codefresh-io · Nov 6, 2024
diff --git a/‎charts/gitops-runtime/Chart.yaml
+76-33 b/‎charts/gitops-runtime/Chart.yaml
+76-33
diff --git a/‎charts/gitops-runtime/README.md
+15-61 b/‎charts/gitops-runtime/README.md
+15-61
diff --git a/‎charts/gitops-runtime/values.yaml
+54-103 b/‎charts/gitops-runtime/values.yaml
+54-103
@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: 0.1.62
 description: A Helm chart for Codefresh gitops runtime
 name: gitops-runtime
-version: 0.0.0
+version: 0.14.0
 home: https://github.com/codefresh-io/gitops-runtime-helm
 icon: https://avatars1.githubusercontent.com/u/11412079?v=3
 keywords:
@@ -13,36 +13,79 @@ maintainers:
     url: https://codefresh-io.github.io/
 annotations:
   artifacthub.io/alternativeName: "codefresh-gitops-runtime"
+  artifacthub.io/changes: |-
+    - kind: changed
+      description: 'feat: bump app-proxy to `1.3142.0` with refresh in-cluster app after any related commit (#325)'
+    - kind: changed
+      description: 'chore(cr-25581): updating app proxy, (fixed vulnerabilities in expat, curl, openssl) (#322)'
+    - kind: changed
+      description: 'feat: bump app-proxy to `1.3138.0` (#324)'
+    - kind: changed
+      description: Update CODEOWNERS
+    - kind: changed
+      description: 'fix: use the rootpath from argo-cd config.params values, when injecting ARGO_CD_URL to gitops-operator (#323)'
+    - kind: changed
+      description: update cap-app-proxy to `1.3131.0` - improve locking around git operations (#320)
+    - kind: changed
+      description: Update CODEOWNERS (#319)
+    - kind: changed
+      description: 'chore: update argocd to 2.12.3-2024.10.28-20100fc54 (#318)'
+    - kind: changed
+      description: 'feat: app-proxy bump to `1.3127.1` (#316)'
+    - kind: changed
+      description: 'chore: update image-enrichment to 1.1.11 (#314)'
+    - kind: changed
+      description: update codefresh-gitops-operator to 0.3.6 (#313)
+    - kind: changed
+      description: fix:upgrade gitops operator to 0.3.1 to publish error to product release in case failed to create workflow (#312)
+    - kind: changed
+      description: inject the correct argo-cd server url into gitops-operator (#311)
+    - kind: changed
+      description: 'chore: update argocd to 7.4.7-5-cap-2.12-2024.10.17-36fb3f0d1 (#310)'
+    - kind: changed
+      description: 'fix: bump app-proxy to `1.3103.0` - fix failure to calculate diff when destApp is on a different branch from srcApp'
+    - kind: changed
+      description: Feat/cr 23204 synced version (#308)
+    - kind: changed
+      description: 'feat: Add Product Release Initiator functionality (#306)'
+    - kind: changed
+      description: 'chore: update kube-rbac-proxy, sealed-secrets-controller and argo-events nats to latest (#296)'
+    - kind: changed
+      description: 'feat: app-proxy with changeRevision fields support (#302)'
+    - kind: changed
+      description: 'feat: argo-cd with event-reporter update to report change revisions metadata in app annotations (#301)'
+    - kind: changed
+      description: fix:upgrade gitops operator to 0.3.1 to publish error to product release in case failed to create workflow (#299)
 dependencies:
-- name: argo-cd
-  repository: https://codefresh-io.github.io/argo-helm
-  version: 7.4.7-5-cap-2.12.3-2024.10.28-20100fc54
-- name: argo-events
-  repository: https://codefresh-io.github.io/argo-helm
-  version: 2.4.7-1-cap-CR-24607
-- name: argo-workflows
-  repository: https://codefresh-io.github.io/argo-helm
-  version: 0.41.12-v3.5.9-cap-CR-24929
-  condition: argo-workflows.enabled
-- name: argo-rollouts
-  repository: https://codefresh-io.github.io/argo-helm
-  version: 2.37.3-1-v1.7.1-CR-24605
-  condition: argo-rollouts.enabled
-- name: sealed-secrets
-  repository: https://bitnami-labs.github.io/sealed-secrets/
-  version: 2.16.1
-- name: codefresh-tunnel-client
-  repository: oci://quay.io/codefresh/charts
-  version: 0.1.17
-  alias: tunnel-client
-  condition: tunnel-client.enabled
-- name: codefresh-gitops-operator
-  repository: oci://quay.io/codefresh/charts
-  version: 0.3.6
-  alias: gitops-operator
-  condition: gitops-operator.enabled
-- name: garage
-  repository: https://codefresh-io.github.io/garage
-  alias: garage-workflows-artifact-storage
-  version: 0.5.0-cf.1
-  condition: garage-workflows-artifact-storage.enabled
+  - name: argo-cd
+    repository: https://codefresh-io.github.io/argo-helm
+    version: 7.4.7-5-cap-2.12.3-2024.10.28-20100fc54
+  - name: argo-events
+    repository: https://codefresh-io.github.io/argo-helm
+    version: 2.4.7-1-cap-CR-24607
+  - name: argo-workflows
+    repository: https://codefresh-io.github.io/argo-helm
+    version: 0.41.12-v3.5.9-cap-CR-24929
+    condition: argo-workflows.enabled
+  - name: argo-rollouts
+    repository: https://codefresh-io.github.io/argo-helm
+    version: 2.37.3-1-v1.7.1-CR-24605
