-header-absent.yaml - name: "{{ testname }} - check if {{ project }} is redirecting correctly with no preserve'" hosts: localhost diff --git a/tests/tests/nginx/check-fourth.yaml b/tests/tests/nginx/check-fourth.yaml index 6e00f388dc..24670dc0f6 100644 --- a/tests/tests/nginx/check-fourth.yaml +++ b/tests/tests/nginx/check-fourth.yaml @@ -58,25 +58,25 @@ tasks: - ansible.builtin.include_tasks: ../../checks/check-url-returncode-host.yaml -- name: "{{ testname }} - FOURTH TEST: check if custom domain 'hsts-header-null.com' now has HSTS header set" - hosts: localhost - serial: 1 - vars: - url: "https://nginx-{{ project | regex_replace('_', '-') }}-{{ branch | regex_replace('/', '-') }}.{{ route_suffix_https }}" - host: "hsts-header-null.com" - expected_returncode: 200 - expected_header: "strict_transport_security" - expected_header_value: "max-age=15768000" - tasks: - - ansible.builtin.include_tasks: ../../checks/check-url-header.yaml +# - name: "{{ testname }} - FOURTH TEST: check if custom domain 'hsts-header-null.com' now has HSTS header set" +# hosts: localhost +# serial: 1 +# vars: +# url: "https://nginx-{{ project | regex_replace('_', '-') }}-{{ branch | regex_replace('/', '-') }}.{{ route_suffix_https }}" +# host: "hsts-header-null.com" +# expected_returncode: 200 +# expected_header: "strict_transport_security" +# expected_header_value: "max-age=15768000" +# tasks: +# - ansible.builtin.include_tasks: ../../checks/check-url-header.yaml -- name: "{{ testname }} - FOURTH TEST: check if custom domain 'hsts-header.com' is created and does not have HSTS header set" - hosts: localhost - serial: 1 - vars: - url: "https://nginx-{{ project | regex_replace('_', '-') }}-{{ branch | regex_replace('/', '-') }}.{{ route_suffix_https }}" - host: "hsts-header.com" - expected_returncode: 200 - expected_header: "strict_transport_security" - tasks: - - ansible.builtin.include_tasks: ../../checks/check-url-header-absent.yaml +# - name: "{{ testname }} - FOURTH TEST: check if custom domain 'hsts-header.com' is created and does not have HSTS header set" +# hosts: localhost +# serial: 1 +# vars: +# url: "https://nginx-{{ project | regex_replace('_', '-') }}-{{ branch | regex_replace('/', '-') }}.{{ route_suffix_https }}" +# host: "hsts-header.com" +# expected_returncode: 200 +# expected_header: "strict_transport_security" +# tasks: +# - ansible.builtin.include_tasks: ../../checks/check-url-header-absent.yaml diff --git a/tests/tests/nginx/check-second.yaml b/tests/tests/nginx/check-second.yaml index db9e02281b..d6cbc08ca0 100644 --- a/tests/tests/nginx/check-second.yaml +++ b/tests/tests/nginx/check-second.yaml @@ -58,25 +58,25 @@ tasks: - ansible.builtin.include_tasks: ../../checks/check-url-returncode-host.yaml -- name: "{{ testname }} - SECOND TEST: check if custom domain 'hsts-header-null.com' now has HSTS header set" - hosts: localhost - serial: 1 - vars: - url: "https://nginx.{{ project | regex_replace('_', '-') }}.{{ branch | regex_replace('/', '-') }}.{{ route_suffix_https }}" - host: "hsts-header-null.com" - expected_returncode: 200 - expected_header: "strict_transport_security" - expected_header_value: "max-age=15768000" - tasks: - - ansible.builtin.include_tasks: ../../checks/check-url-header.yaml +# - name: "{{ testname }} - SECOND TEST: check if custom domain 'hsts-header-null.com' now has HSTS header set" +# hosts: localhost +# serial: 1 +# vars: +# url: "https://nginx.{{ project | regex_replace('_', '-') }}.{{ branch | regex_replace('/', '-') }}.{{ route_suffix_https }}" +# host: "hsts-header-null.com" +# expected_returncode: 200 +# expected_header: "strict_transport_security" +# expected_header_value: "max-age=15768000" +# tasks: +# - ansible.builtin.include_tasks: ../../checks/check-url-header.yaml -- name: "{{ testname }} - SECOND TEST: check if custom domain 'hsts-header.com' is created and does not have HSTS header set" - hosts: localhost - serial: 1 - vars: - url: "https://nginx.{{ project | regex_replace('_', '-') }}.{{ branch | regex_replace('/', '-') }}.