From 643db4abcb682a78b95a0e667957e5376ddd78e6 Mon Sep 17 00:00:00 2001 From: mikhail-klimko Date: Tue, 1 Oct 2024 14:38:48 +0300 Subject: [PATCH 1/8] onprem: test --- codefresh/Chart.yaml | 86 ++++++++++++++++++++------------------------ codefresh/README.md | 2 +- 2 files changed, 39 insertions(+), 49 deletions(-) diff --git a/codefresh/Chart.yaml b/codefresh/Chart.yaml index 1f1326109..2b09dfcef 100644 --- a/codefresh/Chart.yaml +++ b/codefresh/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 description: Helm Chart for Codefresh On-Prem name: codefresh -version: 2.5.1 +version: 2.5.2 keywords: - codefresh home: https://codefresh.io/ @@ -18,18 +18,8 @@ annotations: # artifacthub.io/containsSecurityUpdates: "true" # supported kinds are added, changed, deprecated, removed, fixed and security. artifacthub.io/changes: | - - kind: security - description: "Misc security fixes" - - kind: fixed - description: "(cfapi) Fix gerrit webhooks" - links: - - name: JIRA Issue - url: https://codefresh-io.atlassian.net/browse/CR-25268 - kind: changed - description: "(cfui) Remove the topbar component" - links: - - name: JIRA Issue - url: https://codefresh-io.atlassian.net/browse/CR-25035 + description: "Test" dependencies: - name: cf-common repository: oci://quay.io/codefresh/charts @@ -116,93 +106,93 @@ dependencies: condition: gitops-dashboard-manager.enabled - name: cfapi alias: cfapi - version: "~21.260.0" - repository: oci://quay.io/codefresh/charts + version: "21.262.6-add-heapsnapshot-signal" + repository: oci://quay.io/codefresh/charts/dev condition: cfapi.enabled - name: cfapi alias: cfapi-auth - version: "~21.260.0" - repository: oci://quay.io/codefresh/charts + version: "21.262.6-add-heapsnapshot-signal" + repository: oci://quay.io/codefresh/charts/dev condition: cfapi-auth.enabled - name: cfapi alias: cfapi-internal - version: "~21.260.0" - repository: oci://quay.io/codefresh/charts + version: "21.262.6-add-heapsnapshot-signal" + repository: oci://quay.io/codefresh/charts/dev condition: cfapi-internal.enabled - name: cfapi alias: cfapi-ws - version: "~21.260.0" - repository: oci://quay.io/codefresh/charts + version: "21.262.6-add-heapsnapshot-signal" + repository: oci://quay.io/codefresh/charts/dev condition: cfapi-ws.enabled - name: cfapi alias: cfapi-admin - version: "~21.260.0" - repository: oci://quay.io/codefresh/charts + version: "21.262.6-add-heapsnapshot-signal" + repository: oci://quay.io/codefresh/charts/dev condition: cfapi-admin.enabled - name: cfapi alias: cfapi-endpoints - version: "~21.260.0" - repository: oci://quay.io/codefresh/charts + version: "21.262.6-add-heapsnapshot-signal" + repository: oci://quay.io/codefresh/charts/dev condition: cfapi-endpoints.enabled - name: cfapi alias: cfapi-terminators - version: "~21.260.0" - repository: oci://quay.io/codefresh/charts + version: "21.262.6-add-heapsnapshot-signal" + repository: oci://quay.io/codefresh/charts/dev condition: cfapi-terminators.enabled - name: cfapi alias: cfapi-sso-group-synchronizer - version: "~21.260.0" - repository: oci://quay.io/codefresh/charts + version: "21.262.6-add-heapsnapshot-signal" + repository: oci://quay.io/codefresh/charts/dev condition: cfapi-sso-group-synchronizer.enabled - name: cfapi alias: cfapi-buildmanager - version: "~21.260.0" - repository: oci://quay.io/codefresh/charts + version: "21.262.6-add-heapsnapshot-signal" + repository: oci://quay.io/codefresh/charts/dev condition: cfapi-buildmanager.enabled - name: cfapi alias: cfapi-cacheevictmanager - version: "~21.260.0" - repository: oci://quay.io/codefresh/charts + version: "21.262.6-add-heapsnapshot-signal" + repository: oci://quay.io/codefresh/charts/dev condition: cfapi-cacheevictmanager.enabled - name: cfapi alias: cfapi-eventsmanagersubscriptions - version: "~21.260.0" - repository: oci://quay.io/codefresh/charts + version: "21.262.6-add-heapsnapshot-signal" + repository: oci://quay.io/codefresh/charts/dev condition: cfapi-eventsmanagersubscriptions.enabled - name: cfapi alias: cfapi-kubernetesresourcemonitor - version: "~21.260.0" - repository: oci://quay.io/codefresh/charts + version: "21.262.6-add-heapsnapshot-signal" + repository: oci://quay.io/codefresh/charts/dev condition: cfapi-kubernetesresourcemonitor.enabled - name: cfapi alias: cfapi-environments - version: "~21.260.0" - repository: oci://quay.io/codefresh/charts + version: "21.262.6-add-heapsnapshot-signal" + repository: oci://quay.io/codefresh/charts/dev condition: cfapi-environments.enabled - name: cfapi alias: cfapi-gitops-resource-receiver - version: "~21.260.0" - repository: oci://quay.io/codefresh/charts + version: "21.262.6-add-heapsnapshot-signal" + repository: oci://quay.io/codefresh/charts/dev condition: cfapi-gitops-resource-receiver.enabled - name: cfapi alias: cfapi-downloadlogmanager - version: "~21.260.0" - repository: oci://quay.io/codefresh/charts + version: "21.262.6-add-heapsnapshot-signal" + repository: oci://quay.io/codefresh/charts/dev condition: cfapi-downloadlogmanager.enabled - name: cfapi alias: cfapi-teams - version: "~21.260.0" - repository: oci://quay.io/codefresh/charts + version: "21.262.6-add-heapsnapshot-signal" + repository: oci://quay.io/codefresh/charts/dev condition: cfapi-teams.enabled - name: cfapi alias: cfapi-kubernetes-endpoints - version: "~21.260.0" - repository: oci://quay.io/codefresh/charts + version: "21.262.6-add-heapsnapshot-signal" + repository: oci://quay.io/codefresh/charts/dev condition: cfapi-kubernetes-endpoints.enabled - name: cfapi alias: cfapi-test-reporting - version: "~21.260.0" - repository: oci://quay.io/codefresh/charts + version: "21.262.6-add-heapsnapshot-signal" + repository: oci://quay.io/codefresh/charts/dev condition: cfapi-test-reporting.enabled - name: cfui version: "~14.95.0" diff --git a/codefresh/README.md b/codefresh/README.md index 94ce56113..fabc01fe3 100644 --- a/codefresh/README.md +++ b/codefresh/README.md @@ -1,6 +1,6 @@ ## Codefresh On-Premises -![Version: 2.5.1](https://img.shields.io/badge/Version-2.5.1-informational?style=flat-square) ![AppVersion: 2.5.0](https://img.shields.io/badge/AppVersion-2.5.0-informational?style=flat-square) +![Version: 2.5.2](https://img.shields.io/badge/Version-2.5.2-informational?style=flat-square) ![AppVersion: 2.5.0](https://img.shields.io/badge/AppVersion-2.5.0-informational?style=flat-square) Helm chart for deploying [Codefresh On-Premises](https://codefresh.io/docs/docs/getting-started/intro-to-codefresh/) to Kubernetes. From 51f40e2e1cf5ff21e80611be6f13d9b0dedac02a Mon Sep 17 00:00:00 2001 From: mikhail-klimko Date: Tue, 1 Oct 2024 14:57:07 +0300 Subject: [PATCH 2/8] onprem: test --- codefresh/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/codefresh/values.yaml b/codefresh/values.yaml index bb5402c70..a0e85f455 100644 --- a/codefresh/values.yaml +++ b/codefresh/values.yaml @@ -487,7 +487,7 @@ cfapi: &cf-api # -- Image image: # -- Registry prefix - registry: us-docker.pkg.dev/codefresh-enterprise/gcr.io + registry: us-docker.pkg.dev/codefresh-inc/gcr.io # -- Repository repository: codefresh/cf-api # -- Env vars From 163516e295ecf0b6327e4f7ae001d361c73aec23 Mon Sep 17 00:00:00 2001 From: mikhail-klimko Date: Tue, 1 Oct 2024 15:07:19 +0300 Subject: [PATCH 3/8] onprem: test --- codefresh/README.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/codefresh/README.md b/codefresh/README.md index fabc01fe3..fafe6c9cb 100644 --- a/codefresh/README.md +++ b/codefresh/README.md @@ -2026,12 +2026,12 @@ kubectl -n $NAMESPACE delete secret codefresh-certs-server | cf-platform-analytics-etlstarter.redis.enabled | bool | `false` | Disable redis subchart | | cf-platform-analytics-etlstarter.system-etl-postgres | object | `{"container":{"env":{"BLUE_GREEN_ENABLED":true}},"controller":{"cronjob":{"ttlSecondsAfterFinished":300}},"enabled":true}` | Only postgres ETL should be running in onprem | | cf-platform-analytics-platform | object | See below | platform-analytics | -| cfapi | object | `{"affinity":{},"container":{"env":{"AUDIT_AUTO_CREATE_DB":true,"DEFAULT_SYSTEM_TYPE":"PROJECT_ONE","GITHUB_API_PATH_PREFIX":"/api/v3","LOGGER_LEVEL":"debug","OIDC_PROVIDER_PORT":"{{ .Values.global.oidcProviderPort }}","OIDC_PROVIDER_PROTOCOL":"{{ .Values.global.oidcProviderProtocol }}","OIDC_PROVIDER_TOKEN_ENDPOINT":"{{ .Values.global.oidcProviderTokenEndpoint }}","OIDC_PROVIDER_URI":"{{ .Values.global.oidcProviderService }}","ON_PREMISE":true,"RUNTIME_MONGO_DB":"codefresh","RUNTIME_REDIS_DB":0},"image":{"registry":"us-docker.pkg.dev/codefresh-enterprise/gcr.io","repository":"codefresh/cf-api"}},"controller":{"replicas":2},"enabled":true,"hpa":{"enabled":false,"maxReplicas":10,"minReplicas":2,"targetCPUUtilizationPercentage":70},"nodeSelector":{},"pdb":{"enabled":false,"minAvailable":"50%"},"podSecurityContext":{},"resources":{"limits":{},"requests":{"cpu":"200m","memory":"256Mi"}},"secrets":{"secret":{"enabled":true,"stringData":{"OIDC_PROVIDER_CLIENT_ID":"{{ .Values.global.oidcProviderClientId }}","OIDC_PROVIDER_CLIENT_SECRET":"{{ .Values.global.oidcProviderClientSecret }}"},"type":"Opaque"}},"tolerations":[]}` | cf-api | +| cfapi | object | `{"affinity":{},"container":{"env":{"AUDIT_AUTO_CREATE_DB":true,"DEFAULT_SYSTEM_TYPE":"PROJECT_ONE","GITHUB_API_PATH_PREFIX":"/api/v3","LOGGER_LEVEL":"debug","OIDC_PROVIDER_PORT":"{{ .Values.global.oidcProviderPort }}","OIDC_PROVIDER_PROTOCOL":"{{ .Values.global.oidcProviderProtocol }}","OIDC_PROVIDER_TOKEN_ENDPOINT":"{{ .Values.global.oidcProviderTokenEndpoint }}","OIDC_PROVIDER_URI":"{{ .Values.global.oidcProviderService }}","ON_PREMISE":true,"RUNTIME_MONGO_DB":"codefresh","RUNTIME_REDIS_DB":0},"image":{"registry":"us-docker.pkg.dev/codefresh-inc/gcr.io","repository":"codefresh/cf-api"}},"controller":{"replicas":2},"enabled":true,"hpa":{"enabled":false,"maxReplicas":10,"minReplicas":2,"targetCPUUtilizationPercentage":70},"nodeSelector":{},"pdb":{"enabled":false,"minAvailable":"50%"},"podSecurityContext":{},"resources":{"limits":{},"requests":{"cpu":"200m","memory":"256Mi"}},"secrets":{"secret":{"enabled":true,"stringData":{"OIDC_PROVIDER_CLIENT_ID":"{{ .Values.global.oidcProviderClientId }}","OIDC_PROVIDER_CLIENT_SECRET":"{{ .Values.global.oidcProviderClientSecret }}"},"type":"Opaque"}},"tolerations":[]}` | cf-api | | cfapi-internal.