From 56ec0009350d01fc164801085536ba43de056aca Mon Sep 17 00:00:00 2001 From: Ilia Medvedev Date: Thu, 20 Mar 2025 15:13:39 +0200 Subject: [PATCH 01/49] workflow logs configuraion --- .../codefresh-workflow-log-store.yaml | 20 +++++++++++++++++++ charts/gitops-runtime/values.yaml | 11 ++++++++++ 2 files changed, 31 insertions(+) create mode 100644 charts/gitops-runtime/templates/codefresh-workflow-log-store.yaml diff --git a/charts/gitops-runtime/templates/codefresh-workflow-log-store.yaml b/charts/gitops-runtime/templates/codefresh-workflow-log-store.yaml new file mode 100644 index 00000000..92210719 --- /dev/null +++ b/charts/gitops-runtime/templates/codefresh-workflow-log-store.yaml @@ -0,0 +1,20 @@ +apiVersion: v1 +data: + codefresh-workflows-log-store: | + archiveLogs: true + s3: + bucket: {{ .Values.global.codefresh.accountId }} + endpoint: {{ index .Values "argo-workflows" "codefreshWorkflowLogs" "endpoint" }} + insecure: {{ index .Values "argo-workflows" "codefreshWorkflowLogs" "insecure" }} + keyFormat: {{ .Values.global.runtime.name }}/{{ "{{" }}workflow.name{{ "}}" }}/{{ "{{" }}pod.name{{ "}}" }} + accessKeySecret: + name: codefresh-token + key: token + secretKeySecret: + name: codefresh-token + key: token +kind: ConfigMap +metadata: + annotations: + workflows.argoproj.io/default-artifact-repository: codefresh-workflows-log-store + name: codefresh-workflows-log-store diff --git a/charts/gitops-runtime/values.yaml b/charts/gitops-runtime/values.yaml index 0a7624c5..fe5ff0ae 100644 --- a/charts/gitops-runtime/values.yaml +++ b/charts/gitops-runtime/values.yaml @@ -217,6 +217,17 @@ argo-workflows: resources: requests: ephemeral-storage: 10Mi + controller: + workflowDefaults: + spec: + # -- By default artifact repository is set to a Codefresh provided repository. For data privacy it is reccommended to set your own artifact repository. For instructions see: https://argo-workflows.readthedocs.io/en/latest/configure-artifact-repository/#configuring-your-artifact-repository + artifactRepositoryRef: + configMap: codefresh-workflows-log-store + key: codefresh-workflows-log-store + # -- Argo workflows logs storage on Codefresh platform settings. Don't change unless instructed by Codefresh support. + codefreshWorkflowLogs: + endpoint: gitops-workflow-logs.codefresh.io + insecure: false #----------------------------------------------------------------------------------------------------------------------- # Argo rollouts From 81fcfb7b116bef08266a17fc45aa2b15ded85633 Mon Sep 17 00:00:00 2001 From: Ilia Medvedev Date: Thu, 20 Mar 2025 15:17:43 +0200 Subject: [PATCH 02/49] logs --- charts/gitops-runtime/README.md | 54 ++++++++++++++++++--------------- 1 file changed, 29 insertions(+), 25 deletions(-) diff --git a/charts/gitops-runtime/README.md b/charts/gitops-runtime/README.md index 146b62e6..33e946c7 100644 --- a/charts/gitops-runtime/README.md +++ b/charts/gitops-runtime/README.md @@ -1,5 +1,5 @@ ## Codefresh gitops runtime -![Version: 0.0.0](https://img.shields.io/badge/Version-0.0.0-informational?style=flat-square) ![AppVersion: 0.1.55](https://img.shields.io/badge/AppVersion-0.1.55-informational?style=flat-square) +![Version: 0.0.0](https://img.shields.io/badge/Version-0.0.0-informational?style=flat-square) ![AppVersion: 0.1.67](https://img.shields.io/badge/AppVersion-0.1.67-informational?style=flat-square) ## Prerequisites @@ -16,17 +16,6 @@ See [Use OCI-based registries](https://helm.sh/docs/topics/registries/) ## Codefresh official documentation: Prior to running the installation please see the official documentation at: https://codefresh.io/docs/docs/installation/gitops/hybrid-gitops-helm-installation/ -## WARNING! ARGO-CD 7.x.x CHART BREAKING CHANGE - -In the runtime release `0.12.0` we upgraded to the latest argo-cd `7.x.x` helm chart which -contains a breaking change in the values used for providing cluster credentials -(in this chart it's located under the path `argo-cd.configs.clusterCredentials`). -`clusterCredentials` used to be of type `list` -- now it's a `map` (`object`). -See the [release notes](https://github.com/argoproj/argo-helm/releases/tag/argo-cd-7.0.0). - -Codefresh Gitops Runtime does NOT use these values directly -- so the runtimes -with the default configuration are not affected. - ## Using with private registries - Helper utility The GitOps Runtime comprises multiple subcharts and container images. Subcharts also vary in values structure, making it difficult to override image specific values to use private registries. We have created a helper utility to resolve this issue: @@ -87,21 +76,21 @@ sealed-secrets: | app-proxy.config.argoCdUsername | string | `"admin"` | ArgoCD user to be used by app-proxy | | app-proxy.config.argoWorkflowsInsecure | string | `"true"` | | | app-proxy.config.argoWorkflowsUrl | string | `nil` | Workflows server url. Determined by chart logic. Do not change unless you are certain you need to | +| app-proxy.config.clusterChunkSize | int | `50` | define cluster list size per request to report the cluster state to platform, e.g. if you have 90 clusters and set clusterChunkSize: 40, it means cron job will report cluster state to platform in 3 iterations (40,40,10) - reduce this value if you have a lot of clusters and the cron job is failing with payload too large error - use 0 to sync all clusters at once | | app-proxy.config.env | string | `"production"` | | | app-proxy.config.logLevel | string | `"info"` | Log Level | | app-proxy.config.skipGitPermissionValidation | string | `"false"` | Skit git permissions validation | -| app-proxy.config.clusterChunkSize | int | `0` | Number of clusters per request. App-proxy will split and refresh the cluster list with chunks with size `clusterChunkSize`. When the default value is used the cluster list will be refreshed with one chunk (no split; not recommended when cluster list is too large). | | app-proxy.env | object | `{}` | | | app-proxy.extraVolumeMounts | list | `[]` | Extra volume mounts for main container | | app-proxy.extraVolumes | list | `[]` | extra volumes | | app-proxy.fullnameOverride | string | `"cap-app-proxy"` | | -| app-proxy.image-enrichment | object | `{"config":{"clientHeartbeatIntervalInSeconds":5,"concurrencyCmKey":"imageReportExecutor","concurrencyCmName":"workflow-synchronization-semaphores","images":{"gitEnrichment":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-image-enricher-git-info","tag":"1.1.11-main"},"jiraEnrichment":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-image-enricher-jira-info","tag":"1.1.11-main"},"reportImage":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-report-image-info","tag":"1.1.11-main"}},"podGcStrategy":"OnWorkflowCompletion","ttlActiveInSeconds":900,"ttlAfterCompletionInSeconds":86400},"enabled":true,"serviceAccount":{"annotations":null,"create":true,"name":"codefresh-image-enrichment-sa"}}` | Image enrichment process configuration | -| app-proxy.image-enrichment.config | object | `{"clientHeartbeatIntervalInSeconds":5,"concurrencyCmKey":"imageReportExecutor","concurrencyCmName":"workflow-synchronization-semaphores","images":{"gitEnrichment":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-image-enricher-git-info","tag":"1.1.11-main"},"jiraEnrichment":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-image-enricher-jira-info","tag":"1.1.11-main"},"reportImage":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-report-image-info","tag":"1.1.11-main"}},"podGcStrategy":"OnWorkflowCompletion","ttlActiveInSeconds":900,"ttlAfterCompletionInSeconds":86400}` | Configurations for image enrichment workflow | +| app-proxy.image-enrichment | object | `{"config":{"clientHeartbeatIntervalInSeconds":5,"concurrencyCmKey":"imageReportExecutor","concurrencyCmName":"workflow-synchronization-semaphores","images":{"gitEnrichment":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-image-enricher-git-info","tag":"1.1.12-main"},"jiraEnrichment":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-image-enricher-jira-info","tag":"1.1.12-main"},"reportImage":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-report-image-info","tag":"1.1.12-main"}},"podGcStrategy":"OnWorkflowCompletion","ttlActiveInSeconds":900,"ttlAfterCompletionInSeconds":86400},"enabled":true,"serviceAccount":{"annotations":null,"create":true,"name":"codefresh-image-enrichment-sa"}}` | Image enrichment process configuration | +| app-proxy.image-enrichment.config | object | `{"clientHeartbeatIntervalInSeconds":5,"concurrencyCmKey":"imageReportExecutor","concurrencyCmName":"workflow-synchronization-semaphores","images":{"gitEnrichment":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-image-enricher-git-info","tag":"1.1.12-main"},"jiraEnrichment":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-image-enricher-jira-info","tag":"1.1.12-main"},"reportImage":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-report-image-info","tag":"1.1.12-main"}},"podGcStrategy":"OnWorkflowCompletion","ttlActiveInSeconds":900,"ttlAfterCompletionInSeconds":86400}` | Configurations for image enrichment workflow | | app-proxy.image-enrichment.config.clientHeartbeatIntervalInSeconds | int | `5` | Client heartbeat interval in seconds for image enrichemnt workflow | | app-proxy.image-enrichment.config.concurrencyCmKey | string | `"imageReportExecutor"` | The name of the key in the configmap to use as synchronization semaphore | | app-proxy.image-enrichment.config.concurrencyCmName | string | `"workflow-synchronization-semaphores"` | The name of the configmap to use as synchronization semaphore, see https://argoproj.github.io/argo-workflows/synchronization/ | -| app-proxy.image-enrichment.config.images | object | `{"gitEnrichment":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-image-enricher-git-info","tag":"1.1.11-main"},"jiraEnrichment":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-image-enricher-jira-info","tag":"1.1.11-main"},"reportImage":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-report-image-info","tag":"1.1.11-main"}}` | Enrichemnt images | -| app-proxy.image-enrichment.config.images.reportImage | object | `{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-report-image-info","tag":"1.1.11-main"}` | Report image enrichment task image | +| app-proxy.image-enrichment.config.images | object | `{"gitEnrichment":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-image-enricher-git-info","tag":"1.1.12-main"},"jiraEnrichment":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-image-enricher-jira-info","tag":"1.1.12-main"},"reportImage":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-report-image-info","tag":"1.1.12-main"}}` | Enrichemnt images | +| app-proxy.image-enrichment.config.images.reportImage | object | `{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-report-image-info","tag":"1.1.12-main"}` | Report image enrichment task image | | app-proxy.image-enrichment.config.podGcStrategy | string | `"OnWorkflowCompletion"` | Pod grabage collection strategy. By default all pods will be deleted when the enrichment workflow completes. | | app-proxy.image-enrichment.config.ttlActiveInSeconds | int | `900` | Maximum allowed runtime for the enrichment workflow | | app-proxy.image-enrichment.config.ttlAfterCompletionInSeconds | int | `86400` | Number of seconds to live after completion | @@ -112,14 +101,14 @@ sealed-secrets: | app-proxy.image-enrichment.serviceAccount.name | string | `"codefresh-image-enrichment-sa"` | Name of the service account to create or the name of the existing one to use | | app-proxy.image.pullPolicy | string | `"IfNotPresent"` | | | app-proxy.image.repository | string | `"quay.io/codefresh/cap-app-proxy"` | | -| app-proxy.image.tag | string | `"1.2969.0"` | | +| app-proxy.image.tag | string | `"1.3318.0"` | | | app-proxy.imagePullSecrets | list | `[]` | | | app-proxy.initContainer.command[0] | string | `"./init.sh"` | | | app-proxy.initContainer.env | object | `{}` | | | app-proxy.initContainer.extraVolumeMounts | list | `[]` | Extra volume mounts for init container | | app-proxy.initContainer.image.pullPolicy | string | `"IfNotPresent"` | | | app-proxy.initContainer.image.repository | string | `"quay.io/codefresh/cap-app-proxy-init"` | | -| app-proxy.initContainer.image.tag | string | `"1.2969.0"` | | +| app-proxy.initContainer.image.tag | string | `"1.3307.0"` | | | app-proxy.initContainer.resources.limits.cpu | string | `"1"` | | | app-proxy.initContainer.resources.limits.memory | string | `"512Mi"` | | | app-proxy.initContainer.resources.requests.cpu | string | `"0.2"` | | @@ -168,17 +157,30 @@ sealed-secrets: | argo-cd.eventReporter.replicas | int | `3` | Amount of shards to handle applications events | | argo-cd.eventReporter.version | string | `"v2"` | Switches between old and new reporter version. Possible values: v1, v2. For v2 `argo-cd.eventReporter.enabled=true` is required | | argo-cd.fullnameOverride | string | `"argo-cd"` | | +| argo-events.configs.jetstream.versions[0].configReloaderImage | string | `"natsio/nats-server-config-reloader:0.16.0"` | | +| argo-events.configs.jetstream.versions[0].metricsExporterImage | string | `"natsio/prometheus-nats-exporter:0.15.0"` | | +| argo-events.configs.jetstream.versions[0].natsImage | string | `"nats:2.10.21"` | | +| argo-events.configs.jetstream.versions[0].startCommand | string | `"/nats-server"` | | +| argo-events.configs.jetstream.versions[0].version | string | `"latest"` | | +| argo-events.configs.nats.versions[0].metricsExporterImage | string | `"natsio/prometheus-nats-exporter:0.15.0"` | | +| argo-events.configs.nats.versions[0].natsStreamingImage | string | `"nats-streaming:0.25.6"` | | +| argo-events.configs.nats.versions[0].version | string | `"0.22.1"` | | | argo-events.crds.install | bool | `false` | | | argo-events.fullnameOverride | string | `"argo-events"` | | | argo-rollouts.controller.replicas | int | `1` | | | argo-rollouts.enabled | bool | `true` | | | argo-rollouts.fullnameOverride | string | `"argo-rollouts"` | | | argo-rollouts.installCRDs | bool | `true` | | +| argo-workflows.codefreshWorkflowLogs | object | `{"endpoint":"gitops-workflow-logs.codefresh.io","insecure":false}` | Argo workflows logs storage on Codefresh platform settings. Don't change unless instructed by Codefresh support. | +| argo-workflows.controller.workflowDefaults.spec.artifactRepositoryRef | object | `{"configMap":"codefresh-workflows-log-store","key":"codefresh-workflows-log-store"}` | By default artifact repository is set to a Codefresh provided repository. For data privacy it is reccommended to set your own artifact repository. For instructions see: https://argo-workflows.readthedocs.io/en/latest/configure-artifact-repository/#configuring-your-artifact-repository | | argo-workflows.crds.install | bool | `true` | Install and upgrade CRDs | | argo-workflows.enabled | bool | `true` | | +| argo-workflows.executor.resources.requests.ephemeral-storage | string | `"10Mi"` | | | argo-workflows.fullnameOverride | string | `"argo"` | | +| argo-workflows.mainContainer.resources.requests.ephemeral-storage | string | `"10Mi"` | | | argo-workflows.server.authModes | list | `["client"]` | auth-mode needs to be set to client to be able to see workflow logs from Codefresh UI | | argo-workflows.server.baseHref | string | `"/workflows/"` | Do not change. Workflows UI is only accessed through internal router, changing this values will break routing to workflows native UI from Codefresh. | +| cf-argocd-extras | object | `{"enabled":false,"sourcesServer":{"container":{"env":{"SOURCES_SERVER_ARGO_CD_SERVER":{"valueFrom":{"configMapKeyRef":{"key":"argoCdUrl","name":"cap-app-proxy-cm"}}},"SOURCES_SERVER_ARGO_CD_TOKEN":{"valueFrom":{"secretKeyRef":{"key":"token","name":"argocd-token"}}}},"image":{"tag":"2025.01.27-6069b19"}}}}` | Codefresh extra services for ArgoCD | | event-reporters.rollout.eventSource.affinity | object | `{}` | | | event-reporters.rollout.eventSource.nodeSelector | object | `{}` | | | event-reporters.rollout.eventSource.replicas | int | `1` | | @@ -215,13 +217,14 @@ sealed-secrets: | event-reporters.workflow.sensor.retryStrategy.steps | int | `3` | Number of retries | | event-reporters.workflow.sensor.tolerations | list | `[]` | | | event-reporters.workflow.serviceAccount.create | bool | `true` | | -| garage-workflows-artifact-storage | object | `{"deployment":{"kind":"StatefulSet","replicaCount":3},"enabled":false,"fullnameOverride":"garage","garage":{"replicationMode":3},"persistence":{"data":{"size":"100Mi","storageClass":""},"enabled":true,"meta":{"size":"100Mi","storageClass":""}},"resources":{}}` | Builtin Workflows artifacts storage solution. Local S3 backed by local persistence with (PV and PVC) | +| garage-workflows-artifact-storage | object | `{"deployment":{"kind":"StatefulSet","replicaCount":3},"enabled":false,"fullnameOverride":"garage","garage":{"replicationMode":3},"persistence":{"data":{"size":"100Mi","storageClass":""},"enabled":true,"meta":{"size":"100Mi","storageClass":""}},"resources":{},"tests":{"enabled":false}}` | Builtin Workflows artifacts storage solution. Local S3 backed by local persistence with (PV and PVC) | | garage-workflows-artifact-storage.deployment.kind | string | `"StatefulSet"` | Only statefulset is supported for Codefresh gitops runtime. Do not change this | | garage-workflows-artifact-storage.persistence.data | object | `{"size":"100Mi","storageClass":""}` | Volume that stores artifacts and logs for workflows | | garage-workflows-artifact-storage.persistence.data.storageClass | string | `""` | When empty value empty the default storage class for the cluster will be used | | garage-workflows-artifact-storage.persistence.meta | object | `{"size":"100Mi","storageClass":""}` | Volume that stores cluster metadata | | garage-workflows-artifact-storage.persistence.meta.storageClass | string | `""` | When empty value empty the default storage class for the cluster will be used | | garage-workflows-artifact-storage.resources | object | `{}` | Resources for garage pods. For smaller deployments at least 100m CPU and 1024Mi memory is reccommended. For larger deployments double this size. | +| garage-workflows-artifact-storage.tests | object | `{"enabled":false}` | Helm tests | | gitops-operator.affinity | object | `{}` | | | gitops-operator.argoCdNotifications | object | `{"image":{},"imageOverride":false,"resources":{}}` | Builtin notifications controller used by gitops-operator for promotion related notifications | | gitops-operator.argoCdNotifications.image | object | `{}` | Set image.repository and image.tag notifications image used by the gitops operator. Ignored unless imageOverride is set to true. | @@ -237,7 +240,7 @@ sealed-secrets: | gitops-operator.fullnameOverride | string | `""` | | | gitops-operator.image | object | `{}` | | | gitops-operator.imagePullSecrets | list | `[]` | | -| gitops-operator.kube-rbac-proxy.image | object | `{}` | | +| gitops-operator.kube-rbac-proxy.image.tag | string | `"v0.16.0"` | | | gitops-operator.kube-rbac-proxy.resources.limits.cpu | string | `"500m"` | | | gitops-operator.kube-rbac-proxy.resources.limits.memory | string | `"128Mi"` | | | gitops-operator.kube-rbac-proxy.resources.requests.cpu | string | `"100m"` | | @@ -271,7 +274,7 @@ sealed-secrets: | global.codefresh.userToken | object | `{"secretKeyRef":{},"token":""}` | User token. Used for runtime registration against the patform. One of token (for plain text value) or secretKeyRef must be provided. | | global.codefresh.userToken.secretKeyRef | object | `{}` | User token that references an existing secret containing the token. | | global.codefresh.userToken.token | string | `""` | User token in plain text. The chart creates and manages the secret for this token. | -| global.runtime | object | `{"cluster":"https://kubernetes.default.svc","codefreshHosted":false,"eventBus":{"annotations":{},"name":"codefresh-eventbus","nats":{"native":{"auth":"token","containerTemplate":{"resources":{"limits":{"cpu":"500m","ephemeral-storage":"2Gi","memory":"4Gi"},"requests":{"cpu":"200m","ephemeral-storage":"2Gi","memory":"1Gi"}}},"maxPayload":"4MB","replicas":3}},"pdb":{"enabled":true,"minAvailable":2}},"gitCredentials":{"password":{"secretKeyRef":{},"value":null},"username":"username"},"ingress":{"annotations":{},"className":"nginx","enabled":false,"hosts":[],"protocol":"https","tls":[]},"ingressUrl":"","isConfigurationRuntime":false,"name":null}` | Runtime level settings | +| global.runtime | object | `{"cluster":"https://kubernetes.default.svc","codefreshHosted":false,"eventBus":{"annotations":{},"name":"codefresh-eventbus","nats":{"native":{"auth":"token","containerTemplate":{"resources":{"limits":{"cpu":"500m","ephemeral-storage":"2Gi","memory":"4Gi"},"requests":{"cpu":"200m","ephemeral-storage":"2Gi","memory":"1Gi"}}},"maxPayload":"4MB","replicas":3}},"pdb":{"enabled":true,"minAvailable":2}},"gitCredentials":{"password":{"secretKeyRef":{},"value":null},"username":"username"},"ingress":{"annotations":{},"className":"nginx","enabled":false,"hosts":[],"protocol":"https","skipValidation":false,"tls":[]},"ingressUrl":"","isConfigurationRuntime":false,"name":null}` | Runtime level settings | | global.runtime.cluster | string | `"https://kubernetes.default.svc"` | Runtime cluster. Should not be changed. | | global.runtime.codefreshHosted | bool | `false` | Defines whether this is a Codefresh hosted runtime. Should not be changed. | | global.runtime.eventBus.annotations | object | `{}` | Annotations on EventBus resource | @@ -283,10 +286,11 @@ sealed-secrets: | global.runtime.gitCredentials.password.secretKeyRef | object | `{}` | secretKeyReference for Git credentials password. Provide name and key fields. | | global.runtime.gitCredentials.password.value | string | `nil` | Plain text password | | global.runtime.gitCredentials.username | string | `"username"` | Username. Optional when using token in password. | -| global.runtime.ingress | object | `{"annotations":{},"className":"nginx","enabled":false,"hosts":[],"protocol":"https","tls":[]}` | Ingress settings | +| global.runtime.ingress | object | `{"annotations":{},"className":"nginx","enabled":false,"hosts":[],"protocol":"https","skipValidation":false,"tls":[]}` | Ingress settings | | global.runtime.ingress.enabled | bool | `false` | Defines if ingress-based access mode is enabled for runtime. To use tunnel-based (ingressless) access mode, set to false. | | global.runtime.ingress.hosts | list | `[]` | Hosts for runtime ingress. Note that Codefresh platform will always use the first host in the list to access the runtime. | | global.runtime.ingress.protocol | string | `"https"` | The protocol that Codefresh platform will use to access the runtime ingress. Can be http or https. | +| global.runtime.ingress.skipValidation | bool | `false` | if set to true, the pre-install hook will validate the existance of appropriate values, but *will not* attempt to make a web request to the ingress host | | global.runtime.ingressUrl | string | `""` | Explicit url for runtime ingress. Provide this value only if you don't want the chart to create and ingress (global.runtime.ingress.enabled=false) and tunnel-client is not used (tunnel-client.enabled=false) | | global.runtime.isConfigurationRuntime | bool | `false` | is the runtime set as a "configuration runtime". | | global.runtime.name | string | `nil` | Runtime name. Must be unique per platform account. | @@ -300,7 +304,7 @@ sealed-secrets: | internal-router.fullnameOverride | string | `"internal-router"` | | | internal-router.image.pullPolicy | string | `"IfNotPresent"` | | | internal-router.image.repository | string | `"nginxinc/nginx-unprivileged"` | | -| internal-router.image.tag | string | `"1.25-alpine"` | | +| internal-router.image.tag | string | `"1.26-alpine3.20"` | | | internal-router.imagePullSecrets | list | `[]` | | | internal-router.ipv6 | object | `{"enabled":false}` | For ipv6 enabled clusters switch ipv6 enabled to true | | internal-router.nameOverride | string | `""` | | @@ -324,7 +328,7 @@ sealed-secrets: | internal-router.serviceAccount.create | bool | `true` | | | internal-router.serviceAccount.name | string | `""` | | | internal-router.tolerations | list | `[]` | | -| sealed-secrets | object | `{"fullnameOverride":"sealed-secrets-controller","image":{"registry":"quay.io","repository":"codefresh/sealed-secrets-controller","tag":"v0.24.5"},"keyrenewperiod":"720h","resources":{"limits":{"cpu":"500m","memory":"1Gi"},"requests":{"cpu":"200m","memory":"512Mi"}}}` | --------------------------------------------------------------------------------------------------------------------- | +| sealed-secrets | object | `{"fullnameOverride":"sealed-secrets-controller","image":{"registry":"quay.io","repository":"codefresh/sealed-secrets-controller","tag":"0.28.0"},"keyrenewperiod":"720h","resources":{"limits":{"cpu":"500m","memory":"1Gi"},"requests":{"cpu":"200m","memory":"512Mi"}}}` | --------------------------------------------------------------------------------------------------------------------- | | tunnel-client | object | `{"enabled":true,"libraryMode":true,"tunnelServer":{"host":"register-tunnels.cf-cd.com","subdomainHost":"tunnels.cf-cd.com"}}` | Tunnel based runtime. Not supported for on-prem platform. In on-prem use ingress based runtimes. | | tunnel-client.enabled | bool | `true` | Will only be used if global.runtime.ingress.enabled = false | | tunnel-client.libraryMode | bool | `true` | Do not change this value! Breaks chart logic | From dbdf50adff6ef3781c3042c43140bd4c8c753f54 Mon Sep 17 00:00:00 2001 From: Ilia Medvedev Date: Thu, 20 Mar 2025 15:25:12 +0200 Subject: [PATCH 03/49] remove Garage --- charts/gitops-runtime/Chart.yaml | 5 ----- charts/gitops-runtime/values.yaml | 32 ------------------------------- 2 files changed, 37 deletions(-) diff --git a/charts/gitops-runtime/Chart.yaml b/charts/gitops-runtime/Chart.yaml index 19311e7b..5f678531 100644 --- a/charts/gitops-runtime/Chart.yaml +++ b/charts/gitops-runtime/Chart.yaml @@ -41,11 +41,6 @@ dependencies: version: 0.3.27 alias: gitops-operator condition: gitops-operator.enabled -- name: garage - repository: https://codefresh-io.github.io/garage - alias: garage-workflows-artifact-storage - version: 0.5.0-cf.3 - condition: garage-workflows-artifact-storage.enabled - name: cf-argocd-extras repository: oci://quay.io/codefresh/charts version: 0.1.0 diff --git a/charts/gitops-runtime/values.yaml b/charts/gitops-runtime/values.yaml index fe5ff0ae..bc6df808 100644 --- a/charts/gitops-runtime/values.yaml +++ b/charts/gitops-runtime/values.yaml @@ -648,38 +648,6 @@ gitops-operator: cpu: 100m memory: 64Mi #----------------------------------------------------------------------------------------------------------------------- -# Garage -#----------------------------------------------------------------------------------------------------------------------- -# -- Builtin Workflows artifacts storage solution. Local S3 backed by local persistence with (PV and PVC) -garage-workflows-artifact-storage: - fullnameOverride: garage - enabled: false - deployment: - # -- Only statefulset is supported for Codefresh gitops runtime. Do not change this - kind: StatefulSet - replicaCount: 3 - garage: - #-- Default to 3 replicas, see the replication_mode section at https://garagehq.deuxfleurs.fr/documentation/reference-manual/configuration/#replication-mode - replicationMode: 3 - persistence: - enabled: true - # -- Volume that stores cluster metadata - meta: - # -- When empty value empty the default storage class for the cluster will be used - storageClass: "" - size: 100Mi - # -- Volume that stores artifacts and logs for workflows - data: - # -- When empty value empty the default storage class for the cluster will be used - storageClass: "" - size: 100Mi - # -- Resources for garage pods. For smaller deployments at least 100m CPU and 1024Mi memory is reccommended. For larger deployments double this size. - resources: {} - # -- Helm tests - tests: - enabled: false - -#----------------------------------------------------------------------------------------------------------------------- # cf-argocd-extras #----------------------------------------------------------------------------------------------------------------------- # -- Codefresh extra services for ArgoCD From fed6bc9bc6db6367c8976ea930a8d14fc382b953 Mon Sep 17 00:00:00 2001 From: Ilia Medvedev Date: Sun, 23 Mar 2025 12:18:03 +0200 Subject: [PATCH 04/49] set account id as required for worfklow log store --- .../gitops-runtime/templates/codefresh-workflow-log-store.yaml | 1 + charts/gitops-runtime/templates/tunnel-client.yaml | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/charts/gitops-runtime/templates/codefresh-workflow-log-store.yaml b/charts/gitops-runtime/templates/codefresh-workflow-log-store.yaml index 92210719..d83d653a 100644 --- a/charts/gitops-runtime/templates/codefresh-workflow-log-store.yaml +++ b/charts/gitops-runtime/templates/codefresh-workflow-log-store.yaml @@ -1,3 +1,4 @@ +{{- $_ := required "global.codefresh.accountId is required" .Values.global.codefresh.accountId }} apiVersion: v1 data: codefresh-workflows-log-store: | diff --git a/charts/gitops-runtime/templates/tunnel-client.yaml b/charts/gitops-runtime/templates/tunnel-client.yaml index 2b4368e8..8d5b0c70 100644 --- a/charts/gitops-runtime/templates/tunnel-client.yaml +++ b/charts/gitops-runtime/templates/tunnel-client.yaml @@ -10,4 +10,4 @@ reduce complexity of installation and number or mandatory values to provide for {{ $runtimeName := required "runtime.name is required" .Values.global.runtime.name }} {{ $_ := set $tunnelClientContext.Values.tunnel "subdomainPrefix" (printf "%s-%s" $accoundId $runtimeName)}} {{- include "codefresh-tunnel-client.resources" $tunnelClientContext }} -{{- end }} \ No newline at end of file +{{- end }} From cc7acb89423a0ae6d05075a1f59d9b79e06a84f6 Mon Sep 17 00:00:00 2001 From: Ilia Medvedev Date: Mon, 24 Mar 2025 08:22:47 +0200 Subject: [PATCH 05/49] Add readme section --- charts/gitops-runtime/README.md | 19 +++++++++++-------- charts/gitops-runtime/README.md.gotmpl | 14 ++++++++++++++ 2 files changed, 25 insertions(+), 8 deletions(-) diff --git a/charts/gitops-runtime/README.md b/charts/gitops-runtime/README.md index 33e946c7..73eb9fad 100644 --- a/charts/gitops-runtime/README.md +++ b/charts/gitops-runtime/README.md @@ -16,6 +16,17 @@ See [Use OCI-based registries](https://helm.sh/docs/topics/registries/) ## Codefresh official documentation: Prior to running the installation please see the official documentation at: https://codefresh.io/docs/docs/installation/gitops/hybrid-gitops-helm-installation/ +## Argo-workflows artifact and log storage +[!IMPORTANT] +This version of the chart includes default configuration for storing workflow artifacts and logs in Codefresh provided s3 compatible storage. +If you have your own storage configuration using the default configmap `artifact-repositories` upgrading the chart will override your artifact storage configuration. +To prevent this please set `argo-workflows.controller.workflowDefaults.spec.workflowDefaults.artifactRepository.configMap` to `artifact-repositories` and `argo-workflows.controller.workflowDefaults.spec.workflowDefaults.artifactRepository.key` +to the respective key in your configmap identifying the repository. +[!WARNING] +It's highly recommended to use your own artifact storage for data privacy reasons. +Codefresh provided storage has a retention policy of 14 days and limitations on uploaded file sizes. +Please refer to the official documentation for more details. + ## Using with private registries - Helper utility The GitOps Runtime comprises multiple subcharts and container images. Subcharts also vary in values structure, making it difficult to override image specific values to use private registries. We have created a helper utility to resolve this issue: @@ -217,14 +228,6 @@ sealed-secrets: | event-reporters.workflow.sensor.retryStrategy.steps | int | `3` | Number of retries | | event-reporters.workflow.sensor.tolerations | list | `[]` | | | event-reporters.workflow.serviceAccount.create | bool | `true` | | -| garage-workflows-artifact-storage | object | `{"deployment":{"kind":"StatefulSet","replicaCount":3},"enabled":false,"fullnameOverride":"garage","garage":{"replicationMode":3},"persistence":{"data":{"size":"100Mi","storageClass":""},"enabled":true,"meta":{"size":"100Mi","storageClass":""}},"resources":{},"tests":{"enabled":false}}` | Builtin Workflows artifacts storage solution. Local S3 backed by local persistence with (PV and PVC) | -| garage-workflows-artifact-storage.deployment.kind | string | `"StatefulSet"` | Only statefulset is supported for Codefresh gitops runtime. Do not change this | -| garage-workflows-artifact-storage.persistence.data | object | `{"size":"100Mi","storageClass":""}` | Volume that stores artifacts and logs for workflows | -| garage-workflows-artifact-storage.persistence.data.storageClass | string | `""` | When empty value empty the default storage class for the cluster will