From 36d1a15acaeaf77dd184cca06386a8f2f6a6f871 Mon Sep 17 00:00:00 2001 From: Benjamin Ernst Date: Fri, 13 Mar 2026 16:47:43 +0100 Subject: [PATCH 1/8] test dev-deployment to local k3d clusters --- build/make/k8s-component.mk | 16 +++++++++---- build/make/k8s.mk | 48 ++++++++++++++++++++++++++++--------- 2 files changed, 49 insertions(+), 15 deletions(-) diff --git a/build/make/k8s-component.mk b/build/make/k8s-component.mk index 7eaa439..1b1f2bd 100644 --- a/build/make/k8s-component.mk +++ b/build/make/k8s-component.mk @@ -9,6 +9,9 @@ endif ifeq (${RUNTIME_ENV}, local) BINARY_HELM_ADDITIONAL_PUSH_ARGS?=--plain-http endif +ifeq (${RUNTIME_ENV}, k3d) + BINARY_HELM_ADDITIONAL_PUSH_ARGS?=--plain-http +endif BINARY_HELM_ADDITIONAL_PACK_ARGS?= BINARY_HELM_ADDITIONAL_UNINST_ARGS?= BINARY_HELM_ADDITIONAL_UPGR_ARGS?= @@ -18,10 +21,15 @@ HELM_SOURCE_DIR ?= k8s/helm HELM_RELEASE_TGZ=${HELM_TARGET_DIR}/${COMPONENT_ARTIFACT_ID}-${VERSION}.tgz HELM_DEV_RELEASE_TGZ=${HELM_TARGET_DIR}/${COMPONENT_ARTIFACT_ID}-${COMPONENT_DEV_VERSION}.tgz HELM_ARTIFACT_NAMESPACE?=k8s +HELM_PUSH_REGISTRY_HOST?=${CES_REGISTRY_HOST} ifeq (${RUNTIME_ENV}, remote) HELM_ARTIFACT_NAMESPACE=testing/k8s endif +ifeq (${RUNTIME_ENV}, k3d) + HELM_PUSH_REGISTRY_HOST=localhost:5001 +endif $(info HELM_ARTIFACT_NAMESPACE=$(HELM_ARTIFACT_NAMESPACE)) +$(info HELM_PUSH_REGISTRY_HOST=$(HELM_PUSH_REGISTRY_HOST)) K8S_RESOURCE_COMPONENT ?= "${K8S_RESOURCE_TEMP_FOLDER}/component-${COMPONENT_ARTIFACT_ID}-${VERSION}.yaml" K8S_RESOURCE_COMPONENT_CR_TEMPLATE_YAML ?= $(BUILD_DIR)/make/k8s-component.tpl @@ -98,11 +106,11 @@ helm-reinstall: helm-delete helm-apply ## Uninstalls the current helm chart and .PHONY: helm-chart-import helm-chart-import: ${CHECK_VAR_TARGETS} helm-generate helm-package ${IMAGE_IMPORT_TARGET} ## Imports the currently available chart into the cluster-local registry. @if [[ ${STAGE} == "development" ]]; then \ - echo "Import ${HELM_DEV_RELEASE_TGZ} into K8s cluster ${CES_REGISTRY_HOST}/${HELM_ARTIFACT_NAMESPACE}..."; \ - ${BINARY_HELM} push ${HELM_DEV_RELEASE_TGZ} oci://${CES_REGISTRY_HOST}/${HELM_ARTIFACT_NAMESPACE} ${BINARY_HELM_ADDITIONAL_PUSH_ARGS}; \ + echo "Import ${HELM_DEV_RELEASE_TGZ} into K8s cluster ${HELM_PUSH_REGISTRY_HOST}/${HELM_ARTIFACT_NAMESPACE}..."; \ + ${BINARY_HELM} push ${HELM_DEV_RELEASE_TGZ} oci://${HELM_PUSH_REGISTRY_HOST}/${HELM_ARTIFACT_NAMESPACE} ${BINARY_HELM_ADDITIONAL_PUSH_ARGS}; \ else \ - echo "Import ${HELM_RELEASE_TGZ} into K8s cluster ${CES_REGISTRY_HOST}/${HELM_ARTIFACT_NAMESPACE}..."; \ - ${BINARY_HELM} push ${HELM_RELEASE_TGZ} oci://${CES_REGISTRY_HOST}/${HELM_ARTIFACT_NAMESPACE} ${BINARY_HELM_ADDITIONAL_PUSH_ARGS}; \ + echo "Import ${HELM_RELEASE_TGZ} into K8s cluster ${HELM_PUSH_REGISTRY_HOST}/${HELM_ARTIFACT_NAMESPACE}..."; \ + ${BINARY_HELM} push ${HELM_RELEASE_TGZ} oci://${HELM_PUSH_REGISTRY_HOST}/${HELM_ARTIFACT_NAMESPACE} ${BINARY_HELM_ADDITIONAL_PUSH_ARGS}; \ fi @echo "Done." diff --git a/build/make/k8s.mk b/build/make/k8s.mk index d8e44a5..64633ea 100644 --- a/build/make/k8s.mk +++ b/build/make/k8s.mk @@ -40,8 +40,12 @@ IMAGE ?= # with development images pointing to CES_REGISTRY_URL_PREFIX. STAGE?=production -# Set the "local" as runtime-environment, to push images to the container-registry of the local cluster and to apply resources to the local cluster. -# Use "remote" as runtime-environment in your .env file to push images to the container-registry at "registry.cloudogu.com/testing" and to apply resources to the configured kubernetes-context in KUBE_CONTEXT_NAME. +# Set "local" as runtime-environment to use the legacy in-cluster registry of the local cluster. +# Set "k3d" as runtime-environment for local k3d development with local registry push/pull: +# - push from host to localhost:5001 +# - pull in-cluster via k3d-registry-proxy.localhost:5000/local-dev +# Use "remote" as runtime-environment in your .env file to push images to the container-registry at +# "registry.cloudogu.com/testing" and to apply resources to the configured kubernetes-context in KUBE_CONTEXT_NAME. RUNTIME_ENV?=local $(info RUNTIME_ENV=$(RUNTIME_ENV)) @@ -49,26 +53,40 @@ $(info RUNTIME_ENV=$(RUNTIME_ENV)) K3S_CLUSTER_FQDN?=k3ces.localdomain K3S_LOCAL_REGISTRY_PORT?=30099 -# The URL of the container-registry to use. Defaults to the registry of the local-cluster. -# If RUNTIME_ENV is "remote" it is "registry.cloudogu.com/testing", if ENVIRONMENT is "ci" it is "registry.cloudogu.com/ci" -# if run on ci (jenkins) the images must be pushed to a separate namespace in order to free space every night after the build. +# The URL or image-prefix host to use for development images. +# If RUNTIME_ENV is "remote" it is "registry.cloudogu.com/testing", if ENVIRONMENT is "ci" it is "registry.cloudogu.com/ci". +# If run on ci (jenkins) the images must be pushed to a separate namespace in order to free space every night after the build. CES_REGISTRY_HOST?=${K3S_CLUSTER_FQDN}:${K3S_LOCAL_REGISTRY_PORT} CES_REGISTRY_NAMESPACE ?= +IMAGE_PUSH_REGISTRY_HOST ?= $(CES_REGISTRY_HOST) +IMAGE_PUSH_REGISTRY_NAMESPACE ?