Add dev target to apply lop idp subcharts.

CHANGELOG.md

@@ -6,11 +6,16 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 ## [Unreleased]
+### Added
+- Add support for local `k3d` development workflows in the k8s make targets.
+- Add target `helm-apply-idp` to apply a lop-idp subchart to an existing cluster.
+
 
 ## [v10.9.1] - 2026-06-09
 ### Fixed
 - [#261] Fix checkstyle format in static analysis and do not pipe stdout to the report file.
 
+
 ## [v10.9.0] - 2026-04-15
 ### Added
 - [#259] pass trivy version as parameter for coder target "trivyscanImage"

README.md

@@ -377,9 +377,26 @@ tests in `${yourProjectDir}/batsTests` (overrideable with the variable `TESTS_DI
 
 The k8s-modules support remote runtimes and container-registries.
 The environment-variable `RUNTIME_ENV`controls which runtime-environment to use:
-  * `local`: uses the local k8s-cluster at `k3ces-local` and the container-registry of this local-cluster
+  * `local`: uses the legacy local k8s-cluster at `k3ces.localdomain` and the in-cluster registry of this local cluster
+  * `k3d`: uses a local k3d cluster, pushes from the host to a writable local registry and pulls in-cluster from the proxy registry
   * `remote`: uses the currently configured cluster of the kube-config and the container-registry at `registry.cloudogu.com/testing`
 
+For `k3d`, the defaults are:
+
+- pull in-cluster via `k3d-registry-proxy.localhost:5000/local-dev`
+- push from the host via `localhost:5001/local-dev`
+- use the current kube-context unless `KUBE_CONTEXT_NAME` is set explicitly
+
+You can also set `KUBECONFIG` in the repository-local `.env`.
+If `KUBE_CONTEXT_NAME` is not set, the current context is then resolved from this kubeconfig and used for all `kubectl` and `helm` calls.
+
+The `k3d` registry endpoints can be overridden with:
+
+- `K3D_PULL_REGISTRY_HOST`
+- `K3D_PULL_REGISTRY_NAMESPACE`
+- `K3D_PUSH_REGISTRY_HOST`
+- `K3D_PUSH_REGISTRY_NAMESPACE`
+
 To manually override the kube-context the environment-variable `KUBE_CONTEXT_NAME` can be used.
 