{{ route_suffix_https }}" - host: "hsts-header.com" - expected_returncode: 200 - expected_header: "strict_transport_security" - tasks: - - ansible.builtin.include_tasks: ../../checks/check-url-header-absent.yaml +# - name: "{{ testname }} - SECOND TEST: check if custom domain 'hsts-header.com' is created and does not have HSTS header set" +# hosts: localhost +# serial: 1 +# vars: +# url: "https://nginx.{{ project | regex_replace('_', '-') }}.{{ branch | regex_replace('/', '-') }}.{{ route_suffix_https }}" +# host: "hsts-header.com" +# expected_returncode: 200 +# expected_header: "strict_transport_security" +# tasks: +# - ansible.builtin.include_tasks: ../../checks/check-url-header-absent.yaml diff --git a/tests/tests/nginx/nginx.yaml b/tests/tests/nginx/nginx.yaml index 815028ea18..284afe007c 100644 --- a/tests/tests/nginx/nginx.yaml +++ b/tests/tests/nginx/nginx.yaml @@ -93,7 +93,7 @@ project: "{{ project }}" branch: "{{ branch }}" envName: "LAGOON_ROUTES_JSON" - envValue: "eyJyb3V0ZXMiOlt7ImRvbWFpbiI6InRlc3QxLmV4YW1wbGUuY29tIiwic2VydmljZSI6Im5naW54IiwidGxzLWFjbWUiOmZhbHNlLCJtb25pdG9yaW5nLXBhdGgiOiIvYnlwYXNzLWNhY2hlIn1dfQo=" + envValue: "eyJyb3V0ZXMiOlt7ImRvbWFpbiI6InRlc3QxLmV4YW1wbGUuY29tIiwic2VydmljZSI6Im5naW54IiwidGxzLWFjbWUiOnRydWUsIm1vbml0b3JpbmctcGF0aCI6Ii9ieXBhc3MtY2FjaGUifV19" envScope: "BUILD" tasks: - ansible.builtin.include_tasks: ../../tasks/api/add-environment-variable.yaml From bc482f88d908ad7b8df9d50060b8f3f17c1e70f3 Mon Sep 17 00:00:00 2001 From: shreddedbacon Date: Tue, 9 Dec 2025 14:15:02 +1100 Subject: [PATCH 3/6] test: optional traefik installation --- Makefile | 7 +- tests/tests/deploytarget/check-first.yaml | 44 ++++++------ tests/tests/deploytarget/check-second.yaml | 42 +++++------ tests/tests/features-kubernetes.yaml | 2 +- tests/tests/features/ingress-annotations.yaml | 72 +++++++++---------- tests/tests/nginx/check-first.yaml | 44 ++++++------ tests/tests/nginx/check-fourth.yaml | 42 +++++------ tests/tests/nginx/check-second.yaml | 42 +++++------ 8 files changed, 150 insertions(+), 145 deletions(-) diff --git a/Makefile b/Makefile index 6a9c8dfa9e..9f843947fc 100644 --- a/Makefile +++ b/Makefile @@ -51,7 +51,7 @@ UPSTREAM_TAG ?= latest # latest is the most current release # edge is the most current merged change BUILD_DEPLOY_IMAGE_REPO = uselagoon/build-deploy-image -BUILD_DEPLOY_IMAGE_TAG ?= edge +BUILD_DEPLOY_IMAGE_TAG ?= pr-472 # UI_IMAGE_REPO and UI_IMAGE_TAG are an easy way to override the UI image used # only works for installations where INSTALL_STABLE_CORE=false @@ -533,10 +533,12 @@ ifeq ($(INGRESS_CONTROLLER),traefik) INGRESS_CONTROLLER_NAMESPACE = ingress-traefik INGRESS_CONTROLLER_SERVICE = ingress-traefik INGRESS_CONTROLLER_CLASSNAME = traefik +INGRESS_CONTROLLER_REMOTE_CLASSNAME = traefik else INGRESS_CONTROLLER_NAMESPACE = ingress-nginx INGRESS_CONTROLLER_SERVICE = ingress-nginx-controller INGRESS_CONTROLLER_CLASSNAME = nginx +INGRESS_CONTROLLER_REMOTE_CLASSNAME = nginx endif # the following can be used to selectively leave out the installation of certain @@ -801,6 +803,7 @@ k3d/setup: k3d/cluster helm/repos $(addprefix local-dev/,$(K3D_TOOLS)) k3d/check INGRESS_CONTROLLER_NAMESPACE=$(INGRESS_CONTROLLER_NAMESPACE) \ INGRESS_CONTROLLER_SERVICE=$(INGRESS_CONTROLLER_SERVICE) \ INGRESS_CONTROLLER_CLASSNAME=$(INGRESS_CONTROLLER_CLASSNAME) \ + INGRESS_CONTROLLER_REMOTE_CLASSNAME=$(INGRESS_CONTROLLER_REMOTE_CLASSNAME) \ $$([ $(INSTALL_MAILPIT) ] && echo 'INSTALL_MAILPIT=$(INSTALL_MAILPIT)') \ $$([ $(INSTALL_PROMETHEUS) ] && echo 'INSTALL_PROMETHEUS=$(INSTALL_PROMETHEUS)') \ $$([ $(INSTALL_K8UP) ] && echo 'INSTALL_K8UP=$(INSTALL_K8UP)') \ @@ -878,6 +881,7 @@ endif INGRESS_CONTROLLER_NAMESPACE=$(INGRESS_CONTROLLER_NAMESPACE) \ INGRESS_CONTROLLER_SERVICE=$(INGRESS_CONTROLLER_SERVICE) \ INGRESS_CONTROLLER_CLASSNAME=$(INGRESS_CONTROLLER_CLASSNAME) \ + INGRESS_CONTROLLER_REMOTE_CLASSNAME=$(INGRESS_CONTROLLER_REMOTE_CLASSNAME) \ $$([ $(LAGOON_SEED_USERNAME) ] && echo 'LAGOON_SEED_USERNAME=$(LAGOON_SEED_USERNAME)') \ $$([ $(LAGOON_SEED_PASSWORD) ] && echo 'LAGOON_SEED_PASSWORD=$(LAGOON_SEED_PASSWORD)') \ $$([ $(LAGOON_SEED_ORGANIZATION) ] && echo 'LAGOON_SEED_ORGANIZATION=$(LAGOON_SEED_ORGANIZATION)') \ @@ -1175,6 +1179,7 @@ endif INGRESS_CONTROLLER_NAMESPACE=$(INGRESS_CONTROLLER_NAMESPACE) \ INGRESS_CONTROLLER_SERVICE=$(INGRESS_CONTROLLER_SERVICE) \ INGRESS_CONTROLLER_CLASSNAME=$(INGRESS_CONTROLLER_CLASSNAME) \ + INGRESS_CONTROLLER_REMOTE_CLASSNAME=$(INGRESS_CONTROLLER_REMOTE_CLASSNAME) \ && docker run --rm --network host --name ct-$(CI_BUILD_TAG) \ --volume "$$(pwd)/test-suite-run.ct.yaml:/etc/ct/ct.yaml" \ --volume "$$(pwd):/workdir" \ diff --git a/tests/tests/deploytarget/check-first.yaml b/tests/tests/deploytarget/check-first.yaml index 00bae25d1a..9c8f398549 100644 --- a/tests/tests/deploytarget/check-first.yaml +++ b/tests/tests/deploytarget/check-first.yaml @@ -88,28 +88,28 @@ tasks: - ansible.builtin.include_tasks: ../../checks/check-url-content-host.yaml -# - name: "{{ testname }} - check if custom domain 'hsts-header.com' is created and has HSTS header set" -# hosts: localhost -# serial: 1 -# vars: -# url: "https://nginx.{{ project | regex_replace('_', '-') }}.{{ branch | regex_replace('/', '-') }}.{{ route_suffix_https }}" -# host: "hsts-header.com" -# expected_returncode: 200 -# expected_header: "strict_transport_security" -# expected_header_value: "max-age=15768000" -# tasks: -# - ansible.builtin.include_tasks: ../../checks/check-url-header.yaml - -# - name: "{{ testname }} - check if custom domain 'hsts-header-null.com' is created and does not have HSTS header set" -# hosts: localhost -# serial: 1 -# vars: -# url: "https://nginx.{{ project | regex_replace('_', '-') }}.{{ branch | regex_replace('/', '-') }}.{{ route_suffix_https }}" -# host: "hsts-header-null.com" -# expected_returncode: 200 -# expected_header: "strict_transport_security" -# tasks: -# - ansible.builtin.include_tasks: ../../checks/check-url-header-absent.yaml +- name: "{{ testname }} - check if custom domain 'hsts-header.com' is created and has HSTS header set" + hosts: localhost + serial: 1 + vars: + url: "https://nginx.{{ project | regex_replace('_', '-') }}.{{ branch | regex_replace('/', '-') }}.{{ route_suffix_https }}" + host: "hsts-header.com" + expected_returncode: 200 + expected_header: "strict_transport_security" + expected_header_value: "max-age=15768000" + tasks: + - ansible.builtin.include_tasks: ../../checks/check-url-header.yaml + +- name: "{{ testname }} - check if custom domain 'hsts-header-null.com' is created and does not have HSTS header set" + hosts: localhost + serial: 1 + vars: + url: "https://nginx.{{ project | regex_replace('_', '-') }}.{{ branch | regex_replace('/', '-') }}.{{ route_suffix_https }}" + host: "hsts-header-null.com" + expected_returncode: 200 + expected_header: "strict_transport_security" + tasks: + - ansible.builtin.include_tasks: ../../checks/check-url-header-absent.yaml - name: "{{ testname }} - check if {{ project }} is redirecting correctly with no preserve'" hosts: localhost diff --git a/tests/tests/deploytarget/check-second.yaml b/tests/tests/deploytarget/check-second.yaml index d6cbc08ca0..db9e02281b 100644 --- a/tests/tests/deploytarget/check-second.yaml +++ b/tests/tests/deploytarget/check-second.yaml @@ -58,25 +58,25 @@ tasks: - ansible.builtin.include_tasks: ../../checks/check-url-returncode-host.yaml -# - name: "{{ testname }} - SECOND TEST: check if custom domain 'hsts-header-null.com' now has HSTS header set" -# hosts: localhost -# serial: 1 -# vars: -# url: "https://nginx.{{ project | regex_replace('_', '-') }}.{{ branch | regex_replace('/', '-') }}.{{ route_suffix_https }}" -# host: "hsts-header-null.com" -# expected_returncode: 200 -# expected_header: "strict_transport_security" -# expected_header_value: "max-age=15768000" -# tasks: -# - ansible.builtin.include_tasks: ../../checks/check-url-header.yaml +- name: "{{ testname }} - SECOND TEST: check if custom domain 'hsts-header-null.com' now has HSTS header set" + hosts: localhost + serial: 1 + vars: + url: "https://nginx.{{ project | regex_replace('_', '-') }}.{{ branch | regex_replace('/', '-') }}.