From 70d4ff050c3d02b62431ada120570c9276bed09f Mon Sep 17 00:00:00 2001 From: mikhail-klimko Date: Fri, 19 Jan 2024 13:38:43 +0300 Subject: [PATCH 1/6] feat(gitops-operator): add gitops-operator as subchart --- charts/gitops-runtime/Chart.yaml | 21 +- charts/gitops-runtime/README.md | 25 +- .../gitops-operator/_all_resources.yaml | 18 - .../gitops-operator/_deployment.yaml | 106 ---- .../_components/gitops-operator/_helpers.tpl | 47 -- .../_components/gitops-operator/_rbac.yaml | 63 -- .../gitops-operator/_serviceaccount.yaml | 14 - .../crds/applicationconfigurations.yaml | 135 ---- .../crds/restrictedgitsources.yaml | 593 ------------------ .../rbac/_auth_proxy_rbac.yaml | 37 -- .../rbac/_leader_election_rbac.yaml | 56 -- .../rbac/_restricted_git_source.rbac.yaml | 80 --- charts/gitops-runtime/templates/_helpers.tpl | 4 + .../templates/gitops-operator/crds.yaml | 7 - .../templates/gitops-operator/deployment.yaml | 5 - .../templates/gitops-operator/rbac.yaml | 10 - .../templates/gitops-operator/sa.yaml | 5 - charts/gitops-runtime/values.yaml | 48 +- 18 files changed, 24 insertions(+), 1250 deletions(-) delete mode 100644 charts/gitops-runtime/templates/_components/gitops-operator/_all_resources.yaml delete mode 100644 charts/gitops-runtime/templates/_components/gitops-operator/_deployment.yaml delete mode 100644 charts/gitops-runtime/templates/_components/gitops-operator/_helpers.tpl delete mode 100644 charts/gitops-runtime/templates/_components/gitops-operator/_rbac.yaml delete mode 100644 charts/gitops-runtime/templates/_components/gitops-operator/_serviceaccount.yaml delete mode 100644 charts/gitops-runtime/templates/_components/gitops-operator/crds/applicationconfigurations.yaml delete mode 100644 charts/gitops-runtime/templates/_components/gitops-operator/crds/restrictedgitsources.yaml delete mode 100644 charts/gitops-runtime/templates/_components/gitops-operator/rbac/_auth_proxy_rbac.yaml delete mode 100644 charts/gitops-runtime/templates/_components/gitops-operator/rbac/_leader_election_rbac.yaml delete mode 100644 charts/gitops-runtime/templates/_components/gitops-operator/rbac/_restricted_git_source.rbac.yaml delete mode 100644 charts/gitops-runtime/templates/gitops-operator/crds.yaml delete mode 100644 charts/gitops-runtime/templates/gitops-operator/deployment.yaml delete mode 100644 charts/gitops-runtime/templates/gitops-operator/rbac.yaml delete mode 100644 charts/gitops-runtime/templates/gitops-operator/sa.yaml diff --git a/charts/gitops-runtime/Chart.yaml b/charts/gitops-runtime/Chart.yaml index a979f9e0..f8a52da5 100644 --- a/charts/gitops-runtime/Chart.yaml +++ b/charts/gitops-runtime/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: 0.1.39 description: A Helm chart for Codefresh gitops runtime name: gitops-runtime -version: 0.4.2 +version: 0.4.3 home: https://github.com/codefresh-io/gitops-runtime-helm icon: https://avatars1.githubusercontent.com/u/11412079?v=3 keywords: @@ -15,19 +15,7 @@ annotations: artifacthub.io/alternativeName: "codefresh-gitops-runtime" artifacthub.io/changes: | - kind: changed - description: Update app version to 0.1.39 - - kind: changed - description: Update argo-cd chart to 5.51.6-5-cap-2.9-2024.1.17-0d221227f - - kind: changed - description: Update sealed-secrets chart to 2.14.1 - - kind: changed - description: Update sealed-secrets image to v0.24.5 - - kind: changed - description: Update app-proxy to 1.2608.0 - - kind: fixed - description: Fix runtime components log - - kind: fixed - description: fix critical security vulnerability + description: Add codefresh-gitops-operator as separate chart dependencies: - name: argo-cd repository: https://codefresh-io.github.io/argo-helm @@ -51,3 +39,8 @@ dependencies: version: 0.1.15 alias: tunnel-client condition: tunnel-client.enabled +- name: codefresh-gitops-operator + repository: oci://quay.io/codefresh/charts + version: 1.0.0 + alias: gitops-operator + condition: gitops-operator.enabled \ No newline at end of file diff --git a/charts/gitops-runtime/README.md b/charts/gitops-runtime/README.md index 454857f7..ceedd991 100644 --- a/charts/gitops-runtime/README.md +++ b/charts/gitops-runtime/README.md @@ -1,5 +1,5 @@ ## Codefresh gitops runtime -![Version: 0.4.2](https://img.shields.io/badge/Version-0.4.2-informational?style=flat-square) ![AppVersion: 0.1.39](https://img.shields.io/badge/AppVersion-0.1.39-informational?style=flat-square) +![Version: 0.4.3](https://img.shields.io/badge/Version-0.4.3-informational?style=flat-square) ![AppVersion: 0.1.39](https://img.shields.io/badge/AppVersion-0.1.39-informational?style=flat-square) ## Prerequisites @@ -27,7 +27,7 @@ We have created a helper utility to resolve this issue: The utility is packaged in a container image. Below are instructions on executing the utility using Docker: ``` -docker run -v :/output quay.io/codefresh/gitops-runtime-private-registry-utils:0.4.2 +docker run -v :/output quay.io/codefresh/gitops-runtime-private-registry-utils:0.4.3 ``` `output_dir` - is a local directory where the utility will output files.
`local_registry` - is your local registry where you want to mirror the images to @@ -223,14 +223,16 @@ sealed-secrets: | gitops-operator.crds.annotations | object | `{}` | Annotations on gitops operator CRDs | | gitops-operator.crds.install | bool | `true` | Whether or not to install CRDs | | gitops-operator.crds.keep | bool | `false` | Keep CRDs if gitops runtime release is uninstalled | +| gitops-operator.enabled | bool | `true` | | | gitops-operator.env | object | `{}` | | | gitops-operator.fullnameOverride | string | `""` | | | gitops-operator.image.pullPolicy | string | `"IfNotPresent"` | | -| gitops-operator.image.repository | string | `"quay.io/codefresh/codefresh-gitops-operator"` | | -| gitops-operator.image.tag | string | `"v0.1.0-alpha.5"` | | +| gitops-operator.image.registry | string | `"quay.io"` | | +| gitops-operator.image.repository | string | `"codefresh/codefresh-gitops-operator"` | | | gitops-operator.imagePullSecrets | list | `[]` | | | gitops-operator.kube-rbac-proxy.image.pullPolicy | string | `"IfNotPresent"` | | -| gitops-operator.kube-rbac-proxy.image.repository | string | `"gcr.io/kubebuilder/kube-rbac-proxy"` | | +| gitops-operator.kube-rbac-proxy.image.registry | string | `"gcr.io"` | | +| gitops-operator.kube-rbac-proxy.image.repository | string | `"kubebuilder/kube-rbac-proxy"` | | | gitops-operator.kube-rbac-proxy.image.tag | string | `"v0.14.1"` | | | gitops-operator.kube-rbac-proxy.resources.limits.cpu | string | `"500m"` | | | gitops-operator.kube-rbac-proxy.resources.limits.memory | string | `"128Mi"` | | @@ -238,28 +240,15 @@ sealed-secrets: | gitops-operator.kube-rbac-proxy.resources.requests.memory | string | `"64Mi"` | | | gitops-operator.kube-rbac-proxy.securityContext.allowPrivilegeEscalation | bool | `false` | | | gitops-operator.kube-rbac-proxy.securityContext.capabilities.drop[0] | string | `"ALL"` | | -| gitops-operator.livenessProbe.failureThreshold | int | `10` | | -| gitops-operator.livenessProbe.initialDelaySeconds | int | `10` | | -| gitops-operator.livenessProbe.periodSeconds | int | `10` | | -| gitops-operator.livenessProbe.successThreshold | int | `1` | | -| gitops-operator.livenessProbe.timeoutSeconds | int | `10` | | | gitops-operator.nameOverride | string | `""` | | | gitops-operator.nodeSelector | object | `{}` | | | gitops-operator.podAnnotations | object | `{}` | | | gitops-operator.podLabels | object | `{}` | | -| gitops-operator.podSecurityContext.runAsNonRoot | bool | `true` | | -| gitops-operator.readinessProbe.failureThreshold | int | `3` | | -| gitops-operator.readinessProbe.initialDelaySeconds | int | `10` | | -| gitops-operator.readinessProbe.periodSeconds | int | `10` | | -| gitops-operator.readinessProbe.successThreshold | int | `1` | | -| gitops-operator.readinessProbe.timeoutSeconds | int | `10` | | | gitops-operator.replicaCount | int | `1` | | | gitops-operator.resources.limits.cpu | string | `"500m"` | | | gitops-operator.resources.limits.memory | string | `"128Mi"` | | | gitops-operator.resources.requests.cpu | string | `"100m"` | | | gitops-operator.resources.requests.memory | string | `"64Mi"` | | -| gitops-operator.securityContext.allowPrivilegeEscalation | bool | `false` | | -| gitops-operator.securityContext.capabilities.drop[0] | string | `"ALL"` | | | gitops-operator.serviceAccount.annotations | object | `{}` | | | gitops-operator.serviceAccount.create | bool | `true` | | | gitops-operator.serviceAccount.name | string | `"gitops-operator-controller-manager"` | | diff --git a/charts/gitops-runtime/templates/_components/gitops-operator/_all_resources.yaml b/charts/gitops-runtime/templates/_components/gitops-operator/_all_resources.yaml deleted file mode 100644 index 2052f742..00000000 --- a/charts/gitops-runtime/templates/_components/gitops-operator/_all_resources.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- define "gitops-operator.resources" }} ---- - {{ include "gitops-operator.resources.deployment" . }} # ---- - {{ include "gitops-operator.resources.rbac" . }} ---- - {{ include "gitops-operator.resources.auth_proxy_rbac" . }} ---- - {{ include "gitops-operator.resources.leader_election_rbac" . }} ---- - {{ include "gitops-operator.resources.restricted_git_source_rbac" . }} ---- - {{ include "gitops-operator.resources.sa" .}} ---- - {{- include "gitops-operator.crds.application-configuration" . }} ---- - {{- include "gitops-operator.crds.restricted-gitsource" . }} # -{{- end }} diff --git a/charts/gitops-runtime/templates/_components/gitops-operator/_deployment.yaml b/charts/gitops-runtime/templates/_components/gitops-operator/_deployment.yaml deleted file mode 100644 index 0567ff03..00000000 --- a/charts/gitops-runtime/templates/_components/gitops-operator/_deployment.yaml +++ /dev/null @@ -1,106 +0,0 @@ -{{- define "gitops-operator.resources.deployment" }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "gitops-operator.fullname" . }} - labels: - {{- include "gitops-operator.labels" . | nindent 4 }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - {{- include "gitops-operator.selectorLabels" . | nindent 6 }} - template: - metadata: - {{- with .Values.podAnnotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "gitops-operator.selectorLabels" . | nindent 8 }} - {{- with .Values.podLabels }} - {{- toYaml . | nindent 8 }} - {{- end }} - spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "gitops-operator.serviceAccountName" . }} - securityContext: - {{- toYaml .Values.podSecurityContext | nindent 8 }} - containers: - - name: kube-rbac-proxy - securityContext: - {{- toYaml (index .Values "kube-rbac-proxy" "securityContext") | nindent 12 }} - image: '{{ index .Values "kube-rbac-proxy" "image" "repository" }}:{{ index .Values "kube-rbac-proxy" "image" "tag" }}' - imagePullPolicy: {{ index .Values "kube-rbac-proxy" "image" "pullPolicy" }} - ports: - - name: https - containerPort: 8443 - protocol: TCP - resources: - {{- toYaml (index .Values "kube-rbac-proxy" "resources") | nindent 12 }} - args: - - "--secure-listen-address=0.0.0.0:8443" - - "--upstream=http://127.0.0.1:8080/" - - "--logtostderr=true" - - "--v=0" - - name: manager - securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - {{- include "codefresh-gitops-runtime.components.common_helpers.container-templates.env-vars" .Values.env | nindent 8 }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - command: - - /manager - args: - - "--health-probe-bind-address=:8081" - - "--metrics-bind-address=127.0.0.1:8080" - - "--leader-elect" - ports: - - name: http - containerPort: 8081 - - name: http-metrics - containerPort: 8080 - readinessProbe: - initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.readinessProbe.failureThreshold }} - httpGet: - port: http - path: /readyz - livenessProbe: - initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.livenessProbe.failureThreshold }} - httpGet: - port: http - path: /healthz - resources: - {{- toYaml .Values.resources | nindent 12 }} - volumeMounts: - {{- with .Values.extraVolumeMounts }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8}} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 6 }} - {{- end }} - volumes: - {{- with .Values.extraVolumes }} - {{- toYaml . | nindent 6 }} - {{- end }} -{{- end }} diff --git a/charts/gitops-runtime/templates/_components/gitops-operator/_helpers.tpl b/charts/gitops-runtime/templates/_components/gitops-operator/_helpers.tpl deleted file mode 100644 index 0b786e6d..00000000 --- a/charts/gitops-runtime/templates/_components/gitops-operator/_helpers.tpl +++ /dev/null @@ -1,47 +0,0 @@ -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "gitops-operator.fullname" -}} -{{- print "gitops-operator" }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "gitops-operator.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "gitops-operator.labels" -}} -helm.sh/chart: {{ include "gitops-operator.chart" . }} -{{ include "gitops-operator.