= $(CES_REGISTRY_NAMESPACE) ifeq (${RUNTIME_ENV}, remote) CES_REGISTRY_HOST=registry.cloudogu.com CES_REGISTRY_NAMESPACE=/testing + IMAGE_PUSH_REGISTRY_HOST=$(CES_REGISTRY_HOST) + IMAGE_PUSH_REGISTRY_NAMESPACE=$(CES_REGISTRY_NAMESPACE) ifeq ($(ENVIRONMENT), ci) CES_REGISTRY_NAMESPACE=/ci + IMAGE_PUSH_REGISTRY_NAMESPACE=$(CES_REGISTRY_NAMESPACE) endif endif +ifeq (${RUNTIME_ENV}, k3d) + CES_REGISTRY_HOST=k3d-registry-proxy.localhost:5000 + CES_REGISTRY_NAMESPACE=/local-dev + IMAGE_PUSH_REGISTRY_HOST=localhost:5001 + IMAGE_PUSH_REGISTRY_NAMESPACE=/local-dev +endif $(info CES_REGISTRY_HOST=$(CES_REGISTRY_HOST)) # The name of the kube-context to use for applying resources. # If KUBE_CONTEXT_NAME is empty and RUNTIME_ENV is "remote" the currently configured kube-context is used. -# If KUBE_CONTEXT_NAME is empty and RUNTIME_ENV is not "remote" the "k3ces.localdomain" is used as kube-context. +# If KUBE_CONTEXT_NAME is empty and RUNTIME_ENV is "k3d" the currently configured kube-context is used. +# If KUBE_CONTEXT_NAME is empty and RUNTIME_ENV is neither "remote" nor "k3d" the "k3ces.localdomain" is used as kube-context. ifeq (${KUBE_CONTEXT_NAME}, ) ifeq (${RUNTIME_ENV}, remote) KUBE_CONTEXT_NAME = $(shell kubectl config current-context) + else ifeq (${RUNTIME_ENV}, k3d) + KUBE_CONTEXT_NAME = $(shell kubectl config current-context) else KUBE_CONTEXT_NAME = k3ces.localdomain endif @@ -83,6 +101,8 @@ GIT_HASH := $(shell git rev-parse --short HEAD) ## Image URL to use all building/pushing image targets IMAGE_DEV?=$(CES_REGISTRY_HOST)$(CES_REGISTRY_NAMESPACE)/$(ARTIFACT_ID)/$(GIT_BRANCH) IMAGE_DEV_VERSION=$(IMAGE_DEV):$(VERSION) +IMAGE_DEV_PUSH?=$(IMAGE_PUSH_REGISTRY_HOST)$(IMAGE_PUSH_REGISTRY_NAMESPACE)/$(ARTIFACT_ID)/$(GIT_BRANCH) +IMAGE_DEV_PUSH_VERSION=$(IMAGE_DEV_PUSH):$(VERSION) # Variables for the temporary yaml files. These are used as template to generate a development resource containing # the current namespace and the dev image. @@ -174,9 +194,17 @@ ifeq (${IMAGE_DEV},) endif .PHONY: image-import -image-import: check-all-vars check-k8s-artifact-id docker-dev-tag ## Imports the currently available image into the configured ces-registry. - @echo "Import $(IMAGE_DEV_VERSION) into K8s cluster ${KUBE_CONTEXT_NAME}..." - @docker push $(IMAGE_DEV_VERSION) +image-import: check-all-vars check-k8s-artifact-id docker-dev-tag ## Imports the currently available image into the configured runtime target. + @if [[ "${RUNTIME_ENV}" == "k3d" ]]; then \ + echo "Push $(IMAGE_DEV_VERSION) for k3d registry workflow..."; \ + echo "Push target: $(IMAGE_DEV_PUSH_VERSION)"; \ + echo "Pull target: $(IMAGE_DEV_VERSION)"; \ + DOCKER_BUILDKIT=1 docker tag $(IMAGE_DEV_VERSION) $(IMAGE_DEV_PUSH_VERSION); \ + docker push $(IMAGE_DEV_PUSH_VERSION); \ + else \ + echo "Import $(IMAGE_DEV_VERSION) into K8s cluster ${KUBE_CONTEXT_NAME}..."; \ + docker push $(IMAGE_DEV_VERSION); \ + fi @echo "Done." ## Functions @@ -237,5 +265,3 @@ isProduction: else \ echo "Command executed in development stage. Continuing."; \ fi - - From 812b1f59d5d83990c997d3066963687c18530354 Mon Sep 17 00:00:00 2001 From: Benjamin Ernst Date: Wed, 15 Apr 2026 09:13:24 +0200 Subject: [PATCH 2/8] update k3d-handling add overridable defaults for the registries --- README.md | 20 ++++++++++++++++++-- build/make/k8s-component.mk | 2 +- build/make/k8s.mk | 30 +++++++++++++++++++++++------- 3 files changed, 42 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index 18f93fd..ed5aab9 100644 --- a/README.md +++ b/README.md @@ -377,9 +377,26 @@ tests in `${yourProjectDir}/batsTests` (overrideable with the variable `TESTS_DI The k8s-modules support remote runtimes and container-registries. The environment-variable `RUNTIME_ENV`controls which runtime-environment to use: - * `local`: uses the local k8s-cluster at `k3ces-local` and the container-registry of this local-cluster + * `local`: uses the legacy local k8s-cluster at `k3ces.localdomain` and the in-cluster registry of this local cluster + * `k3d`: uses a local k3d cluster, pushes from the host to a writable local registry and pulls in-cluster from the proxy registry * `remote`: uses the currently configured cluster of the kube-config and the container-registry at `registry.cloudogu.com/testing` +For `k3d`, the defaults are: + +- pull in-cluster via `k3d-registry-proxy.localhost:5000/local-dev` +- push from the host via `localhost:5001/local-dev` +- use the current kube-context unless `KUBE_CONTEXT_NAME` is set explicitly + +You can also set `KUBECONFIG` in the repository-local `.env`. +If `KUBE_CONTEXT_NAME` is not set, the current context is then resolved from this kubeconfig and used for all `kubectl` and `helm` calls. + +The `k3d` registry endpoints can be overridden with: + +- `K3D_PULL_REGISTRY_HOST` +- `K3D_PULL_REGISTRY_NAMESPACE` +- `K3D_PUSH_REGISTRY_HOST` +- `K3D_PUSH_REGISTRY_NAMESPACE` + To manually override the kube-context the environment-variable `KUBE_CONTEXT_NAME` can be used. #### k8s.mk @@ -462,4 +479,3 @@ This module provides a target for scanning dogu images with trivy Usage: `make trivyscan` or `make trivyscan SEVERITY='HIGH,CRITICAL'` - diff --git a/build/make/k8s-component.mk b/build/make/k8s-component.mk index 1b1f2bd..18a196f 100644 --- a/build/make/k8s-component.mk +++ b/build/make/k8s-component.mk @@ -26,7 +26,7 @@ ifeq (${RUNTIME_ENV}, remote) HELM_ARTIFACT_NAMESPACE=testing/k8s endif ifeq (${RUNTIME_ENV}, k3d) - HELM_PUSH_REGISTRY_HOST=localhost:5001 + HELM_PUSH_REGISTRY_HOST=$(IMAGE_PUSH_REGISTRY_HOST) endif $(info HELM_ARTIFACT_NAMESPACE=$(HELM_ARTIFACT_NAMESPACE)) $(info HELM_PUSH_REGISTRY_HOST=$(HELM_PUSH_REGISTRY_HOST)) diff --git a/build/make/k8s.mk b/build/make/k8s.mk index 64633ea..f9f8648 100644 --- a/build/make/k8s.mk +++ b/build/make/k8s.mk @@ -33,6 +33,12 @@ BINARY_CRANE_ARCHIVE_STRIP?