diff --git a/codefresh/Chart.lock b/codefresh/Chart.lock index c8f75f603c..9f26a0c04d 100644 --- a/codefresh/Chart.lock +++ b/codefresh/Chart.lock @@ -40,10 +40,10 @@ dependencies: version: 4.11.2 - name: cluster-providers repository: oci://quay.io/codefresh/charts - version: 1.17.14 + version: 1.17.15 - name: kube-integration repository: oci://quay.io/codefresh/charts - version: 1.31.17 + version: 1.31.18 - name: charts-manager repository: oci://quay.io/codefresh/charts version: 1.22.2 @@ -64,58 +64,58 @@ dependencies: version: 1.14.20 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.9 + version: 21.274.10 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.9 + version: 21.274.10 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.9 + version: 21.274.10 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.9 + version: 21.274.10 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.9 + version: 21.274.10 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.9 + version: 21.274.10 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.9 + version: 21.274.10 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.9 + version: 21.274.10 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.9 + version: 21.274.10 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.9 + version: 21.274.10 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.9 + version: 21.274.10 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.9 + version: 21.274.10 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.9 + version: 21.274.10 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.9 + version: 21.274.10 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.9 + version: 21.274.10 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.9 + version: 21.274.10 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.9 + version: 21.274.10 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.9 + version: 21.274.10 - name: cfui repository: oci://quay.io/codefresh/charts version: 14.97.50 @@ -142,18 +142,33 @@ dependencies: version: 0.8.10 - name: cf-platform-analytics repository: oci://quay.io/codefresh/charts - version: 0.49.77 + version: 0.49.78 - name: cf-platform-analytics repository: oci://quay.io/codefresh/charts - version: 0.49.77 + version: 0.49.78 - name: argo-platform repository: oci://quay.io/codefresh/charts - version: 1.3344.0 + version: 1.3344.0-onprem-b84a89b - name: argo-hub-platform repository: oci://quay.io/codefresh/charts - version: 0.1.21 + version: 0.1.22 - name: cf-oidc-provider repository: oci://quay.io/codefresh/charts version: 0.0.16 -digest: sha256:83072ee3b8654194f3fb06b189775de8f1220062dad9f8ec858c54641e3aeefb -generated: "2025-03-14T18:07:51.289296+03:00" +- name: mailer + repository: oci://quay.io/codefresh/charts + version: 1.20.8 +- name: payments + repository: oci://quay.io/codefresh/charts + version: 2.23.17 +- name: segment-reporter + repository: oci://quay.io/codefresh/charts + version: 1.17.8 +- name: salesforce-reporter + repository: oci://quay.io/codefresh/charts + version: 1.30.11 +- name: onboarding-status + repository: oci://quay.io/codefresh/charts + version: 1.8.8 +digest: sha256:b8ea966f7f7cec4c6d6e73e24f5ad0227950009e2d7136e8766c080f9c579b78 +generated: "2025-03-20T14:19:34.976455+03:00" diff --git a/codefresh/Chart.yaml b/codefresh/Chart.yaml index 3155683a3f..a34fdf89b9 100644 --- a/codefresh/Chart.yaml +++ b/codefresh/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 description: Helm Chart for Codefresh On-Prem name: codefresh -version: 2.7.0 +version: 2.7.1 keywords: - codefresh home: https://codefresh.io/ @@ -18,8 +18,16 @@ annotations: # artifacthub.io/containsSecurityUpdates: "true" # supported kinds are