+    condition: argo-rollouts.enabled
+  - name: sealed-secrets
+    repository: https://bitnami-labs.github.io/sealed-secrets/
+    version: 2.16.1
+  - name: codefresh-tunnel-client
+    repository: oci://quay.io/codefresh/charts
+    version: 0.1.17
+    alias: tunnel-client
+    condition: tunnel-client.enabled
+  - name: codefresh-gitops-operator
+    repository: oci://quay.io/codefresh/charts
+    version: 0.3.6
+    alias: gitops-operator
+    condition: gitops-operator.enabled
+  - name: garage
+    repository: https://codefresh-io.github.io/garage
+    alias: garage-workflows-artifact-storage
+    version: 0.5.0-cf.1
+    condition: garage-workflows-artifact-storage.enabled
@@ -1,5 +1,5 @@
 ## Codefresh gitops runtime
-![Version: 0.0.0](https://img.shields.io/badge/Version-0.0.0-informational?style=flat-square) ![AppVersion: 0.1.55](https://img.shields.io/badge/AppVersion-0.1.55-informational?style=flat-square)
+![Version: 0.14.0](https://img.shields.io/badge/Version-0.14.0-informational?style=flat-square) ![AppVersion: 0.1.62](https://img.shields.io/badge/AppVersion-0.1.62-informational?style=flat-square)
 
 ## Prerequisites
 
@@ -16,17 +16,6 @@ See [Use OCI-based registries](https://helm.sh/docs/topics/registries/)
 ## Codefresh official documentation:
 Prior to running the installation please see the official documentation at: https://codefresh.io/docs/docs/installation/gitops/hybrid-gitops-helm-installation/
 
-## WARNING! ARGO-CD 7.x.x CHART BREAKING CHANGE
-
-In the runtime release `0.12.0` we upgraded to the latest argo-cd `7.x.x` helm chart which
-contains a breaking change in the values used for providing cluster credentials
-(in this chart it's located under the path `argo-cd.configs.clusterCredentials`).
-`clusterCredentials` used to be of type `list` -- now it's a `map` (`object`).
-See the [release notes](https://github.com/argoproj/argo-helm/releases/tag/argo-cd-7.0.0).
-
-Codefresh Gitops Runtime does NOT use these values directly -- so the runtimes
-with the default configuration are not affected.
-
 ## Using with private registries - Helper utility
 The GitOps Runtime comprises multiple subcharts and container images. Subcharts also vary in values structure, making it difficult to override image specific values to use private registries.
 We have created a helper utility to resolve this issue:
@@ -38,7 +27,7 @@ We have created a helper utility to resolve this issue:
 The utility is packaged in a container image. Below are instructions on executing the utility using Docker:
 
 ```
-docker run -v <output_dir>:/output quay.io/codefresh/gitops-runtime-private-registry-utils:0.0.0 <local_registry>
+docker run -v <output_dir>:/output quay.io/codefresh/gitops-runtime-private-registry-utils:0.14.0 <local_registry>
 ```
 `output_dir` - is a local directory where the utility will output files. <br>
 `local_registry` - is your local registry where you want to mirror the images to
@@ -111,14 +100,14 @@ sealed-secrets:
 | app-proxy.image-enrichment.serviceAccount.name | string | `"codefresh-image-enrichment-sa"` | Name of the service account to create or the name of the existing one to use |
 | app-proxy.image.pullPolicy | string | `"IfNotPresent"` |  |
 | app-proxy.image.repository | string | `"quay.io/codefresh/cap-app-proxy"` |  |
-| app-proxy.image.tag | string | `"1.2969.0"` |  |
+| app-proxy.image.tag | string | `"1.3142.0"` |  |
 | app-proxy.imagePullSecrets | list | `[]` |  |
 | app-proxy.initContainer.command[0] | string | `"./init.sh"` |  |
 | app-proxy.initContainer.env | object | `{}` |  |
 | app-proxy.initContainer.extraVolumeMounts | list | `[]` | Extra volume mounts for init container |
 | app-proxy.initContainer.image.pullPolicy | string | `"IfNotPresent"` |  |
 | app-proxy.initContainer.image.repository | string | `"quay.io/codefresh/cap-app-proxy-init"` |  |
-| app-proxy.initContainer.image.tag | string | `"1.2969.0"` |  |
+| app-proxy.initContainer.image.tag | string | `"1.3142.0"` |  |
 | app-proxy.initContainer.resources.limits.cpu | string | `"1"` |  |
 | app-proxy.initContainer.resources.limits.memory | string | `"512Mi"` |  |
 | app-proxy.initContainer.resources.requests.cpu | string | `"0.2"` |  |
@@ -155,27 +144,16 @@ sealed-secrets:
 | app-proxy.serviceAccount.create | bool | `true` |  |
 | app-proxy.serviceAccount.name | string | `"cap-app-proxy"` |  |
 | app-proxy.tolerations | list | `[]` |  |
+| argo-cd | object | `{"applicationVersioning":{"enabled":true,"useApplicationConfiguration":true},"configs":{"cm":{"accounts.admin":"apiKey,login","application.resourceTrackingMethod":"annotation+label","timeout.reconciliation":"20s"},"params":{"application.namespaces":"cf-*","server.insecure":true}},"crds":{"install":true},"eventReporter":{"enabled":true,"replicas":3,"version":"v2"},"fullnameOverride":"argo-cd"}` | ------------------------------------------------------------------------------------------------------------------- |
