From 7da81394feebe50b0fa457d391ab6f7bbe7bc582 Mon Sep 17 00:00:00 2001 From: Noam Gal Date: Wed, 6 Nov 2024 16:39:27 +0200 Subject: [PATCH 01/12] update gitops-operator to 0.3.8 - support manual-sync applications (#327) allow override of promotion-wrapper workflowTemplate --- charts/gitops-runtime/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/gitops-runtime/Chart.yaml b/charts/gitops-runtime/Chart.yaml index 115eb88d..4de41acc 100644 --- a/charts/gitops-runtime/Chart.yaml +++ b/charts/gitops-runtime/Chart.yaml @@ -38,7 +38,7 @@ dependencies: condition: tunnel-client.enabled - name: codefresh-gitops-operator repository: oci://quay.io/codefresh/charts - version: 0.3.6 + version: 0.3.7 alias: gitops-operator condition: gitops-operator.enabled - name: garage From 02c295404138f2ed728ef0adca52efbbee34a93e Mon Sep 17 00:00:00 2001 From: Noam Gal Date: Wed, 6 Nov 2024 18:44:06 +0200 Subject: [PATCH 02/12] fix: bump cap-app-proxy to 1.3146.0 - fix: accessing repo in parallel (#329) * bump cap-app-proxy to `1.3146.0` - fix: accessing repo in parallel --- charts/gitops-runtime/values.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/gitops-runtime/values.yaml b/charts/gitops-runtime/values.yaml index f557cad3..5d82d5fb 100644 --- a/charts/gitops-runtime/values.yaml +++ b/charts/gitops-runtime/values.yaml @@ -428,7 +428,7 @@ app-proxy: tag: 1.1.11-main image: repository: quay.io/codefresh/cap-app-proxy - tag: 1.3142.0 + tag: 1.3146.0 pullPolicy: IfNotPresent # -- Extra volume mounts for main container extraVolumeMounts: [] @@ -436,7 +436,7 @@ app-proxy: initContainer: image: repository: quay.io/codefresh/cap-app-proxy-init - tag: 1.3142.0 + tag: 1.3146.0 pullPolicy: IfNotPresent command: - ./init.sh From fdb1847faf9c5085e8d7a5524ad06636c5af89fe Mon Sep 17 00:00:00 2001 From: akavalchuk Date: Thu, 7 Nov 2024 14:32:56 +0100 Subject: [PATCH 03/12] update gitops-operator to 0.3.8 - changed gitlog to take all commits since the last call (#331) --- charts/gitops-runtime/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/gitops-runtime/Chart.yaml b/charts/gitops-runtime/Chart.yaml index 4de41acc..5a974479 100644 --- a/charts/gitops-runtime/Chart.yaml +++ b/charts/gitops-runtime/Chart.yaml @@ -38,7 +38,7 @@ dependencies: condition: tunnel-client.enabled - name: codefresh-gitops-operator repository: oci://quay.io/codefresh/charts - version: 0.3.7 + version: 0.3.8 alias: gitops-operator condition: gitops-operator.enabled - name: garage From 43dd1437a4d2ef8ccb95b780cbe97cab731ff6cc Mon Sep 17 00:00:00 2001 From: Noam Gal Date: Thu, 7 Nov 2024 19:01:11 +0200 Subject: [PATCH 04/12] fix: don't use protocol for ARGO_CD_URL in gitops-operator (#332) --- charts/gitops-runtime/templates/_helpers.tpl | 17 +++++++++++++---- .../templates/gitops-operator.yaml | 2 +- .../tests/gitops-controller-misc_test.yaml | 6 +++--- 3 files changed, 17 insertions(+), 8 deletions(-) diff --git a/charts/gitops-runtime/templates/_helpers.tpl b/charts/gitops-runtime/templates/_helpers.tpl index 82219aed..d47df549 100644 --- a/charts/gitops-runtime/templates/_helpers.tpl +++ b/charts/gitops-runtime/templates/_helpers.tpl @@ -135,15 +135,24 @@ Determine argocd server service port. Must be called with chart root context Determine argocd server url. Must be called with chart root context */}} {{- define "codefresh-gitops-runtime.argocd.server.url" -}} -{{- $argoCDValues := (get .Values "argo-cd") }} {{- $protocol := "https" }} -{{- $serverName := include "codefresh-gitops-runtime.argocd.server.servicename" . }} {{- $port := include "codefresh-gitops-runtime.argocd.server.serviceport" . }} -{{- $path := (get $argoCDValues.configs.params "server.rootpath") }} {{- if (eq $port "80") }} {{- $protocol = "http" }} {{- end }} -{{- printf "%s://%s:%s%s" $protocol $serverName $port $path }} +{{- $url := include "codefresh-gitops-runtime.argocd.server.no-protocol-url" . }} +{{- printf "%s://%s" $protocol $url }} +{{- end}} + +{{/* +Determine argocd server url witout the protocol. Must be called with chart root context +*/}} +{{- define "codefresh-gitops-runtime.argocd.server.no-protocol-url" -}} +{{- $argoCDValues := (get .Values "argo-cd") }} +{{- $serverName := include "codefresh-gitops-runtime.argocd.server.servicename" . }} +{{- $port := include "codefresh-gitops-runtime.argocd.server.serviceport" . }} +{{- $path := (get $argoCDValues.configs.params "server.rootpath") }} +{{- printf "%s:%s%s" $serverName $port $path }} {{- end}} {{/* diff --git a/charts/gitops-runtime/templates/gitops-operator.yaml b/charts/gitops-runtime/templates/gitops-operator.yaml index 500d7107..95de6f96 100644 --- a/charts/gitops-runtime/templates/gitops-operator.yaml +++ b/charts/gitops-runtime/templates/gitops-operator.yaml @@ -18,7 +18,7 @@ {{/* Set argo-cd-server service and port */}} {{ if not (index .Values "gitops-operator").env.ARGO_CD_URL }} - {{- $_ := set $gitopsOperatorContext.Values.env "ARGO_CD_URL" (include "codefresh-gitops-runtime.argocd.server.url" . ) }} + {{- $_ := set $gitopsOperatorContext.Values.env "ARGO_CD_URL" (include "codefresh-gitops-runtime.argocd.server.no-protocol-url" . ) }} {{- end }} {{/* Set workflows url */}} diff --git a/charts/gitops-runtime/tests/gitops-controller-misc_test.yaml b/charts/gitops-runtime/tests/gitops-controller-misc_test.yaml index e3d1ea42..1a0dd999 100644 --- a/charts/gitops-runtime/tests/gitops-controller-misc_test.yaml +++ b/charts/gitops-runtime/tests/gitops-controller-misc_test.yaml @@ -329,7 +329,7 @@ tests: path: spec.template.spec.containers[1].env content: name: ARGO_CD_URL - value: http://myargocd-server:80/some-path + value: myargocd-server:80/some-path - it: contains all resources for notifications controller template: gitops-operator.yaml @@ -371,11 +371,11 @@ tests: argo-cd.configs.params: server.rootpath: /some-path argo-cd.fullnameOverride: myargocd - gitops-operator.env.ARGO_CD_URL: http://some-other-url + gitops-operator.env.ARGO_CD_URL: some-other-url:123 asserts: - contains: path: spec.template.spec.containers[1].env content: name: ARGO_CD_URL - value: http://some-other-url + value: some-other-url:123 From 92a35e4627eafd800dd12b2ff3665b6afd3944e0 Mon Sep 17 00:00:00 2001 From: vitalii-codefresh Date: Tue, 19 Nov 2024 12:21:20 +0200 Subject: [PATCH 05/12] updated frpc with security fixes (#334) --- charts/gitops-runtime/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/gitops-runtime/Chart.yaml b/charts/gitops-runtime/Chart.yaml index 5a974479..a0d4e1dd 100644 --- a/charts/gitops-runtime/Chart.yaml +++ b/charts/gitops-runtime/Chart.yaml @@ -33,7 +33,7 @@ dependencies: version: 2.16.1 - name: codefresh-tunnel-client repository: oci://quay.io/codefresh/charts - version: 0.1.17 + version: 0.1.18 alias: tunnel-client condition: tunnel-client.enabled - name: codefresh-gitops-operator From f78b8a80cff997286ad9e5e9f42ea471e750ab66 Mon Sep 17 00:00:00 2001 From: mikhail-klimko Date: Wed, 20 Nov 2024 00:14:23 +0300 Subject: [PATCH 06/12] fix: remove aws-cli (#336) --- charts/gitops-runtime/Chart.yaml | 2 +- charts/gitops-runtime/values.yaml | 3 +++ scripts/get-all-images.sh | 2 +- 3 files changed, 5 insertions(+), 2 deletions(-) diff --git a/charts/gitops-runtime/Chart.yaml b/charts/gitops-runtime/Chart.yaml index