be used | -| garage-workflows-artifact-storage.persistence.meta | object | `{"size":"100Mi","storageClass":""}` | Volume that stores cluster metadata | -| garage-workflows-artifact-storage.persistence.meta.storageClass | string | `""` | When empty value empty the default storage class for the cluster will be used | -| garage-workflows-artifact-storage.resources | object | `{}` | Resources for garage pods. For smaller deployments at least 100m CPU and 1024Mi memory is reccommended. For larger deployments double this size. | -| garage-workflows-artifact-storage.tests | object | `{"enabled":false}` | Helm tests | | gitops-operator.affinity | object | `{}` | | | gitops-operator.argoCdNotifications | object | `{"image":{},"imageOverride":false,"resources":{}}` | Builtin notifications controller used by gitops-operator for promotion related notifications | | gitops-operator.argoCdNotifications.image | object | `{}` | Set image.repository and image.tag notifications image used by the gitops operator. Ignored unless imageOverride is set to true. | diff --git a/charts/gitops-runtime/README.md.gotmpl b/charts/gitops-runtime/README.md.gotmpl index cf5a7dfc..c042c54f 100644 --- a/charts/gitops-runtime/README.md.gotmpl +++ b/charts/gitops-runtime/README.md.gotmpl @@ -16,6 +16,20 @@ See [Use OCI-based registries](https://helm.sh/docs/topics/registries/) ## Codefresh official documentation: Prior to running the installation please see the official documentation at: https://codefresh.io/docs/docs/installation/gitops/hybrid-gitops-helm-installation/ +## Argo-workflows artifact and log storage +[!IMPORTANT] +This version of the chart includes default configuration for storing workflow artifacts and logs in Codefresh provided s3 compatible storage. +If you have your own storage configuration using the default configmap `artifact-repositories` upgrading the chart will override your artifact storage configuration. +To prevent this please set `argo-workflows.controller.workflowDefaults.spec.workflowDefaults.artifactRepository.configMap` to `artifact-repositories` and `argo-workflows.controller.workflowDefaults.spec.workflowDefaults.artifactRepository.key` +to the respective key in your configmap identifying the repository. +[!WARNING] +It's highly recommended to use your own artifact storage for data privacy reasons. +Codefresh provided storage has a retention policy of 14 days and limitations on uploaded file sizes. +Please refer to the official documentation for more details. + + + + ## Using with private registries - Helper utility The GitOps Runtime comprises multiple subcharts and container images. Subcharts also vary in values structure, making it difficult to override image specific values to use private registries. We have created a helper utility to resolve this issue: From 6c29291d8ad3d70a9fcbfd798c81291a87b7e1e2 Mon Sep 17 00:00:00 2001 From: Ilia Medvedev Date: Mon, 24 Mar 2025 10:08:04 +0200 Subject: [PATCH 06/49] Add readme section --- charts/gitops-runtime/README.md.gotmpl | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/charts/gitops-runtime/README.md.gotmpl b/charts/gitops-runtime/README.md.gotmpl index c042c54f..10810b63 100644 --- a/charts/gitops-runtime/README.md.gotmpl +++ b/charts/gitops-runtime/README.md.gotmpl @@ -17,15 +17,15 @@ See [Use OCI-based registries](https://helm.sh/docs/topics/registries/) Prior to running the installation please see the official documentation at: https://codefresh.io/docs/docs/installation/gitops/hybrid-gitops-helm-installation/ ## Argo-workflows artifact and log storage -[!IMPORTANT] -This version of the chart includes default configuration for storing workflow artifacts and logs in Codefresh provided s3 compatible storage. +> [!IMPORTANT] +> This version of the chart includes default configuration for storing workflow artifacts and logs in Codefresh provided s3 compatible storage. If you have your own storage configuration using the default configmap `artifact-repositories` upgrading the chart will override your artifact storage configuration. To prevent this please set `argo-workflows.controller.workflowDefaults.spec.workflowDefaults.artifactRepository.configMap` to `artifact-repositories` and `argo-workflows.controller.workflowDefaults.spec.workflowDefaults.artifactRepository.key` to the respective key in your configmap identifying the repository. -[!WARNING] -It's highly recommended to use your own artifact storage for data privacy reasons. -Codefresh provided storage has a retention policy of 14 days and limitations on uploaded file sizes. -Please refer to the official documentation for more details. +> [!WARNING] +> It's highly recommended to use your own artifact storage for data privacy reasons. +> Codefresh provided storage has a retention policy of 14 days and limitations on uploaded file sizes. +> Please refer to the official documentation for more details. From 913f2ae4506e116786c69643f349b4aec3ca7809 Mon Sep 17 00:00:00 2001 From: Ilia Medvedev Date: Mon, 24 Mar 2025 10:09:53 +0200 Subject: [PATCH 07/49] Add readme section --- charts/gitops-runtime/README.md.gotmpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/gitops-runtime/README.md.gotmpl b/charts/gitops-runtime/README.md.gotmpl index 10810b63..7344214b 100644 --- a/charts/gitops-runtime/README.md.gotmpl +++ b/charts/gitops-runtime/README.md.gotmpl @@ -17,7 +17,7 @@ See [Use OCI-based registries](https://helm.sh/docs/topics/registries/) Prior to running the installation please see the official documentation at: https://codefresh.io/docs/docs/installation/gitops/hybrid-gitops-helm-installation/ ## Argo-workflows artifact and log storage -> [!IMPORTANT] +> [!NOTE] > This version of the chart includes default configuration for storing workflow artifacts and logs in Codefresh provided s3 compatible storage. If you have your own storage configuration using the default configmap `artifact-repositories` upgrading the chart will override your artifact storage configuration. To prevent this please set `argo-workflows.controller.workflowDefaults.spec.workflowDefaults.artifactRepository.configMap` to `artifact-repositories` and `argo-workflows.controller.workflowDefaults.spec.workflowDefaults.artifactRepository.key` From 0ef3994428c6c0e313915a534092ff46db929028 Mon Sep 17 00:00:00 2001 From: Ilia Medvedev Date: Mon, 24 Mar 2025 10:10:56 +0200 Subject: [PATCH 08/49] Add readme section --- charts/gitops-runtime/README.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/charts/gitops-runtime/README.md b/charts/gitops-runtime/README.md index 73eb9fad..1afbb128 100644 --- a/charts/gitops-runtime/README.md +++ b/charts/gitops-runtime/README.md @@ -17,15 +17,15 @@ See [Use OCI-based registries](https://helm.sh/docs/topics/registries/) Prior to running the installation please see the official documentation at: https://codefresh.io/docs/docs/installation/gitops/hybrid-gitops-helm-installation/ ## Argo-workflows artifact and log storage -[!IMPORTANT] -This version of the chart includes default configuration for storing workflow artifacts and logs in Codefresh provided s3 compatible storage. +> [!NOTE] +> This version of the chart includes default configuration for storing workflow artifacts and logs in Codefresh provided s3 compatible storage. If you have your own storage configuration using the default configmap `artifact-repositories` upgrading the chart will override your artifact storage configuration. To prevent this please set `argo-workflows.controller.workflowDefaults.spec.workflowDefaults.artifactRepository.configMap` to `artifact-repositories` and `argo-workflows.controller.workflowDefaults.spec.workflowDefaults.artifactRepository.key` to the respective key in your configmap identifying the repository. -[!WARNING] -It's highly recommended to use your own artifact storage for data privacy reasons. -Codefresh provided storage has a retention policy of 14 days and limitations on uploaded file sizes. -Please refer to the official documentation for more details. +> [!WARNING] +> It's highly recommended to use your own artifact storage for data privacy reasons. +> Codefresh provided storage has a retention policy of 14 days and limitations on uploaded file sizes. +> Please refer to the official documentation for more details. ## Using with private registries - Helper utility The GitOps Runtime comprises multiple subcharts and container images. Subcharts also vary in values structure, making it difficult to override image specific values to use private registries. From 6d37931429542bdb63c64a8cd06abc55d73d8b76 Mon Sep 17 00:00:00 2001 From: Ilia Medvedev Date: Mon, 24 Mar 2025 10:11:41 +0200 Subject: [PATCH 09/49] Add readme section --- charts/gitops-runtime/README.md | 1 + charts/gitops-runtime/README.md.gotmpl | 1 + 2 files changed, 2 insertions(+) diff --git a/charts/gitops-runtime/README.md b/charts/gitops-runtime/README.md index 1afbb128..13eb8413 100644 --- a/charts/gitops-runtime/README.md +++ b/charts/gitops-runtime/README.md @@ -19,6 +19,7 @@ Prior to running the installation please see the official documentation at: http ## Argo-workflows artifact and log storage > [!NOTE] > This version of the chart includes default configuration for storing workflow artifacts and logs in Codefresh provided s3 compatible storage. + If you have your own storage configuration using the default configmap `artifact-repositories` upgrading the chart will override your artifact storage configuration. To prevent this please set `argo-workflows.controller.workflowDefaults.spec.workflowDefaults.artifactRepository.configMap` to `artifact-repositories` and `argo-workflows.controller.workflowDefaults.spec.workflowDefaults.artifactRepository.key` to the respective key in your configmap identifying the repository. diff --git a/charts/gitops-runtime/README.md.gotmpl b/charts/gitops-runtime/README.md.gotmpl index 7344214b..04d42039 100644 --- a/charts/gitops-runtime/README.md.gotmpl +++ b/charts/gitops-runtime/README.md.gotmpl @@ -19,6 +19,7 @@ Prior to running the installation please see the official documentation at: http ## Argo-workflows artifact and log storage > [!NOTE] > This version of the chart includes default configuration for storing workflow artifacts and logs in Codefresh provided s3 compatible storage. + If you have your own storage configuration using the default configmap `artifact-repositories` upgrading the chart will override your artifact storage configuration. To prevent this please set `argo-workflows.controller.workflowDefaults.spec.workflowDefaults.artifactRepository.configMap` to `artifact-repositories` and `argo-workflows.controller.workflowDefaults.spec.workflowDefaults.artifactRepository.key` to the respective key in your configmap identifying the repository. From a74aabdbaecd5abfb3eb2c76da0f9400862c35be Mon Sep 17 00:00:00 2001 From: ilia-medvedev-codefresh Date: Wed, 9 Apr 2025 20:38:00 +0300 Subject: [PATCH 10/49] Update README.md.gotmpl --- charts/gitops-runtime/README.md.gotmpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/gitops-runtime/README.md.gotmpl b/charts/gitops-runtime/README.md.gotmpl index e4329b13..cc972460 100644 --- a/charts/gitops-runtime/README.md.gotmpl +++ b/charts/gitops-runtime/README.md.gotmpl @@ -21,7 +21,7 @@ Prior to running the installation please see the official documentation at: http > This version of the chart includes default configuration for storing workflow artifacts and logs in Codefresh provided s3 compatible storage. If you have your own storage configuration using the default configmap `artifact-repositories` upgrading the chart will override your artifact storage configuration. -To prevent this please set `argo-workflows.controller.workflowDefaults.spec.workflowDefaults.artifactRepository.configMap` to `artifact-repositories` and `argo-workflows.controller.workflowDefaults.spec.workflowDefaults.artifactRepository.key` +To prevent this please set `argo-workflows.controller.workflowDefaults.spec.artifactRepository.configMap` to `artifact-repositories` and `argo-workflows.controller.workflowDefaults.spec.artifactRepository.key` to the respective key in your configmap identifying the repository. > [!WARNING] > It's highly recommended to use your own artifact storage for data privacy reasons. From 9f3b43fd4d5a1f7e828da2b2165bde78fa3da2b9 Mon Sep 17 00:00:00 2001 From: ilia-medvedev-codefresh Date: Tue, 15 Apr 2025 21:57:41 +0300 Subject: [PATCH 11/49] add archiveLogs true by default --- charts/gitops-runtime/values.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/charts/gitops-runtime/values.yaml b/charts/gitops-runtime/values.yaml index 12fce501..6f2cd288 100644 --- a/charts/gitops-runtime/values.yaml +++ b/charts/gitops-runtime/values.yaml @@ -275,6 +275,7 @@ argo-workflows: controller: workflowDefaults: spec: + archiveLogs: true # -- By default artifact repository is set to a Codefresh provided repository. For data privacy it is reccommended to set your own artifact repository. For instructions see: https://argo-workflows.readthedocs.io/en/latest/configure-artifact-repository/#configuring-your-artifact-repository artifactRepositoryRef: configMap: codefresh-workflows-log-store From 6ca5cc0dee40bb969b12a981e4e77a4e2a6b1efd Mon Sep 17 00:00:00 2001 From: mikhail-klimko Date: Mon, 24 Mar 2025 15:57:02 +0300 Subject: [PATCH 12/49] fix: argocd fullname template; feat: add sources-server and event-reporter versions to codefresh-cm ConfigMap (#430) --- charts/gitops-runtime/templates/_helpers.tpl | 15 ++++++++++----- .../tests/cf-argocd-extras_test.yaml | 16 ++++++++++++++++ .../tests/external_argocd_test.yaml | 14 ++++++++++++++ 3 files changed, 40 insertions(+), 5 deletions(-) diff --git a/charts/gitops-runtime/templates/_helpers.tpl b/charts/gitops-runtime/templates/_helpers.tpl index b3ee489d..2782b776 100644 --- a/charts/gitops-runtime/templates/_helpers.tpl +++ b/charts/gitops-runtime/templates/_helpers.tpl @@ -77,7 +77,7 @@ Determine argocd server service name. Must be called with chart root context */}} {{- define "codefresh-gitops-runtime.argocd.server.servicename" -}} {{/* For now use template from ArgoCD chart until better approach */}} -{{- template "argo-cd.server.fullname" (dict "Values" (get .Values "argo-cd")) }} +{{- template "argo-cd.server.fullname" (dict "Values" (get .Values "argo-cd") "Release" .Release ) }} {{- end }} {{/* @@ -85,7 +85,7 @@ Determine argocd redis service name. Must be called with chart root context */}} {{- define "codefresh-gitops-runtime.argocd.redis.servicename" -}} {{/* For now use template from ArgoCD chart until better approach */}} -{{- template "argo-cd.redis.fullname" (dict "Values" (get .Values "argo-cd")) }} +{{- template "argo-cd.redis.fullname" (dict "Values" (get .Values "argo-cd") "Release" .Release ) }} {{- end }} {{/* @@ -94,7 +94,7 @@ Determine argocd repo server service name. Must be called with chart root contex {{- define "codefresh-gitops-runtime.argocd.reposerver.servicename" -}} {{/* For now use template from ArgoCD chart until better approach */}} {{- if and (index .Subcharts "argo-cd") }} - {{- template "argo-cd.repoServer.fullname" (dict "Values" (get .Values "argo-cd")) }} + {{- template "argo-cd.repoServer.fullname" (dict "Values" (get .Values "argo-cd") "Release" .Release ) }} {{- else }} {{- $repoServer := index .Values "global" "external-argo-cd" "repoServer" }} {{- $svc := required "ArgoCD is not enabled and .Values.global.external-argo-cd.repoServer.svc is not set" $repoServer.svc }} @@ -142,7 +142,7 @@ Determine argocd servicename. Must be called with chart root context */}} {{- define "codefresh-gitops-runtime.argocd.appcontroller.serviceAccountName" -}} {{/* For now use template from ArgoCD chart until better approach */}} -{{- template "argo-cd.controllerServiceAccountName" (dict "Values" (get .Values "argo-cd")) }} +{{- template "argo-cd.controllerServiceAccountName" (dict "Values" (get .Values "argo-cd") "Release" .Release ) }} {{- end }} {{/* @@ -430,7 +430,8 @@ Output comma separated list of installed runtime components {{- $sealedSecrets := dict "name" "sealed-secrets" "version" (get .Subcharts "sealed-secrets").Chart.AppVersion }} {{- $internalRouter := dict "name" "internal-router" "version" .Chart.AppVersion }} {{- $appProxy := dict "name" "app-proxy" "version" (index (get .Values "app-proxy") "image" "tag") }} - {{- $comptList := list $argoEvents $appProxy $sealedSecrets $internalRouter}} + {{- $sourcesServer := dict "name" "sources-server" "version" (get .Subcharts "cf-argocd-extras").Chart.AppVersion }} + {{- $comptList := list $argoEvents $appProxy $sealedSecrets $internalRouter $sourcesServer }} {{- if and (index .Values "argo-cd" "enabled") }} {{- $argoCD := dict "name" "argocd" "version" (get .Subcharts "argo-cd").Chart.AppVersion }} {{- $comptList = append $comptList $argoCD }} @@ -455,6 +456,10 @@ Output comma separated list of installed runtime components {{- $gitopsOperator := dict "name" "gitops-operator" "version" (get .Subcharts "gitops-operator").Chart.AppVersion }} {{- $comptList = append $comptList $gitopsOperator }} {{- end }} + {{- if not (index .Values "argo-cd" "enabled") }} + {{- $eventReporter := dict "name" "event-reporter" "version" (get .Subcharts "cf-argocd-extras").Chart.AppVersion }} + {{- $comptList = append $comptList $eventReporter }} + {{- end }} {{- $comptList | toYaml }} {{- end }} diff --git a/charts/gitops-runtime/tests/cf-argocd-extras_test.yaml b/charts/gitops-runtime/tests/cf-argocd-extras_test.yaml index 6c1ead49..80979628 100644 --- a/charts/gitops-runtime/tests/cf-argocd-extras_test.yaml +++ b/charts/gitops-runtime/tests/cf-argocd-extras_test.yaml @@ -109,3 +109,19 @@ tests: kind: Deployment apiVersion: apps/v1 name: sources-server + + - it: Sources-Server ConfigMap should have valid redis-ha url + template: sources-server.yaml + documentSelector: + path: kind + value: ConfigMap + values: + - ./values/mandatory-values-ingress.yaml + set: + argo-cd: + redis-ha: + enabled: true + asserts: + - equal: + path: data["redis.server"] + value: RELEASE-NAME-redis-ha-haproxy:6379 diff --git a/charts/gitops-runtime/tests/external_argocd_test.yaml b/charts/gitops-runtime/tests/external_argocd_test.yaml index 088bfc27..1ad172dc 100644 --- a/charts/gitops-runtime/tests/external_argocd_test.yaml +++ b/charts/gitops-runtime/tests/external_argocd_test.yaml @@ -8,6 +8,7 @@ templates: - charts/gitops-operator/* - charts/cf-argocd-extras/* - app-proxy/external-argocd-token.yaml + - codefresh-cm.yaml tests: - it: app-proxy ConfigMap should have valid ArgoCd URL values: @@ -727,6 +728,19 @@ tests: - isNotNullOrEmpty: path: stringData.token + - it: codefresh-cm ConfigMap should have event-reporter and sources-server + template: codefresh-cm.yaml + values: + - ./values/mandatory-values-ingress.yaml + - ./values/external-argocd-values.yaml + asserts: + - matchRegex: + path: data.components + pattern: "name: event-reporter" + - matchRegex: + path: data.components + pattern: "name: sources-server" + # TO-DO: fix these tests! # - it: should require ArgoCd token if auth.type=token is set and no token is provided From ee2f4f76ab36efe2b198b69d845d10c33f811db1 Mon Sep 17 00:00:00 2001 From: mikhail-klimko Date: Tue, 25 Mar 2025 13:15:45 +0300 Subject: [PATCH 13/49] chore: update chart NOTES.txt (#431) --- charts/gitops-runtime/templates/NOTES.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/gitops-runtime/templates/NOTES.txt b/charts/gitops-runtime/templates/NOTES.txt index 0d3594e0..37b906ef 100644 --- a/charts/gitops-runtime/templates/NOTES.txt +++ b/charts/gitops-runtime/templates/NOTES.txt @@ -1,2 +1,2 @@ GitOps Runtime {{ .Values.global.runtime.name }} has been successfully installed in your cluster! -To complete the setup, please finalize the process in the platform here: https://g.codefresh.io/2.0/account-settings/runtimes/{{ .Values.global.runtime.name }}/runtime-components +To complete the setup, please finalize the process in the platform here: https://g.codefresh.io/2.0/account-settings/runtimes/info/list From 5278a2f748a62ab612609a9d1815b57e9099ff53 Mon Sep 17 00:00:00 2001 From: Denis Melnik Date: Tue, 25 Mar 2025 16:17:06 +0200 Subject: [PATCH 14/49] feat: bump app-proxy to 1.3389.0 (#432) --- charts/gitops-runtime/values.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/gitops-runtime/values.yaml b/charts/gitops-runtime/values.yaml index 6f2cd288..363cad6f 100644 --- a/charts/gitops-runtime/values.yaml +++ b/charts/gitops-runtime/values.yaml @@ -505,7 +505,7 @@ app-proxy: tag: 1.1.12-main image: repository: quay.io/codefresh/cap-app-proxy - tag: 1.3362.0 + tag: 1.3389.0 pullPolicy: IfNotPresent # -- Extra volume mounts for main container extraVolumeMounts: [] @@ -513,7 +513,7 @@ app-proxy: initContainer: image: repository: quay.io/codefresh/cap-app-proxy-init - tag: 1.3362.0 + tag: 1.3389.0 pullPolicy: IfNotPresent command: - ./init.sh From ee0b072828cacadf3dc5535ef4d3c4aeba566a46 Mon Sep 17 00:00:00 2001 From: Scott Merchant Date: Wed, 26 Mar 2025 11:09:33 +0100 Subject: [PATCH 15/49] chore(deps): update codefresh-gitops-operator version to 0.5.2 (#434) * chore: bump gitops operator version * trigger --- charts/gitops-runtime/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/gitops-runtime/Chart.yaml b/charts/gitops-runtime/Chart.yaml index d09529d5..0f9b8616 100644 --- a/charts/gitops-runtime/Chart.yaml +++ b/charts/gitops-runtime/Chart.yaml @@ -39,7 +39,7 @@ dependencies: condition: tunnel-client.enabled - name: codefresh-gitops-operator repository: oci://quay.io/codefresh/charts - version: 0.5.1 + version: 0.5.2 alias: gitops-operator condition: gitops-operator.enabled - name: cf-argocd-extras From e5bccb8bb7a7cdc56576ae2e2cea30c545ddf840 Mon Sep 17 00:00:00 2001 From: Oleksandr Saulyak Date: Thu, 27 Mar 2025 13:01:41 +0200 Subject: [PATCH 16/49] fix: argo-events 2.4.7-1-cap-CR-28072 with fix for eventsource restarts (#435) --- charts/gitops-runtime/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/gitops-runtime/Chart.yaml b/charts/gitops-runtime/Chart.yaml index 0f9b8616..e92e288e 100644 --- a/charts/gitops-runtime/Chart.yaml +++ b/charts/gitops-runtime/Chart.yaml @@ -20,7 +20,7 @@ dependencies: version: 7.7.14-5-cap-2.13.3-2025.3.5-50344f005 - name: argo-events repository: https://codefresh-io.github.io/argo-helm - version: 2.4.7-1-cap-CR-26731 + version: 2.4.7-1-cap-CR-28072 - name: argo-workflows repository: https://codefresh-io.github.io/argo-helm version: 0.45.2-v3.6.4-cap-CR-27392 From 37ee72e87fa7d276a01eddcb98965a16e00d0b59 Mon Sep 17 00:00:00 2001 From: ilia-medvedev-codefresh Date: Mon, 31 Mar 2025 17:57:36 +0300 Subject: [PATCH 17/49] patch - private registry external-argocd support and values structure fix (#436) --- charts/gitops-runtime/README.md | 25 ++++++++------ charts/gitops-runtime/README.md.gotmpl | 7 ++++ .../ci/values-external-argocd.yaml | 34 +++++++++++++++++++ .../templates/app-proxy/config.yaml | 6 ++-- .../templates/app-proxy/deployment.yaml | 4 +-- .../templates/app-proxy/enrichment/rbac.yaml | 6 ++-- .../templates/app-proxy/enrichment/sa.yaml | 6 ++-- .../templates/app-proxy/pdb.yaml | 4 +-- .../templates/app-proxy/rbac.yaml | 6 ++-- .../templates/app-proxy/service.yaml | 6 ++-- .../templates/app-proxy/serviceaccount.yaml | 6 ++-- .../templates/app-proxy/workflows-crb.yaml | 6 ++-- .../rollout-reporter/clusterrolebinding.yaml | 6 ++-- .../rollout-reporter/eventsource.yaml | 6 ++-- .../rollout-reporter/rbac.yaml | 6 ++-- .../rollout-reporter/sensor.yaml | 6 ++-- .../rollout-reporter/serviceaccount.yaml | 6 ++-- .../workflow-reporter/eventsource.yaml | 6 ++-- .../workflow-reporter/rbac.yaml | 6 ++-- .../workflow-reporter/sensor.yaml | 6 ++-- .../workflow-reporter/serviceaccount.yaml | 6 ++-- .../templates/gitops-operator.yaml | 12 +++---- .../templates/internal-router/config.yaml | 6 ++-- .../templates/internal-router/deployment.yaml | 6 ++-- .../templates/internal-router/pdb.yaml | 4 +-- .../templates/internal-router/service.yaml | 6 ++-- .../internal-router/serviceaccount.yaml | 6 ++-- .../tests/gitops-controller-misc_test.yaml | 8 ----- charts/gitops-runtime/values.yaml | 7 ---- scripts/private-registry-utils/Dockerfile | 4 +-- .../docker-entrypoint.sh | 12 +++++++ .../helper-scripts/yaml-filter.py | 9 +++-- .../output-calculated-values.sh | 16 ++++++--- 33 files changed, 159 insertions(+), 107 deletions(-) create mode 100644 charts/gitops-runtime/ci/values-external-argocd.yaml create mode 100644 scripts/private-registry-utils/docker-entrypoint.sh diff --git a/charts/gitops-runtime/README.md b/charts/gitops-runtime/README.md index 398126d3..6e3ee0f1 100644 --- a/charts/gitops-runtime/README.md +++ b/charts/gitops-runtime/README.md @@ -21,7 +21,7 @@ Prior to running the installation please see the official documentation at: http > This version of the chart includes default configuration for storing workflow artifacts and logs in Codefresh provided s3 compatible storage. If you have your own storage configuration using the default configmap `artifact-repositories` upgrading the chart will override your artifact storage configuration. -To prevent this please set `argo-workflows.controller.workflowDefaults.spec.workflowDefaults.artifactRepository.configMap` to `artifact-repositories` and `argo-workflows.controller.workflowDefaults.spec.workflowDefaults.artifactRepository.key` +To prevent this please set `argo-workflows.controller.workflowDefaults.spec.artifactRepository.configMap` to `artifact-repositories` and `argo-workflows.controller.workflowDefaults.spec.artifactRepository.key` to the respective key in your configmap identifying the repository. > [!WARNING] > It's highly recommended to use your own artifact storage for data privacy reasons. @@ -115,6 +115,11 @@ The utility will output 4 files into the folder: 3. `values-images-no-tags.yaml` - a values file with all image values with the private registry **excluding tags**. If provided through --values to helm install/upgrade command - it will override all images to use the private registry. 4. `values-images-with-tags.yaml` - The same as 3 but with tags **included**. +For usage with external ArgoCD run the utility with `EXTERNAL_ARGOCD` environment variable set to `true`. +``` +docker run -e EXTERNAL_ARGOCD=true -v :/output quay.io/codefresh/gitops-runtime-private-registry-utils:0.0.0 +``` + ## Openshift ```yaml @@ -178,14 +183,14 @@ sealed-secrets: | app-proxy.image-enrichment.serviceAccount.name | string | `"codefresh-image-enrichment-sa"` | Name of the service account to create or the name of the existing one to use | | app-proxy.image.pullPolicy | string | `"IfNotPresent"` | | | app-proxy.image.repository | string | `"quay.io/codefresh/cap-app-proxy"` | | -| app-proxy.image.tag | string | `"1.3362.0"` | | +| app-proxy.image.tag | string | `"1.3389.0"` | | | app-proxy.imagePullSecrets | list | `[]` | | | app-proxy.initContainer.command[0] | string | `"./init.sh"` | | | app-proxy.initContainer.env | object | `{}` | | | app-proxy.initContainer.extraVolumeMounts | list | `[]` | Extra volume mounts for init container | | app-proxy.initContainer.image.pullPolicy | string | `"IfNotPresent"` | | | app-proxy.initContainer.image.repository | string | `"quay.io/codefresh/cap-app-proxy-init"` | | -| app-proxy.initContainer.image.tag | string | `"1.3362.0"` | | +| app-proxy.initContainer.image.tag | string | `"1.3389.0"` | | | app-proxy.initContainer.resources.limits | object | `{}` | | | app-proxy.initContainer.resources.requests.cpu | string | `"0.2"` | | | app-proxy.initContainer.resources.requests.memory | string | `"256Mi"` | | @@ -249,6 +254,7 @@ sealed-secrets: | argo-rollouts.fullnameOverride | string | `"argo-rollouts"` | | | argo-rollouts.installCRDs | bool | `true` | | | argo-workflows.codefreshWorkflowLogs | object | `{"endpoint":"gitops-workflow-logs.codefresh.io","insecure":false}` | Argo workflows logs storage on Codefresh platform settings. Don't change unless instructed by Codefresh support. | +| argo-workflows.controller.workflowDefaults.spec.archiveLogs | bool | `true` | | | argo-workflows.controller.workflowDefaults.spec.artifactRepositoryRef | object | `{"configMap":"codefresh-workflows-log-store","key":"codefresh-workflows-log-store"}` | By default artifact repository is set to a Codefresh provided repository. For data privacy it is reccommended to set your own artifact repository. For instructions see: https://argo-workflows.readthedocs.io/en/latest/configure-artifact-repository/#configuring-your-artifact-repository | | argo-workflows.crds.install | bool | `true` | Install and upgrade CRDs | | argo-workflows.enabled | bool | `true` | | @@ -311,13 +317,6 @@ sealed-secrets: | gitops-operator.fullnameOverride | string | `""` | | | gitops-operator.image | object | `{}` | | | gitops-operator.imagePullSecrets | list | `[]` | | -| gitops-operator.kube-rbac-proxy.image.tag | string | `"v0.16.0"` | | -| gitops-operator.kube-rbac-proxy.resources.limits.cpu | string | `"500m"` | | -| gitops-operator.kube-rbac-proxy.resources.limits.memory | string | `"128Mi"` | | -| gitops-operator.kube-rbac-proxy.resources.requests.cpu | string | `"100m"` | | -| gitops-operator.kube-rbac-proxy.resources.requests.memory | string | `"64Mi"` | | -| gitops-operator.kube-rbac-proxy.securityContext.allowPrivilegeEscalation | bool | `false` | | -| gitops-operator.kube-rbac-proxy.securityContext.capabilities.drop[0] | string | `"ALL"` | | | gitops-operator.libraryMode | bool | `true` | Do not change unless instructed otherwise by Codefresh support | | gitops-operator.nameOverride | string | `""` | | | gitops-operator.nodeSelector | object | `{}` | | @@ -327,6 +326,12 @@ sealed-secrets: | gitops-operator.resources.limits | object | `{}` | | | gitops-operator.resources.requests.cpu | string | `"100m"` | | | gitops-operator.resources.requests.memory | string | `"128Mi"` | | +| gitops-operator.resources.resources.limits.cpu | string | `"500m"` | | +| gitops-operator.resources.resources.limits.memory | string | `"128Mi"` | | +| gitops-operator.resources.resources.requests.cpu | string | `"100m"` | | +| gitops-operator.resources.resources.requests.memory | string | `"64Mi"` | | +| gitops-operator.resources.securityContext.allowPrivilegeEscalation | bool | `false` | | +| gitops-operator.resources.securityContext.capabilities.drop[0] | string | `"ALL"` | | | gitops-operator.serviceAccount.annotations | object | `{}` | | | gitops-operator.serviceAccount.create | bool | `true` | | | gitops-operator.serviceAccount.name | string | `"gitops-operator-controller-manager"` | | diff --git a/charts/gitops-runtime/README.md.gotmpl b/charts/gitops-runtime/README.md.gotmpl index cc972460..3b5cd7d5 100644 --- a/charts/gitops-runtime/README.md.gotmpl +++ b/charts/gitops-runtime/README.md.gotmpl @@ -117,6 +117,13 @@ The utility will output 4 files into the folder: 3. `values-images-no-tags.yaml` - a values file with all image values with the private registry **excluding tags**. If provided through --values to helm install/upgrade command - it will override all images to use the private registry. 