Lagoon v2.22: Enhanced Security, Performance, and Service Types

We are excited to announce the release of Lagoon v2.22, bringing significant improvements to security, build processes, and performance.

Enhanced Security Features

We're introducing important authentication improvements that lay the groundwork for future enhancements:

• New OIDC (OpenID Connect) client for UI authentication - enabling more secure, standardized user identity verification
• OAuth client for CLI, preparing for browser-based authentication flows
• Refined permission scoping following least privilege principles

These changes are foundational updates that won't impact current workflows but enable more secure and flexible authentication methods in upcoming releases.

Improved Build Failure Handling

We've significantly enhanced build failure visibility across all interfaces:

• More detailed build failure information in the UI, CLI, and notifications
• Enhanced GraphQL reporting
• New administrator controls for deployment validation, allowing customization of how validation errors in docker-compose.yml and lagoon.yml files are handled

$ lagoon list deployments -p example-project -e main
ID      NAME                    STATUS      BUILDSTEP                       STARTED             COMPLETED
4836    lagoon-build-rl1hm      complete    insightsCompleted   2024-11-08 06:36:06 2024-11-08 06:39:56
4835    lagoon-build-xhd5ec     complete    deployCompletedWithWarnings     2024-11-08 05:56:48 2024-11-08 06:01:41
4834    lagoon-build-ohk03c     failed  finalizingBuild     2024-11-08 04:26:19 2024-11-08 04:30:54

New Service Types

basic-single: Flexible Persistence for Any Workload

We're introducing a powerful new service type that gives you more freedom in how you architect your applications:

• Deploy any persistent service that requires dedicated storage
• Perfect for custom databases, specialized caches, or any stateful service that needs to maintain data between restarts
• Provides the same robust persistence capabilities as our database-specific types (like mariadb-single and postgres-single), but without being tied to specific technologies

This new service type reflects our commitment to flexibility - you can now bring any persistent service to Lagoon while maintaining the same reliable deployment patterns you're used to. Whether you're using a niche database technology, specialized caching solution, or any other service that needs dedicated storage, basic-single has you covered.

Here is a simplified docker-compose example that recreates the postgres-single type using basic-single - note that the port and persistent storage both need defining

postgres-16:
    image: uselagoon/postgres-16:latest
    labels:
      lagoon.type: basic-single
      lagoon.persistent: /var/lib/postgresql/data
      lagoon.persistent.size: 100Mi
      lagoon.service.port: 5432
    ports:
      - '5432'

valkey-single

A dedicated service type for valkey-based images:

• Functions identically to the current redis service
• Optimized for cache management

Major Performance and Reliability Improvements

Scalable Build Infrastructure

We've introduced a more robust and distributed build system:

• Multiple docker-host services now operate across availability zones
• Intelligent traffic distribution ensures build loads are balanced
• Built-in redundancy means more reliable build processes
• While initial builds might take slightly longer due to cache warming, subsequent builds will benefit from improved distribution and reliability

Note for existing users: Your first few builds after this update might take a bit longer while the system warms up its caches, but this is a one-time occurrence that will resolve itself with normal usage.

Streamlined Deployment Sequence

We've optimized how deployments progress through their lifecycle:

• Pre-rollout tasks now execute right before deployment, ensuring configurations are fresh
• Significantly reduced maintenance windows during deployments
• Minimized risk of configuration mismatches or database inconsistencies
• Your applications spend less time in maintenance mode, meaning better availability for your users

Technical Updates

Several infrastructure improvements have been implemented:

• Upgrade to RabbitMQ 3.12 for improved throughput and reduced latency
• NATS 2.x update in ssh-portal services
• Build and task CRDs updated to v1beta2

For Lagoon Administrators

If you're running your own Lagoon installation, please note:

• Configuration changes required for NATS updates
• CRD updates needed for latest version compatibility
• See lagoon-charts release notes for detailed upgrade instructions The full changelog can be found at:

Looking Forward

These improvements set the foundation for future enhancements, particularly in authentication flows and managed database support. We're committed to continuously improving Lagoon's performance, security, and usability.

Stay tuned for more updates, and as always, reach out to our support channels if you have any questions about these changes.