a0d4e1dd..6eba045b 100644 --- a/charts/gitops-runtime/Chart.yaml +++ b/charts/gitops-runtime/Chart.yaml @@ -44,5 +44,5 @@ dependencies: - name: garage repository: https://codefresh-io.github.io/garage alias: garage-workflows-artifact-storage - version: 0.5.0-cf.1 + version: 0.5.0-cf.2 condition: garage-workflows-artifact-storage.enabled diff --git a/charts/gitops-runtime/values.yaml b/charts/gitops-runtime/values.yaml index 5d82d5fb..41a4d1b4 100644 --- a/charts/gitops-runtime/values.yaml +++ b/charts/gitops-runtime/values.yaml @@ -649,3 +649,6 @@ garage-workflows-artifact-storage: size: 100Mi # -- Resources for garage pods. For smaller deployments at least 100m CPU and 1024Mi memory is reccommended. For larger deployments double this size. resources: {} + # -- Helm tests + tests: + enabled: false diff --git a/scripts/get-all-images.sh b/scripts/get-all-images.sh index a2426b9b..ca1ffb41 100755 --- a/scripts/get-all-images.sh +++ b/scripts/get-all-images.sh @@ -11,4 +11,4 @@ helm template release-name $CHARTDIR -f $VALUESFILE \ | awk -F ': ' '{print $2}' | awk NF \ | tr -d '"' | tr -d ',' | cut -f1 -d"@" \ | sort -u \ - > $OUTPUTFILE \ No newline at end of file + > $OUTPUTFILE From f1a07be83c36f867a9891cf1bd00ca0ae9f0162e Mon Sep 17 00:00:00 2001 From: Oleksandr Saulyak Date: Thu, 21 Nov 2024 18:20:03 +0200 Subject: [PATCH 07/12] argo-cd with repo-server repeated resources fix (#338) --- charts/gitops-runtime/Chart.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/gitops-runtime/Chart.yaml b/charts/gitops-runtime/Chart.yaml index 6eba045b..5fcf8542 100644 --- a/charts/gitops-runtime/Chart.yaml +++ b/charts/gitops-runtime/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 0.1.62 +appVersion: 0.1.64 description: A Helm chart for Codefresh gitops runtime name: gitops-runtime version: 0.0.0 @@ -16,7 +16,7 @@ annotations: dependencies: - name: argo-cd repository: https://codefresh-io.github.io/argo-helm - version: 7.4.7-5-cap-2.12.3-2024.10.28-20100fc54 + version: 7.4.7-6-cap-2.12.3-2024.11.14-d7a4c4e7e - name: argo-events repository: https://codefresh-io.github.io/argo-helm version: 2.4.7-1-cap-CR-24607 From 4b1dd66ad4e5578e5bbfd3cd14591319837acbba Mon Sep 17 00:00:00 2001 From: Noam Gal Date: Tue, 26 Nov 2024 16:00:55 +0200 Subject: [PATCH 08/12] updated codefresh-gitops-operator to 0.3.10 (#340) --- charts/gitops-runtime/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/gitops-runtime/Chart.yaml b/charts/gitops-runtime/Chart.yaml index 5fcf8542..d3c1eee0 100644 --- a/charts/gitops-runtime/Chart.yaml +++ b/charts/gitops-runtime/Chart.yaml @@ -38,7 +38,7 @@ dependencies: condition: tunnel-client.enabled - name: codefresh-gitops-operator repository: oci://quay.io/codefresh/charts - version: 0.3.8 + version: 0.3.10 alias: gitops-operator condition: gitops-operator.enabled - name: garage From 68b548bddcc38dd0b55abff8dbc6224c12c95218 Mon Sep 17 00:00:00 2001 From: Noam Gal Date: Wed, 27 Nov 2024 13:40:25 +0200 Subject: [PATCH 09/12] update codefresh-gitops-operator to 0.3.11 - support non-github promotions (commit only) (#343) --- charts/gitops-runtime/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/gitops-runtime/Chart.yaml b/charts/gitops-runtime/Chart.yaml index d3c1eee0..4b438bee 100644 --- a/charts/gitops-runtime/Chart.yaml +++ b/charts/gitops-runtime/Chart.yaml @@ -38,7 +38,7 @@ dependencies: condition: tunnel-client.enabled - name: codefresh-gitops-operator repository: oci://quay.io/codefresh/charts - version: 0.3.10 + version: 0.3.11 alias: gitops-operator condition: gitops-operator.enabled - name: garage From 5be7fecf3fb46c331694c6e99c3a863ffacc6953 Mon