diff --git a/.gitignore b/.gitignore index 22ec8221a5..03f3119d34 100644 --- a/.gitignore +++ b/.gitignore @@ -27,4 +27,5 @@ index.yaml # dry-run templates from `helm template` output dry-run/** **/values-dev.yaml -**/dry-run.yaml \ No newline at end of file +**/dry-run.yaml +.debug/** diff --git a/codefresh/.ci/values/cfapi-roles-no-rbac.yaml b/codefresh/.ci/values/cfapi-roles-no-rbac.yaml new file mode 100644 index 0000000000..7d03bd74e0 --- /dev/null +++ b/codefresh/.ci/values/cfapi-roles-no-rbac.yaml @@ -0,0 +1,60 @@ +global: + cfapiService: cfapi-internal + cfapiEndpointsService: cfapi-endpoints + +cfapi: &cf-api + enabled: false + rbac: + namespaced: true + +cfapi-auth: + <<: *cf-api + enabled: true +cfapi-internal: + <<: *cf-api + enabled: true +cfapi-ws: + <<: *cf-api + enabled: true +cfapi-admin: + <<: *cf-api + enabled: true +cfapi-endpoints: + <<: *cf-api + enabled: true +cfapi-terminators: + <<: *cf-api + enabled: true +cfapi-sso-group-synchronizer: + <<: *cf-api + enabled: true +cfapi-buildmanager: + <<: *cf-api + enabled: true +cfapi-cacheevictmanager: + <<: *cf-api + enabled: true +cfapi-eventsmanagersubscriptions: + <<: *cf-api + enabled: true +cfapi-kubernetesresourcemonitor: + <<: *cf-api + enabled: true +cfapi-environments: + <<: *cf-api + enabled: true +cfapi-gitops-resource-receiver: + <<: *cf-api + enabled: true +cfapi-downloadlogmanager: + <<: *cf-api + enabled: true +cfapi-teams: + <<: *cf-api + enabled: true +cfapi-kubernetes-endpoints: + <<: *cf-api + enabled: true +cfapi-test-reporting: + <<: *cf-api + enabled: true diff --git a/codefresh/.ci/values/values-upgrade.yaml b/codefresh/.ci/values/values-upgrade.yaml new file mode 100644 index 0000000000..748d509d5f --- /dev/null +++ b/codefresh/.ci/values/values-upgrade.yaml @@ -0,0 +1,3 @@ +cfapi: + rbac: + namespaced: true diff --git a/codefresh/Chart.lock b/codefresh/Chart.lock index 0188f6e770..afced27d84 100644 --- a/codefresh/Chart.lock +++ b/codefresh/Chart.lock @@ -4,10 +4,10 @@ dependencies: version: 0.18.1 - name: internal-gateway repository: oci://quay.io/codefresh/charts - version: 0.7.0 + version: 0.9.0 - name: consul repository: https://charts.bitnami.com/bitnami - version: 11.1.9 + version: 11.3.13 - name: mongodb repository: https://charts.bitnami.com/bitnami version: 14.4.1 @@ -19,16 +19,16 @@ dependencies: version: 12.0.4 - name: redis repository: https://charts.bitnami.com/bitnami - version: 18.19.2 + version: 20.0.3 - name: redis-ha repository: https://dandydeveloper.github.io/charts version: 4.26.1 - name: rabbitmq repository: https://charts.bitnami.com/bitnami - version: 12.15.0 + version: 14.6.9 - name: nats repository: https://charts.bitnami.com/bitnami - version: 7.18.1 + version: 8.3.2 - name: builder repository: oci://quay.io/codefresh/charts version: 1.3.0 @@ -40,120 +40,120 @@ dependencies: version: 4.10.0 - name: cluster-providers repository: oci://quay.io/codefresh/charts - version: 1.17.6 + version: 1.17.7 - name: kube-integration repository: oci://quay.io/codefresh/charts - version: 1.31.7 + version: 1.31.8 - name: charts-manager repository: oci://quay.io/codefresh/charts - version: 1.17.1 + version: 1.17.2 - name: cfsign repository: oci://quay.io/codefresh/charts - version: 1.8.1 + version: 1.8.2 - name: tasker-kubernetes repository: oci://quay.io/codefresh/charts - version: 1.26.8 + version: 1.26.9 - name: context-manager repository: oci://quay.io/codefresh/charts - version: 2.29.3 + version: 2.30.1 - name: pipeline-manager repository: oci://quay.io/codefresh/charts - version: 3.134.7 + version: 3.135.7 - name: gitops-dashboard-manager repository: oci://quay.io/codefresh/charts - version: 1.14.12 + version: 1.14.14 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.253.42 + version: 21.260.27 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.253.42 + version: 21.260.27 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.253.42 + version: 21.260.27 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.253.42 + version: 21.260.27 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.253.42 + version: 21.260.27 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.253.42 + version: 21.260.27 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.253.42 + version: 21.260.27 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.253.42 + version: 21.260.27 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.253.42 + version: 21.260.27 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.253.42 + version: 21.260.27 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.253.42 + version: 21.260.27 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.253.42 + version: 21.260.27 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.253.42 + version: 21.260.27 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.253.42 + version: 21.260.27 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.253.42 + version: 21.260.27 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.253.42 + version: 21.260.27 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.253.42 + version: 21.260.27 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.253.42 + version: 21.260.27 - name: cfui repository: oci://quay.io/codefresh/charts - version: 14.94.76 + version: 14.95.64 - name: k8s-monitor repository: oci://quay.io/codefresh/charts - version: 4.11.6 + version: 4.11.7 - name: runtime-environment-manager repository: oci://quay.io/codefresh/charts - version: 3.35.6 + version: 3.36.3 - name: cf-broadcaster repository: oci://quay.io/codefresh/charts - version: 1.12.13 + version: 1.12.14 - name: helm-repo-manager repository: oci://quay.io/codefresh/charts - version: 0.15.0 + version: 0.16.1 - name: hermes repository: oci://quay.io/codefresh/charts - version: 0.21.8 + version: 0.21.9 - name: nomios repository: oci://quay.io/codefresh/charts - version: 0.11.5 + version: 0.11.6 - name: cronus repository: oci://quay.io/codefresh/charts - version: 0.8.5 + version: 0.8.6 - name: cf-platform-analytics repository: oci://quay.io/codefresh/charts - version: 0.49.46 + version: 0.49.58 - name: cf-platform-analytics repository: oci://quay.io/codefresh/charts - version: 0.49.46 + version: 0.49.58 - name: argo-platform repository: oci://quay.io/codefresh/charts - version: 1.2902.0 + version: 1.3023.0 - name: argo-hub-platform repository: oci://quay.io/codefresh/charts - version: 0.1.12 + version: 0.1.13 - name: cf-oidc-provider repository: oci://quay.io/codefresh/charts version: 0.0.15 -digest: sha256:a2838c04a731b9fa53322d5e0732ce6af98dbfb54627feef569f90e481fd527a -generated: "2024-06-20T21:45:49.135939035+03:00" +digest: sha256:731374532d64878803d860e007cae56fc7e7edbc33b4c4fca146106c3ef9ec9e +generated: "2024-09-02T10:30:10.613371548+03:00" diff --git a/codefresh/Chart.yaml b/codefresh/Chart.yaml index a4159c6fa7..9375962dcd 100644 --- a/codefresh/Chart.yaml +++ b/codefresh/Chart.yaml @@ -1,40 +1,43 @@ apiVersion: v2 description: Helm Chart for Codefresh On-Prem name: codefresh -version: 2.4.0-rc.1 +version: 2.5.0-rc.1 keywords: - codefresh home: https://codefresh.io/ icon: https://avatars1.githubusercontent.com/u/11412079?v=3 sources: - - https://github.com/codefresh-io/cf-helm + - https://github.com/codefresh-io/codefresh-onprem-helm maintainers: - name: codefresh url: https://codefresh-io.github.io/ -appVersion: 2.4.0 +appVersion: 2.5.0 annotations: artifacthub.io/prerelease: "true" artifacthub.io/alternativeName: "codefresh-onprem" - artifacthub.io/containsSecurityUpdates: "true" + # artifacthub.io/containsSecurityUpdates: "true" + # supported kinds are added, changed, deprecated, removed, fixed and security. artifacthub.io/changes: | - kind: changed - description: Onprem 2.4.0-rc.1 pre-release - - kind: changed - description: Update MongoDB image to 6.0 + description: "Initial onprem 2.5.0-rc.1 release" + - kind: fixed + description: "Fix global.mongodbPassword updates via values.yaml" - kind: added - description: Added cfapi-auth role + description: "Add checksum/secret annotation for argo-platform pods" + - kind: fixed + description: "Make cf-codefresh-set-mongodb-compat-version job optional via .Values.mongodb.migration.enabled value" - kind: changed - description: Update internal-gateway to 0.7.0 for cfapi-auth + description: "Update runtime images" dependencies: - name: cf-common repository: oci://quay.io/codefresh/charts version: 0.18.1 - name: internal-gateway repository: oci://quay.io/codefresh/charts - version: 0.7.0 + version: 0.9.0 condition: internal-gateway.enabled - name: consul - version: 11.1.9 + version: 11.3.13 repository: https://charts.bitnami.com/bitnami condition: consul.enabled - name: mongodb @@ -50,7 +53,7 @@ dependencies: repository: oci://registry-1.docker.io/bitnamicharts condition: postgresql-ha.enabled - name: redis - version: 18.19.2 + version: 20.0.3 repository: https://charts.bitnami.com/bitnami condition: redis.enabled - name: redis-ha @@ -58,11 +61,11 @@ dependencies: version: 4.26.1 condition: redis-ha.enabled - name: rabbitmq - version: 12.15.0 + version: 14.6.9 repository: https://charts.bitnami.com/bitnami condition: rabbitmq.enabled - name: nats - version: 7.18.1 + version: 8.3.2 repository: https://charts.bitnami.com/bitnami condition: nats.enabled - name: builder @@ -86,7 +89,7 @@ dependencies: repository: oci://quay.io/codefresh/charts condition: kube-integration.enabled - name: charts-manager - version: "*" + version: "~1.17.0" repository: oci://quay.io/codefresh/charts condition: charts-manager.enabled - name: cfsign diff --git a/codefresh/README.md b/codefresh/README.md index 52c406e5c9..e856aeb03b 100644 --- a/codefresh/README.md +++ b/codefresh/README.md @@ -1,6 +1,6 @@ ## Codefresh On-Premises -![Version: 2.4.0-rc.1](https://img.shields.io/badge/Version-2.4.0--rc.1-informational?style=flat-square) ![AppVersion: 2.4.0](https://img.shields.io/badge/AppVersion-2.4.0-informational?style=flat-square) +![Version: 2.5.0-rc.1](https://img.shields.io/badge/Version-2.5.0--rc.1-informational?style=flat-square) ![AppVersion: 2.5.0](https://img.shields.io/badge/AppVersion-2.5.0-informational?style=flat-square) Helm