 | argo-cd.applicationVersioning.enabled | bool | `true` | Enable application versioning |
 | argo-cd.applicationVersioning.useApplicationConfiguration | bool | `true` | Extract application version based on ApplicationConfiguration CRD |
-| argo-cd.configs.cm."accounts.admin" | string | `"apiKey,login"` |  |
-| argo-cd.configs.cm."application.resourceTrackingMethod" | string | `"annotation+label"` |  |
-| argo-cd.configs.cm."timeout.reconciliation" | string | `"20s"` |  |
-| argo-cd.configs.params."application.namespaces" | string | `"cf-*"` |  |
-| argo-cd.configs.params."server.insecure" | bool | `true` |  |
-| argo-cd.crds.install | bool | `true` |  |
 | argo-cd.eventReporter.enabled | bool | `true` | Installs new event reporter component to cluster |
 | argo-cd.eventReporter.replicas | int | `3` | Amount of shards to handle applications events |
 | argo-cd.eventReporter.version | string | `"v2"` | Switches between old and new reporter version. Possible values: v1, v2. For v2 `argo-cd.eventReporter.enabled=true` is required |
-| argo-cd.fullnameOverride | string | `"argo-cd"` |  |
-| argo-events.crds.install | bool | `false` |  |
-| argo-events.fullnameOverride | string | `"argo-events"` |  |
-| argo-rollouts.controller.replicas | int | `1` |  |
-| argo-rollouts.enabled | bool | `true` |  |
-| argo-rollouts.fullnameOverride | string | `"argo-rollouts"` |  |
-| argo-rollouts.installCRDs | bool | `true` |  |
+| argo-events | object | `{"configs":{"jetstream":{"versions":[{"configReloaderImage":"natsio/nats-server-config-reloader:0.16.0","metricsExporterImage":"natsio/prometheus-nats-exporter:0.15.0","natsImage":"nats:2.10.21","startCommand":"/nats-server","version":"latest"}]},"nats":{"versions":[{"metricsExporterImage":"natsio/prometheus-nats-exporter:0.15.0","natsStreamingImage":"nats-streaming:0.25.6","version":"0.22.1"}]}},"crds":{"install":false},"fullnameOverride":"argo-events"}` | ------------------------------------------------------------------------------------------------------------------- |
+| argo-rollouts | object | `{"controller":{"replicas":1},"enabled":true,"fullnameOverride":"argo-rollouts","installCRDs":true}` | ------------------------------------------------------------------------------------------------------------------- |
+| argo-workflows | object | `{"crds":{"install":true},"enabled":true,"fullnameOverride":"argo","server":{"authModes":["client"],"baseHref":"/workflows/"}}` | ------------------------------------------------------------------------------------------------------------------- |
 | argo-workflows.crds.install | bool | `true` | Install and upgrade CRDs |
-| argo-workflows.enabled | bool | `true` |  |
-| argo-workflows.fullnameOverride | string | `"argo"` |  |
 | argo-workflows.server.authModes | list | `["client"]` | auth-mode needs to be set to client to be able to see workflow logs from Codefresh UI |
 | argo-workflows.server.baseHref | string | `"/workflows/"` | Do not change. Workflows UI is only accessed through internal router, changing this values will break routing to workflows native UI from Codefresh. |
 | event-reporters.rollout.eventSource.affinity | object | `{}` |  |
@@ -221,7 +199,7 @@ sealed-secrets:
 | garage-workflows-artifact-storage.persistence.meta | object | `{"size":"100Mi","storageClass":""}` | Volume that stores cluster metadata |
 | garage-workflows-artifact-storage.persistence.meta.storageClass | string | `""` | When empty value empty the default storage class for the cluster will be used |
 | garage-workflows-artifact-storage.resources | object | `{}` | Resources for garage pods. For smaller deployments at least 100m CPU and 1024Mi memory is reccommended. For larger deployments double this size. |
-| gitops-operator.affinity | object | `{}` |  |
+| gitops-operator | object | `{"affinity":{},"argoCdNotifications":{"image":{},"imageOverride":false,"resources":{}},"crds":{"additionalLabels":{},"annotations":{},"install":true,"keep":false},"enabled":true,"env":{},"fullnameOverride":"","image":{},"imagePullSecrets":[],"kube-rbac-proxy":{"image":{"tag":"v0.16.0"},"resources":{"limits":{"cpu":"500m","memory":"128Mi"},"requests":{"cpu":"100m","memory":"64Mi"}},"securityContext":{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]}}},"libraryMode":true,"nameOverride":"","nodeSelector":{},"podAnnotations":{},"podLabels":{},"replicaCount":1,"resources":{"limits":{"cpu":"500m","memory":"128Mi"},"requests":{"cpu":"100m","memory":"64Mi"}},"serviceAccount":{"annotations":{},"create":true,"name":"gitops-operator-controller-manager"},"tolerations":[]}` | ------------------------------------------------------------------------------------------------------------------- |
 | gitops-operator.argoCdNotifications | object | `{"image":{},"imageOverride":false,"resources":{}}` | Builtin notifications controller used by gitops-operator for promotion related notifications |
