Merge remote-tracking branch 'upstream/master'

# Conflicts: # CHANGELOG.md # kicker.json

Merge remote-tracking branch 'upstream/master'
9eff7060 · Benguria Elguezabal, Gorka · 8a0d56b7 · 71e8dc76 · 9eff7060 · 9eff7060
Commit 9eff7060 authored 4 months ago by Benguria Elguezabal, Gorka
--- a/README.md
+++ b/README.md
@@ -16,7 +16,7 @@ Add the following to your `.gitlab-ci.yml`:
 ```yaml
 include:
  # 1: include the component
-  - component: $CI_SERVER_FQDN/to-be-continuous/kubernetes/gitlab-ci-k8s@6.3.0
+  - component: $CI_SERVER_FQDN/to-be-continuous/kubernetes/gitlab-ci-k8s@6.5.0
    # 2: set/override component inputs
    inputs:
      # ⚠ this is only an example
@@ -35,7 +35,7 @@ Add the following to your `.gitlab-ci.yml`:
 include:
  # 1: include the template
  - project: 'to-be-continuous/kubernetes'
-    ref: '6.3.0'
+    ref: '6.5.0'
    file: '/templates/gitlab-ci-k8s.yml'
 variables:
@@ -395,6 +395,7 @@ The Kubernetes template uses some global configuration used throughout all jobs.
 | `scripts-dir` / `K8S_SCRIPTS_DIR` | directory where k8s scripts (hook scripts) are located                                                                                                                  | `.` _(root project dir)_                                                                               |
 | `kustomize-enabled` / `K8S_KUSTOMIZE_ENABLED` | Set to `true` to force using [Kustomize](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/)                                                        | _none_ (disabled)                                                                                      |
 | `kustomize-args` / `K8S_KUSTOMIZE_ARGS` | Additional [`kubectl kustomize` options](https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands#kustomize)<br/>_for example: `--enable-helm`_ | _none_                                                                                               |
+| `create-namespace` / `K8S_CREATE_NAMESPACE_ENABLED` | Set to `true` to enable automatic namespace creation  | `false`                                                                                               |
 | `DOCKER_CONTAINER_STABLE_IMAGE` | Docker image name to use for staging/prod                                                                                                                               | **has to be defined when not chaining execution from Docker template**                                 |
 | `DOCKER_CONTAINER_UNSTABLE_IMAGE` | Docker image name to use for review                                                                                                                                     | **has to be defined when not chaining execution from Docker template**                                 |
@@ -540,12 +541,12 @@ With:
 ```yaml
 include:
  # main template
-  - component: $CI_SERVER_FQDN/to-be-continuous/kubernetes/gitlab-ci-k8s@6.3.0
+  - component: $CI_SERVER_FQDN/to-be-continuous/kubernetes/gitlab-ci-k8s@6.5.0
    inputs:
      # ⚠ oc-container image (includes required curl)
      kubectl-image: registry.hub.docker.com/docker.io/appuio/oc:v4.14
  # Vault variant
-  - component: $CI_SERVER_FQDN/to-be-continuous/kubernetes/gitlab-ci-k8s-vault@6.3.0
+  - component: $CI_SERVER_FQDN/to-be-continuous/kubernetes/gitlab-ci-k8s-vault@6.5.0
    inputs:
      # audience claim for JWT
      vault-oidc-aud: "https://vault.acme.host"
@@ -606,9 +607,9 @@ With a common default `GCP_OIDC_PROVIDER` and `GCP_OIDC_ACCOUNT` configuration f
