diff --git a/ansible/group_vars/all/oas.yml b/ansible/group_vars/all/oas.yml
index b04ebb32586277ee4f4638fcf2ddfafef96e5262..7dede25b373b44bed73b446f256e6938fcab90ff 100644
--- a/ansible/group_vars/all/oas.yml
+++ b/ansible/group_vars/all/oas.yml
@@ -1,3 +1,4 @@
+---
# Directory to store generated configuration and cluster state.
data_directory: "/var/lib/OpenAppStack"
@@ -51,22 +52,12 @@ helm:
# (https://open.greenhost.net/openappstack/openappstack/issues/338), so we
# use a pinned version for now.
# We use the official helm install script for now which has no checksum.
- version: '3.1.1'
-
-kube_bench:
- version: 0.3.0
- checksum: 'sha256:e9ecd3be4b91ebd728caa352cf95e819ddadf8cbe5bf641da46534e1baac99a2'
+ version: 'v3.2.1'
krew:
# https://github.com/kubernetes-sigs/krew/releases
- version: '0.2.1'
- checksum: 'sha256:dc2f2e1ec8a0acb6f3e23580d4a8b38c44823e948c40342e13ff6e8e12edb15a'
-
-cert_manager:
- # cert-manager requires custom resource definitions applied before installing
- # the helm chart. See https://hub.helm.sh/charts/jetstack/cert-manager for
- # details
- crd_version: '0.14.2'
+ version: 'v0.3.4'
+ checksum: 'sha256:6629b1d7ad215322361f8dd270396fd1a23555fdbde8dcc1ba4ad860978b319a'
# If true, let the auto-update mechanism (flux) follow a cluster-local git
# repo, not one hosted on open.greenhost.net.
diff --git a/ansible/roles/apps/tasks/cert-manager.yml b/ansible/roles/apps/tasks/cert-manager.yml
index 39087850632f8fcf5b3832d2c9c25c0c41c9dc5d..3aeed4b7552d8735282e33111580605d095a998e 100644
--- a/ansible/roles/apps/tasks/cert-manager.yml
+++ b/ansible/roles/apps/tasks/cert-manager.yml
@@ -16,8 +16,3 @@
- config
- flux
- cert-manager
-
-- name: Install CRDs for cert-manager
- tags:
- - cert-manager
- command: '/snap/bin/kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/v{{ cert_manager.crd_version }}/cert-manager.crds.yaml'
diff --git a/ansible/roles/apps/tasks/core.yml b/ansible/roles/apps/tasks/core.yml
index 5508006291212afffe5e3d9d5446f210e964028d..38372617b34a8fabc2534b1d2358e7ad0d31fc2b 100644
--- a/ansible/roles/apps/tasks/core.yml
+++ b/ansible/roles/apps/tasks/core.yml
@@ -39,7 +39,7 @@
# helm-operator
# # Chart name
# helm-operator
- shell: helm upgrade --install --repo "https://charts.fluxcd.io" --namespace oas --version 1.0.1 --set helm.versions=v3 --set configureRepositories.enable=true --set configureRepositories.repositories[0].name=stable --set configureRepositories.repositories[0].url=https://kubernetes-charts.storage.googleapis.com --set configureRepositories.repositories[1].name=bitnami --set configureRepositories.repositories[1].url=https://charts.bitnami.com/bitnami --set chartsSyncInterval=20m --set statusUpdateInterval=30s helm-operator helm-operator
+ shell: helm upgrade --install --repo "https://charts.fluxcd.io" --namespace oas --version 1.1.0 --set helm.versions=v3 --set configureRepositories.enable=true --set configureRepositories.repositories[0].name=stable --set configureRepositories.repositories[0].url=https://kubernetes-charts.storage.googleapis.com --set configureRepositories.repositories[1].name=bitnami --set configureRepositories.repositories[1].url=https://charts.bitnami.com/bitnami --set chartsSyncInterval=20m --set statusUpdateInterval=30s helm-operator helm-operator
- name: Create Kubernetes secret with local-path-provisioner settings
tags:
diff --git a/ansible/roles/apps/templates/settings/cert-manager.yaml b/ansible/roles/apps/templates/settings/cert-manager.yaml