 | gitops-operator.argoCdNotifications.image | object | `{}` | Set image.repository and image.tag notifications image used by the gitops operator. Ignored unless imageOverride is set to true. |
 | gitops-operator.argoCdNotifications.imageOverride | bool | `false` | If set to true allows to override notifications image used by the gitops operator. When set to false the version of ArgoCD will be set to the version used for all other ArgoCD components. |
@@ -231,32 +209,7 @@ sealed-secrets:
 | gitops-operator.crds.annotations | object | `{}` | Annotations on gitops operator CRDs |
 | gitops-operator.crds.install | bool | `true` | Whether or not to install CRDs |
 | gitops-operator.crds.keep | bool | `false` | Keep CRDs if gitops runtime release is uninstalled |
-| gitops-operator.enabled | bool | `true` |  |
-| gitops-operator.env | object | `{}` |  |
-| gitops-operator.fullnameOverride | string | `""` |  |
-| gitops-operator.image | object | `{}` |  |
-| gitops-operator.imagePullSecrets | list | `[]` |  |
-| gitops-operator.kube-rbac-proxy.image | object | `{}` |  |
-| gitops-operator.kube-rbac-proxy.resources.limits.cpu | string | `"500m"` |  |
-| gitops-operator.kube-rbac-proxy.resources.limits.memory | string | `"128Mi"` |  |
-| gitops-operator.kube-rbac-proxy.resources.requests.cpu | string | `"100m"` |  |
-| gitops-operator.kube-rbac-proxy.resources.requests.memory | string | `"64Mi"` |  |
-| gitops-operator.kube-rbac-proxy.securityContext.allowPrivilegeEscalation | bool | `false` |  |
-| gitops-operator.kube-rbac-proxy.securityContext.capabilities.drop[0] | string | `"ALL"` |  |
 | gitops-operator.libraryMode | bool | `true` | Do not change unless instructed otherwise by Codefresh support |
-| gitops-operator.nameOverride | string | `""` |  |
-| gitops-operator.nodeSelector | object | `{}` |  |
-| gitops-operator.podAnnotations | object | `{}` |  |
-| gitops-operator.podLabels | object | `{}` |  |
-| gitops-operator.replicaCount | int | `1` |  |
-| gitops-operator.resources.limits.cpu | string | `"500m"` |  |
-| gitops-operator.resources.limits.memory | string | `"128Mi"` |  |
-| gitops-operator.resources.requests.cpu | string | `"100m"` |  |
-| gitops-operator.resources.requests.memory | string | `"64Mi"` |  |
-| gitops-operator.serviceAccount.annotations | object | `{}` |  |
-| gitops-operator.serviceAccount.create | bool | `true` |  |
-| gitops-operator.serviceAccount.name | string | `"gitops-operator-controller-manager"` |  |
-| gitops-operator.tolerations | list | `[]` |  |
 | global.codefresh | object | `{"accountId":"","apiEventsPath":"/2.0/api/events","tls":{"caCerts":{"secret":{"annotations":{},"content":"","create":false,"key":"ca-bundle.crt"},"secretKeyRef":{}},"workflowPipelinesGitWebhooks":{"annotatins":{},"certificates":{}}},"url":"https://g.codefresh.io","userToken":{"secretKeyRef":{},"token":""}}` | Codefresh platform and account-related settings |
 | global.codefresh.accountId | string | `""` | Codefresh Account ID. |
 | global.codefresh.apiEventsPath | string | `"/2.0/api/events"` | Events API endpoint URL suffix. |
@@ -270,7 +223,7 @@ sealed-secrets:
 | global.codefresh.userToken | object | `{"secretKeyRef":{},"token":""}` | User token. Used for runtime registration against the patform. One of token (for plain text value) or secretKeyRef must be provided. |
 | global.codefresh.userToken.secretKeyRef | object | `{}` | User token that references an existing secret containing the token. |
 | global.codefresh.userToken.token | string | `""` | User token in plain text. The chart creates and manages the secret for this token. |
-| global.runtime | object | `{"cluster":"https://kubernetes.default.svc","codefreshHosted":false,"eventBus":{"annotations":{},"name":"codefresh-eventbus","nats":{"native":{"auth":"token","containerTemplate":{"resources":{"limits":{"cpu":"500m","ephemeral-storage":"2Gi","memory":"4Gi"},"requests":{"cpu":"200m","ephemeral-storage":"2Gi","memory":"1Gi"}}},"maxPayload":"4MB","replicas":3}},"pdb":{"enabled":true,"minAvailable":2}},"gitCredentials":{"password":{"secretKeyRef":{},"value":null},"username":"username"},"ingress":{"annotations":{},"className":"nginx","enabled":false,"hosts":[],"protocol":"https","tls":[]},"ingressUrl":"","isConfigurationRuntime":false,"name":null}` | Runtime level settings |
+| global.runtime | object | `{"cluster":"https://kubernetes.default.svc","codefreshHosted":false,"eventBus":{"annotations":{},"name":"codefresh-eventbus","nats":{"native":{"auth":"token","containerTemplate":{"resources":{"limits":{"cpu":"500m","ephemeral-storage":"2Gi","memory":"4Gi"},"requests":{"cpu":"200m","ephemeral-storage":"2Gi","memory":"1Gi"}}},"maxPayload":"4MB","replicas":3}},"pdb":{"enabled":true,"minAvailable":2}},"gitCredentials":{"password":{"secretKeyRef":{},"value":null},"username":"username"},"ingress":{"annotations":{},"className":"nginx","enabled":false,"hosts":[],"protocol":"https","skipValidation":false,"tls":[]},"ingressUrl":"","isConfigurationRuntime":false,"name":null}` | Runtime level settings |
