From c0b944cd18b1ed6a71e4006b8e69be420ee246fb Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Tue, 22 Oct 2024 11:02:40 +0300 Subject: [PATCH 01/16] onprem: 2.5.6 --- codefresh/.ci/values/values-openshift.yaml | 3 ++ codefresh/Chart.lock | 46 +++++++++++----------- codefresh/Chart.yaml | 12 +++++- 3 files changed, 36 insertions(+), 25 deletions(-) create mode 100644 codefresh/.ci/values/values-openshift.yaml diff --git a/codefresh/.ci/values/values-openshift.yaml b/codefresh/.ci/values/values-openshift.yaml new file mode 100644 index 000000000..15287b7d6 --- /dev/null +++ b/codefresh/.ci/values/values-openshift.yaml @@ -0,0 +1,3 @@ +cfapi: + podSecurityContext: + runAsUser: 1000620000 \ No newline at end of file diff --git a/codefresh/Chart.lock b/codefresh/Chart.lock index 09ca4f4bf..eb8df71a8 100644 --- a/codefresh/Chart.lock +++ b/codefresh/Chart.lock @@ -58,64 +58,64 @@ dependencies: version: 2.30.2 - name: pipeline-manager repository: oci://quay.io/codefresh/charts - version: 3.135.8 + version: 3.135.9 - name: gitops-dashboard-manager repository: oci://quay.io/codefresh/charts version: 1.14.15 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.260.39 + version: 21.260.40 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.260.39 + version: 21.260.40 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.260.39 + version: 21.260.40 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.260.39 + version: 21.260.40 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.260.39 + version: 21.260.40 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.260.39 + version: 21.260.40 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.260.39 + version: 21.260.40 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.260.39 + version: 21.260.40 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.260.39 + version: 21.260.40 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.260.39 + version: 21.260.40 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.260.39 + version: 21.260.40 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.260.39 + version: 21.260.40 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.260.39 + version: 21.260.40 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.260.39 + version: 21.260.40 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.260.39 + version: 21.260.40 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.260.39 + version: 21.260.40 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.260.39 + version: 21.260.40 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.260.39 + version: 21.260.40 - name: cfui repository: oci://quay.io/codefresh/charts version: 14.95.78 @@ -142,10 +142,10 @@ dependencies: version: 0.8.7 - name: cf-platform-analytics repository: oci://quay.io/codefresh/charts - version: 0.49.65 + version: 0.49.66 - name: cf-platform-analytics repository: oci://quay.io/codefresh/charts - version: 0.49.65 + version: 0.49.66 - name: argo-platform repository: oci://quay.io/codefresh/charts version: 1.3037.0-onprem-fb06d0a @@ -155,5 +155,5 @@ dependencies: - name: cf-oidc-provider repository: oci://quay.io/codefresh/charts version: 0.0.15 -digest: sha256:5f3103c713ddac080b88d73dbb094b2bc02406d87fda6f130bb89abdc2690e3d -generated: "2024-10-18T22:52:29.468059483+03:00" +digest: sha256:1d70af531b08b8a225aeb1bcd099a6699b2a6c343f9c70f023384e1d2a69463c +generated: "2024-10-22T10:56:07.99008+03:00" diff --git a/codefresh/Chart.yaml b/codefresh/Chart.yaml index af0063cdf..cc8a0a1a7 100644 --- a/codefresh/Chart.yaml +++ b/codefresh/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 description: Helm Chart for Codefresh On-Prem name: codefresh -version: 2.5.5 +version: 2.5.6 keywords: - codefresh home: https://codefresh.io/ @@ -19,7 +19,15 @@ annotations: # supported kinds are added, changed, deprecated, removed, fixed and security. artifacthub.io/changes: | - kind: fixed - description: "encode special characters in postgresql password (argo-platform)" + description: "permissions in cf-api for OpenShift" + links: + - name: JIRA Issue + url: https://codefresh-io.atlassian.net/browse/CR-25662 + - kind: fixed + description: "pipeline-manager memory