From 69a570bfb9631e50918485d40a1c778e42e158af Mon Sep 17 00:00:00 2001 From: Noam Gal Date: Fri, 25 Apr 2025 11:12:56 +0300 Subject: [PATCH 1/7] feat: add Argo CD version check and validation in pre-install hook Enhance the pre-install hook to include a version check for Argo CD. This change introduces environment variables for Argo CD service discovery and version validation, ensuring compatibility with the required version constraint. Additionally, update the Dockerfile to install necessary dependencies for the validation process. --- .../hooks/pre-install/validate-values.yaml | 84 ++++++++++++++++++- charts/gitops-runtime/values.yaml | 14 ++++ installer-image/Dockerfile | 3 +- 3 files changed, 97 insertions(+), 4 deletions(-) diff --git a/charts/gitops-runtime/templates/hooks/pre-install/validate-values.yaml b/charts/gitops-runtime/templates/hooks/pre-install/validate-values.yaml index 543c124b..f5a30745 100644 --- a/charts/gitops-runtime/templates/hooks/pre-install/validate-values.yaml +++ b/charts/gitops-runtime/templates/hooks/pre-install/validate-values.yaml @@ -31,15 +31,93 @@ spec: image: "{{ .Values.installer.image.repository }}:{{ .Values.installer.image.tag | default .Chart.Version }}" imagePullPolicy: {{ .Values.installer.image.pullPolicy }} env: + - name: ARGOCD_LABELS + value: "{{ range $k, $v := .Values.installer.argoCdVersionCheck.argoServerLabels }}{{ $k }}={{ $v }},{{ end }}" + - name: ARGOCD_VERSION_PATH + value: {{ .Values.installer.argoCdVersionCheck.versionPath | default "/api/version" }} + - name: ARGOCD_SCHEME + value: {{ .Values.installer.argoCdVersionCheck.scheme | default "http" }} + - name: ARGOCD_INSECURE + value: {{ .Values.installer.argoCdVersionCheck.insecureSkipVerify | default false | quote }} + - name: REQUIRED_VERSION_CONSTRAINT + value: ">=2.12 <3" - name: NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - - name: VERSION + - name: CHART_VERSION value: {{ .Chart.Version }} command: ["sh", "-c"] - args: - - cf helm validate --values /job_tmp/values.yaml --namespace ${NAMESPACE} --version ${VERSION} --hook --log-level debug + args: + - | + # --- Service Discovery and Version Fetching --- + # (This part remains the same as the previous version) + CLEAN_LABELS=$(echo "$ARGOCD_LABELS" | sed 's/,$//') + echo "Searching for Argo CD service in namespace '$NAMESPACE' with labels '$CLEAN_LABELS'" + SERVICE_INFO=$(kubectl get svc -n "$NAMESPACE" -l "$CLEAN_LABELS" -o json) + SERVICE_COUNT=$(echo "$SERVICE_INFO" | jq '.items | length') + + if [ "$SERVICE_COUNT" -eq 0 ]; then + echo "Error: No Argo CD service found matching labels '$CLEAN_LABELS' in namespace '$NAMESPACE'." + exit 1 + elif [ "$SERVICE_COUNT" -gt 1 ]; then + echo "Warning: Found multiple services matching labels '$CLEAN_LABELS'. Using the first one found." + fi + + SERVICE_NAME=$(echo "$SERVICE_INFO" | jq -r '.items[0].metadata.name') + SERVICE_PORT=$(echo "$SERVICE_INFO" | jq -r '.items[0].spec.ports[0].port') + + if [ -z "$SERVICE_NAME" ] || [ "$SERVICE_NAME" = "null" ] || [ -z "$SERVICE_PORT" ] || [ "$SERVICE_PORT" = "null" ]; then + echo "Error: Could not extract service name or port from the found service." + exit 1 + fi + + echo "Found Argo CD service '$SERVICE_NAME' on port '$SERVICE_PORT'" + TARGET_URL="${ARGOCD_SCHEME}://${SERVICE_NAME}.