{{ route_suffix_https }}" + host: "hsts-header-null.com" + expected_returncode: 200 + expected_header: "strict_transport_security" + expected_header_value: "max-age=15768000" + tasks: + - ansible.builtin.include_tasks: ../../checks/check-url-header.yaml -# - name: "{{ testname }} - SECOND TEST: check if custom domain 'hsts-header.com' is created and does not have HSTS header set" -# hosts: localhost -# serial: 1 -# vars: -# url: "https://nginx.{{ project | regex_replace('_', '-') }}.{{ branch | regex_replace('/', '-') }}.{{ route_suffix_https }}" -# host: "hsts-header.com" -# expected_returncode: 200 -# expected_header: "strict_transport_security" -# tasks: -# - ansible.builtin.include_tasks: ../../checks/check-url-header-absent.yaml +- name: "{{ testname }} - SECOND TEST: check if custom domain 'hsts-header.com' is created and does not have HSTS header set" + hosts: localhost + serial: 1 + vars: + url: "https://nginx.{{ project | regex_replace('_', '-') }}.{{ branch | regex_replace('/', '-') }}.{{ route_suffix_https }}" + host: "hsts-header.com" + expected_returncode: 200 + expected_header: "strict_transport_security" + tasks: + - ansible.builtin.include_tasks: ../../checks/check-url-header-absent.yaml diff --git a/tests/tests/features-kubernetes.yaml b/tests/tests/features-kubernetes.yaml index b5d9899f97..ed4da24a04 100644 --- a/tests/tests/features-kubernetes.yaml +++ b/tests/tests/features-kubernetes.yaml @@ -31,7 +31,7 @@ git_repo_name: features.git project: ci-features-{{ cluster_type }} branch: ingress-annotations - check_url: "http://node.{{ project | regex_replace('_', '-') }}.{{ branch | regex_replace('/', '-') }}.{{ route_suffix }}" + check_url: "https://node.{{ project | regex_replace('_', '-') }}.{{ branch | regex_replace('/', '-') }}.{{ route_suffix_https }}" - ansible.builtin.import_playbook: features/short-router-url.yaml vars: diff --git a/tests/tests/features/ingress-annotations.yaml b/tests/tests/features/ingress-annotations.yaml index 42bb55aec3..f5f7c76bce 100644 --- a/tests/tests/features/ingress-annotations.yaml +++ b/tests/tests/features/ingress-annotations.yaml @@ -31,45 +31,45 @@ tasks: - ansible.builtin.include_tasks: ../../checks/check-ingress-annotations.yaml -# - name: "{{ testname }} - check if custom domain 'redirect-to-example.com' is created and redirects to https://example.com" -# hosts: localhost -# serial: 1 -# vars: -# url: "{{ check_url }}" -# host: "redirect-to-example.com" -# expected_redirect_location: "https://example.com/$" -# tasks: -# - ansible.builtin.include_tasks: ../../checks/check-url-redirect-host.yaml +- name: "{{ testname }} - check if custom domain 'redirect-to-example.com' is created and redirects to https://example.com" + hosts: localhost + serial: 1 + vars: + url: "{{ check_url }}" + host: "redirect-to-example.com" + expected_redirect_location: "https://example.com/$" + tasks: + - ansible.builtin.include_tasks: ../../checks/check-url-redirect-host.yaml -# - name: "{{ testname }} - check if custom domain 'redirect-to-example.com' is created and request to /asdf redirects to https://example.com/asdf" -# hosts: localhost -# serial: 1 -# vars: -# url: "http://node.{{ project | regex_replace('_', '-') }}.{{ branch | regex_replace('/', '-') }}.{{ route_suffix }}/asdf" -# host: "redirect-to-example.com" -# expected_redirect_location: "https://example.com/asdf$" -# tasks: -# - ansible.builtin.include_tasks: ../../checks/check-url-redirect-host.yaml +- name: "{{ testname }} - check if custom domain 'redirect-to-example.com' is created and request to /asdf redirects to https://example.com/asdf" + hosts: localhost + serial: 1 + vars: + url: "https://node.{{ project | regex_replace('_', '-') }}.{{ branch | regex_replace('/', '-') }}.