leak" + links: + - name: JIRA Issue + url: https://codefresh-io.atlassian.net/browse/CR-25053 dependencies: - name: cf-common repository: oci://quay.io/codefresh/charts From a17d28a44f748b8786a170512147bd48f205c7be Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Tue, 22 Oct 2024 11:09:25 +0300 Subject: [PATCH 02/16] onprem: 2.5.6 --- codefresh/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/codefresh/README.md b/codefresh/README.md index c81148de5..99d1cffeb 100644 --- a/codefresh/README.md +++ b/codefresh/README.md @@ -1,6 +1,6 @@ ## Codefresh On-Premises -![Version: 2.5.5](https://img.shields.io/badge/Version-2.5.5-informational?style=flat-square) ![AppVersion: 2.5.0](https://img.shields.io/badge/AppVersion-2.5.0-informational?style=flat-square) +![Version: 2.5.6](https://img.shields.io/badge/Version-2.5.6-informational?style=flat-square) ![AppVersion: 2.5.0](https://img.shields.io/badge/AppVersion-2.5.0-informational?style=flat-square) Helm chart for deploying [Codefresh On-Premises](https://codefresh.io/docs/docs/getting-started/intro-to-codefresh/) to Kubernetes. From 96b2ebd63d383172234e0cf4ce66aa0c4ad4d934 Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Tue, 22 Oct 2024 13:53:08 +0300 Subject: [PATCH 03/16] onprem: 2.5.6 --- codefresh/templates/secrets/secret.yaml | 38 ++++++++++++------------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/codefresh/templates/secrets/secret.yaml b/codefresh/templates/secrets/secret.yaml index 06d794d84..597c8022e 100644 --- a/codefresh/templates/secrets/secret.yaml +++ b/codefresh/templates/secrets/secret.yaml @@ -7,26 +7,26 @@ metadata: name: {{ include "codefresh.fullname" . }} labels: {{ include "codefresh.labels" . | nindent 4 }} -stringData: +data: # new MONGODB_* secrets - MONGODB_HOST: {{ coalesce .Values.global.mongodbHost }} - MONGODB_PASSWORD: {{ coalesce .Values.global.mongodbPassword }} - MONGODB_USER: {{ coalesce .Values.global.mongodbUser }} - MONGODB_OPTIONS: {{ coalesce .Values.global.mongodbOptions }} - MONGODB_DATABASE: {{ coalesce .Values.global.mongodbDatabase | default "codefresh" }} - MONGODB_PROTOCOL: {{ coalesce .Values.global.mongodbProtocol | default "mongodb" }} + MONGODB_HOST: {{ coalesce .Values.global.mongodbHost | b64enc }} + MONGODB_PASSWORD: {{ coalesce .Values.global.mongodbPassword | b64enc }} + MONGODB_USER: {{ coalesce .Values.global.mongodbUser | b64enc }} + MONGODB_OPTIONS: {{ coalesce .Values.global.mongodbOptions | b64enc }} + MONGODB_DATABASE: {{ coalesce .Values.global.mongodbDatabase | default "codefresh" | b64enc }} + MONGODB_PROTOCOL: {{ coalesce .Values.global.mongodbProtocol | default "mongodb" | b64enc }} # legacy MONGODB_* secrets - MONGODB_ROOT_USER: {{ coalesce .Values.global.mongodbRootUser .Values.seed.mongoSeedJob.mongodbRootUser }} - MONGODB_ROOT_PASSWORD: {{ urlquery (coalesce .Values.global.mongodbRootPassword .Values.seed.mongoSeedJob.mongodbRootPassword) }} - MONGO_URI: {{ .Values.global.mongoURI | default "empty" }} - MONGO_URI_RE_MANAGER: {{ include (printf "%s.classic.calculateMongoUri" $libTemplateName) (dict "dbName" "runtime-environment-manager" "mongoURI" .Values.global.mongoURI) | default "empty" }} - MONGODB_RE_DATABASE: runtime-environment-manager + MONGODB_ROOT_USER: {{ coalesce .Values.global.mongodbRootUser .Values.seed.mongoSeedJob.mongodbRootUser | b64enc }} + MONGODB_ROOT_PASSWORD: {{ urlquery (coalesce .Values.global.mongodbRootPassword .Values.seed.mongoSeedJob.mongodbRootPassword) | b64enc }} + MONGO_URI: {{ .Values.global.mongoURI | default "empty" | b64enc}} + MONGO_URI_RE_MANAGER: {{ include (printf "%s.classic.calculateMongoUri" $libTemplateName) (dict "dbName" "runtime-environment-manager" "mongoURI" .Values.global.mongoURI) | default "empty" | b64enc}} + MONGODB_RE_DATABASE: {{ printf "%s" runtime-environment-manager | b64enc }} - POSTGRES_USER: {{ coalesce .Values.global.postgresUser }} - POSTGRES_PASSWORD: {{ coalesce .Values.global.postgresPassword }} - POSTGRES_SEED_USER: {{ (coalesce .Values.seed.postgresSeedJob.postgresUser .Values.global.postgresSeedJob.postgresUser) | default .Values.global.postgresUser }} - POSTGRES_SEED_PASSWORD: {{ urlquery ((coalesce .Values.seed.postgresSeedJob.postgresPassword .Values.global.postgresSeedJob.postgresPassword) | default .Values.global.postgresPassword) }} - POSTGRES_HOSTNAME: {{ default (printf "%s-%s" .Release.Name .Values.global.postgresService) .Values.global.postgresHostname }} - POSTGRES_PORT: {{ coalesce .Values.global.postgresPort | default 5432 | quote }} - POSTGRES_DATABASE: {{ .Values.global.postgresDatabase | default "codefresh" }} + POSTGRES_USER: {{ coalesce .Values.global.postgresUser | b64enc }} + POSTGRES_PASSWORD: {{ coalesce .Values.global.postgresPassword | b64enc }} + POSTGRES_SEED_USER: {{ (coalesce .Values.seed.postgresSeedJob.postgresUser .Values.global.postgresSeedJob.postgresUser) | default .Values.global.postgresUser | b64enc}} + POSTGRES_SEED_PASSWORD: {{ urlquery ((coalesce .Values.seed.postgresSeedJob.postgresPassword .Values.global.postgresSeedJob.postgresPassword) | default .Values.global.postgresPassword) | b64enc }} + POSTGRES_HOSTNAME: {{ default (printf "%s-%s" .Release.Name .Values.global.postgresService) .Values.global.postgresHostname | b64enc }} + POSTGRES_PORT: {{ coalesce .Values.global.postgresPort | default 5432 | b64enc }} + POSTGRES_DATABASE: {{ .Values.global.postgresDatabase | default "codefresh" | b64enc }} From 122e3fa35e03c0352a8b6db63d2bbabfa1863661 Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Tue, 22 Oct 2024 13:59:38 +0300 Subject: [PATCH 04/16] onprem: 2.5.6 --- codefresh/.ci/values/values-install-only.yaml | 15 +++++++-------- codefresh/templates/secrets/secret.yaml | 2 +- 2 files changed, 8 insertions(+), 9 deletions(-) diff --git a/codefresh/.ci/values/values-install-only.yaml b/codefresh/.ci/values/values-install-only.yaml index 7cb1966a8..daf376de8 100644 --- a/codefresh/.ci/values/values-install-only.yaml +++ b/codefresh/.ci/values/values-install-only.yaml @@ -1,12 +1,11 @@ # -- checking postgresql password with special characters postgresql: auth: - postgresPassword: "e%C9ar$Yka4Zb!H" + postgresPassword: "()e%C9ar$Yka4Zb!H" -secrets: - ext-postgres: - enabled: true - stringData: - postgres-hostname: cf-postgresql - postgres-password: e%C9ar$Yka4Zb!H - postgres-user: postgres +global: + postgresPassword: "()e%C9ar$Yka4Zb!H" + +seed: + postgresSeedJob: + postgresPassword: "()e%C9ar$Yka4Zb!H" \ No newline at end of file diff --git a/codefresh/templates/secrets/secret.yaml b/codefresh/templates/secrets/secret.yaml index 597c8022e..f4d4b5021 100644 --- a/codefresh/templates/secrets/secret.yaml +++ b/codefresh/templates/secrets/secret.yaml @@ -20,7 +20,7 @@ data: MONGODB_ROOT_USER: {{ coalesce .Values.global.mongodbRootUser .Values.seed.mongoSeedJob.mongodbRootUser | b64enc }} MONGODB_ROOT_PASSWORD: {{ urlquery (coalesce .Values.global.mongodbRootPassword .Values.seed.mongoSeedJob.mongodbRootPassword) | b64enc }} MONGO_URI: {{ .Values.global.mongoURI | default "empty" | b64enc}} - MONGO_URI_RE_MANAGER: {{ include (printf "%s.classic.calculateMongoUri" $libTemplateName) (dict "dbName" "runtime-environment-manager" "mongoURI" .Values.global.mongoURI) | default "empty" | b64enc}} + MONGO_URI_RE_MANAGER: {{ include (printf "%s.classic.calculateMongoUri" $libTemplateName) (dict "dbName" "runtime-environment-manager" "mongoURI" .Values.global.mongoURI) | default "empty" | b64enc }} MONGODB_RE_DATABASE: {{ printf "%s" runtime-environment-manager | b64enc }} POSTGRES_USER: {{ coalesce .Values.global.postgresUser | b64enc }} From 7d2bd6899aabe1955e4e50fca378807ce123ccbd Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Tue, 22 Oct 2024 14:05:54 +0300 Subject: [PATCH 05/16] onprem: 2.5.6 --- codefresh/templates/secrets/secret.