diff --git a/charts/gitops-runtime/Chart.yaml b/charts/gitops-runtime/Chart.yaml index 10c9a098..e9c0845b 100644 --- a/charts/gitops-runtime/Chart.yaml +++ b/charts/gitops-runtime/Chart.yaml @@ -17,6 +17,7 @@ dependencies: - name: argo-cd repository: https://codefresh-io.github.io/argo-helm version: 7.4.7-8-cap-2.12.3-2024.12.17-4d75d35f4 + condition: argo-cd.enabled - name: argo-events repository: https://codefresh-io.github.io/argo-helm version: 2.4.7-1-cap-CR-24607 @@ -37,8 +38,8 @@ dependencies: alias: tunnel-client condition: tunnel-client.enabled - name: codefresh-gitops-operator - repository: oci://quay.io/codefresh/charts - version: 0.3.17 + repository: oci://quay.io/codefresh/charts/dev + version: 0.0.0-cr-26342-support-byoacd alias: gitops-operator condition: gitops-operator.enabled - name: garage diff --git a/charts/gitops-runtime/templates/_components/_common_helpers.yaml b/charts/gitops-runtime/templates/_components/_common_helpers.yaml index a7d7b4fb..c9755d82 100644 --- a/charts/gitops-runtime/templates/_components/_common_helpers.yaml +++ b/charts/gitops-runtime/templates/_components/_common_helpers.yaml @@ -28,4 +28,4 @@ env: {{- end }} {{- end }} {{- end }} -{{- end -}} \ No newline at end of file +{{- end -}} diff --git a/charts/gitops-runtime/templates/_components/cap-app-proxy/_config.yaml b/charts/gitops-runtime/templates/_components/cap-app-proxy/_config.yaml index 8485c411..61c48eac 100644 --- a/charts/gitops-runtime/templates/_components/cap-app-proxy/_config.yaml +++ b/charts/gitops-runtime/templates/_components/cap-app-proxy/_config.yaml @@ -1,14 +1,14 @@ {{- define "cap-app-proxy.resources.configmap-documented-configs"}} -argoCdUrl: {{ .Values.config.argoCdUrl }} -argoCdUsername: {{ .Values.config.argoCdUsername }} -argoWorkflowsInsecure: {{ .Values.config.argoWorkflowsInsecure | quote }} +argoCdUrl: {{ .Values.argoCdCredentials.url }} +argoCdUsername: {{ .Values.argoCdCredentials.username }} argoWorkflowsUrl: {{ default "" .Values.config.argoWorkflowsUrl }} +argoWorkflowsInsecure: {{ .Values.config.argoWorkflowsInsecure | quote }} +skipGitPermissionValidation: {{ .Values.config.skipGitPermissionValidation | quote }} +logLevel: {{ .Values.config.logLevel | quote }} cors: {{ .Values.global.codefresh.url }} env: {{ .Values.config.env | quote}} isConfigurationRuntime: {{ .Values.global.runtime.isConfigurationRuntime | quote }} runtimeName: {{ required "global.runtime.name is required" .Values.global.runtime.name | quote}} -skipGitPermissionValidation: {{ .Values.config.skipGitPermissionValidation | quote }} -logLevel: {{ .Values.config.logLevel | quote }} {{- $enrichmentValues := get .Values "image-enrichment" }} {{- if $enrichmentValues.enabled }} enrichmentConcurrencyCmName: {{ $enrichmentValues.config.concurrencyCmName | quote}} diff --git a/charts/gitops-runtime/templates/_components/cap-app-proxy/environment-variables/_main-container.yaml b/charts/gitops-runtime/templates/_components/cap-app-proxy/environment-variables/_main-container.yaml index 7cef698f..7fd632bd 100644 --- a/charts/gitops-runtime/templates/_components/cap-app-proxy/environment-variables/_main-container.yaml +++ b/charts/gitops-runtime/templates/_components/cap-app-proxy/environment-variables/_main-container.yaml @@ -11,11 +11,6 @@ ARGO_CD_USERNAME: name: cap-app-proxy-cm key: argoCdUsername optional: true -ARGO_CD_PASSWORD: - valueFrom: - secretKeyRef: - name: argocd-initial-admin-secret - key: password ARGO_WORKFLOWS_INSECURE: valueFrom: configMapKeyRef: diff --git a/charts/gitops-runtime/templates/_helpers.tpl b/charts/gitops-runtime/templates/_helpers.tpl