 #### k8s.mk
@@ -462,4 +479,3 @@ This module provides a target for scanning dogu images with trivy
 
 Usage:
 `make trivyscan` or `make trivyscan SEVERITY='HIGH,CRITICAL'`
-

build/make/k8s-component-idp.mk

@@ -0,0 +1,105 @@
+NAMESPACE ?= ecosystem
+DEPLOYED_IDP_RELEASE_NAME ?= lop-idp
+IDP_WORKING_DIR ?= target
+IDP_CHART_DIR = $(IDP_WORKING_DIR)/$(DEPLOYED_IDP_RELEASE_NAME)
+IDP_CHART_DEPENDENCY_DIR = $(IDP_WORKING_DIR)/$(DEPLOYED_IDP_RELEASE_NAME)/charts
+IDP_CHART_FILE = $(IDP_WORKING_DIR)/$(DEPLOYED_IDP_RELEASE_NAME)/Chart.yaml
+IDP_CHART_LOCK_FILE = $(IDP_WORKING_DIR)/$(DEPLOYED_IDP_RELEASE_NAME)/Chart.lock
+IDP_VALUES_FILE = $(IDP_WORKING_DIR)/$(DEPLOYED_IDP_RELEASE_NAME)/values.yaml
+IDP_DEV_VALUES_FILE = $(IDP_WORKING_DIR)/$(DEPLOYED_IDP_RELEASE_NAME)/values-dev.yaml
+CES_REGISTRY_NAMESPACE_SUB = $(patsubst /%,%,$(CES_REGISTRY_NAMESPACE))
+HELM_PULL_REGISTRY_HOST = $(CES_REGISTRY_HOST)
+HELM_PULL_REGISTRY_ARGS =
+ifeq ($(RUNTIME_ENV),k3d)
+  HELM_PULL_REGISTRY_HOST = localhost:5002
+  HELM_PULL_REGISTRY_ARGS = "--plain-http"
+endif
+IDP_BUILD_VERSION := $(shell date +%s)
+IDP_DEV_VERSION_SUFFIX=-dev.${IDP_BUILD_VERSION}
+
+# Workflow:
+# - Pull current IDP chart from registry (either dev registry in k3d or registry.cloudogu.com)
+# - Build and push the dev chart from this artifact (e.g. usermgt)
+# - Pull the dev chart and inject it into the local IDP chart in charts dir.
+# - Update Chart.yaml and values.yaml in local IDP chart.
+# - Important: Push the local IDP chart with injected subchart to the registry so that other IDP components won't override changes.
+# - Important: Do not execute a `helm dependency update` command because this will start trouble with different dependencies located in HTTP and HTTPS registries.
+# - Apply local IDP chart in cluster
+.PHONY: helm-apply-idp
+helm-apply-idp: helm-prepare-idp helm-update-idp
+
+.PHONY: helm-prepare-idp
+helm-prepare-idp: pull-idp build-subchart-idp helm-dependency-pull-idp update-subchart-dependency-idp update-subchart-values-idp helm-push-idp
+
+.PHONY: helm-push-idp
+helm-push-idp:
+	@IDP_VERSION=$$(${BINARY_YQ} '.version' "$(IDP_CHART_FILE)"); \
+	IDP_DEV_VERSION_SUFFIX="$(IDP_DEV_VERSION_SUFFIX)"; \
+	if [[ ! "$$IDP_VERSION" == *dev* ]]; then \
+	  echo "IDP Helm-Chart is not a dev version. Changing version to dev..."; \
+	  IDP_VERSION="$$IDP_VERSION" IDP_DEV_VERSION_SUFFIX="$$IDP_DEV_VERSION_SUFFIX" \
+	  ${BINARY_YQ} -i '.version = strenv(IDP_VERSION) + strenv(IDP_DEV_VERSION_SUFFIX)' "$(IDP_CHART_FILE)"; \
+	  IDP_VERSION="$$IDP_VERSION$$IDP_DEV_VERSION_SUFFIX"; \
+	fi; \
+	IDP_PACKAGE_NAME="$(IDP_CHART_DIR)/$(DEPLOYED_IDP_RELEASE_NAME)-$$IDP_VERSION.tgz"; \
+	echo "Build helm package $$IDP_PACKAGE_NAME"; \
+	${BINARY_HELM} package "$(IDP_CHART_DIR)" -d "$(IDP_CHART_DIR)";\
+    ${BINARY_HELM} push "$$IDP_PACKAGE_NAME" "oci://$(IMAGE_PUSH_REGISTRY_HOST)/$(HELM_ARTIFACT_NAMESPACE)" "$(HELM_PULL_REGISTRY_ARGS)"
+
+.PHONY: helm-dependency-pull-idp
+helm-dependency-pull-idp:
+	@rm -f "$(IDP_CHART_LOCK_FILE)"
+	${BINARY_HELM} pull "oci://$(HELM_PULL_REGISTRY_HOST)/$(HELM_ARTIFACT_NAMESPACE)/$(ARTIFACT_ID)" --version "$(COMPONENT_DEV_VERSION)" --destination "$(IDP_CHART_DEPENDENCY_DIR)" $(HELM_PULL_REGISTRY_ARGS)
+
+.PHONY: helm-update-idp