{{ route_suffix_https }}/asdf" + host: "redirect-to-example.com" + expected_redirect_location: "https://example.com/asdf$" + tasks: + - ansible.builtin.include_tasks: ../../checks/check-url-redirect-host.yaml -# - name: "{{ testname }} - check if custom domain 'redirect-to-www.com' is created and redirects to https://www.redirect-to-www.com" -# hosts: localhost -# serial: 1 -# vars: -# url: "{{ check_url }}" -# host: "redirect-to-www.com" -# expected_redirect_location: "https://www.redirect-to-www.com/$" -# tasks: -# - ansible.builtin.include_tasks: ../../checks/check-url-redirect-host.yaml +- name: "{{ testname }} - check if custom domain 'redirect-to-www.com' is created and redirects to https://www.redirect-to-www.com" + hosts: localhost + serial: 1 + vars: + url: "{{ check_url }}" + host: "redirect-to-www.com" + expected_redirect_location: "https://www.redirect-to-www.com/$" + tasks: + - ansible.builtin.include_tasks: ../../checks/check-url-redirect-host.yaml -# - name: "{{ testname }} - check if custom domain 'www.redirect-from-www.com' is created and redirects to https://redirect-from-www.com" -# hosts: localhost -# serial: 1 -# vars: -# url: "{{ check_url }}" -# host: "www.redirect-from-www.com" -# expected_redirect_location: "https://redirect-from-www.com/$" -# tasks: -# - ansible.builtin.include_tasks: ../../checks/check-url-redirect-host.yaml +- name: "{{ testname }} - check if custom domain 'www.redirect-from-www.com' is created and redirects to https://redirect-from-www.com" + hosts: localhost + serial: 1 + vars: + url: "{{ check_url }}" + host: "www.redirect-from-www.com" + expected_redirect_location: "https://redirect-from-www.com/$" + tasks: + - ansible.builtin.include_tasks: ../../checks/check-url-redirect-host.yaml - name: "{{ testname }} - api deleteEnvironment on {{ project }}, which should remove all resources" hosts: localhost diff --git a/tests/tests/nginx/check-first.yaml b/tests/tests/nginx/check-first.yaml index 9dc085eb87..97b8b9c3ab 100644 --- a/tests/tests/nginx/check-first.yaml +++ b/tests/tests/nginx/check-first.yaml @@ -98,28 +98,28 @@ tasks: - ansible.builtin.include_tasks: ../../checks/check-url-content-host.yaml -# - name: "{{ testname }} - check if custom domain 'hsts-header.com' is created and has HSTS header set" -# hosts: localhost -# serial: 1 -# vars: -# url: "https://nginx.{{ project | regex_replace('_', '-') }}.{{ branch | regex_replace('/', '-') }}.{{ route_suffix_https }}" -# host: "hsts-header.com" -# expected_returncode: 200 -# expected_header: "strict_transport_security" -# expected_header_value: "max-age=15768000" -# tasks: -# - ansible.builtin.include_tasks: ../../checks/check-url-header.yaml - -# - name: "{{ testname }} - check if custom domain 'hsts-header-null.com' is created and does not have HSTS header set" -# hosts: localhost -# serial: 1 -# vars: -# url: "https://nginx.{{ project | regex_replace('_', '-') }}.{{ branch | regex_replace('/', '-') }}.{{ route_suffix_https }}" -# host: "hsts-header-null.com" -# expected_returncode: 200 -# expected_header: "strict_transport_security" -# tasks: -# - ansible.builtin.include_tasks: ../../checks/check-url-header-absent.yaml +- name: "{{ testname }} - check if custom domain 'hsts-header.com' is created and has HSTS header set" + hosts: localhost + serial: 1 + vars: + url: "https://nginx.{{ project | regex_replace('_', '-') }}.{{ branch | regex_replace('/', '-') }}.{{ route_suffix_https }}" + host: "hsts-header.com" + expected_returncode: 200 + expected_header: "strict_transport_security" + expected_header_value: "max-age=15768000" + tasks: + - ansible.builtin.include_tasks: ../../checks/check-url-header.yaml + +- name: "{{ testname }} - check if custom domain 'hsts-header-null.com' is created and does not have HSTS header set" + hosts: localhost + serial: 1 + vars: + url: "https://nginx.{{ project | regex_replace('_', '-') }}.{{ branch | regex_replace('/', '-') }}.{{ route_suffix_https }}" + host: "hsts-header-null.com" + expected_returncode: 200 + expected_header: "strict_transport_security" + tasks: + - ansible.builtin.include_tasks: ../../checks/check-url-header-absent.yaml - name: "{{ testname }} - check if {{ project }} is redirecting correctly with no preserve'" hosts: localhost diff --git a/tests/tests/nginx/check-fourth.yaml b/tests/tests/nginx/check-fourth.yaml index 24670dc0f6..6e00f388dc 100644 --- a/tests/tests/nginx/check-fourth.yaml +++ b/tests/tests/nginx/check-fourth.yaml @@ -58,25 +58,25 @@ tasks: - ansible.builtin.include_tasks: ../../checks/check-url-returncode-host.yaml -# - name: "{{ testname }} - FOURTH TEST: check if custom domain 'hsts-header-null.com' now has HSTS header set" -# hosts: localhost -# serial: 1 -# vars: -# url: "https://nginx-{{ project | regex_replace('_', '-') }}-{{ branch | regex_replace('/', '-') }}.