onprem: 2.2.3 release (#1221)

Author: mikhail-klimko

codefresh/Chart.lock

@@ -64,55 +64,55 @@ dependencies:
   version: 1.14.8
 - name: cfapi
   repository: oci://quay.io/codefresh/charts
-  version: 21.247.14
+  version: 21.247.15
 - name: cfapi
   repository: oci://quay.io/codefresh/charts
-  version: 21.247.14
+  version: 21.247.15
 - name: cfapi
   repository: oci://quay.io/codefresh/charts
-  version: 21.247.14
+  version: 21.247.15
 - name: cfapi
   repository: oci://quay.io/codefresh/charts
-  version: 21.247.14
+  version: 21.247.15
 - name: cfapi
   repository: oci://quay.io/codefresh/charts
-  version: 21.247.14
+  version: 21.247.15
 - name: cfapi
   repository: oci://quay.io/codefresh/charts
-  version: 21.247.14
+  version: 21.247.15
 - name: cfapi
   repository: oci://quay.io/codefresh/charts
-  version: 21.247.14
+  version: 21.247.15
 - name: cfapi
   repository: oci://quay.io/codefresh/charts
-  version: 21.247.14
+  version: 21.247.15
 - name: cfapi
   repository: oci://quay.io/codefresh/charts
-  version: 21.247.14
+  version: 21.247.15
 - name: cfapi
   repository: oci://quay.io/codefresh/charts
-  version: 21.247.14
+  version: 21.247.15
 - name: cfapi
   repository: oci://quay.io/codefresh/charts
-  version: 21.247.14
+  version: 21.247.15
 - name: cfapi
   repository: oci://quay.io/codefresh/charts
-  version: 21.247.14
+  version: 21.247.15
 - name: cfapi
   repository: oci://quay.io/codefresh/charts
-  version: 21.247.14
+  version: 21.247.15
 - name: cfapi
   repository: oci://quay.io/codefresh/charts
-  version: 21.247.14
+  version: 21.247.15
 - name: cfapi
   repository: oci://quay.io/codefresh/charts
-  version: 21.247.14
+  version: 21.247.15
 - name: cfapi
   repository: oci://quay.io/codefresh/charts
-  version: 21.247.14
+  version: 21.247.15
 - name: cfapi
   repository: oci://quay.io/codefresh/charts
-  version: 21.247.14
+  version: 21.247.15
 - name: cfui
   repository: oci://quay.io/codefresh/charts
   version: 14.92.159
@@ -148,12 +148,12 @@ dependencies:
   version: 1.2577.0
 - name: argo-hub-platform
   repository: oci://quay.io/codefresh/charts
-  version: 0.1.8
+  version: 0.1.10
 - name: codefresh-tunnel-server
   repository: oci://quay.io/codefresh/charts
   version: 0.1.16
 - name: cf-oidc-provider
   repository: oci://quay.io/codefresh/charts
-  version: 0.0.12
-digest: sha256:e5ef4e61294de762e98e62c3186ea7891b897d61d25ab3c5234ea05085cebf94
-generated: "2023-12-25T02:54:10.347741424+03:00"
+  version: 0.0.14
+digest: sha256:246247472759def4626e5dd0e69c67bfc4311c8ad7db9a486b3f2e05dde86bb9
+generated: "2024-01-11T17:43:56.573841738+03:00"

codefresh/Chart.yaml

@@ -1,7 +1,7 @@
 apiVersion: v2
 description: Helm Chart for Codefresh On-Prem
 name: codefresh
-version: 2.2.2
+version: 2.2.3
 keywords:
   - codefresh
 home: https://codefresh.io/
@@ -16,10 +16,12 @@ annotations:
   artifacthub.io/alternativeName: "codefresh-onprem"
   artifacthub.io/changes: |
     - kind: changed
-      description: Update accountInfoCopyButton feature flag
+      description: Update useLogsTimestamps feature flag
       links:
         - name: JIRA Issue
-          url: https://codefresh-io.atlassian.net/browse/CR-19152
+          url: https://codefresh-io.atlassian.net/browse/CR-22181
+    - kind: added
+      description: Add option to specify cliend id and secert in .Values.global for OIDC provider
 dependencies:
   - name: cf-common
     repository: oci://quay.io/codefresh/charts