4. `values-images-with-tags.yaml` - The same as 3 but with tags **included**. + +For usage with external ArgoCD run the utility with `EXTERNAL_ARGOCD` environment variable set to `true`. +``` +docker run -e EXTERNAL_ARGOCD=true -v :/output quay.io/codefresh/gitops-runtime-private-registry-utils:{{ template "chart.version" . }} +``` + + ## Openshift ```yaml diff --git a/charts/gitops-runtime/ci/values-external-argocd.yaml b/charts/gitops-runtime/ci/values-external-argocd.yaml new file mode 100644 index 00000000..166f128e --- /dev/null +++ b/charts/gitops-runtime/ci/values-external-argocd.yaml @@ -0,0 +1,34 @@ +# Values file used to render all image values +global: + codefresh: + accountId: 628a80b693a15c0f9c13ab75 # Codefresh Account id for ilia-codefresh for now, needs to be some test account + gitIntegration: + provider: + name: 'GITHUB' + apiUrl: 'https://api.github.com' + userToken: + secretKeyRef: + name: mysecret + key: myvalue + optional: true + + runtime: + name: default + + ingress: + enabled: false + + repoCredentialsTemplate: + url: 'https://github.com' + username: 'username' + password: 'dummy' + +argo-rollouts: + dashboard: + enabled: true + +argo-cd: + enabled: false + +garage-workflows-artifact-storage: + enabled: true diff --git a/charts/gitops-runtime/templates/app-proxy/config.yaml b/charts/gitops-runtime/templates/app-proxy/config.yaml index 17878d85..7cbfb544 100644 --- a/charts/gitops-runtime/templates/app-proxy/config.yaml +++ b/charts/gitops-runtime/templates/app-proxy/config.yaml @@ -2,8 +2,8 @@ {{ $argoCdUrl := include "codefresh-gitops-runtime.argocd.server.url" . }} {{ $argoCdUsername := include "codefresh-gitops-runtime.argocd.server.username-cm" . }} {{ $appProxyContext := deepCopy . }} -{{ $_ := set $appProxyContext "Values" (get .Values "app-proxy") }} -{{ $_ := set $appProxyContext.Values "global" (get .Values "global") }} +{{ $_ := set $appProxyContext "Values" (deepCopy (get .Values "app-proxy")) }} +{{ $_ := set $appProxyContext.Values "global" (deepCopy (get .Values "global")) }} {{- if not $appProxyContext.Values.config.argoCdUrl }} {{ $_ := set $appProxyContext.Values.config "argoCdUrl" $argoCdUrl }} {{- end }} @@ -14,7 +14,7 @@ {{- $_ := set $appProxyContext.Values.config "argoWorkflowsUrl" $argoWorkflowsUrl }} {{- end }} {{- end}} -{{- if not (index .Values "argo-cd" "enabled") }} +{{- if not (index $.Values "argo-cd" "enabled") }} {{- $_ := set $appProxyContext.Values.config "isExternalArgoCD" "true" }} {{- else }} {{- $_ := set $appProxyContext.Values.config "isExternalArgoCD" "false" }} diff --git a/charts/gitops-runtime/templates/app-proxy/deployment.yaml b/charts/gitops-runtime/templates/app-proxy/deployment.yaml index b88db8a5..b2af6253 100644 --- a/charts/gitops-runtime/templates/app-proxy/deployment.yaml +++ b/charts/gitops-runtime/templates/app-proxy/deployment.yaml @@ -1,6 +1,6 @@ {{- $appProxyContext := deepCopy . }} -{{- $_ := set $appProxyContext "Values" (get .Values "app-proxy") }} -{{- $_ := set $appProxyContext.Values "global" (get .Values "global") }} +{{- $_ := set $appProxyContext "Values" (deepCopy (get .Values "app-proxy")) }} +{{- $_ := set $appProxyContext.Values "global" (deepCopy (get .Values "global")) }} {{- $_ := set $appProxyContext.Values "argo-cd" (get .Values "argo-cd") }} {{/* Merge environment variables with the ones in _app-proxy-env.yaml */}} diff --git a/charts/gitops-runtime/templates/app-proxy/enrichment/rbac.yaml b/charts/gitops-runtime/templates/app-proxy/enrichment/rbac.yaml index 563b650c..5e5b34d2 100644 --- a/charts/gitops-runtime/templates/app-proxy/enrichment/rbac.yaml +++ b/charts/gitops-runtime/templates/app-proxy/enrichment/rbac.yaml @@ -1,8 +1,8 @@ {{- $appProxyContext := deepCopy . }} -{{- $_ := set $appProxyContext "Values" (get .Values "app-proxy") }} -{{- $_ := set $appProxyContext.Values "global" (get .Values "global") }} +{{- $_ := set $appProxyContext "Values" (deepCopy (get .Values "app-proxy")) }} +{{- $_ := set $appProxyContext.Values "global" (deepCopy (get .Values "global")) }} {{- if (index (get $appProxyContext "Values") "image-enrichment" "enabled") }} {{- include "cap-app-proxy.image-enrichment.resources.role" $appProxyContext }} --- {{- include "cap-app-proxy.image-enrichment.resources.role-binding" $appProxyContext }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/gitops-runtime/templates/app-proxy/enrichment/sa.yaml b/charts/gitops-runtime/templates/app-proxy/enrichment/sa.yaml index 6dd41f2a..b5314af5 100644 --- a/charts/gitops-runtime/templates/app-proxy/enrichment/sa.yaml +++ b/charts/gitops-runtime/templates/app-proxy/enrichment/sa.yaml @@ -1,6 +1,6 @@ {{- $appProxyContext := deepCopy . }} -{{- $_ := set $appProxyContext "Values" (get .Values "app-proxy") }} -{{- $_ := set $appProxyContext.Values "global" (get .Values "global") }} +{{- $_ := set $appProxyContext "Values" (deepCopy (get .Values "app-proxy")) }} +{{- $_ := set $appProxyContext.Values "global" (deepCopy (get .Values "global")) }} {{- if (index (get $appProxyContext "Values") "image-enrichment" "enabled") }} {{- include "cap-app-proxy.image-enrichment.resources.sa" $appProxyContext }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/gitops-runtime/templates/app-proxy/pdb.yaml b/charts/gitops-runtime/templates/app-proxy/pdb.yaml index 630dae4f..bf7c3a06 100644 --- a/charts/gitops-runtime/templates/app-proxy/pdb.yaml +++ b/charts/gitops-runtime/templates/app-proxy/pdb.yaml @@ -1,6 +1,6 @@ {{- $appProxyContext := deepCopy . }} -{{- $_ := set $appProxyContext "Values" (get .Values "app-proxy") }} -{{- $_ := set $appProxyContext.Values "global" (get .Values "global") }} +{{- $_ := set $appProxyContext "Values" (deepCopy (get .Values "app-proxy")) }} +{{- $_ := set $appProxyContext.Values "global" (deepCopy (get .Values "global")) }} {{- if $appProxyContext.Values.pdb.enabled }} {{- include "cap-app-proxy.resources.pdb" $appProxyContext }} diff --git a/charts/gitops-runtime/templates/app-proxy/rbac.yaml b/charts/gitops-runtime/templates/app-proxy/rbac.yaml index 35ad91a1..3097420b 100644 --- a/charts/gitops-runtime/templates/app-proxy/rbac.yaml +++ b/charts/gitops-runtime/templates/app-proxy/rbac.yaml @@ -1,4 +1,4 @@ {{- $appProxyContext := deepCopy . }} -{{- $_ := set $appProxyContext "Values" (get .Values "app-proxy") }} -{{- $_ := set $appProxyContext.Values "global" (get .Values "global") }} -{{- include "cap-app-proxy.resources.rbac" $appProxyContext }} \ No newline at end of file +{{- $_ := set $appProxyContext "Values" (deepCopy (get .Values "app-proxy")) }} +{{- $_ := set $appProxyContext.Values "global" (deepCopy (get .Values "global")) }} +{{- include "cap-app-proxy.resources.rbac" $appProxyContext }} diff --git a/charts/gitops-runtime/templates/app-proxy/service.yaml b/charts/gitops-runtime/templates/app-proxy/service.yaml index 11e46f0b..74f4cc73 100644 --- a/charts/gitops-runtime/templates/app-proxy/service.yaml +++ b/charts/gitops-runtime/templates/app-proxy/service.yaml @@ -1,4 +1,4 @@ {{- $appProxyContext := deepCopy . }} -{{- $_ := set $appProxyContext "Values" (get .Values "app-proxy") }} -{{- $_ := set $appProxyContext.Values "global" (get .Values "global") }} -{{- include "cap-app-proxy.resources.service" $appProxyContext }} \ No newline at end of file +{{- $_ := set $appProxyContext "Values" (deepCopy (get .Values "app-proxy")) }} +{{- $_ := set $appProxyContext.Values "global" (deepCopy (get .Values "global")) }} +{{- include "cap-app-proxy.resources.service" $appProxyContext }} diff --git a/charts/gitops-runtime/templates/app-proxy/serviceaccount.yaml b/charts/gitops-runtime/templates/app-proxy/serviceaccount.yaml index fd9645f5..a60bd54d 100644 --- a/charts/gitops-runtime/templates/app-proxy/serviceaccount.yaml +++ b/charts/gitops-runtime/templates/app-proxy/serviceaccount.yaml @@ -1,4 +1,4 @@ {{- $appProxyContext := deepCopy . }} -{{- $_ := set $appProxyContext "Values" (get .Values "app-proxy") }} -{{- $_ := set $appProxyContext.Values "global" (get .Values "global") }} -{{- include "cap-app-proxy.resources.sa" $appProxyContext }} \ No newline at end of file +{{- $_ := set $appProxyContext "Values" (deepCopy (get .Values "app-proxy")) }} +{{- $_ := set $appProxyContext.Values "global" (deepCopy (get .Values "global")) }} +{{- include "cap-app-proxy.resources.sa" $appProxyContext }} diff --git a/charts/gitops-runtime/templates/app-proxy/workflows-crb.yaml b/charts/gitops-runtime/templates/app-proxy/workflows-crb.yaml index 2b46fb47..d3a0b4e2 100644 --- a/charts/gitops-runtime/templates/app-proxy/workflows-crb.yaml +++ b/charts/gitops-runtime/templates/app-proxy/workflows-crb.yaml @@ -1,8 +1,8 @@ {{- if index (get .Values "argo-workflows") "enabled" }} {{- $appProxyContext := deepCopy . }} -{{- $_ := set $appProxyContext "Values" (get .Values "app-proxy") }} -{{- $_ := set $appProxyContext.Values "global" (get .Values "global") }} +{{- $_ := set $appProxyContext "Values" (deepCopy (get .Values "app-proxy")) }} +{{- $_ := set $appProxyContext.Values "global" (deepCopy (get .Values "global")) }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: @@ -15,4 +15,4 @@ subjects: - kind: ServiceAccount name: {{ include "cap-app-proxy.serviceAccountName" $appProxyContext }} namespace: {{ .Release.Namespace }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/gitops-runtime/templates/event-reporters/rollout-reporter/clusterrolebinding.yaml b/charts/gitops-runtime/templates/event-reporters/rollout-reporter/clusterrolebinding.yaml index 6fe632f8..07de6d6c 100644 --- a/charts/gitops-runtime/templates/event-reporters/rollout-reporter/clusterrolebinding.yaml +++ b/charts/gitops-runtime/templates/event-reporters/rollout-reporter/clusterrolebinding.yaml @@ -4,8 +4,8 @@ {{- if index (get .Values "argo-rollouts") "enabled" }} {{- if and (index (get .Values "argo-rollouts") "clusterInstall") (index (get .Values "argo-rollouts") "controller" "createClusterRole") }} {{- $eventReporterContext := deepCopy . }} - {{- $_ := set $eventReporterContext "Values" (get .Values "event-reporters") }} - {{- $_ := set $eventReporterContext.Values "global" (get .Values "global") }} + {{- $_ := set $eventReporterContext "Values" (deepCopy (get .Values "event-reporters")) }} + {{- $_ := set $eventReporterContext.Values "global" (deepCopy (get .Values "global")) }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: @@ -19,4 +19,4 @@ subjects: name: {{ include "event-reporters.rollout-reporter.serviceAccountName" $eventReporterContext }} namespace: {{ .Release.Namespace }} {{- end }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/gitops-runtime/templates/event-reporters/rollout-reporter/eventsource.yaml b/charts/gitops-runtime/templates/event-reporters/rollout-reporter/eventsource.yaml index a8d963c5..f7dd3eac 100644 --- a/charts/gitops-runtime/templates/event-reporters/rollout-reporter/eventsource.yaml +++ b/charts/gitops-runtime/templates/event-reporters/rollout-reporter/eventsource.yaml @@ -1,6 +1,6 @@ {{- if index (get .Values "argo-rollouts") "enabled" }} {{- $eventReporterContext := deepCopy . }} - {{- $_ := set $eventReporterContext "Values" (get .Values "event-reporters") }} - {{- $_ := set $eventReporterContext.Values "global" (get .Values "global") }} + {{- $_ := set $eventReporterContext "Values" (deepCopy (get .Values "event-reporters")) }} + {{- $_ := set $eventReporterContext.Values "global" (deepCopy (get .Values "global")) }} {{- include "event-reporters.rollout-reporter.eventsource" $eventReporterContext }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/gitops-runtime/templates/event-reporters/rollout-reporter/rbac.yaml b/charts/gitops-runtime/templates/event-reporters/rollout-reporter/rbac.yaml index cb15ae90..fd621f7d 100644 --- a/charts/gitops-runtime/templates/event-reporters/rollout-reporter/rbac.yaml +++ b/charts/gitops-runtime/templates/event-reporters/rollout-reporter/rbac.yaml @@ -1,6 +1,6 @@ {{- if index (get .Values "argo-rollouts") "enabled" }} {{- $eventReporterContext := deepCopy . }} - {{- $_ := set $eventReporterContext "Values" (get .Values "event-reporters") }} - {{- $_ := set $eventReporterContext.Values "global" (get .Values "global") }} + {{- $_ := set $eventReporterContext "Values" (deepCopy (get .Values "event-reporters")) }} + {{- $_ := set $eventReporterContext.Values "global" (deepCopy (get .Values "global")) }} {{- include "event-reporters.rollout-reporter.rbac" $eventReporterContext }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/gitops-runtime/templates/event-reporters/rollout-reporter/sensor.yaml b/charts/gitops-runtime/templates/event-reporters/rollout-reporter/sensor.yaml index 0bdb2714..a55eb3bb 100644 --- a/charts/gitops-runtime/templates/event-reporters/rollout-reporter/sensor.yaml +++ b/charts/gitops-runtime/templates/event-reporters/rollout-reporter/sensor.yaml @@ -1,6 +1,6 @@ {{- if index (get .Values "argo-rollouts") "enabled" }} {{- $eventReporterContext := deepCopy . }} - {{- $_ := set $eventReporterContext "Values" (get .Values "event-reporters") }} - {{- $_ := set $eventReporterContext.Values "global" (get .Values "global") }} + {{- $_ := set $eventReporterContext "Values" (deepCopy (get .Values "event-reporters")) }} + {{- $_ := set $eventReporterContext.Values "global" (deepCopy (get .Values "global")) }} {{- include "event-reporters.rollout-reporter.sensor" $eventReporterContext }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/gitops-runtime/templates/event-reporters/rollout-reporter/serviceaccount.yaml b/charts/gitops-runtime/templates/event-reporters/rollout-reporter/serviceaccount.yaml index c91f142c..aaf424e6 100644 --- a/charts/gitops-runtime/templates/event-reporters/rollout-reporter/serviceaccount.yaml +++ b/charts/gitops-runtime/templates/event-reporters/rollout-reporter/serviceaccount.yaml @@ -1,6 +1,6 @@ {{- if index (get .Values "argo-rollouts") "enabled" }} {{- $eventReporterContext := deepCopy . }} - {{- $_ := set $eventReporterContext "Values" (get .Values "event-reporters") }} - {{- $_ := set $eventReporterContext.Values "global" (get .Values "global") }} + {{- $_ := set $eventReporterContext "Values" (deepCopy (get .Values "event-reporters")) }} + {{- $_ := set $eventReporterContext.Values "global" (deepCopy (get .Values "global")) }} {{- include "event-reporters.rollout-reporter.sa" $eventReporterContext }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/gitops-runtime/templates/event-reporters/workflow-reporter/eventsource.yaml b/charts/gitops-runtime/templates/event-reporters/workflow-reporter/eventsource.yaml index bdd0ce3b..fb23ffd8 100644 --- a/charts/gitops-runtime/templates/event-reporters/workflow-reporter/eventsource.yaml +++ b/charts/gitops-runtime/templates/event-reporters/workflow-reporter/eventsource.yaml @@ -1,7 +1,7 @@ {{- if index (get .Values "argo-workflows") "enabled" }} {{- $eventReporterContext := deepCopy . }} - {{- $_ := set $eventReporterContext "Values" (get .Values "event-reporters") }} - {{- $_ := set $eventReporterContext.Values "global" (get .Values "global") }} + {{- $_ := set $eventReporterContext "Values" (deepCopy (get .Values "event-reporters")) }} + {{- $_ := set $eventReporterContext.Values "global" (deepCopy (get .Values "global")) }} {{- include "event-reporters.workflow-reporter.eventsource" $eventReporterContext }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/gitops-runtime/templates/event-reporters/workflow-reporter/rbac.yaml b/charts/gitops-runtime/templates/event-reporters/workflow-reporter/rbac.yaml index 15ecf13f..93e17e40 100644 --- a/charts/gitops-runtime/templates/event-reporters/workflow-reporter/rbac.yaml +++ b/charts/gitops-runtime/templates/event-reporters/workflow-reporter/rbac.yaml @@ -1,7 +1,7 @@ {{- if index (get .Values "argo-workflows") "enabled" }} {{- $eventReporterContext := deepCopy . }} - {{- $_ := set $eventReporterContext "Values" (get .Values "event-reporters") }} - {{- $_ := set $eventReporterContext.Values "global" (get .Values "global") }} + {{- $_ := set $eventReporterContext "Values" (deepCopy (get .Values "event-reporters")) }} + {{- $_ := set $eventReporterContext.Values "global" (deepCopy (get .Values "global")) }} {{- include "event-reporters.workflow-reporter.rbac" $eventReporterContext }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/gitops-runtime/templates/event-reporters/workflow-reporter/sensor.yaml b/charts/gitops-runtime/templates/event-reporters/workflow-reporter/sensor.yaml index 73889d8f..03105bf9 100644 --- a/charts/gitops-runtime/templates/event-reporters/workflow-reporter/sensor.yaml +++ b/charts/gitops-runtime/templates/event-reporters/workflow-reporter/sensor.yaml @@ -1,7 +1,7 @@ {{- if index (get .Values "argo-workflows") "enabled" }} {{- $eventReporterContext := deepCopy . }} - {{- $_ := set $eventReporterContext "Values" (get .Values "event-reporters") }} - {{- $_ := set $eventReporterContext.Values "global" (get .Values "global") }} + {{- $_ := set $eventReporterContext "Values" (deepCopy (get .Values "event-reporters")) }} + {{- $_ := set $eventReporterContext.Values "global" (deepCopy (get .Values "global")) }} {{- include "event-reporters.workflow-reporter.sensor" $eventReporterContext }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/gitops-runtime/templates/event-reporters/workflow-reporter/serviceaccount.yaml b/charts/gitops-runtime/templates/event-reporters/workflow-reporter/serviceaccount.yaml index ada58ce5..c78179dc 100644 --- a/charts/gitops-runtime/templates/event-reporters/workflow-reporter/serviceaccount.yaml +++ b/charts/gitops-runtime/templates/event-reporters/workflow-reporter/serviceaccount.yaml @@ -1,7 +1,7 @@ {{- if index (get .Values "argo-workflows") "enabled" }} {{- $eventReporterContext := deepCopy . }} - {{- $_ := set $eventReporterContext "Values" (get .Values "event-reporters") }} - {{- $_ := set $eventReporterContext.Values "global" (get .Values "global") }} + {{- $_ := set $eventReporterContext "Values" (deepCopy (get .Values "event-reporters")) }} + {{- $_ := set $eventReporterContext.Values "global" (deepCopy (get .Values "global")) }} {{- include "event-reporters.workflow-reporter.sa" $eventReporterContext }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/gitops-runtime/templates/gitops-operator.yaml b/charts/gitops-runtime/templates/gitops-operator.yaml index 4f430d9d..556edeae 100644 --- a/charts/gitops-runtime/templates/gitops-operator.yaml +++ b/charts/gitops-runtime/templates/gitops-operator.yaml @@ -1,10 +1,10 @@ {{- if and (index .Values "gitops-operator" "enabled") }} {{- if index (get .Values "gitops-operator") "libraryMode" }} - {{- $gitopsOperatorContext := (index .Subcharts "gitops-operator")}} + {{- $gitopsOperatorContext := (deepCopy (index .Subcharts "gitops-operator"))}} {{- if and (index .Subcharts "argo-cd") }} - + {{- $argoCDImageDict := index .Subcharts "argo-cd" "Values" "global" "image" }} {{- if not $argoCDImageDict.tag }} {{- $_ := set $argoCDImageDict "tag" (get .Subcharts "argo-cd").Chart.AppVersion }} @@ -17,7 +17,7 @@ {{- end }} {{- else if and (index .Values "global" "external-argo-cd" "server" "image") }} - + {{ $argoCDImageDict := (index .Values "global" "external-argo-cd" "server" "image") }} {{/* Set ArgoCD image */}} @@ -31,9 +31,9 @@ {{- end }} {{- if and (not (index .Values "argo-cd" "enabled")) }} - + {{- if and (eq (index .Values "global" "external-argo-cd" "auth" "type") "token") }} - + {{- if not (index .Values "global" "external-argo-cd" "auth" "token") }} {{- $_ := set $gitopsOperatorContext.Values.env "ARGO_CD_TOKEN_SECRET_NAME" (required ".Values.global.external-argo-cd.auth.type is set to 'token' therefore .Values.global.external-argo-cd.auth.tokenSecretKeyRef.name is required" (index .Values "global" "external-argo-cd" "auth" "tokenSecretKeyRef" "name")) }} {{- $_ := set $gitopsOperatorContext.Values.env "ARGO_CD_TOKEN_SECRET_KEY" (required ".Values.global.external-argo-cd.auth.type is set to 'token' therefore .Values.global.external-argo-cd.auth.tokenSecretKeyRef.key is required" (index .Values "global" "external-argo-cd" "auth" "tokenSecretKeyRef" "key")) }} @@ -71,7 +71,7 @@ {{- if and (gt (int $gitopsOperatorContext.Values.replicaCount) 1 ) }} {{- $_ := set $gitopsOperatorContext.Values.env "LEADER_ELECT" "true" }} {{- else }} - {{- $_ := set $gitopsOperatorContext.Values.env "LEADER_ELECT" "false" }} + {{- $_ := set $gitopsOperatorContext.Values.env "LEADER_ELECT" "false" }} {{- end }} {{- include "gitops-operator.resources" $gitopsOperatorContext}} diff --git a/charts/gitops-runtime/templates/internal-router/config.yaml b/charts/gitops-runtime/templates/internal-router/config.yaml index c2f8fa53..fd0ea3fa 100644 --- a/charts/gitops-runtime/templates/internal-router/config.yaml +++ b/charts/gitops-runtime/templates/internal-router/config.yaml @@ -1,6 +1,6 @@ {{- $internalRouterContext := deepCopy . }} -{{- $_ := set $internalRouterContext "Values" (get .Values "internal-router") }} -{{- $_ := set $internalRouterContext.Values "global" (get .Values "global") }} +{{- $_ := set $internalRouterContext "Values" (deepCopy (get .Values "internal-router")) }} +{{- $_ := set $internalRouterContext.Values "global" (deepCopy (get .Values "global")) }} {{/* Set workflows routing */}} @@ -17,4 +17,4 @@ Set app-proxy routing {{- if not (index $internalRouterContext.Values "routing" "app-proxy") }} {{ $_ := set $internalRouterContext.Values.routing "app-proxy" (dict "enabled" true "internalUrl" ( include "codefresh-gitops-runtime.app-proxy.url" . )) }} {{- end }} -{{- include "internal-router.resources.configmap" $internalRouterContext }} \ No newline at end of file +{{- include "internal-router.resources.configmap" $internalRouterContext }} diff --git a/charts/gitops-runtime/templates/internal-router/deployment.yaml b/charts/gitops-runtime/templates/internal-router/deployment.yaml index 882523cf..0b86c0dd 100644 --- a/charts/gitops-runtime/templates/internal-router/deployment.yaml +++ b/charts/gitops-runtime/templates/internal-router/deployment.yaml @@ -1,4 +1,4 @@ {{- $internalRouterContext := deepCopy . }} -{{- $_ := set $internalRouterContext "Values" (get .Values "internal-router") }} -{{- $_ := set $internalRouterContext.Values "global" (get .Values "global") }} -{{- include "internal-router.resources.deployment" $internalRouterContext }} \ No newline at end of file +{{- $_ := set $internalRouterContext "Values" (deepCopy (get .Values "internal-router")) }} +{{- $_ := set $internalRouterContext.Values "global" (deepCopy (get .Values "global")) }} +{{- include "internal-router.resources.deployment" $internalRouterContext }} diff --git a/charts/gitops-runtime/templates/internal-router/pdb.yaml b/charts/gitops-runtime/templates/internal-router/pdb.yaml index 26a73232..5778d140 100644 --- a/charts/gitops-runtime/templates/internal-router/pdb.yaml +++ b/charts/gitops-runtime/templates/internal-router/pdb.yaml @@ -1,6 +1,6 @@ {{- $internalRouterContext := deepCopy . }} -{{- $_ := set $internalRouterContext "Values" (get .Values "internal-router") }} -{{- $_ := set $internalRouterContext.Values "global" (get .Values "global") }} +{{- $_ := set $internalRouterContext "Values" (deepCopy (get .Values "internal-router")) }} +{{- $_ := set $internalRouterContext.Values "global" (deepCopy (get .Values "global")) }} {{- if $internalRouterContext.Values.pdb.enabled }} {{- include "internal-router.resources.pdb" $internalRouterContext }} diff --git a/charts/gitops-runtime/templates/internal-router/service.yaml b/charts/gitops-runtime/templates/internal-router/service.yaml index 30a96212..7ddc4cd4 100644 --- a/charts/gitops-runtime/templates/internal-router/service.yaml +++ b/charts/gitops-runtime/templates/internal-router/service.yaml @@ -1,4 +1,4 @@ {{- $internalRouterContext := deepCopy . }} -{{- $_ := set $internalRouterContext "Values" (get .Values "internal-router") }} -{{- $_ := set $internalRouterContext.Values "global" (get .Values "global") }} -{{- include "internal-router.resources.service" $internalRouterContext }} \ No newline at end of file +{{- $_ := set $internalRouterContext "Values" (deepCopy (get .Values "internal-router")) }} +{{- $_ := set $internalRouterContext.Values "global" (deepCopy (get .Values "global")) }} +{{- include "internal-router.resources.service" $internalRouterContext }} diff --git a/charts/gitops-runtime/templates/internal-router/serviceaccount.yaml b/charts/gitops-runtime/templates/internal-router/serviceaccount.yaml index 4cd31f7a..8cb55440 100644 --- a/charts/gitops-runtime/templates/internal-router/serviceaccount.yaml +++ b/charts/gitops-runtime/templates/internal-router/serviceaccount.yaml @@ -1,4 +1,4 @@ {{- $internalRouterContext := deepCopy . }} -{{- $_ := set $internalRouterContext "Values" (get .Values "internal-router") }} -{{- $_ := set $internalRouterContext.Values "global" (get .Values "global") }} -{{- include "internal-router.resources.sa" $internalRouterContext }} \ No newline at end of file +{{- $_ := set $internalRouterContext "Values" (deepCopy (get .Values "internal-router")) }} +{{- $_ := set $internalRouterContext.Values "global" (deepCopy (get .Values "global")) }} +{{- include "internal-router.resources.sa" $internalRouterContext }} diff --git a/charts/gitops-runtime/tests/gitops-controller-misc_test.yaml b/charts/gitops-runtime/tests/gitops-controller-misc_test.yaml index 42125abe..4b42d236 100644 --- a/charts/gitops-runtime/tests/gitops-controller-misc_test.yaml +++ b/charts/gitops-runtime/tests/gitops-controller-misc_test.yaml @@ -15,17 +15,10 @@ tests: image: repository: example.com/repo tag: 0.0.1 - kube-rbac-proxy: - image: - repository: example.com/repo - tag: 0.0.1 asserts: - equal: path: spec.template.spec.containers[0].image value: example.com/repo:0.0.1 - - equal: - path: spec.template.spec.containers[0].image - value: example.com/repo:0.0.1 - it: override service account name - sa object template: gitops-operator.yaml @@ -378,4 +371,3 @@ tests: content: name: ARGO_CD_URL value: some-other-url:123 - diff --git a/charts/gitops-runtime/values.yaml b/charts/gitops-runtime/values.yaml index 363cad6f..dfa1456d 100644 --- a/charts/gitops-runtime/values.yaml +++ b/charts/gitops-runtime/values.yaml @@ -679,13 +679,6 @@ gitops-operator: cpu: 100m memory: 128Mi - kube-rbac-proxy: - image: - tag: v0.16.0 - # -- defaults - # repository: gcr.io/kubebuilder/kube-rbac-proxy - # tag: v0.14.1 - securityContext: allowPrivilegeEscalation: false capabilities: diff --git a/scripts/private-registry-utils/Dockerfile b/scripts/private-registry-utils/Dockerfile index 867e4fd6..040f5382 100644 --- a/scripts/private-registry-utils/Dockerfile +++ b/scripts/private-registry-utils/Dockerfile @@ -8,6 +8,4 @@ RUN pip3 install -r /scripts/python-requirements.txt COPY scripts/private-registry-utils /scripts RUN chmod -R +x /scripts WORKDIR /scripts -# Output calculated values and filter image values -RUN ./output-calculated-values.sh ./all-values.yaml && python3 ./helper-scripts/yaml-filter.py all-values.yaml image.repository,image.registry,image.tag,argo-events.configs.nats.versions,argo-events.configs.jetstream.versions,app-proxy.image-enrichment.config.images > all-image-values.yaml -ENTRYPOINT ["python3", "private-registry-utils.py", "all-image-values.yaml"] +ENTRYPOINT ["bash", "docker-entrypoint.sh"] diff --git a/scripts/private-registry-utils/docker-entrypoint.sh b/scripts/private-registry-utils/docker-entrypoint.sh new file mode 100644 index 00000000..3e02fafb --- /dev/null +++ b/scripts/private-registry-utils/docker-entrypoint.sh @@ -0,0 +1,12 @@ +#!/bin/bash +export CHARTDIR="/chart" + +if [[ "$EXTERNAL_ARGOCD" == "true" ]]; then + export VALUESFILE="${CHARTDIR}/ci/values-external-argocd.yaml" +else + export VALUESFILE="${CHARTDIR}/ci/values-all-images.yaml" +fi + +./output-calculated-values.sh ./all-values.yaml +python3 ./helper-scripts/yaml-filter.py all-values.yaml image.repository,image.registry,image.tag,argo-events.configs.nats.versions,argo-events.configs.jetstream.versions,app-proxy.image-enrichment.config.images,-global.external-argo-cd > all-image-values.yaml +python3 private-registry-utils.py all-image-values.yaml $@ diff --git a/scripts/private-registry-utils/helper-scripts/yaml-filter.py b/scripts/private-registry-utils/helper-scripts/yaml-filter.py index 1e9b9a34..934888fc 100755 --- a/scripts/private-registry-utils/helper-scripts/yaml-filter.py +++ b/scripts/private-registry-utils/helper-scripts/yaml-filter.py @@ -14,6 +14,11 @@ def recurse_filter(currValue, filteredDict, filterKeyPathList, currentPath): for filterKeyPath in filterKeyPathList: if currentPath.endswith(filterKeyPath) and currValue: bMatched = True + # Exclude paths starting with "-" + for filterKeyPath in filterKeyPathList: + if filterKeyPath.startswith("-"): + if filterKeyPath[1:] in currentPath: + bMatched = False if bMatched == True: set_nested_dict_value(filteredDict,currentPath,currValue) elif type(currValue) is dict: @@ -38,9 +43,9 @@ def main(yamlFilepath, filterKeys): lstFilterKeys = filterKeys.split(",") recurse_filter(d, filteredDict, lstFilterKeys, "") print(yaml.dump(filteredDict)) - + if __name__ == "__main__": if len(sys.argv) != 3: raise SyntaxError("Wrong number of arguments. Usage: filter-values.py ") else: - main(sys.argv[1], sys.argv[2]) \ No newline at end of file + main(sys.argv[1], sys.argv[2]) diff --git a/scripts/private-registry-utils/output-calculated-values.sh b/scripts/private-registry-utils/output-calculated-values.sh index 91a3c918..0ac810ab 100755 --- a/scripts/private-registry-utils/output-calculated-values.sh +++ b/scripts/private-registry-utils/output-calculated-values.sh @@ -1,7 +1,4 @@ #!/bin/bash -MYDIR=$(dirname $0) -CHARTDIR="/chart" -VALUESFILE="${CHARTDIR}/ci/values-all-images.yaml" OUTPUTFILE=$1 # This template prints all values and also sets tags for all images with non-empty repository value, where the tag is empty and should be derived from the appVersion of the subchart. ALL_VALUES_TEMPLATE=$(cat < $CHARTDIR/templates/all-values.yaml helm template --values $VALUESFILE --set getImages=true --show-only templates/all-values.yaml $CHARTDIR > $OUTPUTFILE -rm $CHARTDIR/templates/all-values.yaml \ No newline at end of file +rm $CHARTDIR/templates/all-values.yaml From 332d74baf02ca4ba92fdc767ff9d85c133283359 Mon Sep 17 00:00:00 2001 From: ilia-medvedev-codefresh Date: Tue, 1 Apr 2025 19:25:50 +0300 Subject: [PATCH 18/49] fix gitops operator values (#439) --- charts/gitops-runtime/values.yaml | 14 -------------- 1 file changed, 14 deletions(-) diff --git a/charts/gitops-runtime/values.yaml b/charts/gitops-runtime/values.yaml index dfa1456d..4b88024e 100644 --- a/charts/gitops-runtime/values.yaml +++ b/charts/gitops-runtime/values.yaml @@ -678,20 +678,6 @@ gitops-operator: requests: cpu: 100m memory: 128Mi - - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - "ALL" - - resources: - limits: - cpu: 500m - memory: 128Mi - requests: - cpu: 100m - memory: 64Mi #----------------------------------------------------------------------------------------------------------------------- # cf-argocd-extras #----------------------------------------------------------------------------------------------------------------------- From 70998281f0c529084c64a7aca9f19b85be6ed92e Mon Sep 17 00:00:00 2001 From: Oleksandr Saulyak Date: Mon, 7 Apr 2025 20:55:50 +0300 Subject: [PATCH 19/49] feat: sources-server 0.3.15 with rollout rollback query (#442) --- charts/gitops-runtime/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/gitops-runtime/Chart.yaml b/charts/gitops-runtime/Chart.yaml index e92e288e..83b337bb 100644 --- a/charts/gitops-runtime/Chart.yaml +++ b/charts/gitops-runtime/Chart.yaml @@ -44,4 +44,4 @@ dependencies: condition: gitops-operator.enabled - name: cf-argocd-extras repository: oci://quay.io/codefresh/charts - version: 0.3.13 + version: 0.3.15 From 840198190b8071d46530bde840f49b3549775b84 Mon Sep 17 00:00:00 2001 From: Oleksandr Saulyak Date: Tue, 8 Apr 2025 16:42:36 +0300 Subject: [PATCH 20/49] feat: argo-cd cm custom rollout action 'pause' 'skip-current-step' (#443) * feat: argo-cd cm custom rollout action 'pause' 'skip-current-step' * removed redundant if --- charts/gitops-runtime/values.yaml | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/charts/gitops-runtime/values.yaml b/charts/gitops-runtime/values.yaml index 4b88024e..f929b9cc 100644 --- a/charts/gitops-runtime/values.yaml +++ b/charts/gitops-runtime/values.yaml @@ -206,6 +206,30 @@ argo-cd: timeout.reconciliation: 20s accounts.admin: apiKey,login application.resourceTrackingMethod: annotation+label + resource.customizations.actions.argoproj.io_Rollout: | + mergeBuiltinActions: true + discovery.lua: | + actions = {} + local fullyPromoted = obj.status.currentPodHash == obj.status.stableRS + actions["pause"] = {["disabled"] = fullyPromoted or obj.spec.paused == true} + actions["skip-current-step"] = {["disabled"] = obj.spec.strategy.canary == nil or obj.spec.strategy.canary.steps == nil or obj.status.currentStepIndex == table.getn(obj.spec.strategy.canary.steps)} + return actions + definitions: + - name: pause + action.lua: | + obj.spec.paused = true + return obj + - name: skip-current-step + action.lua: | + if obj.status ~= nil then + if obj.spec.strategy.canary ~= nil and obj.spec.strategy.canary.steps ~= nil and obj.status.currentStepIndex < table.getn(obj.spec.strategy.canary.steps) then + if obj.status.pauseConditions ~= nil and table.getn(obj.status.pauseConditions) > 0 then + obj.status.pauseConditions = nil + end + obj.status.currentStepIndex = obj.status.currentStepIndex + 1 + end + end + return obj params: server.insecure: true application.namespaces: 'cf-*' From 75489663f96c588bf5678208393497f560e49e0f Mon Sep 17 00:00:00 2001 From: mikhail-klimko Date: Thu, 10 Apr 2025 10:04:15 +0300 Subject: [PATCH 21/49] feat: rollout-reporter with external argo rollouts (#441) --- charts/gitops-runtime/templates/_helpers.tpl | 30 ++++--- .../rollout-reporter/clusterrolebinding.yaml | 4 +- .../rollout-reporter/eventsource.yaml | 2 +- .../rollout-reporter/rbac.yaml | 2 +- .../rollout-reporter/sensor.yaml | 2 +- .../rollout-reporter/serviceaccount.yaml | 2 +- .../tests/external_argo_rollouts_test.yaml | 88 +++++++++++++++++++ charts/gitops-runtime/values.yaml | 8 ++ 8 files changed, 119 insertions(+), 19 deletions(-) create mode 100644 charts/gitops-runtime/tests/external_argo_rollouts_test.yaml diff --git a/charts/gitops-runtime/templates/_helpers.tpl b/charts/gitops-runtime/templates/_helpers.tpl index 2782b776..285a1890 100644 --- a/charts/gitops-runtime/templates/_helpers.tpl +++ b/charts/gitops-runtime/templates/_helpers.tpl @@ -118,10 +118,10 @@ Determine argocd argocd repo server port {{/* -Determine argocd repoServer url +Determine argocd repoServer url */}} {{- define "codefresh-gitops-runtime.argocd.reposerver.url" -}} -{{- $argoCDValues := (get .Values "argo-cd") }} +{{- $argoCDValues := (get .Values "argo-cd") }} {{- if and (index .Values "argo-cd" "enabled") }} {{- $serviceName := include "codefresh-gitops-runtime.argocd.reposerver.servicename" . }} {{- $port := include "codefresh-gitops-runtime.argocd.reposerver.serviceport" . }} @@ -149,8 +149,12 @@ Determine argocd servicename. Must be called with chart root context Determine rollouts name */}} {{- define "codefresh-gitops-runtime.argo-rollouts.name" -}} -{{/* For now use template from rollouts chart until better approach */}} -{{- template "argo-rollouts.fullname" (dict "Values" (get .Values "argo-rollouts")) }} + {{- if and (index .Values "argo-rollouts" "enabled") }} + {{/* For now use template from rollouts chart until better approach */}} + {{- template "argo-rollouts.fullname" (dict "Values" (get .Values "argo-rollouts")) }} + {{- else }} + {{- printf "argo-rollouts" }} + {{- end }} {{- end }} @@ -200,7 +204,7 @@ Determine argocd server url. Must be called with chart root context {{- $port := (required "ArgoCD is not enabled and .Values.global.external-argo-cd.server.port is not port" $argoCDSrv.port) | toString }} {{- $rootpath := (index .Values "global" "external-argo-cd" "server" "rootpath") }} {{- if and (eq $port "80") }} - {{- printf "%s://%s%s" $protocol $svc $rootpath }} + {{- printf "%s://%s%s" $protocol $svc $rootpath }} {{- else }} {{- printf "%s://%s:%s%s" $protocol $svc $port $rootpath }} {{- end }} @@ -213,7 +217,7 @@ Determine argocd server url. Must be called with chart root context Determine argocd server url witout the protocol. Must be called with chart root context */}} {{- define "codefresh-gitops-runtime.argocd.server.no-protocol-url" -}} -{{- $argoCDValues := (get .Values "argo-cd") }} +{{- $argoCDValues := (get .Values "argo-cd") }} {{- if and (index .Values "argo-cd" "enabled") }} {{- $serverName := include "codefresh-gitops-runtime.argocd.server.servicename" . }} {{- $port := include "codefresh-gitops-runtime.argocd.server.serviceport" . }} @@ -231,7 +235,7 @@ Determine argocd server url witout the protocol. Must be called with chart root {{- end}} {{/* -Determine argocd server password. +Determine argocd server password. */}} {{- define "codefresh-gitops-runtime.argocd.server.password" }} {{- if and (index .Values "argo-cd" "enabled") }} @@ -265,7 +269,7 @@ valueFrom: {{/* -Determine argocd token password. +Determine argocd token password. */}} {{- define "codefresh-gitops-runtime.argocd.server.token" }} {{- if and (eq (index .Values "global" "external-argo-cd" "auth" "type") "token") (index .Values "global" "external-argo-cd" "auth" "tokenSecretKeyRef" "name") (index .Values "global" "external-argo-cd" "auth" "tokenSecretKeyRef" "key")}} @@ -289,7 +293,7 @@ valueFrom: {{- end }} {{/* -Determine argocd server password. +Determine argocd server password. */}} {{- define "codefresh-gitops-runtime.argocd.server.username-env-var" }} {{- if and (index .Values "argo-cd" "enabled") }} @@ -310,7 +314,7 @@ valueFrom: {{- end }} {{/* -Determine argocd server password. +Determine argocd server password. */}} {{- define "codefresh-gitops-runtime.argocd.server.username-cm" }} {{- if and (index .Values "argo-cd" "enabled") }} @@ -323,10 +327,10 @@ Determine argocd server password. {{- end }} {{/* -Determine argocd redis url +Determine argocd redis url */}} {{- define "codefresh-gitops-runtime.argocd.redis.url" -}} -{{- $argoCDValues := (get .Values "argo-cd") }} +{{- $argoCDValues := (get .Values "argo-cd") }} {{- if and (index .Values "argo-cd" "enabled") }} {{- $serviceName := include "codefresh-gitops-runtime.argocd.redis.servicename" . }} {{- $port := include "codefresh-gitops-runtime.argocd.redis.serviceport" . }} @@ -458,7 +462,7 @@ Output comma separated list of installed runtime components {{- end }} {{- if not (index .Values "argo-cd" "enabled") }} {{- $eventReporter := dict "name" "event-reporter" "version" (get .Subcharts "cf-argocd-extras").Chart.AppVersion }} - {{- $comptList = append $comptList $eventReporter }} + {{- $comptList = append $comptList $eventReporter }} {{- end }} {{- $comptList | toYaml }} {{- end }} diff --git a/charts/gitops-runtime/templates/event-reporters/rollout-reporter/clusterrolebinding.yaml b/charts/gitops-runtime/templates/event-reporters/rollout-reporter/clusterrolebinding.yaml index 07de6d6c..78d1eb36 100644 --- a/charts/gitops-runtime/templates/event-reporters/rollout-reporter/clusterrolebinding.yaml +++ b/charts/gitops-runtime/templates/event-reporters/rollout-reporter/clusterrolebinding.yaml @@ -1,8 +1,8 @@ {{/* Mapping of argo rollouts clusterrole if such is created (see https://github.com/codefresh-io/argo-helm/blob/argo-rollouts/charts/argo-rollouts/templates/controller/clusterrolebinding.yaml) to the reporters ServiceAccount */}} -{{- if index (get .Values "argo-rollouts") "enabled" }} - {{- if and (index (get .Values "argo-rollouts") "clusterInstall") (index (get .Values "argo-rollouts") "controller" "createClusterRole") }} +{{- if or (index (get .Values "argo-rollouts") "enabled") (and (not (index (get .Values "argo-rollouts") "enabled")) (index .Values.global "external-argo-rollouts" "rollout-reporter" "enabled" )) }} + {{- if or (and (index (get .Values "argo-rollouts") "clusterInstall") (index (get .Values "argo-rollouts") "controller" "createClusterRole")) (and (not (index (get .Values "argo-rollouts") "enabled")) (index .Values.global "external-argo-rollouts" "rollout-reporter" "enabled" ))}} {{- $eventReporterContext := deepCopy . }} {{- $_ := set $eventReporterContext "Values" (deepCopy (get .Values "event-reporters")) }} {{- $_ := set $eventReporterContext.Values "global" (deepCopy (get .Values "global")) }} diff --git a/charts/gitops-runtime/templates/event-reporters/rollout-reporter/eventsource.yaml b/charts/gitops-runtime/templates/event-reporters/rollout-reporter/eventsource.yaml index f7dd3eac..ea09f3a1 100644 --- a/charts/gitops-runtime/templates/event-reporters/rollout-reporter/eventsource.yaml +++ b/charts/gitops-runtime/templates/event-reporters/rollout-reporter/eventsource.yaml @@ -1,4 +1,4 @@ -{{- if index (get .Values "argo-rollouts") "enabled" }} +{{- if or (index (get .Values "argo-rollouts") "enabled") (and (not (index (get .Values "argo-rollouts") "enabled")) (index .Values.global "external-argo-rollouts" "rollout-reporter" "enabled" )) }} {{- $eventReporterContext := deepCopy . }} {{- $_ := set $eventReporterContext "Values" (deepCopy (get .Values "event-reporters")) }} {{- $_ := set $eventReporterContext.Values "global" (deepCopy (get .Values "global")) }} diff --git a/charts/gitops-runtime/templates/event-reporters/rollout-reporter/rbac.yaml b/charts/gitops-runtime/templates/event-reporters/rollout-reporter/rbac.yaml index fd621f7d..bb2c051f 100644 --- a/charts/gitops-runtime/templates/event-reporters/rollout-reporter/rbac.yaml +++ b/charts/gitops-runtime/templates/event-reporters/rollout-reporter/rbac.yaml @@ -1,4 +1,4 @@ -{{- if index (get .Values "argo-rollouts") "enabled" }} +{{- if or (index (get .Values "argo-rollouts") "enabled") (and (not (index (get .Values "argo-rollouts") "enabled")) (index .Values.global "external-argo-rollouts" "rollout-reporter" "enabled" )) }} {{- $eventReporterContext := deepCopy . }} {{- $_ := set $eventReporterContext "Values" (deepCopy (get .Values "event-reporters")) }} {{- $_ := set $eventReporterContext.Values "global" (deepCopy (get .Values "global")) }} diff --git a/charts/gitops-runtime/templates/event-reporters/rollout-reporter/sensor.yaml b/charts/gitops-runtime/templates/event-reporters/rollout-reporter/sensor.yaml index a55eb3bb..8a097482 100644 --- a/charts/gitops-runtime/templates/event-reporters/rollout-reporter/sensor.yaml +++ b/charts/gitops-runtime/templates/event-reporters/rollout-reporter/sensor.yaml @@ -1,4 +1,4 @@ -{{- if index (get .Values "argo-rollouts") "enabled" }} +{{- if or (index (get .Values "argo-rollouts") "enabled") (and (not (index (get .Values "argo-rollouts") "enabled")) (index .Values.global "external-argo-rollouts" "rollout-reporter" "enabled" )) }} {{- $eventReporterContext := deepCopy . }} {{- $_ := set $eventReporterContext "Values" (deepCopy (get .Values "event-reporters")) }} {{- $_ := set $eventReporterContext.Values "global" (deepCopy (get .Values "global")) }} diff --git a/charts/gitops-runtime/templates/event-reporters/rollout-reporter/serviceaccount.yaml b/charts/gitops-runtime/templates/event-reporters/rollout-reporter/serviceaccount.yaml index aaf424e6..ddf72053 100644 --- a/charts/gitops-runtime/templates/event-reporters/rollout-reporter/serviceaccount.yaml +++ b/charts/gitops-runtime/templates/event-reporters/rollout-reporter/serviceaccount.yaml @@ -1,4 +1,4 @@ -{{- if index (get .Values "argo-rollouts") "enabled" }} +{{- if or (index (get .Values "argo-rollouts") "enabled") (and (not (index (get .Values "argo-rollouts") "enabled")) (index .Values.global "external-argo-rollouts" "rollout-reporter" "enabled" )) }} {{- $eventReporterContext := deepCopy . }} {{- $_ := set $eventReporterContext "Values" (deepCopy (get .Values "event-reporters")) }} {{- $_ := set $eventReporterContext.Values "global" (deepCopy (get .Values "global")) }} diff --git a/charts/gitops-runtime/tests/external_argo_rollouts_test.yaml b/charts/gitops-runtime/tests/external_argo_rollouts_test.yaml new file mode 100644 index 00000000..9ac49ae0 --- /dev/null +++ b/charts/gitops-runtime/tests/external_argo_rollouts_test.yaml @@ -0,0 +1,88 @@ +# yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json +suite: Test External Argo Rolouts with GitOps Runtime +templates: + - event-reporters/rollout-reporter/* +tests: + - it: Should not deploy rollout-reporter if argo-rollouts disabled + set: + argo-rollouts: + enabled: false + asserts: + - containsDocument: + apiVersion: v1 + kind: ServiceAccount + name: rollout-reporter + template: event-reporters/rollout-reporter/serviceaccount.yaml + not: true + - containsDocument: + apiVersion: argoproj.io/v1alpha1 + kind: Sensor + name: rollout-reporter + template: event-reporters/rollout-reporter/sensor.yaml + not: true + - containsDocument: + apiVersion: argoproj.io/v1alpha1 + kind: EventSource + name: rollout-reporter + template: event-reporters/rollout-reporter/eventsource.yaml + not: true + - containsDocument: + apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + name: rollout-reporter-sa + template: event-reporters/rollout-reporter/rbac.yaml + not: true + - containsDocument: + apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + name: rollout-reporter-sa + template: event-reporters/rollout-reporter/rbac.yaml + not: true + - containsDocument: + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + name: codefresh-rollouts-reporter + template: event-reporters/rollout-reporter/clusterrolebinding.yaml + not: true + + - it: Should deploy rollout-reporter if argo-rollouts disabled AND .global.external-argo-rollouts.rollout-reporter.enabled is true + set: + argo-rollouts: + enabled: false + global: + external-argo-rollouts: + rollout-reporter: + enabled: true + asserts: + - containsDocument: + apiVersion: v1 + kind: ServiceAccount + name: rollout-reporter + template: event-reporters/rollout-reporter/serviceaccount.yaml + - containsDocument: + apiVersion: argoproj.io/v1alpha1 + kind: Sensor + name: rollout-reporter + template: event-reporters/rollout-reporter/sensor.yaml + - containsDocument: + apiVersion: argoproj.io/v1alpha1 + kind: EventSource + name: rollout-reporter + template: event-reporters/rollout-reporter/eventsource.yaml + - containsDocument: + apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + name: rollout-reporter-sa + template: event-reporters/rollout-reporter/rbac.yaml + documentIndex: 0 + - containsDocument: + apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + name: rollout-reporter-sa + template: event-reporters/rollout-reporter/rbac.yaml + documentIndex: 1 + - containsDocument: + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + name: codefresh-rollouts-reporter + template: event-reporters/rollout-reporter/clusterrolebinding.yaml diff --git a/charts/gitops-runtime/values.yaml b/charts/gitops-runtime/values.yaml index f929b9cc..7b32d10a 100644 --- a/charts/gitops-runtime/values.yaml +++ b/charts/gitops-runtime/values.yaml @@ -162,6 +162,14 @@ global: # name: argocd-token # key: token + # -- Configuration for external Argo Rollouts + external-argo-rollouts: + # -- Rollout reporter settings + rollout-reporter: + # -- Enable or disable rollout reporter + # Configuration is defined at .Values.event-reporters.rollout + enabled: false + # ------------------------------------------------------------------------------------------------------------------------- # Installer # ------------------------------------------------------------------------------------------------------------------------- From 902a430019d381982072035784a1602fb2caadbf Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Thu, 10 Apr 2025 10:23:12 +0300 Subject: [PATCH 22/49] update README.md --- charts/gitops-runtime/README.md | 30 ++++++++++++++++++++------ charts/gitops-runtime/README.md.gotmpl | 19 ++++++++++++++++ 2 files changed, 43 insertions(+), 6 deletions(-) diff --git a/charts/gitops-runtime/README.md b/charts/gitops-runtime/README.md index 6e3ee0f1..37526170 100644 --- a/charts/gitops-runtime/README.md +++ b/charts/gitops-runtime/README.md @@ -93,6 +93,26 @@ argo-cd: enabled: false ``` +## Installation with External Argo Rollouts + +If you want to use an existing Argo Rollouts installation, you can disable the built-in Argo Rollouts and configure the GitOps Runtime to use the external Argo Rollouts. +See the `values.yaml` example below: + +```yaml +global: + # -- Configuration for external Argo Rollouts + external-argo-rollouts: + # -- Rollout reporter settings + rollout-reporter: + # -- Enable rollout reporter + # Configuration is defined at .Values.event-reporters.rollout + enabled: true + +argo-rollouts: + # -- Disable built-in Argo Rollouts + enabled: false +``` + ## Using with private registries - Helper utility The GitOps Runtime comprises multiple subcharts and container images. Subcharts also vary in values structure, making it difficult to override image specific values to use private registries. We have created a helper utility to resolve this issue: @@ -230,6 +250,7 @@ sealed-secrets: | argo-cd.applicationVersioning.useApplicationConfiguration | bool | `true` | Extract application version based on ApplicationConfiguration CRD | | argo-cd.configs.cm."accounts.admin" | string | `"apiKey,login"` | | | argo-cd.configs.cm."application.resourceTrackingMethod" | string | `"annotation+label"` | | +| argo-cd.configs.cm."resource.customizations.actions.argoproj.io_Rollout" | string | `"mergeBuiltinActions: true\ndiscovery.lua: |\n actions = {}\n local fullyPromoted = obj.status.currentPodHash == obj.status.stableRS\n actions[\"pause\"] = {[\"disabled\"] = fullyPromoted or obj.spec.paused == true}\n actions[\"skip-current-step\"] = {[\"disabled\"] = obj.spec.strategy.canary == nil or obj.spec.strategy.canary.steps == nil or obj.status.currentStepIndex == table.getn(obj.spec.strategy.canary.steps)}\n return actions\ndefinitions:\n- name: pause\n action.lua: |\n obj.spec.paused = true\n return obj\n- name: skip-current-step\n action.lua: |\n if obj.status ~= nil then\n if obj.spec.strategy.canary ~= nil and obj.spec.strategy.canary.steps ~= nil and obj.status.currentStepIndex < table.getn(obj.spec.strategy.canary.steps) then\n if obj.status.pauseConditions ~= nil and table.getn(obj.status.pauseConditions) > 0 then\n obj.status.pauseConditions = nil\n end\n obj.status.currentStepIndex = obj.status.currentStepIndex + 1\n end\n end\n return obj\n"` | | | argo-cd.configs.cm."timeout.reconciliation" | string | `"20s"` | | | argo-cd.configs.params."application.namespaces" | string | `"cf-*"` | | | argo-cd.configs.params."server.insecure" | bool | `true` | | @@ -326,12 +347,6 @@ sealed-secrets: | gitops-operator.resources.limits | object | `{}` | | | gitops-operator.resources.requests.cpu | string | `"100m"` | | | gitops-operator.resources.requests.memory | string | `"128Mi"` | | -| gitops-operator.resources.resources.limits.cpu | string | `"500m"` | | -| gitops-operator.resources.resources.limits.memory | string | `"128Mi"` | | -| gitops-operator.resources.resources.requests.cpu | string | `"100m"` | | -| gitops-operator.resources.resources.requests.memory | string | `"64Mi"` | | -| gitops-operator.resources.securityContext.allowPrivilegeEscalation | bool | `false` | | -| gitops-operator.resources.securityContext.capabilities.drop[0] | string | `"ALL"` | | | gitops-operator.serviceAccount.annotations | object | `{}` | | | gitops-operator.serviceAccount.create | bool | `true` | | | gitops-operator.serviceAccount.name | string | `"gitops-operator-controller-manager"` | | @@ -366,6 +381,9 @@ sealed-secrets: | global.external-argo-cd.server.port | int | `80` | Port of the ArgoCD server | | global.external-argo-cd.server.rootpath | string | `""` | Set if Argo CD is running behind reverse proxy under subpath different from / e.g. rootpath: '/argocd' | | global.external-argo-cd.server.svc | string | `"argocd-server"` | Service name of the ArgoCD server | +| global.external-argo-rollouts | object | `{"rollout-reporter":{"enabled":false}}` | Configuration for external Argo Rollouts | +| global.external-argo-rollouts.rollout-reporter | object | `{"enabled":false}` | Rollout reporter settings | +| global.external-argo-rollouts.rollout-reporter.enabled | bool | `false` | Enable or disable rollout reporter Configuration is defined at .Values.event-reporters.rollout | | global.runtime | object | `{"cluster":"https://kubernetes.default.svc","codefreshHosted":false,"eventBus":{"annotations":{},"name":"codefresh-eventbus","nats":{"native":{"auth":"token","containerTemplate":{"resources":{"limits":{"cpu":"500m","ephemeral-storage":"2Gi","memory":"4Gi"},"requests":{"cpu":"200m","ephemeral-storage":"2Gi","memory":"1Gi"}}},"maxPayload":"4MB","replicas":3}},"pdb":{"enabled":true,"minAvailable":2}},"gitCredentials":{"password":{"secretKeyRef":{},"value":null},"username":"username"},"ingress":{"annotations":{},"className":"nginx","enabled":false,"hosts":[],"protocol":"https","skipValidation":false,"tls":[]},"ingressUrl":"","isConfigurationRuntime":false,"name":null}` | Runtime level settings | | global.runtime.cluster | string | `"https://kubernetes.default.svc"` | Runtime cluster. Should not be changed. | | global.runtime.codefreshHosted | bool | `false` | Defines whether this is a Codefresh hosted runtime. Should not be changed. | diff --git a/charts/gitops-runtime/README.md.gotmpl b/charts/gitops-runtime/README.md.gotmpl index 3b5cd7d5..734d6a01 100644 --- a/charts/gitops-runtime/README.md.gotmpl +++ b/charts/gitops-runtime/README.md.gotmpl @@ -94,6 +94,25 @@ argo-cd: enabled: false ``` +## Installation with External Argo Rollouts + +If you want to use an existing Argo Rollouts installation, you can disable the built-in Argo Rollouts and configure the GitOps Runtime to use the external Argo Rollouts. +See the `values.yaml` example below: + +```yaml +global: + # -- Configuration for external Argo Rollouts + external-argo-rollouts: + # -- Rollout reporter settings + rollout-reporter: + # -- Enable rollout reporter + # Configuration is defined at .Values.event-reporters.rollout + enabled: true + +argo-rollouts: + # -- Disable built-in Argo Rollouts + enabled: false +``` ## Using with private registries - Helper utility The GitOps Runtime comprises multiple subcharts and container images. Subcharts also vary in values structure, making it difficult to override image specific values to use private registries. From 5d078de608332813b099392692af6c3c048a0cd9 Mon Sep 17 00:00:00 2001 From: kim-codefresh Date: Thu, 10 Apr 2025 15:46:39 +0300 Subject: [PATCH 23/49] feat: updated app-proxy to 1.3419.1 (#444) --- charts/gitops-runtime/values.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/gitops-runtime/values.yaml b/charts/gitops-runtime/values.yaml index 7b32d10a..928d07d3 100644 --- a/charts/gitops-runtime/values.yaml +++ b/charts/gitops-runtime/values.yaml @@ -537,7 +537,7 @@ app-proxy: tag: 1.1.12-main image: repository: quay.io/codefresh/cap-app-proxy - tag: 1.3389.0 + tag: 1.3419.1 pullPolicy: IfNotPresent # -- Extra volume mounts for main container extraVolumeMounts: [] @@ -545,7 +545,7 @@ app-proxy: initContainer: image: repository: quay.io/codefresh/cap-app-proxy-init - tag: 1.3389.0 + tag: 1.3419.1 pullPolicy: IfNotPresent command: - ./init.sh From dc17f2819299416ddd27832ea208915fa9ee6975 Mon Sep 17 00:00:00 2001 From: Noam Gal Date: Tue, 15 Apr 2025 16:29:57 +1000 Subject: [PATCH 24/49] feat: update app-proxy image tags to 1.3430.2 (#447) fix: Proxy config set in env values is not reaching container env --- charts/gitops-runtime/values.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/gitops-runtime/values.yaml b/charts/gitops-runtime/values.yaml index 928d07d3..dbf1e5d1 100644 --- a/charts/gitops-runtime/values.yaml +++ b/charts/gitops-runtime/values.yaml @@ -537,7 +537,7 @@ app-proxy: tag: 1.1.12-main image: repository: quay.io/codefresh/cap-app-proxy - tag: 1.3419.1 + tag: 1.3430.2 pullPolicy: IfNotPresent # -- Extra volume mounts for main container extraVolumeMounts: [] @@ -545,7 +545,7 @@ app-proxy: initContainer: image: repository: quay.io/codefresh/cap-app-proxy-init - tag: 1.3419.1 + tag: 1.3430.2 pullPolicy: IfNotPresent command: - ./init.sh From f14633a570c8840ba0c0903dc728e90e4b01b421 Mon Sep 17 00:00:00 2001 From: Scott Merchant Date: Thu, 17 Apr 2025 11:45:05 +0100 Subject: [PATCH 25/49] bump gitops operator version (#451) --- charts/gitops-runtime/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/gitops-runtime/Chart.yaml b/charts/gitops-runtime/Chart.yaml index 83b337bb..862a06e1 100644 --- a/charts/gitops-runtime/Chart.yaml +++ b/charts/gitops-runtime/Chart.yaml @@ -39,7 +39,7 @@ dependencies: condition: tunnel-client.enabled - name: codefresh-gitops-operator repository: oci://quay.io/codefresh/charts - version: 0.5.2 + version: 0.5.4 alias: gitops-operator condition: gitops-operator.enabled - name: cf-argocd-extras From 7bb4136e56f6f7a8500df89426a10aff9a49254a Mon Sep 17 00:00:00 2001 From: Noam Gal Date: Mon, 21 Apr 2025 02:59:11 +1000 Subject: [PATCH 26/49] feat: update argo-cd dependency version to 7.8.23-1-cap-v2.14.9 (#455) - Updated the version of the argo-cd dependency in Chart.yaml to ensure compatibility and access to the latest features and fixes. --- .gitignore | 5 ++--- charts/gitops-runtime/Chart.yaml | 2 +- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index b3a654a0..4a2abe23 100644 --- a/.gitignore +++ b/.gitignore @@ -7,12 +7,11 @@ output **/charts/**/charts **/charts/**/Chart.lock -# only ignore the values.yaml file at the root of the repo -/values.yaml +# only ignore any values*.yaml file at the root of the repo +/values*.yaml .devcontainer # ignore local dev values-dev.yaml dry-run.yaml -values-test.yaml .debug diff --git a/charts/gitops-runtime/Chart.yaml b/charts/gitops-runtime/Chart.yaml index 862a06e1..ebba31f6 100644 --- a/charts/gitops-runtime/Chart.yaml +++ b/charts/gitops-runtime/Chart.yaml @@ -17,7 +17,7 @@ dependencies: - name: argo-cd repository: https://codefresh-io.github.io/argo-helm condition: argo-cd.enabled - version: 7.7.14-5-cap-2.13.3-2025.3.5-50344f005 + version: 7.8.23-1-cap-v2.14.9-2025-04-20-584fc7f3 - name: argo-events repository: https://codefresh-io.github.io/argo-helm version: 2.4.7-1-cap-CR-28072 From f998fb91cd4f465b92c11fedbc2d9bbea5bd71d7 Mon Sep 17 00:00:00 2001 From: vitalii-codefresh Date: Tue, 22 Apr 2025 13:39:05 +0300 Subject: [PATCH 27/49] updated debian, cf-cli, kubectl (#454) --- installer-image/Dockerfile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/installer-image/Dockerfile b/installer-image/Dockerfile index 0d2e8ddb..ef59d98e 100644 --- a/installer-image/Dockerfile +++ b/installer-image/Dockerfile @@ -1,14 +1,14 @@ #bookworm-slim -FROM debian:12.9-slim +FROM debian:12.10-slim RUN echo 'debconf debconf/frontend select Noninteractive' | debconf-set-selections -ARG CF_CLI_VERSION=v0.1.70 +ARG CF_CLI_VERSION=v0.2.6 ARG TARGETARCH RUN apt-get update && apt-get install curl -y RUN curl -L --output - https://github.com/codefresh-io/cli-v2/releases/download/${CF_CLI_VERSION}/cf-linux-${TARGETARCH}.tar.gz | tar zx && mv ./cf-linux-${TARGETARCH} /usr/local/bin/cf -COPY --from=bitnami/kubectl:1.32.1 /opt/bitnami/kubectl/bin/kubectl /usr/local/bin/ +COPY --from=bitnami/kubectl:1.32.3 /opt/bitnami/kubectl/bin/kubectl /usr/local/bin/ RUN adduser --shell /bin/bash codefresh USER codefresh From 2887699de16e0b751d8a3b758b1e308dfdbc4bb5 Mon Sep 17 00:00:00 2001 From: kim-codefresh Date: Tue, 22 Apr 2025 15:48:30 +0300 Subject: [PATCH 28/49] feat: add gitops-operator-default pulling interval (#456) * feat: add gitops-operator-default pulling interval * env will be set only in gitops-runtime-helm chart values --- charts/gitops-runtime/values.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/charts/gitops-runtime/values.yaml b/charts/gitops-runtime/values.yaml index dbf1e5d1..01837df3 100644 --- a/charts/gitops-runtime/values.yaml +++ b/charts/gitops-runtime/values.yaml @@ -674,7 +674,9 @@ gitops-operator: # -- Additional labels for gitops operator CRDs additionalLabels: {} - env: {} + env: { + TASK_PULLING_INTERVAL: 10s + } image: {} # -- defaults # repository: quay.io/codefresh/codefresh-gitops-operator From 3a763c9d7316b5c2221550d9cada1330fa039927 Mon Sep 17 00:00:00 2001 From: Victor Plakyda Date: Wed, 23 Apr 2025 12:01:37 +0300 Subject: [PATCH 29/49] feat: update setup URL in NOTES.txt to use dynamic values (#449) * fix: update setup URL in NOTES.txt to use dynamic values * fix: correct formatting in setup URL in NOTES.txt * fix: update conditional check for argo-cd in NOTES.txt --- charts/gitops-runtime/templates/NOTES.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/gitops-runtime/templates/NOTES.txt b/charts/gitops-runtime/templates/NOTES.txt index 37b906ef..031f0518 100644 --- a/charts/gitops-runtime/templates/NOTES.txt +++ b/charts/gitops-runtime/templates/NOTES.txt @@ -1,2 +1,2 @@ GitOps Runtime {{ .Values.global.runtime.name }} has been successfully installed in your cluster! -To complete the setup, please finalize the process in the platform here: https://g.codefresh.io/2.0/account-settings/runtimes/info/list +To complete the setup, please finalize the process in the platform here: {{ .Values.global.codefresh.url }}/2.0/account-settings/runtimes/info/list?activeAccountId={{ .Values.global.codefresh.accountId }}&drawer=install-runtime-wizard&mode={{- if index .Values "argo-cd" "enabled" }}new{{- else }}byoa{{- end }}&runtimeName={{ .Values.global.runtime.name }}&waitEvents=true From da7cd2ccc4fd7e0332fe55c89deb4275dc7234a9 Mon Sep 17 00:00:00 2001 From: Oleksandr Saulyak Date: Wed, 23 Apr 2025 13:08:54 +0300 Subject: [PATCH 30/49] feat: cf-argocd-extras (0.3.16) - event-reporter with git-source data (#458) --- charts/gitops-runtime/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/gitops-runtime/Chart.yaml b/charts/gitops-runtime/Chart.yaml index ebba31f6..c6fa64a7 100644 --- a/charts/gitops-runtime/Chart.yaml +++ b/charts/gitops-runtime/Chart.yaml @@ -44,4 +44,4 @@ dependencies: condition: gitops-operator.enabled - name: cf-argocd-extras repository: oci://quay.io/codefresh/charts - version: 0.3.15 + version: 0.3.16 From 3bb1db2e67b89078d47e232a4a906e35b8979fac Mon Sep 17 00:00:00 2001 From: Oleksandr Saulyak Date: Thu, 24 Apr 2025 15:23:25 +0300 Subject: [PATCH 31/49] eat: cf-argocd-extras (0.3.17) - events with change revision data (#459) --- charts/gitops-runtime/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/gitops-runtime/Chart.yaml b/charts/gitops-runtime/Chart.yaml index c6fa64a7..4d86b624 100644 --- a/charts/gitops-runtime/Chart.yaml +++ b/charts/gitops-runtime/Chart.yaml @@ -44,4 +44,4 @@ dependencies: condition: gitops-operator.enabled - name: cf-argocd-extras repository: oci://quay.io/codefresh/charts - version: 0.3.16 + version: 0.3.17 From 6dba4d05ede440489b56dc2a82d7d5e6c432d405 Mon Sep 17 00:00:00 2001 From: Regina Voloshin Date: Thu, 24 Apr 2025 17:23:02 +0300 Subject: [PATCH 32/49] bumped version to 7.8.23-2-cap-v2.14.9-2025-04-23-4de04dd8 (#461) Signed-off-by: reggie-k --- charts/gitops-runtime/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/gitops-runtime/Chart.yaml b/charts/gitops-runtime/Chart.yaml index 4d86b624..f1b83488 100644 --- a/charts/gitops-runtime/Chart.yaml +++ b/charts/gitops-runtime/Chart.yaml @@ -17,7 +17,7 @@ dependencies: - name: argo-cd repository: https://codefresh-io.github.io/argo-helm condition: argo-cd.enabled - version: 7.8.23-1-cap-v2.14.9-2025-04-20-584fc7f3 + version: 7.8.23-2-cap-v2.14.9-2025-04-23-4de04dd8 - name: argo-events repository: https://codefresh-io.github.io/argo-helm version: 2.4.7-1-cap-CR-28072 From c476ec5b2fd73695b7f4ed46d4ae59f4eb5917d1 Mon Sep 17 00:00:00 2001 From: Oleksandr Saulyak Date: Mon, 28 Apr 2025 09:56:06 +0300 Subject: [PATCH 33/49] app-proxy 1.3451.0 with app resource tree with annotations & labels in response (#463) --- charts/gitops-runtime/values.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/gitops-runtime/values.yaml b/charts/gitops-runtime/values.yaml index 01837df3..5183e8c4 100644 --- a/charts/gitops-runtime/values.yaml +++ b/charts/gitops-runtime/values.yaml @@ -537,7 +537,7 @@ app-proxy: tag: 1.1.12-main image: repository: quay.io/codefresh/cap-app-proxy - tag: 1.3430.2 + tag: 1.3451.0 pullPolicy: IfNotPresent # -- Extra volume mounts for main container extraVolumeMounts: [] @@ -545,7 +545,7 @@ app-proxy: initContainer: image: repository: quay.io/codefresh/cap-app-proxy-init - tag: 1.3430.2 + tag: 1.3451.0 pullPolicy: IfNotPresent command: - ./init.sh From d8e9c0a1619347d473f34f3c7d66c25ad162de61 Mon Sep 17 00:00:00 2001 From: vitalii-codefresh Date: Wed, 30 Apr 2025 15:29:52 +0300 Subject: [PATCH 34/49] updated sealed-secrets (#464) --- charts/gitops-runtime/Chart.yaml | 2 +- charts/gitops-runtime/values.