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/codefresh/templates/secrets/secret.yaml b/codefresh/templates/secrets/secret.yaml index f4d4b5021..39affeec1 100644 --- a/codefresh/templates/secrets/secret.yaml +++ b/codefresh/templates/secrets/secret.yaml @@ -21,12 +21,12 @@ data: MONGODB_ROOT_PASSWORD: {{ urlquery (coalesce .Values.global.mongodbRootPassword .Values.seed.mongoSeedJob.mongodbRootPassword) | b64enc }} MONGO_URI: {{ .Values.global.mongoURI | default "empty" | b64enc}} MONGO_URI_RE_MANAGER: {{ include (printf "%s.classic.calculateMongoUri" $libTemplateName) (dict "dbName" "runtime-environment-manager" "mongoURI" .Values.global.mongoURI) | default "empty" | b64enc }} - MONGODB_RE_DATABASE: {{ printf "%s" runtime-environment-manager | b64enc }} + MONGODB_RE_DATABASE: {{ printf "%s" "runtime-environment-manager" | b64enc }} POSTGRES_USER: {{ coalesce .Values.global.postgresUser | b64enc }} POSTGRES_PASSWORD: {{ coalesce .Values.global.postgresPassword | b64enc }} POSTGRES_SEED_USER: {{ (coalesce .Values.seed.postgresSeedJob.postgresUser .Values.global.postgresSeedJob.postgresUser) | default .Values.global.postgresUser | b64enc}} POSTGRES_SEED_PASSWORD: {{ urlquery ((coalesce .Values.seed.postgresSeedJob.postgresPassword .Values.global.postgresSeedJob.postgresPassword) | default .Values.global.postgresPassword) | b64enc }} POSTGRES_HOSTNAME: {{ default (printf "%s-%s" .Release.Name .Values.global.postgresService) .Values.global.postgresHostname | b64enc }} - POSTGRES_PORT: {{ coalesce .Values.global.postgresPort | default 5432 | b64enc }} + POSTGRES_PORT: {{ coalesce .Values.global.postgresPort | default 5432 | quote | b64enc }} POSTGRES_DATABASE: {{ .Values.global.postgresDatabase | default "codefresh" | b64enc }} From 84bdf915bdb4563a13e66ceea4401b40cdb5a56a Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Tue, 22 Oct 2024 14:22:03 +0300 Subject: [PATCH 06/16] onprem: 2.5.6 --- codefresh/templates/secrets/secret.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/codefresh/templates/secrets/secret.yaml b/codefresh/templates/secrets/secret.yaml index 39affeec1..e0fa81259 100644 --- a/codefresh/templates/secrets/secret.yaml +++ b/codefresh/templates/secrets/secret.yaml @@ -26,7 +26,7 @@ data: POSTGRES_USER: {{ coalesce .Values.global.postgresUser | b64enc }} POSTGRES_PASSWORD: {{ coalesce .Values.global.postgresPassword | b64enc }} POSTGRES_SEED_USER: {{ (coalesce .Values.seed.postgresSeedJob.postgresUser .Values.global.postgresSeedJob.postgresUser) | default .Values.global.postgresUser | b64enc}} - POSTGRES_SEED_PASSWORD: {{ urlquery ((coalesce .Values.seed.postgresSeedJob.postgresPassword .Values.global.postgresSeedJob.postgresPassword) | default .Values.global.postgresPassword) | b64enc }} + POSTGRES_SEED_PASSWORD: {{ (coalesce .Values.seed.postgresSeedJob.postgresPassword .Values.global.postgresSeedJob.postgresPassword) | default .Values.global.postgresPassword | b64enc }} POSTGRES_HOSTNAME: {{ default (printf "%s-%s" .Release.Name .Values.global.postgresService) .Values.global.postgresHostname | b64enc }} - POSTGRES_PORT: {{ coalesce .Values.global.postgresPort | default 5432 | quote | b64enc }} + POSTGRES_PORT: {{ printf "%v" .Values.global.postgresPort | b64enc }} POSTGRES_DATABASE: {{ .Values.global.postgresDatabase | default "codefresh" | b64enc }} From 0e1b0965718e7f37608f87725d02aa53564f2b9c Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Tue, 22 Oct 2024 15:23:37 +0300 Subject: [PATCH 07/16] onprem: 2.5.6 --- codefresh/.ci/values/values-install-only.yaml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/codefresh/.ci/values/values-install-only.yaml b/codefresh/.ci/values/values-install-only.yaml index daf376de8..247a8f952 100644 --- a/codefresh/.ci/values/values-install-only.yaml +++ b/codefresh/.ci/values/values-install-only.yaml @@ -5,7 +5,11 @@ postgresql: global: postgresPassword: "()e%C9ar$Yka4Zb!H" + postgresHostnameSecretKeyRef: [] + postgresPasswordSecretKeyRef: [] + postgresUserSecretKeyRef: [] seed: postgresSeedJob: - postgresPassword: "()e%C9ar$Yka4Zb!H" \ No newline at end of file + postgresPassword: "()e%C9ar$Yka4Zb!H" + From 40ea672d857e288f9685b9eac90e89caaaa80412 Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Tue, 22 Oct 2024 15:32:32 +0300 Subject: [PATCH 08/16] onprem: 2.5.6 --- codefresh/.ci/values/values-install-only.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/codefresh/.ci/values/values-install-only.yaml b/codefresh/.ci/values/values-install-only.yaml index 247a8f952..bbb83ea24 100644 --- a/codefresh/.ci/values/values-install-only.yaml +++ b/codefresh/.ci/values/values-install-only.yaml @@ -12,4 +12,5 @@ global: seed: postgresSeedJob: postgresPassword: "()e%C9ar$Yka4Zb!H" - + postgresUserSecretKeyRef: [] + postgresPasswordSecretKeyRef: [] \ No newline at end of file From 65eb629effb82f2dae3caff5bfa5ff5f91a41c43 Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Wed, 23 Oct 2024 10:56:45 +0300 Subject: [PATCH 09/16] onprem: 2.5.6 --- codefresh/.ci/values/mtls-mongodb-redis.