codefresh/README.md

@@ -1,6 +1,6 @@
 ## Codefresh On-Premises
 
-![Version: 2.2.2](https://img.shields.io/badge/Version-2.2.2-informational?style=flat-square) ![AppVersion: 2.2.0](https://img.shields.io/badge/AppVersion-2.2.0-informational?style=flat-square)
+![Version: 2.2.3](https://img.shields.io/badge/Version-2.2.3-informational?style=flat-square) ![AppVersion: 2.2.0](https://img.shields.io/badge/AppVersion-2.2.0-informational?style=flat-square)
 
 Helm chart for deploying [Codefresh On-Premises](https://codefresh.io/docs/docs/getting-started/intro-to-codefresh/) to Kubernetes.
 
@@ -1255,6 +1255,12 @@ kubectl create secret generic cf-oidc-provider-client-secret \
 global:
   # -- Set OIDC Provider URL
   oidcProviderService: "oidc.mydomain.com"
+  # -- Default OIDC Provider service client ID in plain text.
+  # Optional! If specified here, no need to specify CLIENT_ID/CLIENT_SECRET env vars in cfapi and cf-oidc-provider below.
+  oidcProviderClientId: null
+  # -- Default OIDC Provider service client secret in plain text.
+  # Optional! If specified here, no need to specify CLIENT_ID/CLIENT_SECRET env vars in cfapi and cf-oidc-provider below.
+  oidcProviderClientSecret: null
 