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/gitops-runtime/Chart.yaml b/charts/gitops-runtime/Chart.yaml index f1b83488..d583b32e 100644 --- a/charts/gitops-runtime/Chart.yaml +++ b/charts/gitops-runtime/Chart.yaml @@ -31,7 +31,7 @@ dependencies: condition: argo-rollouts.enabled - name: sealed-secrets repository: https://bitnami-labs.github.io/sealed-secrets/ - version: 2.17.0 + version: 2.17.2 - name: codefresh-tunnel-client repository: oci://quay.io/codefresh/charts version: 0.1.19 diff --git a/charts/gitops-runtime/values.yaml b/charts/gitops-runtime/values.yaml index 5183e8c4..9077fdc7 100644 --- a/charts/gitops-runtime/values.yaml +++ b/charts/gitops-runtime/values.yaml @@ -191,7 +191,7 @@ sealed-secrets: image: registry: 'quay.io' repository: 'codefresh/sealed-secrets-controller' - tag: '0.28.0' + tag: '0.29.0' resources: limits: cpu: 500m From 9bb9c52e2346bc4b0171c70667a96d6c2d8600d4 Mon Sep 17 00:00:00 2001 From: "Kostis (Codefresh)" <39800303+kostis-codefresh@users.noreply.github.com> Date: Wed, 30 Apr 2025 18:30:58 +0300 Subject: [PATCH 35/49] feat: security fixes for Argo Rollouts 1.7.2 (#460) Signed-off-by: Kostis Kapelonis Co-authored-by: vitalii-codefresh --- charts/gitops-runtime/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/gitops-runtime/Chart.yaml b/charts/gitops-runtime/Chart.yaml index d583b32e..c3f242d4 100644 --- a/charts/gitops-runtime/Chart.yaml +++ b/charts/gitops-runtime/Chart.yaml @@ -27,7 +27,7 @@ dependencies: condition: argo-workflows.enabled - name: argo-rollouts repository: https://codefresh-io.github.io/argo-helm - version: 2.37.3-2-v1.7.2-cap-CR-26082 + version: 2.37.3-3-v1.7.2-cap-CR-28008 condition: argo-rollouts.enabled - name: sealed-secrets repository: https://bitnami-labs.github.io/sealed-secrets/ From efa1873d71351cb425773c276cecd9d701357b53 Mon Sep 17 00:00:00 2001 From: vitalii-codefresh Date: Thu, 1 May 2025 12:23:47 +0300 Subject: [PATCH 36/49] updated nginx (#465) --- charts/gitops-runtime/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/gitops-runtime/values.yaml b/charts/gitops-runtime/values.yaml index 9077fdc7..6b752891 100644 --- a/charts/gitops-runtime/values.yaml +++ b/charts/gitops-runtime/values.yaml @@ -402,7 +402,7 @@ internal-router: image: repository: nginxinc/nginx-unprivileged pullPolicy: IfNotPresent - tag: 1.26-alpine3.20 + tag: 1.28-alpine3.21 imagePullSecrets: [] nameOverride: "" fullnameOverride: "internal-router" From 2db91c7a546ddda56072cda272a8db8f0ea636df Mon Sep 17 00:00:00 2001 From: Noam Gal Date: Sun, 4 May 2025 20:41:39 +1000 Subject: [PATCH 37/49] feat: add Argo CD version check and validation in pre-install hook (#462) * feat: add Argo CD version check and validation in pre-install hook Enhance the pre-install hook to include a version check for Argo CD. This change introduces environment variables for Argo CD service discovery and version validation, ensuring compatibility with the required version constraint. Additionally, update the Dockerfile to install necessary dependencies for the validation process. --- .../hooks/pre-install/validate-values.yaml | 134 +++++++++++++++++- charts/gitops-runtime/values.yaml | 6 + installer-image/Dockerfile | 8 +- 3 files changed, 144 insertions(+), 4 deletions(-) diff --git a/charts/gitops-runtime/templates/hooks/pre-install/validate-values.yaml b/charts/gitops-runtime/templates/hooks/pre-install/validate-values.yaml index 543c124b..9b86b81e 100644 --- a/charts/gitops-runtime/templates/hooks/pre-install/validate-values.yaml +++ b/charts/gitops-runtime/templates/hooks/pre-install/validate-values.yaml @@ -35,11 +35,139 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - - name: VERSION + - name: CHART_VERSION value: {{ .Chart.Version }} + - name: ARGOCD_CHECK_VERSION + value: {{ not (get .Values "argo-cd").enabled | quote }} + - name: ARGOCD_LABELS + value: "{{ range $k, $v := .Values.installer.argoCdVersionCheck.argoServerLabels }}{{ $k }}={{ $v }},{{ end }}" + - name: ARGOCD_VERSION_PATH + value: "/api/version" + - name: REQUIRED_VERSION_CONSTRAINT + value: ">=2.12 <3" command: ["sh", "-c"] - args: - - cf helm validate --values /job_tmp/values.yaml --namespace ${NAMESPACE} --version ${VERSION} --hook --log-level debug + args: + - | # shell + # Function to find Argo CD service and export its name and port + get_argocd_service_info() { + local service_info + local service_count + + # Clean labels + CLEAN_LABELS=$(echo "$ARGOCD_LABELS" | sed 's/,$//') + + echo "Searching for Argo CD service in namespace '$NAMESPACE' with labels '$CLEAN_LABELS'" + service_info=$(kubectl get svc -n "$NAMESPACE" -l "$CLEAN_LABELS" -o json) + service_count=$(echo "$service_info" | jq '.items | length') + + if [ "$service_count" -eq 0 ]; then + echo "Error: No Argo CD service found matching labels '$CLEAN_LABELS' in namespace '$NAMESPACE'." + exit 1 + elif [ "$service_count" -gt 1 ]; then + echo "Warning: Found multiple services matching labels '$CLEAN_LABELS'. Using the first one found." + fi + + # Set global variables + SERVICE_NAME=$(echo "$service_info" | jq -r '.items[0].metadata.name') + SERVICE_PORT=$(echo "$service_info" | jq -r '.items[0].spec.ports[0].port') + + if [ -z "$SERVICE_NAME" ] || [ "$SERVICE_NAME" = "null" ] || [ -z "$SERVICE_PORT" ] || [ "$SERVICE_PORT" = "null" ]; then + echo "Error: Could not extract service name or port from the found service." + exit 1 + fi + + echo "Found Argo CD service '$SERVICE_NAME' on port '$SERVICE_PORT'" + } + + # Function to get and normalize the Argo CD root path + get_argocd_root_path() { + local root_path + + echo "Fetching Argo CD root path from ConfigMap '$ARGOCD_CM_PARAMS_NAME' in namespace '$NAMESPACE'..." + root_path=$(kubectl get configmap "$ARGOCD_CM_PARAMS_NAME" -n "$NAMESPACE" -o jsonpath='{.data.server\.rootpath}' 2>/dev/null || echo "") + + if [ -n "$root_path" ] && [ "$root_path" != "/" ]; then + root_path=$(echo "$root_path" | sed 's:/*$::') # Remove trailing slash + [ "${root_path#\/}" = "$root_path" ] && root_path="/$root_path" # Add leading slash if missing + elif [ "$root_path" = "/" ]; then + root_path="" # Treat as empty for URL construction + else + echo "Warning: 'server.rootpath' not found in ConfigMap '$ARGOCD_CM_PARAMS_NAME' or ConfigMap not found. Assuming default root path '/'. " + root_path="" # Default to empty string + fi + + # Set global variable + ARGOCD_ROOT_PATH="$root_path" + echo "Using Argo CD root path: '${ARGOCD_ROOT_PATH:-/}'" + } + + # Function to get the Argo CD version string via API + get_argocd_version_string() { + # Local variables for values obtained internally + local api_full_path + local target_url + local curl_opts + local version_json + local curl_exit_code + + # Call functions to get required info - they set global vars + # We'll use the global vars directly after calling + get_argocd_service_info + get_argocd_root_path + + # Construct Target URL using the globally set variables + api_full_path=$(echo "${ARGOCD_ROOT_PATH}${ARGOCD_VERSION_PATH}" | sed 's://:/:g') + target_url="http://${SERVICE_NAME}.${NAMESPACE}.svc.cluster.local:${SERVICE_PORT}${api_full_path}" + echo "Checking Argo CD version via API: $target_url" + + # Curl Execution + curl_opts="-sS --fail --connect-timeout 10 -L -k" # Base options, follow redirects + version_json=$(curl $curl_opts "$target_url") + curl_exit_code=$? + + if [ $curl_exit_code -ne 0 ]; then + echo "Error: Failed to connect to Argo CD API at $target_url (curl exit code: $curl_exit_code)." + exit 1 + fi + + # Version Parsing - Set global variable + VERSION_STRING=$(echo "$version_json" | jq -r '.Version') + if [ -z "$VERSION_STRING" ] || [ "$VERSION_STRING" = "null" ]; then + echo "Error: Could not parse '.Version' field from API response using jq." + echo "Response JSON: $version_json" + exit 1 + fi + } + + # Function to validate Argo CD version and perform semver check + validate_argocd_version() { + # Call function to get version string (sets VERSION_STRING) + # This function now internally calls get_argocd_service_info and get_argocd_root_path + get_argocd_version_string + + # Clean potential 'v' prefix for semver tool + CLEAN_VERSION_STRING=${VERSION_STRING#v} + + echo "Found Argo CD version string: $VERSION_STRING (using $CLEAN_VERSION_STRING for check)" + echo "Required version constraint: $REQUIRED_VERSION_CONSTRAINT" + + # --- Semver Check (using semver CLI) --- + echo "Performing semver check using 'semver-cli'..." + if semver-cli satisfies "$CLEAN_VERSION_STRING" "$REQUIRED_VERSION_CONSTRAINT"; then + echo "Argo CD version $VERSION_STRING satisfies range '$REQUIRED_VERSION_CONSTRAINT'." + else + echo "Error: Argo CD version $VERSION_STRING does not satisfy required range '$REQUIRED_VERSION_CONSTRAINT'." + exit 1 + fi + } + + if [ "$ARGOCD_CHECK_VERSION" = "true" ]; then + validate_argocd_version + fi + + # --- Helm Values Validation (cf cli) --- + echo "Argo CD version check passed. Validating helm values using cf cli..." + cf helm validate --values /job_tmp/values.yaml --namespace ${NAMESPACE} --version ${CHART_VERSION} --hook --log-level debug volumeMounts: - name: customized-values mountPath: "/job_tmp" diff --git a/charts/gitops-runtime/values.yaml b/charts/gitops-runtime/values.yaml index 6b752891..71693c52 100644 --- a/charts/gitops-runtime/values.yaml +++ b/charts/gitops-runtime/values.yaml @@ -182,6 +182,12 @@ installer: tag: "" pullPolicy: IfNotPresent + argoCdVersionCheck: + # Labels to find the Argo CD API server service + argoServerLabels: + app.kubernetes.io/component: server + app.kubernetes.io/part-of: argocd + # ----------------------------------------------------------------------------------------------------------------------- # Sealed secrets # ----------------------------------------------------------------------------------------------------------------------- diff --git a/installer-image/Dockerfile b/installer-image/Dockerfile index ef59d98e..f164c094 100644 --- a/installer-image/Dockerfile +++ b/installer-image/Dockerfile @@ -1,3 +1,8 @@ +FROM golang:1.24.2 AS go-build + +RUN go install github.com/davidrjonas/semver-cli@latest \ + && cp $GOPATH/bin/semver-cli /usr/local/bin/ + #bookworm-slim FROM debian:12.10-slim @@ -6,8 +11,9 @@ RUN echo 'debconf debconf/frontend select Noninteractive' | debconf-set-selectio ARG CF_CLI_VERSION=v0.2.6 ARG TARGETARCH -RUN apt-get update && apt-get install curl -y +RUN apt-get update && apt-get install curl jq -y RUN curl -L --output - https://github.com/codefresh-io/cli-v2/releases/download/${CF_CLI_VERSION}/cf-linux-${TARGETARCH}.tar.gz | tar zx && mv ./cf-linux-${TARGETARCH} /usr/local/bin/cf +COPY --from=go-build /usr/local/bin/semver-cli /usr/local/bin/semver-cli COPY --from=bitnami/kubectl:1.32.3 /opt/bitnami/kubectl/bin/kubectl /usr/local/bin/ RUN adduser --shell /bin/bash codefresh From 681c20a60b404a85d55d6133ccc408cce3957202 Mon Sep 17 00:00:00 2001 From: vitalii-codefresh Date: Mon, 5 May 2025 18:03:48 +0300 Subject: [PATCH 38/49] updated csdp, gitops-operator (#467) --- charts/gitops-runtime/Chart.yaml | 2 +- charts/gitops-runtime/values.yaml | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/gitops-runtime/Chart.yaml b/charts/gitops-runtime/Chart.yaml index c3f242d4..a034e5a5 100644 --- a/charts/gitops-runtime/Chart.yaml +++ b/charts/gitops-runtime/Chart.yaml @@ -39,7 +39,7 @@ dependencies: condition: tunnel-client.enabled - name: codefresh-gitops-operator repository: oci://quay.io/codefresh/charts - version: 0.5.4 + version: 0.5.5 alias: gitops-operator condition: gitops-operator.enabled - name: cf-argocd-extras diff --git a/charts/gitops-runtime/values.yaml b/charts/gitops-runtime/values.yaml index 71693c52..4cae6297 100644 --- a/charts/gitops-runtime/values.yaml +++ b/charts/gitops-runtime/values.yaml @@ -530,17 +530,17 @@ app-proxy: reportImage: registry: quay.io repository: codefreshplugins/argo-hub-codefresh-csdp-report-image-info - tag: 1.1.12-main + tag: 1.1.13-main # Git enrichment task image gitEnrichment: registry: quay.io repository: codefreshplugins/argo-hub-codefresh-csdp-image-enricher-git-info - tag: 1.1.12-main + tag: 1.1.13-main # Jira enrichment task image jiraEnrichment: registry: quay.io repository: codefreshplugins/argo-hub-codefresh-csdp-image-enricher-jira-info - tag: 1.1.12-main + tag: 1.1.13-main image: repository: quay.io/codefresh/cap-app-proxy tag: 1.3451.0 From 45e77a8eb55316562a596a58e47e51fa8d2f1c86 Mon Sep 17 00:00:00 2001 From: Noam Gal Date: Tue, 6 May 2025 07:12:39 +1000 Subject: [PATCH 39/49] fix: update app-proxy image tags to 1.3470.0 - fix file revision validation (#468) --- charts/gitops-runtime/values.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/gitops-runtime/values.yaml b/charts/gitops-runtime/values.yaml index 4cae6297..9556d2a4 100644 --- a/charts/gitops-runtime/values.yaml +++ b/charts/gitops-runtime/values.yaml @@ -543,7 +543,7 @@ app-proxy: tag: 1.1.13-main image: repository: quay.io/codefresh/cap-app-proxy - tag: 1.3451.0 + tag: 1.3470.0 pullPolicy: IfNotPresent # -- Extra volume mounts for main container extraVolumeMounts: [] @@ -551,7 +551,7 @@ app-proxy: initContainer: image: repository: quay.io/codefresh/cap-app-proxy-init - tag: 1.3451.0 + tag: 1.3470.0 pullPolicy: IfNotPresent command: - ./init.sh From 198da9df2695a4f53a80d7e6d14a213b317fe85d Mon Sep 17 00:00:00 2001 From: Oleksandr Saulyak Date: Wed, 7 May 2025 16:14:04 +0300 Subject: [PATCH 40/49] feat: removal of event-reporter from cf argo-cd fork (#466) * event-reporter from extras as default one * removed values for event-reporter enabling in extras * dev argocd-extras * dev argocd * removal of v1 reporter * uncomment garage * prod versions of charts and unittests for v2 event-reporter * extras 0.3.20 * upd appVersion because with old version out e2e failing because they think that git manifest from app-proxy not supported --- charts/gitops-runtime/Chart.yaml | 6 ++--- charts/gitops-runtime/README.md | 9 +++---- .../templates/event-reporter.yaml | 4 +-- .../tests/cf-argocd-extras_test.yaml | 17 +++++++++++-- .../tests/forked-argocd_test.yaml | 25 +++++++++++++++++++ charts/gitops-runtime/values.yaml | 13 ---------- 6 files changed, 48 insertions(+), 26 deletions(-) create mode 100644 charts/gitops-runtime/tests/forked-argocd_test.yaml diff --git a/charts/gitops-runtime/Chart.yaml b/charts/gitops-runtime/Chart.yaml index a034e5a5..3b05593d 100644 --- a/charts/gitops-runtime/Chart.yaml +++ b/charts/gitops-runtime/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 0.1.69-0 +appVersion: 0.1.71 description: A Helm chart for Codefresh gitops runtime name: gitops-runtime version: 0.0.0 @@ -17,7 +17,7 @@ dependencies: - name: argo-cd repository: https://codefresh-io.github.io/argo-helm condition: argo-cd.enabled - version: 7.8.23-2-cap-v2.14.9-2025-04-23-4de04dd8 + version: 7.8.23-3-cap-v2.14.9-2025-04-23-4de04dd8 - name: argo-events repository: https://codefresh-io.github.io/argo-helm version: 2.4.7-1-cap-CR-28072 @@ -44,4 +44,4 @@ dependencies: condition: gitops-operator.enabled - name: cf-argocd-extras repository: oci://quay.io/codefresh/charts - version: 0.3.17 + version: 0.3.20 diff --git a/charts/gitops-runtime/README.md b/charts/gitops-runtime/README.md index 37526170..af169011 100644 --- a/charts/gitops-runtime/README.md +++ b/charts/gitops-runtime/README.md @@ -203,14 +203,14 @@ sealed-secrets: | app-proxy.image-enrichment.serviceAccount.name | string | `"codefresh-image-enrichment-sa"` | Name of the service account to create or the name of the existing one to use | | app-proxy.image.pullPolicy | string | `"IfNotPresent"` | | | app-proxy.image.repository | string | `"quay.io/codefresh/cap-app-proxy"` | | -| app-proxy.image.tag | string | `"1.3389.0"` | | +| app-proxy.image.tag | string | `"1.3451.0"` | | | app-proxy.imagePullSecrets | list | `[]` | | | app-proxy.initContainer.command[0] | string | `"./init.sh"` | | | app-proxy.initContainer.env | object | `{}` | | | app-proxy.initContainer.extraVolumeMounts | list | `[]` | Extra volume mounts for init container | | app-proxy.initContainer.image.pullPolicy | string | `"IfNotPresent"` | | | app-proxy.initContainer.image.repository | string | `"quay.io/codefresh/cap-app-proxy-init"` | | -| app-proxy.initContainer.image.tag | string | `"1.3389.0"` | | +| app-proxy.initContainer.image.tag | string | `"1.3451.0"` | | | app-proxy.initContainer.resources.limits | object | `{}` | | | app-proxy.initContainer.resources.requests.cpu | string | `"0.2"` | | | app-proxy.initContainer.resources.requests.memory | string | `"256Mi"` | | @@ -256,9 +256,6 @@ sealed-secrets: | argo-cd.configs.params."server.insecure" | bool | `true` | | | argo-cd.crds.install | bool | `true` | | | argo-cd.enabled | bool | `true` | | -| argo-cd.eventReporter.enabled | bool | `true` | Installs new event reporter component to cluster | -| argo-cd.eventReporter.replicas | int | `3` | Amount of shards to handle applications events | -| argo-cd.eventReporter.version | string | `"v2"` | Switches between old and new reporter version. Possible values: v1, v2. For v2 `argo-cd.eventReporter.enabled=true` is required | | argo-cd.fullnameOverride | string | `"argo-cd"` | | | argo-events.configs.jetstream.versions[0].configReloaderImage | string | `"natsio/nats-server-config-reloader:0.16.0"` | | | argo-events.configs.jetstream.versions[0].metricsExporterImage | string | `"natsio/prometheus-nats-exporter:0.15.0"` | | @@ -334,7 +331,7 @@ sealed-secrets: | gitops-operator.crds.install | bool | `true` | Whether or not to install CRDs | | gitops-operator.crds.keep | bool | `false` | Keep CRDs if gitops runtime release is uninstalled | | gitops-operator.enabled | bool | `true` | | -| gitops-operator.env | object | `{}` | | +| gitops-operator.env.TASK_PULLING_INTERVAL | string | `"10s"` | | | gitops-operator.fullnameOverride | string | `""` | | | gitops-operator.image | object | `{}` | | | gitops-operator.imagePullSecrets | list | `[]` | | diff --git a/charts/gitops-runtime/templates/event-reporter.yaml b/charts/gitops-runtime/templates/event-reporter.yaml index 627adf17..2242e8fb 100644 --- a/charts/gitops-runtime/templates/event-reporter.yaml +++ b/charts/gitops-runtime/templates/event-reporter.yaml @@ -1,5 +1,5 @@ +{{- $cfArgoCdExtrasContext := (index .Subcharts "cf-argocd-extras")}} {{- if not (index .Values "argo-cd" "enabled") }} - {{- $cfArgoCdExtrasContext := (index .Subcharts "cf-argocd-extras")}} {{- $_ := set (index $cfArgoCdExtrasContext.Values.eventReporter.configMaps "cmd-params-cm" "data") "argocd.server" (include "codefresh-gitops-runtime.argocd.server.no-protocol-url" . ) }} {{- $_ := set (index $cfArgoCdExtrasContext.Values.eventReporter.configMaps "cmd-params-cm" "data") "redis.server" (include "codefresh-gitops-runtime.argocd.redis.url" . ) }} @@ -19,5 +19,5 @@ {{- $_ := set $cfArgoCdExtrasContext.Values.eventReporter.container.env "ARGOCD_SERVER_ROOTPATH" (index .Values "global" "external-argo-cd" "server" "rootpath") }} {{- end }} - {{- include "cf-argocd-extras.event-reporter.resources" $cfArgoCdExtrasContext }} {{- end }} +{{ include "cf-argocd-extras.event-reporter.resources" $cfArgoCdExtrasContext }} \ No newline at end of file diff --git a/charts/gitops-runtime/tests/cf-argocd-extras_test.yaml b/charts/gitops-runtime/tests/cf-argocd-extras_test.yaml index 80979628..f684e0d0 100644 --- a/charts/gitops-runtime/tests/cf-argocd-extras_test.yaml +++ b/charts/gitops-runtime/tests/cf-argocd-extras_test.yaml @@ -58,7 +58,7 @@ tests: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/component: sources-server - - it: New Event-Reporter should NOT be deployed with forked ArgoCD + - it: New Event-Reporter should be deployed with forked ArgoCD template: event-reporter.yaml values: - ./values/mandatory-values-ingress.yaml @@ -67,7 +67,20 @@ tests: kind: StatefulSet apiVersion: apps/v1 name: event-reporter - not: true + documentIndex: 4 + + - it: New Event-Reporter should be deployed with forked ArgoCD even if it's disabled in extras values + template: event-reporter.yaml + values: + - ./values/mandatory-values-ingress.yaml + set: + cf-argocd-extras.eventReporter.enabled: false + asserts: + - containsDocument: + kind: StatefulSet + apiVersion: apps/v1 + name: event-reporter + documentIndex: 4 - it: New Event-Reporter should be deployed with external OSS ArgoCD template: event-reporter.yaml diff --git a/charts/gitops-runtime/tests/forked-argocd_test.yaml b/charts/gitops-runtime/tests/forked-argocd_test.yaml new file mode 100644 index 00000000..88db129a --- /dev/null +++ b/charts/gitops-runtime/tests/forked-argocd_test.yaml @@ -0,0 +1,25 @@ +suite: forked argo-cd tests +templates: + - charts/argo-cd/* +tests: + - it: Should not have argo-cd-event-reporter in forked argo-cd + values: + - ./values/mandatory-values-ingress.yaml + asserts: + - containsDocument: + kind: StatefulSet + apiVersion: apps/v1 + name: argo-cd-event-reporter + not: true + - it: Should not have argo-cd-event-reporter in forked argo-cd even when it has old values + values: + - ./values/mandatory-values-ingress.yaml + set: + argo-cd.eventReporter.enabled: true + argo-cd.eventReporter.replicas: 2 + asserts: + - containsDocument: + kind: StatefulSet + apiVersion: apps/v1 + name: argo-cd-event-reporter + not: true diff --git a/charts/gitops-runtime/values.yaml b/charts/gitops-runtime/values.yaml index 9556d2a4..f22e6d8a 100644 --- a/charts/gitops-runtime/values.yaml +++ b/charts/gitops-runtime/values.yaml @@ -248,16 +248,6 @@ argo-cd: server.insecure: true application.namespaces: 'cf-*' - eventReporter: - # -- Installs new event reporter component to cluster - enabled: true - # -- Amount of shards to handle applications events - replicas: 3 - # -- Switches between old and new reporter version. - # Possible values: v1, v2. - # For v2 `argo-cd.eventReporter.enabled=true` is required - version: v2 - applicationVersioning: # -- Enable application versioning enabled: true @@ -725,6 +715,3 @@ gitops-operator: cf-argocd-extras: # -- Library mode for the chart. Allows to inject values from gitops runtime chart libraryMode: true - # -- Event reporter configuration - eventReporter: - enabled: true From 805550347ad036518da072277077982c8dfc37bb Mon Sep 17 00:00:00 2001 From: Andrii Shaforostov Date: Wed, 7 May 2025 18:29:29 +0300 Subject: [PATCH 41/49] feat: limits enforcement in runtime installation (#457) --- .../templates/hooks/pre-install/rbac.yaml | 45 +++++++++++++++++ .../hooks/pre-install/validate-usage.yaml | 50 +++++++++++++++++++ charts/gitops-runtime/values.yaml | 2 + installer-image/Dockerfile | 2 +- 4 files changed, 98 insertions(+), 1 deletion(-) create mode 100644 charts/gitops-runtime/templates/hooks/pre-install/validate-usage.yaml diff --git a/charts/gitops-runtime/templates/hooks/pre-install/rbac.yaml b/charts/gitops-runtime/templates/hooks/pre-install/rbac.yaml index 48f6eb77..60250770 100644 --- a/charts/gitops-runtime/templates/hooks/pre-install/rbac.yaml +++ b/charts/gitops-runtime/templates/hooks/pre-install/rbac.yaml @@ -41,3 +41,48 @@ metadata: helm.sh/hook-delete-policy: hook-succeeded,before-hook-creation,hook-failed helm.sh/hook-weight: "-10" {{- end }} + +{{- if not .Values.installer.skipUsageValidation }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: validate-usage-cr + annotations: + helm.sh/hook: pre-install + helm.sh/hook-delete-policy: hook-succeeded,before-hook-creation,hook-failed + helm.sh/hook-weight: "5" +rules: + - apiGroups: + - "" + resources: + - secrets + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: validate-usage-crb + annotations: + helm.sh/hook: pre-install + helm.sh/hook-delete-policy: hook-succeeded,before-hook-creation,hook-failed + helm.sh/hook-weight: "5" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: validate-usage-cr +subjects: + - kind: ServiceAccount + name: validate-usage-sa + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: validate-usage-sa + annotations: + helm.sh/hook: pre-install + helm.sh/hook-delete-policy: hook-succeeded,before-hook-creation,hook-failed + helm.sh/hook-weight: "5" +{{- end }} diff --git a/charts/gitops-runtime/templates/hooks/pre-install/validate-usage.yaml b/charts/gitops-runtime/templates/hooks/pre-install/validate-usage.yaml new file mode 100644 index 00000000..07541041 --- /dev/null +++ b/charts/gitops-runtime/templates/hooks/pre-install/validate-usage.yaml @@ -0,0 +1,50 @@ +{{- if not .Values.installer.skipUsageValidation }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: validate-usage-config + annotations: + helm.sh/hook: pre-install + helm.sh/hook-delete-policy: hook-succeeded,before-hook-creation,hook-failed + helm.sh/hook-weight: "5" +data: + values.yaml: | +{{ .Values | toYaml | indent 4 }} + +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: validate-usage + annotations: + helm.sh/hook: pre-install + helm.sh/hook-delete-policy: hook-succeeded,before-hook-creation + helm.sh/hook-weight: "10" +spec: + backoffLimit: 0 + ttlSecondsAfterFinished: 300 + template: + spec: + serviceAccountName: validate-usage-sa + restartPolicy: Never + containers: + - name: validate-usage + image: "{{ .Values.installer.image.repository }}:{{ .Values.installer.image.tag | default .Chart.Version }}" + imagePullPolicy: {{ .Values.installer.image.pullPolicy }} + env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + command: ["sh", "-c"] + args: + - | + cf account validate-usage --fail-condition=reached --subject=clusters --values /job_tmp/values.yaml --namespace ${NAMESPACE} --hook --log-level debug + volumeMounts: + - name: validate-usage-volume + mountPath: "/job_tmp" + volumes: + - name: validate-usage-volume + configMap: + name: validate-usage-config +{{- end }} diff --git a/charts/gitops-runtime/values.yaml b/charts/gitops-runtime/values.yaml index f22e6d8a..0b1a6228 100644 --- a/charts/gitops-runtime/values.yaml +++ b/charts/gitops-runtime/values.yaml @@ -177,6 +177,8 @@ global: installer: # -- if set to true, pre-install hook will *not* run skipValidation: false + # -- if set to true, pre-install hook will *not* run + skipUsageValidation: false image: repository: quay.io/codefresh/gitops-runtime-installer tag: "" diff --git a/installer-image/Dockerfile b/installer-image/Dockerfile index f164c094..edf4c290 100644 --- a/installer-image/Dockerfile +++ b/installer-image/Dockerfile @@ -8,7 +8,7 @@ FROM debian:12.10-slim RUN echo 'debconf debconf/frontend select Noninteractive' | debconf-set-selections -ARG CF_CLI_VERSION=v0.2.6 +ARG CF_CLI_VERSION=v0.2.7 ARG TARGETARCH RUN apt-get update && apt-get install curl jq -y From 3b6b92bad221a3ba40c965a6d32801f01add1502 Mon Sep 17 00:00:00 2001 From: mikhail-klimko Date: Mon, 12 May 2025 13:03:14 +0300 Subject: [PATCH 42/49] feat: global constraints (#469) --- charts/gitops-runtime/Chart.yaml | 12 +- .../cap-app-proxy/_deployment.yaml | 4 +- .../rollout-reporter/_event-source.yaml | 8 +- .../rollout-reporter/_sensor.yaml | 6 +- .../workflow-reporter/_event-source.yaml | 8 +- .../workflow-reporter/_sensor.yaml | 6 +- .../internal-router/_deployment.yaml | 6 +- .../app-proxy/_app-proxy-volumes.yaml | 4 +- .../templates/app-proxy/deployment.yaml | 1 + .../eventbus/codefresh-eventbus.yaml | 6 +- .../templates/gitops-operator.yaml | 31 - .../hooks/pre-install/validate-usage.yaml | 11 +- .../hooks/pre-install/validate-values.yaml | 11 +- .../pre-uninstall/cleanup-resources.yaml | 11 +- .../delete-runtime-from-platform.yaml | 12 +- charts/gitops-runtime/templates/ingress.yaml | 7 +- .../tests/external_argocd_test.yaml | 35 +- .../tests/gitops-controller-misc_test.yaml | 53 - .../tests/global_constraints_test.yaml | 1126 +++++++++++++++++ charts/gitops-runtime/tests/ingress_test.yaml | 13 + .../values/global-constraints-values.yaml | 9 + .../values/subcharts-constraints-values.yaml | 83 ++ charts/gitops-runtime/values.yaml | 36 +- 23 files changed, 1340 insertions(+), 159 deletions(-) create mode 100644 charts/gitops-runtime/tests/global_constraints_test.yaml create mode 100644 charts/gitops-runtime/tests/values/global-constraints-values.yaml create mode 100644 charts/gitops-runtime/tests/values/subcharts-constraints-values.yaml diff --git a/charts/gitops-runtime/Chart.yaml b/charts/gitops-runtime/Chart.yaml index 3b05593d..87b89d1f 100644 --- a/charts/gitops-runtime/Chart.yaml +++ b/charts/gitops-runtime/Chart.yaml @@ -20,28 +20,28 @@ dependencies: version: 7.8.23-3-cap-v2.14.9-2025-04-23-4de04dd8 - name: argo-events repository: https://codefresh-io.github.io/argo-helm - version: 2.4.7-1-cap-CR-28072 + version: 2.4.7-2-cap-CR-28072 - name: argo-workflows repository: https://codefresh-io.github.io/argo-helm - version: 0.45.2-v3.6.4-cap-CR-27392 + version: 0.45.4-v3.6.4-cap-CR-27392 condition: argo-workflows.enabled - name: argo-rollouts repository: https://codefresh-io.github.io/argo-helm - version: 2.37.3-3-v1.7.2-cap-CR-28008 + version: 2.37.3-4-v1.7.2-cap-CR-28008 condition: argo-rollouts.enabled - name: sealed-secrets repository: https://bitnami-labs.github.io/sealed-secrets/ version: 2.17.2 - name: codefresh-tunnel-client repository: oci://quay.io/codefresh/charts - version: 0.1.19 + version: 0.1.21 alias: tunnel-client condition: tunnel-client.enabled - name: codefresh-gitops-operator repository: oci://quay.io/codefresh/charts - version: 0.5.5 + version: 0.7.0 alias: gitops-operator condition: gitops-operator.enabled - name: cf-argocd-extras repository: oci://quay.io/codefresh/charts - version: 0.3.20 + version: 0.3.21 diff --git a/charts/gitops-runtime/templates/_components/cap-app-proxy/_deployment.yaml b/charts/gitops-runtime/templates/_components/cap-app-proxy/_deployment.yaml index fb31bb1e..617ac91a 100644 --- a/charts/gitops-runtime/templates/_components/cap-app-proxy/_deployment.yaml +++ b/charts/gitops-runtime/templates/_components/cap-app-proxy/_deployment.yaml @@ -84,7 +84,7 @@ spec: - mountPath: /app/config/all name: all-certs readOnly: true - {{- with .Values.nodeSelector }} + {{- with .Values.nodeSelector | default .Values.global.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} @@ -92,7 +92,7 @@ spec: affinity: {{- toYaml . | nindent 8}} {{- end }} - {{- with .Values.tolerations }} + {{- with .Values.tolerations | default .Values.global.tolerations}} tolerations: {{- toYaml . | nindent 6 }} {{- end }} diff --git a/charts/gitops-runtime/templates/_components/event-reporters/rollout-reporter/_event-source.yaml b/charts/gitops-runtime/templates/_components/event-reporters/rollout-reporter/_event-source.yaml index bb7dd8fe..b801e593 100644 --- a/charts/gitops-runtime/templates/_components/event-reporters/rollout-reporter/_event-source.yaml +++ b/charts/gitops-runtime/templates/_components/event-reporters/rollout-reporter/_event-source.yaml @@ -48,15 +48,15 @@ spec: {{- end }} serviceAccountName: {{ include "event-reporters.rollout-reporter.serviceAccountName" .}} tolerations: - {{- with .Values.rollout.eventSource.tolerations }} + {{- with .Values.rollout.eventSource.tolerations | default .Values.global.tolerations }} {{- . | toYaml | nindent 6 }} {{- end }} nodeSelector: - {{- with .Values.rollout.eventSource.nodeSelector }} + {{- with .Values.rollout.eventSource.nodeSelector | default .Values.global.nodeSelector }} {{- . | toYaml | nindent 6 }} {{- end }} affinity: - {{- with .Values.rollout.eventSource.affinity }} + {{- with .Values.affinity }} {{- . | toYaml | nindent 6 }} {{- end }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/gitops-runtime/templates/_components/event-reporters/rollout-reporter/_sensor.yaml b/charts/gitops-runtime/templates/_components/event-reporters/rollout-reporter/_sensor.yaml index 854d0823..6639b51b 100644 --- a/charts/gitops-runtime/templates/_components/event-reporters/rollout-reporter/_sensor.yaml +++ b/charts/gitops-runtime/templates/_components/event-reporters/rollout-reporter/_sensor.yaml @@ -28,15 +28,15 @@ spec: {{- . | toYaml | nindent 8 }} {{- end }} tolerations: - {{- with .Values.rollout.sensor.tolerations }} + {{- with .Values.rollout.sensor.tolerations | default .Values.global.tolerations }} {{- . | toYaml | nindent 6 }} {{- end }} nodeSelector: - {{- with .Values.rollout.sensor.nodeSelector }} + {{- with .Values.rollout.sensor.nodeSelector | default .Values.global.nodeSelector}} {{- . | toYaml | nindent 6 }} {{- end }} affinity: - {{- with .Values.rollout.sensor.affinity }} + {{- with .Values.affinity }} {{- . | toYaml | nindent 6 }} {{- end }} triggers: diff --git a/charts/gitops-runtime/templates/_components/event-reporters/workflow-reporter/_event-source.yaml b/charts/gitops-runtime/templates/_components/event-reporters/workflow-reporter/_event-source.yaml index b4a10f2f..c613bb39 100644 --- a/charts/gitops-runtime/templates/_components/event-reporters/workflow-reporter/_event-source.yaml +++ b/charts/gitops-runtime/templates/_components/event-reporters/workflow-reporter/_event-source.yaml @@ -29,15 +29,15 @@ spec: {{- end }} serviceAccountName: {{ include "event-reporters.workflow-reporter.serviceAccountName" .}} tolerations: - {{- with .Values.workflow.eventSource.tolerations }} + {{- with .Values.workflow.eventSource.tolerations | default .Values.global.tolerations }} {{- toYaml . | nindent 6 }} {{- end }} nodeSelector: - {{- with .Values.workflow.eventSource.nodeSelector }} + {{- with .Values.workflow.eventSource.nodeSelector | default .Values.global.nodeSelector }} {{- toYaml . | nindent 6 }} {{- end }} affinity: - {{- with .Values.workflow.eventSource.affinity }} + {{- with .Values.affinity }} {{- toYaml . | nindent 6 }} {{- end }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/gitops-runtime/templates/_components/event-reporters/workflow-reporter/_sensor.yaml b/charts/gitops-runtime/templates/_components/event-reporters/workflow-reporter/_sensor.yaml index 2699d20d..77f02f91 100644 --- a/charts/gitops-runtime/templates/_components/event-reporters/workflow-reporter/_sensor.yaml +++ b/charts/gitops-runtime/templates/_components/event-reporters/workflow-reporter/_sensor.yaml @@ -22,15 +22,15 @@ spec: {{- . | toYaml | nindent 8 }} {{- end }} tolerations: - {{- with .Values.workflow.sensor.tolerations }} + {{- with .Values.workflow.sensor.tolerations | default .Values.global.tolerations}} {{- . | toYaml | nindent 6 }} {{- end }} nodeSelector: - {{- with .Values.workflow.sensor.nodeSelector }} + {{- with .Values.workflow.sensor.nodeSelector | default .Values.global.nodeSelector }} {{- . | toYaml | nindent 6 }} {{- end }} affinity: - {{- with .Values.workflow.sensor.affinity }} + {{- with .Values.affinity }} {{- . | toYaml | nindent 6 }} {{- end }} triggers: diff --git a/charts/gitops-runtime/templates/_components/internal-router/_deployment.yaml b/charts/gitops-runtime/templates/_components/internal-router/_deployment.yaml index 9a1ad9ec..1c3cf853 100644 --- a/charts/gitops-runtime/templates/_components/internal-router/_deployment.yaml +++ b/charts/gitops-runtime/templates/_components/internal-router/_deployment.yaml @@ -70,7 +70,7 @@ spec: path: default.conf.template - name: log emptyDir: { } - {{- with .Values.nodeSelector }} + {{- with .Values.nodeSelector | default .Values.global.