Skip to content

Releases: uselagoon/lagoon

lagoon-core v2.5.0

17 Mar 05:46
2560087
Compare
Choose a tag to compare

This release is built on the https://github.com/uselagoon/lagoon-images/releases/tag/22.2.0 images

New in this release

There are three main features debuting in this release, two of which are still under development, but are in pre-release and in active use already

Bulk Deployments

This allows a Lagoon user to trigger the simultaneous deployment of multiple sites at once, and for those deployments to be automatically allocated to lagoon-remotes and stampede protection/QoS implemented in the remote-controller. These deployments come with additional updates to the UI, linking bulk deployments together, and providing an overview screen for easy tracking.

Insights (pre-release)

Insights is a remote-to-core system that collects data (currently SBOM and image data per service) from Lagoon Builds (into configMaps), and then transmits it back to a handler that stores that data into S3, and processes "key facts" into the API, stored against the environment. Additional functionality will be added to be able to analyse this data for vulnerabilities and inconsistencies, triggering alerts and data to the API. The key facts are still in development, but the underlying data model isn't expected to change.

Workflows (pre-release)

Workflows is an extension of the tasks system that allows more control over when tasks are run, what pre-conditions must exist. It's still in development, but is already in use.

Other updates

There are a number of other fixes in here, including improvements to DBaaS detection, configuration for single-node clusters, Kibana integration, rootless migration updates, GitLab MR labels, and some improvements to task logging, build logging and error tracking in deployments.

Deprecations and Updates

  • A large amount of legacy (pre-RBAC) code has been removed - this was no longer functional, and was adjudged safe to be removed
  • Kubernetes 1.22 comaptible updates have been made to the Ingresses created by Lagoon. More 1.22 work on other Lagoon aspects is also underway
  • Alpine 3.15 has been rolled out where possible to Lagoon services.

What's Changed

Full Changelog: v2.4.1...v2.5.0

lagoon-core v2.4.1

16 Feb 02:05
0c64771
Compare
Choose a tag to compare

This image is built on the https://github.com/uselagoon/lagoon-images/releases/tag/22.1.0 release

This release introduces a number of new and improved features:

  • SBOM generation per-service into namespace ConfigMap
  • Integration with the latest amazeeio/dbaas-operator - to dynamically check for presence of dbaas providers
  • Incremental build log generation - logs are sent to S3 at a number of relevant build stages
  • Collecting the pod logs from failed deployments, to help diagnose failures.
  • Retries to skopeo docker image commands to overcome transient read/write issues
  • UI updates to show DeployTarget configs, and expose metadata about lagoon-remote clusters as they pertain to environments.
  • Addition of a python-persistent helm-chart
  • Removal of the legacy billing code from the API
  • Conversion of the stored API DB procedures into knex.

What's Changed (since 2.4.0)

What's Changed (since 2.3.0)

Full Changelog: v2.3.0...v2.4.1

lagoon-core v2.4.0 - USE v2.4.1 INSTEAD

16 Feb 02:02
af3e8f6
Compare
Choose a tag to compare

The following changes are all incorporated in the 2.4.1 release - that release also contains two hotfixes to build-deploys that can cause build failures.

Use of this release may result in some mariadb services incorrectly being allocated container resources (mariadb-single) instead of the expected dbaas ones. In addition, sites that generated large ConfigMaps of their SBOM may have their builds incorrectly reported as "failing". Both these issues are resolved in v2.4.1

What's Changed

Full Changelog: v2.3.0...v2.4.0

lagoon-core v2.3.0

21 Dec 02:18
Compare
Choose a tag to compare

This is the most recent scheduled release of Lagoon, built from the https://github.com/uselagoon/lagoon-images/releases/tag/21.12.1 images

There are three main items here:

  • Support for deifining services in routerPatterns (#2953) - this will allow users (particularly those with multi-clusters) to define their own router patterns. The Lagoon default is ${service}.${environment}.${project}.clusterURL - but this can cause issues with some certificate authorities when used to secure Autogenerated routes. This PR allows the service, environment and project combination to be defined per project (or per cluster) - commonly to ${service}-${environment}-${project}.clusterURL

  • Support for Routes defined via the API (#2940) - this will allow Administrators to override, or add routes to projects without the need for them to be added to the project's .lagoon.yml file. This is especially handy from a support point of view, as well as in Polysite or Multisite applications.

  • Images from previous deployments available as cache in the build step (#2919) - this exposes some new environment variables into the Lagoon Build that provide the image reference for the previous deployment's images. These can then be loaded into your dockerfile as a cache, especially useful for builds that have submodules. There is a brief example we use for testing at https://github.com/uselagoon/lagoon/blob/main/tests/files/image-cache/Dockerfile#L17 but we will publish more information shortly

Other smaller fixes include improved logic for Drush sql-dumps, log verbosity improvements, our documentation change, cronjob fixes, storage-calculator improvements and some improvements to docker-host management.

What's Changed

Full Changelog: v2.2.4...v2.3.0

lagoon-core v2.2.4

10 Nov 22:04
51cb320
Compare
Choose a tag to compare

What's Changed

Full Changelog: v2.2.3...v2.2.4

lagoon-core v2.2.3

04 Nov 09:50
60c93fb
Compare
Choose a tag to compare

This is a hotfix release - it fixes two regressions since v2.2.0 and a long-running dashboard task incompatibility with newer Drush versions.

