Skip to content

Commit 4b60493

Browse files
mikhail-klimkomikhail-klimko
authored
onprem: 2.7.15 (#62)
1 parent 5fb8de8 commit 4b60493

File tree

8 files changed

+69
-27
lines changed

8 files changed

+69
-27
lines changed

codefresh/.ci/values/mtls-mongodb-redis.yaml

Lines changed: 5 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,8 @@
11
seed:
22
mongoSeedJob:
33
mongodbRootURI: mongodb://root:XT9nmM8dZDZ@cf-mongodb:27017/?authSource=admin
4+
mongodbRootOptions: authSource=admin
5+
mongodbRootPassword: XT9nmM8dZDZ
46

57
global:
68
appUrl: "" # placeholder for ${CF_APP_HOST}
@@ -86,9 +88,9 @@ mongodb:
8688
mongosh ${MONGODB_ROOT_URI} --eval "db.getSiblingDB('${MONGODB_DATABASE}').createCollection('test')"
8789
done
8890
89-
mongoimport --uri ${MONGODB_ROOT_URI} --db codefresh --collection idps --type json --legacy --file /usr/share/extras/idps.json
90-
mongoimport --uri ${MONGODB_ROOT_URI} --db codefresh --collection accounts --type json --legacy --file /usr/share/extras/accounts.json
91-
mongoimport --uri ${MONGODB_ROOT_URI} --db codefresh --collection users --type json --legacy --file /usr/share/extras/users.json
91+
# mongoimport --uri ${MONGODB_ROOT_URI} --db codefresh --collection idps --type json --legacy --file /usr/share/extras/idps.json
92+
# mongoimport --uri ${MONGODB_ROOT_URI} --db codefresh --collection accounts --type json --legacy --file /usr/share/extras/accounts.json
93+
# mongoimport --uri ${MONGODB_ROOT_URI} --db codefresh --collection users --type json --legacy --file /usr/share/extras/users.json
9294

9395
extraVolumeMounts:
9496
- name: extras

codefresh/Chart.lock

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -151,7 +151,7 @@ dependencies:
151151
version: 1.3344.2-onprem-3feba0e
152152
- name: argo-hub-platform
153153
repository: oci://quay.io/codefresh/charts
154-
version: 0.1.23
154+
version: 0.1.24
155155
- name: cf-oidc-provider
156156
repository: oci://quay.io/codefresh/charts
157157
version: 0.0.16
@@ -170,5 +170,5 @@ dependencies:
170170
- name: onboarding-status
171171
repository: oci://quay.io/codefresh/charts
172172
version: 1.8.8
173-
digest: sha256:f94b0d09660d4ca0bf68f1b4bcc02102357f069044ade19695be974411644cf2
174-
generated: "2025-05-15T16:37:04.178584+03:00"
173+
digest: sha256:5479d9ac8d0b75cda6c8d373ce9b2a7b5b3a46196214337268dc03e05fcb48d2
174+
generated: "2025-05-26T19:11:02.424512+03:00"

codefresh/Chart.yaml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
apiVersion: v2
22
description: Helm Chart for Codefresh On-Prem
33
name: codefresh
4-
version: 2.7.14
4+
version: 2.7.15
55
keywords:
66
- codefresh
77
home: https://codefresh.io/
@@ -19,7 +19,7 @@ annotations:
1919
# supported kinds are added, changed, deprecated, removed, fixed and security.
2020
artifacthub.io/changes: |
2121
- kind: fixed
22-
description: "Fix delete-consul-svc hook job not to fail when consul service is not found"
22+
description: "Fix mongo-seed job with Mongo MTLS enabled"
2323
dependencies:
2424
- name: cf-common
2525
repository: oci://quay.io/codefresh/charts

codefresh/README.md

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
## Codefresh On-Premises
22

3-
![Version: 2.7.14](https://img.shields.io/badge/Version-2.7.14-informational?style=flat-square) ![AppVersion: 2.7.0](https://img.shields.io/badge/AppVersion-2.7.0-informational?style=flat-square)
3+
![Version: 2.7.15](https://img.shields.io/badge/Version-2.7.15-informational?style=flat-square) ![AppVersion: 2.7.0](https://img.shields.io/badge/AppVersion-2.7.0-informational?style=flat-square)
44

55
Helm chart for deploying [Codefresh On-Premises](https://codefresh.io/docs/docs/getting-started/intro-to-codefresh/) to Kubernetes.
66