index d47df549..699c6878 100644 --- a/charts/gitops-runtime/templates/_helpers.tpl +++ b/charts/gitops-runtime/templates/_helpers.tpl @@ -1,10 +1,11 @@ {{/* Validation for secretKeyRef to avoid conflicting secret names with secrets created by controllers */}} -{{- define "codefresh-gitops-runtime.secret-name-validation"}} +{{- define "codefresh-gitops-runtime.secret-name-validation" }} {{- $reservedSecretNames := list "codefresh-token" }} {{- if has .name $reservedSecretNames }} {{- fail (printf "%s is a reserved name and is not allowed. Please use a different secret name" .name) }} {{- end }} {{- end }} + {{/* Expand the name of the chart. */}} @@ -77,7 +78,8 @@ Determine argocd server service name. Must be called with chart root context */}} {{- define "codefresh-gitops-runtime.argocd.server.servicename" -}} {{/* For now use template from ArgoCD chart until better approach */}} -{{- template "argo-cd.server.fullname" (dict "Values" (get .Values "argo-cd")) }} +{{- $argoCDValues := (get .Values "argo-cd") }} +{{- template "argo-cd.server.fullname" (dict "Values" $argoCDValues) }} {{- end }} {{/* @@ -85,7 +87,14 @@ Determine argocd repo server service name. Must be called with chart root contex */}} {{- define "codefresh-gitops-runtime.argocd.reposerver.servicename" -}} {{/* For now use template from ArgoCD chart until better approach */}} -{{- template "argo-cd.repoServer.fullname" (dict "Values" (get .Values "argo-cd")) }} +{{- $argoCDValues := (get .Values "argo-cd") }} +{{- if $argoCDValues.enabled }} + {{- template "argo-cd.repoServer.fullname" (dict "Values" $argoCDValues) }} +{{- else if $argoCDValues.byoRepoServerName }} + {{- $argoCDValues.byoRepoServerName }} +{{- else }} + {{- fail "Must supply byoRepoServerName if argo-cd.enabled is false" }} +{{- end }} {{- end }} {{/* @@ -93,15 +102,24 @@ Determine argocd argocd repo server port */}} {{- define "codefresh-gitops-runtime.argocd.reposerver.serviceport" -}} {{/* For now use template from ArgoCD chart until better approach */}} - {{- index .Values "argo-cd" "repoServer" "service" "port" }} +{{- $argoCDValues := (get .Values "argo-cd") }} +{{- if $argoCDValues.enabled }} + {{- index $argoCDValues "repoServer" "service" "port" }} +{{- else if $argoCDValues.byoRepoServerPort }} + {{- $argoCDValues.byoRepoServerPort }} +{{- else }} + {{- fail "Must supply byoRepoServerPort if argo-cd.enabled is false" }} +{{- end }} {{- end }} {{/* Determine argocd servicename. Must be called with chart root context +NOT BEING USED */}} {{- define "codefresh-gitops-runtime.argocd.appcontroller.serviceAccountName" -}} {{/* For now use template from ArgoCD chart until better approach */}} -{{- template "argo-cd.controllerServiceAccountName" (dict "Values" (get .Values "argo-cd")) }} +{{- $argoCDValues := (get .Values "argo-cd") }} +{{- template "argo-cd.controllerServiceAccountName" (dict "Values" $argoCDValues) }} {{- end }} {{/* @@ -112,48 +130,68 @@ Determine rollouts name {{- template "argo-rollouts.fullname" (dict "Values" (get .Values "argo-rollouts")) }} {{- end }} - {{/* Determine argocd server service port. Must be called with chart root context */}} {{- define "codefresh-gitops-runtime.argocd.server.serviceport" -}} {{- $argoCDValues := (get .Values "argo-cd") }} -{{- $port := 443 }} -{{- if hasKey $argoCDValues "configs" }} - {{- if hasKey $argoCDValues.configs "params" }} - {{- if hasKey $argoCDValues.configs.params "server.insecure" }} - {{- if (get $argoCDValues.configs.params "server.insecure") }} - {{- $port = 80 }} +{{- if $argoCDValues.enabled }} + {{- $port := 