<<.affinity | object | `{}` | | -| cfapi-internal.<<.container | object | `{"env":{"AUDIT_AUTO_CREATE_DB":true,"DEFAULT_SYSTEM_TYPE":"PROJECT_ONE","GITHUB_API_PATH_PREFIX":"/api/v3","LOGGER_LEVEL":"debug","OIDC_PROVIDER_PORT":"{{ .Values.global.oidcProviderPort }}","OIDC_PROVIDER_PROTOCOL":"{{ .Values.global.oidcProviderProtocol }}","OIDC_PROVIDER_TOKEN_ENDPOINT":"{{ .Values.global.oidcProviderTokenEndpoint }}","OIDC_PROVIDER_URI":"{{ .Values.global.oidcProviderService }}","ON_PREMISE":true,"RUNTIME_MONGO_DB":"codefresh","RUNTIME_REDIS_DB":0},"image":{"registry":"us-docker.pkg.dev/codefresh-enterprise/gcr.io","repository":"codefresh/cf-api"}}` | Container configuration | +| cfapi-internal.<<.container | object | `{"env":{"AUDIT_AUTO_CREATE_DB":true,"DEFAULT_SYSTEM_TYPE":"PROJECT_ONE","GITHUB_API_PATH_PREFIX":"/api/v3","LOGGER_LEVEL":"debug","OIDC_PROVIDER_PORT":"{{ .Values.global.oidcProviderPort }}","OIDC_PROVIDER_PROTOCOL":"{{ .Values.global.oidcProviderProtocol }}","OIDC_PROVIDER_TOKEN_ENDPOINT":"{{ .Values.global.oidcProviderTokenEndpoint }}","OIDC_PROVIDER_URI":"{{ .Values.global.oidcProviderService }}","ON_PREMISE":true,"RUNTIME_MONGO_DB":"codefresh","RUNTIME_REDIS_DB":0},"image":{"registry":"us-docker.pkg.dev/codefresh-inc/gcr.io","repository":"codefresh/cf-api"}}` | Container configuration | | cfapi-internal.<<.container.env | object | See below | Env vars | -| cfapi-internal.<<.container.image | object | `{"registry":"us-docker.pkg.dev/codefresh-enterprise/gcr.io","repository":"codefresh/cf-api"}` | Image | -| cfapi-internal.<<.container.image.registry | string | `"us-docker.pkg.dev/codefresh-enterprise/gcr.io"` | Registry prefix | +| cfapi-internal.<<.container.image | object | `{"registry":"us-docker.pkg.dev/codefresh-inc/gcr.io","repository":"codefresh/cf-api"}` | Image | +| cfapi-internal.<<.container.image.registry | string | `"us-docker.pkg.dev/codefresh-inc/gcr.io"` | Registry prefix | | cfapi-internal.<<.container.image.repository | string | `"codefresh/cf-api"` | Repository | | cfapi-internal.<<.controller | object | `{"replicas":2}` | Controller configuration | | cfapi-internal.<<.controller.replicas | int | `2` | Replicas number | @@ -2053,10 +2053,10 @@ kubectl -n $NAMESPACE delete secret codefresh-certs-server | cfapi-internal.<<.secrets.secret.type | string | `"Opaque"` | | | cfapi-internal.<<.tolerations | list | `[]` | | | cfapi-internal.enabled | bool | `false` | | -| cfapi.container | object | `{"env":{"AUDIT_AUTO_CREATE_DB":true,"DEFAULT_SYSTEM_TYPE":"PROJECT_ONE","GITHUB_API_PATH_PREFIX":"/api/v3","LOGGER_LEVEL":"debug","OIDC_PROVIDER_PORT":"{{ .Values.global.oidcProviderPort }}","OIDC_PROVIDER_PROTOCOL":"{{ .Values.global.oidcProviderProtocol }}","OIDC_PROVIDER_TOKEN_ENDPOINT":"{{ .Values.global.oidcProviderTokenEndpoint }}","OIDC_PROVIDER_URI":"{{ .Values.global.oidcProviderService }}","ON_PREMISE":true,"RUNTIME_MONGO_DB":"codefresh","RUNTIME_REDIS_DB":0},"image":{"registry":"us-docker.pkg.dev/codefresh-enterprise/gcr.io","repository":"codefresh/cf-api"}}` | Container configuration | +| cfapi.container | object | `{"env":{"AUDIT_AUTO_CREATE_DB":true,"DEFAULT_SYSTEM_TYPE":"PROJECT_ONE","GITHUB_API_PATH_PREFIX":"/api/v3","LOGGER_LEVEL":"debug","OIDC_PROVIDER_PORT":"{{ .Values.global.oidcProviderPort }}","OIDC_PROVIDER_PROTOCOL":"{{ .Values.global.oidcProviderProtocol }}","OIDC_PROVIDER_TOKEN_ENDPOINT":"{{ .Values.global.oidcProviderTokenEndpoint }}","OIDC_PROVIDER_URI":"{{ .Values.global.oidcProviderService }}","ON_PREMISE":true,"RUNTIME_MONGO_DB":"codefresh","RUNTIME_REDIS_DB":0},"image":{"registry":"us-docker.pkg.dev/codefresh-inc/gcr.io","repository":"codefresh/cf-api"}}` | Container configuration | | cfapi.container.env | object | See below | Env vars | -| cfapi.container.image | object | `{"registry":"us-docker.pkg.dev/codefresh-enterprise/gcr.io","repository":"codefresh/cf-api"}` | Image | -| cfapi.container.image.registry | string | `"us-docker.pkg.dev/codefresh-enterprise/gcr.io"` | Registry prefix | +| cfapi.container.image | object | `{"registry":"us-docker.pkg.dev/codefresh-inc/gcr.io","repository":"codefresh/cf-api"}` | Image | +| cfapi.container.image.registry | string | `"us-docker.pkg.dev/codefresh-inc/gcr.io"` | Registry prefix | | cfapi.container.image.repository | string | `"codefresh/cf-api"` | Repository | | cfapi.controller | object | `{"replicas":2}` | Controller configuration | | cfapi.controller.replicas | int | `2` | Replicas number | From 05b2d9ba68ceac50dff2a6fa0fe31faaa6afdbf0 Mon Sep 17 00:00:00 2001 From: mikhail-klimko Date: Thu, 3 Oct 2024 18:11:14 +0300 Subject: [PATCH 4/8] helm dep update --- codefresh/Chart.lock | 68 ++++++++++++++++----------------- codefresh/Chart.yaml | 88 +++++++++++++++++++++---------------------- codefresh/values.yaml | 16 ++++---- 3 files changed, 86 insertions(+), 86 deletions(-) diff --git a/codefresh/Chart.lock b/codefresh/Chart.lock index d85dd96b9..b1d6c0e26 100644 --- a/codefresh/Chart.lock +++ b/codefresh/Chart.lock @@ -7,7 +7,7 @@ dependencies: version: 0.9.0 - name: consul repository: https://charts.bitnami.com/bitnami - version: 11.3.13 + version: 11.3.16 - name: mongodb repository: https://charts.bitnami.com/bitnami version: 14.4.1 @@ -19,16 +19,16 @@ dependencies: version: 12.0.4 - name: redis repository: https://charts.bitnami.com/bitnami - version: 20.0.3 + version: 20.1.7 - name: redis-ha repository: https://dandydeveloper.github.io/charts version: 4.26.1 - name: rabbitmq repository: https://charts.bitnami.com/bitnami - version: 14.6.9 + version: 15.0.1 - name: nats repository: https://charts.bitnami.com/bitnami - version: 8.3.2 + version: 8.4.4 - name: builder repository: oci://quay.io/codefresh/charts version: 1.3.0 @@ -37,7 +37,7 @@ dependencies: version: 1.3.0 - name: ingress-nginx repository: https://kubernetes.github.io/ingress-nginx - version: 4.10.0 + version: 4.11.2 - name: cluster-providers repository: oci://quay.io/codefresh/charts version: 1.17.8 @@ -46,7 +46,7 @@ dependencies: version: 1.31.9 - name: charts-manager repository: oci://quay.io/codefresh/charts - version: 1.18.1 + version: 1.18.2 - name: cfsign repository: oci://quay.io/codefresh/charts version: 1.8.4 @@ -55,73 +55,73 @@ dependencies: version: 1.26.10 - name: context-manager repository: oci://quay.io/codefresh/charts - version: 2.30.1 + version: 2.30.2 - name: pipeline-manager repository: oci://quay.io/codefresh/charts - version: 3.135.7 + version: 3.135.8 - name: gitops-dashboard-manager repository: oci://quay.io/codefresh/charts version: 1.14.15 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.260.38 + version: 21.260.39 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.260.38 + version: 21.260.39 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.260.38 + version: 21.260.39 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.260.38 + version: 21.260.39 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.260.38 + version: 21.260.39 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.260.38 + version: 21.260.39 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.260.38 + version: 21.260.39 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.260.38 + version: 21.260.39 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.260.38 + version: 21.260.39 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.260.38 + version: 21.260.39 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.260.38 + version: 21.260.39 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.260.38 + version: 21.260.39 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.260.38 + version: 21.260.39 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.260.38 + version: 21.260.39 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.260.38 + version: 21.260.39 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.260.38 + version: 21.260.39 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.260.38 + version: 21.260.39 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.260.38 + version: 21.260.39 - name: cfui repository: oci://quay.io/codefresh/charts - version: 14.95.76 + version: 14.95.77 - name: k8s-monitor repository: oci://quay.io/codefresh/charts - version: 4.11.7 + version: 4.11.8 - name: runtime-environment-manager repository: oci://quay.io/codefresh/charts version: 3.36.3 @@ -142,18 +142,18 @@ dependencies: version: 0.8.7 - name: cf-platform-analytics repository: oci://quay.io/codefresh/charts - version: 0.49.62 + version: 0.49.63 - name: cf-platform-analytics repository: oci://quay.io/codefresh/charts - version: 0.49.62 + version: 0.49.63 - name: argo-platform repository: oci://quay.io/codefresh/charts - version: 1.3035.0 + version: 1.3036.0-onprem-10b556f - name: argo-hub-platform repository: oci://quay.io/codefresh/charts - version: 0.1.15 + version: 0.1.16 - name: cf-oidc-provider repository: oci://quay.io/codefresh/charts version: 0.0.15 -digest: sha256:7ee9e7903f3afb3f0c8dbcda015126c2b581e01789a565b594b183a0d25e3130 -generated: "2024-09-27T11:02:13.169075439+03:00" +digest: sha256:51979bbbb995332f38f4dee77b8d32e07241dba5a016d62e5b9c870a32633742 +generated: "2024-10-03T18:08:21.167159596+03:00" diff --git a/codefresh/Chart.yaml b/codefresh/Chart.yaml index 2b09dfcef..a5070fc57 100644 --- a/codefresh/Chart.yaml +++ b/codefresh/Chart.yaml @@ -18,8 +18,8 @@ annotations: # artifacthub.io/containsSecurityUpdates: "true" # supported kinds are added, changed, deprecated, removed, fixed and security. artifacthub.io/changes: | - - kind: changed - description: "Test" + - kind: security + description: "Miscellaneous security updates" dependencies: - name: cf-common repository: oci://quay.io/codefresh/charts @@ -29,7 +29,7 @@ dependencies: version: 0.9.0 condition: internal-gateway.enabled - name: consul - version: 11.3.13 + version: 11.3.16 repository: https://charts.bitnami.com/bitnami condition: consul.enabled - name: mongodb @@ -45,7 +45,7 @@ dependencies: repository: oci://registry-1.docker.io/bitnamicharts condition: postgresql-ha.enabled - name: redis - version: 20.0.3 + version: 20.1.7 repository: https://charts.bitnami.com/bitnami condition: redis.enabled - name: redis-ha @@ -53,11 +53,11 @@ dependencies: version: 4.26.1 condition: redis-ha.enabled - name: rabbitmq - version: 14.6.9 + version: 15.0.1 repository: https://charts.bitnami.com/bitnami condition: rabbitmq.enabled - name: nats - version: 8.3.2 + version: 8.4.4 repository: https://charts.bitnami.com/bitnami condition: nats.enabled - name: builder @@ -69,7 +69,7 @@ dependencies: condition: runner.enabled version: 1.3.0 - name: ingress-nginx - version: 4.10.0 + version: 4.11.2 repository: https://kubernetes.github.io/ingress-nginx condition: ingress-nginx.enabled - name: cluster-providers @@ -106,93 +106,93 @@ dependencies: condition: gitops-dashboard-manager.enabled - name: cfapi alias: cfapi - version: "21.262.6-add-heapsnapshot-signal" - repository: oci://quay.io/codefresh/charts/dev + version: "~21.260.0" + repository: oci://quay.io/codefresh/charts condition: cfapi.enabled - name: cfapi alias: cfapi-auth - version: "21.262.6-add-heapsnapshot-signal" - repository: oci://quay.io/codefresh/charts/dev + version: "~21.260.0" + repository: oci://quay.io/codefresh/charts condition: cfapi-auth.enabled - name: cfapi alias: cfapi-internal - version: "21.262.6-add-heapsnapshot-signal" - repository: oci://quay.io/codefresh/charts/dev + version: "~21.260.0" + repository: oci://quay.io/codefresh/charts condition: cfapi-internal.enabled - name: cfapi alias: cfapi-ws - version: "21.262.6-add-heapsnapshot-signal" - repository: oci://quay.io/codefresh/charts/dev + version: "~21.260.0" + repository: oci://quay.io/codefresh/charts condition: cfapi-ws.enabled - name: cfapi alias: cfapi-admin - version: "21.262.6-add-heapsnapshot-signal" - repository: oci://quay.io/codefresh/charts/dev + version: "~21.260.0" + repository: oci://quay.io/codefresh/charts condition: cfapi-admin.enabled - name: cfapi alias: cfapi-endpoints - version: "21.262.6-add-heapsnapshot-signal" - repository: oci://quay.io/codefresh/charts/dev + version: "~21.260.0" + repository: oci://quay.io/codefresh/charts condition: cfapi-endpoints.enabled - name: cfapi alias: cfapi-terminators - version: "21.262.6-add-heapsnapshot-signal" - repository: oci://quay.io/codefresh/charts/dev + version: "~21.260.0" + repository: oci://quay.io/codefresh/charts condition: cfapi-terminators.enabled - name: cfapi alias: cfapi-sso-group-synchronizer - version: "21.262.6-add-heapsnapshot-signal" - repository: oci://quay.io/codefresh/charts/dev + version: "~21.260.0" + repository: oci://quay.io/codefresh/charts condition: cfapi-sso-group-synchronizer.enabled - name: cfapi alias: cfapi-buildmanager - version: "21.262.6-add-heapsnapshot-signal" - repository: oci://quay.io/codefresh/charts/dev + version: "~21.260.0" + repository: oci://quay.io/codefresh/charts condition: cfapi-buildmanager.enabled - name: cfapi alias: cfapi-cacheevictmanager - version: "21.262.6-add-heapsnapshot-signal" - repository: oci://quay.io/codefresh/charts/dev + version: "~21.260.0" + repository: oci://quay.io/codefresh/charts condition: cfapi-cacheevictmanager.enabled - name: cfapi alias: cfapi-eventsmanagersubscriptions - version: "21.262.6-add-heapsnapshot-signal" - repository: oci://quay.io/codefresh/charts/dev + version: "~21.260.0" + repository: oci://quay.io/codefresh/charts condition: cfapi-eventsmanagersubscriptions.enabled - name: cfapi alias: cfapi-kubernetesresourcemonitor - version: "21.262.6-add-heapsnapshot-signal" - repository: oci://quay.io/codefresh/charts/dev + version: "~21.260.0" + repository: oci://quay.io/codefresh/charts condition: cfapi-kubernetesresourcemonitor.enabled - name: cfapi alias: cfapi-environments - version: "21.262.6-add-heapsnapshot-signal" - repository: oci://quay.io/codefresh/charts/dev + version: "~21.260.0" + repository: oci://quay.io/codefresh/charts condition: cfapi-environments.enabled - name: cfapi alias: cfapi-gitops-resource-receiver - version: "21.262.6-add-heapsnapshot-signal" - repository: oci://quay.io/codefresh/charts/dev + version: "~21.260.0" + repository: oci://quay.io/codefresh/charts condition: cfapi-gitops-resource-receiver.enabled - name: cfapi alias: cfapi-downloadlogmanager - version: "21.262.6-add-heapsnapshot-signal" - repository: oci://quay.io/codefresh/charts/dev + version: "~21.260.0" + repository: oci://quay.io/codefresh/charts condition: cfapi-downloadlogmanager.enabled - name: cfapi alias: cfapi-teams - version: "21.262.6-add-heapsnapshot-signal" - repository: oci://quay.io/codefresh/charts/dev + version: "~21.260.0" + repository: oci://quay.io/codefresh/charts condition: cfapi-teams.enabled - name: cfapi alias: cfapi-kubernetes-endpoints - version: "21.262.6-add-heapsnapshot-signal" - repository: oci://quay.io/codefresh/charts/dev + version: "~21.260.0" + repository: oci://quay.io/codefresh/charts condition: cfapi-kubernetes-endpoints.enabled - name: cfapi alias: cfapi-test-reporting - version: "21.262.6-add-heapsnapshot-signal" - repository: oci://quay.io/codefresh/charts/dev + version: "~21.260.0" + repository: oci://quay.io/codefresh/charts condition: cfapi-test-reporting.enabled - name: cfui version: "~14.95.0" @@ -237,7 +237,7 @@ dependencies: repository: oci://quay.io/codefresh/charts condition: argo-platform.enabled - name: argo-platform - version: "~1.3035.0" + version: "1.3036.0-onprem-10b556f" repository: oci://quay.io/codefresh/charts condition: argo-platform.enabled - name: argo-hub-platform diff --git a/codefresh/values.yaml b/codefresh/values.yaml index a0e85f455..ecdc0aa71 100644 --- a/codefresh/values.yaml +++ b/codefresh/values.yaml @@ -14,7 +14,7 @@ gencerts: image: registry: quay.io repository: codefresh/kubectl - tag: 1.29.2 + tag: 1.31.1 rbac: enabled: true ttlSecondsAfterFinished: 300 @@ -36,7 +36,7 @@ seed: image: registry: quay.io repository: codefresh/mongosh - tag: 2.1.1 + tag: 2.3.1 # -- Root user in plain text (required ONLY for seed job!). mongodbRootUser: "root" # -- Root user from existing secret @@ -425,7 +425,7 @@ hooks: image: registry: quay.io repository: codefresh/mongosh - tag: 2.1.1 + tag: 2.3.1 affinity: {} nodeSelector: {} podSecurityContext: {} @@ -766,7 +766,7 @@ cfsign: image: registry: quay.io repository: codefresh/curl - tag: 8.5.0 + tag: 8.10.1 affinity: {} nodeSelector: {} podSecurityContext: {} @@ -1187,12 +1187,12 @@ builder: image: registry: quay.io repository: codefresh/curl - tag: 8.4.0 + tag: 8.10.1 container: image: registry: docker.io repository: library/docker - tag: 27.0-dind + tag: 27.3-dind affinity: {} nodeSelector: {} podSecurityContext: {} @@ -1208,12 +1208,12 @@ runner: image: registry: quay.io repository: codefresh/curl - tag: 8.4.0 + tag: 8.10.1 container: image: registry: docker.io repository: library/docker - tag: 27.0-dind + tag: 27.3-dind affinity: {} nodeSelector: {} podSecurityContext: {} From 3febd844c782b6bee1c7e67b889bf57121764d97 Mon Sep 17 00:00:00 2001 From: mikhail-klimko Date: Thu, 3 Oct 2024 18:19:01 +0300 Subject: [PATCH 5/8] helm dep update --- codefresh/README.md | 2 +- codefresh/values.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/codefresh/README.md b/codefresh/README.md index fafe6c9cb..047199525 100644 --- a/codefresh/README.md +++ b/codefresh/README.md @@ -2019,7 +2019,7 @@ kubectl -n $NAMESPACE delete secret codefresh-certs-server | argo-platform.runtime-monitor | object | See below | runtime-monitor Don't enable! Not used in onprem! | | argo-platform.ui | object | See below | ui | | argo-platform.useExternalSecret | bool | `false` | Use regular k8s secret object. Keep `false`! | -| builder | object | `{"affinity":{},"container":{"image":{"registry":"docker.io","repository":"library/docker","tag":"27.0-dind"}},"enabled":true,"initContainers":{"register":{"image":{"registry":"quay.io","repository":"codefresh/curl","tag":"8.4.0"}}},"nodeSelector":{},"podSecurityContext":{},"resources":{},"tolerations":[]}` | builder | +| builder | object | `{"affinity":{},"container":{"image":{"registry":"docker.io","repository":"library/docker","tag":"27.3-dind"}},"enabled":true,"initContainers":{"register":{"image":{"registry":"quay.io","repository":"codefresh/curl","tag":"8.10.1"}}},"nodeSelector":{},"podSecurityContext":{},"resources":{},"tolerations":[]}` | builder | | cf-broadcaster | object | See below | broadcaster | | cf-oidc-provider | object | See below | cf-oidc-provider | | cf-platform-analytics-etlstarter | object | See below | etl-starter | diff --git a/codefresh/values.yaml b/codefresh/values.yaml index ecdc0aa71..adc9bb251 100644 --- a/codefresh/values.yaml +++ b/codefresh/values.yaml @@ -465,7 +465,7 @@ runtimeImages: FS_OPS_IMAGE: quay.io/codefresh/fs-ops:1.2.7 GIT_CLONE_IMAGE: quay.io/codefresh/cf-git-cloner:10.1.28 KUBE_DEPLOY: quay.io/codefresh/cf-deploy-kubernetes:16.2.6 - PIPELINE_DEBUGGER_IMAGE: quay.io/codefresh/cf-debugger:1.3.5 + PIPELINE_DEBUGGER_IMAGE: quay.io/codefresh/cf-debugger:1.3.6 TEMPLATE_ENGINE: quay.io/codefresh/pikolo:0.14.1 CR_6177_FIXER: docker.io/library/alpine:edge GC_BUILDER_IMAGE: docker.io/library/alpine:edge From 5e2f0164f479245995ab95b3f39646e3e39e1440 Mon Sep 17 00:00:00 2001 From: mikhail-klimko Date: Thu, 3 Oct 2024 18:51:15 +0300 Subject: [PATCH 6/8] wip: Thu Oct 3 18:51:15 +03 2024 --- codefresh/values.