diff --git a/.github/workflows/component-test.yaml b/.github/workflows/component-test.yaml deleted file mode 100644 index 7a9a134a5..000000000 --- a/.github/workflows/component-test.yaml +++ /dev/null @@ -1,74 +0,0 @@ -# File: .github/workflows/docker-go-build.yml -name: gitops-runtime-helm - -on: - push: - branches: - - main - - 'stable/*' - - 'monthly/*' - pull_request: - branches: - - main - - 'stable/*' - - 'monthly/*' - -jobs: - component-test: - if : false # temporarily disable component tests - runs-on: ubuntu-latest - - env: - DOCKER_CLI_EXPERIMENTAL: enabled - # Enable BuildKit - DOCKER_BUILDKIT: 1 - - steps: - - name: Checkout Repository - uses: actions/checkout@v4 - - - name: Set up QEMU - uses: docker/setup-qemu-action@v3 - - - name: Set up Docker Buildx - id: buildx - uses: docker/setup-buildx-action@v3 - - name: Set up kubectl - uses: azure/setup-kubectl@v3 - with: - version: 'v1.29.0' - - name: Install K3d - run: | - curl -s https://raw.githubusercontent.com/k3d-io/k3d/main/install.sh | bash - k3d --version - - - name: Create K3d cluster - run: | - k3d cluster create test-cluster --wait - kubectl get nodes - - - name: install kuttl - run: | - mkdir -p ./bin - curl -L https://github.com/kudobuilder/kuttl/releases/download/v0.22.0/kubectl-kuttl_0.22.0_linux_x86_64 -o ./bin/kuttl; - - chmod +x ./bin/kuttl; - - name: Install jq - run: | - sudo apt-get update - sudo apt-get install -y jq - - name: install helm - run: | - curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 - - chmod 700 get_helm.sh - - ./get_helm.sh - helm repo add gitea-charts https://dl.gitea.com/charts/ - helm repo add mockserver https://www.mock-server.com - - - - - name: Run KUTTL tests - run: | - cd tests/component-tests && ./../../bin/kuttl test --parallel 1 --start-kind=false --namespace e2e-test --config startup.yaml diff --git a/charts/gitops-runtime/Chart.yaml b/charts/gitops-runtime/Chart.yaml index 84ca5ffd0..22de01cfa 100644 --- a/charts/gitops-runtime/Chart.yaml +++ b/charts/gitops-runtime/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: 0.1.72 +appVersion: 0.2.3 description: A Helm chart for Codefresh gitops runtime name: gitops-runtime -version: 0.0.0 +version: 0.29.17 home: https://github.com/codefresh-io/gitops-runtime-helm icon: https://avatars1.githubusercontent.com/u/11412079?v=3 keywords: @@ -13,22 +13,33 @@ maintainers: url: https://codefresh-io.github.io/ annotations: artifacthub.io/alternativeName: "codefresh-gitops-runtime" + artifacthub.io/containsSecurityUpdates: "true" + # Supported kinds: `added`, `changed`, `deprecated`, `removed`, `fixed`, `security`: + artifacthub.io/changes: |- + - kind: security + description: 'Update "codefresh-tunnel-client" to 0.1.25. Security fixes' + - kind: security + description: 'Update "nginx-unprivileged" to 1.31.2-alpine3.23. Security fixes' + - kind: security + description: 'Update "alpine/kubectl" to 1.36.2. Security fixes' dependencies: + # The image for this chart was overridden because argocd doesn’t release the chart for 3.3.10 version. + # Don't forget to remove the image override after updating to a new version of the chart. - name: argo-cd repository: https://argoproj.github.io/argo-helm condition: argo-cd.enabled - version: 9.4.4 + version: 9.5.11 - name: argo-workflows repository: https://codefresh-io.github.io/argo-helm - version: 0.45.18-v3.6.7-cap-CR-32333 + version: 0.45.23-v3.6.7-cap-CFS-7012 condition: argo-workflows.enabled - name: sealed-secrets - repository: https://bitnami-labs.github.io/sealed-secrets/ + repository: https://bitnami.github.io/sealed-secrets/ version: 2.18.0 condition: sealed-secrets.enabled - name: codefresh-tunnel-client repository: oci://quay.io/codefresh/charts - version: 0.1.24 + version: 0.1.25 alias: tunnel-client condition: tunnel-client.enabled - name: redis-ha diff --git a/charts/gitops-runtime/README.md b/charts/gitops-runtime/README.md index 413b8ad95..ccc25f22c 100644 --- a/charts/gitops-runtime/README.md +++ b/charts/gitops-runtime/README.md @@ -1,5 +1,5 @@ ## Codefresh gitops runtime -![Version: 0.0.0](https://img.shields.io/badge/Version-0.0.0-informational?style=flat-square) ![AppVersion: 0.1.72](https://img.shields.io/badge/AppVersion-0.1.72-informational?style=flat-square) +![Version: 0.29.16](https://img.shields.io/badge/Version-0.29.16-informational?style=flat-square) ![AppVersion: 0.2.3](https://img.shields.io/badge/AppVersion-0.2.3-informational?style=flat-square) ## Table of Content @@ -8,6 +8,7 @@ - [Codefresh official documentation](#codefresh-official-documentation) - [Argo-workflows artifact and log storage](#argo-workflows-artifact-and-log-storage) - [Installation with External ArgoCD](#installation-with-external-argocd) + - [ArgoCD compatibility](#argocd-compatibility) - [Using with private registries - Helper utility](#using-with-private-registries---helper-utility) - [Openshift](#openshift) - [High Availability](#high-availability) @@ -182,6 +183,17 @@ data: admin.enabled: "true" ``` +### ArgoCD compatibility + +| GitOps Runtime version | Supported ArgoCD versions | +|------------------------|---------------------------| +| 0.29.x | >=3.1 <=3.3 | +| 0.28.x | >=3.0 <=3.2 | +| 0.27.x | >=3.0 <=3.2 | +| 0.26.x | >=3.0 <=3.2 | +| 0.25.x | >=2.12 <=3.0 | +| 0.24.x | >=2.12 <=3.0 | + ## Using with private registries - Helper utility The GitOps Runtime comprises multiple subcharts and container images. Subcharts also vary in values structure, making it difficult to override image specific values to use private registries. We have created a helper utility to resolve this issue: @@ -193,7 +205,7 @@ We have created a helper utility to resolve this issue: The utility is packaged in a container image. Below are instructions on executing the utility using Docker: ``` -docker run -v :/output quay.io/codefresh/gitops-runtime-private-registry-utils:0.0.0 +docker run -v :/output quay.io/codefresh/gitops-runtime-private-registry-utils:0.29.16 ``` `output_dir` - is a local directory where the utility will output files.