443 }} + {{- if hasKey $argoCDValues "configs" }} + {{- if hasKey $argoCDValues.configs "params" }} + {{- if hasKey $argoCDValues.configs.params "server.insecure" }} + {{- if (get $argoCDValues.configs.params "server.insecure") }} + {{- $port = 80 }} + {{- end }} {{- end }} {{- end }} {{- end }} + {{- print $port }} +{{- else if $argoCDValues.byoServerPort }} + {{ $argoCDValues.byoServerPort }} +{{- else }} + {{- fail "Must supply byoServerPort URL if argo-cd.enabled is false" }} +{{- end }} {{- end }} -{{- print $port }} -{{- end}} {{/* Determine argocd server url. Must be called with chart root context */}} {{- define "codefresh-gitops-runtime.argocd.server.url" -}} -{{- $protocol := "https" }} -{{- $port := include "codefresh-gitops-runtime.argocd.server.serviceport" . }} -{{- if (eq $port "80") }} - {{- $protocol = "http" }} -{{- end }} -{{- $url := include "codefresh-gitops-runtime.argocd.server.no-protocol-url" . }} -{{- printf "%s://%s" $protocol $url }} -{{- end}} +{{- $argoCDValues := (get .Values "argo-cd") }} +{{- if $argoCDValues.enabled }} + {{- $protocol := "https" }} + {{- $port := include "codefresh-gitops-runtime.argocd.server.serviceport" . }} + {{- if (eq $port "80") }} + {{- $protocol = "http" }} + {{- end }} + {{- $url := include "codefresh-gitops-runtime.argocd.server.no-protocol-url" . }} + {{- printf "%s://%s" $protocol $url }} +{{- else if $argoCDValues.byoServerUrl }} + {{- printf "%s" $argoCDValues.byoServerUrl }} +{{- else }} + {{- fail "Must supply byoServerUrl if argo-cd.enabled is false" }} +{{- end }} +{{- end }} {{/* Determine argocd server url witout the protocol. Must be called with chart root context */}} {{- define "codefresh-gitops-runtime.argocd.server.no-protocol-url" -}} {{- $argoCDValues := (get .Values "argo-cd") }} -{{- $serverName := include "codefresh-gitops-runtime.argocd.server.servicename" . }} -{{- $port := include "codefresh-gitops-runtime.argocd.server.serviceport" . }} -{{- $path := (get $argoCDValues.configs.params "server.rootpath") }} -{{- printf "%s:%s%s" $serverName $port $path }} -{{- end}} +{{- if $argoCDValues.enabled }} + {{- $serverName := include "codefresh-gitops-runtime.argocd.server.servicename" . }} + {{- $port := include "codefresh-gitops-runtime.argocd.server.serviceport" . }} + {{- $path := (get $argoCDValues.configs.params "server.rootpath") }} + {{- printf "%s:%s%s" $serverName $port $path }} +{{- else if $argoCDValues.byoServerUrl }} + {{- $urlDict := (urlParse $argoCDValues.byoServerUrl) }} + {{- $_ := set $urlDict "scheme" "" }} + {{- replace "//" "" (urlJoin $urlDict) }} +{{- else }} + {{- fail "Must supply byoServerUrl if argo-cd.enabled is false" }} +{{- end }} +{{- end }} {{/* Determine argo worklofws server name @@ -197,13 +235,12 @@ valueFrom: {{- include "codefresh-gitops-runtime.secret-name-validation" .Values.global.codefresh.userToken.secretKeyRef }} valueFrom: secretKeyRef: - {{- .Values.global.codefresh.userToken.secretKeyRef | toYaml | nindent 4 }} + {{- .Values.global.codefresh.userToken.secretKeyRef | toYaml | nindent 4 }} {{- else }} {{- fail "global.codefresh.userToken is mandatory. Set token or secretKeyRef!" }} {{- end }} {{- end }} - {{/* Get ingress url for both tunnel based and ingress based runtimes */}} @@ -240,12 +277,15 @@ Get ingress url for both tunnel based and ingress based runtimes Output comma separated list of installed runtime components */}} {{- define "codefresh-gitops-runtime.component-list"}} - {{- $argoCD := dict "name" "argocd" "version" (get .Subcharts "argo-cd").Chart.AppVersion }} {{- $argoEvents := dict "name" "argo-events" "version" (get .Subcharts "argo-events").Chart.AppVersion }} {{- $sealedSecrets := dict "name" "sealed-secrets" "version" (get .Subcharts "sealed-secrets").Chart.AppVersion }} {{- $internalRouter := dict "name" "internal-router" "version" .Chart.AppVersion }} {{- $appProxy := dict "name" "app-proxy" "version" (index (get .Values "app-proxy") "image" "tag") }} - {{- $comptList := list $argoCD $argoEvents $appProxy $sealedSecrets $internalRouter}} + {{- $comptList := list $argoEvents $appProxy $sealedSecrets $internalRouter}} + {{- if index (get .Values "argo-cd") "enabled" }} + {{- $argoCD := dict "name" "argocd" "version" (get .Subcharts "argo-cd").Chart.AppVersion }} + {{- $comptList = append $comptList $argoCD }} + {{- end }} {{- if index (get .Values "argo-rollouts") "enabled" }} {{- $rolloutReporter := dict "name" "rollout-reporter" "version" .Chart.AppVersion }} {{- $argoRollouts := dict "name" "argo-rollouts" "version" (get .Subcharts "argo-rollouts").Chart.AppVersion }} diff --git a/charts/gitops-runtime/templates/app-proxy/_app-proxy-env.yaml b/charts/gitops-runtime/templates/app-proxy/_app-proxy-env.yaml index 0937dfd6..0bd9a704 100644 --- a/charts/gitops-runtime/templates/app-proxy/_app-proxy-env.yaml +++ b/charts/gitops-runtime/templates/app-proxy/_app-proxy-env.yaml @@ -3,35 +3,46 @@ Some app-proxy environment variables are determined by values provided in other to keep the separation of components as pseudo library charts, they are defined here to be merged when app-proxy components are generated. */}} -{{- define "codefresh-gitops-runtime.app-proxy.calculated-env-vars"}} +{{- define "codefresh-gitops-runtime.app-proxy.calculated-env-vars" }} +ARGO_CD_PASSWORD: +{{- if .Values.argoCdCredentials.password }} + valueFrom: + secretKeyRef: + name: {{ .Values.argoCdCredentials.secretName }} + key: password +{{- else if .Values.argoCdCredentials.secretKeyRef }} + valueFrom: + secretKeyRef: + {{ .Values.argoCdCredentials.secretKeyRef | toYaml | nindent 6 }} +{{- end }} HELM_RELEASE_NAME: {{ .Release.Name }} USER_TOKEN: {{- include "codefresh-gitops-runtime.installation-token-env-var-value" . | nindent 2 }} {{- if or .Values.global.runtime.gitCredentials.password.value .Values.global.runtime.gitCredentials.password.secretKeyRef }} GIT_USERNAME: {{ .Values.global.runtime.gitCredentials.username }} GIT_PASSWORD: - {{- include "codefresh-gitops-runtime.runtime-gitcreds.password.env-var-value" . | nindent 2 }} + {{- include "codefresh-gitops-runtime.runtime-gitcreds.password.env-var-value" . | nindent 2 }} {{- end }} WORKFLOW_PIPELINES_WEBHOOKS_TLS_SECRET: codefresh-workflow-pipelines-tls -{{- /* Target account id, used for hosted runtimes registration. Not used in hybrid */}} + {{- /* Target account id, used for hosted runtimes registration. Not used in hybrid */}} {{- if .Values.global.runtime.codefreshHosted }} INSTALLATION_TYPE: HELM_HOSTED CODEFRESH_ADMIN_TOKEN: - {{- include "codefresh-gitops-runtime.installation-token-env-var-value" . | nindent 2 }} + {{- include "codefresh-gitops-runtime.installation-token-env-var-value" . | nindent 2 }} {{- if .Values.global.codefresh.accountId }} TARGET_RUNTIME_ACCOUNT_ID: {{ .Values.global.codefresh.accountId }} {{- else }} {{- fail "global.codefresh.accountId must be provided for hosted runtimes"}} {{- end }} {{- end }} -{{/* -This will promote argo-rollouts dependency version to app-proxy. -This will be used when installing argo-rollouts using button. -*/}} -{{- range $d := .Chart.Dependencies }} -{{- if eq $d.Name "argo-rollouts" }} + {{/* + This will promote argo-rollouts dependency