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} @@ -78,8 +78,8 @@ spec: affinity: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.tolerations }} + {{- with .Values.tolerations | default .Values.global.tolerations }} tolerations: {{- toYaml . | nindent 8 }} {{- end }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/gitops-runtime/templates/app-proxy/_app-proxy-volumes.yaml b/charts/gitops-runtime/templates/app-proxy/_app-proxy-volumes.yaml index d579e8ef..ae2eb82f 100644 --- a/charts/gitops-runtime/templates/app-proxy/_app-proxy-volumes.yaml +++ b/charts/gitops-runtime/templates/app-proxy/_app-proxy-volumes.yaml @@ -1,6 +1,6 @@ {{- define "codefresh-gitops-runtime.app-proxy.extra-volumes" }} extraVolumes: - {{- if or .Values.global.codefresh.tls.caCerts.secret.create .Values.global.codefresh.tls.caCerts.secretKeyRef}} + {{- if or .Values.global.codefresh.tls.caCerts.secret.create .Values.global.codefresh.tls.caCerts.secretKeyRef }} - name: codefresh-tls-certs secret: secretName: {{ .Values.global.codefresh.tls.caCerts.secret.create | ternary "codefresh-tls-certs" .Values.global.codefresh.tls.caCerts.secretKeyRef.name }} @@ -11,7 +11,7 @@ extraVolumes: {{- define "codefresh-gitops-runtime.app-proxy.init.extra-volume-mounts" }} extraVolumeMounts: - {{- if or .Values.global.codefresh.tls.caCerts.secret.create .Values.global.codefresh.tls.caCerts.secretKeyRef}} + {{- if or .Values.global.codefresh.tls.caCerts.secret.create .Values.global.codefresh.tls.caCerts.secretKeyRef }} - mountPath: /app/config/codefresh-tls-certs name: codefresh-tls-certs readOnly: true diff --git a/charts/gitops-runtime/templates/app-proxy/deployment.yaml b/charts/gitops-runtime/templates/app-proxy/deployment.yaml index b2af6253..0dab28dc 100644 --- a/charts/gitops-runtime/templates/app-proxy/deployment.yaml +++ b/charts/gitops-runtime/templates/app-proxy/deployment.yaml @@ -1,4 +1,5 @@ {{- $appProxyContext := deepCopy . }} + {{- $_ := set $appProxyContext "Values" (deepCopy (get .Values "app-proxy")) }} {{- $_ := set $appProxyContext.Values "global" (deepCopy (get .Values "global")) }} {{- $_ := set $appProxyContext.Values "argo-cd" (get .Values "argo-cd") }} diff --git a/charts/gitops-runtime/templates/eventbus/codefresh-eventbus.yaml b/charts/gitops-runtime/templates/eventbus/codefresh-eventbus.yaml index f1c28d12..571e578e 100644 --- a/charts/gitops-runtime/templates/eventbus/codefresh-eventbus.yaml +++ b/charts/gitops-runtime/templates/eventbus/codefresh-eventbus.yaml @@ -11,6 +11,10 @@ {{- if hasKey $eventBusSpec "annotations" }} {{- $eventBusSpec = unset $eventBusSpec "annotations" }} {{- end }} + +{{- $_ := set $eventBusSpec.nats.native "nodeSelector" ($eventBusSpec.nats.native.nodeSelector | default .Values.global.nodeSelector) }} +{{- $_ := set $eventBusSpec.nats.native "tolerations" ($eventBusSpec.nats.native.tolerations | default .Values.global.tolerations) }} + apiVersion: argoproj.io/v1alpha1 kind: EventBus metadata: @@ -21,4 +25,4 @@ metadata: app.kubernetes.io/part-of: argo-events codefresh.io/internal: "true" spec: - {{- $eventBusSpec | toYaml | nindent 2}} \ No newline at end of file + {{- $eventBusSpec | toYaml | nindent 2}} diff --git a/charts/gitops-runtime/templates/gitops-operator.yaml b/charts/gitops-runtime/templates/gitops-operator.yaml index 556edeae..564b4ac2 100644 --- a/charts/gitops-runtime/templates/gitops-operator.yaml +++ b/charts/gitops-runtime/templates/gitops-operator.yaml @@ -3,33 +3,6 @@ {{- if index (get .Values "gitops-operator") "libraryMode" }} {{- $gitopsOperatorContext := (deepCopy (index .Subcharts "gitops-operator"))}} - {{- if and (index .Subcharts "argo-cd") }} - - {{- $argoCDImageDict := index .Subcharts "argo-cd" "Values" "global" "image" }} - {{- if not $argoCDImageDict.tag }} - {{- $_ := set $argoCDImageDict "tag" (get .Subcharts "argo-cd").Chart.AppVersion }} - {{- end }} - - {{/* Set ArgoCD image */}} - {{- if not (index .Values "gitops-operator" "argoCdNotifications" "imageOverride") }} - {{- $_ := set $gitopsOperatorContext.Values.argoCdNotifications.image "repository" $argoCDImageDict.repository }} - {{- $_ := set $gitopsOperatorContext.Values.argoCdNotifications.image "tag" $argoCDImageDict.tag }} - {{- end }} - - {{- else if and (index .Values "global" "external-argo-cd" "server" "image") }} - - {{ $argoCDImageDict := (index .Values "global" "external-argo-cd" "server" "image") }} - - {{/* Set ArgoCD image */}} - {{- if not (index .Values "gitops-operator" "argoCdNotifications" "imageOverride") }} - {{- $_ := set $gitopsOperatorContext.Values.argoCdNotifications.image "repository" (required "ArgoCD is not enabled and .Values.global.external-argo-cd.server.image is not set" $argoCDImageDict.repository) }} - {{- $_ := set $gitopsOperatorContext.Values.argoCdNotifications.image "tag" (required "ArgoCD is not enabled and .Values.global.external-argo-cd.server.tag is not set" $argoCDImageDict.tag) }} - {{- end }} - - {{- else }} - {{- fail "ArgoCD is not enabled and .Values.global.external-argo-cd.server.image is not set" }} - {{- end }} - {{- if and (not (index .Values "argo-cd" "enabled")) }} {{- if and (eq (index .Values "global" "external-argo-cd" "auth" "type") "token") }} @@ -45,10 +18,6 @@ {{- end }} {{- end }} - {{/* Set repo server service and port */}} - {{- $_ := set $gitopsOperatorContext.Values.argoCdNotifications.argocd.repoServer "fullname" (include "codefresh-gitops-runtime.argocd.reposerver.servicename" . ) }} - {{- $_ := set $gitopsOperatorContext.Values.argoCdNotifications.argocd.repoServer "port" (include "codefresh-gitops-runtime.argocd.reposerver.serviceport" . ) }} - {{/* Set argo-cd-server service and port */}} {{ if not (index .Values "gitops-operator").env.ARGO_CD_URL }} {{- $_ := set $gitopsOperatorContext.Values.env "ARGO_CD_URL" (include "codefresh-gitops-runtime.argocd.server.no-protocol-url" . ) }} diff --git a/charts/gitops-runtime/templates/hooks/pre-install/validate-usage.yaml b/charts/gitops-runtime/templates/hooks/pre-install/validate-usage.yaml index 07541041..d36ca73c 100644 --- a/charts/gitops-runtime/templates/hooks/pre-install/validate-usage.yaml +++ b/charts/gitops-runtime/templates/hooks/pre-install/validate-usage.yaml @@ -37,7 +37,7 @@ spec: fieldRef: fieldPath: metadata.namespace command: ["sh", "-c"] - args: + args: - | cf account validate-usage --fail-condition=reached --subject=clusters --values /job_tmp/values.yaml --namespace ${NAMESPACE} --hook --log-level debug volumeMounts: @@ -47,4 +47,13 @@ spec: - name: validate-usage-volume configMap: name: validate-usage-config + {{- with .Values.installer.nodeSelector | default .Values.global.nodeSelector }} + nodeSelector: {{ toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.installer.tolerations | default .Values.global.tolerations}} + tolerations: {{ toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.installer.affinity }} + affinity: {{ toYaml . | nindent 8 }} + {{- end }} {{- end }} diff --git a/charts/gitops-runtime/templates/hooks/pre-install/validate-values.yaml b/charts/gitops-runtime/templates/hooks/pre-install/validate-values.yaml index 9b86b81e..02be159f 100644 --- a/charts/gitops-runtime/templates/hooks/pre-install/validate-values.yaml +++ b/charts/gitops-runtime/templates/hooks/pre-install/validate-values.yaml @@ -174,5 +174,14 @@ spec: volumes: - name: customized-values configMap: - name: validate-values-config + name: validate-values-config + {{- with .Values.installer.nodeSelector | default .Values.global.nodeSelector }} + nodeSelector: {{ toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.installer.tolerations | default .Values.global.tolerations}} + tolerations: {{ toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.installer.affinity }} + affinity: {{ toYaml . | nindent 8 }} + {{- end }} {{- end }} diff --git a/charts/gitops-runtime/templates/hooks/pre-uninstall/cleanup-resources.yaml b/charts/gitops-runtime/templates/hooks/pre-uninstall/cleanup-resources.yaml index db166d89..d2de2387 100644 --- a/charts/gitops-runtime/templates/hooks/pre-uninstall/cleanup-resources.yaml +++ b/charts/gitops-runtime/templates/hooks/pre-uninstall/cleanup-resources.yaml @@ -16,9 +16,18 @@ spec: image: "{{ .Values.installer.image.repository }}:{{ .Values.installer.image.tag | default .Chart.Version }}" imagePullPolicy: {{ .Values.installer.image.pullPolicy }} command: ["sh", "-c"] - args: + args: - | kubectl patch EventBus $(kubectl get eventbus -l codefresh.io/internal=true | awk 'NR>1{print $1}' | xargs) -p '{"metadata":{"finalizers":null}}' --type=merge && \ kubectl patch Eventsource $(kubectl get EventSource -l codefresh.io/internal=true | awk 'NR>1{print $1}' | xargs) -p '{"metadata":{"finalizers":null}}' --type=merge && \ kubectl patch Sensor $(kubectl get Sensor -l codefresh.io/internal=true | awk 'NR>1{print $1}' | xargs) -p '{"metadata":{"finalizers":null}}' --type=merge ; return 0 + {{- with .Values.installer.nodeSelector | default .Values.global.nodeSelector }} + nodeSelector: {{ toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.installer.tolerations | default .Values.global.tolerations}} + tolerations: {{ toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.installer.affinity }} + affinity: {{ toYaml . | nindent 8 }} + {{- end }} diff --git a/charts/gitops-runtime/templates/hooks/pre-uninstall/delete-runtime-from-platform.yaml b/charts/gitops-runtime/templates/hooks/pre-uninstall/delete-runtime-from-platform.yaml index 5085594b..5d076ddb 100644 --- a/charts/gitops-runtime/templates/hooks/pre-uninstall/delete-runtime-from-platform.yaml +++ b/charts/gitops-runtime/templates/hooks/pre-uninstall/delete-runtime-from-platform.yaml @@ -4,6 +4,7 @@ {{- $customCASecretName = .Values.global.codefresh.tls.caCerts.secret.create | ternary "codefresh-tls-certs" .Values.global.codefresh.tls.caCerts.secretKeyRef.name }} {{- $customCASecretKey = .Values.global.codefresh.tls.caCerts.secret.create | ternary (default "ca-bundle.crt" .Values.global.codefresh.tls.caCerts.secret.key) .Values.global.codefresh.tls.caCerts.secretKeyRef.key }} {{- end }} +--- apiVersion: batch/v1 kind: Job metadata: @@ -38,7 +39,7 @@ spec: readOnly: true {{- end }} command: ["sh", "-c"] - args: + args: - | if [ ! -z "$USER_TOKEN" ]; then curl ${PLATFORM_URL}/2.0/api/graphql -H "Authorization: ${USER_TOKEN}" -H "Content-Type: application/json" -d "{\"query\": \"mutation deleteRuntime(\$name: String"'!'") {\n deleteRuntime(name: \$name) }\",\"variables\": {\"name\": \"${RUNTIME_NAME}\"}}" @@ -54,3 +55,12 @@ spec: defaultMode: 420 optional: true {{- end }} + {{- with .Values.installer.nodeSelector | default .Values.global.nodeSelector }} + nodeSelector: {{ toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.installer.tolerations | default .Values.global.tolerations}} + tolerations: {{ toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.installer.affinity }} + affinity: {{ toYaml . | nindent 8 }} + {{- end }} diff --git a/charts/gitops-runtime/templates/ingress.yaml b/charts/gitops-runtime/templates/ingress.yaml index aae8ecd9..e60ffcc4 100644 --- a/charts/gitops-runtime/templates/ingress.yaml +++ b/charts/gitops-runtime/templates/ingress.yaml @@ -18,6 +18,9 @@ metadata: name: codefresh-gitops-runtime labels: {{- include "codefresh-gitops-runtime.labels" . | nindent 4 }} + {{- with .Values.global.runtime.ingress.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} {{- with .Values.global.runtime.ingress.annotations }} annotations: {{- toYaml . | nindent 4 }} @@ -63,6 +66,6 @@ spec: port: number: 80 path: /app-proxy - pathType: Prefix + pathType: Prefix {{- end }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/gitops-runtime/tests/external_argocd_test.yaml b/charts/gitops-runtime/tests/external_argocd_test.yaml index 1ad172dc..71084413 100644 --- a/charts/gitops-runtime/tests/external_argocd_test.yaml +++ b/charts/gitops-runtime/tests/external_argocd_test.yaml @@ -29,7 +29,7 @@ tests: - equal: path: data.argoCdUsername value: admin - + - it: app-proxy ConfigMap should have valid ArgoCd Username with override values: - ./values/mandatory-values-ingress.yaml @@ -226,7 +226,7 @@ tests: content: name: ARGO_CD_TOKEN_SECRET_NAME value: argocd-token - + - it: gitops-operator Deployment should have valid default ARGO_CD_TOKEN_SECRET_KEY env var values: - ./values/mandatory-values-ingress.yaml @@ -257,35 +257,6 @@ tests: name: ARGO_CD_URL value: my-argocd-server:80 - - it: gitops-operator Deployment should have a valid --argocd-repo-server arg set in notifications container - values: - - ./values/mandatory-values-ingress.yaml - - ./values/external-argocd-values.yaml - template: gitops-operator.yaml - documentSelector: - path: kind - value: Deployment - asserts: - - contains: - path: spec.template.spec.containers[1].args - content: - --argocd-repo-server=my-argocd-repo-server:8081 - - - it: gitops-operator Deployment should have a valid image set in notifications container - values: - - ./values/mandatory-values-ingress.yaml - - ./values/external-argocd-values.yaml - template: gitops-operator.yaml - documentSelector: - path: kind - value: Deployment - set: - global.external-argo-cd.server.image.tag: v1.2.3 - asserts: - - equal: - path: spec.template.spec.containers[1].image - value: quay.io/argoproj/argocd:v1.2.3 - - it: event-reporter ConfigMap should have valid ArgoCd URL template: event-reporter.yaml documentSelector: @@ -676,7 +647,7 @@ tests: - equal: path: data.argoCdUrl value: http://my-argocd-server/argocd - + - it: gitops-operator Deployment should have valid ARGO_CD_URL env var with rootpath suffix template: gitops-operator.yaml documentSelector: diff --git a/charts/gitops-runtime/tests/gitops-controller-misc_test.yaml b/charts/gitops-runtime/tests/gitops-controller-misc_test.yaml index 4b42d236..87677f82 100644 --- a/charts/gitops-runtime/tests/gitops-controller-misc_test.yaml +++ b/charts/gitops-runtime/tests/gitops-controller-misc_test.yaml @@ -274,30 +274,6 @@ tests: name: leader-election any: true -- it: argocd and workflows overrides for notifications controller - template: gitops-operator.yaml - documentSelector: - path: kind - value: Deployment - values: - - ./values/mandatory-values.yaml - set: - argo-cd.global.image: - repository: "argocd/test" - tag: "test" - argo-cd.fullnameOverride: myargocd - argo-cd.repoServer.service.port: 9080 - argo-workflows.enabled: true - argo-workflows.fullnameOverride: argo-test - argo-workflows.server.secure: false - asserts: - - equal: - path: spec.template.spec.containers[1].image - value: argocd/test:test - - contains: - path: spec.template.spec.containers[1].args - content: --argocd-repo-server=myargocd-repo-server:9080 - - it: argocd and workflows overrides for manager template: gitops-operator.yaml documentSelector: @@ -324,35 +300,6 @@ tests: name: ARGO_CD_URL value: myargocd-server:80/some-path -- it: contains all resources for notifications controller - template: gitops-operator.yaml - values: - - ./values/mandatory-values.yaml - set: - gitops-operator.argoCdNotifications.cm.name: "test-notifications-cm" - gitops-operator.argoCdNotifications.secret.name: "test-notifications-secret" - asserts: - - containsDocument: - kind: ConfigMap - apiVersion: v1 - name: test-notifications-cm - any: true - - containsDocument: - kind: Secret - apiVersion: v1 - name: test-notifications-secret - any: true - - containsDocument: - kind: ClusterRole - apiVersion: rbac.authorization.k8s.io/v1 - name: codefresh-gitops-operator-notifications - any: true - - containsDocument: - kind: ClusterRoleBinding - apiVersion: rbac.authorization.k8s.io/v1 - name: codefresh-gitops-operator-notifications - any: true - - it: uses explicit ARGO_CD_URL instead of value defined by argo-cd settings template: gitops-operator.yaml documentSelector: diff --git a/charts/gitops-runtime/tests/global_constraints_test.yaml b/charts/gitops-runtime/tests/global_constraints_test.yaml new file mode 100644 index 00000000..dccede4a --- /dev/null +++ b/charts/gitops-runtime/tests/global_constraints_test.yaml @@ -0,0 +1,1126 @@ +suite: Test global constraints (nodeSelector, tolerations) +templates: + - app-proxy/deployment.yaml + - sources-server.yaml + - event-reporter.yaml + - gitops-operator.yaml + - tunnel-client.yaml + - charts/cf-argocd-extras/* + - charts/gitops-operator/* + - charts/codefresh-tunnel-client/* + - internal-router/deployment.yaml + - event-reporters/rollout-reporter/eventsource.yaml + - event-reporters/rollout-reporter/sensor.yaml + - event-reporters/workflow-reporter/eventsource.yaml + - event-reporters/workflow-reporter/sensor.yaml + - eventbus/codefresh-eventbus.yaml + - hooks/pre-install/validate-values.yaml + - hooks/pre-install/validate-usage.yaml + - hooks/pre-uninstall/cleanup-resources.yaml + - hooks/pre-uninstall/delete-runtime-from-platform.yaml + - charts/argo-events/* + - charts/argo-rollouts/* + - charts/argo-workflows/* +values: + - ./values/mandatory-values.yaml +tests: + - it: cap-app-proxy should have nodeSelector from .Values.global + values: + - ./values/global-constraints-values.yaml + template: app-proxy/deployment.yaml + asserts: + - equal: + path: spec.template.spec.nodeSelector + value: + some-key: some-value + extra-key: extra-value + + - it: cap-app-proxy should have nodeSelector from .Values.app-proxy and NOT from .Values.global + values: + - ./values/global-constraints-values.yaml + - ./values/subcharts-constraints-values.yaml + template: app-proxy/deployment.yaml + asserts: + - equal: + path: spec.template.spec.nodeSelector + value: + some-key: another-value + foo: bar + + - it: cap-app-proxy should have tolerations from .Values.global + values: + - ./values/global-constraints-values.yaml + template: app-proxy/deployment.yaml + asserts: + - equal: + path: spec.template.spec.tolerations + value: + - key: some-key + operator: Equal + value: some-value + effect: NoSchedule + + - it: cap-app-proxy should have tolerations from .Values.app-proxy and NOT from .Values.global + values: + - ./values/global-constraints-values.yaml + - ./values/subcharts-constraints-values.yaml + template: app-proxy/deployment.yaml + asserts: + - equal: + path: spec.template.spec.tolerations + value: + - key: another-key + operator: Equal + value: another-value + effect: NoSchedule + + - it: internal-router should have nodeSelector from .Values.global + values: + - ./values/global-constraints-values.yaml + template: internal-router/deployment.yaml + asserts: + - equal: + path: spec.template.spec.nodeSelector + value: + some-key: some-value + extra-key: extra-value + + - it: internal-router should have nodeSelector from .Values.internal-router and NOT from .Values.global + values: + - ./values/global-constraints-values.yaml + - ./values/subcharts-constraints-values.yaml + template: internal-router/deployment.yaml + asserts: + - equal: + path: spec.template.spec.nodeSelector + value: + some-key: another-value + foo: bar + + - it: internal-router should have tolerations from .Values.global + values: + - ./values/global-constraints-values.yaml + template: internal-router/deployment.yaml + asserts: + - equal: + path: spec.template.spec.tolerations + value: + - key: some-key + operator: Equal + value: some-value + effect: NoSchedule + + - it: internal-router should have tolerations from .Values.internal-router and NOT from .Values.global + values: + - ./values/global-constraints-values.yaml + - ./values/subcharts-constraints-values.yaml + template: internal-router/deployment.yaml + asserts: + - equal: + path: spec.template.spec.tolerations + value: + - key: another-key + operator: Equal + value: another-value + effect: NoSchedule + + - it: rollout-reporter eventsource should have nodeSelector from .Values.global + values: + - ./values/global-constraints-values.yaml + template: event-reporters/rollout-reporter/eventsource.yaml + asserts: + - equal: + path: spec.template.nodeSelector + value: + some-key: some-value + extra-key: extra-value + + - it: rollout-reporter eventsource should have nodeSelector from .Values.event-reporters and NOT from .Values.global + values: + - ./values/global-constraints-values.yaml + - ./values/subcharts-constraints-values.yaml + template: event-reporters/rollout-reporter/eventsource.yaml + asserts: + - equal: + path: spec.template.nodeSelector + value: + some-key: another-value + foo: bar + + - it: rollout-reporter eventsource should have tolerations from .Values.global + values: + - ./values/global-constraints-values.yaml + template: event-reporters/rollout-reporter/eventsource.yaml + asserts: + - equal: + path: spec.template.tolerations + value: + - key: some-key + operator: Equal + value: some-value + effect: NoSchedule + + - it: rollout-reporter eventsource should have tolerations from .Values.event-reporters and NOT from .Values.global + values: + - ./values/global-constraints-values.yaml + - ./values/subcharts-constraints-values.yaml + template: event-reporters/rollout-reporter/eventsource.yaml + asserts: + - equal: + path: spec.template.tolerations + value: + - key: another-key + operator: Equal + value: another-value + effect: NoSchedule + + - it: rollout-reporter sensor should have nodeSelector from .Values.global + values: + - ./values/global-constraints-values.yaml + template: event-reporters/rollout-reporter/sensor.yaml + asserts: + - equal: + path: spec.template.nodeSelector + value: + some-key: some-value + extra-key: extra-value + + - it: rollout-reporter sensor should have nodeSelector from .Values.event-reporters and NOT from .Values.global + values: + - ./values/global-constraints-values.yaml + - ./values/subcharts-constraints-values.yaml + template: event-reporters/rollout-reporter/sensor.yaml + asserts: + - equal: + path: spec.template.nodeSelector + value: + some-key: another-value + foo: bar + + - it: rollout-reporter sensor should have tolerations from .Values.global + values: + - ./values/global-constraints-values.yaml + template: event-reporters/rollout-reporter/sensor.yaml + asserts: + - equal: + path: spec.template.tolerations + value: + - key: some-key + operator: Equal + value: some-value + effect: NoSchedule + + - it: rollout-reporter sensor should have tolerations from .Values.event-reporters and NOT from .Values.global + values: + - ./values/global-constraints-values.yaml + - ./values/subcharts-constraints-values.yaml + template: event-reporters/rollout-reporter/sensor.yaml + asserts: + - equal: + path: spec.template.tolerations + value: + - key: another-key + operator: Equal + value: another-value + effect: NoSchedule + + - it: workflow-reporter eventsource should have nodeSelector from .Values.global + values: + - ./values/global-constraints-values.yaml + template: event-reporters/workflow-reporter/eventsource.yaml + asserts: + - equal: + path: spec.template.nodeSelector + value: + some-key: some-value + extra-key: extra-value + + - it: workflow-reporter eventsource should have nodeSelector from .Values.event-reporters and NOT from .Values.global + values: + - ./values/global-constraints-values.yaml + - ./values/subcharts-constraints-values.yaml + template: event-reporters/workflow-reporter/eventsource.yaml + asserts: + - equal: + path: spec.template.nodeSelector + value: + some-key: another-value + foo: bar + + - it: workflow-reporter eventsource should have tolerations from .Values.global + values: + - ./values/global-constraints-values.yaml + template: event-reporters/workflow-reporter/eventsource.yaml + asserts: + - equal: + path: spec.template.tolerations + value: + - key: some-key + operator: Equal + value: some-value + effect: NoSchedule + + - it: workflow-reporter eventsource should have tolerations from .Values.event-reporters and NOT from .Values.global + values: + - ./values/global-constraints-values.yaml + - ./values/subcharts-constraints-values.yaml + template: event-reporters/workflow-reporter/eventsource.yaml + asserts: + - equal: + path: spec.template.tolerations + value: + - key: another-key + operator: Equal + value: another-value + effect: NoSchedule + + - it: workflow-reporter sensor should have nodeSelector from .Values.global + values: + - ./values/global-constraints-values.yaml + template: event-reporters/workflow-reporter/sensor.yaml + asserts: + - equal: + path: spec.template.nodeSelector + value: + some-key: some-value + extra-key: extra-value + + - it: workflow-reporter sensor should have nodeSelector from .Values.event-reporters and NOT from .Values.global + values: + - ./values/global-constraints-values.yaml + - ./values/subcharts-constraints-values.yaml + template: event-reporters/workflow-reporter/sensor.yaml + asserts: + - equal: + path: spec.template.nodeSelector + value: + some-key: another-value + foo: bar + + - it: workflow-reporter sensor should have tolerations from .Values.global + values: + - ./values/global-constraints-values.yaml + template: event-reporters/workflow-reporter/sensor.yaml + asserts: + - equal: + path: spec.template.tolerations + value: + - key: some-key + operator: Equal + value: some-value + effect: NoSchedule + + - it: workflow-reporter sensor should have tolerations from .Values.event-reporters and NOT from .Values.global + values: + - ./values/global-constraints-values.yaml + - ./values/subcharts-constraints-values.yaml + template: event-reporters/workflow-reporter/sensor.yaml + asserts: + - equal: + path: spec.template.tolerations + value: + - key: another-key + operator: Equal + value: another-value + effect: NoSchedule + + - it: codefresh-eventbus should have nodeSelector from .Values.global + values: + - ./values/global-constraints-values.yaml + template: eventbus/codefresh-eventbus.yaml + asserts: + - equal: + path: spec.nats.native.nodeSelector + value: + some-key: some-value + extra-key: extra-value + + - it: codefresh-eventbus should have nodeSelector from .Values.eventbus and NOT from .Values.global + values: + - ./values/global-constraints-values.yaml + - ./values/subcharts-constraints-values.yaml + template: eventbus/codefresh-eventbus.yaml + asserts: + - equal: + path: spec.nats.native.nodeSelector + value: + some-key: another-value + foo: bar + + - it: codefresh-eventbus should have tolerations from .Values.global + values: + - ./values/global-constraints-values.yaml + template: eventbus/codefresh-eventbus.yaml + asserts: + - equal: + path: spec.nats.native.tolerations + value: + - key: some-key + operator: Equal + value: some-value + effect: NoSchedule + + - it: codefresh-eventbus should have tolerations from .Values.eventbus and NOT from .Values.global + values: + - ./values/global-constraints-values.yaml + - ./values/subcharts-constraints-values.yaml + template: eventbus/codefresh-eventbus.yaml + asserts: + - equal: + path: spec.nats.native.tolerations + value: + - key: another-key + operator: Equal + value: another-value + effect: NoSchedule + + - it: validate-values job should have nodeSelector from .Values.global + values: + - ./values/global-constraints-values.yaml + template: hooks/pre-install/validate-values.yaml + documentSelector: + path: kind + value: Job + asserts: + - equal: + path: spec.template.spec.nodeSelector + value: + some-key: some-value + extra-key: extra-value + + - it: validate-values job should have nodeSelector from .Values.installer and NOT from .Values.global + values: + - ./values/global-constraints-values.yaml + - ./values/subcharts-constraints-values.yaml + template: hooks/pre-install/validate-values.yaml + documentSelector: + path: kind + value: Job + asserts: + - equal: + path: spec.template.spec.nodeSelector + value: + some-key: another-value + foo: bar + + - it: validate-values job should have tolerations from .Values.global + values: + - ./values/global-constraints-values.yaml + template: hooks/pre-install/validate-values.yaml + documentSelector: + path: kind + value: Job + asserts: + - equal: + path: spec.template.spec.tolerations + value: + - key: some-key + operator: Equal + value: some-value + effect: NoSchedule + + - it: validate-values job should have tolerations from .Values.installer and NOT from .Values.global + values: + - ./values/global-constraints-values.yaml + - ./values/subcharts-constraints-values.yaml + template: hooks/pre-install/validate-values.yaml + documentSelector: + path: kind + value: Job + asserts: + - equal: + path: spec.template.spec.tolerations + value: + - key: another-key + operator: Equal + value: another-value + effect: NoSchedule + + - it: validate-usage job should have nodeSelector from .Values.global + values: + - ./values/global-constraints-values.yaml + template: hooks/pre-install/validate-usage.yaml + documentSelector: + path: kind + value: Job + asserts: + - equal: + path: spec.template.spec.nodeSelector + value: + some-key: some-value + extra-key: extra-value + + - it: validate-usage job should have nodeSelector from .Values.installer and NOT from .Values.global + values: + - ./values/global-constraints-values.yaml + - ./values/subcharts-constraints-values.yaml + template: hooks/pre-install/validate-usage.yaml + documentSelector: + path: kind + value: Job + asserts: + - equal: + path: spec.template.spec.nodeSelector + value: + some-key: another-value + foo: bar + + - it: validate-usage job should have tolerations from .Values.global + values: + - ./values/global-constraints-values.yaml + template: hooks/pre-install/validate-usage.yaml + documentSelector: + path: kind + value: Job + asserts: + - equal: + path: spec.template.spec.tolerations + value: + - key: some-key + operator: Equal + value: some-value + effect: NoSchedule + + - it: validate-usage job should have tolerations from .Values.installer and NOT from .Values.global + values: + - ./values/global-constraints-values.yaml + - ./values/subcharts-constraints-values.yaml + template: hooks/pre-install/validate-usage.yaml + documentSelector: + path: kind + value: Job + asserts: + - equal: + path: spec.template.spec.tolerations + value: + - key: another-key + operator: Equal + value: another-value + effect: NoSchedule + + + - it: cleanup-resources job should have nodeSelector from .Values.global + values: + - ./values/global-constraints-values.yaml + template: hooks/pre-uninstall/cleanup-resources.yaml + documentSelector: + path: kind + value: Job + asserts: + - equal: + path: spec.template.spec.nodeSelector + value: + some-key: some-value + extra-key: extra-value + + - it: cleanup-resources job should have nodeSelector from .Values.installer and NOT from .Values.global + values: + - ./values/global-constraints-values.yaml + - ./values/subcharts-constraints-values.yaml + template: hooks/pre-uninstall/cleanup-resources.yaml + documentSelector: + path: kind + value: Job + asserts: + - equal: + path: spec.template.spec.nodeSelector + value: + some-key: another-value + foo: bar + + - it: cleanup-resources job should have tolerations from .Values.global + values: + - ./values/global-constraints-values.yaml + template: hooks/pre-uninstall/cleanup-resources.yaml + documentSelector: + path: kind + value: Job + asserts: + - equal: + path: spec.template.spec.tolerations + value: + - key: some-key + operator: Equal + value: some-value + effect: NoSchedule + + - it: cleanup-resources job should have tolerations from .Values.installer and NOT from .Values.global + values: + - ./values/global-constraints-values.yaml + - ./values/subcharts-constraints-values.yaml + template: hooks/pre-uninstall/cleanup-resources.yaml + documentSelector: + path: kind + value: Job + asserts: + - equal: + path: spec.template.spec.tolerations + value: + - key: another-key + operator: Equal + value: another-value + effect: NoSchedule + + - it: delete-runtime-from-platform job should have nodeSelector from .Values.global + values: + - ./values/global-constraints-values.yaml + template: hooks/pre-uninstall/delete-runtime-from-platform.yaml + documentSelector: + path: kind + value: Job + asserts: + - equal: + path: spec.template.spec.nodeSelector + value: + some-key: some-value + extra-key: extra-value + + - it: delete-runtime-from-platform job should have nodeSelector from .Values.installer and NOT from .Values.global + values: + - ./values/global-constraints-values.yaml + - ./values/subcharts-constraints-values.yaml + template: hooks/pre-uninstall/delete-runtime-from-platform.yaml + documentSelector: + path: kind + value: Job + asserts: + - equal: + path: spec.template.spec.nodeSelector + value: + some-key: another-value + foo: bar + + - it: delete-runtime-from-platform job should have tolerations from .Values.global + values: + - ./values/global-constraints-values.yaml + template: hooks/pre-uninstall/delete-runtime-from-platform.yaml + documentSelector: + path: kind + value: Job + asserts: + - equal: + path: spec.template.spec.tolerations + value: + - key: some-key + operator: Equal + value: some-value + effect: NoSchedule + + - it: delete-runtime-from-platform job should have tolerations from .Values.installer and NOT from .Values.global + values: + - ./values/global-constraints-values.yaml + - ./values/subcharts-constraints-values.yaml + template: hooks/pre-uninstall/delete-runtime-from-platform.yaml + documentSelector: + path: kind + value: Job + asserts: + - equal: + path: spec.template.spec.tolerations + value: + - key: another-key + operator: Equal + value: another-value + effect: NoSchedule + + - it: sources-server should have nodeSelector from .Values.global + values: + - ./values/global-constraints-values.yaml + template: sources-server.yaml + documentSelector: + path: kind + value: Deployment + asserts: + - equal: + path: spec.template.spec.nodeSelector + value: + some-key: some-value + extra-key: extra-value + + - it: sources-server should have nodeSelector from and .Values.sources-server and NOT from .Values.global + values: + - ./values/global-constraints-values.yaml + - ./values/subcharts-constraints-values.yaml + template: sources-server.yaml + documentSelector: + path: kind + value: Deployment + asserts: + - equal: + path: spec.template.spec.nodeSelector + value: + some-key: another-value + foo: bar + + - it: sources-server should have tolerations from .Values.global + values: + - ./values/global-constraints-values.yaml + template: sources-server.yaml + documentSelector: + path: kind + value: Deployment + asserts: + - equal: + path: spec.template.spec.tolerations + value: + - key: some-key + operator: Equal + value: some-value + effect: NoSchedule + + - it: sources-server should have tolerations