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -app.kubernetes.io/part-of: gitops-operator -codefresh.io/internal: "true" -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "gitops-operator.selectorLabels" -}} -app: gitops-operator -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "gitops-operator.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "gitops-operator.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/gitops-runtime/templates/_components/gitops-operator/_rbac.yaml b/charts/gitops-runtime/templates/_components/gitops-operator/_rbac.yaml deleted file mode 100644 index 1b2fd27d..00000000 --- a/charts/gitops-runtime/templates/_components/gitops-operator/_rbac.yaml +++ /dev/null @@ -1,63 +0,0 @@ - -{{- define "gitops-operator.resources.rbac" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - {{- include "gitops-operator.selectorLabels" . | nindent 4 }} - name: codefresh-gitops-operator -rules: -- apiGroups: - - argoproj.io - resources: - - applications - - appprojects - verbs: - - create - - delete - - get - - list - - update - - watch -- apiGroups: - - csdp.codefresh.io - resources: - - restrictedgitsources - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - csdp.codefresh.io - resources: - - restrictedgitsources/finalizers - verbs: - - update -- apiGroups: - - csdp.codefresh.io - resources: - - restrictedgitsources/status - verbs: - - get - - patch - - update ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - {{- include "gitops-operator.selectorLabels" . | nindent 4 }} - name: codefresh-gitops-operator -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: codefresh-gitops-operator -subjects: -- kind: ServiceAccount - name: {{ include "gitops-operator.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/charts/gitops-runtime/templates/_components/gitops-operator/_serviceaccount.yaml b/charts/gitops-runtime/templates/_components/gitops-operator/_serviceaccount.yaml deleted file mode 100644 index 1f381f33..00000000 --- a/charts/gitops-runtime/templates/_components/gitops-operator/_serviceaccount.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- define "gitops-operator.resources.sa" }} - {{- if .Values.serviceAccount.create }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "gitops-operator.serviceAccountName" . }} - labels: - {{- include "gitops-operator.labels" . | nindent 4 }} - {{- with .Values.serviceAccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} - {{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/gitops-runtime/templates/_components/gitops-operator/crds/applicationconfigurations.yaml b/charts/gitops-runtime/templates/_components/gitops-operator/crds/applicationconfigurations.yaml deleted file mode 100644 index a68be2fa..00000000 --- a/charts/gitops-runtime/templates/_components/gitops-operator/crds/applicationconfigurations.yaml +++ /dev/null @@ -1,135 +0,0 @@ -{{- define "gitops-operator.crds.application-configuration" }} - {{- if .Values.crds.install }} -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: applicationconfigurations.csdp.codefresh.io - annotations: - {{- if .Values.crds.keep }} - "helm.sh/resource-policy": keep - {{- end }} - {{- with .Values.crds.annotations }} - {{- toYaml . | nindent 4 }} - {{- end }} - labels: - app.kubernetes.io/name: applicationconfigurations.csdp.codefresh.io - app.kubernetes.io/part-of: gitops-operator - {{- with .Values.crds.additionalLabels }} - {{- toYaml . | nindent 4}} - {{- end }} -spec: - group: csdp.codefresh.io - names: - kind: ApplicationConfiguration - listKind: ApplicationConfigurationList - plural: applicationconfigurations - singular: applicationconfiguration - scope: Namespaced - versions: - - name: v1 - schema: - openAPIV3Schema: - description: ApplicationConfiguration is the Schema for the applicationconfiguration - API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ApplicationConfigurationSpec defines the desired state of - ApplicationConfiguration - properties: - applicationSourceSelector: - description: ApplicationSourceSelector is a selector to select the - application source - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - priority: - type: integer - promotion: - additionalProperties: - properties: - jsonPaths: - description: JsonPaths is an array of json paths inside the - file, - items: - type: string - type: array - required: - - jsonPaths - type: object - description: Promotion is the definition on how to promote this application - type: object - versionSource: - description: VersionSource is the source of the application version - properties: - file: - description: File is the file name of the source - type: string - jsonPath: - description: JsonPath is the json path inside the file, to the - version information - type: string - required: - - file - - jsonPath - type: object - required: - - applicationSourceSelector - - priority - type: object - type: object - served: true - storage: true - {{- end }} -{{- end }} diff --git a/charts/gitops-runtime/templates/_components/gitops-operator/crds/restrictedgitsources.yaml b/charts/gitops-runtime/templates/_components/gitops-operator/crds/restrictedgitsources.yaml deleted file mode 100644 index 4dbb539b..00000000 --- a/charts/gitops-runtime/templates/_components/gitops-operator/crds/restrictedgitsources.yaml +++ /dev/null @@ -1,593 +0,0 @@ -{{- define "gitops-operator.crds.restricted-gitsource" }} - {{- if .Values.crds.install }} -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: restrictedgitsources.csdp.codefresh.io - annotations: - {{- if .Values.crds.keep }} - "helm.sh/resource-policy": keep - {{- end }} - {{- with .Values.crds.annotations }} - {{- toYaml . | nindent 4 }} - {{- end }} - labels: - app.kubernetes.io/name: restrictedgitsources.csdp.codefresh.io - app.kubernetes.io/part-of: gitops-operator - {{- with .Values.crds.additionalLabels }} - {{- toYaml . | nindent 4}} - {{- end }} -spec: - group: csdp.codefresh.io - names: - kind: RestrictedGitSource - listKind: RestrictedGitSourceList - plural: restrictedgitsources - singular: restrictedgitsource - scope: Namespaced - versions: - - name: v1 - schema: - openAPIV3Schema: - description: RestrictedGitSource is the Schema for the restrictedgitsources - API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: RestrictedGitSourceSpec defines the desired state of RestrictedGitSource - properties: - clusterResourceBlacklist: - description: ClusterResourceBlacklist contains list of blacklisted - cluster level resources - items: - description: GroupKind specifies a Group and a Kind, but does not - force a version. This is useful for identifying concepts during - lookup stages without having partially valid types - properties: - group: - type: string - kind: - type: string - required: - - group - - kind - type: object - type: array - clusterResourceWhitelist: - description: ClusterResourceWhitelist contains list of whitelisted - cluster level resources - items: - description: GroupKind specifies a Group and a Kind, but does not - force a version. This is useful for identifying concepts during - lookup stages without having partially valid types - properties: - group: - type: string - kind: - type: string - required: - - group - - kind - type: object - type: array - destinations: - description: Destinations contains list of destinations available - for deployment - items: - description: ApplicationDestination holds information about the - application's destination - properties: - name: - description: Name is an alternate way of specifying the target - cluster by its symbolic name - type: string - namespace: - description: Namespace specifies the target namespace for the - application's resources. The namespace will only be set for - namespace-scoped resources that have not set a value for .metadata.namespace - type: string - server: - description: Server specifies the URL of the target cluster - and must be set to the Kubernetes control plane API - type: string - type: object - minItems: 1 - type: array - namespaceResourceBlacklist: - description: NamespaceResourceBlacklist contains list of blacklisted - namespace level resources - items: - description: GroupKind specifies a Group and a Kind, but does not - force a version. This is useful for identifying concepts during - lookup stages without having partially valid types - properties: - group: - type: string - kind: - type: string - required: - - group - - kind - type: object - type: array - namespaceResourceWhitelist: - description: NamespaceResourceWhitelist contains list of whitelisted - namespace level resources - items: - description: GroupKind specifies a Group and a Kind, but does not - force a version. This is useful for identifying concepts during - lookup stages without having partially valid types - properties: - group: - type: string - kind: - type: string - required: - - group - - kind - type: object - type: array - source: - description: Source is the application source - properties: - chart: - description: Chart is a Helm chart name, and must be specified - for applications sourced from a Helm repo. - type: string - directory: - description: Directory holds path/directory specific options - properties: - exclude: - description: Exclude contains a glob pattern to match paths - against that should be explicitly excluded from being used - during manifest generation - type: string - include: - description: Include contains a glob pattern to match paths - against that should be explicitly included during manifest - generation - type: string - jsonnet: - description: Jsonnet holds options specific to Jsonnet - properties: - extVars: - description: ExtVars is a list of Jsonnet External Variables - items: - description: JsonnetVar represents a variable to be - passed to jsonnet during manifest generation - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - libs: - description: Additional library search dirs - items: - type: string - type: array - tlas: - description: TLAS is a list of Jsonnet Top-level Arguments - items: - description: JsonnetVar represents a variable to be - passed to jsonnet during manifest generation - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - recurse: - description: Recurse specifies whether to scan a directory - recursively for manifests - type: boolean - type: object - helm: - description: Helm holds helm specific options - properties: - fileParameters: - description: FileParameters are file parameters to the helm - template - items: - description: HelmFileParameter is a file parameter that's - passed to helm template during manifest generation - properties: - name: - description: Name is the name of the Helm parameter - type: string - path: - description: Path is the path to the file containing - the values for the Helm parameter - type: string - type: object - type: array - ignoreMissingValueFiles: - description: IgnoreMissingValueFiles prevents helm template - from failing when valueFiles do not exist locally by not - appending them to helm template --values - type: boolean - parameters: - description: Parameters is a list of Helm parameters which - are passed to the helm template command upon manifest generation - items: - description: HelmParameter is a parameter that's passed - to helm template during manifest generation - properties: - forceString: - description: ForceString determines whether to tell - Helm to interpret booleans and numbers as strings - type: boolean - name: - description: Name is the name of the Helm parameter - type: string - value: - description: Value is the value for the Helm parameter - type: string - type: object - type: array - passCredentials: - description: PassCredentials pass credentials to all domains - (Helm's --pass-credentials) - type: boolean - releaseName: - description: ReleaseName is the Helm release name to use. - If omitted it will use the application name - type: string - skipCrds: - description: SkipCrds skips custom resource definition installation - step (Helm's --skip-crds) - type: boolean - valueFiles: - description: ValuesFiles is a list of Helm value files to - use when generating a template - items: - type: string - type: array - values: - description: Values specifies Helm values to be passed to - helm template, typically defined as a block. ValuesObject - takes precedence over Values, so use one or the other. - type: string - valuesObject: - description: ValuesObject specifies Helm values to be passed - to helm template, defined as a map. This takes precedence - over Values. - type: object - x-kubernetes-preserve-unknown-fields: true - version: - description: Version is the Helm version to use for templating - ("3") - type: string - type: object - kustomize: - description: Kustomize holds kustomize specific options - properties: - commonAnnotations: - additionalProperties: - type: string - description: CommonAnnotations is a list of additional annotations - to add to rendered manifests - type: object - commonAnnotationsEnvsubst: - description: CommonAnnotationsEnvsubst specifies whether to - apply env variables substitution for annotation values - type: boolean - commonLabels: - additionalProperties: - type: string - description: CommonLabels is a list of additional labels to - add to rendered manifests - type: object - forceCommonAnnotations: - description: ForceCommonAnnotations specifies whether to force - applying common annotations to resources for Kustomize apps - type: boolean - forceCommonLabels: - description: ForceCommonLabels specifies whether to force - applying common labels to resources for Kustomize apps - type: boolean - images: - description: Images is a list of Kustomize image override - specifications - items: - description: KustomizeImage represents a Kustomize image - definition in the format [old_image_name=]: - type: string - type: array - namePrefix: - description: NamePrefix is a prefix appended to resources - for Kustomize apps - type: string - nameSuffix: - description: NameSuffix is a suffix appended to resources - for Kustomize apps - type: string - namespace: - description: Namespace sets the namespace that Kustomize adds - to all resources - type: string - replicas: - description: Replicas is a list of Kustomize Replicas override - specifications - items: - properties: - count: - anyOf: - - type: integer - - type: string - description: Number of replicas - x-kubernetes-int-or-string: true - name: - description: Name of Deployment or StatefulSet - type: string - required: - - count - - name - type: object - type: array - version: - description: Version controls which version of Kustomize to - use for rendering manifests - type: string - type: object - path: - description: Path is a directory path within the Git repository, - and is only valid for applications sourced from Git. - type: string - plugin: - description: Plugin holds config management plugin specific options - properties: - env: - description: Env is a list of environment variable entries - items: - description: EnvEntry represents an entry in the application's - environment - properties: - name: - description: Name is the name of the variable, usually - expressed in uppercase - type: string - value: - description: Value is the value of the variable - type: string - required: - - name - - value - type: object - type: array - name: - type: string - parameters: - items: - properties: - array: - description: Array is the value of an array type parameter. - items: - type: string - type: array - map: - additionalProperties: - type: string - description: Map is the value of a map type parameter. - type: object - name: - description: Name is the name identifying a parameter. - type: string - string: - description: String_ is the value of a string type parameter. - type: string - type: object - type: array - type: object - ref: - description: Ref is reference to another source within sources - field. This field will not be used if used with a `source` tag. - type: string - repoURL: - description: RepoURL is the URL to the repository (Git or Helm) - that contains the application manifests - type: string - targetRevision: - description: TargetRevision defines the revision of the source - to sync the application to. In case of Git, this can be commit, - tag, or branch. If omitted, will equal to HEAD. In case of Helm, - this is a semver tag for the Chart's version. - type: string - required: - - repoURL - type: object - sourceNamespace: - description: SourceNamespace is the namespace from which the AppProject - will deploy applications - type: string - sourceRepos: - description: SourceRepos contains list of repository URLs which can - be used for deployment - items: - type: string - type: array - syncPolicy: - description: SyncPolicy controls when a sync will be performed - properties: - automated: - description: Automated will keep an application synced to the - target revision - properties: - allowEmpty: - description: 'AllowEmpty allows apps have zero live resources - (default: false)' - type: boolean - prune: - description: 'Prune specifies whether to delete resources - from the cluster that are not found in the sources anymore - as part of automated sync (default: false)' - type: boolean - selfHeal: - description: 'SelfHeal specifies whether to revert resources - back to their desired state upon modification in the cluster - (default: false)' - type: boolean - type: object - managedNamespaceMetadata: - description: ManagedNamespaceMetadata controls metadata in the - given namespace (if CreateNamespace=true) - properties: - annotations: - additionalProperties: - type: string - type: object - labels: - additionalProperties: - type: string - type: object - type: object - retry: - description: Retry controls failed sync retry behavior - properties: - backoff: - description: Backoff controls how to backoff on subsequent - retries of failed syncs - properties: - duration: - description: Duration is the amount to back off. Default - unit is seconds, but could also be a duration (e.g. - "2m", "1h") - type: string - factor: - description: Factor is a factor to multiply the base duration - after each failed retry - format: int64 - type: integer - maxDuration: - description: MaxDuration is the maximum amount of time - allowed for the backoff strategy - type: string - type: object - limit: - description: Limit is the maximum number of attempts for retrying - a failed sync. If set to 0, no retries will be performed. - format: int64 - type: integer - type: object - syncOptions: - description: Options allow you to specify whole app sync-options - items: - type: string - type: array - type: object - required: - - destinations - - source - - sourceNamespace - type: object - status: - description: RestrictedGitSourceStatus defines the observed state of RestrictedGitSource - properties: - conditions: - description: 'Represents the observations of a RestrictedGitSource''s - current state. RestrictedGitSource.status.conditions.type are: "Available", - "Progressing", and "Degraded" RestrictedGitSource.status.conditions.status - are one of True, False, Unknown. RestrictedGitSource.status.conditions.reason - the value should be a CamelCase string and producers of specific - condition types may define expected values and meanings for this - field, and whether the values are considered a guaranteed API. Unleash.status.conditions.Message - is a human readable message indicating details about the transition.' - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - type: object - type: object - served: true - storage: true - subresources: - status: {} - {{- end }} -{{- end }} diff --git a/charts/gitops-runtime/templates/_components/gitops-operator/rbac/_auth_proxy_rbac.yaml b/charts/gitops-runtime/templates/_components/gitops-operator/rbac/_auth_proxy_rbac.yaml deleted file mode 100644 index 502dccc1..00000000 --- a/charts/gitops-runtime/templates/_components/gitops-operator/rbac/_auth_proxy_rbac.yaml +++ /dev/null @@ -1,37 +0,0 @@ - -{{- define "gitops-operator.resources.auth_proxy_rbac" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - {{- include "gitops-operator.selectorLabels" . | nindent 4 }} - name: codefresh-gitops-operator-proxy -rules: -- apiGroups: - - authentication.k8s.io - resources: - - tokenreviews - verbs: - - create -- apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - {{- include "gitops-operator.selectorLabels" . | nindent 4 }} - name: codefresh-gitops-operator-proxy -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: codefresh-gitops-operator-proxy -subjects: -- kind: ServiceAccount - name: {{ include "gitops-operator.