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/codefresh/.ci/values/mtls-mongodb-redis.yaml b/codefresh/.ci/values/mtls-mongodb-redis.yaml index 1abf5b39a..cea05a324 100644 --- a/codefresh/.ci/values/mtls-mongodb-redis.yaml +++ b/codefresh/.ci/values/mtls-mongodb-redis.yaml @@ -137,7 +137,6 @@ extraResources: kind: Service metadata: name: cf-redis - namespace: codefresh-mtls spec: ports: - name: tcp-redis From 6393948724f72cf242c3bf79ccece9b8285e6153 Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Wed, 23 Oct 2024 13:00:54 +0300 Subject: [PATCH 10/16] onprem: 2.5.6 --- codefresh/files/mongoSeedJobScript.sh | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/codefresh/files/mongoSeedJobScript.sh b/codefresh/files/mongoSeedJobScript.sh index aaf2eabe5..4315592fb 100644 --- a/codefresh/files/mongoSeedJobScript.sh +++ b/codefresh/files/mongoSeedJobScript.sh @@ -75,13 +75,13 @@ waitForMongoDB getMongoVersion for MONGODB_DATABASE in ${MONGODB_DATABASES[@]}; do - mongosh ${MONGODB_ROOT_URI} --eval "db.getSiblingDB(\"${MONGODB_DATABASE}\").createUser({user: \"${MONGODB_USER}\", pwd: \"${MONGODB_PASSWORD}\", roles: [\"readWrite\"]})" || true - mongosh ${MONGODB_ROOT_URI} --eval "db.getSiblingDB(\"${MONGODB_DATABASE}\").changeUserPassword(\"${MONGODB_USER}\",\"${MONGODB_PASSWORD}\")" || true + mongosh ${MONGODB_ROOT_URI} --eval "db.getSiblingDB(\"${MONGODB_DATABASE}\").createUser({user: \"${MONGODB_USER}\", pwd: \"${MONGODB_PASSWORD}\", roles: [\"readWrite\"]})" 2>&1 + mongosh ${MONGODB_ROOT_URI} --eval "db.getSiblingDB(\"${MONGODB_DATABASE}\").changeUserPassword(\"${MONGODB_USER}\",\"${MONGODB_PASSWORD}\")" 2>&1 done -mongosh ${MONGODB_ROOT_URI} --eval "db.getSiblingDB(\"codefresh\").grantRolesToUser( \"${MONGODB_USER}\", [ { role: \"readWrite\", db: \"pipeline-manager\" } ] )" || true -mongosh ${MONGODB_ROOT_URI} --eval "db.getSiblingDB(\"codefresh\").grantRolesToUser( \"${MONGODB_USER}\", [ { role: \"readWrite\", db: \"platform-analytics-postgres\" } ] )" || true -mongosh ${MONGODB_ROOT_URI} --eval "db.getSiblingDB(\"codefresh\").changeUserPassword(\"${MONGODB_USER}\",\"${MONGODB_PASSWORD}\")" || true +mongosh ${MONGODB_ROOT_URI} --eval "db.getSiblingDB(\"codefresh\").grantRolesToUser( \"${MONGODB_USER}\", [ { role: \"readWrite\", db: \"pipeline-manager\" } ] )" 2>&1 +mongosh ${MONGODB_ROOT_URI} --eval "db.getSiblingDB(\"codefresh\").grantRolesToUser( \"${MONGODB_USER}\", [ { role: \"readWrite\", db: \"platform-analytics-postgres\" } ] )" 2>&1 +mongosh ${MONGODB_ROOT_URI} --eval "db.getSiblingDB(\"codefresh\").changeUserPassword(\"${MONGODB_USER}\",\"${MONGODB_PASSWORD}\")" 2>&1 mongoimport --uri ${MONGO_URI} --collection idps --type json --legacy --file ${ASSETS_PATH}idps.json mongoimport --uri ${MONGO_URI} --collection accounts --type json --legacy --file ${ASSETS_PATH}accounts.json From 6633cfb64e294f7c3f83dc4dfa416e160d781b2c Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Wed, 23 Oct 2024 13:16:02 +0300 Subject: [PATCH 11/16] onprem: 2.5.6 --- codefresh/files/mongoSeedJobScript.sh | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/codefresh/files/mongoSeedJobScript.sh b/codefresh/files/mongoSeedJobScript.sh index 4315592fb..6c8a1f586 100644 --- a/codefresh/files/mongoSeedJobScript.sh +++ b/codefresh/files/mongoSeedJobScript.sh @@ -75,13 +75,13 @@ waitForMongoDB getMongoVersion for MONGODB_DATABASE in ${MONGODB_DATABASES[@]}; do - mongosh ${MONGODB_ROOT_URI} --eval "db.getSiblingDB(\"${MONGODB_DATABASE}\").createUser({user: \"${MONGODB_USER}\", pwd: \"${MONGODB_PASSWORD}\", roles: [\"readWrite\"]})" 2>&1 - mongosh ${MONGODB_ROOT_URI} --eval "db.getSiblingDB(\"${MONGODB_DATABASE}\").changeUserPassword(\"${MONGODB_USER}\",\"${MONGODB_PASSWORD}\")" 2>&1 + mongosh ${MONGODB_ROOT_URI} --eval "db.getSiblingDB(\"${MONGODB_DATABASE}\").createUser({user: \"${MONGODB_USER}\", pwd: \"${MONGODB_PASSWORD}\", roles: [\"readWrite\"]})" 2>&1 || true + mongosh ${MONGODB_ROOT_URI} --eval "db.getSiblingDB(\"${MONGODB_DATABASE}\").changeUserPassword(\"${MONGODB_USER}\",\"${MONGODB_PASSWORD}\")" 2>&1 || true done -mongosh ${MONGODB_ROOT_URI} --eval "db.getSiblingDB(\"codefresh\").grantRolesToUser( \"${MONGODB_USER}\", [ { role: \"readWrite\", db: \"pipeline-manager\" } ] )" 2>&1 -mongosh ${MONGODB_ROOT_URI} --eval "db.getSiblingDB(\"codefresh\").grantRolesToUser( \"${MONGODB_USER}\", [ { role: \"readWrite\", db: \"platform-analytics-postgres\" } ] )" 2>&1 -mongosh ${MONGODB_ROOT_URI} --eval "db.getSiblingDB(\"codefresh\").changeUserPassword(\"${MONGODB_USER}\",\"${MONGODB_PASSWORD}\")" 2>&1 +mongosh ${MONGODB_ROOT_URI} --eval "db.getSiblingDB(\"codefresh\").grantRolesToUser( \"${MONGODB_USER}\", [ { role: \"readWrite\", db: \"pipeline-manager\" } ] )" 2>&1 || true +mongosh ${MONGODB_ROOT_URI} --eval "db.getSiblingDB(\"codefresh\").grantRolesToUser( \"${MONGODB_USER}\", [ { role: \"readWrite\", db: \"platform-analytics-postgres\" } ] )" 2>&1 || true +mongosh ${MONGODB_ROOT_URI} --eval "db.getSiblingDB(\"codefresh\").changeUserPassword(\"${MONGODB_USER}\",\"${MONGODB_PASSWORD}\")" 2>&1 || true mongoimport --uri ${MONGO_URI} --collection idps --type json --legacy --file ${ASSETS_PATH}idps.json mongoimport --uri ${MONGO_URI} --collection accounts --type json --legacy --file ${ASSETS_PATH}accounts.json From 7c199ffb61382faea84d3d0159ecaf940335220a Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Wed, 23 Oct 2024 13:27:06 +0300 Subject: [PATCH 12/16] onprem: 2.5.6 --- codefresh/files/mongoSeedJobScript.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/codefresh/files/mongoSeedJobScript.sh b/codefresh/files/mongoSeedJobScript.sh index 6c8a1f586..e1ab84f4c 100644 --- a/codefresh/files/mongoSeedJobScript.sh +++ b/codefresh/files/mongoSeedJobScript.sh @@ -76,6 +76,7 @@ getMongoVersion for MONGODB_DATABASE in ${MONGODB_DATABASES[@]}; do mongosh ${MONGODB_ROOT_URI} --eval "db.getSiblingDB(\"${MONGODB_DATABASE}\").createUser({user: \"${MONGODB_USER}\", pwd: \"${MONGODB_PASSWORD}\", roles: [\"readWrite\"]})" 2>&1 || true + sleep 3 mongosh ${MONGODB_ROOT_URI} --eval "db.getSiblingDB(\"${MONGODB_DATABASE}\").changeUserPassword(\"${MONGODB_USER}\",\"${MONGODB_PASSWORD}\")" 2>&1 || true done From 23426746eeabb44863748b9b151612aacb5763e6 Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Wed, 23 Oct 2024 13:40:36 +0300 Subject: [PATCH 13/16] onprem: 2.5.6 --- codefresh/files/mongoSeedJobScript.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/codefresh/files/mongoSeedJobScript.sh b/codefresh/files/mongoSeedJobScript.sh index e1ab84f4c..3bcaf6f98 100644 --- a/codefresh/files/mongoSeedJobScript.sh +++ b/codefresh/files/mongoSeedJobScript.sh @@ -75,8 +75,9 @@ waitForMongoDB getMongoVersion for MONGODB_DATABASE in ${MONGODB_DATABASES[@]}; do + waitForMongoDB mongosh ${MONGODB_ROOT_URI} --eval "db.getSiblingDB(\"${MONGODB_DATABASE}\").createUser({user: \"${MONGODB_USER}\", pwd: \"${MONGODB_PASSWORD}\", roles: [\"readWrite\"]})" 2>&1 || true - sleep 3 + waitForMongoDB mongosh ${MONGODB_ROOT_URI} --eval "db.getSiblingDB(\"${MONGODB_DATABASE}\").changeUserPassword(\"${MONGODB_USER}\",\"${MONGODB_PASSWORD}\")" 2>&1 || true done From 5b04ca6ad06ccf74d391fa09ec85d23a76b6b620 Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Wed, 23 Oct 2024 18:26:50 +0300 Subject: [PATCH 14/16] onprem: 2.5.6 --- codefresh/.ci/values/cfapi-roles-no-rbac.yaml | 60 ------------ codefresh/.ci/values/defaults-hpa.yaml | 97 ------------------ codefresh/.ci/values/external-secrets.yaml | 98 +++++++++++++++++++ codefresh/.ci/values/values-openshift.yaml | 1 + 4 files changed, 99 insertions(+), 157 deletions(-) delete mode 100644 codefresh/.ci/values/cfapi-roles-no-rbac.yaml create mode 100644 codefresh/.ci/values/external-secrets.yaml diff --git a/codefresh/.ci/values/cfapi-roles-no-rbac.yaml b/codefresh/.ci/values/cfapi-roles-no-rbac.yaml deleted file mode 100644 index 7d03bd74e..000000000 --- a/codefresh/.ci/values/cfapi-roles-no-rbac.yaml +++ /dev/null @@ -1,60 +0,0 @@ -global: - cfapiService: cfapi-internal - cfapiEndpointsService: cfapi-endpoints - -cfapi: &cf-api - enabled: false - rbac: - namespaced: true - -cfapi-auth: - <<: *cf-api - enabled: true -cfapi-internal: - <<: *cf-api - enabled: true -cfapi-ws: - <<: *cf-api - enabled: true -cfapi-admin: - <<: *cf-api - enabled: true -cfapi-endpoints: - <<: *cf-api - enabled: true -cfapi-terminators: - <<: *cf-api - enabled: true -cfapi-sso-group-synchronizer: - <<: *cf-api - enabled: true -cfapi-buildmanager: - <<: *cf-api - enabled: true -cfapi-cacheevictmanager: - <<: *cf-api - enabled: true -cfapi-eventsmanagersubscriptions: - <<: *cf-api - enabled: true -cfapi-kubernetesresourcemonitor: - <<: *cf-api - enabled: true -cfapi-environments: - <<: *cf-api - enabled: true -cfapi-gitops-resource-receiver: - <<: *cf-api - enabled: true -cfapi-downloadlogmanager: - <<: *cf-api - enabled: true -cfapi-teams: - <<: *cf-api - enabled: true -cfapi-kubernetes-endpoints: - <<: *cf-api - enabled: true -cfapi-test-reporting: - <<: *cf-api - enabled: true diff --git a/codefresh/.ci/values/defaults-hpa.yaml b/codefresh/.ci/values/defaults-hpa.yaml index 015297ed8..8b80bdcb4 100644 --- a/codefresh/.ci/values/defaults-hpa.yaml +++ b/codefresh/.ci/values/defaults-hpa.yaml @@ -1,105 +1,8 @@ seed-e2e: enabled: true -# kinda external secrets -secrets: - ext-mongo: - enabled: true - stringData: - mongodb-host: cf-mongodb:27017 - mongodb-password: mTiXcU2wafr9 - mongodb-user: cfuser - mongodb-root-user: root - mongodb-root-password: XT9nmM8dZD - ext-postgres: - enabled: true - stringData: - postgres-hostname: cf-postgresql - postgres-password: eC9arYka4ZbH - postgres-user: postgres - ext-redis: - enabled: true - stringData: - redis-url: cf-redis-master - redis-password: hoC9szf7NtrU - ext-rabbitmq: - enabled: true - stringData: - rabbitmq-hostname: cf-rabbitmq:5672 - rabbitmq-password: cVz9ZdJKYm7u - rabbitmq-username: user - ext-firebase: - enabled: true - stringData: - firebase-url: "" # placeholder for ${FIRBASE_URL} - firebase-secret: "" # placeholder for ${FIREBASE_SECRET} - e2e-mongo-uri: - enabled: true - stringData: - mongo-uri: mongodb://cfuser:mTiXcU2wafr9@cf-mongodb:27017/codefresh - -seed: - mongoSeedJob: - mongodbRootUserSecretKeyRef: - name: cf-codefresh-ext-mongo - key: mongodb-root-user - mongodbRootPasswordSecretKeyRef: - name: cf-codefresh-ext-mongo - key: mongodb-root-password - - postgresSeedJob: - postgresUserSecretKeyRef: - name: cf-codefresh-ext-postgres - key: postgres-user - postgresPasswordSecretKeyRef: - name: cf-codefresh-ext-postgres - key: postgres-password - global: appUrl: "" # placeholder - firebaseUrlSecretKeyRef: - name: cf-codefresh-ext-firebase - key: firebase-url - firebaseSecretSecretKeyRef: - name: cf-codefresh-ext-firebase - key: firebase-secret - - mongodbUserSecretKeyRef: - name: cf-codefresh-ext-mongo - key: mongodb-user - mongodbPasswordSecretKeyRef: - name: cf-codefresh-ext-mongo - key: mongodb-password - mongodbHostSecretKeyRef: - name: cf-codefresh-ext-mongo - key: mongodb-host - - postgresHostnameSecretKeyRef: - name: cf-codefresh-ext-postgres - key: postgres-hostname - postgresPasswordSecretKeyRef: - name: cf-codefresh-ext-postgres - key: postgres-password - postgresUserSecretKeyRef: - name: cf-codefresh-ext-postgres - key: postgres-user - - rabbitmqHostnameSecretKeyRef: - name: cf-codefresh-ext-rabbitmq - key: rabbitmq-hostname - rabbitmqPasswordSecretKeyRef: - name: cf-codefresh-ext-rabbitmq - key: rabbitmq-password - rabbitmqUsernameSecretKeyRef: - name: cf-codefresh-ext-rabbitmq - key: rabbitmq-username - - redisPasswordSecretKeyRef: - name: cf-codefresh-ext-redis - key: redis-password - redisUrlSecretKeyRef: - name: cf-codefresh-ext-redis - key: redis-url cfapi: rbac: diff --git a/codefresh/.ci/values/external-secrets.yaml b/codefresh/.ci/values/external-secrets.yaml new file mode 100644 index 000000000..7f82f184c --- /dev/null +++ b/codefresh/.ci/values/external-secrets.yaml @@ -0,0 +1,98 @@ +# values to emulate external secrets +secrets: + ext-mongo: + enabled: true + stringData: + mongodb-host: cf-mongodb:27017 + mongodb-password: mTiXcU2wafr9 + mongodb-user: cfuser + mongodb-root-user: root + mongodb-root-password: XT9nmM8dZD + ext-postgres: + enabled: true + stringData: + postgres-hostname: cf-postgresql + postgres-password: eC9arYka4ZbH + postgres-user: postgres + ext-redis: + enabled: true + stringData: + redis-url: cf-redis-master + redis-password: hoC9szf7NtrU + ext-rabbitmq: + enabled: true + stringData: + rabbitmq-hostname: cf-rabbitmq:5672 + rabbitmq-password: cVz9ZdJKYm7u + rabbitmq-username: user + ext-firebase: + enabled: true + stringData: + firebase-url: "" # placeholder for ${FIRBASE_URL} + firebase-secret: "" # placeholder for ${FIREBASE_SECRET} + e2e-mongo-uri: + enabled: true + stringData: + mongo-uri: mongodb://cfuser:mTiXcU2wafr9@cf-mongodb:27017/codefresh + +seed: + mongoSeedJob: + mongodbRootUserSecretKeyRef: + name: cf-codefresh-ext-mongo + key: mongodb-root-user + mongodbRootPasswordSecretKeyRef: + name: cf-codefresh-ext-mongo + key: mongodb-root-password + + postgresSeedJob: + postgresUserSecretKeyRef: + name: cf-codefresh-ext-postgres + key: postgres-user + postgresPasswordSecretKeyRef: + name: cf-codefresh-ext-postgres + key: postgres-password + +global: + firebaseUrlSecretKeyRef: + name: cf-codefresh-ext-firebase + key: firebase-url + firebaseSecretSecretKeyRef: + name: cf-codefresh-ext-firebase + key: firebase-secret + + mongodbUserSecretKeyRef: + name: cf-codefresh-ext-mongo + key: mongodb-user + mongodbPasswordSecretKeyRef: + name: cf-codefresh-ext-mongo + key: mongodb-password + mongodbHostSecretKeyRef: + name: cf-codefresh-ext-mongo + key: mongodb-host + + postgresHostnameSecretKeyRef: + name: cf-codefresh-ext-postgres + key: postgres-hostname + postgresPasswordSecretKeyRef: + name: cf-codefresh-ext-postgres + key: postgres-password + postgresUserSecretKeyRef: + name: cf-codefresh-ext-postgres + key: postgres-user + + rabbitmqHostnameSecretKeyRef: + name: cf-codefresh-ext-rabbitmq + key: rabbitmq-hostname + rabbitmqPasswordSecretKeyRef: + name: cf-codefresh-ext-rabbitmq + key: rabbitmq-password + rabbitmqUsernameSecretKeyRef: + name: cf-codefresh-ext-rabbitmq + key: rabbitmq-username + + redisPasswordSecretKeyRef: + name: cf-codefresh-ext-redis + key: redis-password + redisUrlSecretKeyRef: + name: cf-codefresh-ext-redis + key: redis-url \ No newline at end of file diff --git a/codefresh/.ci/values/values-openshift.yaml b/codefresh/.ci/values/values-openshift.yaml index 15287b7d6..ec23e4e07 100644 --- a/codefresh/.ci/values/values-openshift.yaml +++ b/codefresh/.ci/values/values-openshift.yaml @@ -1,3 +1,4 @@ +# values provided for openshift cluster cfapi: podSecurityContext: runAsUser: 1000620000 \ No newline at end of file From 430dd1a10b8e07c0236c7f3cc146d4c26b316902 Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Wed, 23 Oct 2024 19:17:23 +0300 Subject: [PATCH 15/16] onprem: 2.5.6 --- codefresh/.ci/values/values-install-only.yaml | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/codefresh/.ci/values/values-install-only.yaml b/codefresh/.ci/values/values-install-only.yaml index bbb83ea24..daf376de8 100644 --- a/codefresh/.ci/values/values-install-only.yaml +++ b/codefresh/.ci/values/values-install-only.yaml @@ -5,12 +5,7 @@ postgresql: global: postgresPassword: "()e%C9ar$Yka4Zb!H" - postgresHostnameSecretKeyRef: [] - postgresPasswordSecretKeyRef: [] - postgresUserSecretKeyRef: [] seed: postgresSeedJob: - postgresPassword: "()e%C9ar$Yka4Zb!H" - postgresUserSecretKeyRef: [] - postgresPasswordSecretKeyRef: [] \ No newline at end of file + postgresPassword: "()e%C9ar$Yka4Zb!H" \ No newline at end of file From 236831873d67e87286ee764340e72c4cc9d982b5 Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Wed, 23 Oct 2024 23:08:56 +0300 Subject: [PATCH 16/16] onprem: 2.5.6 --- codefresh/Chart.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/codefresh/Chart.yaml b/codefresh/Chart.yaml index cc8a0a1a7..f245d8e70 100644 --- a/codefresh/Chart.yaml +++ b/codefresh/Chart.yaml @@ -28,6 +28,11 @@ annotations: links: - name: JIRA Issue url: https://codefresh-io.atlassian.net/browse/CR-25053 + - kind: fixed + description: "Secret template when postgres password contains special characters" + links: + - name: JIRA Issue + url: https://codefresh-io.atlassian.net/browse/CR-25131 dependencies: - name: cf-common repository: oci://quay.io/codefresh/charts