{{ route_suffix_https }}" -# host: "hsts-header-null.com" -# expected_returncode: 200 -# expected_header: "strict_transport_security" -# expected_header_value: "max-age=15768000" -# tasks: -# - ansible.builtin.include_tasks: ../../checks/check-url-header.yaml +- name: "{{ testname }} - FOURTH TEST: check if custom domain 'hsts-header-null.com' now has HSTS header set" + hosts: localhost + serial: 1 + vars: + url: "https://nginx-{{ project | regex_replace('_', '-') }}-{{ branch | regex_replace('/', '-') }}.{{ route_suffix_https }}" + host: "hsts-header-null.com" + expected_returncode: 200 + expected_header: "strict_transport_security" + expected_header_value: "max-age=15768000" + tasks: + - ansible.builtin.include_tasks: ../../checks/check-url-header.yaml -# - name: "{{ testname }} - FOURTH TEST: check if custom domain 'hsts-header.com' is created and does not have HSTS header set" -# hosts: localhost -# serial: 1 -# vars: -# url: "https://nginx-{{ project | regex_replace('_', '-') }}-{{ branch | regex_replace('/', '-') }}.{{ route_suffix_https }}" -# host: "hsts-header.com" -# expected_returncode: 200 -# expected_header: "strict_transport_security" -# tasks: -# - ansible.builtin.include_tasks: ../../checks/check-url-header-absent.yaml +- name: "{{ testname }} - FOURTH TEST: check if custom domain 'hsts-header.com' is created and does not have HSTS header set" + hosts: localhost + serial: 1 + vars: + url: "https://nginx-{{ project | regex_replace('_', '-') }}-{{ branch | regex_replace('/', '-') }}.{{ route_suffix_https }}" + host: "hsts-header.com" + expected_returncode: 200 + expected_header: "strict_transport_security" + tasks: + - ansible.builtin.include_tasks: ../../checks/check-url-header-absent.yaml diff --git a/tests/tests/nginx/check-second.yaml b/tests/tests/nginx/check-second.yaml index d6cbc08ca0..db9e02281b 100644 --- a/tests/tests/nginx/check-second.yaml +++ b/tests/tests/nginx/check-second.yaml @@ -58,25 +58,25 @@ tasks: - ansible.builtin.include_tasks: ../../checks/check-url-returncode-host.yaml -# - name: "{{ testname }} - SECOND TEST: check if custom domain 'hsts-header-null.com' now has HSTS header set" -# hosts: localhost -# serial: 1 -# vars: -# url: "https://nginx.{{ project | regex_replace('_', '-') }}.{{ branch | regex_replace('/', '-') }}.{{ route_suffix_https }}" -# host: "hsts-header-null.com" -# expected_returncode: 200 -# expected_header: "strict_transport_security" -# expected_header_value: "max-age=15768000" -# tasks: -# - ansible.builtin.include_tasks: ../../checks/check-url-header.yaml +- name: "{{ testname }} - SECOND TEST: check if custom domain 'hsts-header-null.com' now has HSTS header set" + hosts: localhost + serial: 1 + vars: + url: "https://nginx.{{ project | regex_replace('_', '-') }}.{{ branch | regex_replace('/', '-') }}.{{ route_suffix_https }}" + host: "hsts-header-null.com" + expected_returncode: 200 + expected_header: "strict_transport_security" + expected_header_value: "max-age=15768000" + tasks: + - ansible.builtin.include_tasks: ../../checks/check-url-header.yaml -# - name: "{{ testname }} - SECOND TEST: check if custom domain 'hsts-header.com' is created and does not have HSTS header set" -# hosts: localhost -# serial: 1 -# vars: -# url: "https://nginx.{{ project | regex_replace('_', '-') }}.{{ branch | regex_replace('/', '-') }}.{{ route_suffix_https }}" -# host: "hsts-header.com" -# expected_returncode: 200 -# expected_header: "strict_transport_security" -# tasks: -# - ansible.builtin.include_tasks: ../../checks/check-url-header-absent.yaml +- name: "{{ testname }} - SECOND TEST: check if custom domain 'hsts-header.com' is created and does not have HSTS header set" + hosts: localhost + serial: 1 + vars: + url: "https://nginx.