Sep 17 00:00:00 2001 From: Daniel Maizel Date: Thu, 28 Nov 2024 10:30:22 +0200 Subject: [PATCH 10/12] chore: security fixes (#342) * Fix CVE's * bump cli --- installer-image/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/installer-image/Dockerfile b/installer-image/Dockerfile index 1f69935c..07ab65e8 100644 --- a/installer-image/Dockerfile +++ b/installer-image/Dockerfile @@ -1,7 +1,7 @@ FROM debian:bullseye-slim -ARG CF_CLI_VERSION=v0.1.60 -ARG KUBECTL_VERSION=v1.27.2 +ARG CF_CLI_VERSION=v0.1.68 +ARG KUBECTL_VERSION=v1.28.12 ARG TARGETARCH RUN apt-get update && apt-get install curl -y From fd75b22e60e9fffc8341228be00c3ad7d9244975 Mon Sep 17 00:00:00 2001 From: Noam Gal Date: Thu, 28 Nov 2024 12:01:34 +0200 Subject: [PATCH 11/12] update codefresh-gitops-operator to 0.3.12 - fail submit-tmpl step if child wf failed (#345) --- charts/gitops-runtime/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/gitops-runtime/Chart.yaml b/charts/gitops-runtime/Chart.yaml index 4b438bee..3ee6c4e7 100644 --- a/charts/gitops-runtime/Chart.yaml +++ b/charts/gitops-runtime/Chart.yaml @@ -38,7 +38,7 @@ dependencies: condition: tunnel-client.enabled - name: codefresh-gitops-operator repository: oci://quay.io/codefresh/charts - version: 0.3.11 + version: 0.3.12 alias: gitops-operator condition: gitops-operator.enabled - name: garage From a0b3cc6535348965bdd475731baccfdb92bd985d Mon Sep 17 00:00:00 2001 From: Noam Gal Date: Tue, 10 Dec 2024 11:18:07 +0200 Subject: [PATCH 12/12] support singleNamespace option --- charts/gitops-runtime/Chart.yaml | 5 +++-- charts/gitops-runtime/templates/_helpers.tpl | 7 +++++-- .../templates/app-proxy/workflows-crb.yaml | 9 ++++++--- charts/gitops-runtime/templates/gitops-operator.yaml | 2 +- charts/gitops-runtime/values.yaml | 11 +++++++---- 5 files changed, 22 insertions(+), 12 deletions(-) diff --git a/charts/gitops-runtime/Chart.yaml b/charts/gitops-runtime/Chart.yaml index 3ee6c4e7..79e8a9e2 100644 --- a/charts/gitops-runtime/Chart.yaml +++ b/charts/gitops-runtime/Chart.yaml @@ -31,14 +31,15 @@ dependencies: - name: sealed-secrets repository: https://bitnami-labs.github.io/sealed-secrets/ version: 2.16.1 + condition: sealed-secrets.enabled - name: codefresh-tunnel-client repository: oci://quay.io/codefresh/charts version: 0.1.18 alias: tunnel-client condition: tunnel-client.enabled - name: codefresh-gitops-operator - repository: oci://quay.io/codefresh/charts - version: 0.3.12 + repository: oci://quay.io/codefresh/charts/dev + version: 0.0.0-feat-cr-24670-namespaced-install alias: gitops-operator condition: gitops-operator.enabled - name: garage diff --git a/charts/gitops-runtime/templates/_helpers.tpl b/charts/gitops-runtime/templates/_helpers.tpl index d47df549..67c3b9bf 100644 --- a/charts/gitops-runtime/templates/_helpers.tpl +++ b/charts/gitops-runtime/templates/_helpers.tpl @@ -242,10 +242,13 @@ Output comma separated list of installed runtime components {{- define "codefresh-gitops-runtime.component-list"}} {{- $argoCD := dict "name" "argocd" "version" (get .Subcharts "argo-cd").Chart.AppVersion }} {{- $argoEvents := dict "name" "argo-events" "version" (get .Subcharts "argo-events").Chart.AppVersion }} - {{- $sealedSecrets := dict "name" "sealed-secrets" "version" (get .Subcharts "sealed-secrets").Chart.AppVersion }} {{- $internalRouter := dict "name" "internal-router" "version" .Chart.AppVersion }} {{- $appProxy := dict "name" "app-proxy" "version" (index (get .Values "app-proxy") "image" "tag") }} - {{- $comptList := list $argoCD $argoEvents $appProxy $sealedSecrets $internalRouter}} + {{- $comptList := list $argoCD $argoEvents $appProxy $internalRouter}} + {{- if index (get .Values "sealed-secrets") "enabled" }} + {{- $sealedSecrets := dict "name" "sealed-secrets" "version" (get .Subcharts "sealed-secrets").Chart.AppVersion }} + {{- $comptList = append $comptList $sealedSecrets }} + {{- end }} {{- if index (get .Values "argo-rollouts") "enabled" }} {{- $rolloutReporter := dict "name" "rollout-reporter" "version" .Chart.AppVersion }} {{- $argoRollouts := dict "name" "argo-rollouts" "version" (get .Subcharts "argo-rollouts").Chart.AppVersion }} diff --git a/charts/gitops-runtime/templates/app-proxy/workflows-crb.yaml b/charts/gitops-runtime/templates/app-proxy/workflows-crb.yaml index 2b46fb47..d317c19c 100644 --- a/charts/gitops-runtime/templates/app-proxy/workflows-crb.yaml +++ b/charts/gitops-runtime/templates/app-proxy/workflows-crb.yaml @@ -4,15 +4,18 @@ {{- $_ := set $appProxyContext "Values" (get .Values "app-proxy") }} {{- $_ := set $appProxyContext.Values "global" (get .Values "global") }} apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding +kind: {{ $appProxyContext.Values.singleNamespace | ternary "RoleBinding" "ClusterRoleBinding" }} metadata: name: cap-app-proxy-argo-workflows + {{- if $appProxyContext.Values.singleNamespace }} + namespace: {{ .Release.Namespace }} + {{- end }} roleRef: apiGroup: rbac.authorization.k8s.io - kind: ClusterRole + kind: {{ $appProxyContext.Values.singleNamespace | ternary "Role" "ClusterRole" }} name: {{ include "codefresh-gitops-runtime.argo-workflows.server.name" . }} subjects: - kind: ServiceAccount name: {{ include "cap-app-proxy.serviceAccountName" $appProxyContext }} namespace: {{ .Release.Namespace }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/gitops-runtime/templates/gitops-operator.yaml b/charts/gitops-runtime/templates/gitops-operator.yaml index 95de6f96..1c2138a5 100644 --- a/charts/gitops-runtime/templates/gitops-operator.yaml +++ b/charts/gitops-runtime/templates/gitops-operator.yaml @@ -1,4 +1,4 @@ -{{- if index (get .Values "gitops-operator") "libraryMode" }} +{{- if and (index (get .Values "gitops-operator") "libraryMode") (index (get .Values "gitops-operator") "enabled") }} {{- $gitopsOperatorContext := (index .Subcharts "gitops-operator")}} {{- $argoCDImageDict := index .Subcharts "argo-cd" "Values" "global" "image" }} {{- if not $argoCDImageDict.tag }} diff --git a/charts/gitops-runtime/values.yaml b/charts/gitops-runtime/values.yaml index 41a4d1b4..5b03311f 100644 --- a/charts/gitops-runtime/values.yaml +++ b/charts/gitops-runtime/values.yaml @@ -124,6 +124,7 @@ installer: # Sealed secrets # ----------------------------------------------------------------------------------------------------------------------- sealed-secrets: + enabled: true fullnameOverride: sealed-secrets-controller keyrenewperiod: "720h" image: @@ -383,6 +384,7 @@ tunnel-client: #----------------------------------------------------------------------------------------------------------------------- app-proxy: replicaCount: 1 + singleNamespace: false # -- Image enrichment process configuration image-enrichment: # -- Enable or disable enrichment process. Please note that for enrichemnt, argo-workflows has to be enabled as well. @@ -562,11 +564,12 @@ gitops-operator: # -- Additional labels for gitops operator CRDs additionalLabels: {} + singleNamespace: false env: {} - image: {} - # -- defaults - # repository: quay.io/codefresh/codefresh-gitops-operator - # tag: 'v{{ .Chart.AppVersion }}' + image: + # -- defaults + # repository: quay.io/codefresh/codefresh-gitops-operator + tag: feat-cr-24670-namespaced-install-cdc9a73 serviceAccount: create: true