version to app-proxy. + This will be used when installing argo-rollouts using button. + */}} + {{- range $d := .Chart.Dependencies }} + {{- if eq $d.Name "argo-rollouts" }} ROLLOUTS_HELM_REPOSITORY: {{ $d.Repository | quote }} ROLLOUTS_HELM_VERSION: {{ $d.Version | quote }} -{{- end }} -{{- end }} + {{- end }} + {{- end }} {{- end }} diff --git a/charts/gitops-runtime/templates/app-proxy/argocd-token-secret.yaml b/charts/gitops-runtime/templates/app-proxy/argocd-token-secret.yaml new file mode 100644 index 00000000..dd84e31c --- /dev/null +++ b/charts/gitops-runtime/templates/app-proxy/argocd-token-secret.yaml @@ -0,0 +1,12 @@ +{{- $appProxyValues := (get .Values "app-proxy") }} +{{- if $appProxyValues.argoCdCredentials.password -}} +apiVersion: v1 +kind: Secret +metadata: + name: {{ $appProxyValues.argoCdCredentials.secretName }} + labels: + {{- include "codefresh-gitops-runtime.labels" . | nindent 4 }} +type: Opaque +stringData: + token: {{ $appProxyValues.argoCdCredentials.password }} +{{- end }} diff --git a/charts/gitops-runtime/templates/app-proxy/config.yaml b/charts/gitops-runtime/templates/app-proxy/config.yaml index c71dd5fb..df2c1f9b 100644 --- a/charts/gitops-runtime/templates/app-proxy/config.yaml +++ b/charts/gitops-runtime/templates/app-proxy/config.yaml @@ -1,9 +1,9 @@ {{/* Check if installation token is string or secretKeyRef and add the value with currect structure to app-proxy values */}} -{{ $argoCdUrl := include "codefresh-gitops-runtime.argocd.server.url" . }} {{ $appProxyContext := deepCopy . }} {{ $_ := set $appProxyContext "Values" (get .Values "app-proxy") }} {{ $_ := set $appProxyContext.Values "global" (get .Values "global") }} {{- if not $appProxyContext.Values.config.argoCdUrl }} + {{ $argoCdUrl := include "codefresh-gitops-runtime.argocd.server.url" . }} {{ $_ := set $appProxyContext.Values.config "argoCdUrl" $argoCdUrl }} {{- end }} {{- if index (get .Values "argo-workflows") "enabled" }} diff --git a/charts/gitops-runtime/templates/app-proxy/deployment.yaml b/charts/gitops-runtime/templates/app-proxy/deployment.yaml index 15e25727..925aef0f 100644 --- a/charts/gitops-runtime/templates/app-proxy/deployment.yaml +++ b/charts/gitops-runtime/templates/app-proxy/deployment.yaml @@ -3,7 +3,7 @@ {{- $_ := set $appProxyContext.Values "global" (get .Values "global") }} {{/* Merge environment variables with the ones in _app-proxy-env.yaml */}} -{{- $mainContainerMergedValues := mergeOverwrite $appProxyContext.Values.env (include "codefresh-gitops-runtime.app-proxy.calculated-env-vars" . | fromYaml) }} +{{- $mainContainerMergedValues := mergeOverwrite $appProxyContext.Values.env (include "codefresh-gitops-runtime.app-proxy.calculated-env-vars" $appProxyContext | fromYaml) }} {{- $_ := set $appProxyContext.Values "env" $mainContainerMergedValues }} {{/* Add extra volumes (used for cutom tls) */}} diff --git a/charts/gitops-runtime/templates/gitops-operator.yaml b/charts/gitops-runtime/templates/gitops-operator.yaml index 95de6f96..c9c6f5ae 100644 --- a/charts/gitops-runtime/templates/gitops-operator.yaml +++ b/charts/gitops-runtime/templates/gitops-operator.yaml @@ -1,13 +1,13 @@ {{- if index (get .Values "gitops-operator") "libraryMode" }} {{- $gitopsOperatorContext := (index .Subcharts "gitops-operator")}} - {{- $argoCDImageDict := index .Subcharts "argo-cd" "Values" "global" "image" }} - {{- if not $argoCDImageDict.tag }} - {{- $_ := set $argoCDImageDict "tag" (get .Subcharts "argo-cd").Chart.AppVersion }} - {{- end }} - {{/* Set ArgoCD image */}} - {{- if not (index .Values "gitops-operator" "argoCdNotifications.imageOverride") }} + {{- if