 ```yaml
 include:
  # main template
-  - component: $CI_SERVER_FQDN/to-be-continuous/kubernetes/gitlab-ci-k8s@6.3.0
+  - component: $CI_SERVER_FQDN/to-be-continuous/kubernetes/gitlab-ci-k8s@6.5.0
  # Google Cloud variant
-  - component: $CI_SERVER_FQDN/to-be-continuous/kubernetes/gitlab-ci-k8ss-gcp@6.3.0
+  - component: $CI_SERVER_FQDN/to-be-continuous/kubernetes/gitlab-ci-k8ss-gcp@6.5.0
    inputs:
      # common OIDC config for non-prod envs
      gcp-oidc-provider: "projects/<gcp_nonprod_proj_id>/locations/global/workloadIdentityPools/<pool_id>/providers/<provider_id>"

--- a/kicker.json
+++ b/kicker.json
@@ -65,6 +65,12 @@
      "type": "array",
      "default": [],
      "advanced": true
+    },
+    {
+      "name": "K8S_CREATE_NAMESPACE_ENABLED",
+      "description": "Set to `true` to enable automatic namespace creation",
+      "type": "boolean",
+      "advanced": true
    }
  ],
  "features": [

--- a/templates/gitlab-ci-k8s-vault.yml
+++ b/templates/gitlab-ci-k8s-vault.yml
@@ -22,7 +22,7 @@ variables:
 .k8s-base:
  services:
    - name: "$TBC_TRACKING_IMAGE"
-      command: ["--service", "--port", "8082", "kubernetes", "6.3.0"]
+      command: ["--service", "--port", "8082", "kubernetes", "6.5.0"]
    - name: "$TBC_VAULT_IMAGE"
      alias: "vault-secrets-provider"
  variables:

--- a/templates/gitlab-ci-k8s.yml
+++ b/templates/gitlab-ci-k8s.yml
@@ -43,6 +43,10 @@ spec:
        _For example: `--enable-helm`_
      default: ''
+    create-namespace-enabled:
+      description: Creates the namespace, if it doesn't exist
+      type: boolean
+      default: false
    score-disabled:
      description: Disable kube-score
      type: boolean
@@ -181,9 +185,6 @@ workflow:
    - when: on_success
 variables:
-  # variabilized tracking image
-  TBC_TRACKING_IMAGE: registry.gitlab.com/to-be-continuous/tools/tracking:master
  # Docker Image with Kubernetes CLI tool (can be overridden)
  K8S_KUBECTL_IMAGE: $[[ inputs.kubectl-image ]]
  K8S_KUBE_SCORE_IMAGE: $[[ inputs.kube-score-image ]]
@@ -206,6 +207,7 @@ variables:
  K8S_ENVIRONMENT_URL: $[[ inputs.environment-url ]]
  K8S_KUSTOMIZE_ENABLED: $[[ inputs.kustomize-enabled ]]
  K8S_KUSTOMIZE_ARGS: $[[ inputs.kustomize-args ]]
+  K8S_CREATE_NAMESPACE_ENABLED: $[[ inputs.create-namespace-enabled ]]
  K8S_SCORE_DISABLED: $[[ inputs.score-disabled ]]
  K8S_SCORE_EXTRA_OPTS: $[[ inputs.score-extra-opts ]]
  K8S_REVIEW_SPACE: $[[ inputs.review-space ]]
@@ -515,6 +517,16 @@ stages:
      kubectl config use-context gitlab-k8s-cluster
    fi
+    if ! kubectl get namespace "$k8s_namespace" > /dev/null 2>&1; then
+      if [[ "${K8S_CREATE_NAMESPACE_ENABLED}" == "true" ]]
+      then
+        log_info "--- Namespace \\e[33;1m${k8s_namespace}\\e[0m does not exist: create..."
+        kubectl create namespace "$k8s_namespace" --save-config
+      else
+        log_warn "--- Namespace \\e[33;1m${k8s_namespace}\\e[0m does not exist: set K8S_CREATE_NAMESPACE_ENABLED=true to enable automatic namespace creation"
+      fi
+    fi
    kubectl config set-context --current --namespace="$k8s_namespace"
    log_info "--- \\e[32mlogin\\e[0m"
@@ -790,7 +802,7 @@ stages:
    entrypoint: [""]
  services:
    - name: "$TBC_TRACKING_IMAGE"
-      command: ["--service", "kubernetes", "6.3.0"]
+      command: ["--service", "kubernetes", "6.5.0"]
  before_script:
    - !reference [.k8s-scripts]
    - install_ca_certs "${CUSTOM_CA_CERTS:-$DEFAULT_CA_CERTS}"