=0 SHELL = /usr/bin/env bash -o pipefail .SHELLFLAGS = -ec +ifneq (${KUBECONFIG},) + # Values from the repo-local .env become plain make variables first. Export KUBECONFIG so + # recipe shells and nested kubectl/helm calls use the same kubeconfig file as the make logic. + export KUBECONFIG +endif + # The productive tag of the image IMAGE ?= @@ -42,8 +48,8 @@ STAGE?=production # Set "local" as runtime-environment to use the legacy in-cluster registry of the local cluster. # Set "k3d" as runtime-environment for local k3d development with local registry push/pull: -# - push from host to localhost:5001 -# - pull in-cluster via k3d-registry-proxy.localhost:5000/local-dev +# - push from host to ${K3D_PUSH_REGISTRY_HOST}${K3D_PUSH_REGISTRY_NAMESPACE} +# - pull in-cluster via ${K3D_PULL_REGISTRY_HOST}${K3D_PULL_REGISTRY_NAMESPACE} # Use "remote" as runtime-environment in your .env file to push images to the container-registry at # "registry.cloudogu.com/testing" and to apply resources to the configured kubernetes-context in KUBE_CONTEXT_NAME. RUNTIME_ENV?=local @@ -52,6 +58,10 @@ $(info RUNTIME_ENV=$(RUNTIME_ENV)) # The host and port of the local cluster K3S_CLUSTER_FQDN?=k3ces.localdomain K3S_LOCAL_REGISTRY_PORT?=30099 +K3D_PULL_REGISTRY_HOST?=k3d-registry-proxy.localhost:5000 +K3D_PULL_REGISTRY_NAMESPACE?=/local-dev +K3D_PUSH_REGISTRY_HOST?=localhost:5001 +K3D_PUSH_REGISTRY_NAMESPACE?=$(K3D_PULL_REGISTRY_NAMESPACE) # The URL or image-prefix host to use for development images. # If RUNTIME_ENV is "remote" it is "registry.cloudogu.com/testing", if ENVIRONMENT is "ci" it is "registry.cloudogu.com/ci". @@ -71,19 +81,25 @@ ifeq (${RUNTIME_ENV}, remote) endif endif ifeq (${RUNTIME_ENV}, k3d) - CES_REGISTRY_HOST=k3d-registry-proxy.localhost:5000 - CES_REGISTRY_NAMESPACE=/local-dev - IMAGE_PUSH_REGISTRY_HOST=localhost:5001 - IMAGE_PUSH_REGISTRY_NAMESPACE=/local-dev + CES_REGISTRY_HOST=$(K3D_PULL_REGISTRY_HOST) + CES_REGISTRY_NAMESPACE=$(K3D_PULL_REGISTRY_NAMESPACE) + IMAGE_PUSH_REGISTRY_HOST=$(K3D_PUSH_REGISTRY_HOST) + IMAGE_PUSH_REGISTRY_NAMESPACE=$(K3D_PUSH_REGISTRY_NAMESPACE) endif $(info CES_REGISTRY_HOST=$(CES_REGISTRY_HOST)) # The name of the kube-context to use for applying resources. +# If KUBECONFIG is set and KUBE_CONTEXT_NAME is empty, the current context from this kubeconfig is used. # If KUBE_CONTEXT_NAME is empty and RUNTIME_ENV is "remote" the currently configured kube-context is used. # If KUBE_CONTEXT_NAME is empty and RUNTIME_ENV is "k3d" the currently configured kube-context is used. +# Set KUBE_CONTEXT_NAME explicitly if the current kube-context does not point to the desired local k3d cluster. # If KUBE_CONTEXT_NAME is empty and RUNTIME_ENV is neither "remote" nor "k3d" the "k3ces.localdomain" is used as kube-context. ifeq (${KUBE_CONTEXT_NAME}, ) - ifeq (${RUNTIME_ENV}, remote) + ifneq (${KUBECONFIG}, ) + # Resolve the current context from the explicitly configured kubeconfig instead of the + # user's default ~/.kube/config. This keeps repo-local .env settings self-contained. + KUBE_CONTEXT_NAME = $(shell KUBECONFIG="${KUBECONFIG}" kubectl config current-context) + else ifeq (${RUNTIME_ENV}, remote) KUBE_CONTEXT_NAME = $(shell kubectl config current-context) else ifeq (${RUNTIME_ENV}, k3d) KUBE_CONTEXT_NAME = $(shell kubectl config current-context) From 7206c55640af6993e316b3b49d89bfbbed4e0911 Mon Sep 17 00:00:00 2001 From: Benjamin Ernst Date: Wed, 15 Apr 2026 09:36:15 +0200 Subject: [PATCH 3/8] update changelog --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 47ccbd0..69b7bd7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,8 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). ## [Unreleased] +### Added +- Add support for local `k3d` development workflows in the k8s make targets. ## [v10.9.0] - 2026-04-15 - [#259] pass trivy version as parameter for coder target "trivyscanImage" From 56a356d83a0fb4768fd6c7d7d70ad639ec05ede6 Mon Sep 17 00:00:00 2001 From: Benjamin Ernst Date: Wed, 10 Jun 2026 11:28:20 +0200 Subject: [PATCH 4/8] fix push for crd-components --- build/make/k8s-crd.mk | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/build/make/k8s-crd.mk b/build/make/k8s-crd.mk index aca625d..b9a9c1c 100644 --- a/build/make/k8s-crd.mk +++ b/build/make/k8s-crd.mk @@ -90,11 +90,11 @@ ${HELM_CRD_RELEASE_TGZ}: ${BINARY_HELM} crd-helm-generate ## Generates and packa .PHONY: crd-helm-chart-import crd-helm-chart-import: ${CHECK_VAR_TARGETS} check-k8s-artifact-id crd-helm-generate crd-helm-package ## Imports the currently available Helm CRD chart into the cluster-local registry. @if [[ ${STAGE} == "development" ]]; then \ - echo "Import ${HELM_CRD_DEV_RELEASE_TGZ} into K8s cluster ${CES_REGISTRY_HOST}/${HELM_ARTIFACT_NAMESPACE}..."; \ - ${BINARY_HELM} push ${HELM_CRD_DEV_RELEASE_TGZ} oci://${CES_REGISTRY_HOST}/${HELM_ARTIFACT_NAMESPACE} ${BINARY_HELM_ADDITIONAL_PUSH_ARGS}; \ + echo "Import ${HELM_CRD_DEV_RELEASE_TGZ} into K8s cluster ${IMAGE_PUSH_REGISTRY_HOST}/${HELM_ARTIFACT_NAMESPACE}..."; \ + ${BINARY_HELM} push ${HELM_CRD_DEV_RELEASE_TGZ} oci://${IMAGE_PUSH_REGISTRY_HOST}/${HELM_ARTIFACT_NAMESPACE} ${BINARY_HELM_ADDITIONAL_PUSH_ARGS}; \ else \ - echo "Import ${HELM_CRD_RELEASE_TGZ} into K8s cluster ${CES_REGISTRY_HOST}/${HELM_ARTIFACT_NAMESPACE}..."; \ - ${BINARY_HELM} push ${HELM_CRD_RELEASE_TGZ} oci://${CES_REGISTRY_HOST}/${HELM_ARTIFACT_NAMESPACE} ${BINARY_HELM_ADDITIONAL_PUSH_ARGS}; \ + echo "Import ${HELM_CRD_RELEASE_TGZ} into K8s cluster ${IMAGE_PUSH_REGISTRY_HOST}/${HELM_ARTIFACT_NAMESPACE}..."; \ + ${BINARY_HELM} push ${HELM_CRD_RELEASE_TGZ} oci://${IMAGE_PUSH_REGISTRY_HOST}/${HELM_ARTIFACT_NAMESPACE} ${BINARY_HELM_ADDITIONAL_PUSH_ARGS}; \ fi @echo "Done." From ddc1ed494c12e57ef1fa007be801da214c183170 Mon Sep 17 00:00:00 2001 From: Niklas Date: Mon, 22 Jun 2026 14:31:22 +0200 Subject: [PATCH 5/8] #263 Add dev target to apply lop idp subcharts. --- CHANGELOG.md | 2 + build/make/k8s-component-idp.mk | 78 +++++++++++++++++++++++++++++++++ build/make/k8s-component.mk | 2 +- build/make/k8s-crd.mk | 4 +- build/make/k8s.mk | 14 +++--- build/make/yarn.mk | 4 +- 6 files changed, 91 insertions(+), 13 deletions(-) create mode 100644 build/make/k8s-component-idp.mk diff --git a/CHANGELOG.md b/CHANGELOG.md index 9751e97..0b40004 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,8 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). ## [Unreleased] +### Added +- Add target `helm-apply-idp` to apply a lop-idp subchart to an existing cluster. ## [v10.9.1] - 2026-06-09 ### Fixed diff --git a/build/make/k8s-component-idp.mk b/build/make/k8s-component-idp.mk new file mode 100644 index 0000000..3c4b43f --- /dev/null +++ b/build/make/k8s-component-idp.mk @@ -0,0 +1,78 @@ +NAMESPACE ?= ecosystem +DEPLOYED_IDP_RELEASE_NAME ?= lop-idp +IDP_WORKING_DIR ?= target +IDP_CHART_DIR = $(IDP_WORKING_DIR)/$(DEPLOYED_IDP_RELEASE_NAME) +IDP_CHART_FILE = $(IDP_WORKING_DIR)/$(DEPLOYED_IDP_RELEASE_NAME)/Chart.yaml +IDP_VALUES_FILE = $(IDP_WORKING_DIR)/$(DEPLOYED_IDP_RELEASE_NAME)/values.yaml +IDP_DEV_VALUES_FILE = $(IDP_WORKING_DIR)/$(DEPLOYED_IDP_RELEASE_NAME)/values-dev.yaml +CES_REGISTRY_NAMESPACE_SUB = $(patsubst /%,%,$(CES_REGISTRY_NAMESPACE)) + +##@ K8s - LOP-IDP development + +.PHONY: helm-apply-idp +helm-apply-idp: helm-prepare-idp helm-update-idp ## Development target to deploy a single subchart from the lop-idp in the cluster. It pulls the current installed idp chart, updates the subchart and the values with dev images and updates the idp chart in the cluster. + +.PHONY: helm-prepare-idp +helm-prepare-idp: pull-idp build-subchart-idp update-subchart-dependency-idp update-subchart-values-idp + +.PHONY: helm-update-idp +helm-update-idp: + @helm dep up "$(IDP_CHART_DIR)" + @helm -n "$(NAMESPACE)" upgrade -i "$(DEPLOYED_IDP_RELEASE_NAME)" "$(IDP_CHART_DIR)" -f "$(IDP_DEV_VALUES_FILE)" --reuse-values + +.PHONY: build-subchart-idp +build-subchart-idp: helm-chart-import + +.PHONY: update-subchart-values-idp # Overwrite this target if paths are different or multiple images are required. +update-subchart-values-idp: + @echo "Updating values in $(IDP_DEV_VALUES_FILE)..." + @yq -n '."$(ARTIFACT_ID)".image.registry = "$(CES_REGISTRY_HOST)"' > "$(IDP_DEV_VALUES_FILE)" # Always create a new file + @yq -i '."$(ARTIFACT_ID)".image.repository = "$(CES_REGISTRY_NAMESPACE_SUB)/$(ARTIFACT_ID)/$(GIT_BRANCH)"' "$(IDP_DEV_VALUES_FILE)" + @yq -i '."$(ARTIFACT_ID)".image.tag = "$(COMPONENT_DEV_VERSION)"' "$(IDP_DEV_VALUES_FILE)" + +.PHONY: update-subchart-dependency-idp +update-subchart-dependency-idp: + @echo "Updating subchart $(ARTIFACT_ID) in $(IDP_CHART_FILE)..." + @yq -i '(.dependencies[] | select(.name == "$(ARTIFACT_ID)")) |= (.repository = "oci://$(CES_REGISTRY_HOST)/$(HELM_ARTIFACT_NAMESPACE)" | .version = "$(COMPONENT_DEV_VERSION)")' "$(IDP_CHART_FILE)" + +.PHONY: pull-idp +pull-idp: + @set -euo pipefail; \ + echo "Checking IDP Component status..."; \ + idpStatus=$$(kubectl -n "$(NAMESPACE)" get comp "$(DEPLOYED_IDP_RELEASE_NAME)" --no-headers -o custom-columns=":status.status" 2>/dev/null || true); \ + if [[ "$${idpStatus}" != "installed" ]]; then \ + echo "error: IDP Component is not installed (Status: $${idpStatus})"; \ + exit 1; \ + fi; \ + echo "IDP Component status: $${idpStatus}"; \ + \ + idpInstalledVersion=$$(kubectl -n "$(NAMESPACE)" get comp "$(DEPLOYED_IDP_RELEASE_NAME)" --no-headers -o custom-columns=":status.installedVersion"); \ + echo "IDP Component installed version: $${idpInstalledVersion}"; \ + \ + idpRegistryNamespace=$$(kubectl -n "$(NAMESPACE)" get comp "$(DEPLOYED_IDP_RELEASE_NAME)" --no-headers -o custom-columns=":spec.namespace"); \ + echo "IDP Component registry namespace: $${idpRegistryNamespace}"; \ + \ + registryProperties=$$(kubectl -n "$(NAMESPACE)" get cm component-operator-helm-repository -o jsonpath='{.data.endpoint}{" "}{.data.schema}{" "}{.data.insecureTls}{" "}{.data.plainHttp}'); \ + read -r registryEndpoint registrySchema registryInsecureTls registryPlainHttp < <(echo "$${registryProperties}"); \ + echo "Using registry $${registrySchema}://$${registryEndpoint} with insecureTls $${registryInsecureTls} and plainHttp $${registryPlainHttp}"; \ + \ + echo "Creating working dir $(IDP_WORKING_DIR)"; \ + mkdir -p "$(IDP_WORKING_DIR)"; \ + \ + if [[ -d "$(IDP_CHART_DIR)" ]]; then \ + echo "Cleaning up old working chart dir"; \ + rm -rf "$(IDP_CHART_DIR)"; \ + fi; \ + \ + tlsOption=""; \ + if [[ "$${registryInsecureTls}" == "true" ]]; then \ + tlsOption="--insecure-skip-tls-verify"; \ + fi; \ + \ + plainHttpOption=""; \ + if [[ "$${registryPlainHttp}" == "true" ]]; then \ + plainHttpOption="--plain-http"; \ + fi; \ + \ + echo "Pull IDP Helm-Chart..."; \ + helm pull --untar --destination "$(IDP_WORKING_DIR)" "$${registrySchema}://$${registryEndpoint}/$${idpRegistryNamespace}/$(DEPLOYED_IDP_RELEASE_NAME)" --version "$${idpInstalledVersion}" $${tlsOption} $${plainHttpOption} diff --git a/build/make/k8s-component.mk b/build/make/k8s-component.mk index 7eaa439..c4b5c09 100644 --- a/build/make/k8s-component.mk +++ b/build/make/k8s-component.mk @@ -130,7 +130,7 @@ helm-delete-existing-tgz: ## Remove an existing Helm package from the target dir ##@ K8s - Helm lint targets .PHONY: helm-lint -helm-lint: $(BINARY_HELM) helm-generate +helm-lint: $(BINARY_HELM) helm-generate ## Lints the helm chart. @$(BINARY_HELM) lint "${HELM_TARGET_DIR}" ##@ K8s - Component dev targets diff --git a/build/make/k8s-crd.mk b/build/make/k8s-crd.mk index aca625d..70463fb 100644 --- a/build/make/k8s-crd.mk +++ b/build/make/k8s-crd.mk @@ -38,8 +38,8 @@ crd-add-labels: $(BINARY_YQ) $(BINARY_YQ) -i e ".metadata.labels.