from .Values.sources-server and NOT from .Values.global + values: + - ./values/global-constraints-values.yaml + - ./values/subcharts-constraints-values.yaml + template: sources-server.yaml + documentSelector: + path: kind + value: Deployment + asserts: + - equal: + path: spec.template.spec.tolerations + value: + - key: another-key + operator: Equal + value: another-value + effect: NoSchedule + + - it: event-reporter should have nodeSelector from .Values.global + values: + - ./values/global-constraints-values.yaml + - ./values/external-argocd-values.yaml + template: event-reporter.yaml + documentSelector: + path: kind + value: StatefulSet + asserts: + - equal: + path: spec.template.spec.nodeSelector + value: + some-key: some-value + extra-key: extra-value + + - it: event-reporter should have nodeSelector from and .Values.event-reporter and NOT from .Values.global + values: + - ./values/global-constraints-values.yaml + - ./values/subcharts-constraints-values.yaml + - ./values/external-argocd-values.yaml + template: event-reporter.yaml + documentSelector: + path: kind + value: StatefulSet + asserts: + - equal: + path: spec.template.spec.nodeSelector + value: + some-key: another-value + foo: bar + + - it: event-reporter should have tolerations from .Values.global + values: + - ./values/global-constraints-values.yaml + - ./values/external-argocd-values.yaml + template: event-reporter.yaml + documentSelector: + path: kind + value: StatefulSet + asserts: + - equal: + path: spec.template.spec.tolerations + value: + - key: some-key + operator: Equal + value: some-value + effect: NoSchedule + + - it: event-reporter should have tolerations from .Values.event-reporter and NOT from .Values.global + values: + - ./values/global-constraints-values.yaml + - ./values/subcharts-constraints-values.yaml + - ./values/external-argocd-values.yaml + template: event-reporter.yaml + documentSelector: + path: kind + value: StatefulSet + asserts: + - equal: + path: spec.template.spec.tolerations + value: + - key: another-key + operator: Equal + value: another-value + effect: NoSchedule + + - it: gitops-operator should have nodeSelector from .Values.global + values: + - ./values/global-constraints-values.yaml + template: gitops-operator.yaml + documentSelector: + path: kind + value: Deployment + asserts: + - equal: + path: spec.template.spec.nodeSelector + value: + some-key: some-value + extra-key: extra-value + + - it: gitops-operator should have nodeSelector from and .Values.gitops-operator and NOT from .Values.global + values: + - ./values/global-constraints-values.yaml + - ./values/subcharts-constraints-values.yaml + template: gitops-operator.yaml + documentSelector: + path: kind + value: Deployment + asserts: + - equal: + path: spec.template.spec.nodeSelector + value: + some-key: another-value + foo: bar + + - it: gitops-operator should have tolerations from .Values.global + values: + - ./values/global-constraints-values.yaml + template: gitops-operator.yaml + documentSelector: + path: kind + value: Deployment + asserts: + - equal: + path: spec.template.spec.tolerations + value: + - key: some-key + operator: Equal + value: some-value + effect: NoSchedule + + - it: gitops-operator should have tolerations from .Values.gitops-operator and NOT from .Values.global + values: + - ./values/global-constraints-values.yaml + - ./values/subcharts-constraints-values.yaml + template: gitops-operator.yaml + documentSelector: + path: kind + value: Deployment + asserts: + - equal: + path: spec.template.spec.tolerations + value: + - key: another-key + operator: Equal + value: another-value + effect: NoSchedule + + - it: tunnel-client should have nodeSelector from .Values.global + values: + - ./values/global-constraints-values.yaml + template: tunnel-client.yaml + documentSelector: + path: kind + value: Deployment + asserts: + - equal: + path: spec.template.spec.nodeSelector + value: + some-key: some-value + extra-key: extra-value + + - it: tunnel-client should have nodeSelector from and .Values.tunnel-client and NOT from .Values.global + values: + - ./values/global-constraints-values.yaml + - ./values/subcharts-constraints-values.yaml + template: tunnel-client.yaml + documentSelector: + path: kind + value: Deployment + asserts: + - equal: + path: spec.template.spec.nodeSelector + value: + some-key: another-value + foo: bar + + - it: tunnel-client should have tolerations from .Values.global + values: + - ./values/global-constraints-values.yaml + template: tunnel-client.yaml + documentSelector: + path: kind + value: Deployment + asserts: + - equal: + path: spec.template.spec.tolerations + value: + - key: some-key + operator: Equal + value: some-value + effect: NoSchedule + + - it: tunnel-client should have tolerations from .Values.tunnel-client and NOT from .Values.global + values: + - ./values/global-constraints-values.yaml + - ./values/subcharts-constraints-values.yaml + template: tunnel-client.yaml + documentSelector: + path: kind + value: Deployment + asserts: + - equal: + path: spec.template.spec.tolerations + value: + - key: another-key + operator: Equal + value: another-value + effect: NoSchedule + + - it: argo-events-controller should have nodeSelector from .Values.global + values: + - ./values/global-constraints-values.yaml + template: charts/argo-events/templates/argo-events-controller/deployment.yaml + asserts: + - equal: + path: spec.template.spec.nodeSelector + value: + some-key: some-value + extra-key: extra-value + + - it: argo-events-controller should have nodeSelector from and .Values.argo-events and NOT from .Values.global + values: + - ./values/global-constraints-values.yaml + - ./values/subcharts-constraints-values.yaml + template: charts/argo-events/templates/argo-events-controller/deployment.yaml + asserts: + - equal: + path: spec.template.spec.nodeSelector + value: + some-key: another-value + foo: bar + + - it: argo-events-controller should have tolerations from .Values.global + values: + - ./values/global-constraints-values.yaml + template: charts/argo-events/templates/argo-events-controller/deployment.yaml + asserts: + - equal: + path: spec.template.spec.tolerations + value: + - key: some-key + operator: Equal + value: some-value + effect: NoSchedule + + - it: argo-events-controller should have tolerations from .Values.argo-events and NOT from .Values.global + values: + - ./values/global-constraints-values.yaml + - ./values/subcharts-constraints-values.yaml + template: charts/argo-events/templates/argo-events-controller/deployment.yaml + asserts: + - equal: + path: spec.template.spec.tolerations + value: + - key: another-key + operator: Equal + value: another-value + effect: NoSchedule + + - it: argo-events-webhook should have nodeSelector from .Values.global + values: + - ./values/global-constraints-values.yaml + template: charts/argo-events/templates/argo-events-webhook/deployment.yaml + asserts: + - equal: + path: spec.template.spec.nodeSelector + value: + some-key: some-value + extra-key: extra-value + + - it: argo-events-webhook should have nodeSelector from and .Values.argo-events and NOT from .Values.global + values: + - ./values/global-constraints-values.yaml + - ./values/subcharts-constraints-values.yaml + template: charts/argo-events/templates/argo-events-webhook/deployment.yaml + asserts: + - equal: + path: spec.template.spec.nodeSelector + value: + some-key: another-value + foo: bar + + - it: argo-events-webhook should have tolerations from .Values.global + values: + - ./values/global-constraints-values.yaml + template: charts/argo-events/templates/argo-events-webhook/deployment.yaml + asserts: + - equal: + path: spec.template.spec.tolerations + value: + - key: some-key + operator: Equal + value: some-value + effect: NoSchedule + + - it: argo-events-webhook should have tolerations from .Values.argo-events and NOT from .Values.global + values: + - ./values/global-constraints-values.yaml + - ./values/subcharts-constraints-values.yaml + template: charts/argo-events/templates/argo-events-webhook/deployment.yaml + asserts: + - equal: + path: spec.template.spec.tolerations + value: + - key: another-key + operator: Equal + value: another-value + effect: NoSchedule + + - it: argo-rollouts controller should have nodeSelector from .Values.global + values: + - ./values/global-constraints-values.yaml + template: charts/argo-rollouts/templates/controller/deployment.yaml + asserts: + - equal: + path: spec.template.spec.nodeSelector + value: + some-key: some-value + extra-key: extra-value + + - it: argo-rollouts controller should have nodeSelector from and .Values.argo-rollouts and NOT from .Values.global + values: + - ./values/global-constraints-values.yaml + - ./values/subcharts-constraints-values.yaml + template: charts/argo-rollouts/templates/controller/deployment.yaml + asserts: + - equal: + path: spec.template.spec.nodeSelector + value: + some-key: another-value + foo: bar + + - it: argo-rollouts controller should have tolerations from .Values.global + values: + - ./values/global-constraints-values.yaml + template: charts/argo-rollouts/templates/controller/deployment.yaml + asserts: + - equal: + path: spec.template.spec.tolerations + value: + - key: some-key + operator: Equal + value: some-value + effect: NoSchedule + + - it: argo-rollouts controller should have tolerations from .Values.argo-rollouts and NOT from .Values.global + values: + - ./values/global-constraints-values.yaml + - ./values/subcharts-constraints-values.yaml + template: charts/argo-rollouts/templates/controller/deployment.yaml + asserts: + - equal: + path: spec.template.spec.tolerations + value: + - key: another-key + operator: Equal + value: another-value + effect: NoSchedule + + - it: argo-workflow controller should have nodeSelector from .Values.global + values: + - ./values/global-constraints-values.yaml + template: charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml + asserts: + - equal: + path: spec.template.spec.nodeSelector + value: + some-key: some-value + extra-key: extra-value + + - it: argo-workflow controller should have nodeSelector from and .Values.argo-workflows and NOT from .Values.global + values: + - ./values/global-constraints-values.yaml + - ./values/subcharts-constraints-values.yaml + template: charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml + asserts: + - equal: + path: spec.template.spec.nodeSelector + value: + some-key: another-value + foo: bar + + - it: argo-workflow controller should have tolerations from .Values.global + values: + - ./values/global-constraints-values.yaml + template: charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml + asserts: + - equal: + path: spec.template.spec.tolerations + value: + - key: some-key + operator: Equal + value: some-value + effect: NoSchedule + + - it: argo-workflow controller should have tolerations from .Values.argo-workflows and NOT from .Values.global + values: + - ./values/global-constraints-values.yaml + - ./values/subcharts-constraints-values.yaml + template: charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml + asserts: + - equal: + path: spec.template.spec.tolerations + value: + - key: another-key + operator: Equal + value: another-value + effect: NoSchedule + + - it: argo-workflow server should have nodeSelector from .Values.global + values: + - ./values/global-constraints-values.yaml + template: charts/argo-workflows/templates/server/server-deployment.yaml + asserts: + - equal: + path: spec.template.spec.nodeSelector + value: + some-key: some-value + extra-key: extra-value + + - it: argo-workflow server should have nodeSelector from and .Values.argo-workflows and NOT from .Values.global + values: + - ./values/global-constraints-values.yaml + - ./values/subcharts-constraints-values.yaml + template: charts/argo-workflows/templates/server/server-deployment.yaml + asserts: + - equal: + path: spec.template.spec.nodeSelector + value: + some-key: another-value + foo: bar + + - it: argo-workflow server should have tolerations from .Values.global + values: + - ./values/global-constraints-values.yaml + template: charts/argo-workflows/templates/server/server-deployment.yaml + asserts: + - equal: + path: spec.template.spec.tolerations + value: + - key: some-key + operator: Equal + value: some-value + effect: NoSchedule + + - it: argo-workflow server should have tolerations from .Values.argo-workflows and NOT from .Values.global + values: + - ./values/global-constraints-values.yaml + - ./values/subcharts-constraints-values.yaml + template: charts/argo-workflows/templates/server/server-deployment.yaml + asserts: + - equal: + path: spec.template.spec.tolerations + value: + - key: another-key + operator: Equal + value: another-value + effect: NoSchedule diff --git a/charts/gitops-runtime/tests/ingress_test.yaml b/charts/gitops-runtime/tests/ingress_test.yaml index b6ef5da1..c054b09a 100644 --- a/charts/gitops-runtime/tests/ingress_test.yaml +++ b/charts/gitops-runtime/tests/ingress_test.yaml @@ -131,3 +131,16 @@ tests: - hosts: - "test.example.com" secretName: blah + +- it: ingress has custom labels + template: templates/ingress.yaml + set: + global.runtime.ingress.enabled: true + global.runtime.ingress.hosts: [test.example.com] + global.runtime.ingress.labels.foo: bar + values: + - ./values/mandatory-values-ingress.yaml + asserts: + - equal: + path: metadata.labels.foo + value: bar diff --git a/charts/gitops-runtime/tests/values/global-constraints-values.yaml b/charts/gitops-runtime/tests/values/global-constraints-values.yaml new file mode 100644 index 00000000..573c2e46 --- /dev/null +++ b/charts/gitops-runtime/tests/values/global-constraints-values.yaml @@ -0,0 +1,9 @@ +global: + nodeSelector: + some-key: some-value + extra-key: extra-value + tolerations: + - key: some-key + operator: Equal + value: some-value + effect: NoSchedule diff --git a/charts/gitops-runtime/tests/values/subcharts-constraints-values.yaml b/charts/gitops-runtime/tests/values/subcharts-constraints-values.yaml new file mode 100644 index 00000000..ede59046 --- /dev/null +++ b/charts/gitops-runtime/tests/values/subcharts-constraints-values.yaml @@ -0,0 +1,83 @@ +anchors: + scheduling: + nodeSelector: &nodeSelector + some-key: another-value + foo: bar + tolerations: &tolerations + - key: another-key + operator: Equal + value: another-value + effect: NoSchedule + +global: + runtime: + eventBus: + nats: + native: + nodeSelector: *nodeSelector + tolerations: *tolerations + +app-proxy: + nodeSelector: *nodeSelector + tolerations: *tolerations + +internal-router: + nodeSelector: *nodeSelector + tolerations: *tolerations + +event-reporters: + rollout: + eventSource: + nodeSelector: *nodeSelector + tolerations: *tolerations + sensor: + nodeSelector: *nodeSelector + tolerations: *tolerations + workflow: + eventSource: + nodeSelector: *nodeSelector + tolerations: *tolerations + sensor: + nodeSelector: *nodeSelector + tolerations: *tolerations + +installer: + nodeSelector: *nodeSelector + tolerations: *tolerations + +cf-argocd-extras: + sourcesServer: + nodeSelector: *nodeSelector + tolerations: *tolerations + eventReporter: + nodeSelector: *nodeSelector + tolerations: *tolerations + +gitops-operator: + nodeSelector: *nodeSelector + tolerations: *tolerations + +tunnel-client: + nodeSelector: *nodeSelector + tolerations: *tolerations + +argo-events: + controller: + nodeSelector: *nodeSelector + tolerations: *tolerations + webhook: + nodeSelector: *nodeSelector + tolerations: *tolerations + +argo-rollouts: + controller: + nodeSelector: *nodeSelector + tolerations: *tolerations + +argo-workflows: + controller: + nodeSelector: *nodeSelector + tolerations: *tolerations + server: + nodeSelector: *nodeSelector + tolerations: *tolerations diff --git a/charts/gitops-runtime/values.yaml b/charts/gitops-runtime/values.yaml index 0b1a6228..6635c6b0 100644 --- a/charts/gitops-runtime/values.yaml +++ b/charts/gitops-runtime/values.yaml @@ -63,6 +63,7 @@ global: className: nginx tls: [] annotations: {} + labels: {} # -- Hosts for runtime ingress. Note that Codefresh platform will always use the first host in the list to access the runtime. hosts: [] # -- Explicit url for runtime ingress. Provide this value only if you don't want the chart to create and ingress (global.runtime.ingress.enabled=false) and tunnel-client is not used (tunnel-client.enabled=false) @@ -94,6 +95,9 @@ global: minAvailable: 2 nats: native: + nodeSelector: {} + tolerations: [] + affinity: {} replicas: 3 auth: token maxPayload: "4MB" @@ -170,6 +174,11 @@ global: # Configuration is defined at .Values.event-reporters.rollout enabled: false + # -- Global nodeSelector for all components + nodeSelector: {} + # -- Global tolerations for all components + tolerations: [] + # ------------------------------------------------------------------------------------------------------------------------- # Installer # ------------------------------------------------------------------------------------------------------------------------- @@ -190,6 +199,10 @@ installer: app.kubernetes.io/component: server app.kubernetes.io/part-of: argocd + nodeSelector: {} + tolerations: [] + affinity: {} + # ----------------------------------------------------------------------------------------------------------------------- # Sealed secrets # ----------------------------------------------------------------------------------------------------------------------- @@ -485,6 +498,9 @@ tunnel-client: host: "register-tunnels.cf-cd.com" subdomainHost: "tunnels.cf-cd.com" + nodeSelector: {} + tolerations: [] + affinity: {} #----------------------------------------------------------------------------------------------------------------------- # app-proxy #----------------------------------------------------------------------------------------------------------------------- @@ -685,15 +701,6 @@ gitops-operator: annotations: {} name: "gitops-operator-controller-manager" - # -- Builtin notifications controller used by gitops-operator for promotion related notifications - argoCdNotifications: - # -- If set to true allows to override notifications image used by the gitops operator. When set to false the version of ArgoCD will be set to the version used for all other ArgoCD components. - imageOverride: false - # -- Set image.repository and image.tag notifications image used by the gitops operator. Ignored unless imageOverride is set to true. - image: {} - # -- Resources for notifications controller used by gitops-operator. - resources: {} - imagePullSecrets: [] nameOverride: "" fullnameOverride: "" @@ -717,3 +724,14 @@ gitops-operator: cf-argocd-extras: # -- Library mode for the chart. Allows to inject values from gitops runtime chart libraryMode: true + eventReporter: + enabled: true + nodeSelector: {} + tolerations: [] + affinity: {} + # -- Sources server configuration + sourcesServer: + enabled: true + nodeSelector: {} + tolerations: [] + affinity: {} From 9623fef7510dc1309b4aded3dd5b2b164f50506a Mon Sep 17 00:00:00 2001 From: Scott Merchant Date: Mon, 12 May 2025 13:19:30 +0200 Subject: [PATCH 43/49] bump codefresh gitops operator version (#470) * bump codefresh operator version * trigger * update docs --- charts/gitops-runtime/Chart.yaml | 2 +- charts/gitops-runtime/README.md | 27 +++++++++++---------------- 2 files changed, 12 insertions(+), 17 deletions(-) diff --git a/charts/gitops-runtime/Chart.yaml b/charts/gitops-runtime/Chart.yaml index 87b89d1f..aadacb67 100644 --- a/charts/gitops-runtime/Chart.yaml +++ b/charts/gitops-runtime/Chart.yaml @@ -39,7 +39,7 @@ dependencies: condition: tunnel-client.enabled - name: codefresh-gitops-operator repository: oci://quay.io/codefresh/charts - version: 0.7.0 + version: 0.7.1 alias: gitops-operator condition: gitops-operator.enabled - name: cf-argocd-extras diff --git a/charts/gitops-runtime/README.md b/charts/gitops-runtime/README.md index af169011..a3f62a71 100644 --- a/charts/gitops-runtime/README.md +++ b/charts/gitops-runtime/README.md @@ -1,5 +1,5 @@ ## Codefresh gitops runtime -![Version: 0.0.0](https://img.shields.io/badge/Version-0.0.0-informational?style=flat-square) ![AppVersion: 0.1.69-0](https://img.shields.io/badge/AppVersion-0.1.69--0-informational?style=flat-square) +![Version: 0.0.0](https://img.shields.io/badge/Version-0.0.0-informational?style=flat-square) ![AppVersion: 0.1.71](https://img.shields.io/badge/AppVersion-0.1.71-informational?style=flat-square) ## Prerequisites @@ -186,13 +186,13 @@ sealed-secrets: | app-proxy.extraVolumeMounts | list | `[]` | Extra volume mounts for main container | | app-proxy.extraVolumes | list | `[]` | extra volumes | | app-proxy.fullnameOverride | string | `"cap-app-proxy"` | | -| app-proxy.image-enrichment | object | `{"config":{"clientHeartbeatIntervalInSeconds":5,"concurrencyCmKey":"imageReportExecutor","concurrencyCmName":"workflow-synchronization-semaphores","images":{"gitEnrichment":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-image-enricher-git-info","tag":"1.1.12-main"},"jiraEnrichment":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-image-enricher-jira-info","tag":"1.1.12-main"},"reportImage":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-report-image-info","tag":"1.1.12-main"}},"podGcStrategy":"OnWorkflowCompletion","ttlActiveInSeconds":900,"ttlAfterCompletionInSeconds":86400},"enabled":true,"serviceAccount":{"annotations":null,"create":true,"name":"codefresh-image-enrichment-sa"}}` | Image enrichment process configuration | -| app-proxy.image-enrichment.config | object | `{"clientHeartbeatIntervalInSeconds":5,"concurrencyCmKey":"imageReportExecutor","concurrencyCmName":"workflow-synchronization-semaphores","images":{"gitEnrichment":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-image-enricher-git-info","tag":"1.1.12-main"},"jiraEnrichment":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-image-enricher-jira-info","tag":"1.1.12-main"},"reportImage":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-report-image-info","tag":"1.1.12-main"}},"podGcStrategy":"OnWorkflowCompletion","ttlActiveInSeconds":900,"ttlAfterCompletionInSeconds":86400}` | Configurations for image enrichment workflow | +| app-proxy.image-enrichment | object | `{"config":{"clientHeartbeatIntervalInSeconds":5,"concurrencyCmKey":"imageReportExecutor","concurrencyCmName":"workflow-synchronization-semaphores","images":{"gitEnrichment":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-image-enricher-git-info","tag":"1.1.13-main"},"jiraEnrichment":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-image-enricher-jira-info","tag":"1.1.13-main"},"reportImage":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-report-image-info","tag":"1.1.13-main"}},"podGcStrategy":"OnWorkflowCompletion","ttlActiveInSeconds":900,"ttlAfterCompletionInSeconds":86400},"enabled":true,"serviceAccount":{"annotations":null,"create":true,"name":"codefresh-image-enrichment-sa"}}` | Image enrichment process configuration | +| app-proxy.image-enrichment.config | object | `{"clientHeartbeatIntervalInSeconds":5,"concurrencyCmKey":"imageReportExecutor","concurrencyCmName":"workflow-synchronization-semaphores","images":{"gitEnrichment":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-image-enricher-git-info","tag":"1.1.13-main"},"jiraEnrichment":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-image-enricher-jira-info","tag":"1.1.13-main"},"reportImage":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-report-image-info","tag":"1.1.13-main"}},"podGcStrategy":"OnWorkflowCompletion","ttlActiveInSeconds":900,"ttlAfterCompletionInSeconds":86400}` | Configurations for image enrichment workflow | | app-proxy.image-enrichment.config.clientHeartbeatIntervalInSeconds | int | `5` | Client heartbeat interval in seconds for image enrichemnt workflow | | app-proxy.image-enrichment.config.concurrencyCmKey | string | `"imageReportExecutor"` | The name of the key in the configmap to use as synchronization semaphore | | app-proxy.image-enrichment.config.concurrencyCmName | string | `"workflow-synchronization-semaphores"` | The name of the configmap to use as synchronization semaphore, see https://argoproj.github.io/argo-workflows/synchronization/ | -| app-proxy.image-enrichment.config.images | object | `{"gitEnrichment":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-image-enricher-git-info","tag":"1.1.12-main"},"jiraEnrichment":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-image-enricher-jira-info","tag":"1.1.12-main"},"reportImage":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-report-image-info","tag":"1.1.12-main"}}` | Enrichemnt images | -| app-proxy.image-enrichment.config.images.reportImage | object | `{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-report-image-info","tag":"1.1.12-main"}` | Report image enrichment task image | +| app-proxy.image-enrichment.config.images | object | `{"gitEnrichment":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-image-enricher-git-info","tag":"1.1.13-main"},"jiraEnrichment":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-image-enricher-jira-info","tag":"1.1.13-main"},"reportImage":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-report-image-info","tag":"1.1.13-main"}}` | Enrichemnt images | +| app-proxy.image-enrichment.config.images.reportImage | object | `{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-report-image-info","tag":"1.1.13-main"}` | Report image enrichment task image | | app-proxy.image-enrichment.config.podGcStrategy | string | `"OnWorkflowCompletion"` | Pod grabage collection strategy. By default all pods will be deleted when the enrichment workflow completes. | | app-proxy.image-enrichment.config.ttlActiveInSeconds | int | `900` | Maximum allowed runtime for the enrichment workflow | | app-proxy.image-enrichment.config.ttlAfterCompletionInSeconds | int | `86400` | Number of seconds to live after completion | @@ -203,14 +203,14 @@ sealed-secrets: | app-proxy.image-enrichment.serviceAccount.name | string | `"codefresh-image-enrichment-sa"` | Name of the service account to create or the name of the existing one to use | | app-proxy.image.pullPolicy | string | `"IfNotPresent"` | | | app-proxy.image.repository | string | `"quay.io/codefresh/cap-app-proxy"` | | -| app-proxy.image.tag | string | `"1.3451.0"` | | +| app-proxy.image.tag | string | `"1.3470.0"` | | | app-proxy.imagePullSecrets | list | `[]` | | | app-proxy.initContainer.command[0] | string | `"./init.sh"` | | | app-proxy.initContainer.env | object | `{}` | | | app-proxy.initContainer.extraVolumeMounts | list | `[]` | Extra volume mounts for init container | | app-proxy.initContainer.image.pullPolicy | string | `"IfNotPresent"` | | | app-proxy.initContainer.image.repository | string | `"quay.io/codefresh/cap-app-proxy-init"` | | -| app-proxy.initContainer.image.tag | string | `"1.3451.0"` | | +| app-proxy.initContainer.image.tag | string | `"1.3470.0"` | | | app-proxy.initContainer.resources.limits | object | `{}` | | | app-proxy.initContainer.resources.requests.cpu | string | `"0.2"` | | | app-proxy.initContainer.resources.requests.memory | string | `"256Mi"` | | @@ -281,8 +281,7 @@ sealed-secrets: | argo-workflows.mainContainer.resources.requests.ephemeral-storage | string | `"10Mi"` | | | argo-workflows.server.authModes | list | `["client"]` | auth-mode needs to be set to client to be able to see workflow logs from Codefresh UI | | argo-workflows.server.baseHref | string | `"/workflows/"` | Do not change. Workflows UI is only accessed through internal router, changing this values will break routing to workflows native UI from Codefresh. | -| cf-argocd-extras | object | `{"eventReporter":{"enabled":true},"libraryMode":true}` | Codefresh extra services for ArgoCD | -| cf-argocd-extras.eventReporter | object | `{"enabled":true}` | Event reporter configuration | +| cf-argocd-extras | object | `{"libraryMode":true}` | Codefresh extra services for ArgoCD | | cf-argocd-extras.libraryMode | bool | `true` | Library mode for the chart. Allows to inject values from gitops runtime chart | | event-reporters.rollout.eventSource.affinity | object | `{}` | | | event-reporters.rollout.eventSource.nodeSelector | object | `{}` | | @@ -321,10 +320,6 @@ sealed-secrets: | event-reporters.workflow.sensor.tolerations | list | `[]` | | | event-reporters.workflow.serviceAccount.create | bool | `true` | | | gitops-operator.affinity | object | `{}` | | -| gitops-operator.argoCdNotifications | object | `{"image":{},"imageOverride":false,"resources":{}}` | Builtin notifications controller used by gitops-operator for promotion related notifications | -| gitops-operator.argoCdNotifications.image | object | `{}` | Set image.repository and image.tag notifications image used by the gitops operator. Ignored unless imageOverride is set to true. | -| gitops-operator.argoCdNotifications.imageOverride | bool | `false` | If set to true allows to override notifications image used by the gitops operator. When set to false the version of ArgoCD will be set to the version used for all other ArgoCD components. | -| gitops-operator.argoCdNotifications.resources | object | `{}` | Resources for notifications controller used by gitops-operator. | | gitops-operator.crds | object | `{"additionalLabels":{},"annotations":{},"install":true,"keep":false}` | Codefresh gitops operator crds | | gitops-operator.crds.additionalLabels | object | `{}` | Additional labels for gitops operator CRDs | | gitops-operator.crds.annotations | object | `{}` | Annotations on gitops operator CRDs | @@ -401,7 +396,7 @@ sealed-secrets: | global.runtime.ingressUrl | string | `""` | Explicit url for runtime ingress. Provide this value only if you don't want the chart to create and ingress (global.runtime.ingress.enabled=false) and tunnel-client is not used (tunnel-client.enabled=false) | | global.runtime.isConfigurationRuntime | bool | `false` | is the runtime set as a "configuration runtime". | | global.runtime.name | string | `nil` | Runtime name. Must be unique per platform account. | -| installer | object | `{"image":{"pullPolicy":"IfNotPresent","repository":"quay.io/codefresh/gitops-runtime-installer","tag":""},"skipValidation":false}` | Runtime installer used for running hooks and checks on the release | +| installer | object | `{"argoCdVersionCheck":{"argoServerLabels":{"app.kubernetes.io/component":"server","app.kubernetes.io/part-of":"argocd"}},"image":{"pullPolicy":"IfNotPresent","repository":"quay.io/codefresh/gitops-runtime-installer","tag":""},"skipValidation":false}` | Runtime installer used for running hooks and checks on the release | | installer.skipValidation | bool | `false` | if set to true, pre-install hook will *not* run | | internal-router.affinity | object | `{}` | | | internal-router.clusterDomain | string | `"cluster.local"` | | @@ -411,7 +406,7 @@ sealed-secrets: | internal-router.fullnameOverride | string | `"internal-router"` | | | internal-router.image.pullPolicy | string | `"IfNotPresent"` | | | internal-router.image.repository | string | `"nginxinc/nginx-unprivileged"` | | -| internal-router.image.tag | string | `"1.26-alpine3.20"` | | +| internal-router.image.tag | string | `"1.28-alpine3.21"` | | | internal-router.imagePullSecrets | list | `[]` | | | internal-router.ipv6 | object | `{"enabled":false}` | For ipv6 enabled clusters switch ipv6 enabled to true | | internal-router.nameOverride | string | `""` | | @@ -435,7 +430,7 @@ sealed-secrets: | internal-router.serviceAccount.create | bool | `true` | | | internal-router.serviceAccount.name | string | `""` | | | internal-router.tolerations | list | `[]` | | -| sealed-secrets | object | `{"fullnameOverride":"sealed-secrets-controller","image":{"registry":"quay.io","repository":"codefresh/sealed-secrets-controller","tag":"0.28.0"},"keyrenewperiod":"720h","resources":{"limits":{"cpu":"500m","memory":"1Gi"},"requests":{"cpu":"200m","memory":"512Mi"}}}` | --------------------------------------------------------------------------------------------------------------------- | +| sealed-secrets | object | `{"fullnameOverride":"sealed-secrets-controller","image":{"registry":"quay.io","repository":"codefresh/sealed-secrets-controller","tag":"0.29.0"},"keyrenewperiod":"720h","resources":{"limits":{"cpu":"500m","memory":"1Gi"},"requests":{"cpu":"200m","memory":"512Mi"}}}` | --------------------------------------------------------------------------------------------------------------------- | | tunnel-client | object | `{"enabled":true,"libraryMode":true,"tunnelServer":{"host":"register-tunnels.cf-cd.com","subdomainHost":"tunnels.cf-cd.com"}}` | Tunnel based runtime. Not supported for on-prem platform. In on-prem use ingress based runtimes. | | tunnel-client.enabled | bool | `true` | Will only be used if global.runtime.ingress.enabled = false | | tunnel-client.libraryMode | bool | `true` | Do not change this value! Breaks chart logic | From 15524476eb7ba02c905b99c604311519523fe469 Mon Sep 17 00:00:00 2001 From: Oleksandr Saulyak Date: Tue, 13 May 2025 13:18:55 +0300 Subject: [PATCH 44/49] feat: cf-argocd-extras v0.3.22 with payloadVersion