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/charts/gitops-runtime/templates/_components/gitops-operator/rbac/_leader_election_rbac.yaml b/charts/gitops-runtime/templates/_components/gitops-operator/rbac/_leader_election_rbac.yaml deleted file mode 100644 index 14cb8e10..00000000 --- a/charts/gitops-runtime/templates/_components/gitops-operator/rbac/_leader_election_rbac.yaml +++ /dev/null @@ -1,56 +0,0 @@ - -{{- define "gitops-operator.resources.leader_election_rbac" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - {{- include "gitops-operator.selectorLabels" . | nindent 4 }} - name: leader-election -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - {{- include "gitops-operator.selectorLabels" . | nindent 4 }} - name: leader-election -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: leader-election -subjects: -- kind: ServiceAccount - name: {{ include "gitops-operator.serviceAccountName" . }} -{{- end }} diff --git a/charts/gitops-runtime/templates/_components/gitops-operator/rbac/_restricted_git_source.rbac.yaml b/charts/gitops-runtime/templates/_components/gitops-operator/rbac/_restricted_git_source.rbac.yaml deleted file mode 100644 index efaa155a..00000000 --- a/charts/gitops-runtime/templates/_components/gitops-operator/rbac/_restricted_git_source.rbac.yaml +++ /dev/null @@ -1,80 +0,0 @@ - -{{- define "gitops-operator.resources.restricted_git_source_rbac" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - {{- include "gitops-operator.selectorLabels" . | nindent 4 }} - name: restrictedgitsource-editor -rules: -- apiGroups: - - csdp.codefresh.io - resources: - - restrictedgitsources - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - csdp.codefresh.io - resources: - - restrictedgitsources/status - verbs: - - get ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - {{- include "gitops-operator.selectorLabels" . | nindent 4 }} - name: restrictedgitsource-viewer -rules: -- apiGroups: - - csdp.codefresh.io - resources: - - restrictedgitsources - verbs: - - get - - list - - watch -- apiGroups: - - csdp.codefresh.io - resources: - - restrictedgitsources/status - verbs: - - get ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - {{- include "gitops-operator.selectorLabels" . | nindent 4 }} - name: restrictedgitsource-editor -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: restrictedgitsource-editor -subjects: -- kind: ServiceAccount - name: {{ include "gitops-operator.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - {{- include "gitops-operator.selectorLabels" . | nindent 4 }} - name: restrictedgitsource-viewer -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: restrictedgitsource-viewer -subjects: -- kind: ServiceAccount - name: {{ include "gitops-operator.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/charts/gitops-runtime/templates/_helpers.tpl b/charts/gitops-runtime/templates/_helpers.tpl index 745ea573..13a321e6 100644 --- a/charts/gitops-runtime/templates/_helpers.tpl +++ b/charts/gitops-runtime/templates/_helpers.tpl @@ -237,6 +237,10 @@ Output comma separated list of installed runtime components {{- $tunnelClient := dict "name" "codefresh-tunnel-client" "version" (get .Subcharts "tunnel-client").Chart.AppVersion }} {{- $comptList = append $comptList $tunnelClient }} {{- end }} + {{- if and (index .Values "gitops-operator") "enabled" }} + {{- $gitopsOperator := dict "name" "codefresh-gitops-operator" "version" (get .Subcharts "gitops-operator").Chart.AppVersion }} + {{- $comptList = append $comptList $gitopsOperator }} + {{- end }} {{- $comptList | toYaml }} {{- end }} diff --git a/charts/gitops-runtime/templates/gitops-operator/crds.yaml b/charts/gitops-runtime/templates/gitops-operator/crds.yaml deleted file mode 100644 index add721e0..00000000 --- a/charts/gitops-runtime/templates/gitops-operator/crds.yaml +++ /dev/null @@ -1,7 +0,0 @@ -{{- $gitopsOperatorContext := deepCopy . }} -{{- $_ := set $gitopsOperatorContext "Values" (get .Values "gitops-operator") }} -{{- $_ := set $gitopsOperatorContext.Values "global" (get .Values "global") }} - -{{- include "gitops-operator.crds.application-configuration" $gitopsOperatorContext }} ---- -{{- include "gitops-operator.crds.restricted-gitsource" $gitopsOperatorContext }} diff --git a/charts/gitops-runtime/templates/gitops-operator/deployment.yaml b/charts/gitops-runtime/templates/gitops-operator/deployment.yaml deleted file mode 100644 index 90bdf480..00000000 --- a/charts/gitops-runtime/templates/gitops-operator/deployment.yaml +++ /dev/null @@ -1,5 +0,0 @@ -{{- $gitopsOperatorContext := deepCopy . }} -{{- $_ := set $gitopsOperatorContext "Values" (get .Values "gitops-operator") }} -{{- $_ := set $gitopsOperatorContext.Values "global" (get .Values "global") }} - -{{- include "gitops-operator.resources.deployment" $gitopsOperatorContext }} \ No newline at end of file diff --git a/charts/gitops-runtime/templates/gitops-operator/rbac.yaml b/charts/gitops-runtime/templates/gitops-operator/rbac.yaml deleted file mode 100644 index 287e86c3..00000000 --- a/charts/gitops-runtime/templates/gitops-operator/rbac.yaml +++ /dev/null @@ -1,10 +0,0 @@ -{{- $gitopsOperatorContext := deepCopy . }} -{{- $_ := set $gitopsOperatorContext "Values" (get .Values "gitops-operator") }} -{{- $_ := set $gitopsOperatorContext.Values "global" (get .Values "global") }} -{{- include "gitops-operator.resources.rbac" $gitopsOperatorContext }} ---- -{{- include "gitops-operator.resources.auth_proxy_rbac" $gitopsOperatorContext }} ---- -{{- include "gitops-operator.resources.leader_election_rbac" $gitopsOperatorContext }} ---- -{{- include "gitops-operator.resources.restricted_git_source_rbac" $gitopsOperatorContext }} \ No newline at end of file diff --git a/charts/gitops-runtime/templates/gitops-operator/sa.yaml