@@ -2331,6 +2331,8 @@ After platform upgrade, Consul fails with the error `refusing to rejoin cluster
23312331
| seed-e2e | object | `{"affinity":{},"backoffLimit":10,"enabled":false,"image":{"registry":"docker.io","repository":"mongo","tag":"latest"},"nodeSelector":{},"podSecurityContext":{},"resources":{},"tolerations":[],"ttlSecondsAfterFinished":300}` | CI |
23322332
| seed.enabled | bool | `true` | Enable all seed jobs |
23332333
| seed.mongoSeedJob | object | See below | Mongo Seed Job. Required at first install. Seeds the required data (default idp/user/account), creates cfuser and required databases. |
2334+
| seed.mongoSeedJob.env | object | `{}` | Extra env variables for seed job. |
2335+
| seed.mongoSeedJob.mongodbRootOptions | string | `""` | Extra options for connection string (e.g. `authSource=admin`). |
23342336
| seed.mongoSeedJob.mongodbRootPassword | string | `"XT9nmM8dZD"` | Root password in plain text (required ONLY for seed job!). |
23352337
| seed.mongoSeedJob.mongodbRootPasswordSecretKeyRef | object | `{}` | Root password from existing secret |
23362338
| seed.mongoSeedJob.mongodbRootUser | string | `"root"` | Root user in plain text (required ONLY for seed job!). |

codefresh/files/mongoSeedJobScript.sh

Lines changed: 38 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -12,9 +12,12 @@ export MONGODB_ROOT_PASSWORD=...
1212
1313
COMMENT
1414

15-
# set -eou pipefail
15+
if [[ -n $DEBUG ]]; then
16+
set -o xtrace
17+
fi
1618

1719
ASSETS_PATH=${ASSETS_PATH:-/usr/share/extras/}
20+
MTLS_CERT_PATH=${MTLS_CERT_PATH:-/etc/ssl/mongodb/ca.pem}
1821

1922
MONGODB_DATABASES=(
2023
"archive"
@@ -34,12 +37,12 @@ MONGODB_DATABASES=(
3437
)
3538

3639
disableMongoTelemetry() {
37-
mongosh --nodb --eval "disableTelemetry()"
40+
mongosh --nodb --eval "disableTelemetry()" || true
3841
}
3942

4043
waitForMongoDB() {
4144
while true; do
42-
status=$(mongosh ${MONGODB_ROOT_URI} --eval "db.adminCommand('ping')" 2>&1)
45+
status=$(mongosh ${MONGODB_ROOT_URI} ${MONGO_URI_EXTRA_PARAMS} --eval "db.adminCommand('ping')" 2>&1)
4346

4447
echo -e "MongoDB status:\n$status"
4548
if $(echo $status | grep 'ok: 1' -q); then
@@ -56,12 +59,23 @@ parseMongoURI() {
5659
local parameters="$(echo $1 | grep '?' | cut -d '?' -f2)"; if [[ -n $parameters ]]; then parameters="?${parameters}"; fi
5760
local url="$(echo ${1/$proto/})"
5861
local userpass="$(echo $url | grep @ | cut -d@ -f1)"
59-
local hostport="$(echo $url | sed s/$userpass// | sed "s/\/\?$parameters//" | sed -re "s/\/\?|@//g" | sed 's/\/$//')"
62+
if [[ -z $userpass ]]; then
63+
local hostport="$(echo $url | sed "s/\/\?$parameters//" | sed -re "s/\/\?|@//g" | sed 's/\/$//')"
64+
MONGO_URI="$proto$hostport/${MONGODB_DATABASE}$parameters"
65+
else
66+
local hostport="$(echo $url | sed s/$userpass// | sed "s/\/\?$parameters//" | sed -re "s/\/\?|@//g" | sed 's/\/$//')"
67+
MONGODB_PASSWORD="$(echo $userpass | grep : | cut -d: -f2)"
68+
MONGODB_USER="$(echo $userpass | grep : | cut -d: -f1)"
69+
MONGO_URI="$proto$userpass@$hostport/${MONGODB_DATABASE}$parameters"
70+
fi
71+
72+
73+
if [[ -z $MONGODB_ROOT_OPTIONS ]]; then
74+
MONGODB_ROOT_URI="$proto${MONGODB_ROOT_USER}:${MONGODB_ROOT_PASSWORD}@$hostport/admin$parameters"
75+
else
76+
MONGODB_ROOT_URI="$proto${MONGODB_ROOT_USER}:${MONGODB_ROOT_PASSWORD}@$hostport/admin?${MONGODB_ROOT_OPTIONS}"
77+
fi
6078