 cfapi:
   # -- Set additional variables for cfapi
@@ -1954,8 +1960,8 @@ kubectl -n $NAMESPACE delete secret codefresh-certs-server
 | cf-platform-analytics-etlstarter.redis.enabled | bool | `false` | Disable redis subchart |
 | cf-platform-analytics-etlstarter.system-etl-postgres | object | `{"container":{"env":{"BLUE_GREEN_ENABLED":true}},"controller":{"cronjob":{"ttlSecondsAfterFinished":300}},"enabled":true}` | Only postgres ETL should be running in onprem |
 | cf-platform-analytics-platform | object | See below | platform-analytics |
-| cfapi | object | `{"affinity":{},"container":{"env":{"AUDIT_AUTO_CREATE_DB":true,"GITHUB_API_PATH_PREFIX":"/api/v3","LOGGER_LEVEL":"debug","OIDC_PROVIDER_CLIENT_ID":"","OIDC_PROVIDER_CLIENT_SECRET":"","OIDC_PROVIDER_PORT":"{{ .Values.global.oidcProviderPort }}","OIDC_PROVIDER_PROTOCOL":"{{ .Values.global.oidcProviderProtocol }}","OIDC_PROVIDER_TOKEN_ENDPOINT":"{{ .Values.global.oidcProviderTokenEndpoint }}","OIDC_PROVIDER_URI":"{{ .Values.global.oidcProviderService }}","ON_PREMISE":true,"RUNTIME_MONGO_DB":"codefresh","RUNTIME_REDIS_DB":0},"image":{"registry":"gcr.io/codefresh-enterprise","repository":"codefresh/cf-api"}},"controller":{"replicas":2},"enabled":true,"hpa":{"enabled":false,"maxReplicas":10,"minReplicas":2,"targetCPUUtilizationPercentage":70},"nodeSelector":{},"pdb":{"enabled":false,"minAvailable":"50%"},"podSecurityContext":{},"resources":{"limits":{},"requests":{"cpu":"200m","memory":"256Mi"}},"tolerations":[]}` | cf-api |
-| cfapi.container | object | `{"env":{"AUDIT_AUTO_CREATE_DB":true,"GITHUB_API_PATH_PREFIX":"/api/v3","LOGGER_LEVEL":"debug","OIDC_PROVIDER_CLIENT_ID":"","OIDC_PROVIDER_CLIENT_SECRET":"","OIDC_PROVIDER_PORT":"{{ .Values.global.oidcProviderPort }}","OIDC_PROVIDER_PROTOCOL":"{{ .Values.global.oidcProviderProtocol }}","OIDC_PROVIDER_TOKEN_ENDPOINT":"{{ .Values.global.oidcProviderTokenEndpoint }}","OIDC_PROVIDER_URI":"{{ .Values.global.oidcProviderService }}","ON_PREMISE":true,"RUNTIME_MONGO_DB":"codefresh","RUNTIME_REDIS_DB":0},"image":{"registry":"gcr.io/codefresh-enterprise","repository":"codefresh/cf-api"}}` | Container configuration |
+| cfapi | object | `{"affinity":{},"container":{"env":{"AUDIT_AUTO_CREATE_DB":true,"GITHUB_API_PATH_PREFIX":"/api/v3","LOGGER_LEVEL":"debug","OIDC_PROVIDER_PORT":"{{ .Values.global.oidcProviderPort }}","OIDC_PROVIDER_PROTOCOL":"{{ .Values.global.oidcProviderProtocol }}","OIDC_PROVIDER_TOKEN_ENDPOINT":"{{ .Values.global.oidcProviderTokenEndpoint }}","OIDC_PROVIDER_URI":"{{ .Values.global.oidcProviderService }}","ON_PREMISE":true,"RUNTIME_MONGO_DB":"codefresh","RUNTIME_REDIS_DB":0},"image":{"registry":"gcr.io/codefresh-enterprise","repository":"codefresh/cf-api"}},"controller":{"replicas":2},"enabled":true,"hpa":{"enabled":false,"maxReplicas":10,"minReplicas":2,"targetCPUUtilizationPercentage":70},"nodeSelector":{},"pdb":{"enabled":false,"minAvailable":"50%"},"podSecurityContext":{},"resources":{"limits":{},"requests":{"cpu":"200m","memory":"256Mi"}},"secrets":{"secret":{"enabled":true,"stringData":{"OIDC_PROVIDER_CLIENT_ID":"{{ .Values.global.oidcProviderClientId }}","OIDC_PROVIDER_CLIENT_SECRET":"{{ .Values.global.oidcProviderClientSecret }}"},"type":"Opaque"}},"tolerations":[]}` | cf-api |
+| cfapi.container | object | `{"env":{"AUDIT_AUTO_CREATE_DB":true,"GITHUB_API_PATH_PREFIX":"/api/v3","LOGGER_LEVEL":"debug","OIDC_PROVIDER_PORT":"{{ .Values.global.oidcProviderPort }}","OIDC_PROVIDER_PROTOCOL":"{{ .Values.global.oidcProviderProtocol }}","OIDC_PROVIDER_TOKEN_ENDPOINT":"{{ .Values.global.oidcProviderTokenEndpoint }}","OIDC_PROVIDER_URI":"{{ .Values.global.oidcProviderService }}","ON_PREMISE":true,"RUNTIME_MONGO_DB":"codefresh","RUNTIME_REDIS_DB":0},"image":{"registry":"gcr.io/codefresh-enterprise","repository":"codefresh/cf-api"}}` | Container configuration |
 | cfapi.container.env | object | See below | Env vars |
 | cfapi.container.image | object | `{"registry":"gcr.io/codefresh-enterprise","repository":"codefresh/cf-api"}` | Image |
 | cfapi.container.image.registry | string | `"gcr.io/codefresh-enterprise"` | Registry prefix |
@@ -2031,6 +2037,8 @@ kubectl -n $NAMESPACE delete secret codefresh-certs-server
 | global.natsPort | int | `4222` | Default nats service port. |
 | global.natsService | string | `"nats"` | Default nats service name. |
 | global.newrelicLicenseKey | string | `""` | New Relic Key |
+| global.oidcProviderClientId | string | `nil` | Default OIDC Provider service client ID in plain text. |
+| global.oidcProviderClientSecret | string | `nil` | Default OIDC Provider service client secret in plain text. |
 | global.oidcProviderPort | int | `443` | Default OIDC Provider service port. |
 | global.oidcProviderProtocol | string | `"https"` | Default OIDC Provider service protocol. |
 | global.oidcProviderService | string | `""` | Default OIDC Provider service name (Provider URL). |