+helm-update-idp:
+	@${BINARY_HELM} -n "$(NAMESPACE)" upgrade -i "$(DEPLOYED_IDP_RELEASE_NAME)" "$(IDP_CHART_DIR)" -f "$(IDP_DEV_VALUES_FILE)" --reuse-values
+
+.PHONY: build-subchart-idp
+build-subchart-idp: helm-chart-import
+
+.PHONY: update-subchart-values-idp # Overwrite this target if path are different or multiple images are required.
+update-subchart-values-idp:
+	@echo "Updating values in $(IDP_DEV_VALUES_FILE)..."
+	@${BINARY_YQ} -n '."$(ARTIFACT_ID)".image.registry = "$(CES_REGISTRY_HOST)"' > "$(IDP_DEV_VALUES_FILE)" # Always create a new file
+	@${BINARY_YQ} -i '."$(ARTIFACT_ID)".image.repository = "$(CES_REGISTRY_NAMESPACE_SUB)/$(ARTIFACT_ID)/$(GIT_BRANCH)"' "$(IDP_DEV_VALUES_FILE)"
+	@${BINARY_YQ} -i '."$(ARTIFACT_ID)".image.tag = "$(VERSION)"' "$(IDP_DEV_VALUES_FILE)" # Use regular version for images and no "dev" prefix with random numbers because the imagePullPolicy: Always will ensure to load the newest image in the cluster.
+
+.PHONY: update-subchart-dependency-idp
+update-subchart-dependency-idp:
+	@echo "Updating subchart $(ARTIFACT_ID) in $(IDP_CHART_FILE)..."
+	@${BINARY_YQ} -i '(.dependencies[] | select(.name == "$(ARTIFACT_ID)")) |= (.repository = "oci://$(HELM_PULL_REGISTRY_HOST)/$(HELM_ARTIFACT_NAMESPACE)" | .version = "$(COMPONENT_DEV_VERSION)")' "$(IDP_CHART_FILE)"
+
+.PHONY: pull-idp
+pull-idp:
+	@set -euo pipefail; \
+	idpInstalledVersion=$$(${BINARY_HELM} -n "$(NAMESPACE)" get metadata "$(DEPLOYED_IDP_RELEASE_NAME)" -o yaml | ${BINARY_YQ} '.version'); \
+	echo "IDP Component installed version: $${idpInstalledVersion}"; \
+	idpRegistryNamespace=$$(kubectl -n "$(NAMESPACE)" get comp "$(DEPLOYED_IDP_RELEASE_NAME)" --no-headers -o custom-columns=":spec.namespace"); \
+	echo "IDP Component registry namespace: $${idpRegistryNamespace}"; \
+	registryProperties=$$(kubectl -n "$(NAMESPACE)" get cm component-operator-helm-repository -o jsonpath='{.data.endpoint}{" "}{.data.schema}{" "}{.data.insecureTls}{" "}{.data.plainHttp}'); \
+	read -r registryEndpoint registrySchema registryInsecureTls registryPlainHttp < <(echo "$${registryProperties}"); \
+	if [[ ! $${idpInstalledVersion} == *dev* ]]; then \
+	  registryEndpoint=registry.cloudogu.com; \
+	  registryPlainHttp=false; \
+    elif [[ "$(RUNTIME_ENV)" == "k3d" ]]; then \
+      registryEndpoint="localhost:5002"; \
+      registryPlainHttp=true; \
+	fi; \
+	echo "Using registry $${registrySchema}://$${registryEndpoint} with insecureTls $${registryInsecureTls} and plainHttp $${registryPlainHttp}"; \
+	echo "Creating working dir $(IDP_WORKING_DIR)"; \
+	mkdir -p "$(IDP_WORKING_DIR)"; \
+	if [[ -d "$(IDP_CHART_DIR)" ]]; then \
+	  echo "Cleaning up old working chart dir"; \
+	  rm -rf "$(IDP_CHART_DIR)"; \
+	fi; \
+	tlsOption=""; \
+	if [[ "$${registryInsecureTls}" == "true" ]]; then \
+	  tlsOption="--insecure-skip-tls-verify"; \
+	fi; \
+	plainHttpOption=""; \
+	if [[ "$${registryPlainHttp}" == "true" ]]; then \
+	  plainHttpOption="--plain-http"; \
+	fi; \
+	echo "Pull IDP Helm-Chart..."; \
+	${BINARY_HELM} pull --untar --destination "$(IDP_WORKING_DIR)" "$${registrySchema}://$${registryEndpoint}/$${idpRegistryNamespace}/$(DEPLOYED_IDP_RELEASE_NAME)" --version "$${idpInstalledVersion}" $${tlsOption} $${plainHttpOption}