61-
MONGODB_PASSWORD="$(echo $userpass | grep : | cut -d: -f2)"
62-
MONGODB_USER="$(echo $userpass | grep : | cut -d: -f1)"
63-
MONGO_URI="$proto$userpass@$hostport/${MONGODB_DATABASE}$parameters"
64-
MONGODB_ROOT_URI="$proto${MONGODB_ROOT_USER}:${MONGODB_ROOT_PASSWORD}@$hostport/admin$parameters"
6579
}
6680

6781
getMongoVersion() {
@@ -82,6 +96,14 @@ setPacks() {
8296

8397
parseMongoURI $MONGO_URI
8498

99+
if [[ -s ${MTLS_CERT_PATH} ]]; then
100+
MONGO_URI_EXTRA_PARAMS="--tls --tlsCertificateKeyFile ${MTLS_CERT_PATH} --tlsAllowInvalidHostnames --tlsAllowInvalidCertificates"
101+
MONGOIMPORT_EXTRA_PARAMS="--ssl --sslPEMKeyFile ${MTLS_CERT_PATH} --sslAllowInvalidHostnames --sslAllowInvalidCertificates"
102+
else
103+
MONGO_URI_EXTRA_PARAMS=""
104+
MONGOIMPORT_EXTRA_PARAMS=""
105+
fi
106+
85107
disableMongoTelemetry
86108

87109
waitForMongoDB
@@ -90,20 +112,20 @@ getMongoVersion
90112

91113
for MONGODB_DATABASE in ${MONGODB_DATABASES[@]}; do
92114
waitForMongoDB
93-
mongosh ${MONGODB_ROOT_URI} --eval "db.getSiblingDB(\"${MONGODB_DATABASE}\").createUser({user: \"${MONGODB_USER}\", pwd: \"${MONGODB_PASSWORD}\", roles: [\"readWrite\"]})" 2>&1 || true
115+
mongosh ${MONGODB_ROOT_URI} ${MONGO_URI_EXTRA_PARAMS} --eval "db.getSiblingDB(\"${MONGODB_DATABASE}\").createUser({user: \"${MONGODB_USER}\", pwd: \"${MONGODB_PASSWORD}\", roles: [\"readWrite\"]})" 2>&1 || true
94116
waitForMongoDB
95-
mongosh ${MONGODB_ROOT_URI} --eval "db.getSiblingDB(\"${MONGODB_DATABASE}\").changeUserPassword(\"${MONGODB_USER}\",\"${MONGODB_PASSWORD}\")" 2>&1 || true
117+
mongosh ${MONGODB_ROOT_URI} ${MONGO_URI_EXTRA_PARAMS} --eval "db.getSiblingDB(\"${MONGODB_DATABASE}\").changeUserPassword(\"${MONGODB_USER}\",\"${MONGODB_PASSWORD}\")" 2>&1 || true
96118
done
97119

98-
mongosh ${MONGODB_ROOT_URI} --eval "db.getSiblingDB(\"codefresh\").grantRolesToUser( \"${MONGODB_USER}\", [ { role: \"readWrite\", db: \"pipeline-manager\" } ] )" 2>&1 || true
99-
mongosh ${MONGODB_ROOT_URI} --eval "db.getSiblingDB(\"codefresh\").grantRolesToUser( \"${MONGODB_USER}\", [ { role: \"readWrite\", db: \"platform-analytics-postgres\" } ] )" 2>&1 || true
100-
mongosh ${MONGODB_ROOT_URI} --eval "db.getSiblingDB(\"codefresh\").changeUserPassword(\"${MONGODB_USER}\",\"${MONGODB_PASSWORD}\")" 2>&1 || true
120+
mongosh ${MONGODB_ROOT_URI} ${MONGO_URI_EXTRA_PARAMS} --eval "db.getSiblingDB(\"codefresh\").grantRolesToUser( \"${MONGODB_USER}\", [ { role: \"readWrite\", db: \"pipeline-manager\" } ] )" 2>&1 || true
121+
mongosh ${MONGODB_ROOT_URI} ${MONGO_URI_EXTRA_PARAMS} --eval "db.getSiblingDB(\"codefresh\").grantRolesToUser( \"${MONGODB_USER}\", [ { role: \"readWrite\", db: \"platform-analytics-postgres\" } ] )" 2>&1 || true
122+
mongosh ${MONGODB_ROOT_URI} ${MONGO_URI_EXTRA_PARAMS} --eval "db.getSiblingDB(\"codefresh\").changeUserPassword(\"${MONGODB_USER}\",\"${MONGODB_PASSWORD}\")" 2>&1 || true
101123