${NAMESPACE}.svc.cluster.local:${SERVICE_PORT}${ARGOCD_VERSION_PATH}" + echo "Checking Argo CD version via API: $TARGET_URL" + + CURL_OPTS="-sS --fail --connect-timeout 10" + if [ "$ARGOCD_SCHEME" = "https" ] && [ "$ARGOCD_INSECURE" = "true" ]; then + CURL_OPTS="$CURL_OPTS -k" + fi + + VERSION_JSON=$(curl $CURL_OPTS "$TARGET_URL") + CURL_EXIT_CODE=$? + + if [ $CURL_EXIT_CODE -ne 0 ]; then + echo "Error: Failed to connect to Argo CD API at $TARGET_URL (curl exit code: $CURL_EXIT_CODE)." + exit 1 + fi + + VERSION_STRING=$(echo "$VERSION_JSON" | jq -r '.Version') + + if [ -z "$VERSION_STRING" ] || [ "$VERSION_STRING" = "null" ]; then + echo "Error: Could not parse '.Version' field from API response using jq." + echo "Response JSON: $VERSION_JSON" + exit 1 + fi + + # Clean potential 'v' prefix for semver tool + CLEAN_VERSION_STRING=${VERSION_STRING#v} + + echo "Found Argo CD version string: $VERSION_STRING (using $CLEAN_VERSION_STRING for check)" + echo "Required version constraint: $REQUIRED_VERSION_CONSTRAINT" + + # --- Semver Check (using semver CLI) --- + echo "Performing semver check using 'semver' CLI..." + # The semver command will exit non-zero if the version doesn't satisfy the range. + # 'set -e' will cause the script to exit immediately if semver fails. + if semver "$CLEAN_VERSION_STRING" --range "$REQUIRED_VERSION_CONSTRAINT"; then + echo "Argo CD version $VERSION_STRING satisfies range '$REQUIRED_VERSION_CONSTRAINT'." + else + echo "Error: Argo CD version $VERSION_STRING does not satisfy required range '$REQUIRED_VERSION_CONSTRAINT'." + exit 1 # Explicitly exit 1 for clarity, though 'set -e' would handle it + fi + + # --- Helm Values Validation (cf cli) --- + # This part only runs if the semver check passes + echo "Argo CD version check passed. Validating helm values using cf cli..." + cf helm validate --values /job_tmp/values.yaml --namespace ${NAMESPACE} --version ${CHART_VERSION} --hook --log-level debug volumeMounts: - name: customized-values mountPath: "/job_tmp" diff --git a/charts/gitops-runtime/values.yaml b/charts/gitops-runtime/values.yaml index 2378c623..3220351e 100644 --- a/charts/gitops-runtime/values.yaml +++ b/charts/gitops-runtime/values.yaml @@ -182,6 +182,20 @@ installer: tag: "" pullPolicy: IfNotPresent + argoCdVersionCheck: + enabled: true + # Labels to find the Argo CD API server service + # Note: Typically the 'server' component provides the API, not 'repo-server'. Adjust if needed. + argoServerLabels: + app.kubernetes.io/component: server + app.kubernetes.io/part-of: argocd + # API path to get version info + versionPath: /api/version + # Scheme to use (http or https). Dynamic detection is complex, assuming http. + scheme: http + # Set to true if using https with self-signed certs and want to skip verification + insecureSkipVerify: false + # ----------------------------------------------------------------------------------------------------------------------- # Sealed secrets # ----------------------------------------------------------------------------------------------------------------------- diff --git a/installer-image/Dockerfile b/installer-image/Dockerfile index ef59d98e..651ae6d6 100644 --- a/installer-image/Dockerfile +++ b/installer-image/Dockerfile @@ -6,7 +6,8 @@ RUN echo 'debconf debconf/frontend select Noninteractive' | debconf-set-selectio ARG CF_CLI_VERSION=v0.2.6 ARG TARGETARCH -RUN apt-get update && apt-get install curl -y +RUN apt-get update && apt-get install curl nodejs npm -y +RUN npm install --global semver RUN curl -L --output - https://github.com/codefresh-io/cli-v2/releases/download/${CF_CLI_VERSION}/cf-linux-${TARGETARCH}.tar.gz | tar zx && mv ./cf-linux-${TARGETARCH} /usr/local/bin/cf COPY --from=bitnami/kubectl:1.32.3 /opt/bitnami/kubectl/bin/kubectl /usr/local/bin/ From 607e523207370e9b25f6a1433480c8ed614925f4 Mon Sep 17 00:00:00 2001 From: Noam Gal Date: Fri, 25 Apr 2025 11:34:58 +0300 Subject: [PATCH 2/7] added "yaml embedded languages" comment that's a very handy trick, thanks. --- .../templates/hooks/pre-install/validate-values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/gitops-runtime/templates/hooks/pre-install/validate-values.yaml b/charts/gitops-runtime/templates/hooks/pre-install/validate-values.yaml index f5a30745..177b1198 100644 --- a/charts/gitops-runtime/templates/hooks/pre-install/validate-values.yaml +++ b/charts/gitops-runtime/templates/hooks/pre-install/validate-values.yaml @@ -49,7 +49,7 @@ spec: value: {{ .Chart.Version }} command: ["sh", "-c"] args: - - | + - | # shell # --- Service Discovery and Version Fetching --- # (This part remains the same as the previous version) CLEAN_LABELS=$(echo "$ARGOCD_LABELS" | sed 's/,$//') From 29b4fc84d11e002e5ee25f96c4e421b8aa5e5c69 Mon Sep 17 00:00:00 2001 From: Noam Gal Date: Sat, 26 Apr 2025 12:30:18 +0300 Subject: [PATCH 3/7] feat: update Argo CD version check to use semver-cli Replace the semver command with semver-cli for version validation in the pre-install hook. This change ensures compatibility with the latest versioning standards and improves the reliability of version checks. --- .../templates/hooks/pre-install/validate-values.yaml | 2 +- installer-image/Dockerfile | 9 +++++++-- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/charts/gitops-runtime/templates/hooks/pre-install/validate-values.yaml b/charts/gitops-runtime/templates/hooks/pre-install/validate-values.yaml index 177b1198..4a54e7d6 100644 --- a/charts/gitops-runtime/templates/hooks/pre-install/validate-values.yaml +++ b/charts/gitops-runtime/templates/hooks/pre-install/validate-values.yaml @@ -107,7 +107,7 @@ spec: echo "Performing semver check using 'semver' CLI..." # The semver command will exit non-zero if the version doesn't satisfy the range. # 'set -e' will cause the script to exit immediately if semver fails. - if semver "$CLEAN_VERSION_STRING" --range "$REQUIRED_VERSION_CONSTRAINT"; then + if semver-cli satisfies "$CLEAN_VERSION_STRING" "$REQUIRED_VERSION_CONSTRAINT"; then echo "Argo CD version $VERSION_STRING satisfies range '$REQUIRED_VERSION_CONSTRAINT'." else echo "Error: Argo CD version $VERSION_STRING does not satisfy required range '$REQUIRED_VERSION_CONSTRAINT'." diff --git a/installer-image/Dockerfile b/installer-image/Dockerfile index 651ae6d6..9cf0f7b2 100644 --- a/installer-image/Dockerfile +++ b/installer-image/Dockerfile @@ -1,3 +1,8 @@ +FROM golang:1.24 as go-build + +RUN go install github.com/davidrjonas/semver-cli@latest \ + && cp $GOPATH/bin/semver-cli /usr/local/bin/ + #bookworm-slim FROM debian:12.10-slim @@ -6,9 +11,9 @@ RUN echo 'debconf debconf/frontend select Noninteractive' | debconf-set-selectio ARG CF_CLI_VERSION=v0.2.6 ARG TARGETARCH -RUN apt-get update && apt-get install curl nodejs npm -y -RUN npm install --global semver +RUN apt-get update && apt-get install curl -y RUN curl -L --output - https://github.com/codefresh-io/cli-v2/releases/download/${CF_CLI_VERSION}/cf-linux-${TARGETARCH}.tar.gz | tar zx && mv ./cf-linux-${TARGETARCH} /usr/local/bin/cf +COPY --from=go-build /usr/local/bin/semver-cli /usr/local/bin/semver-cli COPY --from=bitnami/kubectl:1.32.3 /opt/bitnami/kubectl/bin/kubectl /usr/local/bin/ RUN adduser --shell /bin/bash codefresh From 946adb6052472858e27cd446d28c0e4294e53881 Mon Sep 17 00:00:00 2001 From: Noam Gal Date: Sun, 27 Apr 2025 13:33:16 +0300 Subject: [PATCH 4/7] bump From 05c70fce756295d51712df4aefeef48e9db8eb37 Mon Sep 17 00:00:00 2001 From: Noam Gal Date: Sun, 27 Apr 2025 16:41:45 +0300 Subject: [PATCH 5/7] fix: update golang version and install additional packages in Dockerfile Updated the golang base image to version 1.24.2 and added 'jq' to the apt-get install command to support JSON processing in subsequent scripts. This ensures compatibility and enhances functionality. --- installer-image/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/installer-image/Dockerfile b/installer-image/Dockerfile index 9cf0f7b2..f164c094 100644 --- a/installer-image/Dockerfile +++ b/installer-image/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.24 as go-build +FROM golang:1.24.2 AS go-build RUN go install github.com/davidrjonas/semver-cli@latest \ && cp $GOPATH/bin/semver-cli /usr/local/bin/ @@ -11,7 +11,7 @@ RUN echo 'debconf debconf/frontend select Noninteractive' | debconf-set-selectio ARG CF_CLI_VERSION=v0.2.6 ARG TARGETARCH -RUN apt-get update && apt-get install curl -y +RUN apt-get update && apt-get install curl jq -y RUN curl -L --output - https://github.com/codefresh-io/cli-v2/releases/download/${CF_CLI_VERSION}/cf-linux-${TARGETARCH}.tar.gz | tar zx && mv ./cf-linux-${TARGETARCH} /usr/local/bin/cf COPY --from=go-build /usr/local/bin/semver-cli /usr/local/bin/semver-cli COPY --from=bitnami/kubectl:1.32.3 /opt/bitnami/kubectl/bin/kubectl /usr/local/bin/ From 0d6ce5fa794dd245a05b72c5aabd9fd7652ca778 Mon Sep 17 00:00:00 2001 From: Noam Gal Date: Mon, 28 Apr 2025 14:10:13 +0300 Subject: [PATCH 6/7] feat: enhance Argo CD version check with improved validation logic Refactor the Argo CD version check in the pre-install hook to include additional validation functions. This change introduces a more robust method for fetching and validating the Argo CD service information and version, ensuring compliance with specified version constraints. The configuration options for the version check have also been streamlined in the values.yaml file. --- .../hooks/pre-install/validate-values.yaml | 198 +++++++++++------- charts/gitops-runtime/values.yaml | 8 - 2 files changed, 124 insertions(+), 82 deletions(-) diff --git a/charts/gitops-runtime/templates/hooks/pre-install/validate-values.yaml b/charts/gitops-runtime/templates/hooks/pre-install/validate-values.yaml index 4a54e7d6..5c22f470 100644 --- a/charts/gitops-runtime/templates/hooks/pre-install/validate-values.yaml +++ b/charts/gitops-runtime/templates/hooks/pre-install/validate-values.yaml @@ -31,92 +31,142 @@ spec: image: "{{ .Values.installer.image.repository }}:{{ .Values.installer.image.tag | default .Chart.Version }}" imagePullPolicy: {{ .Values.installer.image.pullPolicy }} env: - - name: ARGOCD_LABELS - value: "{{ range $k, $v := .Values.installer.argoCdVersionCheck.argoServerLabels }}{{ $k }}={{ $v }},{{ end }}" - - name: ARGOCD_VERSION_PATH - value: {{ .Values.installer.argoCdVersionCheck.versionPath | default "/api/version" }} - - name: ARGOCD_SCHEME - value: {{ .Values.installer.argoCdVersionCheck.scheme | default "http" }} - - name: ARGOCD_INSECURE - value: {{ .Values.installer.argoCdVersionCheck.insecureSkipVerify | default false | quote }} - - name: REQUIRED_VERSION_CONSTRAINT - value: ">=2.12 <3" - name: NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: CHART_VERSION value: {{ .Chart.Version }} +{{- if not (get .Values "argo-cd").enabled }} + - name: ARGOCD_LABELS + value: "{{ range $k, $v := .Values.installer.argoCdVersionCheck.argoServerLabels }}{{ $k }}={{ $v }},{{ end }}" + - name: ARGOCD_VERSION_PATH + value: "/api/version" + - name: REQUIRED_VERSION_CONSTRAINT + value: ">=2.12 <3" +{{- end }} command: ["sh", "-c"] args: - | # shell - # --- Service Discovery and Version Fetching --- - # (This part remains the same as the previous version) - CLEAN_LABELS=$(echo "$ARGOCD_LABELS" | sed 's/,$//') - echo "Searching for Argo CD service in namespace '$NAMESPACE' with labels '$CLEAN_LABELS'" - SERVICE_INFO=$(kubectl get svc -n "$NAMESPACE" -l "$CLEAN_LABELS" -o json) - SERVICE_COUNT=$(echo "$SERVICE_INFO" | jq '.items | length') - - if [ "$SERVICE_COUNT" -eq 0 ]; then - echo "Error: No Argo CD service found matching labels '$CLEAN_LABELS' in namespace '$NAMESPACE'." - exit 1 - elif [ "$SERVICE_COUNT" -gt 1 ]; then - echo "Warning: Found multiple services matching labels '$CLEAN_LABELS'. Using the first one found." - fi - - SERVICE_NAME=$(echo "$SERVICE_INFO" | jq -r '.items[0].metadata.name') - SERVICE_PORT=$(echo "$SERVICE_INFO" | jq -r '.items[0].spec.ports[0].port') - - if [ -z "$SERVICE_NAME" ] || [ "$SERVICE_NAME" = "null" ] || [ -z "$SERVICE_PORT" ] || [ "$SERVICE_PORT" = "null" ]; then - echo "Error: Could not extract service name or port from the found service." - exit 1 - fi - - echo "Found Argo CD service '$SERVICE_NAME' on port '$SERVICE_PORT'" - TARGET_URL="${ARGOCD_SCHEME}://${SERVICE_NAME}.${NAMESPACE}.svc.cluster.local:${SERVICE_PORT}${ARGOCD_VERSION_PATH}" - echo "Checking Argo CD version via API: $TARGET_URL" - - CURL_OPTS="-sS --fail --connect-timeout 10" - if [ "$ARGOCD_SCHEME" = "https" ] && [ "$ARGOCD_INSECURE" = "true" ]; then - CURL_OPTS="$CURL_OPTS -k" - fi - - VERSION_JSON=$(curl $CURL_OPTS "$TARGET_URL") - CURL_EXIT_CODE=$? - - if [ $CURL_EXIT_CODE -ne 0 ]; then - echo "Error: Failed to connect to Argo CD API at $TARGET_URL (curl exit code: $CURL_EXIT_CODE)." - exit 1 - fi - - VERSION_STRING=$(echo "$VERSION_JSON" | jq -r '.Version') - - if [ -z "$VERSION_STRING" ] || [ "$VERSION_STRING" = "null" ]; then - echo "Error: Could not parse '.Version' field from API response using jq." - echo "Response JSON: $VERSION_JSON" - exit 1 - fi - - # Clean potential 'v' prefix for semver tool - CLEAN_VERSION_STRING=${VERSION_STRING#v} - - echo "Found Argo CD version string: $VERSION_STRING (using $CLEAN_VERSION_STRING for check)" - echo "Required version constraint: $REQUIRED_VERSION_CONSTRAINT" - - # --- Semver Check (using semver CLI) --- - echo "Performing semver check using 'semver' CLI..." - # The semver command will exit non-zero if the version doesn't satisfy the range. - # 'set -e' will cause the script to exit immediately if semver fails. - if semver-cli satisfies "$CLEAN_VERSION_STRING" "$REQUIRED_VERSION_CONSTRAINT"; then - echo "Argo CD version $VERSION_STRING satisfies range '$REQUIRED_VERSION_CONSTRAINT'." - else - echo "Error: Argo CD version $VERSION_STRING does not satisfy required range '$REQUIRED_VERSION_CONSTRAINT'." - exit 1 # Explicitly exit 1 for clarity, though 'set -e' would handle it - fi +{{- if not (get .Values "argo-cd").enabled }} + # Function to find Argo CD service and export its name and port + get_argocd_service_info() { + local service_info + local service_count + + # Clean labels + CLEAN_LABELS=$(echo "$ARGOCD_LABELS" | sed 's/,$//') + + echo "Searching for Argo CD service in namespace '$NAMESPACE' with labels '$CLEAN_LABELS'" + service_info=$(kubectl get svc -n "$NAMESPACE" -l "$CLEAN_LABELS" -o json) + service_count=$(echo "$service_info" | jq '.items | length') + + if [ "$service_count" -eq 