`local_registry` - is your local registry where you want to mirror the images to @@ -206,7 +218,7 @@ The utility will output 4 files into the folder: For usage with external ArgoCD run the utility with `EXTERNAL_ARGOCD` environment variable set to `true`. ``` -docker run -e EXTERNAL_ARGOCD=true -v :/output quay.io/codefresh/gitops-runtime-private-registry-utils:0.0.0 +docker run -e EXTERNAL_ARGOCD=true -v :/output quay.io/codefresh/gitops-runtime-private-registry-utils:0.29.16 ``` ## Openshift @@ -494,13 +506,13 @@ global: | app-proxy.extraVolumeMounts | list | `[]` | Extra volume mounts for main container | | app-proxy.extraVolumes | list | `[]` | extra volumes | | app-proxy.fullnameOverride | string | `"cap-app-proxy"` | | -| app-proxy.image-enrichment | object | `{"config":{"clientHeartbeatIntervalInSeconds":5,"concurrencyCmKey":"imageReportExecutor","concurrencyCmName":"workflow-synchronization-semaphores","images":{"gitEnrichment":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-image-enricher-git-info","tag":"1.1.23-main"},"jiraEnrichment":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-image-enricher-jira-info","tag":"1.1.23-main"},"reportImage":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-report-image-info","tag":"1.1.23-main"}},"podGcStrategy":"OnWorkflowCompletion","ttlActiveInSeconds":900,"ttlAfterCompletionInSeconds":86400},"enabled":true,"serviceAccount":{"annotations":null,"create":true,"name":"codefresh-image-enrichment-sa"}}` | Image enrichment process configuration | -| app-proxy.image-enrichment.config | object | `{"clientHeartbeatIntervalInSeconds":5,"concurrencyCmKey":"imageReportExecutor","concurrencyCmName":"workflow-synchronization-semaphores","images":{"gitEnrichment":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-image-enricher-git-info","tag":"1.1.23-main"},"jiraEnrichment":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-image-enricher-jira-info","tag":"1.1.23-main"},"reportImage":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-report-image-info","tag":"1.1.23-main"}},"podGcStrategy":"OnWorkflowCompletion","ttlActiveInSeconds":900,"ttlAfterCompletionInSeconds":86400}` | Configurations for image enrichment workflow | +| app-proxy.image-enrichment | object | `{"config":{"clientHeartbeatIntervalInSeconds":5,"concurrencyCmKey":"imageReportExecutor","concurrencyCmName":"workflow-synchronization-semaphores","images":{"gitEnrichment":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-image-enricher-git-info","tag":"1.1.28-main"},"jiraEnrichment":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-image-enricher-jira-info","tag":"1.1.28-main"},"reportImage":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-report-image-info","tag":"1.1.28-main"}},"podGcStrategy":"OnWorkflowCompletion","ttlActiveInSeconds":900,"ttlAfterCompletionInSeconds":86400},"enabled":true,"serviceAccount":{"annotations":null,"create":true,"name":"codefresh-image-enrichment-sa"}}` | Image enrichment process configuration | +| app-proxy.image-enrichment.config | object | `{"clientHeartbeatIntervalInSeconds":5,"concurrencyCmKey":"imageReportExecutor","concurrencyCmName":"workflow-synchronization-semaphores","images":{"gitEnrichment":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-image-enricher-git-info","tag":"1.1.28-main"},"jiraEnrichment":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-image-enricher-jira-info","tag":"1.1.28-main"},"reportImage":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-report-image-info","tag":"1.1.28-main"}},"podGcStrategy":"OnWorkflowCompletion","ttlActiveInSeconds":900,"ttlAfterCompletionInSeconds":86400}` | Configurations for image enrichment workflow | | app-proxy.image-enrichment.config.clientHeartbeatIntervalInSeconds | int | `5` | Client heartbeat interval in seconds for image enrichemnt workflow | | app-proxy.image-enrichment.config.concurrencyCmKey | string | `"imageReportExecutor"` | The name of the key in the configmap to use as synchronization semaphore | | app-proxy.image-enrichment.config.concurrencyCmName | string | `"workflow-synchronization-semaphores"` | The name of the configmap to use as synchronization semaphore, see https://argoproj.github.io/argo-workflows/synchronization/ | -| app-proxy.image-enrichment.config.images | object | `{"gitEnrichment":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-image-enricher-git-info","tag":"1.1.23-main"},"jiraEnrichment":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-image-enricher-jira-info","tag":"1.1.23-main"},"reportImage":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-report-image-info","tag":"1.1.23-main"}}` | Enrichemnt images | -| app-proxy.image-enrichment.config.images.reportImage | object | `{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-report-image-info","tag":"1.1.23-main"}` | Report image enrichment task image | +| app-proxy.image-enrichment.config.images | object | `{"gitEnrichment":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-image-enricher-git-info","tag":"1.1.28-main"},"jiraEnrichment":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-image-enricher-jira-info","tag":"1.1.28-main"},"reportImage":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-report-image-info","tag":"1.1.28-main"}}` | Enrichemnt images | +| app-proxy.image-enrichment.config.images.reportImage | object | `{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-report-image-info","tag":"1.1.28-main"}` | Report image enrichment task image | | app-proxy.image-enrichment.config.podGcStrategy | string | `"OnWorkflowCompletion"` | Pod grabage collection strategy. By default all pods will be deleted when the enrichment workflow completes. | | app-proxy.image-enrichment.config.ttlActiveInSeconds | int | `900` | Maximum allowed runtime for the enrichment workflow | | app-proxy.image-enrichment.config.ttlAfterCompletionInSeconds | int | `86400` | Number of seconds to live after completion | @@ -511,14 +523,14 @@ global: | app-proxy.image-enrichment.serviceAccount.name | string | `"codefresh-image-enrichment-sa"` | Name of the service account to create or the name of the existing one to use | | app-proxy.image.pullPolicy | string | `"IfNotPresent"` | | | app-proxy.image.repository | string | `"quay.io/codefresh/cap-app-proxy"` | | -| app-proxy.image.tag | string | `"1.4072.0"` | | +| app-proxy.image.tag | string | `"1.4103.0"` | | | app-proxy.imagePullSecrets | list | `[]` | | | app-proxy.initContainer.command[0] | string | `"./init.sh"` | | | app-proxy.initContainer.env | object | `{}` | | | app-proxy.initContainer.extraVolumeMounts | list | `[]` | Extra volume mounts for init container | | app-proxy.initContainer.image.pullPolicy | string | `"IfNotPresent"` | | | app-proxy.initContainer.image.repository | string | `"quay.io/codefresh/cap-app-proxy-init"` | | -| app-proxy.initContainer.image.tag | string | `"1.4072.0"` | | +| app-proxy.initContainer.image.tag | string | `"1.4103.0"` | | | app-proxy.initContainer.resources.limits | object | `{}` | | | app-proxy.initContainer.resources.requests.cpu | string | `"0.2"` | | | app-proxy.initContainer.resources.requests.memory | string | `"256Mi"` | | @@ -584,12 +596,13 @@ global: | argo-cd.controller.statefulsetAnnotations."argocd.argoproj.io/sync-options" | string | `"Delete=false"` | | | argo-cd.enabled | bool | `true` | | | argo-cd.fullnameOverride | string | `"argo-cd"` | | +| argo-cd.global.image.tag | string | `"v3.3.10"` | | | argo-cd.notifications.enabled | bool | `false` | | | argo-cd.redis-ha.image.repository | string | `"ecr-public.aws.com/docker/library/redis"` | Redis repository | | argo-cd.redis-ha.image.tag | string | `"8.2.2-alpine"` | Redis tag | | argo-cd.redis.image.repository | string | `"ecr-public.aws.com/docker/library/redis"` | Redis repository | | argo-cd.redis.image.tag | string | `"8.2.2-alpine"` | Redis tag | -| argo-gateway | object | `{"affinity":{},"hpa":{"enabled":true,"maxReplicas":10,"minReplicas":1,"targetCPUUtilizationPercentage":70},"image":{"registry":"quay.io","repository":"codefresh/cf-argocd-extras","tag":"7b43e16"},"livenessProbe":{"failureThreshold":3,"initialDelaySeconds":10,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":10},"nodeSelector":{},"pdb":{"enabled":true,"maxUnavailable":"","minAvailable":"50%"},"readinessProbe":{"failureThreshold":3,"initialDelaySeconds":10,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":10},"resources":{"requests":{"cpu":"100m","memory":"128Mi"}},"service":{"type":"ClusterIP"},"serviceAccount":{"create":true},"serviceMonitor":{"enabled":false,"interval":"30s","labels":{},"scrapeTimeout":"10s"},"tolerations":[]}` | Argo Gateway Argo Gateway is used to perform operations on ArgoCD from Codefresh platform | +| argo-gateway | object | `{"affinity":{},"hpa":{"enabled":true,"maxReplicas":10,"minReplicas":1,"targetCPUUtilizationPercentage":70},"image":{"registry":"quay.io","repository":"codefresh/cf-argocd-extras","tag":"3683869"},"livenessProbe":{"failureThreshold":3,"initialDelaySeconds":10,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":10},"nodeSelector":{},"pdb":{"enabled":true,"maxUnavailable":"","minAvailable":"50%"},"readinessProbe":{"failureThreshold":3,"initialDelaySeconds":10,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":10},"resources":{"requests":{"cpu":"100m","memory":"128Mi"}},"service":{"type":"ClusterIP"},"serviceAccount":{"create":true},"serviceMonitor":{"enabled":false,"interval":"30s","labels":{},"scrapeTimeout":"10s"},"tolerations":[]}` | Argo Gateway Argo Gateway is used to perform operations on ArgoCD from Codefresh platform | | argo-workflows.crds.install | bool | `true` | Install and upgrade CRDs | | argo-workflows.enabled | bool | `true` | | | argo-workflows.executor.resources.requests.ephemeral-storage | string | `"10Mi"` | | @@ -651,7 +664,7 @@ global: | gitops-operator.env.<<[0].OTEL_TRACES_SAMPLER | string | `"parentbased_always_on"` | OTel sampler to be used for traces. Ref: https://opentelemetry.io/docs/specs/otel/configuration/sdk-environment-variables/ | | gitops-operator.env.GITOPS_OPERATOR_VERSION | string | `"0.11.1"` | | | gitops-operator.fullnameOverride | string | `""` | | -| gitops-operator.image | object | `{"registry":"quay.io","repository":"codefresh/codefresh-gitops-operator","tag":"main-78571af"}` | GitOps operator image | +| gitops-operator.image | object | `{"registry":"quay.io","repository":"codefresh/codefresh-gitops-operator","tag":"c03bf91"}` | GitOps operator image | | gitops-operator.imagePullSecrets | list | `[]` | | | gitops-operator.nameOverride | string | `""` | | | gitops-operator.nodeSelector | object | `{}` | | @@ -681,7 +694,7 @@ global: | global.codefresh.userToken | object | `{"secretKeyRef":{},"token":""}` | User token. Used for runtime registration against the patform. One of token (for plain text value) or secretKeyRef must be provided. | | global.codefresh.userToken.secretKeyRef | object | `{}` | User token that references an existing secret containing the token. | | global.codefresh.userToken.token | string | `""` | User token in plain text. The chart creates and manages the secret for this token. | -| global.event-reporters | object | `{"affinity":{},"config":{},"image":{"registry":"quay.io","repository":"codefresh/cf-argocd-extras","tag":"7b43e16"},"livenessProbe":{"failureThreshold":3,"initialDelaySeconds":10,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":10},"nodeSelector":{},"pdb":{"enabled":true,"maxUnavailable":"","minAvailable":"50%"},"readinessProbe":{"failureThreshold":3,"initialDelaySeconds":10,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":10},"replicaCount":2,"resources":{"requests":{"cpu":"100m","memory":"128Mi"}},"service":{"ports":{"http":{"port":8088,"targetPort":8088},"metrics":{"port":8087,"targetPort":8087}},"type":"ClusterIP"},"serviceAccount":{"create":true},"serviceMonitor":{"enabled":false,"interval":"30s","labels":{},"scrapeTimeout":"10s"},"tolerations":[]}` | Global settings for event reporters Event reporters are used for reporting runtime and cluster resources to Codefresh platform | +| global.event-reporters | object | `{"affinity":{},"config":{},"image":{"registry":"quay.io","repository":"codefresh/cf-argocd-extras","tag":"71b7e7c"},"livenessProbe":{"failureThreshold":3,"initialDelaySeconds":10,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":10},"nodeSelector":{},"pdb":{"enabled":true,"maxUnavailable":"","minAvailable":"50%"},"readinessProbe":{"failureThreshold":3,"initialDelaySeconds":10,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":10},"replicaCount":2,"resources":{"requests":{"cpu":"100m","memory":"128Mi"}},"service":{"ports":{"http":{"port":8088,"targetPort":8088},"metrics":{"port":8087,"targetPort":8087}},"type":"ClusterIP"},"serviceAccount":{"create":true},"serviceMonitor":{"enabled":false,"interval":"30s","labels":{},"scrapeTimeout":"10s"},"tolerations":[]}` | Global settings for event reporters Event reporters are used for reporting runtime and cluster resources to Codefresh platform | | global.httpProxy | string | `""` | global HTTP_PROXY for all components | | global.httpsProxy | string | `""` | global HTTPS_PROXY for all components | | global.imageRegistry | string | `""` | | @@ -699,7 +712,7 @@ global: | global.integrations.argo-cd.server.svc | string | `"argo-cd-server"` | Service name of the ArgoCD server | | global.noProxy | string | `""` | global NO_PROXY for all components | | global.nodeSelector | object | `{}` | Global nodeSelector for all components | -| global.runtime | object | `{"cluster":"https://kubernetes.default.svc","codefreshHosted":false,"gitCredentials":{"password":{"secretKeyRef":{},"value":null},"username":"username"},"ingress":{"annotations":{},"className":"nginx","enabled":false,"hosts":[],"labels":{},"protocol":"https","skipValidation":false,"tls":[]},"ingressUrl":"","isConfigurationRuntime":false,"name":null,"singleNamespace":false}` | Runtime level settings | +| global.runtime | object | `{"cluster":"https://kubernetes.default.svc","codefreshHosted":false,"gitCredentials":{"password":{"secretKeyRef":{},"value":null},"username":"username"},"httpRoute":{"annotations":{},"enabled":false,"hostnames":[],"labels":{},"parentRefs":[],"protocol":"https"},"ingress":{"annotations":{},"className":"nginx","enabled":false,"hosts":[],"labels":{},"protocol":"https","skipValidation":false,"tls":[]},"ingressUrl":"","isConfigurationRuntime":false,"name":null,"singleNamespace":false}` | Runtime level settings | | global.runtime.cluster | string | `"https://kubernetes.default.svc"` | Runtime cluster. Should not be changed. | | global.runtime.codefreshHosted | bool | `false` | Defines whether this is a Codefresh hosted runtime. Should not be changed. | | global.runtime.gitCredentials | object | `{"password":{"secretKeyRef":{},"value":null},"username":"username"}` | Git credentials runtime. Runtime is not fully functional without those credentials. If not provided through the installation, they must be provided through the Codefresh UI. | @@ -707,6 +720,13 @@ global: | global.runtime.gitCredentials.password.secretKeyRef | object | `{}` | secretKeyReference for Git credentials password. Provide name and key fields. | | global.runtime.gitCredentials.password.value | string | `nil` | Plain text password | | global.runtime.gitCredentials.username | string | `"username"` | Username. Optional when using token in password. | +| global.runtime.httpRoute | object | `{"annotations":{},"enabled":false,"hostnames":[],"labels":{},"parentRefs":[],"protocol":"https"}` | HTTPRoute settings | +| global.runtime.httpRoute.annotations | object | `{}` | Set annotations on the HTTPRoute resource | +| global.runtime.httpRoute.enabled | bool | `false` | Enable HTTPRoute | +| global.runtime.httpRoute.hostnames | list | `[]` | List of hostnames to be covered by this HTTPRoute ref: https://gateway-api.sigs.k8s.io/reference/api-spec/main/spec/#hostname E.g. hostnames: - runtime.example.com | +| global.runtime.httpRoute.labels | object | `{}` | Set labels on the HTTPRoute resource | +| global.runtime.httpRoute.parentRefs | list | `[]` | Required! List of parent Gateway references this HTTPRoute should attach to ref: https://gateway-api.sigs.k8s.io/reference/api-spec/main/spec/#parentreference E.g. parentRefs: - name: traefik-gateway namespace: traefik | +| global.runtime.httpRoute.protocol | string | `"https"` | The protocol that Codefresh platform will use to access the runtime. Can be http or https. | | global.runtime.ingress | object | `{"annotations":{},"className":"nginx","enabled":false,"hosts":[],"labels":{},"protocol":"https","skipValidation":false,"tls":[]}` | Ingress settings | | global.runtime.ingress.enabled | bool | `false` | Defines if ingress-based access mode is enabled for runtime. To use tunnel-based (ingressless) access mode, set to false. | | global.runtime.ingress.hosts | list | `[]` | Hosts for runtime ingress. Note that Codefresh platform will always use the first host in the list to access the runtime. | @@ -728,7 +748,7 @@ global: | internal-router.fullnameOverride | string | `"internal-router"` | | | internal-router.image.pullPolicy | string | `"IfNotPresent"` | | | internal-router.image.repository | string | `"docker.io/nginxinc/nginx-unprivileged"` | | -| internal-router.image.tag | string | `"1.29-alpine3.23"` | | +| internal-router.image.tag | string | `"1.31.2-alpine3.23"` | | | internal-router.imagePullSecrets | list | `[]` | | | internal-router.ipv6 | object | `{"enabled":false}` | For ipv6 enabled clusters switch ipv6 enabled to true | | internal-router.nameOverride | string | `""` | | @@ -779,12 +799,12 @@ global: | redis-ha.redis.config.save | string | `'""'` | Will save the DB if both the given number of seconds and the given number of write operations against the DB occurred. `""` is disabled | | redis-ha.redis.masterGroupName | string | `"gitops-runtime"` | Redis convention for naming the cluster group: must match `^[\\w-\\.]+$` and can be templated | | redis-ha.tolerations | list | `[]` | [Tolerations] for use with node taints for Redis pods. | -| redis-ha.topologySpreadConstraints | object | `{"enabled":false,"maxSkew":"","topologyKey":"","whenUnsatisfiable":""}` | Assign custom [TopologySpreadConstraints] rules to the Redis pods. | +| redis-ha.topologySpreadConstraints | object | `{"enabled":false,"maxSkew":"","topologyKey":"","whenUnsatisfiable":""}` | Assign custom [TopologySpreadConstraints] rules to the Redis pods. # https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ | | redis-ha.topologySpreadConstraints.enabled | bool | `false` | Enable Redis HA topology spread constraints | | redis-ha.topologySpreadConstraints.maxSkew | string | `""` (defaults to `1`) | Max skew of pods tolerated | | redis-ha.topologySpreadConstraints.topologyKey | string | `""` (defaults to `topology.kubernetes.io/zone`) | Topology key for spread | | redis-ha.topologySpreadConstraints.whenUnsatisfiable | string | `""` (defaults to `ScheduleAnyway`) | Enforcement policy, hard or soft | -| redis-secret-init | object | `{"affinity":{},"image":{"registry":"docker.io","repository":"alpine/kubectl","tag":"1.35.1"},"nodeSelector":{},"tolerations":[]}` | Enable hook job to create redis secret | +| redis-secret-init | object | `{"affinity":{},"image":{"registry":"docker.io","repository":"alpine/kubectl","tag":"1.36.2"},"nodeSelector":{},"tolerations":[]}` | Enable hook job to create redis secret | | redis.image | object | `{"registry":"public.ecr.aws","repository":"docker/library/redis","tag":"8.2.1-alpine"}` | Redis image | | redis.metrics | object | `{"enabled":true,"env":{},"envFrom":[],"image":{"registry":"ghcr.io","repository":"oliver006/redis_exporter","tag":"v1.72.1"},"livenessProbe":{"enabled":true,"failureThreshold":5,"initialDelaySeconds":30,"periodSeconds":15,"successThreshold":1,"timeoutSeconds":15},"readinessProbe":{"enabled":true,"failureThreshold":5,"initialDelaySeconds":30,"periodSeconds":15,"successThreshold":1,"timeoutSeconds":15},"resources":{},"serviceMonitor":{"enabled":false}}` | Enable metrics sidecar | | redis.metrics.serviceMonitor | object | `{"enabled":false}` | Enable a prometheus ServiceMonitor | diff --git a/charts/gitops-runtime/README.md.gotmpl b/charts/gitops-runtime/README.md.gotmpl index 65a5f27a0..c7efc6e50 100644 --- a/charts/gitops-runtime/README.md.gotmpl +++ b/charts/gitops-runtime/README.md.gotmpl @@ -8,6 +8,7 @@ - [Codefresh official documentation](#codefresh-official-documentation) - [Argo-workflows artifact and log storage](#argo-workflows-artifact-and-log-storage) - [Installation with External ArgoCD](#installation-with-external-argocd) + - [ArgoCD compatibility](#argocd-compatibility) - [Using with private registries - Helper utility](#using-with-private-registries---helper-utility) - [Openshift](#openshift) - [High Availability](#high-availability) @@ -185,6 +186,17 @@ data: admin.enabled: "true" ``` +### ArgoCD compatibility + +| GitOps Runtime version | Supported ArgoCD versions | +|------------------------|---------------------------| +| 0.29.x | >=3.1 <=3.3 | +| 0.28.x | >=3.0 <=3.2 | +| 0.27.x | >=3.0 <=3.2 | +| 0.26.x | >=3.0 <=3.2 | +| 0.25.x | >=2.12 <=3.0 | +| 0.24.x | >=2.12 <=3.0 | + ## Using with private registries - Helper utility The GitOps Runtime comprises multiple subcharts and container images. Subcharts also vary in values structure, making it difficult to override image specific values to use private registries. We have created a helper utility to resolve this issue: diff --git a/charts/gitops-runtime/ci/argocd-values.yaml b/charts/gitops-runtime/ci/argocd-values.yaml new file mode 100644 index 000000000..9b2bc09a5 --- /dev/null +++ b/charts/gitops-runtime/ci/argocd-values.yaml @@ -0,0 +1,3 @@ +configs: + cm: + accounts.admin: apiKey,login diff --git a/charts/gitops-runtime/ci/default-values-custom-tls.yaml b/charts/gitops-runtime/ci/default-values-custom-tls.yaml deleted file mode 100644 index 271c3c5fd..000000000 --- a/charts/gitops-runtime/ci/default-values-custom-tls.yaml +++ /dev/null @@ -1,62 +0,0 @@ -global: - codefresh: - accountId: 628a80b693a15c0f9c13ab75 # Codefresh Account id for ilia-codefresh for now, needs to be some test account - userToken: - secretKeyRef: - name: mysecret - key: myvalue - optional: true - tls: - # -- Custom CA certificates bundle for platform access with ssl - caCerts: - # -- Reference to existing secret - secretKeyRef: {} - # -- Chart managed secret for custom platform CA certificates - secret: - # -- Whether to create the secret. - create: true - # -- The secret key that holds the ca bundle - key: 'ca-bundle.crt' - # Annotations - annotations: {} - # Certificate content - content: | - -----BEGIN CERTIFICATE----- - MIIEMDCCAxigAwIBAgIQUJRs7Bjq1ZxN1ZfvdY+grTANBgkqhkiG9w0BAQUFADCB - gjELMAkGA1UEBhMCVVMxHjAcBgNVBAsTFXd3dy54cmFtcHNlY3VyaXR5LmNvbTEk - MCIGA1UEChMbWFJhbXAgU2VjdXJpdHkgU2VydmljZXMgSW5jMS0wKwYDVQQDEyRY - UmFtcCBHbG9iYWwgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQxMTAxMTcx - NDA0WhcNMzUwMTAxMDUzNzE5WjCBgjELMAkGA1UEBhMCVVMxHjAcBgNVBAsTFXd3 - dy54cmFtcHNlY3VyaXR5LmNvbTEkMCIGA1UEChMbWFJhbXAgU2VjdXJpdHkgU2Vy - dmljZXMgSW5jMS0wKwYDVQQDEyRYUmFtcCBHbG9iYWwgQ2VydGlmaWNhdGlvbiBB - dXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYJB69FbS6 - 38eMpSe2OAtp87ZOqCwuIR1cRN8hXX4jdP5efrRKt6atH67gBhbim1vZZ3RrXYCP - KZ2GG9mcDZhtdhAoWORlsH9KmHmf4MMxfoArtYzAQDsRhtDLooY2YKTVMIJt2W7Q - DxIEM5dfT2Fa8OT5kavnHTu86M/0ay00fOJIYRyO82FEzG+gSqmUsE3a56k0enI4 - qEHMPJQRfevIpoy3hsvKMzvZPTeL+3o+hiznc9cKV6xkmxnr9A8ECIqsAxcZZPRa - JSKNNCyy9mgdEm3Tih4U2sSPpuIjhdV6Db1q4Ons7Be7QhtnqiXtRYMh/MHJfNVi - PvryxS3T/dRlAgMBAAGjgZ8wgZwwEwYJKwYBBAGCNxQCBAYeBABDAEEwCwYDVR0P - BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFMZPoj0GY4QJnM5i5ASs - jVy16bYbMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6Ly9jcmwueHJhbXBzZWN1cml0 - eS5jb20vWEdDQS5jcmwwEAYJKwYBBAGCNxUBBAMCAQEwDQYJKoZIhvcNAQEFBQAD - ggEBAJEVOQMBG2f7Shz5CmBbodpNl2L5JFMn14JkTpAuw0kbK5rc/Kh4ZzXxHfAR - vbdI4xD2Dd8/0sm2qlWkSLoC295ZLhVbO50WfUfXN+pfTXYSNrsf16GBBEYgoyxt - qZ4Bfj8pzgCT3/3JknOJiWSe5yvkHJEs0rnOfc5vMZnT5r7SHpDwCRR5XCOrTdLa - IR9NmXmd4c8nnxCbHIgNsIpkQTG4DmyQJKSbXHGPurt+HBvbaoAPIbzp26a3QPSy - i6mx5O+aGtA9aZnuqCij4Tyz8LIRnM98QObd50N9otg6tamN8jSZxNQQ4Qb9CYQQ - O+7ETPTsJ3xCwnR8gooJybQDJbw= - -----END CERTIFICATE----- - - runtime: - name: default - - ingress: - className: "nginx" - hosts: - - runtime.codefresh.local - - repoCredentialsTemplate: - url: 'https://github.com' - username: 'username' - password: 'dummy' - diff --git a/charts/gitops-runtime/ci/default-values.yaml b/charts/gitops-runtime/ci/default-values.yaml index fe91609da..49304de3b 100644 --- a/charts/gitops-runtime/ci/default-values.yaml +++ b/charts/gitops-runtime/ci/default-values.yaml @@ -1,22 +1,25 @@ global: + imagePullSecrets: + - name: dockerhub-creds codefresh: - accountId: 628a80b693a15c0f9c13ab75 # Codefresh Account id for ilia-codefresh for now, needs to be some test account + accountId: 63dbba4928d5fd1ef065b781 # `gitops-helm-test` Codefresh account (see "gitops-runtime-helm CI" note in 1Password) userToken: - secretKeyRef: - name: mysecret - key: myvalue - optional: true + token: "dummy" # set in `gitops-runtime-helm/ci` pipeline (see "gitops-runtime-helm CI" note in 1Password) runtime: - name: default - cluster: test-cluster + name: "dummy" # set in `gitops-runtime-helm/ci` pipeline ingress: - className: "nginx" + enabled: true + className: haproxy-ingress hosts: - - runtime.codefresh.local + - "runtime.example.com" # set in `gitops-runtime-helm/ci` pipeline repoCredentialsTemplate: url: 'https://github.com' username: 'username' password: 'dummy' + +internal-router: + imagePullSecrets: + - name: dockerhub-creds diff --git a/charts/gitops-runtime/ci/ingressless-values.yaml b/charts/gitops-runtime/ci/ingressless-values.yaml deleted file mode 100644 index 55b9a1433..000000000 --- a/charts/gitops-runtime/ci/ingressless-values.yaml +++ /dev/null @@ -1,20 +0,0 @@ -global: - codefresh: - accountId: 628a80b693a15c0f9c13ab75 # Codefresh Account id for ilia-codefresh for now, needs to be some test account - userToken: - secretKeyRef: - name: mysecret - key: myvalue - optional: true - - runtime: - name: default - cluster: test-cluster - - ingress: - enabled: false - - repoCredentialsTemplate: - url: 'https://github.com' - username: 'username' - password: 'dummy' diff --git a/charts/gitops-runtime/ci/values-external-argocd.yaml b/charts/gitops-runtime/ci/values-external-argocd.yaml index 999933f4d..b3733176f 100644 --- a/charts/gitops-runtime/ci/values-external-argocd.yaml +++ b/charts/gitops-runtime/ci/values-external-argocd.yaml @@ -1,28 +1,30 @@ -# Values file used to render all image values global: codefresh: - accountId: 628a80b693a15c0f9c13ab75 # Codefresh Account id for ilia-codefresh for now, needs to be some test account - gitIntegration: - provider: - name: 'GITHUB' - apiUrl: 'https://api.github.com' + accountId: 63dbba4928d5fd1ef065b781 # `gitops-helm-test` Codefresh account userToken: - secretKeyRef: - name: mysecret - key: myvalue - optional: true + token: "dummy" # set in `gitops-runtime-helm/ci` pipeline runtime: - name: default + name: "dummy" # set in `gitops-runtime-helm/ci` pipeline ingress: - enabled: false + enabled: true + className: haproxy-ingress + hosts: + - "runtime.example.com" # set in `gitops-runtime-helm/ci` pipeline repoCredentialsTemplate: url: 'https://github.com' username: 'username' password: 'dummy' + integrations: + argo-cd: + server: + svc: argocd-server + repoServer: + svc: argocd-repo-server + argo-cd: enabled: false diff --git a/charts/gitops-runtime/ci/versions.json b/charts/gitops-runtime/ci/versions.json new file mode 100644 index 000000000..e1c1fd222 --- /dev/null +++ b/charts/gitops-runtime/ci/versions.json @@ -0,0 +1,7 @@ +[ + { + "argo-cd": { + "chartVersion": "8.0.0" + } + } +] diff --git a/charts/gitops-runtime/templates/_components/gitops-operator/crds/restrictedgitsources.yaml b/charts/gitops-runtime/templates/_components/gitops-operator/crds/restrictedgitsources.yaml index 395e09520..bb0c5f590 100644 --- a/charts/gitops-runtime/templates/_components/gitops-operator/crds/restrictedgitsources.yaml +++ b/charts/gitops-runtime/templates/_components/gitops-operator/crds/restrictedgitsources.yaml @@ -286,6 +286,14 @@ spec: description: SkipCrds skips custom resource definition installation step (Helm's --skip-crds) type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema validation + (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation step + (Helm's --skip-tests). + type: boolean valueFiles: description: ValuesFiles is a list of Helm value files to use when generating a template @@ -348,6 +356,11 @@ spec: description: ForceCommonLabels specifies whether to force applying common labels to resources for Kustomize apps type: boolean + ignoreMissingComponents: + description: IgnoreMissingComponents prevents kustomize from + failing when components do not exist locally by not appending + them to kustomization file + type: boolean images: description: Images is a list of Kustomize image override specifications @@ -361,6 +374,10 @@ spec: KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD uses the Kubernetes version of the target cluster. type: string + labelIncludeTemplates: + description: LabelIncludeTemplates specifies whether to apply + common labels to resource templates or not + type: boolean labelWithoutSelector: description: LabelWithoutSelector specifies whether to apply common labels to resource selectors or not @@ -432,6 +449,10 @@ spec: use for rendering manifests type: string type: object + name: + description: Name is used to refer to a source and is displayed + in the UI. It is used in multi-source Applications. + type: string path: description: Path is a directory path within the Git repository, and is only valid for applications sourced from Git. @@ -519,6 +540,10 @@ spec: description: 'AllowEmpty allows apps have zero live resources (default: false)' type: boolean + enabled: + description: Enable allows apps to explicitly control automated + sync + type: boolean prune: description: 'Prune specifies whether to delete resources from the cluster that are not found in the sources anymore @@ -570,6 +595,10 @@ spec: a failed sync. If set to 0, no retries will be performed. format: int64 type: integer + refresh: + description: 'Refresh indicates if the latest revision should + be used on retry instead of the initial one (default: false)' + type: boolean type: object syncOptions: description: Options allow you to specify whole app sync-options diff --git a/charts/gitops-runtime/templates/_helpers.tpl b/charts/gitops-runtime/templates/_helpers.tpl index c487355d0..5878b65df 100644 --- a/charts/gitops-runtime/templates/_helpers.tpl +++ b/charts/gitops-runtime/templates/_helpers.tpl @@ -341,6 +341,12 @@ Get ingress url for both tunnel based and ingress based runtimes {{- else }} {{ fail (printf "ERROR: Unsupported protocol %s for ingress. Only http and https supported" .Values.global.runtime.ingress.protocol)}} {{- end }} + {{- else if .Values.global.runtime.httpRoute.enabled }} + {{- if has .Values.global.runtime.httpRoute.protocol $supportedProtocols }} + {{- printf "%s://%s" .Values.global.runtime.httpRoute.protocol (index .Values.global.runtime.httpRoute.hostnames 0)}} + {{- else }} + {{ fail (printf "ERROR: Unsupported protocol %s for httpRoute. Only http and https supported" .Values.global.runtime.httpRoute.protocol)}} + {{- end }} {{/* If tunnel client is enabled - ingress url is -. */}} {{- else if index .Values "tunnel-client" "enabled" }} {{- $accoundId := required "global.codefresh.accountId is required for tunnel based runtime" .Values.global.codefresh.accountId }} @@ -357,7 +363,7 @@ Get ingress url for both tunnel based and ingress based runtimes {{- fail "ERROR: Only http and https are supported for global.runtime.ingressUrl"}} {{- end }} {{- else }} - {{- fail "ERROR: When global.runtime.ingress.enabled is false and tunnel-client.enabled is false - global.runtime.ingressUrl must be provided" }} + {{- fail "ERROR: When global.runtime.ingress.enabled and global.runtime.httpRoute.enabled are false and tunnel-client.enabled is false - global.runtime.ingressUrl must be provided" }} {{- end }} {{- end }} {{- end }} diff --git a/charts/gitops-runtime/templates/httproute.yaml b/charts/gitops-runtime/templates/httproute.yaml new file mode 100644 index 000000000..00d247da0 --- /dev/null +++ b/charts/gitops-runtime/templates/httproute.yaml @@ -0,0 +1,46 @@ +{{- if .Values.global.runtime.httpRoute.enabled -}} +{{- $svcName := include "internal-router.fullname" (dict "Values" (get .Values "internal-router")) -}} +{{- $svcPort := index .Values "internal-router" "service" "port" -}} +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute +metadata: + name: codefresh-gitops-runtime + labels: + {{- include "codefresh-gitops-runtime.labels" . | nindent 4 }} + {{- with .Values.global.runtime.httpRoute.