not (index $gitopsOperatorContext.Values.argoCdNotifications.imageOverride) }} + {{- $argoCDImageDict := index .Subcharts "argo-cd" "Values" "global" "image" }} + {{- if not $argoCDImageDict.tag }} + {{- $_ := set $argoCDImageDict "tag" (get .Subcharts "argo-cd").Chart.AppVersion }} + {{- end }} + {{- $_ := set $gitopsOperatorContext.Values.argoCdNotifications.image "repository" $argoCDImageDict.repository }} {{- $_ := set $gitopsOperatorContext.Values.argoCdNotifications.image "tag" $argoCDImageDict.tag }} {{- end }} diff --git a/charts/gitops-runtime/templates/hooks/pre-uninstall/cleanup-resources.yaml b/charts/gitops-runtime/templates/hooks/pre-uninstall/cleanup-resources.yaml index db166d89..b983d59c 100644 --- a/charts/gitops-runtime/templates/hooks/pre-uninstall/cleanup-resources.yaml +++ b/charts/gitops-runtime/templates/hooks/pre-uninstall/cleanup-resources.yaml @@ -9,7 +9,7 @@ spec: backoffLimit: 3 template: spec: - serviceAccount: argocd-application-controller + serviceAccount: runtime-cleanup-sa restartPolicy: Never containers: - name: cleanup-runtime-resources diff --git a/charts/gitops-runtime/templates/hooks/pre-uninstall/rbac.yaml b/charts/gitops-runtime/templates/hooks/pre-uninstall/rbac.yaml index 62a62301..38f74344 100644 --- a/charts/gitops-runtime/templates/hooks/pre-uninstall/rbac.yaml +++ b/charts/gitops-runtime/templates/hooks/pre-uninstall/rbac.yaml @@ -1,7 +1,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: runtime-cleanup + name: runtime-cleanup-r annotations: "helm.sh/hook": pre-delete "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation,hook-failed @@ -16,22 +16,22 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: runtime-cleanup + name: runtime-cleanup-rb annotations: "helm.sh/hook": pre-delete "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation,hook-failed roleRef: apiGroup: "" kind: Role - name: runtime-cleanup + name: runtime-cleanup-r subjects: - kind: ServiceAccount - name: runtime-cleanup + name: runtime-cleanup-sa --- apiVersion: v1 kind: ServiceAccount metadata: - name: runtime-cleanup + name: runtime-cleanup-sa annotations: "helm.sh/hook": pre-delete "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation,hook-failed diff --git a/charts/gitops-runtime/templates/tls-custom-ca/workflow-pipelines-git-webhooks.yaml b/charts/gitops-runtime/templates/tls-custom-ca/workflow-pipelines-git-webhooks.yaml index c9e2d39a..039840ba 100644 --- a/charts/gitops-runtime/templates/tls-custom-ca/workflow-pipelines-git-webhooks.yaml +++ b/charts/gitops-runtime/templates/tls-custom-ca/workflow-pipelines-git-webhooks.yaml @@ -9,5 +9,5 @@ metadata: {{- end }} type: Opaque stringData: - {{- $argocdTlsCerts := index .Values "argo-cd" "configs" "tls" "certificates"}} + {{- $argocdTlsCerts := dig "argo-cd" "configs" "tls" "certificates" dict (get .Values "argo-cd") }} {{- mergeOverwrite $argocdTlsCerts .Values.global.codefresh.tls.workflowPipelinesGitWebhooks.certificates | toYaml | nindent 2 }} diff --git a/charts/gitops-runtime/tests/ingress_test.yaml b/charts/gitops-runtime/tests/ingress_test.yaml index b6ef5da1..d0d3f5de 100644 --- a/charts/gitops-runtime/tests/ingress_test.yaml +++ b/charts/gitops-runtime/tests/ingress_test.yaml @@ -42,8 +42,6 @@ tests: - failedTemplate: errorMessage: codefresh.accountId is required - - - it: when both tunnel-client and ingress are disabled fail rendering if ingressUrl is not provided template: templates/codefresh-cm.yaml values: diff --git a/charts/gitops-runtime/values.yaml b/charts/gitops-runtime/values.yaml index 5847de97..ccbe2573 