feat: add runtime spec template (#363)

Author: mikhail-klimko

README.md

@@ -1,2 +1,2 @@
-* [venonactl](venonactl/README.md) - Codefresh installer of Kubernetes YAML's. [![Codefresh build status]( https://g.codefresh.io/api/badges/pipeline/codefresh-inc/codefresh-io%2Fvenona%2Fvenonactl-ci?type=cf-1)]( https://g.codefresh.io/public/accounts/codefresh-inc/pipelines/new/5c336db4c67fe44c098c9cd3)
-* [venona](venona/README.md) - Codefresh runner process, [official docs](https://codefresh.io/docs/docs/administration/codefresh-runner/). [![Codefresh build status]( https://g.codefresh.io/api/badges/pipeline/codefresh-inc/codefresh-io%2Fvenona%2Fvenona-ci?type=cf-1&key=eyJhbGciOiJIUzI1NiJ9.NTY3MmQ4ZGViNjcyNGI2ZTM1OWFkZjYy.AN2wExsAsq7FseTbVxxWls8muNx_bBUnQWQVS8IgDTI)]( https://g.codefresh.io/pipelines/edit/new/builds?id=5edde99dcf40d573569eab9b&pipeline=venona-ci&projects=codefresh-io%2Fvenona&projectId=5c98d41cbd5b6f40758ee49c)
+* [venonactl](venonactl/README.md) - Codefresh installer of Kubernetes YAML's.
+* [venona](venona/README.md) - Codefresh runner process, [official docs](https://codefresh.io/docs/docs/administration/codefresh-runner/).

charts/cf-runtime/.ci/values-ci.yaml

@@ -1,4 +1,6 @@
 # Values used in `helm-chart-ci` pipeline
+global:
+  codefreshToken: placeholder
 appProxy:
   enabled: true
   ingress:
@@ -10,3 +12,38 @@ monitor:
   rbac:
     namespaced: true
 runner: {}
+runtime:
+  dind:
+    resources:
+      requests:
+        cpu: 100m
+        memory: 128Mi
+    limits:
+        cpu: 1001m
+        memory: 1024Mi
+    podAnnotations:
+      karpenter.sh/do-not-evict: 'true'
+    nodeSelector:
+      node-type: dind
+    tolerations:
+    - effect: NoSchedule
+      key: codefresh.io
+      operator: Equal
+      value: dinds
+  engine:
+    resources:
+      requests:
+        cpu: 100m
+        memory: 128Mi
+    limits:
+        cpu: 1000m
+        memory: 1024Mi
+    podAnnotations:
+      karpenter.sh/do-not-evict: 'true'
+    nodeSelector:
+      node-type: engine
+    tolerations:
+    - effect: NoSchedule
+      key: codefresh.io
+      operator: Equal
+      value: engines

charts/cf-runtime/Chart.yaml

@@ -1,7 +1,7 @@
 apiVersion: v2
 description: A Helm chart for Codefresh Runner
 name: cf-runtime
-version: 2.0.1
+version: 3.0.0
 keywords:
   - codefresh
   - runner
@@ -15,9 +15,7 @@ maintainers:
 annotations:
   artifacthub.io/changes: |
     - kind: added
-      description: Major templates refactor
-    - kind: fixed
-      description: Initial helm unit tests
+      description: Added runtime-environment template
 dependencies:
   - name: cf-common
     repository: https://chartmuseum.codefresh.io/cf-common

charts/cf-runtime/README.md

@@ -2,6 +2,23 @@
 
 {{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }}
 
+Helm chart for deploying [Codefresh Runner](https://codefresh.io/docs/docs/installation/codefresh-runner/) to Kubernetes.
+
+## Table of Content
+
+- [Prerequisites](#prerequisites)
+- [Get Repo Info](#get-repo-info)
+- [Install Chart](#install-chart)
+- [Upgrade Chart](#upgrade-chart)
+  - [To 2.x](#to-2x)
+  - [To 3.x](#to-3x)
+- [Architecture](#architecture)
+- [Configuration](#configuration)
+  - [EBS backend volume configuration](#ebs-backend-volume-configuration)
+  - [Custom volume mounts](#custom-volume-mounts)
+  - [Custom global environment variables](#custom-global-environment-variables)
+  - [Volume reuse policy](#volume-reuse-policy)
+
 ## Prerequisites
 