build/make/k8s-component.mk

@@ -9,6 +9,9 @@ endif
 ifeq (${RUNTIME_ENV}, local)
 	BINARY_HELM_ADDITIONAL_PUSH_ARGS?=--plain-http
 endif
+ifeq (${RUNTIME_ENV}, k3d)
+	BINARY_HELM_ADDITIONAL_PUSH_ARGS?=--plain-http
+endif
 BINARY_HELM_ADDITIONAL_PACK_ARGS?=
 BINARY_HELM_ADDITIONAL_UNINST_ARGS?=
 BINARY_HELM_ADDITIONAL_UPGR_ARGS?=
@@ -18,10 +21,15 @@ HELM_SOURCE_DIR ?= k8s/helm
 HELM_RELEASE_TGZ=${HELM_TARGET_DIR}/${COMPONENT_ARTIFACT_ID}-${VERSION}.tgz
 HELM_DEV_RELEASE_TGZ=${HELM_TARGET_DIR}/${COMPONENT_ARTIFACT_ID}-${COMPONENT_DEV_VERSION}.tgz
 HELM_ARTIFACT_NAMESPACE?=k8s
+HELM_PUSH_REGISTRY_HOST?=${CES_REGISTRY_HOST}
 ifeq (${RUNTIME_ENV}, remote)
 	HELM_ARTIFACT_NAMESPACE=testing/k8s
 endif
+ifeq (${RUNTIME_ENV}, k3d)
+	HELM_PUSH_REGISTRY_HOST=$(IMAGE_PUSH_REGISTRY_HOST)
+endif
 $(info HELM_ARTIFACT_NAMESPACE=$(HELM_ARTIFACT_NAMESPACE))
+$(info HELM_PUSH_REGISTRY_HOST=$(HELM_PUSH_REGISTRY_HOST))
 
 K8S_RESOURCE_COMPONENT ?= "${K8S_RESOURCE_TEMP_FOLDER}/component-${COMPONENT_ARTIFACT_ID}-${VERSION}.yaml"
 K8S_RESOURCE_COMPONENT_CR_TEMPLATE_YAML ?= $(BUILD_DIR)/make/k8s-component.tpl
@@ -98,11 +106,11 @@ helm-reinstall: helm-delete helm-apply ## Uninstalls the current helm chart and
 .PHONY: helm-chart-import
 helm-chart-import: ${CHECK_VAR_TARGETS} helm-generate helm-package ${IMAGE_IMPORT_TARGET} ## Imports the currently available chart into the cluster-local registry.
 	@if [[ ${STAGE} == "development" ]]; then \
-		echo "Import ${HELM_DEV_RELEASE_TGZ} into K8s cluster ${CES_REGISTRY_HOST}/${HELM_ARTIFACT_NAMESPACE}..."; \
-		${BINARY_HELM} push ${HELM_DEV_RELEASE_TGZ} oci://${CES_REGISTRY_HOST}/${HELM_ARTIFACT_NAMESPACE} ${BINARY_HELM_ADDITIONAL_PUSH_ARGS}; \
+		echo "Import ${HELM_DEV_RELEASE_TGZ} into K8s cluster ${HELM_PUSH_REGISTRY_HOST}/${HELM_ARTIFACT_NAMESPACE}..."; \
+		${BINARY_HELM} push ${HELM_DEV_RELEASE_TGZ} oci://${HELM_PUSH_REGISTRY_HOST}/${HELM_ARTIFACT_NAMESPACE} ${BINARY_HELM_ADDITIONAL_PUSH_ARGS}; \
 	else \
-	  	echo "Import ${HELM_RELEASE_TGZ} into K8s cluster ${CES_REGISTRY_HOST}/${HELM_ARTIFACT_NAMESPACE}..."; \
-        ${BINARY_HELM} push ${HELM_RELEASE_TGZ} oci://${CES_REGISTRY_HOST}/${HELM_ARTIFACT_NAMESPACE} ${BINARY_HELM_ADDITIONAL_PUSH_ARGS}; \
+	  	echo "Import ${HELM_RELEASE_TGZ} into K8s cluster ${HELM_PUSH_REGISTRY_HOST}/${HELM_ARTIFACT_NAMESPACE}..."; \
+        ${BINARY_HELM} push ${HELM_RELEASE_TGZ} oci://${HELM_PUSH_REGISTRY_HOST}/${HELM_ARTIFACT_NAMESPACE} ${BINARY_HELM_ADDITIONAL_PUSH_ARGS}; \
     fi
 	@echo "Done."
 