{{ project | regex_replace('_', '-') }}.{{ branch | regex_replace('/', '-') }}.{{ route_suffix_https }}" + host: "hsts-header.com" + expected_returncode: 200 + expected_header: "strict_transport_security" + tasks: + - ansible.builtin.include_tasks: ../../checks/check-url-header-absent.yaml From 8e7ce84f20b7a1370230bf9aa5f6fda4bad1e4ce Mon Sep 17 00:00:00 2001 From: shreddedbacon Date: Wed, 6 May 2026 15:56:44 +1000 Subject: [PATCH 4/6] fix: references to ci image tag for build image --- Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Makefile b/Makefile index 9f843947fc..741f7211b3 100644 --- a/Makefile +++ b/Makefile @@ -51,7 +51,7 @@ UPSTREAM_TAG ?= latest # latest is the most current release # edge is the most current merged change BUILD_DEPLOY_IMAGE_REPO = uselagoon/build-deploy-image -BUILD_DEPLOY_IMAGE_TAG ?= pr-472 +BUILD_DEPLOY_IMAGE_TAG ?= edge # UI_IMAGE_REPO and UI_IMAGE_TAG are an easy way to override the UI image used # only works for installations where INSTALL_STABLE_CORE=false @@ -865,7 +865,7 @@ endif SSHTOKEN_IMAGE_REPO=$(SSHTOKEN_IMAGE_REPO) SSHTOKEN_IMAGE_TAG=$(SSHTOKEN_IMAGE_TAG) \ SSHPORTAL_IMAGE_REPO=$(SSHPORTAL_IMAGE_REPO) SSHPORTAL_IMAGE_TAG=$(SSHPORTAL_IMAGE_TAG) \ INSIGHTS_HANDLER_IMAGE_REPO=$(INSIGHTS_HANDLER_IMAGE_REPO) INSIGHTS_HANDLER_IMAGE_TAG=$(INSIGHTS_HANDLER_IMAGE_TAG) \ - OVERRIDE_BUILD_DEPLOY_DIND_IMAGE="registry.$$($(KUBECTL) -n $(INGRESS_CONTROLLER_NAMESPACE) get services $(INGRESS_CONTROLLER_SERVICE) -o jsonpath='{.status.loadBalancer.ingress[0].ip}').nip.io/library/build-deploy-image:$(BUILD_DEPLOY_IMAGE_TAG)" \ + OVERRIDE_BUILD_DEPLOY_DIND_IMAGE="registry.$$($(KUBECTL) -n $(INGRESS_CONTROLLER_NAMESPACE) get services $(INGRESS_CONTROLLER_SERVICE) -o jsonpath='{.status.loadBalancer.ingress[0].ip}').nip.io/library/build-deploy-image:$(CI_BUILD_TAG)" \ $$([ $(OVERRIDE_REMOTE_CONTROLLER_IMAGETAG) ] && echo 'OVERRIDE_REMOTE_CONTROLLER_IMAGETAG=$(OVERRIDE_REMOTE_CONTROLLER_IMAGETAG)') \ $$([ $(OVERRIDE_REMOTE_CONTROLLER_IMAGE_REPOSITORY) ] && echo 'OVERRIDE_REMOTE_CONTROLLER_IMAGE_REPOSITORY=$(OVERRIDE_REMOTE_CONTROLLER_IMAGE_REPOSITORY)') \ OVERRIDE_PROJECTCLONE_TASK_IMAGE="registry.$$($(KUBECTL) -n $(INGRESS_CONTROLLER_NAMESPACE) get services $(INGRESS_CONTROLLER_SERVICE) -o jsonpath='{.status.loadBalancer.ingress[0].ip}').nip.io/library/task-projectclone:$(SAFE_BRANCH_NAME)" \ @@ -1165,7 +1165,7 @@ endif && $(MAKE) fill-test-ci-values DOCKER_NETWORK=$(DOCKER_NETWORK) TESTS=$(TESTS) IMAGE_TAG=$(TEST_IMAGE_TAG) \ HELM=$(HELM) KUBECTL=$(KUBECTL) \ JQ=$(JQ) \ - OVERRIDE_BUILD_DEPLOY_DIND_IMAGE="registry.$$($(KUBECTL) -n $(INGRESS_CONTROLLER_NAMESPACE) get services $(INGRESS_CONTROLLER_SERVICE) -o jsonpath='{.status.loadBalancer.ingress[0].ip}').nip.io/library/build-deploy-image:$(BUILD_DEPLOY_IMAGE_TAG)" \ + OVERRIDE_BUILD_DEPLOY_DIND_IMAGE="registry.$$($(KUBECTL) -n $(INGRESS_CONTROLLER_NAMESPACE) get services $(INGRESS_CONTROLLER_SERVICE) -o jsonpath='{.status.loadBalancer.ingress[0].ip}').nip.io/library/build-deploy-image:$(CI_BUILD_TAG)" \ OVERRIDE_PROJECTCLONE_TASK_IMAGE="registry.$$($(KUBECTL) -n $(INGRESS_CONTROLLER_NAMESPACE) get services $(INGRESS_CONTROLLER_SERVICE) -o jsonpath='{.status.loadBalancer.ingress[0].ip}').nip.io/library/task-projectclone:$(SAFE_BRANCH_NAME)" \ OVERRIDE_ACTIVE_STANDBY_TASK_IMAGE="registry.$$($(KUBECTL) -n $(INGRESS_CONTROLLER_NAMESPACE) get services $(INGRESS_CONTROLLER_SERVICE) -o jsonpath='{.status.loadBalancer.ingress[0].ip}').nip.io/library/task-activestandby:$(SAFE_BRANCH_NAME)" \ IMAGE_REGISTRY=$$(if [ $(USE_STABLE_TESTS) = true ]; then echo 'uselagoon'; else echo "registry.$$($(KUBECTL) -n $(INGRESS_CONTROLLER_NAMESPACE) get services $(INGRESS_CONTROLLER_SERVICE) -o jsonpath='{.status.loadBalancer.ingress[0].ip}').nip.io/library"; fi) \ From 43047f9423426b05981c6f9aeb8157a8daaa46bb Mon Sep 17 00:00:00 2001 From: shreddedbacon Date: Wed, 6 May 2026 16:51:19 +1000 Subject: [PATCH 5/6] fix: references to ci image tag for build image --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 741f7211b3..cfafb64740 100644 --- a/Makefile +++ b/Makefile @@ -51,7 +51,7 @@ UPSTREAM_TAG ?= latest # latest is the most current release # edge is the most current merged change BUILD_DEPLOY_IMAGE_REPO = uselagoon/build-deploy-image -BUILD_DEPLOY_IMAGE_TAG ?= edge +BUILD_DEPLOY_IMAGE_TAG ?= pr-472 # UI_IMAGE_REPO and UI_IMAGE_TAG are an easy way to override the UI image used # only works for installations where INSTALL_STABLE_CORE=false From e2e578ad6f7301a6dfc0c0f017fd4fcf665f57b1 Mon Sep 17 00:00:00 2001 From: shreddedbacon Date: Thu, 7 May 2026 13:47:20 +1000 Subject: [PATCH 6/6] test: revert test overrides --- Jenkinsfile | 2 +- tests/files/active-standby/first/.lagoon.yml | 2 ++ tests/files/active-standby/second/.lagoon.yml | 2 ++ tests/tests/features-kubernetes.yaml | 2 +- tests/tests/nginx/nginx.yaml | 2 +- 5 files changed, 7 insertions(+), 3 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index 4b0dd8c582..79410b76cd 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -92,7 +92,7 @@ pipeline { sh script: "make local-dev-tools", label: "Configure k3d" sh script: "./local-dev/k3d cluster delete --all", label: "Delete any remnant clusters" sh script: "make k3d/stable-local-stack INSTALL_SEED_DATA=false BRANCH_NAME=${SAFEBRANCH_NAME} LAGOON_CORE_USE_HTTPS=false INSTALL_PROMETHEUS=false INSTALL_AERGIA=false", label: "Setup stable cluster" - sh script: "make k3d/retest TESTS=[nginx] BRANCH_NAME=${SAFEBRANCH_NAME} USE_STABLE_TESTS=false", label: "Run nginx smoketest" + sh script: "make k3d/retest TESTS=[nginx] BRANCH_NAME=${SAFEBRANCH_NAME} USE_STABLE_TESTS=true", label: "Run nginx smoketest" sh script: "make k3d/install-lagoon BRANCH_NAME=${SAFEBRANCH_NAME} INSTALL_PROMETHEUS=false INSTALL_AERGIA=false", label: "Run lagoon upgrade" sh script: "pkill -f './local-dev/stern'", label: "Closing off test-suite-0 log after test completion" // script { diff --git a/tests/files/active-standby/first/.lagoon.yml b/tests/files/active-standby/first/.lagoon.yml index 2795e0e4be..f9888ae383 100644 --- a/tests/files/active-standby/first/.lagoon.yml +++ b/tests/files/active-standby/first/.lagoon.yml @@ -8,7 +8,9 @@ production_routes: routes: - nginx: - active-moving-route.com: + tls-acme: false standby: routes: - nginx: - standby-moving-route.com: + tls-acme: false diff --git a/tests/files/active-standby/second/.lagoon.yml b/tests/files/active-standby/second/.lagoon.yml index 2795e0e4be..f9888ae383 100644 --- a/tests/files/active-standby/second/.lagoon.yml +++ b/tests/files/active-standby/second/.lagoon.yml @@ -8,7 +8,9 @@ production_routes: routes: - nginx: - active-moving-route.com: + tls-acme: false standby: routes: - nginx: - standby-moving-route.com: + tls-acme: false diff --git a/tests/tests/features-kubernetes.yaml b/tests/tests/features-kubernetes.yaml index ed4da24a04..b5d9899f97 100644 --- a/tests/tests/features-kubernetes.yaml +++ b/tests/tests/features-kubernetes.yaml @@ -31,7 +31,7 @@ git_repo_name: features.git project: ci-features-{{ cluster_type }} branch: ingress-annotations - check_url: "https://node.{{ project | regex_replace('_', '-') }}.{{ branch | regex_replace('/', '-') }}.{{ route_suffix_https }}" + check_url: "http://node.{{ project | regex_replace('_', '-') }}.{{ branch | regex_replace('/', '-') }}.{{ route_suffix }}" - ansible.builtin.import_playbook: features/short-router-url.yaml vars: diff --git a/tests/tests/nginx/nginx.yaml b/tests/tests/nginx/nginx.yaml index 284afe007c..815028ea18 100644 --- a/tests/tests/nginx/nginx.yaml +++ b/tests/tests/nginx/nginx.yaml @@ -93,7 +93,7 @@ project: "{{ project }}" branch: "{{ branch }}" envName: "LAGOON_ROUTES_JSON" - envValue: "eyJyb3V0ZXMiOlt7ImRvbWFpbiI6InRlc3QxLmV4YW1wbGUuY29tIiwic2VydmljZSI6Im5naW54IiwidGxzLWFjbWUiOnRydWUsIm1vbml0b3JpbmctcGF0aCI6Ii9ieXBhc3MtY2FjaGUifV19" + envValue: "eyJyb3V0ZXMiOlt7ImRvbWFpbiI6InRlc3QxLmV4YW1wbGUuY29tIiwic2VydmljZSI6Im5naW54IiwidGxzLWFjbWUiOmZhbHNlLCJtb25pdG9yaW5nLXBhdGgiOiIvYnlwYXNzLWNhY2hlIn1dfQo=" envScope: "BUILD" tasks: - ansible.builtin.include_tasks: ../../tasks/api/add-environment-variable.yaml