 - Kubernetes **1.19+**
@@ -34,11 +51,53 @@ helm repo update
 
     helm upgrade --install cf-runtime cf-runtime/cf-runtime -f ./generated_values.yaml --create-namespace --namespace codefresh
     ```
+
+    *Install from OCI-based registry*
+    ```console
+    helm upgrade --install cf-runtime oci://quay.io/codefresh/cf-runtime -f ./generated_values.yaml --create-namespace --namespace codefresh
+    ```
 4. At this point you should have a working Codefresh Runner. You can verify the installation by running:
     ```console
     codefresh runner execute-test-pipeline --runtime-name <runtime-name>
     ```
 
+## Upgrade chart
+
+### To 2.x
+
+This major release renames and deprecated several values in the chart. Most of the workload templates have been refactored.
+
+Affected values:
+- `dockerRegistry` is deprecated. Replaced with `global.imageRegistry`
+- `re` is renamed to `runtime`
+- `storage.localVolumeMonitor` is replaced with `volumeProvisioner.dind-lv-monitor`
+- `volumeProvisioner.volume-cleanup` is replaced with `volumeProvisioner.dind-volume-cleanup`
+- `image` values structure has been updated. Split to `image.registry` `image.repository` `image.tag`
+- pod's `annotations` is renamed to `podAnnotations`
+
+### To 3.x
+
+⚠️⚠️⚠️
+### Please, READ this before the upgrade!
+
+This major release adds [runtime-environment](https://codefresh.io/docs/docs/installation/codefresh-runner/#runtime-environment-specification) spec into chart templates.
+That means it is possible to set parametes for `dind` and `engine` pods via [values.yaml](./values.yaml).
+
+**If you had any overrides (i.e. tolerations/nodeSelector/environment variables/etc) added in runtime spec via [codefresh CLI](https://codefresh-io.github.io/cli/) (for example, you did use [get](https://codefresh-io.github.io/cli/runtime-environments/get-runtime-environments/) and [patch](https://codefresh-io.github.io/cli/runtime-environments/apply-runtime-environments/) commands to modify the runtime-environment), you MUST add these into chart's [values.yaml](./values.yaml) for `.Values.runtime.dind` or(and) .`Values.runtime.engine`**
+
+**For backward compatibility, you can disable updating runtime-environment spec via** `.Values.runtime.patch.enabled=false`
+
+Affected values:
+- added **mandatory** `global.codefresh.codefreshToken`/`global.codefresh.codefreshTokenSecretKeyRef` **You must specify it before the upgrade!**
+- `runtime.engine` is added
+- `runtime.dind` is added
+- `global.existingAgentToken` is replaced with `global.agentTokenSecretKeyRef`
+- `global.existingDindCertsSecret` is replaced with `global.dindCertsSecretRef`
+
+## Architecture
+
+[Codefresh Runner architecture](https://codefresh.io/docs/docs/installation/codefresh-runner/#codefresh-runner-architecture)
+
 ## Configuration
 