reported (#472) --- charts/gitops-runtime/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/gitops-runtime/Chart.yaml b/charts/gitops-runtime/Chart.yaml index aadacb67..995e1774 100644 --- a/charts/gitops-runtime/Chart.yaml +++ b/charts/gitops-runtime/Chart.yaml @@ -44,4 +44,4 @@ dependencies: condition: gitops-operator.enabled - name: cf-argocd-extras repository: oci://quay.io/codefresh/charts - version: 0.3.21 + version: 0.3.22 From 6de98f2dab99a2ca7fb3cc5cabfc596b07639d05 Mon Sep 17 00:00:00 2001 From: Andrii Shaforostov Date: Wed, 14 May 2025 14:32:34 +0300 Subject: [PATCH 45/49] Feat/revert cr 28342 usage (#474) --- .../templates/hooks/pre-install/rbac.yaml | 45 -------------- .../hooks/pre-install/validate-usage.yaml | 59 ------------------ .../tests/global_constraints_test.yaml | 62 ------------------- charts/gitops-runtime/values.yaml | 2 - installer-image/Dockerfile | 2 +- 5 files changed, 1 insertion(+), 169 deletions(-) delete mode 100644 charts/gitops-runtime/templates/hooks/pre-install/validate-usage.yaml diff --git a/charts/gitops-runtime/templates/hooks/pre-install/rbac.yaml b/charts/gitops-runtime/templates/hooks/pre-install/rbac.yaml index 60250770..48f6eb77 100644 --- a/charts/gitops-runtime/templates/hooks/pre-install/rbac.yaml +++ b/charts/gitops-runtime/templates/hooks/pre-install/rbac.yaml @@ -41,48 +41,3 @@ metadata: helm.sh/hook-delete-policy: hook-succeeded,before-hook-creation,hook-failed helm.sh/hook-weight: "-10" {{- end }} - -{{- if not .Values.installer.skipUsageValidation }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: validate-usage-cr - annotations: - helm.sh/hook: pre-install - helm.sh/hook-delete-policy: hook-succeeded,before-hook-creation,hook-failed - helm.sh/hook-weight: "5" -rules: - - apiGroups: - - "" - resources: - - secrets - verbs: - - get ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: validate-usage-crb - annotations: - helm.sh/hook: pre-install - helm.sh/hook-delete-policy: hook-succeeded,before-hook-creation,hook-failed - helm.sh/hook-weight: "5" -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: validate-usage-cr -subjects: - - kind: ServiceAccount - name: validate-usage-sa - namespace: {{ .Release.Namespace }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: validate-usage-sa - annotations: - helm.sh/hook: pre-install - helm.sh/hook-delete-policy: hook-succeeded,before-hook-creation,hook-failed - helm.sh/hook-weight: "5" -{{- end }} diff --git a/charts/gitops-runtime/templates/hooks/pre-install/validate-usage.yaml b/charts/gitops-runtime/templates/hooks/pre-install/validate-usage.yaml deleted file mode 100644 index d36ca73c..00000000 --- a/charts/gitops-runtime/templates/hooks/pre-install/validate-usage.yaml +++ /dev/null @@ -1,59 +0,0 @@ -{{- if not .Values.installer.skipUsageValidation }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: validate-usage-config - annotations: - helm.sh/hook: pre-install - helm.sh/hook-delete-policy: hook-succeeded,before-hook-creation,hook-failed - helm.sh/hook-weight: "5" -data: - values.yaml: | -{{ .Values | toYaml | indent 4 }} - ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: validate-usage - annotations: - helm.sh/hook: pre-install - helm.sh/hook-delete-policy: hook-succeeded,before-hook-creation - helm.sh/hook-weight: "10" -spec: - backoffLimit: 0 - ttlSecondsAfterFinished: 300 - template: - spec: - serviceAccountName: validate-usage-sa - restartPolicy: Never - containers: - - name: validate-usage - image: "{{ .Values.installer.image.repository }}:{{ .Values.installer.image.tag | default .Chart.Version }}" - imagePullPolicy: {{ .Values.installer.image.pullPolicy }} - env: - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - command: ["sh", "-c"] - args: - - | - cf account validate-usage --fail-condition=reached --subject=clusters --values /job_tmp/values.yaml --namespace ${NAMESPACE} --hook --log-level debug - volumeMounts: - - name: validate-usage-volume - mountPath: "/job_tmp" - volumes: - - name: validate-usage-volume - configMap: - name: validate-usage-config - {{- with .Values.installer.nodeSelector | default .Values.global.nodeSelector }} - nodeSelector: {{ toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.installer.tolerations | default .Values.global.tolerations}} - tolerations: {{ toYaml . | nindent 6 }} - {{- end }} - {{- with .Values.installer.affinity }} - affinity: {{ toYaml . | nindent 8 }} - {{- end }} -{{- end }} diff --git a/charts/gitops-runtime/tests/global_constraints_test.yaml b/charts/gitops-runtime/tests/global_constraints_test.yaml index dccede4a..4d64f765 100644 --- a/charts/gitops-runtime/tests/global_constraints_test.yaml +++ b/charts/gitops-runtime/tests/global_constraints_test.yaml @@ -436,68 +436,6 @@ tests: value: another-value effect: NoSchedule - - it: validate-usage job should have nodeSelector from .Values.global - values: - - ./values/global-constraints-values.yaml - template: hooks/pre-install/validate-usage.yaml - documentSelector: - path: kind - value: Job - asserts: - - equal: - path: spec.template.spec.nodeSelector - value: - some-key: some-value - extra-key: extra-value - - - it: validate-usage job should have nodeSelector from .Values.installer and NOT from .Values.global - values: - - ./values/global-constraints-values.yaml - - ./values/subcharts-constraints-values.yaml - template: hooks/pre-install/validate-usage.yaml - documentSelector: - path: kind - value: Job - asserts: - - equal: - path: spec.template.spec.nodeSelector - value: - some-key: another-value - foo: bar - - - it: validate-usage job should have tolerations from .Values.global - values: - - ./values/global-constraints-values.yaml - template: hooks/pre-install/validate-usage.yaml - documentSelector: - path: kind - value: Job - asserts: - - equal: - path: spec.template.spec.tolerations - value: - - key: some-key - operator: Equal - value: some-value - effect: NoSchedule - - - it: validate-usage job should have tolerations from .Values.installer and NOT from .Values.global - values: - - ./values/global-constraints-values.yaml - - ./values/subcharts-constraints-values.yaml - template: hooks/pre-install/validate-usage.yaml - documentSelector: - path: kind - value: Job - asserts: - - equal: - path: spec.template.spec.tolerations - value: - - key: another-key - operator: Equal - value: another-value - effect: NoSchedule - - it: cleanup-resources job should have nodeSelector from .Values.global values: diff --git a/charts/gitops-runtime/values.yaml b/charts/gitops-runtime/values.yaml index 6635c6b0..cd9e4dd3 100644 --- a/charts/gitops-runtime/values.yaml +++ b/charts/gitops-runtime/values.yaml @@ -186,8 +186,6 @@ global: installer: # -- if set to true, pre-install hook will *not* run skipValidation: false - # -- if set to true, pre-install hook will *not* run - skipUsageValidation: false image: repository: quay.io/codefresh/gitops-runtime-installer tag: "" diff --git a/installer-image/Dockerfile b/installer-image/Dockerfile index edf4c290..f164c094 100644 --- a/installer-image/Dockerfile +++ b/installer-image/Dockerfile @@ -8,7 +8,7 @@ FROM debian:12.10-slim RUN echo 'debconf debconf/frontend select Noninteractive' | debconf-set-selections -ARG CF_CLI_VERSION=v0.2.7 +ARG CF_CLI_VERSION=v0.2.6 ARG TARGETARCH RUN apt-get update && apt-get install curl jq -y From 5c551ca0542280bd7c13d0d298fab7411a7e51ac Mon Sep 17 00:00:00 2001 From: olegt-codefresh Date: Wed, 14 May 2025 15:24:05 +0300 Subject: [PATCH 46/49] feat: add gzip configuration to internal router configmap (CR-24650) (#475) --- .../templates/_components/internal-router/_configmap.yaml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/charts/gitops-runtime/templates/_components/internal-router/_configmap.yaml b/charts/gitops-runtime/templates/_components/internal-router/_configmap.yaml index 748892e0..6503b3c6 100644 --- a/charts/gitops-runtime/templates/_components/internal-router/_configmap.yaml +++ b/charts/gitops-runtime/templates/_components/internal-router/_configmap.yaml @@ -54,4 +54,11 @@ data: return 200 'ok'; } } + gzip on; + gzip_comp_level 6; + gzip_min_length 1000; + gzip_types + text/plain + application/xml + application/json; {{- end }} From 5a2fe3389be4e778aa12250cb7c14aaab14e3bc5 Mon Sep 17 00:00:00 2001 From: Ilia Medvedev Date: Wed, 14 May 2025 19:18:04 +0300 Subject: [PATCH 47/49] add possibility to disable configmap generation by passing null to artifactRepositoryRef --- .../codefresh-workflow-log-store.yaml | 6 +++- .../tests/codefresh-workflow-logs-store.yaml | 35 +++++++++++++++++++ 2 files changed, 40 insertions(+), 1 deletion(-) create mode 100644 charts/gitops-runtime/tests/codefresh-workflow-logs-store.yaml diff --git a/charts/gitops-runtime/templates/codefresh-workflow-log-store.yaml b/charts/gitops-runtime/templates/codefresh-workflow-log-store.yaml index d83d653a..c346aef8 100644 --- a/charts/gitops-runtime/templates/codefresh-workflow-log-store.yaml +++ b/charts/gitops-runtime/templates/codefresh-workflow-log-store.yaml @@ -1,4 +1,6 @@ -{{- $_ := required "global.codefresh.accountId is required" .Values.global.codefresh.accountId }} +{{- if hasKey (index .Values "argo-workflows" "controller" "workflowDefaults" "spec" "artifactRepositoryRef") "configMap" }} + {{- if eq (index .Values "argo-workflows" "controller" "workflowDefaults" "spec" "artifactRepositoryRef" "configMap") "codefresh-workflows-log-store" }} + {{- $_ := required "global.codefresh.accountId is required" .Values.global.codefresh.accountId }} apiVersion: v1 data: codefresh-workflows-log-store: | @@ -19,3 +21,5 @@ metadata: annotations: workflows.argoproj.io/default-artifact-repository: codefresh-workflows-log-store name: codefresh-workflows-log-store + {{- end }} +{{- end }} diff --git a/charts/gitops-runtime/tests/codefresh-workflow-logs-store.yaml b/charts/gitops-runtime/tests/codefresh-workflow-logs-store.yaml new file mode 100644 index 00000000..f492b942 --- /dev/null +++ b/charts/gitops-runtime/tests/codefresh-workflow-logs-store.yaml @@ -0,0 +1,35 @@ +suite: codefresh-workflow-logs-store tests +templates: + - codefresh-workflow-log-store.yaml +tests: + +- it: Should only create the configmap when the workflowDefaults.artifactRepositoryRef.configMap is set to codefresh-workflows-log-store + template: 'codefresh-workflow-log-store.yaml' + values: + - ./values/mandatory-values.yaml + set: + argo-workflows.controller.workflowDefaults.spec.artifactRepositoryRef.configMap: "some-other-configmap" + asserts: + - hasDocuments: + count: 0 + +- it: Should only create the configmap when the workflowDefaults.artifactRepositoryRef.configMap is set to codefresh-workflows-log-store + template: 'codefresh-workflow-log-store.yaml' + values: + - ./values/mandatory-values.yaml + set: + argo-workflows.controller.workflowDefaults.spec.artifactRepositoryRef.configMap: "codefresh-workflows-log-store" + asserts: + - hasDocuments: + count: 1 + +- it: Should fail if the accountId is not set + template: 'codefresh-workflow-log-store.yaml' + values: + - ./values/mandatory-values.yaml + set: + argo-workflows.controller.workflowDefaults.spec.artifactRepositoryRef.configMap: "codefresh-workflows-log-store" + global.codefresh.accountId: "" + asserts: + - failedTemplate: + errorMessage: 'global.codefresh.accountId is required' From d1ebd1505ca182018b950cfd9c799531a2549bb6 Mon Sep 17 00:00:00 2001 From: Ilia Medvedev Date: Mon, 19 May 2025 14:31:33 +0300 Subject: [PATCH 48/49] disable by default --- charts/gitops-runtime/README.md | 24 +++++----- charts/gitops-runtime/README.md.gotmpl | 8 ++-- .../codefresh-workflow-log-store.yaml | 10 ++--- .../tests/codefresh-workflow-logs-store.yaml | 44 ++++++++++++++++--- charts/gitops-runtime/values.yaml | 13 +++--- 5 files changed, 62 insertions(+), 37 deletions(-) diff --git a/charts/gitops-runtime/README.md b/charts/gitops-runtime/README.md index a3f62a71..c7919b02 100644 --- a/charts/gitops-runtime/README.md +++ b/charts/gitops-runtime/README.md @@ -17,12 +17,10 @@ See [Use OCI-based registries](https://helm.sh/docs/topics/registries/) Prior to running the installation please see the official documentation at: https://codefresh.io/docs/docs/installation/gitops/hybrid-gitops-helm-installation/ ## Argo-workflows artifact and log storage -> [!NOTE] -> This version of the chart includes default configuration for storing workflow artifacts and logs in Codefresh provided s3 compatible storage. +Codefresh provides a SaaS object storage based solution for Argo workflows logs storage. The chart deploys a configmap named `codefresh-workflows-log-store` with the repository configuration. +If you want to utilize the Codefresh SaaS solution for log storage for all workflows in the runtime please set `argo-workflows.controller.workflowDefaults.spec.artifactRepository.configMap` to `codefresh-workflows-log-store` and `argo-workflows.controller.workflowDefaults.spec.artifactRepository.key` +to `codefresh-workflows-log-store` as well. -If you have your own storage configuration using the default configmap `artifact-repositories` upgrading the chart will override your artifact storage configuration. -To prevent this please set `argo-workflows.controller.workflowDefaults.spec.artifactRepository.configMap` to `artifact-repositories` and `argo-workflows.controller.workflowDefaults.spec.artifactRepository.key` -to the respective key in your configmap identifying the repository. > [!WARNING] > It's highly recommended to use your own artifact storage for data privacy reasons. > Codefresh provided storage has a retention policy of 14 days and limitations on uploaded file sizes. @@ -271,9 +269,7 @@ sealed-secrets: | argo-rollouts.enabled | bool | `true` | | | argo-rollouts.fullnameOverride | string | `"argo-rollouts"` | | | argo-rollouts.installCRDs | bool | `true` | | -| argo-workflows.codefreshWorkflowLogs | object | `{"endpoint":"gitops-workflow-logs.codefresh.io","insecure":false}` | Argo workflows logs storage on Codefresh platform settings. Don't change unless instructed by Codefresh support. | | argo-workflows.controller.workflowDefaults.spec.archiveLogs | bool | `true` | | -| argo-workflows.controller.workflowDefaults.spec.artifactRepositoryRef | object | `{"configMap":"codefresh-workflows-log-store","key":"codefresh-workflows-log-store"}` | By default artifact repository is set to a Codefresh provided repository. For data privacy it is reccommended to set your own artifact repository. For instructions see: https://argo-workflows.readthedocs.io/en/latest/configure-artifact-repository/#configuring-your-artifact-repository | | argo-workflows.crds.install | bool | `true` | Install and upgrade CRDs | | argo-workflows.enabled | bool | `true` | | | argo-workflows.executor.resources.requests.ephemeral-storage | string | `"10Mi"` | | @@ -281,8 +277,10 @@ sealed-secrets: | argo-workflows.mainContainer.resources.requests.ephemeral-storage | string | `"10Mi"` | | | argo-workflows.server.authModes | list | `["client"]` | auth-mode needs to be set to client to be able to see workflow logs from Codefresh UI | | argo-workflows.server.baseHref | string | `"/workflows/"` | Do not change. Workflows UI is only accessed through internal router, changing this values will break routing to workflows native UI from Codefresh. | -| cf-argocd-extras | object | `{"libraryMode":true}` | Codefresh extra services for ArgoCD | +| cf-argocd-extras | object | `{"eventReporter":{"affinity":{},"enabled":true,"nodeSelector":{},"tolerations":[]},"libraryMode":true,"sourcesServer":{"affinity":{},"enabled":true,"nodeSelector":{},"tolerations":[]}}` | Codefresh extra services for ArgoCD | | cf-argocd-extras.libraryMode | bool | `true` | Library mode for the chart. Allows to inject values from gitops runtime chart | +| cf-argocd-extras.sourcesServer | object | `{"affinity":{},"enabled":true,"nodeSelector":{},"tolerations":[]}` | Sources server configuration | +| codefreshWorkflowLogStoreCM | object | `{"enabled":true,"endpoint":"gitops-workflow-logs.codefresh.io","insecure":false}` | Argo workflows logs storage on Codefresh platform settings. Don't change unless instructed by Codefresh support. | | event-reporters.rollout.eventSource.affinity | object | `{}` | | | event-reporters.rollout.eventSource.nodeSelector | object | `{}` | | | event-reporters.rollout.eventSource.replicas | int | `1` | | @@ -376,7 +374,8 @@ sealed-secrets: | global.external-argo-rollouts | object | `{"rollout-reporter":{"enabled":false}}` | Configuration for external Argo Rollouts | | global.external-argo-rollouts.rollout-reporter | object | `{"enabled":false}` | Rollout reporter settings | | global.external-argo-rollouts.rollout-reporter.enabled | bool | `false` | Enable or disable rollout reporter Configuration is defined at .Values.event-reporters.rollout | -| global.runtime | object | `{"cluster":"https://kubernetes.default.svc","codefreshHosted":false,"eventBus":{"annotations":{},"name":"codefresh-eventbus","nats":{"native":{"auth":"token","containerTemplate":{"resources":{"limits":{"cpu":"500m","ephemeral-storage":"2Gi","memory":"4Gi"},"requests":{"cpu":"200m","ephemeral-storage":"2Gi","memory":"1Gi"}}},"maxPayload":"4MB","replicas":3}},"pdb":{"enabled":true,"minAvailable":2}},"gitCredentials":{"password":{"secretKeyRef":{},"value":null},"username":"username"},"ingress":{"annotations":{},"className":"nginx","enabled":false,"hosts":[],"protocol":"https","skipValidation":false,"tls":[]},"ingressUrl":"","isConfigurationRuntime":false,"name":null}` | Runtime level settings | +| global.nodeSelector | object | `{}` | Global nodeSelector for all components | +| global.runtime | object | `{"cluster":"https://kubernetes.default.svc","codefreshHosted":false,"eventBus":{"annotations":{},"name":"codefresh-eventbus","nats":{"native":{"affinity":{},"auth":"token","containerTemplate":{"resources":{"limits":{"cpu":"500m","ephemeral-storage":"2Gi","memory":"4Gi"},"requests":{"cpu":"200m","ephemeral-storage":"2Gi","memory":"1Gi"}}},"maxPayload":"4MB","nodeSelector":{},"replicas":3,"tolerations":[]}},"pdb":{"enabled":true,"minAvailable":2}},"gitCredentials":{"password":{"secretKeyRef":{},"value":null},"username":"username"},"ingress":{"annotations":{},"className":"nginx","enabled":false,"hosts":[],"labels":{},"protocol":"https","skipValidation":false,"tls":[]},"ingressUrl":"","isConfigurationRuntime":false,"name":null}` | Runtime level settings | | global.runtime.cluster | string | `"https://kubernetes.default.svc"` | Runtime cluster. Should not be changed. | | global.runtime.codefreshHosted | bool | `false` | Defines whether this is a Codefresh hosted runtime. Should not be changed. | | global.runtime.eventBus.annotations | object | `{}` | Annotations on EventBus resource | @@ -388,7 +387,7 @@ sealed-secrets: | global.runtime.gitCredentials.password.secretKeyRef | object | `{}` | secretKeyReference for Git credentials password. Provide name and key fields. | | global.runtime.gitCredentials.password.value | string | `nil` | Plain text password | | global.runtime.gitCredentials.username | string | `"username"` | Username. Optional when using token in password. | -| global.runtime.ingress | object | `{"annotations":{},"className":"nginx","enabled":false,"hosts":[],"protocol":"https","skipValidation":false,"tls":[]}` | Ingress settings | +| global.runtime.ingress | object | `{"annotations":{},"className":"nginx","enabled":false,"hosts":[],"labels":{},"protocol":"https","skipValidation":false,"tls":[]}` | Ingress settings | | global.runtime.ingress.enabled | bool | `false` | Defines if ingress-based access mode is enabled for runtime. To use tunnel-based (ingressless) access mode, set to false. | | global.runtime.ingress.hosts | list | `[]` | Hosts for runtime ingress. Note that Codefresh platform will always use the first host in the list to access the runtime. | | global.runtime.ingress.protocol | string | `"https"` | The protocol that Codefresh platform will use to access the runtime ingress. Can be http or https. | @@ -396,7 +395,8 @@ sealed-secrets: | global.runtime.ingressUrl | string | `""` | Explicit url for runtime ingress. Provide this value only if you don't want the chart to create and ingress (global.runtime.ingress.enabled=false) and tunnel-client is not used (tunnel-client.enabled=false) | | global.runtime.isConfigurationRuntime | bool | `false` | is the runtime set as a "configuration runtime". | | global.runtime.name | string | `nil` | Runtime name. Must be unique per platform account. | -| installer | object | `{"argoCdVersionCheck":{"argoServerLabels":{"app.kubernetes.io/component":"server","app.kubernetes.io/part-of":"argocd"}},"image":{"pullPolicy":"IfNotPresent","repository":"quay.io/codefresh/gitops-runtime-installer","tag":""},"skipValidation":false}` | Runtime installer used for running hooks and checks on the release | +| global.tolerations | list | `[]` | Global tolerations for all components | +| installer | object | `{"affinity":{},"argoCdVersionCheck":{"argoServerLabels":{"app.kubernetes.io/component":"server","app.kubernetes.io/part-of":"argocd"}},"image":{"pullPolicy":"IfNotPresent","repository":"quay.io/codefresh/gitops-runtime-installer","tag":""},"nodeSelector":{},"skipValidation":false,"tolerations":[]}` | Runtime installer used for running hooks and checks on the release | | installer.skipValidation | bool | `false` | if set to true, pre-install hook will *not* run | | internal-router.affinity | object | `{}` | | | internal-router.clusterDomain | string | `"cluster.local"` | | @@ -431,6 +431,6 @@ sealed-secrets: | internal-router.serviceAccount.name | string | `""` | | | internal-router.tolerations | list | `[]` | | | sealed-secrets | object | `{"fullnameOverride":"sealed-secrets-controller","image":{"registry":"quay.io","repository":"codefresh/sealed-secrets-controller","tag":"0.29.0"},"keyrenewperiod":"720h","resources":{"limits":{"cpu":"500m","memory":"1Gi"},"requests":{"cpu":"200m","memory":"512Mi"}}}` | --------------------------------------------------------------------------------------------------------------------- | -| tunnel-client | object | `{"enabled":true,"libraryMode":true,"tunnelServer":{"host":"register-tunnels.cf-cd.com","subdomainHost":"tunnels.cf-cd.com"}}` | Tunnel based runtime. Not supported for on-prem platform. In on-prem use ingress based runtimes. | +| tunnel-client | object | `{"affinity":{},"enabled":true,"libraryMode":true,"nodeSelector":{},"tolerations":[],"tunnelServer":{"host":"register-tunnels.cf-cd.com","subdomainHost":"tunnels.cf-cd.com"}}` | Tunnel based runtime. Not supported for on-prem platform. In on-prem use ingress based runtimes. | | tunnel-client.enabled | bool | `true` | Will only be used if global.runtime.ingress.enabled = false | | tunnel-client.libraryMode | bool | `true` | Do not change this value! Breaks chart logic | diff --git a/charts/gitops-runtime/README.md.gotmpl b/charts/gitops-runtime/README.md.gotmpl index 734d6a01..cf2b4153 100644 --- a/charts/gitops-runtime/README.md.gotmpl +++ b/charts/gitops-runtime/README.md.gotmpl @@ -17,12 +17,10 @@ See [Use OCI-based registries](https://helm.sh/docs/topics/registries/) Prior to running the installation please see the official documentation at: https://codefresh.io/docs/docs/installation/gitops/hybrid-gitops-helm-installation/ ## Argo-workflows artifact and log storage -> [!NOTE] -> This version of the chart includes default configuration for storing workflow artifacts and logs in Codefresh provided s3 compatible storage. +Codefresh provides a SaaS object storage based solution for Argo workflows logs storage. The chart deploys a configmap named `codefresh-workflows-log-store` with the repository configuration. +If you want to utilize the Codefresh SaaS solution for log storage for all workflows in the runtime please set `argo-workflows.controller.workflowDefaults.spec.artifactRepository.configMap` to `codefresh-workflows-log-store` and `argo-workflows.controller.workflowDefaults.spec.artifactRepository.key` +to `codefresh-workflows-log-store` as well. -If you have your own storage configuration using the default configmap `artifact-repositories` upgrading the chart will override your artifact storage configuration. -To prevent this please set `argo-workflows.controller.workflowDefaults.spec.artifactRepository.configMap` to `artifact-repositories` and `argo-workflows.controller.workflowDefaults.spec.artifactRepository.key` -to the respective key in your configmap identifying the repository. > [!WARNING] > It's highly recommended to use your own artifact storage for data privacy reasons. > Codefresh provided storage has a retention policy of 14 days and limitations on uploaded file sizes. diff --git a/charts/gitops-runtime/templates/codefresh-workflow-log-store.yaml b/charts/gitops-runtime/templates/codefresh-workflow-log-store.yaml index c346aef8..8c4f404f 100644 --- a/charts/gitops-runtime/templates/codefresh-workflow-log-store.yaml +++ b/charts/gitops-runtime/templates/codefresh-workflow-log-store.yaml @@ -1,14 +1,13 @@ -{{- if hasKey (index .Values "argo-workflows" "controller" "workflowDefaults" "spec" "artifactRepositoryRef") "configMap" }} - {{- if eq (index .Values "argo-workflows" "controller" "workflowDefaults" "spec" "artifactRepositoryRef" "configMap") "codefresh-workflows-log-store" }} - {{- $_ := required "global.codefresh.accountId is required" .Values.global.codefresh.accountId }} +{{- if .Values.codefreshWorkflowLogStoreCM.enabled }} + {{- $_ := required "global.codefresh.accountId is required if codefreshWorkflowLogStoreCM is enabled" .Values.global.codefresh.accountId }} apiVersion: v1 data: codefresh-workflows-log-store: | archiveLogs: true s3: bucket: {{ .Values.global.codefresh.accountId }} - endpoint: {{ index .Values "argo-workflows" "codefreshWorkflowLogs" "endpoint" }} - insecure: {{ index .Values "argo-workflows" "codefreshWorkflowLogs" "insecure" }} + endpoint: {{ .Values.codefreshWorkflowLogStoreCM.endpoint }} + insecure: {{ .Values.codefreshWorkflowLogStoreCM.insecure }} keyFormat: {{ .Values.global.runtime.name }}/{{ "{{" }}workflow.name{{ "}}" }}/{{ "{{" }}pod.name{{ "}}" }} accessKeySecret: name: codefresh-token @@ -21,5 +20,4 @@ metadata: annotations: workflows.argoproj.io/default-artifact-repository: codefresh-workflows-log-store name: codefresh-workflows-log-store - {{- end }} {{- end }} diff --git a/charts/gitops-runtime/tests/codefresh-workflow-logs-store.yaml b/charts/gitops-runtime/tests/codefresh-workflow-logs-store.yaml index f492b942..5ad11e58 100644 --- a/charts/gitops-runtime/tests/codefresh-workflow-logs-store.yaml +++ b/charts/gitops-runtime/tests/codefresh-workflow-logs-store.yaml @@ -3,22 +3,22 @@ templates: - codefresh-workflow-log-store.yaml tests: -- it: Should only create the configmap when the workflowDefaults.artifactRepositoryRef.configMap is set to codefresh-workflows-log-store +- it: Should only create the configmap when enabled template: 'codefresh-workflow-log-store.yaml' values: - ./values/mandatory-values.yaml set: - argo-workflows.controller.workflowDefaults.spec.artifactRepositoryRef.configMap: "some-other-configmap" + codefreshWorkflowLogStoreCM.enabled: false asserts: - hasDocuments: count: 0 -- it: Should only create the configmap when the workflowDefaults.artifactRepositoryRef.configMap is set to codefresh-workflows-log-store +- it: Should only create the configmap when enabled template: 'codefresh-workflow-log-store.yaml' values: - ./values/mandatory-values.yaml set: - argo-workflows.controller.workflowDefaults.spec.artifactRepositoryRef.configMap: "codefresh-workflows-log-store" + codefreshWorkflowLogStoreCM.enabled: true asserts: - hasDocuments: count: 1 @@ -28,8 +28,40 @@ tests: values: - ./values/mandatory-values.yaml set: - argo-workflows.controller.workflowDefaults.spec.artifactRepositoryRef.configMap: "codefresh-workflows-log-store" + codefreshWorkflowLogStoreCM.enabled: true global.codefresh.accountId: "" asserts: - failedTemplate: - errorMessage: 'global.codefresh.accountId is required' + errorMessage: 'global.codefresh.accountId is required if codefreshWorkflowLogStoreCM is enabled' + +- it: ConfigMap data populated with the correct values + template: 'codefresh-workflow-log-store.yaml' + values: + - ./values/mandatory-values.yaml + set: + global: + runtime: + name: test-runtime + codefreshWorkflowLogStoreCM.enabled: true + global.codefresh.accountId: "test-account" + codefreshWorkflowLogStoreCM: + enabled: true + endpoint: test.codefresh.io + insecure: true + asserts: + - equal: + path: data + value: + codefresh-workflows-log-store: | + archiveLogs: true + s3: + bucket: test-account + endpoint: test.codefresh.io + insecure: true + keyFormat: test-runtime/{{workflow.name}}/{{pod.name}} + accessKeySecret: + name: codefresh-token + key: token + secretKeySecret: + name: codefresh-token + key: token diff --git a/charts/gitops-runtime/values.yaml b/charts/gitops-runtime/values.yaml index cd9e4dd3..69f534de 100644 --- a/charts/gitops-runtime/values.yaml +++ b/charts/gitops-runtime/values.yaml @@ -317,15 +317,12 @@ argo-workflows: workflowDefaults: spec: archiveLogs: true - # -- By default artifact repository is set to a Codefresh provided repository. For data privacy it is reccommended to set your own artifact repository. For instructions see: https://argo-workflows.readthedocs.io/en/latest/configure-artifact-repository/#configuring-your-artifact-repository - artifactRepositoryRef: - configMap: codefresh-workflows-log-store - key: codefresh-workflows-log-store - # -- Argo workflows logs storage on Codefresh platform settings. Don't change unless instructed by Codefresh support. - codefreshWorkflowLogs: - endpoint: gitops-workflow-logs.codefresh.io - insecure: false +# -- Argo workflows logs storage on Codefresh platform settings. Don't change unless instructed by Codefresh support. +codefreshWorkflowLogStoreCM: + enabled: true + endpoint: gitops-workflow-logs.codefresh.io + insecure: false #----------------------------------------------------------------------------------------------------------------------- # Argo rollouts #----------------------------------------------------------------------------------------------------------------------- From 4129ada4a4a8f1207917a4686cca9047d4d98907 Mon Sep 17 00:00:00 2001 From: Ilia Medvedev Date: Tue, 20 May 2025 09:50:23 +0300 Subject: [PATCH 49/49] format logs --- charts/gitops-runtime/README.md | 13 +++++++++++-- charts/gitops-runtime/README.md.gotmpl | 14 ++++++++++++-- 2 files changed, 23 insertions(+), 4 deletions(-) diff --git a/charts/gitops-runtime/README.md b/charts/gitops-runtime/README.md index c7919b02..7328c7ed 100644 --- a/charts/gitops-runtime/README.md +++ b/charts/gitops-runtime/README.md @@ -18,8 +18,17 @@ Prior to running the installation please see the official documentation at: http ## Argo-workflows artifact and log storage Codefresh provides a SaaS object storage based solution for Argo workflows logs storage. The chart deploys a configmap named `codefresh-workflows-log-store` with the repository configuration. -If you want to utilize the Codefresh SaaS solution for log storage for all workflows in the runtime please set `argo-workflows.controller.workflowDefaults.spec.artifactRepository.configMap` to `codefresh-workflows-log-store` and `argo-workflows.controller.workflowDefaults.spec.artifactRepository.key` -to `codefresh-workflows-log-store` as well. +If you want to utilize the Codefresh SaaS solution for log storage for all workflows in the runtime please set the following values: + +```yaml +argo-workflows: + controller: + workflowDefaults: + spec: + artifactRepository: + configMap: codefresh-workflows-log-store + key: codefresh-workflows-log-store +``` > [!WARNING] > It's highly recommended to use your own artifact storage for data privacy reasons. diff --git a/charts/gitops-runtime/README.md.gotmpl b/charts/gitops-runtime/README.md.gotmpl index cf2b4153..fe36e8a6 100644 --- a/charts/gitops-runtime/README.md.gotmpl +++ b/charts/gitops-runtime/README.md.gotmpl @@ -18,8 +18,18 @@ Prior to running the installation please see the official documentation at: http ## Argo-workflows artifact and log storage Codefresh provides a SaaS object storage based solution for Argo workflows logs storage. The chart deploys a configmap named `codefresh-workflows-log-store` with the repository configuration. -If you want to utilize the Codefresh SaaS solution for log storage for all workflows in the runtime please set `argo-workflows.controller.workflowDefaults.spec.artifactRepository.configMap` to `codefresh-workflows-log-store` and `argo-workflows.controller.workflowDefaults.spec.artifactRepository.key` -to `codefresh-workflows-log-store` as well. +If you want to utilize the Codefresh SaaS solution for log storage for all workflows in the runtime please set the following values: + +```yaml +argo-workflows: + controller: + workflowDefaults: + spec: + artifactRepository: + configMap: codefresh-workflows-log-store + key: codefresh-workflows-log-store +``` + > [!WARNING] > It's highly recommended to use your own artifact storage for data privacy reasons.