b/charts/gitops-runtime/templates/gitops-operator/sa.yaml deleted file mode 100644 index e828bef5..00000000 --- a/charts/gitops-runtime/templates/gitops-operator/sa.yaml +++ /dev/null @@ -1,5 +0,0 @@ -{{- $gitopsOperatorContext := deepCopy . }} -{{- $_ := set $gitopsOperatorContext "Values" (get .Values "gitops-operator") }} -{{- $_ := set $gitopsOperatorContext.Values "global" (get .Values "global") }} - -{{ include "gitops-operator.resources.sa" $gitopsOperatorContext }} \ No newline at end of file diff --git a/charts/gitops-runtime/values.yaml b/charts/gitops-runtime/values.yaml index c2fa3a36..ea3eb681 100644 --- a/charts/gitops-runtime/values.yaml +++ b/charts/gitops-runtime/values.yaml @@ -528,6 +528,7 @@ app-proxy: # gitops-operator #----------------------------------------------------------------------------------------------------------------------- gitops-operator: + enabled: true replicaCount: 1 # -- Codefresh gitops operator crds @@ -542,26 +543,10 @@ gitops-operator: additionalLabels: {} env: {} - # NAMESPACE: - # valueFrom: - # fieldRef: - # fieldPath: metadata.namespace - # VAR_NAME: - # valueFrom: - # secretKeyRef: - # name: my-secret - # key: my-secret-key - # optional: true - # VAR_NAME: - # valueFrom: - # configMapKeyRef: - # name: my-config-map - # key: my-config-map-key - # optional: true - # VAR_NANE: string-value image: - repository: quay.io/codefresh/codefresh-gitops-operator - tag: v0.1.0-alpha.5 + registry: quay.io + repository: codefresh/codefresh-gitops-operator + # tag: null # default to the appVersion of the codefresh-gitops-operator chart pullPolicy: IfNotPresent serviceAccount: @@ -569,20 +554,6 @@ gitops-operator: annotations: {} name: "gitops-operator-controller-manager" - readinessProbe: - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 10 - - livenessProbe: - failureThreshold: 10 - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 10 - imagePullSecrets: [] nameOverride: "" fullnameOverride: "" @@ -590,14 +561,6 @@ gitops-operator: podAnnotations: {} podLabels: {} - podSecurityContext: - runAsNonRoot: true - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - "ALL" - nodeSelector: {} tolerations: [] affinity: {} @@ -612,7 +575,8 @@ gitops-operator: kube-rbac-proxy: image: - repository: gcr.io/kubebuilder/kube-rbac-proxy + registry: gcr.io + repository: kubebuilder/kube-rbac-proxy tag: v0.14.1 pullPolicy: IfNotPresent From bac73be1d8cd7553cfa6be89c2b7ecf25380efe3 Mon Sep 17 00:00:00 2001 From: mikhail-klimko Date: Fri, 19 Jan 2024 13:39:38 +0300 Subject: [PATCH 2/6] add PR template --- .github/PULL_REQUEST_TEMPLATE.md | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 .github/PULL_REQUEST_TEMPLATE.md diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md new file mode 100644 index 00000000..d52927cf --- /dev/null +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -0,0 +1,6 @@ +## What + +## Why + +## Notes + \ No newline at end of file From 2744a16691f1245a8ccd7e890dd28dc05cb58449 Mon Sep 17 00:00:00 2001 From: mikhail-klimko Date: Fri, 19 Jan 2024 13:44:43 +0300 Subject: [PATCH 3/6] update tests --- .../tests/gitops-controller-misc_test.yaml | 29 +++++++++---------- 1 file changed, 14 insertions(+), 15 deletions(-) diff --git a/charts/gitops-runtime/tests/gitops-controller-misc_test.yaml b/charts/gitops-runtime/tests/gitops-controller-misc_test.yaml index caf95ab3..d8a75dc6 100644 --- a/charts/gitops-runtime/tests/gitops-controller-misc_test.yaml +++ b/charts/gitops-runtime/tests/gitops-controller-misc_test.yaml @@ -1,11 +1,11 @@ suite: misc tests on gitops-operator templates generation templates: - - gitops-operator/deployment.yaml - - gitops-operator/sa.yaml - - gitops-operator/rbac.yaml + - gitops-operator/templates/deployment.yaml + - gitops-operator/templates/sa.yaml + - gitops-operator/templates/rbac.yaml tests: - it: override both images works - template: 'gitops-operator/deployment.yaml' + template: 'gitops-operator/templates/deployment.yaml' set: gitops-operator: image: @@ -24,7 +24,7 @@ tests: value: example.com/repo:0.0.1 - it: override service account name - sa object - template: 'gitops-operator/sa.yaml' + template: 'gitops-operator/templates/sa.yaml' values: - ./values/mandatory-values.yaml set: @@ -35,7 +35,7 @@ tests: value: sa-name - it: override service account name - deployment - template: 'gitops-operator/deployment.yaml' + template: 'gitops-operator/templates/deployment.yaml' values: - ./values/mandatory-values.yaml set: @@ -46,7 +46,7 @@ tests: value: sa-name - it: overriding of environment variables on main container - template: 'gitops-operator/deployment.yaml' + template: 'gitops-operator/templates/deployment.yaml' values: - ./values/mandatory-values.yaml set: @@ -58,7 +58,7 @@ tests: name: PORT value: "8787" - it: adding environment variables on main container - template: 'gitops-operator/deployment.yaml' + template: 'gitops-operator/templates/deployment.yaml' values: - ./values/mandatory-values.yaml set: @@ -70,7 +70,7 @@ tests: name: SOME_ENV value: test - it: setting security context on main container - template: 'gitops-operator/deployment.yaml' + template: 'gitops-operator/templates/deployment.yaml' values: - ./values/mandatory-values.yaml set: @@ -80,7 +80,7 @@ tests: path: spec.template.spec.containers[1].securityContext.runAsUser value: 1000 - it: override readiness and liveness probes values - template: 'gitops-operator/deployment.yaml' + template: 'gitops-operator/templates/deployment.yaml' values: - ./values/mandatory-values.yaml set: @@ -126,7 +126,7 @@ tests: path: spec.template.spec.containers[1].livenessProbe.failureThreshold value: 1 - it: setting node selector - template: 'gitops-operator/deployment.yaml' + template: 'gitops-operator/templates/deployment.yaml' values: - ./values/mandatory-values.yaml set: @@ -139,7 +139,7 @@ tests: test.io/node: "test" - it: setting tolerations - template: 'gitops-operator/deployment.yaml' + template: 'gitops-operator/templates/deployment.yaml' values: - ./values/mandatory-values.yaml set: @@ -158,7 +158,7 @@ tests: effect: "NoSchedule" - it: setting affinity - template: 'gitops-operator/deployment.yaml' + template: 'gitops-operator/templates/deployment.yaml' values: - ./values/mandatory-values.yaml set: @@ -187,7 +187,7 @@ tests: - antarctica-west1 - it: contains all expected roles and role bindings - template: gitops-operator/rbac.yaml + template: gitops-operator/templates/rbac.yaml values: - ./values/mandatory-values.yaml asserts: @@ -235,4 +235,3 @@ tests: kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 name: leader-election - \ No newline at end of file From a9f37dce8bcf0e99c436aa845a78262b7b136d55 Mon Sep 17 00:00:00 2001 From: mikhail-klimko Date: Fri, 19 Jan 2024 13:49:17 +0300 Subject: [PATCH 4/6] update tests --- .../tests/gitops-controller-misc_test.yaml | 28 +++++++++---------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/charts/gitops-runtime/tests/gitops-controller-misc_test.yaml b/charts/gitops-runtime/tests/gitops-controller-misc_test.yaml index d8a75dc6..f15a8656 100644 --- a/charts/gitops-runtime/tests/gitops-controller-misc_test.yaml +++ b/charts/gitops-runtime/tests/gitops-controller-misc_test.yaml @@ -1,11 +1,11 @@ suite: misc tests on gitops-operator templates generation templates: - - gitops-operator/templates/deployment.yaml - - gitops-operator/templates/sa.yaml - - gitops-operator/templates/rbac.yaml + - charts/gitops-operator/templates/deployment.yaml + - charts/gitops-operator/templates/sa.yaml + - charts/gitops-operator/templates/rbac.yaml tests: - it: override both images works - template: 'gitops-operator/templates/deployment.yaml' + template: 'charts/gitops-operator/templates/deployment.yaml' set: gitops-operator: image: @@ -24,7 +24,7 @@ tests: value: example.com/repo:0.0.1 - it: override service account name - sa object - template: 'gitops-operator/templates/sa.yaml' + template: 'charts/gitops-operator/templates/sa.yaml' values: - ./values/mandatory-values.yaml set: @@ -35,7 +35,7 @@ tests: value: sa-name - it: override service account name - deployment - template: 'gitops-operator/templates/deployment.yaml' + template: 'charts/gitops-operator/templates/deployment.yaml' values: - ./values/mandatory-values.yaml set: @@ -46,7 +46,7 @@ tests: value: sa-name - it: overriding of environment variables on main container - template: 'gitops-operator/templates/deployment.yaml' + template: 'charts/gitops-operator/templates/deployment.yaml' values: - ./values/mandatory-values.yaml set: @@ -58,7 +58,7 @@ tests: name: PORT value: "8787" - it: adding environment variables on main container - template: 'gitops-operator/templates/deployment.yaml' + template: 'charts/gitops-operator/templates/deployment.yaml' values: - ./values/mandatory-values.yaml set: @@ -70,7 +70,7 @@ tests: name: SOME_ENV value: test - it: setting security context on main container - template: 'gitops-operator/templates/deployment.yaml' + template: 'charts/gitops-operator/templates/deployment.yaml' values: - ./values/mandatory-values.yaml set: @@ -80,7 +80,7 @@ tests: path: spec.template.spec.containers[1].securityContext.runAsUser value: 1000 - it: override readiness and liveness probes values - template: 'gitops-operator/templates/deployment.yaml' + template: 'charts/gitops-operator/templates/deployment.yaml' values: - ./values/mandatory-values.yaml set: @@ -126,7 +126,7 @@ tests: path: spec.template.spec.containers[1].livenessProbe.failureThreshold value: 1 - it: setting node selector - template: 'gitops-operator/templates/deployment.yaml' + template: 'charts/gitops-operator/templates/deployment.yaml' values: - ./values/mandatory-values.yaml set: @@ -139,7 +139,7 @@ tests: test.io/node: "test" - it: setting tolerations - template: 'gitops-operator/templates/deployment.yaml' + template: 'charts/gitops-operator/templates/deployment.yaml' values: - ./values/mandatory-values.yaml set: @@ -158,7 +158,7 @@ tests: effect: "NoSchedule" - it: setting affinity - template: 'gitops-operator/templates/deployment.yaml' + template: 'charts/gitops-operator/templates/deployment.yaml' values: - ./values/mandatory-values.yaml set: @@ -187,7 +187,7 @@ tests: - antarctica-west1 - it: contains all expected roles and role bindings - template: gitops-operator/templates/rbac.yaml + template: charts/gitops-operator/templates/rbac.yaml values: - ./values/mandatory-values.yaml asserts: From e76a137619b8520d76af9e7fcdf9458fc14a8a40 Mon Sep 17 00:00:00 2001 From: mikhail-klimko Date: Fri, 19 Jan 2024 14:43:12 +0300 Subject: [PATCH 5/6] Fri Jan 19 14:43:12 +03 2024: wip --- charts/gitops-runtime/Chart.yaml | 2 +- charts/gitops-runtime/values.yaml | 18 ++++++++---------- 2 files changed, 9 insertions(+), 11 deletions(-) diff --git a/charts/gitops-runtime/Chart.yaml b/charts/gitops-runtime/Chart.yaml index f8a52da5..f2859131 100644 --- a/charts/gitops-runtime/Chart.yaml +++ b/charts/gitops-runtime/Chart.yaml @@ -41,6 +41,6 @@ dependencies: condition: tunnel-client.enabled - name: codefresh-gitops-operator repository: oci://quay.io/codefresh/charts - version: 1.0.0 + version: 1.0.1 alias: gitops-operator condition: gitops-operator.enabled \ No newline at end of file diff --git a/charts/gitops-runtime/values.yaml b/charts/gitops-runtime/values.yaml index ea3eb681..50f42826 100644 --- a/charts/gitops-runtime/values.yaml +++ b/charts/gitops-runtime/values.yaml @@ -543,11 +543,10 @@ gitops-operator: additionalLabels: {} env: {} - image: - registry: quay.io - repository: codefresh/codefresh-gitops-operator - # tag: null # default to the appVersion of the codefresh-gitops-operator chart - pullPolicy: IfNotPresent + image: {} + # -- defaults + # repository: quay.io/codefresh/codefresh-gitops-operator + # tag: 'v{{ .Chart.AppVersion }}' serviceAccount: create: true @@ -574,11 +573,10 @@ gitops-operator: memory: 64Mi kube-rbac-proxy: - image: - registry: gcr.io - repository: kubebuilder/kube-rbac-proxy - tag: v0.14.1 - pullPolicy: IfNotPresent + image: {} + # -- defaults + # repository: gcr.io/kubebuilder/kube-rbac-proxy + # tag: v0.14.1 securityContext: allowPrivilegeEscalation: false From 440d9938ac7415796f6cb50333202600ff76b33d Mon Sep 17 00:00:00 2001 From: mikhail-klimko Date: Fri, 19 Jan 2024 17:40:22 +0300 Subject: [PATCH 6/6] Fri Jan 19 17:40:22 +03 2024: wip --- charts/gitops-runtime/templates/_helpers.tpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/gitops-runtime/templates/_helpers.tpl b/charts/gitops-runtime/templates/_helpers.tpl index 13a321e6..e2f74167 100644 --- a/charts/gitops-runtime/templates/_helpers.tpl +++ b/charts/gitops-runtime/templates/_helpers.tpl @@ -238,7 +238,7 @@ Output comma separated list of installed runtime components {{- $comptList = append $comptList $tunnelClient }} {{- end }} {{- if and (index .Values "gitops-operator") "enabled" }} - {{- $gitopsOperator := dict "name" "codefresh-gitops-operator" "version" (get .Subcharts "gitops-operator").Chart.AppVersion }} + {{- $gitopsOperator := dict "name" "gitops-operator" "version" (get .Subcharts "gitops-operator").Chart.AppVersion }} {{- $comptList = append $comptList $gitopsOperator }} {{- end }} {{- $comptList | toYaml }}