102124
if [[ $DEVELOPMENT_CHART == "true" ]]; then
103125
setSystemAdmin
104126
setPacks
105127
fi
106128

107-
mongoimport --uri ${MONGO_URI} --collection idps --type json --legacy --file ${ASSETS_PATH}idps.json
108-
mongoimport --uri ${MONGO_URI} --collection accounts --type json --legacy --file ${ASSETS_PATH}accounts.json
109-
mongoimport --uri ${MONGO_URI} --collection users --type json --legacy --file ${ASSETS_PATH}users.json
129+
mongoimport --uri ${MONGO_URI} ${MONGOIMPORT_EXTRA_PARAMS} --collection idps --type json --legacy --file ${ASSETS_PATH}idps.json
130+
mongoimport --uri ${MONGO_URI} ${MONGOIMPORT_EXTRA_PARAMS} --collection accounts --type json --legacy --file ${ASSETS_PATH}accounts.json
131+
mongoimport --uri ${MONGO_URI} ${MONGOIMPORT_EXTRA_PARAMS} --collection users --type json --legacy --file ${ASSETS_PATH}users.json

codefresh/templates/secrets/secret.yaml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -17,8 +17,8 @@ data:
1717
MONGODB_PROTOCOL: {{ coalesce .Values.global.mongodbProtocol | default "mongodb" | b64enc }}
1818

1919
# legacy MONGODB_* secrets
20-
MONGODB_ROOT_USER: {{ coalesce .Values.global.mongodbRootUser .Values.seed.mongoSeedJob.mongodbRootUser | b64enc }}
21-
MONGODB_ROOT_PASSWORD: {{ urlquery (coalesce .Values.global.mongodbRootPassword .Values.seed.mongoSeedJob.mongodbRootPassword) | b64enc }}
20+
MONGODB_ROOT_USER: {{ coalesce .Values.seed.mongoSeedJob.mongodbRootUser .Values.global.mongodbRootUser | b64enc }}
21+
MONGODB_ROOT_PASSWORD: {{ urlquery (coalesce .Values.seed.mongoSeedJob.mongodbRootPassword .Values.global.mongodbRootPassword) | b64enc }}
2222
MONGO_URI: {{ .Values.global.mongoURI | default "empty" | b64enc}}
2323
MONGO_URI_RE_MANAGER: {{ include (printf "%s.classic.calculateMongoUri" $libTemplateName) (dict "dbName" "runtime-environment-manager" "mongoURI" .Values.global.mongoURI) | default "empty" | b64enc }}
2424
MONGODB_RE_DATABASE: {{ printf "%s" "runtime-environment-manager" | b64enc }}

codefresh/templates/seed/mongo-seed-job.yaml

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -52,8 +52,19 @@ spec:
5252
{{- include "codefresh.mongodb-root-user-env-var-value" . | indent 12 }}
5353
- name: MONGODB_ROOT_PASSWORD
5454
{{- include "codefresh.mongodb-root-password-env-var-value" . | indent 12 }}
55+
- name: MONGODB_ROOT_OPTIONS
56+
value: {{ .Values.seed.mongoSeedJob.mongodbRootOptions | quote }}
5557
- name: DEVELOPMENT_CHART
5658
value: {{ .Values.developmentChart | quote }}
59+
{{- range $env, $val := .Values.seed.mongoSeedJob.env }}
60+
- name: {{ $env }}
61+
value: {{ $val | quote }}
62+
{{ end }}
63+
{{- range $env, $val := .Values.global.env }}
64+
- name: {{ $env }}
65+
value: {{ $val | quote }}
66+
{{ end }}
67+
5768
command:
5869
- "/bin/bash"
5970
- "-exc"

codefresh/values.yaml

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -55,6 +55,11 @@ seed:
5555
# name: my-secret
5656
# key: mongodb-root-password
5757

58+
# -- Extra options for connection string (e.g. `authSource=admin`).
59+
mongodbRootOptions: ""
60+
# -- Extra env variables for seed job.
61+
env: {}
62+
5863
# -- Postgres Seed Job. Required at first install. Creates required user and databases.
5964
# @default -- See below
6065
postgresSeedJob:

0 commit comments

Comments
 (0)