0 ]; then + echo "Error: No Argo CD service found matching labels '$CLEAN_LABELS' in namespace '$NAMESPACE'." + exit 1 + elif [ "$service_count" -gt 1 ]; then + echo "Warning: Found multiple services matching labels '$CLEAN_LABELS'. Using the first one found." + fi + + # Set global variables + SERVICE_NAME=$(echo "$service_info" | jq -r '.items[0].metadata.name') + SERVICE_PORT=$(echo "$service_info" | jq -r '.items[0].spec.ports[0].port') + + if [ -z "$SERVICE_NAME" ] || [ "$SERVICE_NAME" = "null" ] || [ -z "$SERVICE_PORT" ] || [ "$SERVICE_PORT" = "null" ]; then + echo "Error: Could not extract service name or port from the found service." + exit 1 + fi + + echo "Found Argo CD service '$SERVICE_NAME' on port '$SERVICE_PORT'" + } + + # Function to get and normalize the Argo CD root path + get_argocd_root_path() { + local root_path + + echo "Fetching Argo CD root path from ConfigMap '$ARGOCD_CM_PARAMS_NAME' in namespace '$NAMESPACE'..." + root_path=$(kubectl get configmap "$ARGOCD_CM_PARAMS_NAME" -n "$NAMESPACE" -o jsonpath='{.data.server\.rootpath}' 2>/dev/null || echo "") + + if [ -n "$root_path" ] && [ "$root_path" != "/" ]; then + root_path=$(echo "$root_path" | sed 's:/*$::') # Remove trailing slash + [ "${root_path#\/}" = "$root_path" ] && root_path="/$root_path" # Add leading slash if missing + elif [ "$root_path" = "/" ]; then + root_path="" # Treat as empty for URL construction + else + echo "Warning: 'server.rootpath' not found in ConfigMap '$ARGOCD_CM_PARAMS_NAME' or ConfigMap not found. Assuming default root path '/'. " + root_path="" # Default to empty string + fi + + # Set global variable + ARGOCD_ROOT_PATH="$root_path" + echo "Using Argo CD root path: '${ARGOCD_ROOT_PATH:-/}'" + } + + # Function to get the Argo CD version string via API + get_argocd_version_string() { + # Local variables for values obtained internally + local api_full_path + local target_url + local curl_opts + local version_json + local curl_exit_code + + # Call functions to get required info - they set global vars + # We'll use the global vars directly after calling + get_argocd_service_info + get_argocd_root_path + + # Construct Target URL using the globally set variables + api_full_path=$(echo "${ARGOCD_ROOT_PATH}${ARGOCD_VERSION_PATH}" | sed 's://:/:g') + target_url="http://${SERVICE_NAME}.${NAMESPACE}.svc.cluster.local:${SERVICE_PORT}${api_full_path}" + echo "Checking Argo CD version via API: $target_url" + + # Curl Execution + curl_opts="-sS --fail --connect-timeout 10 -L -k" # Base options, follow redirects + version_json=$(curl $curl_opts "$target_url") + curl_exit_code=$? + + if [ $curl_exit_code -ne 0 ]; then + echo "Error: Failed to connect to Argo CD API at $target_url (curl exit code: $curl_exit_code)." + exit 1 + fi + + # Version Parsing - Set global variable + VERSION_STRING=$(echo "$version_json" | jq -r '.Version') + if [ -z "$VERSION_STRING" ] || [ "$VERSION_STRING" = "null" ]; then + echo "Error: Could not parse '.Version' field from API response using jq." + echo "Response JSON: $version_json" + exit 1 + fi + } + + # Function to validate Argo CD version and perform semver check + validate_argocd_version() { + # Call function to get version string (sets VERSION_STRING) + # This function now internally calls get_argocd_service_info and get_argocd_root_path + get_argocd_version_string + + # Clean potential 'v' prefix for semver tool + CLEAN_VERSION_STRING=${VERSION_STRING#v} + + echo "Found Argo CD version string: $VERSION_STRING (using $CLEAN_VERSION_STRING for check)" + echo "Required version constraint: $REQUIRED_VERSION_CONSTRAINT" + + # --- Semver Check (using semver CLI) --- + echo "Performing semver check using 'semver-cli'..." + if semver-cli satisfies "$CLEAN_VERSION_STRING" "$REQUIRED_VERSION_CONSTRAINT"; then + echo "Argo CD version $VERSION_STRING satisfies range '$REQUIRED_VERSION_CONSTRAINT'." + else + echo "Error: Argo CD version $VERSION_STRING does not satisfy required range '$REQUIRED_VERSION_CONSTRAINT'." + exit 1 + fi + } + + validate_argocd_version # --- Helm Values Validation (cf cli) --- - # This part only runs if the semver check passes echo "Argo CD version check passed. Validating helm values using cf cli..." +{{- end }} cf helm validate --values /job_tmp/values.yaml --namespace ${NAMESPACE} --version ${CHART_VERSION} --hook --log-level debug volumeMounts: - name: customized-values diff --git a/charts/gitops-runtime/values.yaml b/charts/gitops-runtime/values.yaml index 3220351e..517e9b1c 100644 --- a/charts/gitops-runtime/values.yaml +++ b/charts/gitops-runtime/values.yaml @@ -183,18 +183,10 @@ installer: pullPolicy: IfNotPresent argoCdVersionCheck: - enabled: true # Labels to find the Argo CD API server service - # Note: Typically the 'server' component provides the API, not 'repo-server'. Adjust if needed. argoServerLabels: app.kubernetes.io/component: server app.kubernetes.io/part-of: argocd - # API path to get version info - versionPath: /api/version - # Scheme to use (http or https). Dynamic detection is complex, assuming http. - scheme: http - # Set to true if using https with self-signed certs and want to skip verification - insecureSkipVerify: false # ----------------------------------------------------------------------------------------------------------------------- # Sealed secrets From 18412d0128756a9ed16b43367051aeb55cda06ba Mon Sep 17 00:00:00 2001 From: Noam Gal Date: Tue, 29 Apr 2025 15:59:29 +0300 Subject: [PATCH 7/7] simplified templating, check for ARGOCD_CHECK_VERSION at run time --- .../templates/hooks/pre-install/validate-values.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/charts/gitops-runtime/templates/hooks/pre-install/validate-values.yaml b/charts/gitops-runtime/templates/hooks/pre-install/validate-values.yaml index 5c22f470..9b86b81e 100644 --- a/charts/gitops-runtime/templates/hooks/pre-install/validate-values.yaml +++ b/charts/gitops-runtime/templates/hooks/pre-install/validate-values.yaml @@ -37,18 +37,17 @@ spec: fieldPath: metadata.namespace - name: CHART_VERSION value: {{ .Chart.Version }} -{{- if not (get .Values "argo-cd").enabled }} + - name: ARGOCD_CHECK_VERSION + value: {{ not (get .Values "argo-cd").enabled | quote }} - name: ARGOCD_LABELS value: "{{ range $k, $v := .Values.installer.argoCdVersionCheck.argoServerLabels }}{{ $k }}={{ $v }},{{ end }}" - name: ARGOCD_VERSION_PATH value: "/api/version" - name: REQUIRED_VERSION_CONSTRAINT value: ">=2.12 <3" -{{- end }} command: ["sh", "-c"] args: - | # shell -{{- if not (get .Values "argo-cd").enabled }} # Function to find Argo CD service and export its name and port get_argocd_service_info() { local service_info @@ -162,11 +161,12 @@ spec: fi } - validate_argocd_version + if [ "$ARGOCD_CHECK_VERSION" = "true" ]; then + validate_argocd_version + fi # --- Helm Values Validation (cf cli) --- echo "Argo CD version check passed. Validating helm values using cf cli..." -{{- end }} cf helm validate --values /job_tmp/values.yaml --namespace ${NAMESPACE} --version ${CHART_VERSION} --hook --log-level debug volumeMounts: - name: customized-values