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.global.runtime.httpRoute.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + parentRefs: + {{- if .Values.global.runtime.httpRoute.parentRefs }} + {{- toYaml .Values.global.runtime.httpRoute.parentRefs | nindent 4 }} + {{- else }} + {{- fail "ERROR: global.runtime.httpRoute.parentRefs is required when httpRoute is enabled" }} + {{- end }} + hostnames: + {{- if .Values.global.runtime.httpRoute.hostnames }} + {{- toYaml .Values.global.runtime.httpRoute.hostnames | nindent 4 }} + {{- else }} + {{- fail "ERROR: global.runtime.httpRoute.hostnames is required when httpRoute is enabled" }} + {{- end }} + rules: + - matches: + - path: + type: PathPrefix + value: /webhooks + - path: + type: PathPrefix + value : /app-proxy + {{- if (index (get $.Values "argo-workflows") "enabled") }} + - path: + type: PathPrefix + value : /workflows + {{- end }} + backendRefs: + - name: {{ $svcName }} + port: {{ $svcPort }} +{{- end }} diff --git a/charts/gitops-runtime/templates/tunnel-client.yaml b/charts/gitops-runtime/templates/tunnel-client.yaml index 8d5b0c70a..ecc3d90ea 100644 --- a/charts/gitops-runtime/templates/tunnel-client.yaml +++ b/charts/gitops-runtime/templates/tunnel-client.yaml @@ -4,7 +4,7 @@ to intruduce the subdomainPrefix to the tunnel. Since the prefix is comprised of -, we can tempalate it and thus reduce complexity of installation and number or mandatory values to provide for the installation to work. */}} -{{- if and ( not .Values.global.runtime.ingress.enabled) (index .Values "tunnel-client" "enabled") }} +{{- if and ( not .Values.global.runtime.ingress.enabled) ( not .Values.global.runtime.httpRoute.enabled) (index .Values "tunnel-client" "enabled") }} {{ $tunnelClientContext := (index .Subcharts "tunnel-client")}} {{ $accoundId := required "codefresh.accountId is required" .Values.global.codefresh.accountId }} {{ $runtimeName := required "runtime.name is required" .Values.global.runtime.name }} diff --git a/charts/gitops-runtime/tests/httproute_test.yaml b/charts/gitops-runtime/tests/httproute_test.yaml new file mode 100644 index 000000000..556899d91 --- /dev/null +++ b/charts/gitops-runtime/tests/httproute_test.yaml @@ -0,0 +1,104 @@ +# yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json +suite: httproute test +templates: + - templates/httproute.yaml + - templates/tunnel-client.yaml + - templates/codefresh-cm.yaml +tests: +- it: no httproute is rendered when tunnel runtime is configured + template: templates/httproute.yaml + values: + - ./values/mandatory-values.yaml + asserts: + - hasDocuments: + count: 0 + +- it: no tunnel when httproute is configured + template: templates/tunnel-client.yaml + values: + - ./values/mandatory-values-httproute.yaml + asserts: + - hasDocuments: + count: 0 + +- it: httproute is rendered correctly when enabled + template: templates/httproute.yaml + values: + - ./values/mandatory-values-httproute.yaml + asserts: + - hasDocuments: + count: 1 + - equal: + path: spec.parentRefs + value: + - name: traefik-gateway + namespace: traefik + - equal: + path: spec.hostnames + value: + - runtime.example.com + - equal: + path: spec.rules + value: + - matches: + - path: + type: PathPrefix + value: /webhooks + - path: + type: PathPrefix + value : /app-proxy + - path: + type: PathPrefix + value : /workflows + backendRefs: + - name: internal-router + port: 80 + +- it: httroute has custom labels and annotations + template: templates/httproute.yaml + values: + - ./values/mandatory-values-httproute.yaml + set: + global: + runtime: + httpRoute: + labels: + customLabel: customValue + annotations: + customAnnotation: customAnnotationValue + asserts: + - equal: + path: metadata.labels.customLabel + value: customValue + - equal: + path: metadata.annotations.customAnnotation + value: customAnnotationValue + +- it: codefresh-cm ingressHost is set correctly when httproute is enabled + template: templates/codefresh-cm.yaml + values: + - ./values/mandatory-values-httproute.yaml + asserts: + - equal: + path: data.ingressHost + value: https://runtime.example.com + +- it: error is thrown when httpRoute is enabled but parentRefs is missing + template: templates/httproute.yaml + values: + - ./values/mandatory-values-httproute.yaml + set: + global.runtime.httpRoute.parentRefs: null + asserts: + - failedTemplate: + errorMessage: "ERROR: global.runtime.httpRoute.parentRefs is required when httpRoute is enabled" + +- it: error is thrown when httpRoute is enabled but hostnames is missing + template: templates/httproute.yaml + values: + - ./values/mandatory-values-httproute.yaml + set: + global.runtime.httpRoute.hostnames: null + asserts: + - failedTemplate: + errorMessage: "ERROR: global.runtime.httpRoute.hostnames is required when httpRoute is enabled" diff --git a/charts/gitops-runtime/tests/ingress_test.yaml b/charts/gitops-runtime/tests/ingress_test.yaml index c054b09ac..e074e8225 100644 --- a/charts/gitops-runtime/tests/ingress_test.yaml +++ b/charts/gitops-runtime/tests/ingress_test.yaml @@ -42,18 +42,17 @@ tests: - failedTemplate: errorMessage: codefresh.accountId is required - - - it: when both tunnel-client and ingress are disabled fail rendering if ingressUrl is not provided template: templates/codefresh-cm.yaml values: - ./values/mandatory-values.yaml set: global.runtime.ingress.enabled: false + global.runtime.httpRoute.enabled: false tunnel-client.enabled: false asserts: - failedTemplate: - errorMessage: "ERROR: When global.runtime.ingress.enabled is false and tunnel-client.enabled is false - global.runtime.ingressUrl must be provided" + errorMessage: "ERROR: When global.runtime.ingress.enabled and global.runtime.httpRoute.enabled are false and tunnel-client.enabled is false - global.runtime.ingressUrl must be provided" - it: fail on ingressUrl that is not http or https template: templates/codefresh-cm.yaml diff --git a/charts/gitops-runtime/tests/values/mandatory-values-httproute.yaml b/charts/gitops-runtime/tests/values/mandatory-values-httproute.yaml new file mode 100644 index 000000000..67ab53848 --- /dev/null +++ b/charts/gitops-runtime/tests/values/mandatory-values-httproute.yaml @@ -0,0 +1,16 @@ +global: + codefresh: + accountId: 628a80b693a15c0f9c13ab75 + userToken: + token: 'dummy' + + runtime: + name: test-runtime1 + + httpRoute: + enabled: true + parentRefs: + - name: traefik-gateway + namespace: traefik + hostnames: + - runtime.example.com diff --git a/charts/gitops-runtime/tests/values/mandatory-values.yaml b/charts/gitops-runtime/tests/values/mandatory-values.yaml index 0d24e5a3a..b3bf2783a 100644 --- a/charts/gitops-runtime/tests/values/mandatory-values.yaml +++ b/charts/gitops-runtime/tests/values/mandatory-values.yaml @@ -8,3 +8,5 @@ global: name: test-runtime1 ingress: enabled: false + httpRoute: + enabled: false diff --git a/charts/gitops-runtime/values.yaml b/charts/gitops-runtime/values.yaml index b8ed356d1..ef7c7a2d4 100644 --- a/charts/gitops-runtime/values.yaml +++ b/charts/gitops-runtime/values.yaml @@ -65,6 +65,29 @@ global: labels: {} # -- Hosts for runtime ingress. Note that Codefresh platform will always use the first host in the list to access the runtime. hosts: [] + # -- HTTPRoute settings + httpRoute: + # -- Enable HTTPRoute + enabled: false + # -- The protocol that Codefresh platform will use to access the runtime. Can be http or https. + protocol: https + # -- Required! List of parent Gateway references this HTTPRoute should attach to + # ref: https://gateway-api.sigs.k8s.io/reference/api-spec/main/spec/#parentreference + # E.g. + # parentRefs: + # - name: traefik-gateway + # namespace: traefik + parentRefs: [] + # -- List of hostnames to be covered by this HTTPRoute + # ref: https://gateway-api.sigs.k8s.io/reference/api-spec/main/spec/#hostname + # E.g. + # hostnames: + # - runtime.example.com + hostnames: [] + # -- Set annotations on the HTTPRoute resource + annotations: {} + # -- Set labels on the HTTPRoute resource + labels: {} # -- Explicit url for runtime ingress. Provide this value only if you don't want the chart to create and ingress (global.runtime.ingress.enabled=false) and tunnel-client is not used (tunnel-client.enabled=false) ingressUrl: "" # -- is the runtime set as a "configuration runtime". @@ -136,7 +159,7 @@ global: image: registry: quay.io repository: codefresh/cf-argocd-extras - tag: 7b43e16 + tag: "ace3860" nodeSelector: {} tolerations: [] affinity: {} @@ -258,6 +281,9 @@ sealed-secrets: argo-cd: enabled: true fullnameOverride: argo-cd + global: + image: + tag: v3.3.10 notifications: enabled: false redis: @@ -327,7 +353,7 @@ internal-router: image: repository: docker.io/nginxinc/nginx-unprivileged pullPolicy: IfNotPresent - tag: 1.29-alpine3.23 + tag: 1.31.2-alpine3.23 imagePullSecrets: [] nameOverride: "" fullnameOverride: "internal-router" @@ -446,27 +472,27 @@ app-proxy: reportImage: registry: quay.io repository: codefreshplugins/argo-hub-codefresh-csdp-report-image-info - tag: 1.1.23-main + tag: 1.1.28-main # Git enrichment task image gitEnrichment: registry: quay.io repository: codefreshplugins/argo-hub-codefresh-csdp-image-enricher-git-info - tag: 1.1.23-main + tag: 1.1.28-main # Jira enrichment task image jiraEnrichment: registry: quay.io repository: codefreshplugins/argo-hub-codefresh-csdp-image-enricher-jira-info - tag: 1.1.23-main + tag: 1.1.28-main image: repository: quay.io/codefresh/cap-app-proxy - tag: 1.4072.0 + tag: 1.4103.0 pullPolicy: IfNotPresent # -- Extra volume mounts for main container extraVolumeMounts: [] initContainer: image: repository: quay.io/codefresh/cap-app-proxy-init - tag: 1.4072.0 + tag: 1.4103.0 pullPolicy: IfNotPresent command: - ./init.sh @@ -647,7 +673,7 @@ gitops-operator: image: registry: quay.io repository: codefresh/codefresh-gitops-operator - tag: main-78571af + tag: c03bf91 env: !!merge <<: - *otel-config @@ -679,7 +705,7 @@ argo-gateway: image: registry: quay.io repository: codefresh/cf-argocd-extras - tag: 7b43e16 + tag: "ace3860" nodeSelector: {} tolerations: [] affinity: {} @@ -722,7 +748,7 @@ redis-secret-init: image: registry: docker.io repository: alpine/kubectl - tag: 1.35.1 + tag: 1.36.2 nodeSelector: {} tolerations: [] affinity: {} diff --git a/installer-image/Dockerfile b/installer-image/Dockerfile index 84818e1a1..ef2a40693 100644 --- a/installer-image/Dockerfile +++ b/installer-image/Dockerfile @@ -1,17 +1,20 @@ # syntax=docker/dockerfile:1 -FROM octopusdeploy/dhi-golang:1.25-debian13-dev AS build +# DHI source: https://hub.docker.com/repository/docker/octopusdeploy/dhi-golang/tags/1.25-debian13-dev +FROM octopusdeploy/dhi-golang:1.25-debian13-dev@sha256:9df1a12a7a9ee811efe2929045a7eabb8617329e8ce01a3296f4af095f89522c AS build ARG TARGETARCH -ARG CF_CLI_VERSION=v1.0.1 +ARG CF_CLI_VERSION=v1.0.5 RUN go install github.com/davidrjonas/semver-cli@latest \ && cp $GOPATH/bin/semver-cli /tmp/semver-cli +RUN apt-get update && apt-get install -y --no-install-recommends sed && rm -rf /var/lib/apt/lists/* ADD --unpack=true --chown=nonroot:nonroot --chmod=755 https://github.com/codefresh-io/cli-v2/releases/download/${CF_CLI_VERSION}/cf-linux-${TARGETARCH}.tar.gz /tmp/cf/ # DHI source: https://hub.docker.com/repository/docker/octopusdeploy/dhi-debian-base/customizations/8106437942896324135 -FROM octopusdeploy/dhi-debian-base:trixie_cf-gitops-runtime-installer-debian13@sha256:e72836b4e4c408f04caf8ac6e34824d90e192b7cecedab9aeed647e14d0cd599 AS production +FROM octopusdeploy/dhi-debian-base:trixie_cf-gitops-runtime-installer-debian13@sha256:f29cbe0661df45db3eeeac570c2c2c6dae30adfb53b9d89956d11d10699b7461 AS production ARG TARGETARCH COPY --from=build --chown=nonroot:nonroot --chmod=755 /tmp/cf/cf-linux-${TARGETARCH} /usr/local/bin/cf COPY --from=build --chown=nonroot:nonroot --chmod=755 /tmp/semver-cli /usr/local/bin/semver-cli +COPY --from=build /usr/bin/sed /usr/bin/sed WORKDIR /home/codefresh -USER nonroot \ No newline at end of file +USER nonroot diff --git a/tests/component-tests/setup/fixture/simple-app/README.md b/tests/component-tests/setup/fixture/simple-app/README.md index 1ab4be19e..dfe0feb1d 100644 --- a/tests/component-tests/setup/fixture/simple-app/README.md +++ b/tests/component-tests/setup/fixture/simple-app/README.md @@ -52,4 +52,4 @@ A Helm chart for Kubernetes | volumes | list | `[]` | | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.9.1](https://github.com/norwoodj/helm-docs/releases/v1.9.1) +Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2)