@@ -130,7 +138,7 @@ helm-delete-existing-tgz: ## Remove an existing Helm package from the target dir
 ##@ K8s - Helm lint targets
 
 .PHONY: helm-lint
-helm-lint: $(BINARY_HELM) helm-generate
+helm-lint: $(BINARY_HELM) helm-generate ## Lints the helm chart.
 	@$(BINARY_HELM) lint "${HELM_TARGET_DIR}"
 
 ##@ K8s - Component dev targets

build/make/k8s-crd.mk

@@ -38,8 +38,8 @@ crd-add-labels: $(BINARY_YQ)
 		$(BINARY_YQ) -i e ".metadata.labels.\"app.kubernetes.io/name\" = \"${ARTIFACT_CRD_ID}\"" $${file} ;\
 	done
 
-.PHONY: crd-helm-generate ## Generates the Helm CRD chart
-crd-helm-generate: ${CRD_HELM_MANIFEST_TARGET} validate-crd-chart ${HELM_CRD_TARGET_DIR}/Chart.yaml ${K8S_POST_CRD_HELM_GENERATE_TARGETS}
+.PHONY: crd-helm-generate
+crd-helm-generate: ${CRD_HELM_MANIFEST_TARGET} validate-crd-chart ${HELM_CRD_TARGET_DIR}/Chart.yaml ${K8S_POST_CRD_HELM_GENERATE_TARGETS} ## Generates the Helm CRD chart
 
 # this is phony because of it is easier this way than the makefile-single-run way
 .PHONY: ${HELM_CRD_TARGET_DIR}/Chart.yaml
@@ -90,11 +90,11 @@ ${HELM_CRD_RELEASE_TGZ}: ${BINARY_HELM} crd-helm-generate ## Generates and packa
 .PHONY: crd-helm-chart-import
 crd-helm-chart-import: ${CHECK_VAR_TARGETS} check-k8s-artifact-id crd-helm-generate crd-helm-package ## Imports the currently available Helm CRD chart into the cluster-local registry.
 	@if [[ ${STAGE} == "development" ]]; then \
-		echo "Import ${HELM_CRD_DEV_RELEASE_TGZ} into K8s cluster ${CES_REGISTRY_HOST}/${HELM_ARTIFACT_NAMESPACE}..."; \
-		${BINARY_HELM} push ${HELM_CRD_DEV_RELEASE_TGZ} oci://${CES_REGISTRY_HOST}/${HELM_ARTIFACT_NAMESPACE} ${BINARY_HELM_ADDITIONAL_PUSH_ARGS}; \
+		echo "Import ${HELM_CRD_DEV_RELEASE_TGZ} into K8s cluster ${IMAGE_PUSH_REGISTRY_HOST}/${HELM_ARTIFACT_NAMESPACE}..."; \
+		${BINARY_HELM} push ${HELM_CRD_DEV_RELEASE_TGZ} oci://${IMAGE_PUSH_REGISTRY_HOST}/${HELM_ARTIFACT_NAMESPACE} ${BINARY_HELM_ADDITIONAL_PUSH_ARGS}; \
 	else \
-	  	echo "Import ${HELM_CRD_RELEASE_TGZ} into K8s cluster ${CES_REGISTRY_HOST}/${HELM_ARTIFACT_NAMESPACE}..."; \
-        ${BINARY_HELM} push ${HELM_CRD_RELEASE_TGZ} oci://${CES_REGISTRY_HOST}/${HELM_ARTIFACT_NAMESPACE} ${BINARY_HELM_ADDITIONAL_PUSH_ARGS}; \
+	  	echo "Import ${HELM_CRD_RELEASE_TGZ} into K8s cluster ${IMAGE_PUSH_REGISTRY_HOST}/${HELM_ARTIFACT_NAMESPACE}..."; \
+        ${BINARY_HELM} push ${HELM_CRD_RELEASE_TGZ} oci://${IMAGE_PUSH_REGISTRY_HOST}/${HELM_ARTIFACT_NAMESPACE} ${BINARY_HELM_ADDITIONAL_PUSH_ARGS}; \
     fi
 	@echo "Done."