 | global.runtime.cluster | string | `"https://kubernetes.default.svc"` | Runtime cluster. Should not be changed. |
 | global.runtime.codefreshHosted | bool | `false` | Defines whether this is a Codefresh hosted runtime. Should not be changed. |
 | global.runtime.eventBus.annotations | object | `{}` | Annotations on EventBus resource |
@@ -282,10 +235,11 @@ sealed-secrets:
 | global.runtime.gitCredentials.password.secretKeyRef | object | `{}` | secretKeyReference for Git credentials password. Provide name and key fields. |
 | global.runtime.gitCredentials.password.value | string | `nil` | Plain text password |
 | global.runtime.gitCredentials.username | string | `"username"` | Username. Optional when using token in password. |
-| global.runtime.ingress | object | `{"annotations":{},"className":"nginx","enabled":false,"hosts":[],"protocol":"https","tls":[]}` | Ingress settings |
+| global.runtime.ingress | object | `{"annotations":{},"className":"nginx","enabled":false,"hosts":[],"protocol":"https","skipValidation":false,"tls":[]}` | Ingress settings |
 | global.runtime.ingress.enabled | bool | `false` | Defines if ingress-based access mode is enabled for runtime. To use tunnel-based (ingressless) access mode, set to false. |
 | global.runtime.ingress.hosts | list | `[]` | Hosts for runtime ingress. Note that Codefresh platform will always use the first host in the list to access the runtime. |
 | global.runtime.ingress.protocol | string | `"https"` | The protocol that Codefresh platform will use to access the runtime ingress. Can be http or https. |
+| global.runtime.ingress.skipValidation | bool | `false` | if set to true, the pre-install hook will validate the existance of appropriate values, but *will not* attempt to make a web request to the ingress host |
 | global.runtime.ingressUrl | string | `""` | Explicit url for runtime ingress. Provide this value only if you don't want the chart to create and ingress (global.runtime.ingress.enabled=false) and tunnel-client is not used (tunnel-client.enabled=false) |
 | global.runtime.isConfigurationRuntime | bool | `false` | is the runtime set as a "configuration runtime". |
 | global.runtime.name | string | `nil` | Runtime name. Must be unique per platform account. |
@@ -299,7 +253,7 @@ sealed-secrets:
 | internal-router.fullnameOverride | string | `"internal-router"` |  |
 | internal-router.image.pullPolicy | string | `"IfNotPresent"` |  |
 | internal-router.image.repository | string | `"nginxinc/nginx-unprivileged"` |  |
-| internal-router.image.tag | string | `"1.25-alpine"` |  |
+| internal-router.image.tag | string | `"1.26-alpine3.20"` |  |
 | internal-router.imagePullSecrets | list | `[]` |  |
 | internal-router.ipv6 | object | `{"enabled":false}` | For ipv6 enabled clusters switch ipv6 enabled to true |
 | internal-router.nameOverride | string | `""` |  |
@@ -323,7 +277,7 @@ sealed-secrets:
 | internal-router.serviceAccount.create | bool | `true` |  |
 | internal-router.serviceAccount.name | string | `""` |  |
 | internal-router.tolerations | list | `[]` |  |
-| sealed-secrets | object | `{"fullnameOverride":"sealed-secrets-controller","image":{"registry":"quay.io","repository":"codefresh/sealed-secrets-controller","tag":"v0.24.5"},"keyrenewperiod":"720h","resources":{"limits":{"cpu":"500m","memory":"1Gi"},"requests":{"cpu":"200m","memory":"512Mi"}}}` | --------------------------------------------------------------------------------------------------------------------- |
-| tunnel-client | object | `{"enabled":true,"libraryMode":true,"tunnelServer":{"host":"register-tunnels.cf-cd.com","subdomainHost":"tunnels.cf-cd.com"}}` | Tunnel based runtime. Not supported for on-prem platform. In on-prem use ingress based runtimes. |
+| sealed-secrets | object | `{"fullnameOverride":"sealed-secrets-controller","image":{"registry":"quay.io","repository":"codefresh/sealed-secrets-controller","tag":"0.27.1"},"keyrenewperiod":"720h","resources":{"limits":{"cpu":"500m","memory":"1Gi"},"requests":{"cpu":"200m","memory":"512Mi"}}}` | ------------------------------------------------------------------------------------------------------------------- |
+| tunnel-client | object | `{"enabled":true,"libraryMode":true,"tunnelServer":{"host":"register-tunnels.cf-cd.com","subdomainHost":"tunnels.cf-cd.com"}}` | ------------------------------------------------------------------------------------------------------------------- |
 | tunnel-client.enabled | bool | `true` | Will only be used if global.runtime.ingress.enabled = false |
 | tunnel-client.libraryMode | bool | `true` | Do not change this value! Breaks chart logic |
@@ -13,7 +13,6 @@ global:
       token: ""