100644 --- a/charts/gitops-runtime/values.yaml +++ b/charts/gitops-runtime/values.yaml @@ -24,7 +24,7 @@ global: # -- Whether to create the secret. create: false # -- The secret key that holds the ca bundle - key: 'ca-bundle.crt' + key: "ca-bundle.crt" # Annotations annotations: {} # Certificate content @@ -38,7 +38,8 @@ global: workflowPipelinesGitWebhooks: # Annotations on the secret resource annotatins: {} - certificates: {} + certificates: + {} # server.example.com: | # -----BEGIN CERTIFICATE----- # ... @@ -81,10 +82,10 @@ global: # -- secretKeyReference for Git credentials password. Provide name and key fields. secretKeyRef: {} - # -- Runtime eventbus + # -- Runtime eventbus eventBus: - # -- Eventbus name - name: 'codefresh-eventbus' + # -- Eventbus name + name: "codefresh-eventbus" # -- Annotations on EventBus resource annotations: {} # -- Pod disruption budget for the eventbus @@ -127,9 +128,9 @@ sealed-secrets: fullnameOverride: sealed-secrets-controller keyrenewperiod: "720h" image: - registry: 'quay.io' - repository: 'codefresh/sealed-secrets-controller' - tag: '0.27.1' + registry: "quay.io" + repository: "codefresh/sealed-secrets-controller" + tag: "0.27.1" resources: limits: cpu: 500m @@ -143,6 +144,10 @@ sealed-secrets: #----------------------------------------------------------------------------------------------------------------------- argo-cd: fullnameOverride: argo-cd + enabled: true + byoServerUrl: "" + byoRepoServerName: "" + byoRepoServerPort: 8081 crds: install: true @@ -153,7 +158,7 @@ argo-cd: application.resourceTrackingMethod: annotation+label params: server.insecure: true - application.namespaces: 'cf-*' + application.namespaces: "cf-*" eventReporter: # -- Installs new event reporter component to cluster @@ -201,7 +206,7 @@ argo-workflows: server: # -- auth-mode needs to be set to client to be able to see workflow logs from Codefresh UI authModes: - - client + - client # -- Do not change. Workflows UI is only accessed through internal router, changing this values will break routing to workflows native UI from Codefresh. baseHref: /workflows/ crds: @@ -318,7 +323,8 @@ internal-router: podLabels: {} podSecurityContext: {} # -- Environment variables - see values.yaml inside the chart for usage - env: {} + env: + {} # NAMESPACE: # valueFrom: # fieldRef: @@ -356,11 +362,11 @@ internal-router: # -- Internal routing settings. Do not change this unless you are absolutely certain - the values are determined by chart's logic. routing: {} # Example of values: - # workflows: - # enabled: true - # internalUrl: "https://argo-server1:2746/" - # app-proxy: - # internalUrl: "http://cap-app-proxy:3017" + # workflows: + # enabled: true + # internalUrl: "https://argo-server1:2746/" + # app-proxy: + # internalUrl: "http://cap-app-proxy:3017" dnsService: kube-dns dnsNamespace: kube-system @@ -392,7 +398,10 @@ tunnel-client: # app-proxy #----------------------------------------------------------------------------------------------------------------------- app-proxy: + nameOverride: "" + fullnameOverride: "cap-app-proxy" replicaCount: 1 + # -- Image enrichment process configuration image-enrichment: # -- Enable or disable enrichment process. Please note that for enrichemnt, argo-workflows has to be enabled as well. @@ -405,14 +414,15 @@ app-proxy: name: codefresh-image-enrichment-sa # -- Annotations on the service account annotations: + # -- Configurations for image enrichment workflow config: # -- The name of the configmap to use as synchronization semaphore, see https://argoproj.github.io/argo-workflows/synchronization/ - concurrencyCmName: 