What's Changed

Full Changelog: v2.2.2...v2.2.3

lagoon-core v2.2.2

02 Nov 09:30
e08be8e
Compare
Choose a tag to compare

What's Changed

Full Changelog: v2.2.1...v2.2.2

lagoon-core v2.2.1

30 Oct 06:48
0878bc9
Compare
Choose a tag to compare

This release is built on the https://github.com/uselagoon/lagoon-images/releases/tag/21.10.0 images

Hotfix release for v2.2.0

What's Changed

  • fix: don't touch the sentinel file if it already exists by @smlx in #2891
  • Bump lagoon-linter version to address tls-acme validation issue by @smlx in #2893
  • Change updateEnvironment data handling by @rocketeerbkw in #2464

Full Changelog: v2.2.0...v2.2.1

lagoon-core v2.2.0

29 Oct 09:47
6068c29
Compare
Choose a tag to compare

This release is built on the https://github.com/uselagoon/lagoon-images/releases/tag/21.10.0 images

Three important Alpha stability features here:

Add default Kubernetes network policy support by @smlx in #2536

In order to better provide namespace isolation, a NetworkPolicy has been implemented to prevent inter-namespace communication. This can be enabled in a number of fashions:

  • Forced for all namespaces in the controller (via variable LAGOON_FEATURE_FLAG_FORCE_ISOLATION_NETWORK_POLICY=true)
  • Individually per project or environment (via variable LAGOON_FEATURE_FLAG_ISOLATION_NETWORK_POLICY=true)
  • Set as default for all namespaces in the controller (via variable LAGOON_FEATURE_FLAG_DEFAULT_ISOLATION_NETWORK_POLICY=true)

Implement rootless workloads by @smlx in #2481

In order to better provide protection against workloads running as root, a SecurityContext has been set for services, along with an init container that will ensure namespaces have the correct permissions in their file storage. This can be enabled in a number of fashions:

  • Forced for all namespaces in the controller (via variable LAGOON_FEATURE_FLAG_FORCE_ROOTLESS_WORKLOAD=true)
  • Individually per project or environment (via variable LAGOON_FEATURE_FLAG_ROOTLESS_WORKLOAD=true)
  • Set as default for all namespaces in the controller (via variable LAGOON_FEATURE_FLAG_DEFAULT_ROOTLESS_WORKLOAD=true)

Validate ingress annotation snippets against an allow-list by @tobybellwood in #2889

There is now a lagoon-linter step that runs as part of the build & deploy process that will inspect defined routes for correct configuration of nginx annotation snippets (in response to CVE-2021-25742. Instead of disallowing snippets entirely (which is the current recommended remediation), Lagoon has opted to utilise a linter (https://github.com/uselagoon/lagoon-linter) to process an allowlist of defined snippets. The catch here is that the linter will not lint files that are not valid YAML.

To check a .lagoon.yml file yourself, download and extract the binary from https://github.com/uselagoon/lagoon-linter/releases and run it against your .lagoon.yml file locally. If the linter exits successfully (no output), the file is ok.

What's Changed

New Contributors

Full Changelog: v2.1.0...v2.2.0

lagoon-core v2.1.0

20 Oct 09:05
4799ad0
Compare
Choose a tag to compare

This release is built on the https://github.com/uselagoon/lagoon-images/releases/tag/21.9.0 images

Create new variable for project seed by @shreddedbacon in #2859

The Lagoon team identified a situation that may arise when a jwtsecret is rotated (following good security practice). The jwtsecret was used to create a password for the k8up repository, but also used to generate that password on each run. Changing the jwtsecret changes the password, so instead we have provided a projectseed instead, that doesn't need rotating, and is therefore safer to use to create these passwords reliably. We have added backward compatibility shims both in Lagoon and in the charts used to deploy Lagoon-core that will create this projectseed from the existing jwtsecret to ensure backwards compatibility

Experimental Support for multiple deployment targets per project by @shreddedbacon in #2829

Some of this functionality is in an early release phase, and all API schema calls are marked accordingly. The primary impact is that the storage of the DeployTarget (Kubernetes cluster) is now stored against the individual environment, as opposed to the project. This allows admins to configure a set of rules that determine which environments in a project deploy to specific clusters. Once an environment is allocated a DeployTarget, that is where that environment will always deploy. To manage the implementation of this, a procedure has been added to the api-db to ensure that all environments have the correct current DeployTarget added to them.

Please ensure you run the rerun_initdb.sh script after update to update all the projects for this change.

Improvements to build and task log stability by @shreddedbacon in #2862

In this release, a new service has been added to retrieve build and task logs from the lagoon-logs exchange and upload them to the S3 files bucket (along with task uploads). The API (and the UI) then retrieve these logs from that bucket instead of Elasticsearch. The logs are still currently configured to upload to Elasticsearch as well as S3. Additionally, a minio service is configured to hold the logs in local development.

Removing defaultMeta from all user activity logs by @timclifford in #2856

We picked up a situation where the user performing an action could occasionally be attributed to future actions in the audit logs. Making the user logging action more thread-safe fixes this, and removes the erroneous replication.

add X-Robots-Tag noindex, nofollow server-snippet to all ingresses by @tobybellwood in #2867

Previously all robots control was performed in the nginx base image. This PR has brought this forward into the creation of all the auto-generated ingresses (for all service types, not just nginx). This means that development environments, and production internal URLs are all covered automatically. There is a note in the documentation about use of additional server-snippets in .lagoon.yml.

What's Changed

New Contributors

Full Changelog: v2.0.0...v2.1.0