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/codefresh/values.yaml b/codefresh/values.yaml index adc9bb251..f57516517 100644 --- a/codefresh/values.yaml +++ b/codefresh/values.yaml @@ -467,8 +467,8 @@ runtimeImages: KUBE_DEPLOY: quay.io/codefresh/cf-deploy-kubernetes:16.2.6 PIPELINE_DEBUGGER_IMAGE: quay.io/codefresh/cf-debugger:1.3.6 TEMPLATE_ENGINE: quay.io/codefresh/pikolo:0.14.1 - CR_6177_FIXER: docker.io/library/alpine:edge - GC_BUILDER_IMAGE: docker.io/library/alpine:edge + CR_6177_FIXER: docker.io/library/alpine:3.20 + GC_BUILDER_IMAGE: docker.io/library/alpine:3.20 #-------------------- # Codefresh subcharts From 5fed3dca73b76a62c057e798e1bd8bd6354dbe4b Mon Sep 17 00:00:00 2001 From: mikhail-klimko Date: Thu, 3 Oct 2024 19:12:52 +0300 Subject: [PATCH 7/8] wip: Thu Oct 3 19:12:52 +03 2024 --- codefresh/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/codefresh/values.yaml b/codefresh/values.yaml index f57516517..e5b90c4f7 100644 --- a/codefresh/values.yaml +++ b/codefresh/values.yaml @@ -487,7 +487,7 @@ cfapi: &cf-api # -- Image image: # -- Registry prefix - registry: us-docker.pkg.dev/codefresh-inc/gcr.io + registry: us-docker.pkg.dev/codefresh-enterprise/gcr.io # -- Repository repository: codefresh/cf-api # -- Env vars From 17d986c9f2c7e3540525e88101258c57f795d67a Mon Sep 17 00:00:00 2001 From: mikhail-klimko Date: Thu, 3 Oct 2024 19:12:59 +0300 Subject: [PATCH 8/8] wip: Thu Oct 3 19:12:59 +03 2024 --- codefresh/README.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/codefresh/README.md b/codefresh/README.md index 047199525..8747d9d88 100644 --- a/codefresh/README.md +++ b/codefresh/README.md @@ -2026,12 +2026,12 @@ kubectl -n $NAMESPACE delete secret codefresh-certs-server | cf-platform-analytics-etlstarter.redis.enabled | bool | `false` | Disable redis subchart | | cf-platform-analytics-etlstarter.system-etl-postgres | object | `{"container":{"env":{"BLUE_GREEN_ENABLED":true}},"controller":{"cronjob":{"ttlSecondsAfterFinished":300}},"enabled":true}` | Only postgres ETL should be running in onprem | | cf-platform-analytics-platform | object | See below | platform-analytics | -| cfapi | object | `{"affinity":{},"container":{"env":{"AUDIT_AUTO_CREATE_DB":true,"DEFAULT_SYSTEM_TYPE":"PROJECT_ONE","GITHUB_API_PATH_PREFIX":"/api/v3","LOGGER_LEVEL":"debug","OIDC_PROVIDER_PORT":"{{ .Values.global.oidcProviderPort }}","OIDC_PROVIDER_PROTOCOL":"{{ .Values.global.oidcProviderProtocol }}","OIDC_PROVIDER_TOKEN_ENDPOINT":"{{ .Values.global.oidcProviderTokenEndpoint }}","OIDC_PROVIDER_URI":"{{ .Values.global.oidcProviderService }}","ON_PREMISE":true,"RUNTIME_MONGO_DB":"codefresh","RUNTIME_REDIS_DB":0},"image":{"registry":"us-docker.pkg.dev/codefresh-inc/gcr.io","repository":"codefresh/cf-api"}},"controller":{"replicas":2},"enabled":true,"hpa":{"enabled":false,"maxReplicas":10,"minReplicas":2,"targetCPUUtilizationPercentage":70},"nodeSelector":{},"pdb":{"enabled":false,"minAvailable":"50%"},"podSecurityContext":{},"resources":{"limits":{},"requests":{"cpu":"200m","memory":"256Mi"}},"secrets":{"secret":{"enabled":true,"stringData":{"OIDC_PROVIDER_CLIENT_ID":"{{ .Values.global.oidcProviderClientId }}","OIDC_PROVIDER_CLIENT_SECRET":"{{ .Values.global.oidcProviderClientSecret }}"},"type":"Opaque"}},"tolerations":[]}` | cf-api | +| cfapi | object | `{"affinity":{},"container":{"env":{"AUDIT_AUTO_CREATE_DB":true,"DEFAULT_SYSTEM_TYPE":"PROJECT_ONE","GITHUB_API_PATH_PREFIX":"/api/v3","LOGGER_LEVEL":"debug","OIDC_PROVIDER_PORT":"{{ .Values.global.oidcProviderPort }}","OIDC_PROVIDER_PROTOCOL":"{{ .Values.global.oidcProviderProtocol }}","OIDC_PROVIDER_TOKEN_ENDPOINT":"{{ .Values.global.oidcProviderTokenEndpoint }}","OIDC_PROVIDER_URI":"{{ .Values.global.oidcProviderService }}","ON_PREMISE":true,"RUNTIME_MONGO_DB":"codefresh","RUNTIME_REDIS_DB":0},"image":{"registry":"us-docker.pkg.dev/codefresh-enterprise/gcr.io","repository":"codefresh/cf-api"}},"controller":{"replicas":2},"enabled":true,"hpa":{"enabled":false,"maxReplicas":10,"minReplicas":2,"targetCPUUtilizationPercentage":70},"nodeSelector":{},"pdb":{"enabled":false,"minAvailable":"50%"},"podSecurityContext":{},"resources":{"limits":{},"requests":{"cpu":"200m","memory":"256Mi"}},"secrets":{"secret":{"enabled":true,"stringData":{"OIDC_PROVIDER_CLIENT_ID":"{{ .Values.global.oidcProviderClientId }}","OIDC_PROVIDER_CLIENT_SECRET":"{{ .Values.global.oidcProviderClientSecret }}"},"type":"Opaque"}},"tolerations":[]}` | cf-api | | cfapi-internal.