 See [Customizing the Chart Before Installing](https://helm.sh/docs/intro/using_helm/#customizing-the-chart-before-installing). To see all configurable options with detailed comments, visit the chart's [values.yaml](./values.yaml), or run these configuration commands:
@@ -148,21 +207,76 @@ volumeProvisioner:
         eks.amazonaws.com/role-arn: "arn:aws:iam::<ACCOUNT_ID>:role/<IAM_ROLE_NAME>"
 ```
 
-{{ template "chart.requirementsSection" . }}
+### Custom volume mounts
 
-## Upgrading
+You can add your own volumes and volume mounts in the runtime environment, so that all pipeline steps will have access to the same set of external files.
 
-### To 2.0.0
+```yaml
+runtime:
+  dind:
+    userVolumes:
+      regctl-docker-registry:
+        name: regctl-docker-registry
+        secret:
+          items:
+            - key: .dockerconfigjson
+              path: config.json
+          secretName: regctl-docker-registry
+          optional: true
+    userVolumeMounts:
+      regctl-docker-registry:
+        name: regctl-docker-registry
+        mountPath: /home/appuser/.docker/
+        readOnly: true
 
-This major release renames and deprecated several values in the chart. Most of the workload templates have been refactored.
+```
 
-Affected values:
-- `dockerRegistry` is deprecated. Replaced with `global.imageRegistry`
-- `re` is renamed to `runtime`
-- `storage.localVolumeMonitor` is replaced with `volumeProvisioner.dind-lv-monitor`
-- `volumeProvisioner.volume-cleanup` is replaced with `volumeProvisioner.dind-volume-cleanup`
-- `image` values structure has been updated. Split to `image.registry` `image.repository` `image.tag`
-- pod's `annotations` is renamed to `podAnnotations`
+### Custom global environment variables
+
+You can add your own environment variables to the runtime environment. All pipeline steps have access to the global variables.
+
+```yaml
+runtime:
+  engine:
+    userEnvVars:
+    - name: GITHUB_TOKEN
+      valueFrom:
+        secretKeyRef:
+          name: github-token
+          key: token
+```
+
+### Volume reuse policy
+
+Volume reuse behavior depends on the configuration for `reuseVolumeSelector` in the runtime environment spec.
+
+```yaml
+runtime:
+  dind:
+    pvcs:
+      - name: dind
+        ...
+        reuseVolumeSelector: 'codefresh-app,io.codefresh.accountName'
+        reuseVolumeSortOrder: pipeline_id
+```
+
+The following options are available:
+- `reuseVolumeSelector: 'codefresh-app,io.codefresh.accountName'` - PV can be used by ANY pipeline in the specified account (default).
+Benefit: Fewer PVs, resulting in lower costs. Since any PV can be used by any pipeline, the cluster needs to maintain/reserve fewer PVs in its PV pool for Codefresh.
+Downside: Since the PV can be used by any pipeline, the PVs could have assets and info from different pipelines, reducing the probability of cache.
+
+- `reuseVolumeSelector: 'codefresh-app,io.codefresh.accountName,project_id'` - PV can be used by ALL pipelines in your account, assigned to the same project.
+
+- `reuseVolumeSelector: 'codefresh-app,io.codefresh.accountName,pipeline_id'` - PV can be used only by a single pipeline.
+Benefit: More probability of cache without “spam” from other pipelines.
+Downside: More PVs to maintain and therefore higher costs.
+
+- `reuseVolumeSelector: 'codefresh-app,io.codefresh.accountName,pipeline_id,io.codefresh.branch_name'` - PV can be used only by single pipeline AND single branch.
+
+- `reuseVolumeSelector: 'codefresh-app,io.codefresh.accountName,pipeline_id,trigger'` - PV can be used only by single pipeline AND single trigger.
+
+
+{{ template "chart.requirementsSection" . }}
 
 {{ template "chart.valuesSection" . }}
 

charts/cf-runtime/README.md.gotmpl

@@ -0,0 +1,19 @@
+{{ $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
+{{ $values := .Values.runtime.engine.runtimeImages }}
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  {{- /* template just to list runtime images */}}
+  name: {{ include "runtime.fullname" . }}-images
+  labels:
+    {{- include "runtime.labels" . | nindent 4 }}
+  annotations:
+    {{- with $values.annotations }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+data:
+  images: |
+    {{- range $key, $val := $values }}
+    image: {{ $val }}
+    {{- end }}

charts/cf-runtime/templates/other/runtime-images-cm.yaml

@@ -29,3 +29,35 @@ Selector labels
 {{ include "cf-runtime.selectorLabels" . }}
 codefresh.io/application: runtime
 {{- end }}
+
+{{/*
+Return runtime image (classic runtime) with private registry prefix
+*/}}
+{{- define "runtime.runtimeImageName" -}}
+  {{- if .registry -}}
+    {{- $imageName :=  (trimPrefix "quay.io/" .imageFullName) -}}
+    {{- printf "%s/%s" .registry $imageName -}}
+  {{- else -}}
+    {{- printf "%s" .imageFullName -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Environment variable value of Codefresh installation token
+*/}}
+{{- define "runtime.installation-token-env-var-value" -}}
+  {{- if .Values.global.codefreshToken }}
+valueFrom:
+  secretKeyRef:
+    name: {{ include "runtime.installation-token-secret-name" . }}
+    key: codefresh-api-token
+  {{- else if .Values.global.codefreshTokenSecretKeyRef  }}
+valueFrom:
+  secretKeyRef:
+  {{- .Values.global.codefreshTokenSecretKeyRef | toYaml | nindent 4 }}
+  {{- end }}
+{{- end }}
+
+{{- define "runtime.installation-token-secret-name" }}
+{{- print "codefresh-user-token" }}
+{{- end }}

charts/cf-runtime/templates/runtime/_helpers.tpl

@@ -1,4 +1,4 @@
-{{- if (not .Values.global.existingDindCertsSecret ) }}
+{{- if or (not .Values.global.existingDindCertsSecret ) (not .Values.global.dindCertsSecretRef) }}
 apiVersion: v1
 type: Opaque
 kind: Secret