codefresh/README.md.gotmpl

@@ -1261,6 +1261,12 @@ kubectl create secret generic cf-oidc-provider-client-secret \
 global:
   # -- Set OIDC Provider URL
   oidcProviderService: "oidc.mydomain.com"
+  # -- Default OIDC Provider service client ID in plain text.
+  # Optional! If specified here, no need to specify CLIENT_ID/CLIENT_SECRET env vars in cfapi and cf-oidc-provider below.
+  oidcProviderClientId: null
+  # -- Default OIDC Provider service client secret in plain text.
+  # Optional! If specified here, no need to specify CLIENT_ID/CLIENT_SECRET env vars in cfapi and cf-oidc-provider below.
+  oidcProviderClientSecret: null
 
 cfapi:
   # -- Set additional variables for cfapi

codefresh/values.yaml

@@ -183,6 +183,10 @@ global:
   oidcProviderProtocol: "https"
   # -- Default OIDC Provider service token endpoint.
   oidcProviderTokenEndpoint: "/token"
+  # -- Default OIDC Provider service client ID in plain text.
+  oidcProviderClientId: null
+  # -- Default OIDC Provider service client secret in plain text.
+  oidcProviderClientSecret: null
 
 #--------
 # MongoDB
@@ -499,8 +503,13 @@ cfapi: &cf-api
       OIDC_PROVIDER_PORT: '{{ .Values.global.oidcProviderPort }}'
       OIDC_PROVIDER_PROTOCOL: '{{ .Values.global.oidcProviderProtocol }}'
       OIDC_PROVIDER_TOKEN_ENDPOINT: '{{ .Values.global.oidcProviderTokenEndpoint }}'
-      OIDC_PROVIDER_CLIENT_ID: ""
-      OIDC_PROVIDER_CLIENT_SECRET: ""
+  secrets:
+    secret:
+      enabled: true
+      type: Opaque
+      stringData:
+        OIDC_PROVIDER_CLIENT_ID: '{{ .Values.global.oidcProviderClientId }}'
+        OIDC_PROVIDER_CLIENT_SECRET: '{{ .Values.global.oidcProviderClientSecret }}'
 
   # -- Resource requests and limits
   resources:
@@ -1675,9 +1684,6 @@ cf-oidc-provider:
       OIDC_ISSUER: '{{ printf "https://%s" .Values.global.oidcProviderService }}'
       OIDC_AUDIENCE: '{{ printf "https://%s" .Values.global.appUrl }}'
       OIDC_JWKS_PRIVATE_KEYS_PATH: /secrets/jwks/cf-oidc-provider-jwks.json
-      OIDC_CF_PLATFORM_CLIENT_ID: ""
-      OIDC_CF_PLATFORM_CLIENT_SECRET: ""
-
     resources:
       requests:
         cpu: 100m
@@ -1688,6 +1694,14 @@ cf-oidc-provider:
         path:
         - mountPath: /secrets/jwks
 
+  secrets:
+    secret:
+      enabled: true
+      type: Opaque
+      stringData:
+        OIDC_CF_PLATFORM_CLIENT_ID: '{{ .Values.global.oidcProviderClientId }}'
+        OIDC_CF_PLATFORM_CLIENT_SECRET: '{{ .Values.global.oidcProviderClientSecret }}'
+
   volumes:
     jwks-file:
       enabled: true