<<.affinity | object | `{}` | | -| cfapi-internal.<<.container | object | `{"env":{"AUDIT_AUTO_CREATE_DB":true,"DEFAULT_SYSTEM_TYPE":"PROJECT_ONE","GITHUB_API_PATH_PREFIX":"/api/v3","LOGGER_LEVEL":"debug","OIDC_PROVIDER_PORT":"{{ .Values.global.oidcProviderPort }}","OIDC_PROVIDER_PROTOCOL":"{{ .Values.global.oidcProviderProtocol }}","OIDC_PROVIDER_TOKEN_ENDPOINT":"{{ .Values.global.oidcProviderTokenEndpoint }}","OIDC_PROVIDER_URI":"{{ .Values.global.oidcProviderService }}","ON_PREMISE":true,"RUNTIME_MONGO_DB":"codefresh","RUNTIME_REDIS_DB":0},"image":{"registry":"us-docker.pkg.dev/codefresh-inc/gcr.io","repository":"codefresh/cf-api"}}` | Container configuration | +| cfapi-internal.<<.container | object | `{"env":{"AUDIT_AUTO_CREATE_DB":true,"DEFAULT_SYSTEM_TYPE":"PROJECT_ONE","GITHUB_API_PATH_PREFIX":"/api/v3","LOGGER_LEVEL":"debug","OIDC_PROVIDER_PORT":"{{ .Values.global.oidcProviderPort }}","OIDC_PROVIDER_PROTOCOL":"{{ .Values.global.oidcProviderProtocol }}","OIDC_PROVIDER_TOKEN_ENDPOINT":"{{ .Values.global.oidcProviderTokenEndpoint }}","OIDC_PROVIDER_URI":"{{ .Values.global.oidcProviderService }}","ON_PREMISE":true,"RUNTIME_MONGO_DB":"codefresh","RUNTIME_REDIS_DB":0},"image":{"registry":"us-docker.pkg.dev/codefresh-enterprise/gcr.io","repository":"codefresh/cf-api"}}` | Container configuration | | cfapi-internal.<<.container.env | object | See below | Env vars | -| cfapi-internal.<<.container.image | object | `{"registry":"us-docker.pkg.dev/codefresh-inc/gcr.io","repository":"codefresh/cf-api"}` | Image | -| cfapi-internal.<<.container.image.registry | string | `"us-docker.pkg.dev/codefresh-inc/gcr.io"` | Registry prefix | +| cfapi-internal.<<.container.image | object | `{"registry":"us-docker.pkg.dev/codefresh-enterprise/gcr.io","repository":"codefresh/cf-api"}` | Image | +| cfapi-internal.<<.container.image.registry | string | `"us-docker.pkg.dev/codefresh-enterprise/gcr.io"` | Registry prefix | | cfapi-internal.<<.container.image.repository | string | `"codefresh/cf-api"` | Repository | | cfapi-internal.<<.controller | object | `{"replicas":2}` | Controller configuration | | cfapi-internal.<<.controller.replicas | int | `2` | Replicas number | @@ -2053,10 +2053,10 @@ kubectl -n $NAMESPACE delete secret codefresh-certs-server | cfapi-internal.<<.secrets.secret.type | string | `"Opaque"` | | | cfapi-internal.<<.tolerations | list | `[]` | | | cfapi-internal.enabled | bool | `false` | | -| cfapi.container | object | `{"env":{"AUDIT_AUTO_CREATE_DB":true,"DEFAULT_SYSTEM_TYPE":"PROJECT_ONE","GITHUB_API_PATH_PREFIX":"/api/v3","LOGGER_LEVEL":"debug","OIDC_PROVIDER_PORT":"{{ .Values.global.oidcProviderPort }}","OIDC_PROVIDER_PROTOCOL":"{{ .Values.global.oidcProviderProtocol }}","OIDC_PROVIDER_TOKEN_ENDPOINT":"{{ .Values.global.oidcProviderTokenEndpoint }}","OIDC_PROVIDER_URI":"{{ .Values.global.oidcProviderService }}","ON_PREMISE":true,"RUNTIME_MONGO_DB":"codefresh","RUNTIME_REDIS_DB":0},"image":{"registry":"us-docker.pkg.dev/codefresh-inc/gcr.io","repository":"codefresh/cf-api"}}` | Container configuration | +| cfapi.container | object | `{"env":{"AUDIT_AUTO_CREATE_DB":true,"DEFAULT_SYSTEM_TYPE":"PROJECT_ONE","GITHUB_API_PATH_PREFIX":"/api/v3","LOGGER_LEVEL":"debug","OIDC_PROVIDER_PORT":"{{ .Values.global.oidcProviderPort }}","OIDC_PROVIDER_PROTOCOL":"{{ .Values.global.oidcProviderProtocol }}","OIDC_PROVIDER_TOKEN_ENDPOINT":"{{ .Values.global.oidcProviderTokenEndpoint }}","OIDC_PROVIDER_URI":"{{ .Values.global.oidcProviderService }}","ON_PREMISE":true,"RUNTIME_MONGO_DB":"codefresh","RUNTIME_REDIS_DB":0},"image":{"registry":"us-docker.pkg.dev/codefresh-enterprise/gcr.io","repository":"codefresh/cf-api"}}` | Container configuration | | cfapi.container.env | object | See below | Env vars | -| cfapi.container.image | object | `{"registry":"us-docker.pkg.dev/codefresh-inc/gcr.io","repository":"codefresh/cf-api"}` | Image | -| cfapi.container.image.registry | string | `"us-docker.pkg.dev/codefresh-inc/gcr.io"` | Registry prefix | +| cfapi.container.image | object | `{"registry":"us-docker.pkg.dev/codefresh-enterprise/gcr.io","repository":"codefresh/cf-api"}` | Image | +| cfapi.container.image.registry | string | `"us-docker.pkg.dev/codefresh-enterprise/gcr.io"` | Registry prefix | | cfapi.container.image.repository | string | `"codefresh/cf-api"` | Repository | | cfapi.controller | object | `{"replicas":2}` | Controller configuration | | cfapi.controller.replicas | int | `2` | Replicas number |