chart for deploying [Codefresh On-Premises](https://codefresh.io/docs/docs/getting-started/intro-to-codefresh/) to Kubernetes. @@ -42,6 +42,7 @@ Helm chart for deploying [Codefresh On-Premises](https://codefresh.io/docs/docs/ - [To 2.1.7](#to-2-1-7) - [To 2.2.0](#to-2-2-0) - [To 2.3.0](#to-2-3-0) + - [To 2.4.0](#to-2-4-0) - [Rollback](#rollback) - [Troubleshooting](#troubleshooting) - [Values](#values) @@ -722,53 +723,56 @@ cfapi: &cf-api hpa: enabled: true # Enable cf-api roles +cfapi-auth: + <<: *cf-api + enabled: true cfapi-internal: - !!merge <<: *cf-api + <<: *cf-api enabled: true cfapi-ws: - !!merge <<: *cf-api + <<: *cf-api enabled: true cfapi-admin: - !!merge <<: *cf-api + <<: *cf-api enabled: true cfapi-endpoints: - !!merge <<: *cf-api + <<: *cf-api enabled: true cfapi-terminators: - !!merge <<: *cf-api + <<: *cf-api enabled: true cfapi-sso-group-synchronizer: - !!merge <<: *cf-api + <<: *cf-api enabled: true cfapi-buildmanager: - !!merge <<: *cf-api + <<: *cf-api enabled: true cfapi-cacheevictmanager: - !!merge <<: *cf-api + <<: *cf-api enabled: true cfapi-eventsmanagersubscriptions: - !!merge <<: *cf-api + <<: *cf-api enabled: true cfapi-kubernetesresourcemonitor: - !!merge <<: *cf-api + <<: *cf-api enabled: true cfapi-environments: - !!merge <<: *cf-api + <<: *cf-api enabled: true cfapi-gitops-resource-receiver: - !!merge <<: *cf-api + <<: *cf-api enabled: true cfapi-downloadlogmanager: - !!merge <<: *cf-api + <<: *cf-api enabled: true cfapi-teams: - !!merge <<: *cf-api + <<: *cf-api enabled: true cfapi-kubernetes-endpoints: - !!merge <<: *cf-api + <<: *cf-api enabled: true cfapi-test-reporting: - !!merge <<: *cf-api + <<: *cf-api enabled: true ``` @@ -1885,6 +1889,35 @@ helm rollback $RELEASE_NAME $RELEASE_NUMBER \ --wait ``` +### To 2.4.0 + +### [What's new in 2.4.x](https://codefresh.io/docs/docs/whats-new/on-prem-release-notes/#on-premises-version-24) + +#### New cfapi-auth role + +New `cfapi-auth` role is introduced in 2.4.x. + +If you run onprem with [multi-role cfapi configuration](#configuration-with-multi-role-cf-api), make sure to **enable** `cfapi-auth` role: + +```yaml +cfapi-auth: + <<: *cf-api + enabled: true +``` + +#### Default SYSTEM_TYPE for acccounts + +Since 2.4.x, `SYSTEM_TYPE` is changed to `PROJECT_ONE` by default. + +If you want to preserve original `CLASSIC` values, update cfapi environment variables: + +```yaml +cfapi: + container: + env: + DEFAULT_SYSTEM_TYPE: CLASSIC +``` + ## Troubleshooting ### Error: Failed to validate connection to Docker daemon; caused by Error: certificate has expired @@ -1967,6 +2000,7 @@ kubectl -n $NAMESPACE delete secret codefresh-certs-server | argo-platform.api-graphql.kind | string | `"Deployment"` | Controller kind. Currently, only `Deployment` is supported | | argo-platform.api-graphql.pdb | object | `{"enabled":false}` | PDB | | argo-platform.api-graphql.pdb.enabled | bool | `false` | Enable pod disruption budget | +| argo-platform.api-graphql.podAnnotations | object | `{"checksum/secret":"{{ include (print $.Template.BasePath \"/api-graphql/secret.yaml\") . | sha256sum }}"}` | Set pod's annotations | | argo-platform.api-graphql.resources | object | See below | Resource limits and requests | | argo-platform.api-graphql.secrets | object | See below | Secrets | | argo-platform.api-graphql.tolerations | list | `[]` | Set pod's tolerations | @@ -1980,7 +2014,7 @@ kubectl -n $NAMESPACE delete secret codefresh-certs-server | argo-platform.runtime-monitor | object | See below | runtime-monitor Don't enable! Not used in onprem! | | argo-platform.ui | object | See below | ui | | argo-platform.useExternalSecret | bool | `false` | Use regular k8s secret object. Keep `false`! | -| builder | object | `{"affinity":{},"container":{"image":{"registry":"docker.io","repository":"library/docker","tag":"26.0-dind"}},"enabled":true,"initContainers":{"register":{"image":{"registry":"quay.io","repository":"codefresh/curl","tag":"8.4.0"}}},"nodeSelector":{},"podSecurityContext":{},"resources":{},"tolerations":[]}` | builder | +| builder | object | `{"affinity":{},"container":{"image":{"registry":"docker.io","repository":"library/docker","tag":"27.0-dind"}},"enabled":true,"initContainers":{"register":{"image":{"registry":"quay.io","repository":"codefresh/curl","tag":"8.4.0"}}},"nodeSelector":{},"podSecurityContext":{},"resources":{},"tolerations":[]}` | builder | | cf-broadcaster | object | See below | broadcaster | | cf-oidc-provider | object | See below | cf-oidc-provider | | cf-platform-analytics-etlstarter | object | See below | etl-starter | @@ -2175,4 +2209,4 @@ kubectl -n $NAMESPACE delete secret codefresh-certs-server | seed.postgresSeedJob.postgresUser | optional | `""` | "postgres" admin user in plain text (required ONLY for seed job!) Must be a privileged user allowed to create databases and grant roles. If omitted, username and password from `.Values.global.postgresUser/postgresPassword` will be used. | | seed.postgresSeedJob.postgresUserSecretKeyRef | optional | `{}` | "postgres" admin user from exising secret | | tasker-kubernetes | object | `{"affinity":{},"container":{"image":{"registry":"us-docker.pkg.dev/codefresh-enterprise/gcr.io","repository":"codefresh/tasker-kubernetes"}},"enabled":true,"hpa":{"enabled":false},"nodeSelector":{},"pdb":{"enabled":false},"podSecurityContext":{},"resources":{"limits":{},"requests":{"cpu":"100m","memory":"128Mi"}},"tolerations":[]}` | tasker-kubernetes | -| webTLS | object | `{"cert":"","enabled":false,"key":"","secretName":"star.codefresh.io"}` | DEPRECATED - Use `.Values.ingress.tls` instead TLS secret for Ingress | \ No newline at end of file +| webTLS | object | `{"cert":"","enabled":false,"key":"","secretName":"star.codefresh.io"}` | DEPRECATED - Use `.Values.ingress.tls` instead TLS secret for Ingress | diff --git a/codefresh/README.md.gotmpl b/codefresh/README.md.gotmpl index cde03d3c27..304b27432c 100644 --- a/codefresh/README.md.gotmpl +++ b/codefresh/README.md.gotmpl @@ -42,6 +42,7 @@ Helm chart for deploying [Codefresh On-Premises](https://codefresh.io/docs/docs/ - [To 2.1.7](#to-2-1-7) - [To 2.2.0](#to-2-2-0) - [To 2.3.0](#to-2-3-0) + - [To 2.4.0](#to-2-4-0) - [Rollback](#rollback) - [Troubleshooting](#troubleshooting) - [Values](#values) @@ -725,53 +726,56 @@ cfapi: &cf-api hpa: enabled: true # Enable cf-api roles +cfapi-auth: + <<: *cf-api + enabled: true cfapi-internal: - !!merge <<: *cf-api + <<: *cf-api enabled: true cfapi-ws: - !!merge <<: *cf-api + <<: *cf-api enabled: true cfapi-admin: - !!merge <<: *cf-api + <<: *cf-api enabled: true cfapi-endpoints: - !!merge <<: *cf-api + <<: *cf-api enabled: true cfapi-terminators: - !!merge <<: *cf-api + <<: *cf-api