\"app.kubernetes.io/name\" = \"${ARTIFACT_CRD_ID}\"" $${file} ;\ done -.PHONY: crd-helm-generate ## Generates the Helm CRD chart -crd-helm-generate: ${CRD_HELM_MANIFEST_TARGET} validate-crd-chart ${HELM_CRD_TARGET_DIR}/Chart.yaml ${K8S_POST_CRD_HELM_GENERATE_TARGETS} +.PHONY: crd-helm-generate +crd-helm-generate: ${CRD_HELM_MANIFEST_TARGET} validate-crd-chart ${HELM_CRD_TARGET_DIR}/Chart.yaml ${K8S_POST_CRD_HELM_GENERATE_TARGETS} ## Generates the Helm CRD chart # this is phony because of it is easier this way than the makefile-single-run way .PHONY: ${HELM_CRD_TARGET_DIR}/Chart.yaml diff --git a/build/make/k8s.mk b/build/make/k8s.mk index d8e44a5..7720bfb 100644 --- a/build/make/k8s.mk +++ b/build/make/k8s.mk @@ -148,8 +148,6 @@ check-docker-credentials: fi \ fi -##@ K8s - Resources - ${K8S_RESOURCE_TEMP_FOLDER}: @mkdir -p $@ @@ -196,22 +194,22 @@ __check_defined = \ ##@ K8s - Download Utilities -.PHONY: install-yq ## Installs the yq YAML editor. -install-yq: ${BINARY_YQ} +.PHONY: install-yq +install-yq: ${BINARY_YQ} ## Installs the yq YAML editor. ${BINARY_YQ}: $(UTILITY_BIN_PATH) $(call go-get-tool,$(BINARY_YQ),github.com/mikefarah/yq/v4@${BINARY_YQ_4_VERSION}) ##@ K8s - Download Kubernetes Utilities -.PHONY: install-helm ## Download helm locally if necessary. -install-helm: ${BINARY_HELM} +.PHONY: install-helm +install-helm: ${BINARY_HELM} ## Download helm locally if necessary. ${BINARY_HELM}: $(UTILITY_BIN_PATH) $(call curl-get-tool-from-tar,$(BINARY_HELM),$(BINARY_HELM_URL),$(BINARY_HELM_SUM),$(BINARY_HELM_ARCHIVE_PATH),$(BINARY_HELM_ARCHIVE_STRIP)) -.PHONY: install-crane ## Installs crane. -install-crane: ${BINARY_CRANE} +.PHONY: install-crane +install-crane: ${BINARY_CRANE} ## Installs crane. ${BINARY_CRANE}: $(UTILITY_BIN_PATH) $(call curl-get-tool-from-tar,$(BINARY_CRANE),$(BINARY_CRANE_URL),$(BINARY_CRANE_SUM),$(BINARY_CRANE_ARCHIVE_PATH),$(BINARY_CRANE_ARCHIVE_STRIP)) diff --git a/build/make/yarn.mk b/build/make/yarn.mk index 6ff7de9..802803d 100644 --- a/build/make/yarn.mk +++ b/build/make/yarn.mk @@ -27,8 +27,8 @@ yarn-publish-ci: ## Execute yarn publish with '--non-interactive' flag to suppre node:$(NODE_VERSION) \ yarn publish --non-interactive -.PHONY yarn-publish: ## Execute yarn publish -yarn-publish: $(YARN_BUILD_TARGET) +.PHONY yarn-publish: +yarn-publish: $(YARN_BUILD_TARGET) ## Execute yarn publish @echo "Executing yarn publish..." @docker run --rm \ -u "$(UID_NR):$(GID_NR)" \ From a2a3672e6081dd47b999c807a399fdd3f15f5de0 Mon Sep 17 00:00:00 2001 From: Niklas Date: Tue, 23 Jun 2026 17:10:29 +0200 Subject: [PATCH 6/8] #263 Add support for loca k3d clusters and mixed HTTP and HTTPS registries. --- build/make/k8s-component-idp.mk | 49 +++++++++++++++++++++++++++------ 1 file changed, 41 insertions(+), 8 deletions(-) diff --git a/build/make/k8s-component-idp.mk b/build/make/k8s-component-idp.mk index 3c4b43f..16cd37a 100644 --- a/build/make/k8s-component-idp.mk +++ b/build/make/k8s-component-idp.mk @@ -2,38 +2,64 @@ NAMESPACE ?= ecosystem DEPLOYED_IDP_RELEASE_NAME ?= lop-idp IDP_WORKING_DIR ?= target IDP_CHART_DIR = $(IDP_WORKING_DIR)/$(DEPLOYED_IDP_RELEASE_NAME) +IDP_CHART_DEPENDENCY_DIR = $(IDP_WORKING_DIR)/$(DEPLOYED_IDP_RELEASE_NAME)/charts IDP_CHART_FILE = $(IDP_WORKING_DIR)/$(DEPLOYED_IDP_RELEASE_NAME)/Chart.yaml +IDP_CHART_LOCK_FILE = $(IDP_WORKING_DIR)/$(DEPLOYED_IDP_RELEASE_NAME)/Chart.lock IDP_VALUES_FILE = $(IDP_WORKING_DIR)/$(DEPLOYED_IDP_RELEASE_NAME)/values.yaml IDP_DEV_VALUES_FILE = $(IDP_WORKING_DIR)/$(DEPLOYED_IDP_RELEASE_NAME)/values-dev.yaml CES_REGISTRY_NAMESPACE_SUB = $(patsubst /%,%,$(CES_REGISTRY_NAMESPACE)) +K3D_PULL_REGISTRY_HOST_LOCAL = $(CES_REGISTRY_HOST) +K3D_PULL_REGISTRY_ARGS = "" +ifeq ($(RUNTIME_ENV),k3d) + K3D_PULL_REGISTRY_HOST_LOCAL = localhost:5002 + K3D_PULL_REGISTRY_ARGS = "--plain-http" +endif -##@ K8s - LOP-IDP development +# TODO Test with Coder and remote registry. +# Workflow: +# - Pull current IDP chart from registry (either dev registry in k3d or registry.cloudogu.com) +# - Build and push the dev chart from this artifact (e.g. usermgt) +# - Pull the dev just and inject it into the local IDP chart in charts dir. +# - Update Chart.yaml and values.yaml in local IDP chart. +# - Apply local IDP chart in cluster +# - Important: Push the local IDP chart with injected subchart to the registry so that other IDP components won't override changes. +# - Important: Do not execute a `helm dependency update` command because this will start trouble with different dependencies located in HTTP and HTTPS registries. .PHONY: helm-apply-idp -helm-apply-idp: helm-prepare-idp helm-update-idp ## Development target to deploy a single subchart from the lop-idp in the cluster. It pulls the current installed idp chart, updates the subchart and the values with dev images and updates