4.1.0 release

README.md

@@ -68,7 +68,7 @@ Please review the [LICENSE](./LICENSE) in this repository for additional details
 Please note the following:
 
 - Zenhub ships with two backend technologies we call **Raptor** and **Toad**.
-- Raptor and Toad are both made up of several microservices (eg. `raptor-admin`, `raptor-api`, `toad-webhook`, etc...)
+- Raptor and Toad are both made up of several microservices (eg. `raptor-admin`, `raptor-api`, etc...)
 - Zenhub requires the use of two databases: **MongoDB** and **PostgreSQL**.
 - Zenhub requires the use of one instance of **Redis**. We recommend this instance is managed externally (internal for Zenhub as a VM) as it requires data persistence.
 - Zenhub requires the use of a message broker via **RabbitMQ**.

k8s-cluster/README.md

@@ -55,6 +55,8 @@
   - [8.4 Azure Active Directory](#84-azure-active-directory)
   - [8.5 LDAP](#85-ldap)
   - [8.6 SAML](#86-saml)
+- [9. Integrations](#9-integrations)
+  - [9.1 Notion](#91-notion)
 
 ## 1. Getting Started
 
@@ -95,9 +97,9 @@ You will need to [set up an OAuth App](https://docs.github.com/en/developers/app
 
 To get started with Zenhub, you must have an existing Kubernetes cluster set up. You should:
 
-- Be using Kubernetes (>= 1.22).
+- Be using Kubernetes (>= 1.26).
 - Have `kubectl` installed locally with credentials to access the cluster.
-- Have [`kustomize`](https://kustomize.io/) installed locally (>= 4.5.3).
+- Have [`kustomize`](https://kustomize.io/) installed locally (>= 4.5.7).
 - Create a dedicated Kubernetes namespace. Grant your user full access to that namespace.
 - Have the capability to pull Docker images from Zenhub's public Docker registry or have access to a private Docker registry where you can push images (and your cluster should have the ability to pull from that private registry).
 
@@ -880,3 +882,9 @@ Of the authentication methods listed below, the only one that is enabled by defa
     Service Provider Attribute Name mappings for the following attributes:
     - **Email**: `email`
     - **Name**: `name`
+
+## 9. Integrations
+
+### 9.1 Notion
+
+Zenhub Enterprise for K8s can be integrated with Notion to allow users to preview Notion links within Zenhub Issues. This integration is disabled by default and can be enabled by following instructions for `notion` in the main `kustomization.yaml`.

k8s-cluster/base/devsite/apps_v1_deployment_devsite.yaml

@@ -2,7 +2,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    app.kubernetes.io/version: 4.0.2
+    app.kubernetes.io/version: 4.1.0
   generation: 1
   labels:
     app.kubernetes.io/component: devsite
@@ -21,7 +21,7 @@ spec:
   template:
     metadata:
       annotations:
-        app.kubernetes.io/version: 4.0.2
+        app.kubernetes.io/version: 4.1.0
       creationTimestamp: null
       labels:
         app.kubernetes.io/component: devsite

k8s-cluster/base/gateway/configmaps.yaml

@@ -181,7 +181,7 @@ data:
   raptoradmin: raptor-admin
   socket: toad-websocket
   webapp: kraken-webapp
-  webhook: toad-webhook
+  webhook: raptor-webhook
 kind: ConfigMap
 metadata:
   labels:

k8s-cluster/base/kraken/configmaps.yaml

@@ -130,6 +130,7 @@ data:
       "isDev": false,
       "isEnterprise": true,
       "isLicenseGovernanceEnabled": false,
+      "isNotionIntegrationEnabled": false,
       "isTrackerEnabled": false,
       "isUploadFileToLocal": false,
       "loginURL": "https://%%subdomain_suffix%%.%%domain_tld%%/api/auth/github",

k8s-cluster/base/non-dynamic/set-db-ca-mounts.yaml

@@ -72,31 +72,6 @@ spec:
           secret:
             secretName: postgres-ca-bundle
 
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: toad-webhook
-spec:
-  template:
-    spec:
-      containers:
-        - name: toad-webhook
-          volumeMounts:
-            - mountPath: /var/ca-bundle/mongo
-              name: mongo-ca-bundle
-              readOnly: true
-            - mountPath: /var/ca-bundle/postgres
-              name: postgres-ca-bundle
-              readOnly: true
-      volumes:
-        - name: mongo-ca-bundle
-          secret:
-            secretName: mongo-ca-bundle
-        - name: postgres-ca-bundle
-          secret:
-            secretName: postgres-ca-bundle
-
 ---
 apiVersion: apps/v1
 kind: Deployment
@@ -269,6 +244,30 @@ spec:
           secret:
             secretName: postgres-ca-bundle
 
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: raptor-webhook
+spec:
+  template:
+    spec:
+      containers:
+        - name: raptor-webhook
+          volumeMounts:
+            - mountPath: /var/ca-bundle/mongo
+              name: mongo-ca-bundle
+              readOnly: true
+            - mountPath: /var/ca-bundle/postgres
+              name: postgres-ca-bundle
+              readOnly: true
+      volumes:
+        - name: mongo-ca-bundle
+          secret:
+            secretName: mongo-ca-bundle
+        - name: postgres-ca-bundle
+          secret:
+            secretName: postgres-ca-bundle
 