index 2b6e7e67c92450dde421657e5ba57ee57c568ccb..7b8dde5367abb6d74e095a1dc89debbc272345a9 100644
--- a/ansible/roles/apps/templates/settings/cert-manager.yaml
+++ b/ansible/roles/apps/templates/settings/cert-manager.yaml
@@ -5,3 +5,5 @@ ingressShim:
defaultIssuerName: "letsencrypt-production"
{% endif %}
defaultIssuerKind: ClusterIssuer
+
+installCRDs: true
diff --git a/ansible/roles/pre-configure/tasks/main.yml b/ansible/roles/pre-configure/tasks/main.yml
index f6181961a69872622bae4b1f7ea868ad53ae32ef..cb7b37cd41321f587f74cc2bcdb3824379296599 100644
--- a/ansible/roles/pre-configure/tasks/main.yml
+++ b/ansible/roles/pre-configure/tasks/main.yml
@@ -45,9 +45,6 @@
name: "{{ item }}"
with_items:
- python3-pip
- - python3-setuptools
- - python3-wheel
- - python3-psutil
- name: Install python packages via pip3
tags:
@@ -74,7 +71,8 @@
- name: Get current helm version
tags:
- helm
- shell: helm version | grep 'Client' | cut -d'"' -f 2 | tr -d 'v'
+ # {{ '{{' }} escapes the curly braces needed by the `--template` argument
+ shell: "helm version --template \"{{ '{{' }} .Version {{ '}}' }}\""
failed_when: false
register: helm_version
changed_when: false
@@ -95,11 +93,12 @@
force: yes
mode: '0755'
become: true
+ when: helm_version.stdout != helm.version
- name: Install helm
tags:
- helm
- command: /usr/local/bin/get-helm --version v{{ helm.version }}
+ command: /usr/local/bin/get-helm --version {{ helm.version }}
when: helm_version.stdout != helm.version
- name: Configure firewall
diff --git a/ansible/roles/setup-kubernetes/tasks/krew.yml b/ansible/roles/setup-kubernetes/tasks/krew.yml
index b6da450e403d9417e60dd8d5a79edba3aa17cf30..4b0f2fe694424981a9777c3f28c9253a10dffa6a 100644
--- a/ansible/roles/setup-kubernetes/tasks/krew.yml
+++ b/ansible/roles/setup-kubernetes/tasks/krew.yml
@@ -4,7 +4,7 @@
- kubectl
- plugin
- krew
- shell: kubectl krew version | grep GitTag | sed 's/^.*v//'
+ shell: kubectl krew version | grep GitTag | awk {'print $2'}
failed_when: false
register: krew_version
changed_when: false
@@ -23,7 +23,7 @@
- plugin
- krew
get_url:
- url: 'https://storage.googleapis.com/krew/v{{ krew.version }}/krew.tar.gz'
+ url: 'https://github.com/kubernetes-sigs/krew/releases/download/{{ krew.version }}/krew.tar.gz'
dest: '/tmp/krew.{{ krew.version }}.tar.gz'
checksum: '{{ krew.checksum }}'
when: krew_version.stdout != krew.version
@@ -34,7 +34,7 @@
- plugin
- krew
get_url:
- url: 'https://storage.googleapis.com/krew/v{{ krew.version }}/krew.yaml'
+ url: 'https://github.com/kubernetes-sigs/krew/releases/download/{{ krew.version }}/krew.yaml'
dest: '/tmp/krew.{{ krew.version }}.yaml'
when: krew_version.stdout != krew.version
diff --git a/flux/cert-manager/cert-manager.yaml b/flux/cert-manager/cert-manager.yaml
index e98c5ca591db65b915d14a62ce1173b671b541cf..950f2ddfa443631ee6cc855edd16055134f36846 100644
--- a/flux/cert-manager/cert-manager.yaml
+++ b/flux/cert-manager/cert-manager.yaml
@@ -11,7 +11,7 @@ spec:
chart:
repository: https://charts.jetstack.io
name: cert-manager
- version: 0.14.2
+ version: 0.15.1
valuesFrom:
- secretKeyRef:
name: cert-manager-settings
diff --git a/flux/oas-apps/nextcloud.yaml b/flux/oas-apps/nextcloud.yaml
index edd668f6a69bcc32041dcfe217646c7c22534c14..824c66eb29a996147312e6af59be44a5aaf169ab 100644
--- a/flux/oas-apps/nextcloud.yaml
+++ b/flux/oas-apps/nextcloud.yaml
@@ -11,7 +11,7 @@ spec:
releaseName: nc
chart:
git: https://open.greenhost.net/openappstack/nextcloud
- ref: e06a57b75be3a281680ecf1c1253094eea1ecabf
+ ref: 0.2.3
path: .
valuesFrom:
- secretKeyRef:
diff --git a/flux/oas-apps/wordpress.yaml b/flux/oas-apps/wordpress.yaml
index df98ecf28777e772758084f64b0ed62837aec2cc..e9c22bef1922fb3231867502b964d08c6ef6048f 100644
--- a/flux/oas-apps/wordpress.yaml
+++ b/flux/oas-apps/wordpress.yaml
@@ -9,7 +9,7 @@ spec:
releaseName: wordpress
chart:
git: https://code.greenhost.net/open/wordpress-helm
- ref: 85ac49b0e4914c2902ae137464951046c9c2e0c2
+ ref: 0.1.1
path: .
valuesFrom:
- secretKeyRef:
diff --git a/flux/oas/grafana.yaml b/flux/oas/grafana.yaml
index cdbb973bce8f976c3eb79fff17fc88a0cf5ff4eb..591d3828e6c501a1d4344479427e19528a7a9cd0 100644
--- a/flux/oas/grafana.yaml
+++ b/flux/oas/grafana.yaml
@@ -11,7 +11,7 @@ spec:
chart:
repository: https://kubernetes-charts.storage.googleapis.com/
name: grafana
- version: 5.0.11
+ version: 5.1.4
valuesFrom:
- secretKeyRef:
name: grafana-settings
diff --git a/flux/oas/prometheus.yaml b/flux/oas/prometheus.yaml
index 2d03f1b5a94e690b79ef14d6a5a4cb287f8666a5..1e2cb5f818f203025a99902d63a757dcafdc7d4f 100644
--- a/flux/oas/prometheus.yaml
+++ b/flux/oas/prometheus.yaml
@@ -11,7 +11,7 @@ spec:
chart:
repository: https://kubernetes-charts.storage.googleapis.com/
name: prometheus
- version: 11.0.4
+ version: 11.4.0
valuesFrom:
- secretKeyRef:
name: prometheus-settings
diff --git a/test/behave/features/grafana.feature b/test/behave/features/grafana.feature
index ff431d27944c548e7927d6542d21c72602d7b2ab..af276144ed345600983c382549a246808c984160 100644
--- a/test/behave/features/grafana.feature
+++ b/test/behave/features/grafana.feature
@@ -7,14 +7,13 @@ Scenario: Open grafana
When I open the grafana URL
Then I wait on element "//input[@name='user']" for 25000ms to be visible
And I expect that the title is "Grafana"
- And I expect that element "#inputPassword" is visible
+ And I expect that element "//input[@name='password']" is visible
And I expect that the path is "/login"
Scenario: Login to grafana
Given the element "//input[@name='user']" is visible
When I enter the "grafana" "username" in the inputfield "//input[@name='user']"
- And I enter the "grafana" "password" in the inputfield "#inputPassword"
- And I click on the button "//div[@id='login-view']//button[@type='submit']"
- Then I wait on element "div.dashboard-header" for 25000ms to be visible
+ And I enter the "grafana" "password" in the inputfield "//input[@name='password']"
+ And I click on the button "//div[@id='login-view']//button[@aria-label='Login button']"
+ Then I wait on element "sidemenu.sidemenu" for 25000ms to be visible
And I expect that the path is "/"
- And I expect that the title is "Home - Grafana"