enabled: true cfapi-sso-group-synchronizer: - !!merge <<: *cf-api + <<: *cf-api enabled: true cfapi-buildmanager: - !!merge <<: *cf-api + <<: *cf-api enabled: true cfapi-cacheevictmanager: - !!merge <<: *cf-api + <<: *cf-api enabled: true cfapi-eventsmanagersubscriptions: - !!merge <<: *cf-api + <<: *cf-api enabled: true cfapi-kubernetesresourcemonitor: - !!merge <<: *cf-api + <<: *cf-api enabled: true cfapi-environments: - !!merge <<: *cf-api + <<: *cf-api enabled: true cfapi-gitops-resource-receiver: - !!merge <<: *cf-api + <<: *cf-api enabled: true cfapi-downloadlogmanager: - !!merge <<: *cf-api + <<: *cf-api enabled: true cfapi-teams: - !!merge <<: *cf-api + <<: *cf-api enabled: true cfapi-kubernetes-endpoints: - !!merge <<: *cf-api + <<: *cf-api enabled: true cfapi-test-reporting: - !!merge <<: *cf-api + <<: *cf-api enabled: true ``` @@ -1893,6 +1897,35 @@ helm rollback $RELEASE_NAME $RELEASE_NUMBER \ --wait ``` +### To 2.4.0 + +### [What's new in 2.4.x](https://codefresh.io/docs/docs/whats-new/on-prem-release-notes/#on-premises-version-24) + +#### New cfapi-auth role + +New `cfapi-auth` role is introduced in 2.4.x. + +If you run onprem with [multi-role cfapi configuration](#configuration-with-multi-role-cf-api), make sure to **enable** `cfapi-auth` role: + +```yaml +cfapi-auth: + <<: *cf-api + enabled: true +``` + +#### Default SYSTEM_TYPE for acccounts + +Since 2.4.x, `SYSTEM_TYPE` is changed to `PROJECT_ONE` by default. + +If you want to preserve original `CLASSIC` values, update cfapi environment variables: + +```yaml +cfapi: + container: + env: + DEFAULT_SYSTEM_TYPE: CLASSIC +``` + ## Troubleshooting ### Error: Failed to validate connection to Docker daemon; caused by Error: certificate has expired @@ -1954,4 +1987,4 @@ kubectl -n $NAMESPACE delete secret codefresh-certs-server ./configure-dind-certs.sh -n $RUNTIME_NAMESPACE https://$CODEFRESH_HOST $CODEFRESH_API_TOKEN ``` -{{ template "chart.valuesSection" . }} \ No newline at end of file +{{ template "chart.valuesSection" . }} diff --git a/codefresh/files/mongoSeedJobScript.sh b/codefresh/files/mongoSeedJobScript.sh index e124d66bf2..aaf2eabe51 100644 --- a/codefresh/files/mongoSeedJobScript.sh +++ b/codefresh/files/mongoSeedJobScript.sh @@ -75,11 +75,13 @@ waitForMongoDB getMongoVersion for MONGODB_DATABASE in ${MONGODB_DATABASES[@]}; do - mongosh ${MONGODB_ROOT_URI} --eval "db.getSiblingDB(\"${MONGODB_DATABASE}\").createUser({user: \"${MONGODB_USER}\", pwd: \"${MONGODB_PASSWORD}\", roles: [\"readWrite\"]})" || echo "Error creating the user. Continuing anyway assuming the user is already created..." + mongosh ${MONGODB_ROOT_URI} --eval "db.getSiblingDB(\"${MONGODB_DATABASE}\").createUser({user: \"${MONGODB_USER}\", pwd: \"${MONGODB_PASSWORD}\", roles: [\"readWrite\"]})" || true + mongosh ${MONGODB_ROOT_URI} --eval "db.getSiblingDB(\"${MONGODB_DATABASE}\").changeUserPassword(\"${MONGODB_USER}\",\"${MONGODB_PASSWORD}\")" || true done mongosh ${MONGODB_ROOT_URI} --eval "db.getSiblingDB(\"codefresh\").grantRolesToUser( \"${MONGODB_USER}\", [ { role: \"readWrite\", db: \"pipeline-manager\" } ] )" || true mongosh ${MONGODB_ROOT_URI} --eval "db.getSiblingDB(\"codefresh\").grantRolesToUser( \"${MONGODB_USER}\", [ { role: \"readWrite\", db: \"platform-analytics-postgres\" } ] )" || true +mongosh ${MONGODB_ROOT_URI} --eval "db.getSiblingDB(\"codefresh\").changeUserPassword(\"${MONGODB_USER}\",\"${MONGODB_PASSWORD}\")" || true mongoimport --uri ${MONGO_URI} --collection idps --type json --legacy --file ${ASSETS_PATH}idps.json mongoimport --uri ${MONGO_URI} --collection accounts --type json --legacy --file ${ASSETS_PATH}accounts.json diff --git a/codefresh/templates/hooks/set-mongodb-compat-version.yaml b/codefresh/templates/hooks/set-mongodb-compat-version.yaml index 3932894876..788eea98ad 100644 --- a/codefresh/templates/hooks/set-mongodb-compat-version.yaml +++ b/codefresh/templates/hooks/set-mongodb-compat-version.yaml @@ -1,4 +1,5 @@ {{ $libTemplateName := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }} +{{- if .Values.mongodb.migration.enabled }} --- apiVersion: batch/v1 kind: Job @@ -68,3 +69,4 @@ spec: volumes: {{- include (printf "%s.volumes" $libTemplateName) (dict "Values" .Values.hooks.volumes "context" $) | indent 8 }} restartPolicy: Never +{{- end }} diff --git a/codefresh/templates/seed-e2e/seed-e2e.yaml b/codefresh/templates/seed-e2e/seed-e2e.yaml index 828975b3fe..5e8932c6ec 100644 --- a/codefresh/templates/seed-e2e/seed-e2e.yaml +++ b/codefresh/templates/seed-e2e/seed-e2e.yaml @@ -90,7 +90,7 @@ data: #!/bin/bash mongosh $MONGO_URI --eval "db.apikeynews.insertOne( $(cat /seed/api-token.json) )"; mongosh $MONGO_URI --eval 'db.accounts.updateOne({"name": "admin-cf"}, - { $set: { "systemType": "GITOPS_AND_CLASSIC", "limits.collaborators.limit" : 1000 } } + { $set: { "systemType": "PROJECT_ONE", "limits.collaborators.limit" : 1000 } } )' mongoimport --uri $MONGO_URI --collection accounts --type json --legacy --file /seed/e2e-account.json mongosh $MONGO_URI --eval 'db.users.updateOne({"userName": "AdminCF"}, { $push: {"account": "627e3aa3e62cd24ad1b66d21" }})' diff --git a/codefresh/values.yaml b/codefresh/values.yaml index a919bb6a7b..e97f22c61e 100644 --- a/codefresh/values.yaml +++ b/codefresh/values.yaml @@ -454,19 +454,19 @@ postgresqlCleanJob: # -- runtimeImages # @default -- See below runtimeImages: - COMPOSE_IMAGE: quay.io/codefresh/compose:v2.20.3-1.4.0 - CONTAINER_LOGGER_IMAGE: quay.io/codefresh/cf-container-logger:1.11.4 - DIND_IMAGE: quay.io/codefresh/dind:25.0.4-1.28.5 - DOCKER_BUILDER_IMAGE: quay.io/codefresh/cf-docker-builder:1.3.11 - DOCKER_PULLER_IMAGE: quay.io/codefresh/cf-docker-puller:8.0.14 - DOCKER_PUSHER_IMAGE: quay.io/codefresh/cf-docker-pusher:6.0.13 - DOCKER_TAG_PUSHER_IMAGE: quay.io/codefresh/cf-docker-tag-pusher:1.3.11 - ENGINE_IMAGE: quay.io/codefresh/engine:1.169.9 + COMPOSE_IMAGE: quay.io/codefresh/compose:v2.28.1-1.5.0 + CONTAINER_LOGGER_IMAGE: quay.io/codefresh/cf-container-logger:1.11.6 + DIND_IMAGE: quay.io/codefresh/dind:26.1.4-1.28.7 + DOCKER_BUILDER_IMAGE: quay.io/codefresh/cf-docker-builder:1.3.13 + DOCKER_PULLER_IMAGE: quay.io/codefresh/cf-docker-puller:8.0.17 + DOCKER_PUSHER_IMAGE: quay.io/codefresh/cf-docker-pusher:6.0.16 + DOCKER_TAG_PUSHER_IMAGE: quay.io/codefresh/cf-docker-tag-pusher:1.3.14 + ENGINE_IMAGE: quay.io/codefresh/engine:1.174.7 FS_OPS_IMAGE: quay.io/codefresh/fs-ops:1.2.7 - GIT_CLONE_IMAGE: quay.io/codefresh/cf-git-cloner:10.1.27 + GIT_CLONE_IMAGE: quay.io/codefresh/cf-git-cloner:10.1.28 KUBE_DEPLOY: quay.io/codefresh/cf-deploy-kubernetes:16.2.6 PIPELINE_DEBUGGER_IMAGE: quay.io/codefresh/cf-debugger:1.3.5 - TEMPLATE_ENGINE: quay.io/codefresh/pikolo:0.14.0 + TEMPLATE_ENGINE: quay.io/codefresh/pikolo:0.14.1 CR_6177_FIXER: docker.io/library/alpine:edge GC_BUILDER_IMAGE: docker.io/library/alpine:edge @@ -1047,6 +1047,7 @@ mongodb: cpu: 200m memory: 256Mi migration: + enabled: false featureCompatibilityVersion: "5.0" # -- nats @@ -1191,7 +1192,7 @@ builder: image: registry: docker.io repository: library/docker - tag: 26.0-dind + tag: 27.0-dind affinity: {} nodeSelector: {} podSecurityContext: {} @@ -1212,7 +1213,7 @@ runner: image: registry: docker.io repository: library/docker - tag: 26.0-dind + tag: 27.0-dind affinity: {} nodeSelector: {} podSecurityContext: {} @@ -1411,6 +1412,9 @@ argo-platform: affinity: {} # -- Set pod's tolerations tolerations: [] + # -- Set pod's annotations + podAnnotations: + checksum/secret: '{{ include (print $.Template.BasePath "/api-graphql/secret.yaml") . | sha256sum }}' # -- abac # @default -- See below @@ -1445,6 +1449,8 @@ argo-platform: enabled: false affinity: {} tolerations: [] + podAnnotations: + checksum/secret: '{{ include (print $.Template.BasePath "/abac/secret.yaml") . | sha256sum }}' # -- analytics-reporter # @default -- See below @@ -1492,6 +1498,8 @@ argo-platform: affinity: {} volumes: [] volumeMounts: [] + podAnnotations: + checksum/secret: '{{ include (print $.Template.BasePath "/analytics-reporter/secret.yaml") . | sha256sum }}' # -- api-events # @default -- See below @@ -1522,6 +1530,8 @@ argo-platform: enabled: false affinity: {} tolerations: [] + podAnnotations: + checksum/secret: '{{ include (print $.Template.BasePath "/api-events/secret.yaml") . | sha256sum }}' # -- argocd-hooks # @default -- See below @@ -1569,6 +1579,8 @@ argo-platform: enabled: false affinity: {} tolerations: [] + podAnnotations: + checksum/secret: '{{ include (print $.Template.BasePath "/audit/secret.yaml") . | sha256sum }}' # -- cron-executor # @default -- See below @@ -1610,6 +1622,8 @@ argo-platform: enabled: false affinity: {} tolerations: [] + podAnnotations: + checksum/secret: '{{ include (print $.Template.BasePath "/cron-executor/secret.yaml") . | sha256sum }}' # -- event-handler # @default -- See below @@ -1649,6 +1663,8 @@ argo-platform: enabled: false affinity: {} tolerations: [] + podAnnotations: + checksum/secret: '{{ include (print $.Template.BasePath "/event-handler/secret.yaml") . | sha256sum }}' # -- runtime-manager # @default -- See below @@ -1721,6 +1737,8 @@ argo-platform: enabled: false affinity: {} tolerations: [] + podAnnotations: + checksum/secret: '{{ include (print $.Template.BasePath "/broadcaster/secret.yaml") . | sha256sum }}' # -- promotion-orchestrator # @default -- See below @@ -1763,6 +1781,8 @@ argo-platform: enabled: false affinity: {} tolerations: [] + podAnnotations: + checksum/secret: '{{ include (print $.Template.BasePath "/promotion-orchestrator/secret.yaml") . | sha256sum }}' # -- cf-oidc-provider # @default -- See below diff --git a/scripts/update_re_images.sh b/scripts/update_re_images.sh index f7ccbc81dd..dfed0a8db5 100755 --- a/scripts/update_re_images.sh +++ b/scripts/update_re_images.sh @@ -56,5 +56,7 @@ for k in ${RUNTIME_IMAGES[@]}; do fi done +sed -i 's|us-docker.pkg.dev/codefresh-inc/public-gcr-io|quay.io|' $CHARTDIR/values.yaml + msg "The list of updated runtime images:\n" -echo -e "\e[33m$(cat $CHARTDIR/values.yaml)\e[0m" \ No newline at end of file +echo -e "\e[33m$(cat $CHARTDIR/values.yaml)\e[0m"