       # -- User token that references an existing secret containing the token.
       secretKeyRef: {}
-
     tls:
       # --  Custom CA certificates bundle for platform access with ssl
       caCerts:
@@ -32,18 +31,16 @@ global:
           # -----BEGIN CERTIFICATE-----
           # ... encoded certificate data here ...
           # -----END CERTIFICATE-----
-
       # -- Certificates to be used in argo workflows pipelines created in Codefresh UI.
       # -- Those will be merged with the certificats defined in argo-cd.configs.tls.certificates - so if the certificates are already provided for ArgoCD, there is no need to provide them again.
       workflowPipelinesGitWebhooks:
         # Annotations on the secret resource
         annotatins: {}
         certificates: {}
-          # server.example.com: |
-          #   -----BEGIN CERTIFICATE-----
-          #   ...
-          #   -----END CERTIFICATE-----
-
+        # server.example.com: |
+        #   -----BEGIN CERTIFICATE-----
+        #   ...
+        #   -----END CERTIFICATE-----
   # -- Runtime level settings
   runtime:
     # -- Runtime name. Must be unique per platform account.
@@ -80,10 +77,9 @@ global:
         value:
         # -- secretKeyReference for Git credentials password. Provide name and key fields.
         secretKeyRef: {}
-
-   # -- Runtime eventbus
+        # -- Runtime eventbus
     eventBus:
-       # -- Eventbus name
+      # -- Eventbus name
       name: 'codefresh-eventbus'
       # -- Annotations on EventBus resource
       annotations: {}
@@ -107,7 +103,6 @@ global:
                 cpu: 200m
                 memory: 1Gi
                 ephemeral-storage: 2Gi
-
 # -------------------------------------------------------------------------------------------------------------------------
 # Installer
 # -------------------------------------------------------------------------------------------------------------------------
@@ -119,10 +114,9 @@ installer:
     repository: quay.io/codefresh/gitops-runtime-installer
     tag: ""
     pullPolicy: IfNotPresent
-
-# -----------------------------------------------------------------------------------------------------------------------
-# Sealed secrets
-# -----------------------------------------------------------------------------------------------------------------------
+# ---------------------------------------------------------------------------------------------------------------------
+# DOCS: https://artifacthub.io/packages/helm/bitnami-labs/sealed-secrets/2.16.1?modal=values
+# ---------------------------------------------------------------------------------------------------------------------
 sealed-secrets:
   fullnameOverride: sealed-secrets-controller
   keyrenewperiod: "720h"
@@ -137,15 +131,13 @@ sealed-secrets:
     requests:
       cpu: 200m
       memory: 512Mi
-
-#-----------------------------------------------------------------------------------------------------------------------
-# ArgoCD
-#-----------------------------------------------------------------------------------------------------------------------
+# ---------------------------------------------------------------------------------------------------------------------
+# DOCS: https://github.com/codefresh-io/argo-helm/blob/argo-cd-7.4.7-5-cap-2.12.3-2024.10.28-20100fc54/charts/argo-cd
+# ---------------------------------------------------------------------------------------------------------------------
 argo-cd:
   fullnameOverride: argo-cd
   crds:
     install: true
-
   configs:
     cm:
       timeout.reconciliation: 20s
@@ -154,7 +146,6 @@ argo-cd:
     params:
       server.insecure: true
       application.namespaces: 'cf-*'
-
   eventReporter:
     # -- Installs new event reporter component to cluster
     enabled: true
@@ -164,16 +155,14 @@ argo-cd:
     # Possible values: v1, v2.
     # For v2 `argo-cd.eventReporter.enabled=true` is required
     version: v2
-
   applicationVersioning:
     # -- Enable application versioning
     enabled: true
     # -- Extract application version based on ApplicationConfiguration CRD
     useApplicationConfiguration: true
-
-#-----------------------------------------------------------------------------------------------------------------------
-# Argo Events
-#-----------------------------------------------------------------------------------------------------------------------
+# ---------------------------------------------------------------------------------------------------------------------
+# DOCS: https://github.com/codefresh-io/argo-helm/blob/argo-events-2.4.7-1-cap-CR-24607/charts/argo-events
+# ---------------------------------------------------------------------------------------------------------------------
 argo-events:
   fullnameOverride: argo-events
   crds:
@@ -191,33 +180,30 @@ argo-events:
           metricsExporterImage: natsio/prometheus-nats-exporter:0.15.0
           configReloaderImage: natsio/nats-server-config-reloader:0.16.0
           startCommand: /nats-server
-
-#-----------------------------------------------------------------------------------------------------------------------
-# Argo Workflows
-#-----------------------------------------------------------------------------------------------------------------------
+# ---------------------------------------------------------------------------------------------------------------------
+# DOCS: https://github.com/codefresh-io/argo-helm/blob/argo-workflows-0.41.12-v3.5.9-cap-CR-24929/charts/argo-workflows
+# ---------------------------------------------------------------------------------------------------------------------
 argo-workflows:
   fullnameOverride: argo
   enabled: true
   server:
     # -- auth-mode needs to be set to client to be able to see workflow logs from Codefresh UI
     authModes:
-    - client
+      - client
     # -- Do not change. Workflows UI is only accessed through internal router, changing this values will break routing to workflows native UI from Codefresh.
     baseHref: /workflows/
   crds:
     # -- Install and upgrade CRDs
     install: true
-
-#-----------------------------------------------------------------------------------------------------------------------
-# Argo rollouts
-#-----------------------------------------------------------------------------------------------------------------------
+# ---------------------------------------------------------------------------------------------------------------------
+# DOCS: https://github.com/codefresh-io/argo-helm/blob/argo-rollouts-2.37.3-1-v1.7.1-CR-24605/charts/argo-rollouts
+# ---------------------------------------------------------------------------------------------------------------------
 argo-rollouts:
   enabled: true
   fullnameOverride: argo-rollouts
   controller:
     replicas: 1
   installCRDs: true
-
 #-----------------------------------------------------------------------------------------------------------------------
 # Event reporters
 #-----------------------------------------------------------------------------------------------------------------------
@@ -284,7 +270,6 @@ event-reporters:
       tolerations: []
       nodeSelector: {}
       affinity: {}
-
 #-----------------------------------------------------------------------------------------------------------------------
 # Internal router
 #-----------------------------------------------------------------------------------------------------------------------
@@ -309,53 +294,49 @@ internal-router:
   podSecurityContext: {}
   # -- Environment variables - see values.yaml inside the chart for usage
   env: {}
-    #  NAMESPACE:
-    #    valueFrom:
-    #     fieldRef:
-    #       fieldPath: metadata.namespace
-    #  VAR_NAME:
-    #    valueFrom:
-    #      secretKeyRef:
-    #       name: my-secret
-    #       key: my-secret-key
-    #       optional: true
-    #  VAR_NAME:
-    #   valueFrom:
-    #     configMapKeyRef:
-    #       name: my-config-map
-    #       key: my-config-map-key
-    #       optional: true
-    #  VAR_NANE: string-value
+  #  NAMESPACE:
+  #    valueFrom:
+  #     fieldRef:
+  #       fieldPath: metadata.namespace
+  #  VAR_NAME:
+  #    valueFrom:
+  #      secretKeyRef:
+  #       name: my-secret
+  #       key: my-secret-key
+  #       optional: true
+  #  VAR_NAME:
+  #   valueFrom:
+  #     configMapKeyRef:
+  #       name: my-config-map
+  #       key: my-config-map-key
+  #       optional: true
+  #  VAR_NANE: string-value
   securityContext: {}
-
   service:
     type: ClusterIP
     port: 80
-
   resources:
     limits:
       memory: 256Mi
       cpu: "1"
     requests:
       memory: 128Mi
       cpu: "0.2"
-
   nodeSelector: {}
   tolerations: []
   affinity: {}
   # -- Internal routing settings. Do not change this unless you are absolutely certain - the values are determined by chart's logic.
   routing: {}
   #  Example of values:
-    # workflows:
-    #   enabled: true
-    #   internalUrl: "https://argo-server1:2746/"
-    # app-proxy:
-    #   internalUrl: "http://cap-app-proxy:3017"
+  # workflows:
+  #   enabled: true
+  #   internalUrl: "https://argo-server1:2746/"
+  # app-proxy:
+  #   internalUrl: "http://cap-app-proxy:3017"
 
   dnsService: kube-dns
   dnsNamespace: kube-system
   clusterDomain: cluster.local
-
   ## Internal-Router Pod Disruption Budget
   pdb:
     # -- Enable PDB
@@ -364,11 +345,9 @@ internal-router:
     minAvailable: 1
     # -- Set number of pods that are unavailable after eviction as number or percentage
     maxUnavailable: ""
-
-#-----------------------------------------------------------------------------------------------------------------------
-# tunnel client
-#-----------------------------------------------------------------------------------------------------------------------
-# -- Tunnel based runtime. Not supported for on-prem platform. In on-prem use ingress based runtimes.