'workflow-synchronization-semaphores' + concurrencyCmName: "workflow-synchronization-semaphores" # -- The name of the key in the configmap to use as synchronization semaphore - concurrencyCmKey: 'imageReportExecutor' + concurrencyCmKey: "imageReportExecutor" # -- Pod grabage collection strategy. By default all pods will be deleted when the enrichment workflow completes. - podGcStrategy: 'OnWorkflowCompletion' + podGcStrategy: "OnWorkflowCompletion" # -- Number of seconds to live after completion ttlAfterCompletionInSeconds: 86400 # -- Maximum allowed runtime for the enrichment workflow @@ -436,10 +446,14 @@ app-proxy: registry: quay.io repository: codefreshplugins/argo-hub-codefresh-csdp-image-enricher-jira-info tag: 1.1.11-main + image: repository: quay.io/codefresh/cap-app-proxy tag: 1.3180.0 pullPolicy: IfNotPresent + + imagePullSecrets: [] + # -- Extra volume mounts for main container extraVolumeMounts: [] @@ -448,6 +462,7 @@ app-proxy: repository: quay.io/codefresh/cap-app-proxy-init tag: 1.3180.0 pullPolicy: IfNotPresent + command: - ./init.sh @@ -456,23 +471,15 @@ app-proxy: resources: limits: memory: 512Mi - cpu: '1' + cpu: "1" requests: memory: 256Mi - cpu: '0.2' + cpu: "0.2" # -- Extra volume mounts for init container extraVolumeMounts: [] - imagePullSecrets: [] - nameOverride: "" - fullnameOverride: "cap-app-proxy" - config: - # -- ArgoCD user to be used by app-proxy - argoCdUsername: "admin" - # -- ArgoCD Url. determined by chart logic. Do not change unless you are certain you need to - argoCdUrl: # -- Workflows server url. Determined by chart logic. Do not change unless you are certain you need to argoWorkflowsUrl: argoWorkflowsInsecure: "true" @@ -482,7 +489,25 @@ app-proxy: # -- Log Level logLevel: "info" - env: {} + # env: + # ARGO_CD_PASSWORD: + # valueFrom: + # secretKeyRef: + # name: argocd-initial-admin-secret + # key: password + + argoCdCredentials: + # -- ArgoCD Url. determined by chart logic. Do not change unless you are certain you need to + url: + secretName: "gitops-runtime-argo-cd-password" + # -- ArgoCD user to be used by app-proxy + username: "admin" + # -- ArgoCD password in plain text. The chart creates and manages the secret for this token + password: + # -- ArgoCD password referenced by an existing secret + secretKeyRef: + name: argocd-initial-admin-secret + key: password serviceAccount: create: true @@ -493,7 +518,8 @@ app-proxy: podLabels: {} - podSecurityContext: {} + podSecurityContext: + {} # fsGroup: 2000 securityContext: @@ -529,13 +555,13 @@ app-proxy: resources: requests: - memory: '512Mi' - ephemeral-storage: '2Gi' - cpu: '100m' + memory: "512Mi" + ephemeral-storage: "2Gi" + cpu: "100m" limits: - memory: '1Gi' - ephemeral-storage: '6Gi' - cpu: '1500m' + memory: "1Gi" + ephemeral-storage: "6Gi" + cpu: "1500m" nodeSelector: {} tolerations: [] @@ -573,7 +599,8 @@ gitops-operator: additionalLabels: {} env: {} - image: {} + image: + {} # -- defaults # repository: quay.io/codefresh/codefresh-gitops-operator # tag: 'v{{ .Chart.AppVersion }}' @@ -588,7 +615,9 @@ gitops-operator: # -- If set to true allows to override notifications image used by the gitops operator. When set to false the version of ArgoCD will be set to the version used for all other ArgoCD components. imageOverride: false # -- Set image.repository and image.tag notifications image used by the gitops operator. Ignored unless imageOverride is set to true. - image: {} + image: + repository: quay.io/codefresh/argocd + tag: v2.12.3-2024.11.14-d7a4c4e7e # -- Resources for notifications controller used by gitops-operator. resources: {}