the idp chart in the cluster. +helm-apply-idp: helm-prepare-idp helm-update-idp -.PHONY: helm-prepare-idp -helm-prepare-idp: pull-idp build-subchart-idp update-subchart-dependency-idp update-subchart-values-idp +.PHONY: helm-prepare-idp # Inject the dev chart because if the dev chart is stored in a HTTP registry and other dependencies require HTTPS the helm command will fail. +helm-prepare-idp: pull-idp build-subchart-idp helm-dependency-pull-idp update-subchart-dependency-idp update-subchart-values-idp helm-push-idp + +.PHONY: helm-push-idp +helm-push-idp: + @helm package "$(IDP_CHART_DIR)" -d "$(IDP_CHART_DIR)" + @IDP_VERSION=$$(yq '.version' "$(IDP_CHART_DIR)/Chart.yaml"); \ + helm push "$(IDP_CHART_DIR)/$(DEPLOYED_IDP_RELEASE_NAME)-$$IDP_VERSION.tgz" "oci://$(IMAGE_PUSH_REGISTRY_HOST)/$(HELM_ARTIFACT_NAMESPACE)" "$(K3D_PULL_REGISTRY_ARGS)" + +.PHONY: helm-dependency-pull-idp +helm-dependency-pull-idp: + @rm -f "$(IDP_CHART_LOCK_FILE)" + @helm pull "oci://$(K3D_PULL_REGISTRY_HOST_LOCAL)/$(HELM_ARTIFACT_NAMESPACE)/$(ARTIFACT_ID)" --version "$(COMPONENT_DEV_VERSION)" --destination "$(IDP_CHART_DEPENDENCY_DIR)" "$(K3D_PULL_REGISTRY_ARGS)" .PHONY: helm-update-idp helm-update-idp: - @helm dep up "$(IDP_CHART_DIR)" @helm -n "$(NAMESPACE)" upgrade -i "$(DEPLOYED_IDP_RELEASE_NAME)" "$(IDP_CHART_DIR)" -f "$(IDP_DEV_VALUES_FILE)" --reuse-values .PHONY: build-subchart-idp build-subchart-idp: helm-chart-import -.PHONY: update-subchart-values-idp # Overwrite this target if paths are different or multiple images are required. +.PHONY: update-subchart-values-idp # Overwrite this target if path are different or multiple images are required. update-subchart-values-idp: @echo "Updating values in $(IDP_DEV_VALUES_FILE)..." @yq -n '."$(ARTIFACT_ID)".image.registry = "$(CES_REGISTRY_HOST)"' > "$(IDP_DEV_VALUES_FILE)" # Always create a new file @yq -i '."$(ARTIFACT_ID)".image.repository = "$(CES_REGISTRY_NAMESPACE_SUB)/$(ARTIFACT_ID)/$(GIT_BRANCH)"' "$(IDP_DEV_VALUES_FILE)" - @yq -i '."$(ARTIFACT_ID)".image.tag = "$(COMPONENT_DEV_VERSION)"' "$(IDP_DEV_VALUES_FILE)" + @yq -i '."$(ARTIFACT_ID)".image.tag = "$(VERSION)"' "$(IDP_DEV_VALUES_FILE)" # Use regular version for images and no "dev" prefix with random numbers because the imagePullPolicy: Always will ensure to load the newest image in the cluster. .PHONY: update-subchart-dependency-idp update-subchart-dependency-idp: @echo "Updating subchart $(ARTIFACT_ID) in $(IDP_CHART_FILE)..." - @yq -i '(.dependencies[] | select(.name == "$(ARTIFACT_ID)")) |= (.repository = "oci://$(CES_REGISTRY_HOST)/$(HELM_ARTIFACT_NAMESPACE)" | .version = "$(COMPONENT_DEV_VERSION)")' "$(IDP_CHART_FILE)" + @yq -i '(.dependencies[] | select(.name == "$(ARTIFACT_ID)")) |= (.repository = "oci://$(K3D_PULL_REGISTRY_HOST_LOCAL)/$(HELM_ARTIFACT_NAMESPACE)" | .version = "$(COMPONENT_DEV_VERSION)")' "$(IDP_CHART_FILE)" .PHONY: pull-idp pull-idp: @@ -54,6 +80,13 @@ pull-idp: \ registryProperties=$$(kubectl -n "$(NAMESPACE)" get cm component-operator-helm-repository -o jsonpath='{.data.endpoint}{" "}{.data.schema}{" "}{.data.insecureTls}{" "}{.data.plainHttp}'); \ read -r registryEndpoint registrySchema registryInsecureTls registryPlainHttp < <(echo "$${registryProperties}"); \ + if [[ ! $${idpInstalledVersion} == *dev* ]]; then \ + registryEndpoint=registry.cloudogu.com; \ + registryPlainHttp=false; \ + elif [[ "$(RUNTIME_ENV)" == "k3d" ]]; then \ + registryEndpoint="localhost:5002"; \ + registryPlainHttp=true; \ + fi; \ echo "Using registry $${registrySchema}://$${registryEndpoint} with insecureTls $${registryInsecureTls} and plainHttp $${registryPlainHttp}"; \ \ echo "Creating working dir $(IDP_WORKING_DIR)"; \ From 3aee98471e674b4c07dbd4784cf30dce900c5d3f Mon Sep 17 00:00:00 2001 From: Niklas Date: Wed, 24 Jun 2026 14:05:21 +0200 Subject: [PATCH 7/8] #263 Add handling for non dev idp versions --- build/make/k8s-component-idp.mk | 64 +++++++++++++++------------------ 1 file changed, 29 insertions(+), 35 deletions(-) diff --git a/build/make/k8s-component-idp.mk b/build/make/k8s-component-idp.mk index 16cd37a..d24adba 100644 --- a/build/make/k8s-component-idp.mk +++ b/build/make/k8s-component-idp.mk @@ -8,43 +8,52 @@ IDP_CHART_LOCK_FILE = $(IDP_WORKING_DIR)/$(DEPLOYED_IDP_RELEASE_NAME)/Chart.lock IDP_VALUES_FILE = $(IDP_WORKING_DIR)/$(DEPLOYED_IDP_RELEASE_NAME)/values.yaml IDP_DEV_VALUES_FILE = $(IDP_WORKING_DIR)/$(DEPLOYED_IDP_RELEASE_NAME)/values-dev.yaml CES_REGISTRY_NAMESPACE_SUB = $(patsubst /%,%,$(CES_REGISTRY_NAMESPACE)) -K3D_PULL_REGISTRY_HOST_LOCAL = $(CES_REGISTRY_HOST) -K3D_PULL_REGISTRY_ARGS = "" +HELM_PULL_REGISTRY_HOST = $(CES_REGISTRY_HOST) +HELM_PULL_REGISTRY_ARGS = ifeq ($(RUNTIME_ENV),k3d) - K3D_PULL_REGISTRY_HOST_LOCAL = localhost:5002 - K3D_PULL_REGISTRY_ARGS = "--plain-http" + HELM_PULL_REGISTRY_HOST = localhost:5002 + HELM_PULL_REGISTRY_ARGS = "--plain-http" endif - -# TODO Test with Coder and remote registry. +IDP_BUILD_VERSION := $(shell date +%s) +IDP_DEV_VERSION_SUFFIX=-dev.