 ---
 apiVersion: batch/v1

k8s-cluster/base/non-dynamic/set-deployments-resources.yaml

@@ -150,16 +150,16 @@ spec:
               memory: 1G
 
 ---
-# toad-webhook
+# toad-worker
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: toad-webhook
+  name: toad-worker
 spec:
   template:
     spec:
       containers:
-        - name: toad-webhook
+        - name: toad-worker
           resources:
             limits:
               cpu: 1000m
@@ -169,16 +169,16 @@ spec:
               memory: 1G
 
 ---
-# toad-worker
+# raptor-webhook
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: toad-worker
+  name: raptor-webhook
 spec:
   template:
     spec:
       containers:
-        - name: toad-worker
+        - name: raptor-webhook
           resources:
             limits:
               cpu: 1000m

k8s-cluster/base/non-dynamic/set-raptor-buckets-vars.yaml

@@ -1,3 +1,52 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app.kubernetes.io/component: raptor-webhook
+  name: raptor-webhook
+spec:
+  template:
+    spec:
+      containers:
+      - name: raptor-webhook
+        env:
+          - name: GITHUB_APP_SECRET
+            valueFrom:
+              secretKeyRef:
+                key: github_app_secret
+                name: configuration
+          - name: S3_PRIVATE_SECRET_ACCESS_KEY
+            valueFrom:
+              secretKeyRef:
+                key: bucket_secret_access_key
+                name: configuration
+          - name: FILE_DOWNLOAD_URL
+            valueFrom:
+              configMapKeyRef:
+                key: zenhub_server_address
+                name: toad
+          - name: IS_UPLOAD_FILE_TO_LOCAL
+            valueFrom:
+              configMapKeyRef:
+                name: configuration
+                key: local_files
+          - name: S3_REGION
+            valueFrom:
+              configMapKeyRef:
+                key: bucket_region
+                name: configuration
+          - name: S3_PRIVATE_BUCKET
+            valueFrom:
+              configMapKeyRef:
+                key: files_bucket_name
+                name: configuration
+          - name: S3_PRIVATE_ACCESS_KEY_ID
+            valueFrom:
+              configMapKeyRef:
+                key: bucket_access_key_id
+                name: configuration
+---
 apiVersion: apps/v1
 kind: Deployment
 metadata:

k8s-cluster/base/non-dynamic/set-var-mongo-shortindex.yaml

@@ -48,23 +48,6 @@ spec:
                   name: configuration
                   key: mongo_is_documentdb
 
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: toad-webhook
-spec:
-  template:
-    spec:
-      containers:
-        - name: toad-webhook
-          env:
-            - name: MONGO_IS_DOCUMENTDB
-              valueFrom:
-                configMapKeyRef:
-                  name: configuration
-                  key: mongo_is_documentdb
-
 ---
 apiVersion: apps/v1
 kind: Deployment

k8s-cluster/base/pgbouncer/apps_v1_deployment_pgbouncer.yaml

@@ -32,7 +32,7 @@ spec:
           value: verify-full
         - name: SERVER_TLS_CA_FILE
           value: /var/ca-bundle/postgres/postgres-ca.pem
-        image: us.gcr.io/zenhub-public/pgbouncer:zhe-4.0.2
+        image: us.gcr.io/zenhub-public/pgbouncer:zhe-4.1.0
         imagePullPolicy: IfNotPresent
         lifecycle:
           preStop:

k8s-cluster/base/raptor/apps_v1_deployment_raptor-admin.yaml

@@ -249,16 +249,6 @@ spec:
             configMapKeyRef:
               key: auth_jwks_url
               name: raptor
-        - name: AUTH0_TENANT
-          valueFrom:
-            configMapKeyRef:
-              key: auth0_tenant
-              name: raptor
-        - name: AUTH0_DB_CONNECTION_NAME
-          valueFrom:
-            configMapKeyRef:
-              key: auth0_db_connection_name
-              name: raptor
         - name: MAILGUN_DOMAIN
           valueFrom:
             configMapKeyRef:
@@ -450,11 +440,6 @@ spec:
             secretKeyRef:
               key: hubspot_access_token
               name: raptor
-        - name: AUTH_ZENHUB_APP_CLIENT_ID
-          valueFrom:
-            secretKeyRef:
-              key: auth_zenhub_app_client_id
-              name: raptor
         - name: AUTH_MANAGEMENT_API_CLIENT_ID
           valueFrom:
             secretKeyRef:
@@ -545,7 +530,7 @@ spec:
         resources:
           limits:
             cpu: 987m
-            memory: 1000Mi
+            memory: 1500Mi
           requests:
             cpu: 400m
             memory: 750Mi

k8s-cluster/base/raptor/apps_v1_deployment_raptor-api-public.yaml

@@ -241,16 +241,6 @@ spec:
             configMapKeyRef:
               key: auth_jwks_url
               name: raptor
-        - name: AUTH0_TENANT
-          valueFrom:
-            configMapKeyRef:
-              key: auth0_tenant
-              name: raptor
-        - name: AUTH0_DB_CONNECTION_NAME
-          valueFrom:
-            configMapKeyRef:
-              key: auth0_db_connection_name
-              name: raptor
         - name: MAILGUN_DOMAIN
           valueFrom:
             configMapKeyRef:
@@ -442,11 +432,6 @@ spec:
             secretKeyRef:
               key: hubspot_access_token
               name: raptor
-        - name: AUTH_ZENHUB_APP_CLIENT_ID
-          valueFrom:
-            secretKeyRef:
-              key: auth_zenhub_app_client_id
-              name: raptor
         - name: AUTH_MANAGEMENT_API_CLIENT_ID
           valueFrom:
             secretKeyRef: