diff --git a/codefresh/.ci/runtime-images.sh b/codefresh/.ci/runtime-images.sh new file mode 100755 index 0000000000..01115f656e --- /dev/null +++ b/codefresh/.ci/runtime-images.sh @@ -0,0 +1,15 @@ +#!/bin/bash +set -eux +MYDIR=$(dirname $0) +REPO_ROOT="${MYDIR}/../.." + +echo $REPO_ROOT + +echo "Update value with system/root runtime images" +docker run \ + -v "$REPO_ROOT:/codefresh" \ + -v $HOME/.cfconfig:/.cfconfig \ + -u $(id -u) \ + --rm \ + quay.io/codefresh/codefresh-shell:0.0.20 \ + /bin/bash /codefresh/scripts/update_re_images.sh diff --git a/codefresh/.ci/values/cfapi-roles-no-rbac.yaml b/codefresh/.ci/values/cfapi-roles-no-rbac.yaml deleted file mode 100644 index 7d03bd74e0..0000000000 --- a/codefresh/.ci/values/cfapi-roles-no-rbac.yaml +++ /dev/null @@ -1,60 +0,0 @@ -global: - cfapiService: cfapi-internal - cfapiEndpointsService: cfapi-endpoints - -cfapi: &cf-api - enabled: false - rbac: - namespaced: true - -cfapi-auth: - <<: *cf-api - enabled: true -cfapi-internal: - <<: *cf-api - enabled: true -cfapi-ws: - <<: *cf-api - enabled: true -cfapi-admin: - <<: *cf-api - enabled: true -cfapi-endpoints: - <<: *cf-api - enabled: true -cfapi-terminators: - <<: *cf-api - enabled: true -cfapi-sso-group-synchronizer: - <<: *cf-api - enabled: true -cfapi-buildmanager: - <<: *cf-api - enabled: true -cfapi-cacheevictmanager: - <<: *cf-api - enabled: true -cfapi-eventsmanagersubscriptions: - <<: *cf-api - enabled: true -cfapi-kubernetesresourcemonitor: - <<: *cf-api - enabled: true -cfapi-environments: - <<: *cf-api - enabled: true -cfapi-gitops-resource-receiver: - <<: *cf-api - enabled: true -cfapi-downloadlogmanager: - <<: *cf-api - enabled: true -cfapi-teams: - <<: *cf-api - enabled: true -cfapi-kubernetes-endpoints: - <<: *cf-api - enabled: true -cfapi-test-reporting: - <<: *cf-api - enabled: true diff --git a/codefresh/.ci/values/defaults-hpa.yaml b/codefresh/.ci/values/defaults-hpa.yaml index 015297ed89..8b80bdcb4b 100644 --- a/codefresh/.ci/values/defaults-hpa.yaml +++ b/codefresh/.ci/values/defaults-hpa.yaml @@ -1,105 +1,8 @@ seed-e2e: enabled: true -# kinda external secrets -secrets: - ext-mongo: - enabled: true - stringData: - mongodb-host: cf-mongodb:27017 - mongodb-password: mTiXcU2wafr9 - mongodb-user: cfuser - mongodb-root-user: root - mongodb-root-password: XT9nmM8dZD - ext-postgres: - enabled: true - stringData: - postgres-hostname: cf-postgresql - postgres-password: eC9arYka4ZbH - postgres-user: postgres - ext-redis: - enabled: true - stringData: - redis-url: cf-redis-master - redis-password: hoC9szf7NtrU - ext-rabbitmq: - enabled: true - stringData: - rabbitmq-hostname: cf-rabbitmq:5672 - rabbitmq-password: cVz9ZdJKYm7u - rabbitmq-username: user - ext-firebase: - enabled: true - stringData: - firebase-url: "" # placeholder for ${FIRBASE_URL} - firebase-secret: "" # placeholder for ${FIREBASE_SECRET} - e2e-mongo-uri: - enabled: true - stringData: - mongo-uri: mongodb://cfuser:mTiXcU2wafr9@cf-mongodb:27017/codefresh - -seed: - mongoSeedJob: - mongodbRootUserSecretKeyRef: - name: cf-codefresh-ext-mongo - key: mongodb-root-user - mongodbRootPasswordSecretKeyRef: - name: cf-codefresh-ext-mongo - key: mongodb-root-password - - postgresSeedJob: - postgresUserSecretKeyRef: - name: cf-codefresh-ext-postgres - key: postgres-user - postgresPasswordSecretKeyRef: - name: cf-codefresh-ext-postgres - key: postgres-password - global: appUrl: "" # placeholder - firebaseUrlSecretKeyRef: - name: cf-codefresh-ext-firebase - key: firebase-url - firebaseSecretSecretKeyRef: - name: cf-codefresh-ext-firebase - key: firebase-secret - - mongodbUserSecretKeyRef: - name: cf-codefresh-ext-mongo - key: mongodb-user - mongodbPasswordSecretKeyRef: - name: cf-codefresh-ext-mongo - key: mongodb-password - mongodbHostSecretKeyRef: - name: cf-codefresh-ext-mongo - key: mongodb-host - - postgresHostnameSecretKeyRef: - name: cf-codefresh-ext-postgres - key: postgres-hostname - postgresPasswordSecretKeyRef: - name: cf-codefresh-ext-postgres - key: postgres-password - postgresUserSecretKeyRef: - name: cf-codefresh-ext-postgres - key: postgres-user - - rabbitmqHostnameSecretKeyRef: - name: cf-codefresh-ext-rabbitmq - key: rabbitmq-hostname - rabbitmqPasswordSecretKeyRef: - name: cf-codefresh-ext-rabbitmq - key: rabbitmq-password - rabbitmqUsernameSecretKeyRef: - name: cf-codefresh-ext-rabbitmq - key: rabbitmq-username - - redisPasswordSecretKeyRef: - name: cf-codefresh-ext-redis - key: redis-password - redisUrlSecretKeyRef: - name: cf-codefresh-ext-redis - key: redis-url cfapi: rbac: diff --git a/codefresh/.ci/values/external-secrets.yaml b/codefresh/.ci/values/external-secrets.yaml new file mode 100644 index 0000000000..7f82f184c5 --- /dev/null +++ b/codefresh/.ci/values/external-secrets.yaml @@ -0,0 +1,98 @@ +# values to emulate external secrets +secrets: + ext-mongo: + enabled: true + stringData: + mongodb-host: cf-mongodb:27017 + mongodb-password: mTiXcU2wafr9 + mongodb-user: cfuser + mongodb-root-user: root + mongodb-root-password: XT9nmM8dZD + ext-postgres: + enabled: true + stringData: + postgres-hostname: cf-postgresql + postgres-password: eC9arYka4ZbH + postgres-user: postgres + ext-redis: + enabled: true + stringData: + redis-url: cf-redis-master + redis-password: hoC9szf7NtrU + ext-rabbitmq: + enabled: true + stringData: + rabbitmq-hostname: cf-rabbitmq:5672 + rabbitmq-password: cVz9ZdJKYm7u + rabbitmq-username: user + ext-firebase: + enabled: true + stringData: + firebase-url: "" # placeholder for ${FIRBASE_URL} + firebase-secret: "" # placeholder for ${FIREBASE_SECRET} + e2e-mongo-uri: + enabled: true + stringData: + mongo-uri: mongodb://cfuser:mTiXcU2wafr9@cf-mongodb:27017/codefresh + +seed: + mongoSeedJob: + mongodbRootUserSecretKeyRef: + name: cf-codefresh-ext-mongo + key: mongodb-root-user + mongodbRootPasswordSecretKeyRef: + name: cf-codefresh-ext-mongo + key: mongodb-root-password + + postgresSeedJob: + postgresUserSecretKeyRef: + name: cf-codefresh-ext-postgres + key: postgres-user + postgresPasswordSecretKeyRef: + name: cf-codefresh-ext-postgres + key: postgres-password + +global: + firebaseUrlSecretKeyRef: + name: cf-codefresh-ext-firebase + key: firebase-url + firebaseSecretSecretKeyRef: + name: cf-codefresh-ext-firebase + key: firebase-secret + + mongodbUserSecretKeyRef: + name: cf-codefresh-ext-mongo + key: mongodb-user + mongodbPasswordSecretKeyRef: + name: cf-codefresh-ext-mongo + key: mongodb-password + mongodbHostSecretKeyRef: + name: cf-codefresh-ext-mongo + key: mongodb-host + + postgresHostnameSecretKeyRef: + name: cf-codefresh-ext-postgres + key: postgres-hostname + postgresPasswordSecretKeyRef: + name: cf-codefresh-ext-postgres + key: postgres-password + postgresUserSecretKeyRef: + name: cf-codefresh-ext-postgres + key: postgres-user + + rabbitmqHostnameSecretKeyRef: + name: cf-codefresh-ext-rabbitmq + key: rabbitmq-hostname + rabbitmqPasswordSecretKeyRef: + name: cf-codefresh-ext-rabbitmq + key: rabbitmq-password + rabbitmqUsernameSecretKeyRef: + name: cf-codefresh-ext-rabbitmq + key: rabbitmq-username + + redisPasswordSecretKeyRef: + name: cf-codefresh-ext-redis + key: redis-password + redisUrlSecretKeyRef: + name: cf-codefresh-ext-redis + key: redis-url \ No newline at end of file diff --git a/codefresh/.ci/values/mtls-mongodb-redis.yaml b/codefresh/.ci/values/mtls-mongodb-redis.yaml index 1abf5b39a3..cea05a324c 100644 --- a/codefresh/.ci/values/mtls-mongodb-redis.yaml +++ b/codefresh/.ci/values/mtls-mongodb-redis.yaml @@ -137,7 +137,6 @@ extraResources: kind: Service metadata: name: cf-redis - namespace: codefresh-mtls spec: ports: - name: tcp-redis diff --git a/codefresh/.ci/values/values-install-only.yaml b/codefresh/.ci/values/values-install-only.yaml new file mode 100644 index 0000000000..daf376de8a --- /dev/null +++ b/codefresh/.ci/values/values-install-only.yaml @@ -0,0 +1,11 @@ +# -- checking postgresql password with special characters +postgresql: + auth: + postgresPassword: "()e%C9ar$Yka4Zb!H" + +global: + postgresPassword: "()e%C9ar$Yka4Zb!H" + +seed: + postgresSeedJob: + postgresPassword: "()e%C9ar$Yka4Zb!H" \ No newline at end of file diff --git a/codefresh/.ci/values/values-openshift.yaml b/codefresh/.ci/values/values-openshift.yaml new file mode 100644 index 0000000000..ec23e4e07d --- /dev/null +++ b/codefresh/.ci/values/values-openshift.yaml @@ -0,0 +1,4 @@ +# values provided for openshift cluster +cfapi: + podSecurityContext: + runAsUser: 1000620000 \ No newline at end of file diff --git a/codefresh/.ci/values/values-upgrade-only.yaml b/codefresh/.ci/values/values-upgrade-only.yaml new file mode 100644 index 0000000000..69697559bb --- /dev/null +++ b/codefresh/.ci/values/values-upgrade-only.yaml @@ -0,0 +1,4 @@ +# -- test change passwords on upgrade +global: + mongodbPassword: 9rfa2UcXiTm + diff --git a/codefresh/.ci/values/values-upgrade.yaml b/codefresh/.ci/values/values-upgrade.yaml deleted file mode 100644 index 748d509d5f..0000000000 --- a/codefresh/.ci/values/values-upgrade.yaml +++ /dev/null @@ -1,3 +0,0 @@ -cfapi: - rbac: - namespaced: true diff --git a/codefresh/Chart.lock b/codefresh/Chart.lock index b735f5533d..c72869b643 100644 --- a/codefresh/Chart.lock +++ b/codefresh/Chart.lock @@ -7,7 +7,7 @@ dependencies: version: 0.9.0 - name: consul repository: https://charts.bitnami.com/bitnami - version: 11.3.13 + version: 11.3.21 - name: mongodb repository: https://charts.bitnami.com/bitnami version: 14.4.1 @@ -19,16 +19,16 @@ dependencies: version: 12.0.4 - name: redis repository: https://charts.bitnami.com/bitnami - version: 20.0.3 + version: 20.3.0 - name: redis-ha repository: https://dandydeveloper.github.io/charts version: 4.26.1 - name: rabbitmq repository: https://charts.bitnami.com/bitnami - version: 14.6.9 + version: 14.7.0 - name: nats repository: https://charts.bitnami.com/bitnami - version: 8.3.2 + version: 8.4.9 - name: builder repository: oci://quay.io/codefresh/charts version: 1.3.0 @@ -37,123 +37,123 @@ dependencies: version: 1.3.0 - name: ingress-nginx repository: https://kubernetes.github.io/ingress-nginx - version: 4.10.0 + version: 4.11.2 - name: cluster-providers repository: oci://quay.io/codefresh/charts - version: 1.17.7 + version: 1.17.10 - name: kube-integration repository: oci://quay.io/codefresh/charts - version: 1.31.8 + version: 1.31.11 - name: charts-manager repository: oci://quay.io/codefresh/charts - version: 1.18.1 + version: 1.18.2 - name: cfsign repository: oci://quay.io/codefresh/charts - version: 1.8.2 + version: 1.8.6 - name: tasker-kubernetes repository: oci://quay.io/codefresh/charts - version: 1.26.9 + version: 1.26.13 - name: context-manager repository: oci://quay.io/codefresh/charts - version: 2.30.1 + version: 2.31.2 - name: pipeline-manager repository: oci://quay.io/codefresh/charts - version: 3.135.7 + version: 3.137.5 - name: gitops-dashboard-manager repository: oci://quay.io/codefresh/charts - version: 1.14.14 + version: 1.14.16 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.260.37 + version: 21.268.1 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.260.37 + version: 21.268.1 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.260.37 + version: 21.268.1 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.260.37 + version: 21.268.1 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.260.37 + version: 21.268.1 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.260.37 + version: 21.268.1 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.260.37 + version: 21.268.1 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.260.37 + version: 21.268.1 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.260.37 + version: 21.268.1 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.260.37 + version: 21.268.1 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.260.37 + version: 21.268.1 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.260.37 + version: 21.268.1 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.260.37 + version: 21.268.1 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.260.37 + version: 21.268.1 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.260.37 + version: 21.268.1 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.260.37 + version: 21.268.1 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.260.37 + version: 21.268.1 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.260.37 + version: 21.268.1 - name: cfui repository: oci://quay.io/codefresh/charts - version: 14.95.75 + version: 14.96.72 - name: k8s-monitor repository: oci://quay.io/codefresh/charts - version: 4.11.7 + version: 4.11.10 - name: runtime-environment-manager repository: oci://quay.io/codefresh/charts - version: 3.36.3 + version: 3.38.2 - name: cf-broadcaster repository: oci://quay.io/codefresh/charts - version: 1.12.14 + version: 1.12.17 - name: helm-repo-manager repository: oci://quay.io/codefresh/charts - version: 0.16.1 + version: 0.17.1 - name: hermes repository: oci://quay.io/codefresh/charts - version: 0.21.9 + version: 0.21.14 - name: nomios repository: oci://quay.io/codefresh/charts - version: 0.11.6 + version: 0.11.8 - name: cronus repository: oci://quay.io/codefresh/charts - version: 0.8.6 + version: 0.8.8 - name: cf-platform-analytics repository: oci://quay.io/codefresh/charts - version: 0.49.59 + version: 0.49.72 - name: cf-platform-analytics repository: oci://quay.io/codefresh/charts - version: 0.49.59 + version: 0.49.72 - name: argo-platform repository: oci://quay.io/codefresh/charts - version: 1.3035.0 + version: 1.3167.0 - name: argo-hub-platform repository: oci://quay.io/codefresh/charts - version: 0.1.14 + version: 0.1.16 - name: cf-oidc-provider repository: oci://quay.io/codefresh/charts version: 0.0.15 -digest: sha256:2a17a7e71f24546411100242dc899cdf51477191fc6040ab9aff37ce32801337 -generated: "2024-09-08T13:36:22.908665155+03:00" +digest: sha256:6f7dc6701316959174ba381d53d554ca6100f60332aba2a15a6526771587bec3 +generated: "2024-12-03T15:33:55.201146+03:00" diff --git a/codefresh/Chart.yaml b/codefresh/Chart.yaml index 2e0a978b03..406cd914c0 100644 --- a/codefresh/Chart.yaml +++ b/codefresh/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 description: Helm Chart for Codefresh On-Prem name: codefresh -version: 2.5.0 +version: 2.6.0 keywords: - codefresh home: https://codefresh.io/ @@ -11,17 +11,15 @@ sources: maintainers: - name: codefresh url: https://codefresh-io.github.io/ -appVersion: 2.5.0 +appVersion: 2.6.0 annotations: - # artifacthub.io/prerelease: "true" + artifacthub.io/prerelease: "true" artifacthub.io/alternativeName: "codefresh-onprem" # artifacthub.io/containsSecurityUpdates: "true" # supported kinds are added, changed, deprecated, removed, fixed and security. artifacthub.io/changes: | - - kind: fixed - description: "Fix E2E tests" - kind: changed - description: "Update feature flags" + description: "Initial onprem 2.6.1 release" dependencies: - name: cf-common repository: oci://quay.io/codefresh/charts @@ -31,7 +29,7 @@ dependencies: version: 0.9.0 condition: internal-gateway.enabled - name: consul - version: 11.3.13 + version: 11.3.21 repository: https://charts.bitnami.com/bitnami condition: consul.enabled - name: mongodb @@ -47,7 +45,7 @@ dependencies: repository: oci://registry-1.docker.io/bitnamicharts condition: postgresql-ha.enabled - name: redis - version: 20.0.3 + version: 20.3.0 repository: https://charts.bitnami.com/bitnami condition: redis.enabled - name: redis-ha @@ -55,11 +53,11 @@ dependencies: version: 4.26.1 condition: redis-ha.enabled - name: rabbitmq - version: 14.6.9 + version: 14.7.0 repository: https://charts.bitnami.com/bitnami condition: rabbitmq.enabled - name: nats - version: 8.3.2 + version: 8.4.9 repository: https://charts.bitnami.com/bitnami condition: nats.enabled - name: builder @@ -71,7 +69,7 @@ dependencies: condition: runner.enabled version: 1.3.0 - name: ingress-nginx - version: 4.10.0 + version: 4.11.2 repository: https://kubernetes.github.io/ingress-nginx condition: ingress-nginx.enabled - name: cluster-providers @@ -83,7 +81,7 @@ dependencies: repository: oci://quay.io/codefresh/charts condition: kube-integration.enabled - name: charts-manager - version: "*" + version: "~1.18.0" repository: oci://quay.io/codefresh/charts condition: charts-manager.enabled - name: cfsign diff --git a/codefresh/README.md b/codefresh/README.md index cc4d044bf1..0b0f59f6a0 100644 --- a/codefresh/README.md +++ b/codefresh/README.md @@ -1,6 +1,6 @@ ## Codefresh On-Premises -![Version: 2.5.0](https://img.shields.io/badge/Version-2.5.0-informational?style=flat-square) ![AppVersion: 2.5.0](https://img.shields.io/badge/AppVersion-2.5.0-informational?style=flat-square) +![Version: 2.6.0](https://img.shields.io/badge/Version-2.6.0-informational?style=flat-square) ![AppVersion: 2.6.0](https://img.shields.io/badge/AppVersion-2.6.0-informational?style=flat-square) Helm chart for deploying [Codefresh On-Premises](https://codefresh.io/docs/docs/getting-started/intro-to-codefresh/) to Kubernetes. @@ -35,15 +35,16 @@ Helm chart for deploying [Codefresh On-Premises](https://codefresh.io/docs/docs/ - [X-Frame-Options response header](#x-frame-options-response-header) - [Configuring OIDC Provider](#configuring-oidc-provider) - [Upgrading](#upgrading) - - [To 2.0.0](#to-2-0-0) - - [To 2.0.12](#to-2-0-12) - - [To 2.0.17](#to-2-0-17) - - [To 2.1.0](#to-2-1-0) - - [To 2.1.7](#to-2-1-7) - - [To 2.2.0](#to-2-2-0) - - [To 2.3.0](#to-2-3-0) - - [To 2.4.0](#to-2-4-0) - - [To 2.5.0](#to-2-5-0) + - [To 2.0.0](#to-200) + - [To 2.0.12](#to-2012) + - [To 2.0.17](#to-2017) + - [To 2.1.0](#to-210) + - [To 2.1.7](#to-217) + - [To 2.2.0](#to-220) + - [To 2.3.0](#to-230) + - [To 2.4.0](#to-240) + - [To 2.5.0](#to-250) + - [To 2.6.0](#to-260) - [Rollback](#rollback) - [Troubleshooting](#troubleshooting) - [Values](#values) @@ -55,7 +56,7 @@ Helm chart for deploying [Codefresh On-Premises](https://codefresh.io/docs/docs/ ## Prerequisites -- Kubernetes **>= 1.25 && <= 1.29** (Supported versions mean that installation passed for the versions listed; however, it **may** work on older k8s versions as well) +- Kubernetes **>= 1.28 && <= 1.31** (Supported versions mean that installation passed for the versions listed; however, it **may** work on older k8s versions as well) - Helm **3.8.0+** - PV provisioner support in the underlying infrastructure (with [resizing](https://kubernetes.io/blog/2018/07/12/resizing-persistent-volumes-using-kubernetes/) available) - Minimal 4vCPU and 8Gi Memory available in the cluster (for production usage the recommended minimal cluster capacity is at least 12vCPUs and 36Gi Memory) @@ -180,7 +181,7 @@ The following table displays the list of **persistent** services created as part | Database | Purpose | Latest supported version | | :--- | :---- | :--- | -| MongoDB | Stores all account data (account settings, users, projects, pipelines, builds etc.) | 6.x | +| MongoDB | Stores all account data (account settings, users, projects, pipelines, builds etc.) | 4.4.x | | Postgresql | Stores data about events for the account (pipeline updates, deletes, etc.). The audit log uses the data from this database. | 13.x | | Redis | Used for caching, and as a key-value store for cron trigger manager. | 7.0.x | @@ -202,7 +203,7 @@ However, you might need to use external services like [MongoDB Atlas Database](h #### External MongoDB -**Important:** Recommended version of Mongo is 6.x +**Important:** Recommended version of Mongo is 4.4.x ```yaml seed: @@ -1923,6 +1924,10 @@ cfapi: ### [What's new in 2.5.x](https://codefresh.io/docs/docs/whats-new/on-prem-release-notes/#on-premises-version-25) +### To 2.6.0 + +### [What's new in 2.6.x](https://codefresh.io/docs/docs/whats-new/on-prem-release-notes/#on-premises-version-26) + ## Troubleshooting ### Error: Failed to validate connection to Docker daemon; caused by Error: certificate has expired @@ -2019,7 +2024,7 @@ kubectl -n $NAMESPACE delete secret codefresh-certs-server | argo-platform.runtime-monitor | object | See below | runtime-monitor Don't enable! Not used in onprem! | | argo-platform.ui | object | See below | ui | | argo-platform.useExternalSecret | bool | `false` | Use regular k8s secret object. Keep `false`! | -| builder | object | `{"affinity":{},"container":{"image":{"registry":"docker.io","repository":"library/docker","tag":"27.0-dind"}},"enabled":true,"initContainers":{"register":{"image":{"registry":"quay.io","repository":"codefresh/curl","tag":"8.4.0"}}},"nodeSelector":{},"podSecurityContext":{},"resources":{},"tolerations":[]}` | builder | +| builder | object | `{"affinity":{},"container":{"image":{"registry":"docker.io","repository":"library/docker","tag":"27.3-dind"}},"enabled":true,"initContainers":{"register":{"image":{"registry":"quay.io","repository":"codefresh/curl","tag":"8.10.1"}}},"nodeSelector":{},"podSecurityContext":{},"resources":{},"tolerations":[]}` | builder | | cf-broadcaster | object | See below | broadcaster | | cf-oidc-provider | object | See below | cf-oidc-provider | | cf-platform-analytics-etlstarter | object | See below | etl-starter | diff --git a/codefresh/README.md.gotmpl b/codefresh/README.md.gotmpl index 0d52ee1673..335079a251 100644 --- a/codefresh/README.md.gotmpl +++ b/codefresh/README.md.gotmpl @@ -35,15 +35,16 @@ Helm chart for deploying [Codefresh On-Premises](https://codefresh.io/docs/docs/ - [X-Frame-Options response header](#x-frame-options-response-header) - [Configuring OIDC Provider](#configuring-oidc-provider) - [Upgrading](#upgrading) - - [To 2.0.0](#to-2-0-0) - - [To 2.0.12](#to-2-0-12) - - [To 2.0.17](#to-2-0-17) - - [To 2.1.0](#to-2-1-0) - - [To 2.1.7](#to-2-1-7) - - [To 2.2.0](#to-2-2-0) - - [To 2.3.0](#to-2-3-0) - - [To 2.4.0](#to-2-4-0) - - [To 2.5.0](#to-2-5-0) + - [To 2.0.0](#to-200) + - [To 2.0.12](#to-2012) + - [To 2.0.17](#to-2017) + - [To 2.1.0](#to-210) + - [To 2.1.7](#to-217) + - [To 2.2.0](#to-220) + - [To 2.3.0](#to-230) + - [To 2.4.0](#to-240) + - [To 2.5.0](#to-250) + - [To 2.6.0](#to-260) - [Rollback](#rollback) - [Troubleshooting](#troubleshooting) - [Values](#values) @@ -56,7 +57,7 @@ Helm chart for deploying [Codefresh On-Premises](https://codefresh.io/docs/docs/ ## Prerequisites -- Kubernetes **>= 1.25 && <= 1.29** (Supported versions mean that installation passed for the versions listed; however, it **may** work on older k8s versions as well) +- Kubernetes **>= 1.28 && <= 1.31** (Supported versions mean that installation passed for the versions listed; however, it **may** work on older k8s versions as well) - Helm **3.8.0+** - PV provisioner support in the underlying infrastructure (with [resizing](https://kubernetes.io/blog/2018/07/12/resizing-persistent-volumes-using-kubernetes/) available) - Minimal 4vCPU and 8Gi Memory available in the cluster (for production usage the recommended minimal cluster capacity is at least 12vCPUs and 36Gi Memory) @@ -1931,6 +1932,10 @@ cfapi: ### [What's new in 2.5.x](https://codefresh.io/docs/docs/whats-new/on-prem-release-notes/#on-premises-version-25) +### To 2.6.0 + +### [What's new in 2.6.x](https://codefresh.io/docs/docs/whats-new/on-prem-release-notes/#on-premises-version-26) + ## Troubleshooting ### Error: Failed to validate connection to Docker daemon; caused by Error: certificate has expired diff --git a/codefresh/files/mongoSeedJobScript.sh b/codefresh/files/mongoSeedJobScript.sh index aaf2eabe51..3bcaf6f98a 100644 --- a/codefresh/files/mongoSeedJobScript.sh +++ b/codefresh/files/mongoSeedJobScript.sh @@ -75,13 +75,15 @@ waitForMongoDB getMongoVersion for MONGODB_DATABASE in ${MONGODB_DATABASES[@]}; do - mongosh ${MONGODB_ROOT_URI} --eval "db.getSiblingDB(\"${MONGODB_DATABASE}\").createUser({user: \"${MONGODB_USER}\", pwd: \"${MONGODB_PASSWORD}\", roles: [\"readWrite\"]})" || true - mongosh ${MONGODB_ROOT_URI} --eval "db.getSiblingDB(\"${MONGODB_DATABASE}\").changeUserPassword(\"${MONGODB_USER}\",\"${MONGODB_PASSWORD}\")" || true + waitForMongoDB + mongosh ${MONGODB_ROOT_URI} --eval "db.getSiblingDB(\"${MONGODB_DATABASE}\").createUser({user: \"${MONGODB_USER}\", pwd: \"${MONGODB_PASSWORD}\", roles: [\"readWrite\"]})" 2>&1 || true + waitForMongoDB + mongosh ${MONGODB_ROOT_URI} --eval "db.getSiblingDB(\"${MONGODB_DATABASE}\").changeUserPassword(\"${MONGODB_USER}\",\"${MONGODB_PASSWORD}\")" 2>&1 || true done -mongosh ${MONGODB_ROOT_URI} --eval "db.getSiblingDB(\"codefresh\").grantRolesToUser( \"${MONGODB_USER}\", [ { role: \"readWrite\", db: \"pipeline-manager\" } ] )" || true -mongosh ${MONGODB_ROOT_URI} --eval "db.getSiblingDB(\"codefresh\").grantRolesToUser( \"${MONGODB_USER}\", [ { role: \"readWrite\", db: \"platform-analytics-postgres\" } ] )" || true -mongosh ${MONGODB_ROOT_URI} --eval "db.getSiblingDB(\"codefresh\").changeUserPassword(\"${MONGODB_USER}\",\"${MONGODB_PASSWORD}\")" || true +mongosh ${MONGODB_ROOT_URI} --eval "db.getSiblingDB(\"codefresh\").grantRolesToUser( \"${MONGODB_USER}\", [ { role: \"readWrite\", db: \"pipeline-manager\" } ] )" 2>&1 || true +mongosh ${MONGODB_ROOT_URI} --eval "db.getSiblingDB(\"codefresh\").grantRolesToUser( \"${MONGODB_USER}\", [ { role: \"readWrite\", db: \"platform-analytics-postgres\" } ] )" 2>&1 || true +mongosh ${MONGODB_ROOT_URI} --eval "db.getSiblingDB(\"codefresh\").changeUserPassword(\"${MONGODB_USER}\",\"${MONGODB_PASSWORD}\")" 2>&1 || true mongoimport --uri ${MONGO_URI} --collection idps --type json --legacy --file ${ASSETS_PATH}idps.json mongoimport --uri ${MONGO_URI} --collection accounts --type json --legacy --file ${ASSETS_PATH}accounts.json diff --git a/codefresh/templates/secrets/secret.yaml b/codefresh/templates/secrets/secret.yaml index 8d832196fe..e0fa81259e 100644 --- a/codefresh/templates/secrets/secret.yaml +++ b/codefresh/templates/secrets/secret.yaml @@ -7,26 +7,26 @@ metadata: name: {{ include "codefresh.fullname" . }} labels: {{ include "codefresh.labels" . | nindent 4 }} -stringData: +data: # new MONGODB_* secrets - MONGODB_HOST: {{ coalesce .Values.global.mongodbHost }} - MONGODB_PASSWORD: {{ coalesce .Values.global.mongodbPassword }} - MONGODB_USER: {{ coalesce .Values.global.mongodbUser }} - MONGODB_OPTIONS: {{ coalesce .Values.global.mongodbOptions }} - MONGODB_DATABASE: {{ coalesce .Values.global.mongodbDatabase | default "codefresh" }} - MONGODB_PROTOCOL: {{ coalesce .Values.global.mongodbProtocol | default "mongodb" }} + MONGODB_HOST: {{ coalesce .Values.global.mongodbHost | b64enc }} + MONGODB_PASSWORD: {{ coalesce .Values.global.mongodbPassword | b64enc }} + MONGODB_USER: {{ coalesce .Values.global.mongodbUser | b64enc }} + MONGODB_OPTIONS: {{ coalesce .Values.global.mongodbOptions | b64enc }} + MONGODB_DATABASE: {{ coalesce .Values.global.mongodbDatabase | default "codefresh" | b64enc }} + MONGODB_PROTOCOL: {{ coalesce .Values.global.mongodbProtocol | default "mongodb" | b64enc }} # legacy MONGODB_* secrets - MONGODB_ROOT_USER: {{ coalesce .Values.global.mongodbRootUser .Values.seed.mongoSeedJob.mongodbRootUser }} - MONGODB_ROOT_PASSWORD: {{ urlquery (coalesce .Values.global.mongodbRootPassword .Values.seed.mongoSeedJob.mongodbRootPassword) }} - MONGO_URI: {{ .Values.global.mongoURI | default "empty" }} - MONGO_URI_RE_MANAGER: {{ include (printf "%s.classic.calculateMongoUri" $libTemplateName) (dict "dbName" "runtime-environment-manager" "mongoURI" .Values.global.mongoURI) | default "empty" }} - MONGODB_RE_DATABASE: runtime-environment-manager + MONGODB_ROOT_USER: {{ coalesce .Values.global.mongodbRootUser .Values.seed.mongoSeedJob.mongodbRootUser | b64enc }} + MONGODB_ROOT_PASSWORD: {{ urlquery (coalesce .Values.global.mongodbRootPassword .Values.seed.mongoSeedJob.mongodbRootPassword) | b64enc }} + MONGO_URI: {{ .Values.global.mongoURI | default "empty" | b64enc}} + MONGO_URI_RE_MANAGER: {{ include (printf "%s.classic.calculateMongoUri" $libTemplateName) (dict "dbName" "runtime-environment-manager" "mongoURI" .Values.global.mongoURI) | default "empty" | b64enc }} + MONGODB_RE_DATABASE: {{ printf "%s" "runtime-environment-manager" | b64enc }} - POSTGRES_USER: {{ coalesce .Values.global.postgresUser }} - POSTGRES_PASSWORD: {{ coalesce .Values.global.postgresPassword }} - POSTGRES_SEED_USER: {{ (coalesce .Values.seed.postgresSeedJob.postgresUser .Values.global.postgresSeedJob.postgresUser) | default .Values.global.postgresUser }} - POSTGRES_SEED_PASSWORD: {{ (coalesce .Values.seed.postgresSeedJob.postgresPassword .Values.global.postgresSeedJob.postgresPassword) | default .Values.global.postgresPassword }} - POSTGRES_HOSTNAME: {{ default (printf "%s-%s" .Release.Name .Values.global.postgresService) .Values.global.postgresHostname }} - POSTGRES_PORT: {{ coalesce .Values.global.postgresPort | default 5432 | quote }} - POSTGRES_DATABASE: {{ .Values.global.postgresDatabase | default "codefresh" }} \ No newline at end of file + POSTGRES_USER: {{ coalesce .Values.global.postgresUser | b64enc }} + POSTGRES_PASSWORD: {{ coalesce .Values.global.postgresPassword | b64enc }} + POSTGRES_SEED_USER: {{ (coalesce .Values.seed.postgresSeedJob.postgresUser .Values.global.postgresSeedJob.postgresUser) | default .Values.global.postgresUser | b64enc}} + POSTGRES_SEED_PASSWORD: {{ (coalesce .Values.seed.postgresSeedJob.postgresPassword .Values.global.postgresSeedJob.postgresPassword) | default .Values.global.postgresPassword | b64enc }} + POSTGRES_HOSTNAME: {{ default (printf "%s-%s" .Release.Name .Values.global.postgresService) .Values.global.postgresHostname | b64enc }} + POSTGRES_PORT: {{ printf "%v" .Values.global.postgresPort | b64enc }} + POSTGRES_DATABASE: {{ .Values.global.postgresDatabase | default "codefresh" | b64enc }} diff --git a/codefresh/templates/seed/postgres-seed-job.yaml b/codefresh/templates/seed/postgres-seed-job.yaml index 4791920025..5a18b31e9d 100644 --- a/codefresh/templates/seed/postgres-seed-job.yaml +++ b/codefresh/templates/seed/postgres-seed-job.yaml @@ -39,6 +39,10 @@ spec: {{- include "codefresh.postgres-password-env-var-value" . | indent 12 }} - name: POSTGRES_HOSTNAME {{- include "codefresh.postgres-host-env-var-value" . | indent 12 }} + - name: POSTGRES_SEED_USER + {{- include "codefresh.postgres-seed-user-env-var-value" . | indent 12 }} + - name: POSTGRES_SEED_PASSWORD + {{- include "codefresh.postgres-seed-password-env-var-value" . | indent 12 }} resources: {{- toYaml .Values.seed.resources | nindent 10 }} command: diff --git a/codefresh/values.yaml b/codefresh/values.yaml index e97f22c61e..1c3ca5f26e 100644 --- a/codefresh/values.yaml +++ b/codefresh/values.yaml @@ -14,7 +14,7 @@ gencerts: image: registry: quay.io repository: codefresh/kubectl - tag: 1.29.2 + tag: 1.31.2 rbac: enabled: true ttlSecondsAfterFinished: 300 @@ -36,7 +36,7 @@ seed: image: registry: quay.io repository: codefresh/mongosh - tag: 2.1.1 + tag: 2.3.1 # -- Root user in plain text (required ONLY for seed job!). mongodbRootUser: "root" # -- Root user from existing secret @@ -425,7 +425,7 @@ hooks: image: registry: quay.io repository: codefresh/mongosh - tag: 2.1.1 + tag: 2.3.1 affinity: {} nodeSelector: {} podSecurityContext: {} @@ -455,20 +455,20 @@ postgresqlCleanJob: # @default -- See below runtimeImages: COMPOSE_IMAGE: quay.io/codefresh/compose:v2.28.1-1.5.0 - CONTAINER_LOGGER_IMAGE: quay.io/codefresh/cf-container-logger:1.11.6 - DIND_IMAGE: quay.io/codefresh/dind:26.1.4-1.28.7 - DOCKER_BUILDER_IMAGE: quay.io/codefresh/cf-docker-builder:1.3.13 - DOCKER_PULLER_IMAGE: quay.io/codefresh/cf-docker-puller:8.0.17 - DOCKER_PUSHER_IMAGE: quay.io/codefresh/cf-docker-pusher:6.0.16 - DOCKER_TAG_PUSHER_IMAGE: quay.io/codefresh/cf-docker-tag-pusher:1.3.14 - ENGINE_IMAGE: quay.io/codefresh/engine:1.174.7 + CONTAINER_LOGGER_IMAGE: us-docker.pkg.dev/codefresh-inc/public-gcr-io/codefresh/cf-container-logger:1.11.7 + DIND_IMAGE: us-docker.pkg.dev/codefresh-inc/public-gcr-io/codefresh/dind:26.1.4-1.28.8 + DOCKER_BUILDER_IMAGE: quay.io/codefresh/cf-docker-builder:1.3.17 + DOCKER_PULLER_IMAGE: quay.io/codefresh/cf-docker-puller:8.0.18 + DOCKER_PUSHER_IMAGE: us-docker.pkg.dev/codefresh-inc/public-gcr-io/codefresh/cf-docker-pusher:6.0.16 + DOCKER_TAG_PUSHER_IMAGE: quay.io/codefresh/cf-docker-tag-pusher:1.3.15 + ENGINE_IMAGE: us-docker.pkg.dev/codefresh-inc/public-gcr-io/codefresh/engine:1.174.19 FS_OPS_IMAGE: quay.io/codefresh/fs-ops:1.2.7 - GIT_CLONE_IMAGE: quay.io/codefresh/cf-git-cloner:10.1.28 + GIT_CLONE_IMAGE: quay.io/codefresh/cf-git-cloner:10.2.0 KUBE_DEPLOY: quay.io/codefresh/cf-deploy-kubernetes:16.2.6 - PIPELINE_DEBUGGER_IMAGE: quay.io/codefresh/cf-debugger:1.3.5 + PIPELINE_DEBUGGER_IMAGE: quay.io/codefresh/cf-debugger:1.3.6 TEMPLATE_ENGINE: quay.io/codefresh/pikolo:0.14.1 - CR_6177_FIXER: docker.io/library/alpine:edge - GC_BUILDER_IMAGE: docker.io/library/alpine:edge + CR_6177_FIXER: docker.io/library/alpine:3.20 + GC_BUILDER_IMAGE: docker.io/library/alpine:3.20 #-------------------- # Codefresh subcharts @@ -766,7 +766,7 @@ cfsign: image: registry: quay.io repository: codefresh/curl - tag: 8.5.0 + tag: 8.10.1 affinity: {} nodeSelector: {} podSecurityContext: {} @@ -965,6 +965,8 @@ hermes: ingress-nginx: enabled: true controller: + enableAnnotationValidations: true + allowSnippetAnnotations: true ingressClassResource: enabled: true default: false @@ -1187,12 +1189,12 @@ builder: image: registry: quay.io repository: codefresh/curl - tag: 8.4.0 + tag: 8.10.1 container: image: registry: docker.io repository: library/docker - tag: 27.0-dind + tag: 27.3-dind affinity: {} nodeSelector: {} podSecurityContext: {} @@ -1208,12 +1210,12 @@ runner: image: registry: quay.io repository: codefresh/curl - tag: 8.4.0 + tag: 8.10.1 container: image: registry: docker.io repository: library/docker - tag: 27.0-dind + tag: 27.3-dind affinity: {} nodeSelector: {} podSecurityContext: {}