${IDP_BUILD_VERSION} # Workflow: # - Pull current IDP chart from registry (either dev registry in k3d or registry.cloudogu.com) # - Build and push the dev chart from this artifact (e.g. usermgt) -# - Pull the dev just and inject it into the local IDP chart in charts dir. +# - Pull the dev chart and inject it into the local IDP chart in charts dir. # - Update Chart.yaml and values.yaml in local IDP chart. -# - Apply local IDP chart in cluster # - Important: Push the local IDP chart with injected subchart to the registry so that other IDP components won't override changes. # - Important: Do not execute a `helm dependency update` command because this will start trouble with different dependencies located in HTTP and HTTPS registries. +# - Apply local IDP chart in cluster .PHONY: helm-apply-idp helm-apply-idp: helm-prepare-idp helm-update-idp -.PHONY: helm-prepare-idp # Inject the dev chart because if the dev chart is stored in a HTTP registry and other dependencies require HTTPS the helm command will fail. +.PHONY: helm-prepare-idp helm-prepare-idp: pull-idp build-subchart-idp helm-dependency-pull-idp update-subchart-dependency-idp update-subchart-values-idp helm-push-idp .PHONY: helm-push-idp helm-push-idp: - @helm package "$(IDP_CHART_DIR)" -d "$(IDP_CHART_DIR)" - @IDP_VERSION=$$(yq '.version' "$(IDP_CHART_DIR)/Chart.yaml"); \ - helm push "$(IDP_CHART_DIR)/$(DEPLOYED_IDP_RELEASE_NAME)-$$IDP_VERSION.tgz" "oci://$(IMAGE_PUSH_REGISTRY_HOST)/$(HELM_ARTIFACT_NAMESPACE)" "$(K3D_PULL_REGISTRY_ARGS)" + @IDP_VERSION=$$(${BINARY_YQ} '.version' "$(IDP_CHART_FILE)"); \ + IDP_DEV_VERSION_SUFFIX="$(IDP_DEV_VERSION_SUFFIX)"; \ + if [[ ! "$$IDP_VERSION" == *dev* ]]; then \ + echo "IDP Helm-Chart is not a dev version. Changing version to dev..."; \ + IDP_VERSION="$$IDP_VERSION" IDP_DEV_VERSION_SUFFIX="$$IDP_DEV_VERSION_SUFFIX" \ + ${BINARY_YQ} -i '.version = strenv(IDP_VERSION) + strenv(IDP_DEV_VERSION_SUFFIX)' "$(IDP_CHART_FILE)"; \ + IDP_VERSION="$$IDP_VERSION$$IDP_DEV_VERSION_SUFFIX"; \ + fi; \ + IDP_PACKAGE_NAME="$(IDP_CHART_DIR)/$(DEPLOYED_IDP_RELEASE_NAME)-$$IDP_VERSION.tgz"; \ + echo "Build helm package $$IDP_PACKAGE_NAME"; \ + ${BINARY_HELM} package "$(IDP_CHART_DIR)" -d "$(IDP_CHART_DIR)";\ + ${BINARY_HELM} push "$$IDP_PACKAGE_NAME" "oci://$(IMAGE_PUSH_REGISTRY_HOST)/$(HELM_ARTIFACT_NAMESPACE)" "$(HELM_PULL_REGISTRY_ARGS)" .PHONY: helm-dependency-pull-idp helm-dependency-pull-idp: @rm -f "$(IDP_CHART_LOCK_FILE)" - @helm pull "oci://$(K3D_PULL_REGISTRY_HOST_LOCAL)/$(HELM_ARTIFACT_NAMESPACE)/$(ARTIFACT_ID)" --version "$(COMPONENT_DEV_VERSION)" --destination "$(IDP_CHART_DEPENDENCY_DIR)" "$(K3D_PULL_REGISTRY_ARGS)" + ${BINARY_HELM} pull "oci://$(HELM_PULL_REGISTRY_HOST)/$(HELM_ARTIFACT_NAMESPACE)/$(ARTIFACT_ID)" --version "$(COMPONENT_DEV_VERSION)" --destination "$(IDP_CHART_DEPENDENCY_DIR)" $(HELM_PULL_REGISTRY_ARGS) .PHONY: helm-update-idp helm-update-idp: - @helm -n "$(NAMESPACE)" upgrade -i "$(DEPLOYED_IDP_RELEASE_NAME)" "$(IDP_CHART_DIR)" -f "$(IDP_DEV_VALUES_FILE)" --reuse-values + @${BINARY_HELM} -n "$(NAMESPACE)" upgrade -i "$(DEPLOYED_IDP_RELEASE_NAME)" "$(IDP_CHART_DIR)" -f "$(IDP_DEV_VALUES_FILE)" --reuse-values .PHONY: build-subchart-idp build-subchart-idp: helm-chart-import @@ -52,32 +61,22 @@ build-subchart-idp: helm-chart-import .PHONY: update-subchart-values-idp # Overwrite this target if path are different or multiple images are required. update-subchart-values-idp: @echo "Updating values in $(IDP_DEV_VALUES_FILE)..." - @yq -n '."$(ARTIFACT_ID)".image.registry = "$(CES_REGISTRY_HOST)"' > "$(IDP_DEV_VALUES_FILE)" # Always create a new file - @yq -i '."$(ARTIFACT_ID)".image.repository = "$(CES_REGISTRY_NAMESPACE_SUB)/$(ARTIFACT_ID)/$(GIT_BRANCH)"' "$(IDP_DEV_VALUES_FILE)" - @yq -i '."$(ARTIFACT_ID)".image.tag = "$(VERSION)"' "$(IDP_DEV_VALUES_FILE)" # Use regular version for images and no "dev" prefix with random numbers because the imagePullPolicy: Always will ensure to load the newest image in the cluster. + @${BINARY_YQ} -n '."$(ARTIFACT_ID)".image.registry = "$(CES_REGISTRY_HOST)"' > "$(IDP_DEV_VALUES_FILE)" # Always create a new file + @${BINARY_YQ} -i '."$(ARTIFACT_ID)".image.repository = "$(CES_REGISTRY_NAMESPACE_SUB)/$(ARTIFACT_ID)/$(GIT_BRANCH)"' "$(IDP_DEV_VALUES_FILE)" + @${BINARY_YQ} -i '."$(ARTIFACT_ID)".image.tag = "$(VERSION)"' "$(IDP_DEV_VALUES_FILE)" # Use regular version for images and no "dev" prefix with random numbers because the imagePullPolicy: Always will ensure to load the newest image in the cluster. .PHONY: update-subchart-dependency-idp update-subchart-dependency-idp: @echo "Updating subchart $(ARTIFACT_ID) in $(IDP_CHART_FILE)..." - @yq -i '(.dependencies[] | select(.name == "$(ARTIFACT_ID)")) |= (.repository = "oci://$(K3D_PULL_REGISTRY_HOST_LOCAL)/$(HELM_ARTIFACT_NAMESPACE)" | .version = "$(COMPONENT_DEV_VERSION)")' "$(IDP_CHART_FILE)" + @${BINARY_YQ} -i '(.dependencies[] | select(.name == "$(ARTIFACT_ID)")) |= (.repository = "oci://$(HELM_PULL_REGISTRY_HOST)/$(HELM_ARTIFACT_NAMESPACE)" | .version = "$(COMPONENT_DEV_VERSION)")' "$(IDP_CHART_FILE)" .PHONY: pull-idp pull-idp: @set -euo pipefail; \ - echo "Checking IDP Component status..."; \ - idpStatus=$$(kubectl -n "$(NAMESPACE)" get comp "$(DEPLOYED_IDP_RELEASE_NAME)" --no-headers -o custom-columns=":status.status" 2>/dev/null || true); \ - if [[ "$${idpStatus}" != "installed" ]]; then \ - echo "error: IDP Component is not installed (Status: $${idpStatus})"; \ - exit 1; \ - fi; \ - echo "IDP Component status: $${idpStatus}"; \ - \ - idpInstalledVersion=$$(kubectl -n "$(NAMESPACE)" get comp "$(DEPLOYED_IDP_RELEASE_NAME)" --no-headers -o custom-columns=":status.installedVersion"); \ + idpInstalledVersion=$$(${BINARY_HELM} -n "$(NAMESPACE)" get metadata "$(DEPLOYED_IDP_RELEASE_NAME)" -o yaml | ${BINARY_YQ} '.version'); \ echo "IDP Component installed version: $${idpInstalledVersion}"; \ - \ idpRegistryNamespace=$$(kubectl -n "$(NAMESPACE)" get