+# ---------------------------------------------------------------------------------------------------------------------
+# DOCS: https://github.com/codefresh-io/codefresh-tunnel-charts/blob/codefresh-tunnel-client-0.1.17-helm/codefresh-tunnel-client/values.yaml
+# ---------------------------------------------------------------------------------------------------------------------
 tunnel-client:
   # -- Will only be used if global.runtime.ingress.enabled = false
   enabled: true
@@ -377,7 +356,6 @@ tunnel-client:
   tunnelServer:
     host: "register-tunnels.cf-cd.com"
     subdomainHost: "tunnels.cf-cd.com"
-
 #-----------------------------------------------------------------------------------------------------------------------
 # app-proxy
 #-----------------------------------------------------------------------------------------------------------------------
@@ -432,32 +410,26 @@ app-proxy:
     pullPolicy: IfNotPresent
   # -- Extra volume mounts for main container
   extraVolumeMounts: []
-
   initContainer:
     image:
       repository: quay.io/codefresh/cap-app-proxy-init
       tag: 1.3142.0
       pullPolicy: IfNotPresent
     command:
       - ./init.sh
-
     env: {}
-
     resources:
       limits:
         memory: 512Mi
         cpu: '1'
       requests:
         memory: 256Mi
         cpu: '0.2'
-
     # -- Extra volume mounts for init container
     extraVolumeMounts: []
-
   imagePullSecrets: []
   nameOverride: ""
   fullnameOverride: "cap-app-proxy"
-
   config:
     # -- ArgoCD user to be used by app-proxy
     argoCdUsername: "admin"
@@ -471,24 +443,18 @@ app-proxy:
     skipGitPermissionValidation: "false"
     # -- Log Level
     logLevel: "info"
-
   env: {}
-
   serviceAccount:
     create: true
     annotations: {}
     name: "cap-app-proxy"
-
   podAnnotations: {}
-
   podLabels: {}
-
   podSecurityContext: {}
-    # fsGroup: 2000
+  # fsGroup: 2000
 
   securityContext:
     allowPrivilegeEscalation: false
-
   readinessProbe:
     # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded.
     failureThreshold: 3
@@ -500,7 +466,6 @@ app-proxy:
     successThreshold: 1
     # -- Number of seconds after which the [probe] times out.
     timeoutSeconds: 10
-
   livenessProbe:
     # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded.
     failureThreshold: 10
@@ -512,11 +477,9 @@ app-proxy:
     successThreshold: 1
     # -- Number of seconds after which the [probe] times out.
     timeoutSeconds: 10
-
   service:
     type: ClusterIP
     port: 3017
-
   resources:
     requests:
       memory: '512Mi'
@@ -526,13 +489,11 @@ app-proxy:
       memory: '1Gi'
       ephemeral-storage: '6Gi'
       cpu: '1500m'
-
   nodeSelector: {}
   tolerations: []
   affinity: {}
   # -- extra volumes
   extraVolumes: []
-
   ## App-Proxy Pod Disruption Budget
   pdb:
     # -- Enable PDB
@@ -542,15 +503,14 @@ app-proxy:
     # -- Set number of pods that are unavailable after eviction as number or percentage
     maxUnavailable: ""
 
-#-----------------------------------------------------------------------------------------------------------------------
-# gitops-operator
-#-----------------------------------------------------------------------------------------------------------------------
+# ---------------------------------------------------------------------------------------------------------------------
+# DOCS: https://github.com/codefresh-io/codefresh-gitops-operator/tree/codefresh-gitops-operator-0.3.6-helm/charts/codefresh-gitops-operator
+# ---------------------------------------------------------------------------------------------------------------------
 gitops-operator:
   # -- Do not change unless instructed otherwise by Codefresh support
   libraryMode: true
   enabled: true
   replicaCount: 1
-
   # -- Codefresh gitops operator crds
   crds:
     # -- Whether or not to install CRDs
@@ -561,18 +521,16 @@ gitops-operator:
     annotations: {}
     # -- Additional labels for gitops operator CRDs
     additionalLabels: {}
-
   env: {}
   image: {}
-    # -- defaults
-    # repository: quay.io/codefresh/codefresh-gitops-operator
-    # tag: 'v{{ .Chart.AppVersion }}'
+  # -- defaults
+  # repository: quay.io/codefresh/codefresh-gitops-operator
+  # tag: 'v{{ .Chart.AppVersion }}'
 
   serviceAccount:
     create: true
     annotations: {}
     name: "gitops-operator-controller-manager"
-
   # -- Builtin notifications controller used by gitops-operator for promotion related notifications
   argoCdNotifications:
     # -- If set to true allows to override notifications image used by the gitops operator. When set to false the version of ArgoCD will be set to the version used for all other ArgoCD components.
@@ -581,39 +539,32 @@ gitops-operator:
     image: {}
     # -- Resources for notifications controller used by gitops-operator.
     resources: {}
-
   imagePullSecrets: []
   nameOverride: ""
   fullnameOverride: ""
-
   podAnnotations: {}
   podLabels: {}
-
   nodeSelector: {}
   tolerations: []
   affinity: {}
-
   resources:
     limits:
       cpu: 500m
       memory: 128Mi
     requests:
       cpu: 100m
       memory: 64Mi
-
   kube-rbac-proxy:
     image:
       tag: v0.16.0
       # -- defaults
       # repository: gcr.io/kubebuilder/kube-rbac-proxy
       # tag: v0.14.1
-
     securityContext:
       allowPrivilegeEscalation: false
       capabilities:
         drop:
           - "ALL"
-
     resources:
       limits:
         cpu: 500m