diff --git a/README.md b/README.md index 61715fb5..0ccbca07 100644 --- a/README.md +++ b/README.md @@ -7,3 +7,13 @@ See official documentation here: https://codefresh.io/docs/docs/installation/git 1. Make sure kubectl is on the runtime cluster context 2. Run scripts/adopt-crds.sh [runtime Helm release name] [Runtime Namespace] + +## pre-install hook failure: + +run +```shell +kubectl logs jobs/validate-values -n ${NAMESPACE} +``` +(use your selected namespace) +the output should help find the error in the values file. +in order to install while skipping the values validation, install with `--set installer.skipValidation="true"` (or set it in values file) diff --git a/charts/gitops-runtime/Chart.yaml b/charts/gitops-runtime/Chart.yaml index 00e2d86a..cacf4480 100644 --- a/charts/gitops-runtime/Chart.yaml +++ b/charts/gitops-runtime/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: 0.1.30 description: A Helm chart for Codefresh gitops runtime name: gitops-runtime -version: 0.2.9-alpha +version: 0.2.10-alpha home: https://github.com/codefresh-io/gitops-runtime-helm icon: https://avatars1.githubusercontent.com/u/11412079?v=3 keywords: @@ -15,10 +15,8 @@ annotations: artifacthub.io/alternativeName: "codefresh-gitops-runtime" artifacthub.io/prerelease: "true" artifacthub.io/changes: | - - kind: changed - description: Updated `app-proxy` to `1.2268.0` - - kind: changed - description: updated default value of workflow-reporter SA to "codefresh-sa" + - kind: added + description: pre-install hook to valide values - fails installation quickly in case anything is wrong or missing dependencies: - name: argo-cd repository: https://codefresh-io.github.io/argo-helm diff --git a/charts/gitops-runtime/README.md b/charts/gitops-runtime/README.md index f19bb48a..acd888cb 100644 --- a/charts/gitops-runtime/README.md +++ b/charts/gitops-runtime/README.md @@ -1,5 +1,5 @@ ## Codefresh gitops runtime -![Version: 0.2.9-alpha](https://img.shields.io/badge/Version-0.2.9--alpha-informational?style=flat-square) ![AppVersion: 0.1.30](https://img.shields.io/badge/AppVersion-0.1.30-informational?style=flat-square) +![Version: 0.2.10-alpha](https://img.shields.io/badge/Version-0.2.10--alpha-informational?style=flat-square) ![AppVersion: 0.1.30](https://img.shields.io/badge/AppVersion-0.1.30-informational?style=flat-square) ## Codefresh official documentation: Prior to running the installation please see the official documentation at: https://codefresh.io/docs/docs/installation/gitops/hybrid-gitops-helm-installation/ @@ -15,7 +15,7 @@ We have created a helper utility to resolve this issue: The utility is packaged in a container image. Below are instructions on executing the utility using Docker: ``` -docker run -v :/output quay.io/codefresh/gitops-runtime-private-registry-utils:0.2.9-alpha +docker run -v :/output quay.io/codefresh/gitops-runtime-private-registry-utils:0.2.10-alpha ``` `output_dir` - is a local directory where the utility will output files.
`local_registry` - is your local registry where you want to mirror the images to @@ -157,7 +157,8 @@ The utility will output 4 files into the folder: | global.runtime.ingress.protocol | string | `"https"` | The protocol that Codefresh platform will use to access the runtime ingress. Can be http or https. | | global.runtime.ingressUrl | string | `""` | Explicit url for runtime ingress. Provide this value only if you don't want the chart to create and ingress (global.runtime.ingress.enabled=false) and tunnel-client is not used (tunnel-client.enabled=false) | | global.runtime.name | string | `nil` | Runtime name. Must be unique per platform account. | -| installer | object | `{"image":{"pullPolicy":"IfNotPresent","repository":"quay.io/codefresh/gitops-runtime-installer","tag":""}}` | Runtime installer used for running hooks and checks on the release | +| installer | object | `{"image":{"pullPolicy":"IfNotPresent","repository":"quay.io/codefresh/gitops-runtime-installer","tag":""},"skipValidation":false}` | Runtime installer used for running hooks and checks on the release | +| installer.skipValidation | bool | `false` | if set to true, pre-install hook will *not* run | | internal-router.affinity | object | `{}` | | | internal-router.env | object | `{}` | Environment variables - see values.yaml inside the chart for usage | | internal-router.fullnameOverride | string | `"internal-router"` | | diff --git a/charts/gitops-runtime/templates/hooks/pre-install/rbac.yaml b/charts/gitops-runtime/templates/hooks/pre-install/rbac.yaml new file mode 100644 index 00000000..48f6eb77 --- /dev/null +++ b/charts/gitops-runtime/templates/hooks/pre-install/rbac.yaml @@ -0,0 +1,43 @@ +{{- if not .Values.installer.skipValidation }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: validate-values-cr + annotations: + helm.sh/hook: pre-install,pre-upgrade + helm.sh/hook-delete-policy: hook-succeeded,before-hook-creation,hook-failed + helm.sh/hook-weight: "-10" +rules: +- apiGroups: + - "*" + resources: + - "*" + verbs: + - "*" +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: validate-values-crb + annotations: + helm.sh/hook: pre-install,pre-upgrade + helm.sh/hook-delete-policy: hook-succeeded,before-hook-creation,hook-failed + helm.sh/hook-weight: "-10" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: validate-values-cr +subjects: +- kind: ServiceAccount + name: validate-values-sa + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: validate-values-sa + annotations: + helm.sh/hook: pre-install,pre-upgrade + helm.sh/hook-delete-policy: hook-succeeded,before-hook-creation,hook-failed + helm.sh/hook-weight: "-10" +{{- end }} diff --git a/charts/gitops-runtime/templates/hooks/pre-install/validate-values.yaml b/charts/gitops-runtime/templates/hooks/pre-install/validate-values.yaml new file mode 100644 index 00000000..8c33193e --- /dev/null +++ b/charts/gitops-runtime/templates/hooks/pre-install/validate-values.yaml @@ -0,0 +1,32 @@ +{{- if not .Values.installer.skipValidation }} +apiVersion: batch/v1 +kind: Job +metadata: + name: validate-values + annotations: + helm.sh/hook: pre-install,pre-upgrade + helm.sh/hook-delete-policy: hook-succeeded,before-hook-creation +spec: + backoffLimit: 0 + ttlSecondsAfterFinished: 300 + template: + spec: + serviceAccount: validate-values-sa + restartPolicy: Never + containers: + - name: validate-values + image: "{{ .Values.installer.image.repository }}:{{ .Values.installer.image.tag | default .Chart.Version }}" + imagePullPolicy: {{ .Values.installer.image.pullPolicy }} + env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: VERSION + value: {{ .Chart.Version }} + command: ["sh", "-c"] + args: + - | + echo {{ .Values | toYaml | quote }} > values.yaml + cf helm validate --values values.yaml --namespace ${NAMESPACE} --version ${VERSION} --hook --log-level debug +{{- end }} diff --git a/charts/gitops-runtime/templates/hooks/pre-uninstall/cleanup-resources.yaml b/charts/gitops-runtime/templates/hooks/pre-uninstall/cleanup-resources.yaml index 562bc609..db166d89 100644 --- a/charts/gitops-runtime/templates/hooks/pre-uninstall/cleanup-resources.yaml +++ b/charts/gitops-runtime/templates/hooks/pre-uninstall/cleanup-resources.yaml @@ -21,4 +21,4 @@ spec: kubectl patch EventBus $(kubectl get eventbus -l codefresh.io/internal=true | awk 'NR>1{print $1}' | xargs) -p '{"metadata":{"finalizers":null}}' --type=merge && \ kubectl patch Eventsource $(kubectl get EventSource -l codefresh.io/internal=true | awk 'NR>1{print $1}' | xargs) -p '{"metadata":{"finalizers":null}}' --type=merge && \ kubectl patch Sensor $(kubectl get Sensor -l codefresh.io/internal=true | awk 'NR>1{print $1}' | xargs) -p '{"metadata":{"finalizers":null}}' --type=merge ; - return 0 \ No newline at end of file + return 0 diff --git a/charts/gitops-runtime/templates/hooks/pre-uninstall/rbac.yaml b/charts/gitops-runtime/templates/hooks/pre-uninstall/rbac.yaml index 81c5e6df..62a62301 100644 --- a/charts/gitops-runtime/templates/hooks/pre-uninstall/rbac.yaml +++ b/charts/gitops-runtime/templates/hooks/pre-uninstall/rbac.yaml @@ -34,4 +34,4 @@ metadata: name: runtime-cleanup annotations: "helm.sh/hook": pre-delete - "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation,hook-failed \ No newline at end of file + "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation,hook-failed diff --git a/charts/gitops-runtime/values.yaml b/charts/gitops-runtime/values.yaml index 66f12d0c..78abbdda 100644 --- a/charts/gitops-runtime/values.yaml +++ b/charts/gitops-runtime/values.yaml @@ -99,6 +99,8 @@ global: # ------------------------------------------------------------------------------------------------------------------------- # -- Runtime installer used for running hooks and checks on the release installer: + # -- if set to true, pre-install hook will *not* run + skipValidation: false image: repository: quay.io/codefresh/gitops-runtime-installer tag: "" diff --git a/installer-image/Dockerfile b/installer-image/Dockerfile index 3b7a71eb..64cd99e0 100644 --- a/installer-image/Dockerfile +++ b/installer-image/Dockerfile @@ -1,8 +1,13 @@ FROM --platform=$BUILDPLATFORM debian:bullseye-slim -RUN apt-get update -y && apt-get install curl -y -ARG CF_CLI_VERSION=v0.1.25 -ARG KUBECTL_VERSION=v1.26.0 + +ARG CF_CLI_VERSION=v0.1.48 +ARG KUBECTL_VERSION=v1.27.2 ARG TARGETARCH + +RUN apt-get update && apt-get install curl -y RUN curl -L --output - https://github.com/codefresh-io/cli-v2/releases/download/${CF_CLI_VERSION}/cf-linux-${TARGETARCH}.tar.gz | tar zx && mv ./cf-linux-${TARGETARCH} /usr/local/bin/cf RUN curl -LO https://dl.k8s.io/release/${KUBECTL_VERSION}/bin/linux/${TARGETARCH}/kubectl && chmod +x kubectl && mv ./kubectl /usr/local/bin/kubectl -USER 1000 \ No newline at end of file + +RUN adduser --shell /bin/bash codefresh +USER codefresh +WORKDIR /home/codefresh