comp "$(DEPLOYED_IDP_RELEASE_NAME)" --no-headers -o custom-columns=":spec.namespace"); \ echo "IDP Component registry namespace: $${idpRegistryNamespace}"; \ - \ registryProperties=$$(kubectl -n "$(NAMESPACE)" get cm component-operator-helm-repository -o jsonpath='{.data.endpoint}{" "}{.data.schema}{" "}{.data.insecureTls}{" "}{.data.plainHttp}'); \ read -r registryEndpoint registrySchema registryInsecureTls registryPlainHttp < <(echo "$${registryProperties}"); \ if [[ ! $${idpInstalledVersion} == *dev* ]]; then \ @@ -88,24 +87,19 @@ pull-idp: registryPlainHttp=true; \ fi; \ echo "Using registry $${registrySchema}://$${registryEndpoint} with insecureTls $${registryInsecureTls} and plainHttp $${registryPlainHttp}"; \ - \ echo "Creating working dir $(IDP_WORKING_DIR)"; \ mkdir -p "$(IDP_WORKING_DIR)"; \ - \ if [[ -d "$(IDP_CHART_DIR)" ]]; then \ echo "Cleaning up old working chart dir"; \ rm -rf "$(IDP_CHART_DIR)"; \ fi; \ - \ tlsOption=""; \ if [[ "$${registryInsecureTls}" == "true" ]]; then \ tlsOption="--insecure-skip-tls-verify"; \ fi; \ - \ plainHttpOption=""; \ if [[ "$${registryPlainHttp}" == "true" ]]; then \ plainHttpOption="--plain-http"; \ fi; \ - \ echo "Pull IDP Helm-Chart..."; \ - helm pull --untar --destination "$(IDP_WORKING_DIR)" "$${registrySchema}://$${registryEndpoint}/$${idpRegistryNamespace}/$(DEPLOYED_IDP_RELEASE_NAME)" --version "$${idpInstalledVersion}" $${tlsOption} $${plainHttpOption} + ${BINARY_HELM} pull --untar --destination "$(IDP_WORKING_DIR)" "$${registrySchema}://$${registryEndpoint}/$${idpRegistryNamespace}/$(DEPLOYED_IDP_RELEASE_NAME)" --version "$${idpInstalledVersion}" $${tlsOption} $${plainHttpOption} From 4e22450f12a10207cce0b4e4a92819fba810e74c Mon Sep 17 00:00:00 2001 From: Niklas Date: Wed, 24 Jun 2026 14:58:01 +0200 Subject: [PATCH 8/8] #263 Delete whitespaces --- build/make/k8s-component-idp.mk | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/build/make/k8s-component-idp.mk b/build/make/k8s-component-idp.mk index d24adba..af568c7 100644 --- a/build/make/k8s-component-idp.mk +++ b/build/make/k8s-component-idp.mk @@ -33,12 +33,12 @@ helm-prepare-idp: pull-idp build-subchart-idp helm-dependency-pull-idp update-su .PHONY: helm-push-idp helm-push-idp: - @IDP_VERSION=$$(${BINARY_YQ} '.version' "$(IDP_CHART_FILE)"); \ + @IDP_VERSION=$$(${BINARY_YQ} '.version' "$(IDP_CHART_FILE)"); \ IDP_DEV_VERSION_SUFFIX="$(IDP_DEV_VERSION_SUFFIX)"; \ if [[ ! "$$IDP_VERSION" == *dev* ]]; then \ echo "IDP Helm-Chart is not a dev version. Changing version to dev..."; \ IDP_VERSION="$$IDP_VERSION" IDP_DEV_VERSION_SUFFIX="$$IDP_DEV_VERSION_SUFFIX" \ - ${BINARY_YQ} -i '.version = strenv(IDP_VERSION) + strenv(IDP_DEV_VERSION_SUFFIX)' "$(IDP_CHART_FILE)"; \ + ${BINARY_YQ} -i '.version = strenv(IDP_VERSION) + strenv(IDP_DEV_VERSION_SUFFIX)' "$(IDP_CHART_FILE)"; \ IDP_VERSION="$$IDP_VERSION$$IDP_DEV_VERSION_SUFFIX"; \ fi; \ IDP_PACKAGE_NAME="$(IDP_CHART_DIR)/$(DEPLOYED_IDP_RELEASE_NAME)-$$IDP_VERSION.tgz"; \ @@ -61,19 +61,19 @@ build-subchart-idp: helm-chart-import .PHONY: update-subchart-values-idp # Overwrite this target if path are different or multiple images are required. update-subchart-values-idp: @echo "Updating values in $(IDP_DEV_VALUES_FILE)..." - @${BINARY_YQ} -n '."$(ARTIFACT_ID)".image.registry = "$(CES_REGISTRY_HOST)"' > "$(IDP_DEV_VALUES_FILE)" # Always create a new file - @${BINARY_YQ} -i '."$(ARTIFACT_ID)".image.repository = "$(CES_REGISTRY_NAMESPACE_SUB)/$(ARTIFACT_ID)/$(GIT_BRANCH)"' "$(IDP_DEV_VALUES_FILE)" - @${BINARY_YQ} -i '."$(ARTIFACT_ID)".image.tag = "$(VERSION)"' "$(IDP_DEV_VALUES_FILE)" # Use regular version for images and no "dev" prefix with random numbers because the imagePullPolicy: Always will ensure to load the newest image in the cluster. + @${BINARY_YQ} -n '."$(ARTIFACT_ID)".image.registry = "$(CES_REGISTRY_HOST)"' > "$(IDP_DEV_VALUES_FILE)" # Always create a new file + @${BINARY_YQ} -i '."$(ARTIFACT_ID)".image.repository = "$(CES_REGISTRY_NAMESPACE_SUB)/$(ARTIFACT_ID)/$(GIT_BRANCH)"' "$(IDP_DEV_VALUES_FILE)" + @${BINARY_YQ} -i '."$(ARTIFACT_ID)".image.tag = "$(VERSION)"' "$(IDP_DEV_VALUES_FILE)" # Use regular version for images and no "dev" prefix with random numbers because the imagePullPolicy: Always will ensure to load the newest image in the cluster. .PHONY: update-subchart-dependency-idp update-subchart-dependency-idp: @echo "Updating subchart $(ARTIFACT_ID) in $(IDP_CHART_FILE)..." - @${BINARY_YQ} -i '(.dependencies[] | select(.name == "$(ARTIFACT_ID)")) |= (.repository = "oci://$(HELM_PULL_REGISTRY_HOST)/$(HELM_ARTIFACT_NAMESPACE)" | .version = "$(COMPONENT_DEV_VERSION)")' "$(IDP_CHART_FILE)" + @${BINARY_YQ} -i '(.dependencies[] | select(.name == "$(ARTIFACT_ID)")) |= (.repository = "oci://$(HELM_PULL_REGISTRY_HOST)/$(HELM_ARTIFACT_NAMESPACE)" | .version = "$(COMPONENT_DEV_VERSION)")' "$(IDP_CHART_FILE)" .PHONY: pull-idp pull-idp: @set -euo pipefail; \ - idpInstalledVersion=$$(${BINARY_HELM} -n "$(NAMESPACE)" get metadata "$(DEPLOYED_IDP_RELEASE_NAME)" -o yaml | ${BINARY_YQ} '.version'); \ + idpInstalledVersion=$$(${BINARY_HELM} -n "$(NAMESPACE)" get metadata "$(DEPLOYED_IDP_RELEASE_NAME)" -o yaml | ${BINARY_YQ} '.version'); \ echo "IDP Component installed version: $${idpInstalledVersion}"; \ idpRegistryNamespace=$$(kubectl -n "$(NAMESPACE)" get comp "$(DEPLOYED_IDP_RELEASE_NAME)" --no-headers -o custom-columns=":spec.namespace"); \ echo "IDP Component registry namespace: $${idpRegistryNamespace}"; \