added, changed, deprecated, removed, fixed and security. artifacthub.io/changes: | + - kind: added + description: "Added subcharts for development environment" - kind: changed - description: "Initial 2.7 release" + description: "Disable abacAndRules feature-flag" + - kind: fixed + description: "Add checkmark on LDAP SSO configuration to allow deleting users" + - kind: fixed + description: "Fix global constrains tolerations/nodeSelector/affinity/imagePullSecret for hooks and seed jobs" + - kind: changed + description: "Bump MongoDB featureCompatibilityVersion to 6.0" dependencies: - name: cf-common repository: oci://quay.io/codefresh/charts @@ -237,7 +245,7 @@ dependencies: repository: oci://quay.io/codefresh/charts condition: argo-platform.enabled - name: argo-platform - version: "~1.3344.0" + version: "1.3344.0-onprem-b84a89b" repository: oci://quay.io/codefresh/charts condition: argo-platform.enabled - name: argo-hub-platform @@ -248,3 +256,23 @@ dependencies: repository: oci://quay.io/codefresh/charts version: "*" condition: cf-oidc-provider.enabled + - name: mailer + version: "*" + repository: oci://quay.io/codefresh/charts + condition: mailer.enabled + - name: payments + version: "*" + repository: oci://quay.io/codefresh/charts + condition: payments.enabled + - name: segment-reporter + version: "*" + repository: oci://quay.io/codefresh/charts + condition: segment-reporter.enabled + - name: salesforce-reporter + version: "*" + repository: oci://quay.io/codefresh/charts + condition: salesforce-reporter.enabled + - name: onboarding-status + version: "*" + repository: oci://quay.io/codefresh/charts + condition: onboarding-status.enabled diff --git a/codefresh/README.md b/codefresh/README.md index 2159cd66a8..97548732bf 100644 --- a/codefresh/README.md +++ b/codefresh/README.md @@ -1,6 +1,6 @@ ## Codefresh On-Premises -![Version: 2.7.0](https://img.shields.io/badge/Version-2.7.0-informational?style=flat-square) ![AppVersion: 2.7.0](https://img.shields.io/badge/AppVersion-2.7.0-informational?style=flat-square) +![Version: 2.7.1](https://img.shields.io/badge/Version-2.7.1-informational?style=flat-square) ![AppVersion: 2.7.0](https://img.shields.io/badge/AppVersion-2.7.0-informational?style=flat-square) Helm chart for deploying [Codefresh On-Premises](https://codefresh.io/docs/docs/getting-started/intro-to-codefresh/) to Kubernetes. @@ -2191,6 +2191,7 @@ After platform upgrade, Consul fails with the error `refusing to rejoin cluster | consul | object | See below | consul Ref: https://github.com/bitnami/charts/blob/main/bitnami/consul/values.yaml | | context-manager | object | See below | context-manager | | cronus | object | See below | cronus | +| developmentChart | bool | `false` | | | dockerconfigjson | object | `{}` | DEPRECATED - Use `.imageCredentials` instead dockerconfig (for `kcfi` tool backward compatibility) for Image Pull Secret. Obtain GCR Service Account JSON (sa.json) at support@codefresh.io ```shell GCR_SA_KEY_B64=$(cat sa.json | base64) DOCKER_CFG_VAR=$(echo -n "_json_key:$(echo ${GCR_SA_KEY_B64} | base64 -d)" | base64 | tr -d '\n') ``` E.g.: dockerconfigjson: auths: gcr.io: auth: | | gencerts | object | See below | Job to generate internal runtime secrets. Required at first install. | | gitops-dashboard-manager | object | See below | gitops-dashboard-manager | @@ -2304,9 +2305,12 @@ After platform upgrade, Consul fails with the error `refusing to rejoin cluster | internal-gateway | object | See below | internal-gateway | | k8s-monitor | object | See below | k8s-monitor | | kube-integration | object | See below | kube-integration | +| mailer.enabled | bool | `false` | | | mongodb | object | See below | mongodb Ref: https://github.com/bitnami/charts/blob/main/bitnami/mongodb/values.yaml | | nats | object | See below | nats Ref: https://github.com/bitnami/charts/blob/main/bitnami/nats/values.yaml | | nomios | object | See below | nomios | +| onboarding-status.enabled | bool | `false` | | +| payments.enabled | bool | `false` | | | pipeline-manager | object | See below | pipeline-manager | | postgresql | object | See below | postgresql Ref: https://github.com/bitnami/charts/blob/main/bitnami/postgresql/values.yaml | | postgresql-ha | object | See below | postgresql Ref: https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/values.yaml | @@ -2317,6 +2321,7 @@ After platform upgrade, Consul fails with the error `refusing to rejoin cluster | runner | object | See below | runner | | runtime-environment-manager | object | See below | runtime-environment-manager | | runtimeImages | object | See below | runtimeImages | +| salesforce-reporter.enabled | bool | `false` | | | seed | object | See below | Seed jobs | | seed-e2e | object | `{"affinity":{},"backoffLimit":10,"enabled":false,"image":{"registry":"docker.io","repository":"mongo","tag":"latest"},"nodeSelector":{},"podSecurityContext":{},"resources":{},"tolerations":[],"ttlSecondsAfterFinished":300}` | CI | | seed.enabled | bool | `true` | Enable all seed jobs | @@ -2330,5 +2335,6 @@ After platform upgrade, Consul fails with the error `refusing to rejoin cluster | seed.postgresSeedJob.postgresPasswordSecretKeyRef | optional | `{}` | Password for "postgres" admin user from existing secret | | seed.postgresSeedJob.postgresUser | optional | `""` | "postgres" admin user in plain text (required ONLY for seed job!) Must be a privileged user allowed to create databases and grant roles. If omitted, username and password from `.Values.global.postgresUser/postgresPassword` will be used. | | seed.postgresSeedJob.postgresUserSecretKeyRef | optional | `{}` | "postgres" admin user from exising secret | +| segment-reporter.enabled | bool | `false` | | | tasker-kubernetes | object | `{"affinity":{},"container":{"image":{"registry":"us-docker.pkg.dev/codefresh-enterprise/gcr.io","repository":"codefresh/tasker-kubernetes"}},"enabled":true,"hpa":{"enabled":false},"nodeSelector":{},"pdb":{"enabled":false},"podSecurityContext":{},"resources":{"limits":{},"requests":{"cpu":"100m","memory":"128Mi"}},"tolerations":[]}` | tasker-kubernetes | | webTLS | object | `{"cert":"","enabled":false,"key":"","secretName":"star.codefresh.io"}` | DEPRECATED - Use `.Values.ingress.tls` instead TLS secret for Ingress | diff --git a/codefresh/files/assets/accounts-dev.json b/codefresh/files/assets/accounts-dev.json new file mode 100644 index 0000000000..06ac6be00c --- /dev/null +++ b/codefresh/files/assets/accounts-dev.json @@ -0,0 +1,262 @@ +{ + "_id" : ObjectId("59009117c102763beda7ce71"), + "name" : "codefresh-inc", + "suspension" : { + "isSuspended" : false + }, + "activation" : { + "isActivated" : true, + "performedBy" : "System" + }, + "cloudBuilds" : { + "isActivated" : true, + "isRequested" : false, + "performedBy" : "System" + }, + "allowedDomains" : [ + + ], + "enabledAllowedDomains" : true, + "admins" : [ + ObjectId("59009221c102763beda7cf04") + ], + "environment" : NumberInt(1), + "runtimeEnvironment" : "codefresh", + "integrations" : { + "stash" : { + "active" : false + }, + "github" : { + "active" : false + }, + "gitlab" : { + "active" : false + }, + "aks" : { + "exist" : false + }, + "aks_sp" : { + "exist" : false + }, + "aks_mi" : { + "exist" : false + }, + "gcloud" : { + "exist" : false + }, + "digitalOcean" : { + "exist" : false + }, + "registries" : [ + + ] + }, + "badgeToken" : "eyJhbGciOiJIUzI1NiJ9.NTkwMDkxMTdjMTAyNzYzYmVkYTdjZTcx.B0HOUL6HlpTRNr_e95pVucSRMRzP2cobe5kIoMtrDSc", + "createdAt" : ISODate("2017-04-26T12:22:48.001+0000"), + "updatedAt" : ISODate("2017-04-26T12:27:13.720+0000"), + "build" : { + "strategy" : "account", + "nodes" : NumberInt(0), + "packs" : [ + { + "id" : "5cd1746617313f468d669013", + "metadata" : { + "name" : "small", + "description" : "1 GB RAM 1 CPU" + }, + "workflows" : { + "concurrency" : { + "amount" : NumberInt(1), + "absorb" : NumberInt(0), + "allowUnlimited" : false + } + }, + "runtime" : { + "name" : "system/linux_paying_plan", + "defaultDindResources" : { + "requests" : { + "cpu" : "900m", + "memory" : "1024Mi" + } + }, + "cpu" : "1000m", + "memory" : "1024Mi", + "storage" : "8G", + "dindStorage" : "8G", + "os" : "linux", + "architecture" : "amd64" + } + }, + { + "id" : "5cd1746717313f468d669014", + "metadata" : { + "name" : "medium", + "description" : "4 GB RAM 2 CPU" + }, + "workflows" : { + "concurrency" : { + "amount" : NumberInt(1), + "absorb" : NumberInt(0), + "allowUnlimited" : false + } + }, + "runtime" : { + "name" : "system/linux_paying_plan", + "defaultDindResources" : { + "requests" : { + "cpu" : "1200m", + "memory" : "1500Mi" + } + }, + "cpu" : "2000m", + "memory" : "4096Mi", + "storage" : "16G", + "dindStorage" : "16G", + "os" : "linux", + "architecture" : "amd64" + } + }, + { + "id" : "5cd1746817313f468d669015", + "metadata" : { + "name" : "large", + "description" : "8 GB RAM 4 CPU" + }, + "workflows" : { + "concurrency" : { + "amount" : NumberInt(1), + "absorb" : NumberInt(0), + "allowUnlimited" : false + } + }, + "runtime" : { + "name" : "system/linux_paying_plan", + "defaultDindResources" : { + "requests" : { + "cpu" : "1500m", + "memory" : "3000Mi" + } + }, + "cpu" : "4000m", + "memory" : "8192Mi", + "storage" : "32G", + "dindStorage" : "32G", + "os" : "linux", + "architecture" : "amd64" + } + }, + { + "id" : "5cd1746817313f468d669016", + "metadata" : { + "name" : "runner", + "description" : "Hybrid runtime-environment" + }, + "workflows" : { + "concurrency" : { + "amount" : NumberInt(-1), + "absorb" : NumberInt(1), + "allowUnlimited" : true + } + } + } + ], + "defaultPack" : ObjectId("5cd1746617313f468d669013") + }, + "dedicatedInfrastructure" : false, + "canUsePrivateRepos" : true, + "features" : { + "launchDarklyManagement" : true + }, + "supportPlan" : "PLATINUM", + "increasedAttention" : false, + "cfcrRepositoryPath" : "codefresh-inc", + "paymentPlan" : { + "id" : "PRO_1", + "trial" : { + "trialing" : true, + "trialStart" : ISODate("2025-02-07T15:33:32.532+0000"), + "trialEnd" : ISODate("2025-02-22T15:33:32.532+0000"), + "trialWillEndNotified" : false, + "trialEndedNotified" : false, + "type" : "NEW_ACCOUNT", + "previousSegment" : "BASIC" + }, + "isWiredTransfer" : false, + "provider" : "codefresh" + }, + "gradualExposure" : "SEGMENT", + "codefreshEnv" : "latest", + "imageViewConfig" : { + "version" : "V1" + }, + "buildStepConfig" : { + "version" : "V1", + "disablePush" : false + }, + "CFCRState" : { + "dates" : { + "one" : { + "startDate" : "2020-03-10", + "endDate" : "2020-07-02" + }, + "two" : { + "startDate" : "2020-07-02", + "endDate" : "2020-07-16" + } + }, + "enabled" : false, + "system" : "ACTIVE", + "displayGlobalNotice" : true, + "accountChoice" : "ACTIVE" + }, + "noPersonalAccountForInvitedUser" : true, + "pipelineConfig" : { + "general" : { + "templates" : false, + "clone" : true, + "autoCreateProjectsForTeams" : false, + "lowMemoryWarningThreshold" : "70" + }, + "yaml" : { + "inline" : true, + "git" : true, + "url" : true + }, + "execution" : { + "keepPVCsForPendingApproval" : false, + "pendingApprovalConcurrencyApplied" : false, + "injectClustersFromPipelineSettings" : false, + "permitRestartFromFailedSteps" : true + }, + "pendingApproval" : { + "pendingApprovalConfirmation" : "none" + } + }, + "csdp" : { + "validated" : false + }, + "pauseWorkflowExecution" : false, + "systemType" : "PROJECT_ONE", + "systemTypePrev" : "", + "notifications" : [ + { + "type" : "pr", + "events" : [ + "build-success" + ] + } + ], + "repoPermission" : "public", + "limits" : { + "collaborators" : { + "limit" : NumberInt(10), + "used" : NumberInt(1) + }, + "dataRetention" : { + "weeks" : NumberInt(24) + } + }, + "localUserPasswordIDPEnabled" : true, + "segment" : "ENTERPRISE", + "__v" : NumberInt(0) +} diff --git a/codefresh/files/assets/packs.json b/codefresh/files/assets/packs.json new file mode 100644 index 0000000000..61ee50a0de --- /dev/null +++ b/codefresh/files/assets/packs.json @@ -0,0 +1,103 @@ +[ + { + "workflows": { + "concurrency": { + "amount": 2, + "absorb": 2, + "allowUnlimited": false + } + }, + "runtime": { + "defaultDindResources": { + "requests": { + "cpu": "900m", + "memory": "1024Mi" + } + }, + "name": "system/linux_paying_plan", + "os": "linux", + "architecture": "amd64", + "cpu": "1000m", + "memory": "1024Mi", + "storage": "8G", + "dindStorage": "8G" + }, + "id": "5cd1746617313f468d669013", + "metadata": { + "description": "1 GB RAM 1 CPU", + "name": "small" + } + }, + { + "workflows": { + "concurrency": { + "amount": 2, + "absorb": 2, + "allowUnlimited": false + } + }, + "runtime": { + "defaultDindResources": { + "requests": { + "cpu": "1200m", + "memory": "1500Mi" + } + }, + "name": "system/linux_paying_plan", + "os": "linux", + "architecture": "amd64", + "cpu": "2000m", + "memory": "4096Mi", + "storage": "16G", + "dindStorage": "16G" + }, + "id": "5cd1746717313f468d669014", + "metadata": { + "description": "4 GB RAM 2 CPU", + "name": "medium" + } + }, + { + "workflows": { + "concurrency": { + "amount": 2, + "absorb": 2, + "allowUnlimited": false + } + }, + "runtime": { + "defaultDindResources": { + "requests": { + "cpu": "1500m", + "memory": "3000Mi" + } + }, + "name": "system/linux_paying_plan", + "os": "linux", + "architecture": "amd64", + "cpu": "4000m", + "memory": "8192Mi", + "storage": "32G", + "dindStorage": "32G" + }, + "id": "5cd1746817313f468d669015", + "metadata": { + "description": "8 GB RAM 4 CPU", + "name": "large" + } + }, + { + "workflows": { + "concurrency": { + "amount": -1, + "absorb": 0, + "allowUnlimited": true + } + }, + "id": "5cd1746817313f468d669016", + "metadata": { + "description": "Hybrid runtime-environment", + "name": "runner" + } + } +] diff --git a/codefresh/files/mongoSeedJobScript.sh b/codefresh/files/mongoSeedJobScript.sh index 3bcaf6f98a..e40eefad73 100644 --- a/codefresh/files/mongoSeedJobScript.sh +++ b/codefresh/files/mongoSeedJobScript.sh @@ -29,6 +29,8 @@ MONGODB_DATABASES=( "platform-analytics-postgres" "read-models" "runtime-environment-manager" + "onboarding-status" + "payments" ) disableMongoTelemetry() { @@ -66,6 +68,18 @@ getMongoVersion() { MONOGDB_VERSION=$(mongosh ${MONGODB_ROOT_URI} --eval "db.version()" 2>&1 | tail -n1) } +setSystemAdmin() { + mongosh $MONGO_URI --eval "db.users.update({}, {\$set: {roles: ['User', 'Admin', 'Account Admin']}}, {multi: true})" +} + +setPacks() { + PACKS=$(cat ${ASSETS_PATH}packs.json) + mongosh $MONGO_URI --eval "db.accounts.update({}, {\$set: {'build.packs': ${PACKS} }}, {multi: true})" + + PAYMENTS_MONGO_URI=${MONGO_URI/\/codefresh/\/payments} + mongosh $PAYMENTS_MONGO_URI --eval "db.accounts.update({}, {\$set: {'plan.packs': ${PACKS} }}, {multi: true})" +} + parseMongoURI $MONGO_URI disableMongoTelemetry @@ -85,6 +99,12 @@ mongosh ${MONGODB_ROOT_URI} --eval "db.getSiblingDB(\"codefresh\").grantRolesToU mongosh ${MONGODB_ROOT_URI} --eval "db.getSiblingDB(\"codefresh\").grantRolesToUser( \"${MONGODB_USER}\", [ { role: \"readWrite\", db: \"platform-analytics-postgres\" } ] )" 2>&1 || true mongosh ${MONGODB_ROOT_URI} --eval "db.getSiblingDB(\"codefresh\").changeUserPassword(\"${MONGODB_USER}\",\"${MONGODB_PASSWORD}\")" 2>&1 || true +if [[ $DEVELOPMENT_CHART == "true" ]]; then + mongoimport --uri ${MONGO_URI} --collection accounts --type json --legacy --file ${ASSETS_PATH}accounts-dev.json + setSystemAdmin + setPacks +fi + mongoimport --uri ${MONGO_URI} --collection idps --type json --legacy --file ${ASSETS_PATH}idps.json mongoimport --uri ${MONGO_URI} --collection accounts --type json --legacy --file ${ASSETS_PATH}accounts.json mongoimport --uri ${MONGO_URI} --collection users --type json --legacy --file ${ASSETS_PATH}users.json diff --git a/codefresh/templates/_helpers.tpl b/codefresh/templates/_helpers.tpl index bbded8dcae..b657b67422 100644 --- a/codefresh/templates/_helpers.tpl +++ b/codefresh/templates/_helpers.tpl @@ -66,8 +66,12 @@ Return runtime image (classic runtime) with private registry prefix Return Image Pull Secret */}} {{- define "codefresh.imagePullSecret" }} +{{- if index .Values ".dockerconfigjson" -}} +{{- printf "%s" (index .Values ".dockerconfigjson") }} +{{- else }} {{- printf "{\"auths\": {\"%s\": {\"auth\": \"%s\"}}}" .Values.imageCredentials.registry (printf "%s:%s" .Values.imageCredentials.username .Values.imageCredentials.password | b64enc) | b64enc }} {{- end }} +{{- end }} {{/* Return the secret containing TLS certificates for Ingress diff --git a/codefresh/templates/configmaps/runtimeEnvironments.json.tpl b/codefresh/templates/configmaps/runtimeEnvironments.json.tpl index 4a711ced7a..cf88a3a7f1 100644 --- a/codefresh/templates/configmaps/runtimeEnvironments.json.tpl +++ b/codefresh/templates/configmaps/runtimeEnvironments.json.tpl @@ -257,6 +257,16 @@ }, "isPublic": true, "nonComplete": false - } + }, + { + "metadata": { + "name": "system/linux_paying_plan", + "agent": false + }, + "description": "MAIN Linux runtime for paying customers", + "extends": [ + "system/default" + ] + } ] {{- end -}} diff --git a/codefresh/templates/gencerts/job-gencerts.yaml b/codefresh/templates/gencerts/job-gencerts.yaml index c8a68d25e9..47a22c9555 100644 --- a/codefresh/templates/gencerts/job-gencerts.yaml +++ b/codefresh/templates/gencerts/job-gencerts.yaml @@ -1,5 +1,14 @@ {{ $libTemplateName := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }} {{- if or .Values.global.certsJobs .Values.gencerts.enabled }} +{{- $tolerations := .Values.gencerts.tolerations | default list }} +{{- $globalTolerations := .Values.global.tolerations | default list }} +{{- $allToleration := concat $globalTolerations $tolerations }} +{{- $affinity := .Values.gencerts.affinity | default dict }} +{{- $globalAffinity := .Values.global.affinity | default dict }} +{{- $allAffinity := mergeOverwrite $globalAffinity $affinity }} +{{- $nodeSelector := .Values.gencerts.nodeSelector | default dict }} +{{- $globalNodeSelector := .Values.global.nodeSelector | default dict }} +{{- $allNodeSelector := mergeOverwrite $globalNodeSelector $nodeSelector }} apiVersion: batch/v1 kind: Job metadata: @@ -22,10 +31,7 @@ spec: {{- if .Values.gencerts.rbac.enabled }} serviceAccountName: {{ template "codefresh.fullname" . }}-gencerts {{- end }} - {{- if .Values.global.imageRegistry }} - imagePullSecrets: - - name: "{{ .Release.Name }}-{{ .Values.global.codefresh }}-registry" - {{- end }} + {{- include (printf "%s.image.pullSecrets" $libTemplateName ) . | nindent 6 }} containers: {{- if not .Values.global.clientCertsCA }} - name: {{ template "codefresh.fullname" . }}-runtime-certs @@ -49,15 +55,15 @@ spec: mountPath: "/opt/codefresh/gen-ingress-tls.sh" subPath: "gen-ingress-tls.sh" {{- end }} - {{- with .Values.gencerts.nodeSelector }} + {{- with $allNodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.gencerts.affinity }} + {{- with $allAffinity }} affinity: {{- toYaml . | nindent 8}} {{- end }} - {{- with .Values.gencerts.tolerations }} + {{- with $allToleration }} tolerations: {{- toYaml . | nindent 6 }} {{- end }} diff --git a/codefresh/templates/hooks/set-mongodb-compat-version.yaml b/codefresh/templates/hooks/set-mongodb-compat-version.yaml index 788eea98ad..6dadaa7cf5 100644 --- a/codefresh/templates/hooks/set-mongodb-compat-version.yaml +++ b/codefresh/templates/hooks/set-mongodb-compat-version.yaml @@ -1,6 +1,15 @@ {{ $libTemplateName := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }} {{- if .Values.mongodb.migration.enabled }} --- +{{- $tolerations := .Values.hooks.tolerations | default list }} +{{- $globalTolerations := .Values.global.tolerations | default list }} +{{- $allToleration := concat $globalTolerations $tolerations }} +{{- $affinity := .Values.hooks.affinity | default dict }} +{{- $globalAffinity := .Values.global.affinity | default dict }} +{{- $allAffinity := mergeOverwrite $globalAffinity $affinity }} +{{- $nodeSelector := .Values.hooks.nodeSelector | default dict }} +{{- $globalNodeSelector := .Values.global.nodeSelector | default dict }} +{{- $allNodeSelector := mergeOverwrite $globalNodeSelector $nodeSelector }} apiVersion: batch/v1 kind: Job metadata: @@ -54,15 +63,15 @@ spec: {{- toYaml .Values.hooks.resources | nindent 10 }} volumeMounts: {{- include (printf "%s.volumeMounts" $libTemplateName) (dict "Values" .Values.hooks.volumeMounts "context" $) | indent 10 }} - {{- with .Values.hooks.nodeSelector }} + {{- with $allNodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.hooks.affinity }} + {{- with $allAffinity }} affinity: {{- toYaml . | nindent 8}} {{- end }} - {{- with .Values.hooks.tolerations }} + {{- with $allToleration }} tolerations: {{- toYaml . | nindent 6 }} {{- end }} diff --git a/codefresh/templates/hooks/update-system-re.yaml b/codefresh/templates/hooks/update-system-re.yaml index 79d2c87b5a..aa21dba21c 100644 --- a/codefresh/templates/hooks/update-system-re.yaml +++ b/codefresh/templates/hooks/update-system-re.yaml @@ -1,5 +1,14 @@ {{ $libTemplateName := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }} --- +{{- $tolerations := .Values.hooks.tolerations | default list }} +{{- $globalTolerations := .Values.global.tolerations | default list }} +{{- $allToleration := concat $globalTolerations $tolerations }} +{{- $affinity := .Values.hooks.affinity | default dict }} +{{- $globalAffinity := .Values.global.affinity | default dict }} +{{- $allAffinity := mergeOverwrite $globalAffinity $affinity }} +{{- $nodeSelector := .Values.hooks.nodeSelector | default dict }} +{{- $globalNodeSelector := .Values.global.nodeSelector | default dict }} +{{- $allNodeSelector := mergeOverwrite $globalNodeSelector $nodeSelector }} apiVersion: batch/v1 kind: Job metadata: @@ -17,10 +26,7 @@ spec: labels: {{ include "codefresh.labels" . | nindent 8 }} spec: - {{- if .Values.global.imageRegistry }} - imagePullSecrets: - - name: "{{ .Release.Name }}-{{ .Values.global.codefresh }}-registry" - {{- end }} + {{- include (printf "%s.image.pullSecrets" $libTemplateName ) . | nindent 6 }} securityContext: {{- toYaml .Values.hooks.podSecurityContext | nindent 8 }} containers: @@ -77,15 +83,15 @@ spec: {{- toYaml .Values.hooks.resources | nindent 10 }} volumeMounts: {{- include (printf "%s.volumeMounts" $libTemplateName) (dict "Values" .Values.hooks.volumeMounts "context" $) | indent 10 }} - {{- with .Values.hooks.nodeSelector }} + {{- with $allNodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.hooks.affinity }} + {{- with $allAffinity }} affinity: {{- toYaml . | nindent 8}} {{- end }} - {{- with .Values.hooks.tolerations }} + {{- with $allToleration }} tolerations: {{- toYaml . | nindent 6 }} {{- end }} diff --git a/codefresh/templates/ingress.yaml b/codefresh/templates/ingress.yaml index 71630a71e1..0c8c7feebc 100644 --- a/codefresh/templates/ingress.yaml +++ b/codefresh/templates/ingress.yaml @@ -21,11 +21,6 @@ spec: - {{ .Values.global.appUrl }} secretName: {{ include "codefresh.ingress.tlsSecretName" . }} {{- end }} - defaultBackend: - service: - name: {{ printf "%s-%s" .Release.Name (index .Subcharts "cfui" ).Chart.Name }} - port: - number: {{ (index .Subcharts "cfui" ).Values.service.main.ports.http.port }} rules: - host: {{ .Values.ingress.domain | default .Values.global.appUrl }} http: @@ -37,10 +32,15 @@ spec: pathType: ImplementationSpecific backend: service: + {{- $fullServiceName := (index $.Subcharts $serviceName).Values.fullnameOverride }} + {{- if $fullServiceName }} + name: {{ $fullServiceName }} + {{- else }} name: {{ printf "%s-%s" $.Release.Name (index $.Subcharts $serviceName ).Chart.Name }} + {{- end }} port: number: {{ (index $.Subcharts $serviceName ).Values.service.main.ports.http.port }} {{- end }} {{- end }} {{- end }} -{{- end}} \ No newline at end of file +{{- end}} diff --git a/codefresh/templates/internal-gateway.yaml b/codefresh/templates/internal-gateway.yaml index 3848f33ab9..0a47735594 100644 --- a/codefresh/templates/internal-gateway.yaml +++ b/codefresh/templates/internal-gateway.yaml @@ -1,34 +1,46 @@ {{- if index .Values "internal-gateway" "enabled" -}} -{{ $cfApiEndpointsSvc := (index .Subcharts "cfapi" ).Chart.Name }} +{{ $cfApiEndpointsSvc := printf "%s-%s" .Release.Name (index .Subcharts "cfapi" ).Chart.Name }} {{ $cfApiEndpointsPort := (index .Subcharts "cfapi" ).Values.service.main.ports.http.port }} {{- if index .Values "cfapi-endpoints" "enabled" -}} - {{ $cfApiEndpointsSvc = (index .Subcharts "cfapi-endpoints" ).Chart.Name }} + {{ $cfApiEndpointsSvc = printf "%s-%s" .Release.Name (index .Subcharts "cfapi-endpoints" ).Chart.Name }} {{ $cfApiEndpointsPort = (index .Subcharts "cfapi-endpoints" ).Values.service.main.ports.http.port }} {{- end -}} {{- $internalGatewayContext := (index .Subcharts "internal-gateway") }} +{{ $fullnameCfApiEndpointsSvc := (index .Subcharts "cfapi").Values.fullnameOverride }} +{{- if $fullnameCfApiEndpointsSvc }} + {{- $cfApiEndpointsSvc = $fullnameCfApiEndpointsSvc }} +{{- end }} + +{{ $cfUiSvc := printf "%s-%s" .Release.Name (index .Subcharts "cfui" ).Chart.Name }} +{{- $fullnameCfUiSvc := (index .Subcharts "cfui").Values.fullnameOverride }} +{{- if $fullnameCfUiSvc }} + {{- $cfUiSvc = $fullnameCfUiSvc }} +{{- end }} {{- /* If onprem is installed with single-role cf-api mode */}} {{- if and (eq (toString .Values.global.cfapiService) "cfapi") (eq (toString .Values.global.cfapiEndpointsService) "cfapi" ) }} -{{- $_ := set (index $internalGatewayContext.Values.codefresh.serviceEndpoints "cfapi-auth") "svc" (printf "%s-%s.%s.svc.%s" .Release.Name $cfApiEndpointsSvc .Release.Namespace .Values.global.clusterDomain ) }} -{{- $_ := set (index $internalGatewayContext.Values.codefresh.serviceEndpoints "cfapi-endpoints") "svc" (printf "%s-%s.%s.svc.%s" .Release.Name $cfApiEndpointsSvc .Release.Namespace .Values.global.clusterDomain ) }} -{{- $_ := set (index $internalGatewayContext.Values.codefresh.serviceEndpoints "cfapi-environments") "svc" (printf "%s-%s.%s.svc.%s" .Release.Name $cfApiEndpointsSvc .Release.Namespace .Values.global.clusterDomain ) }} -{{- $_ := set (index $internalGatewayContext.Values.codefresh.serviceEndpoints "cfapi-downloadlogmanager") "svc" (printf "%s-%s.%s.svc.%s" .Release.Name $cfApiEndpointsSvc .Release.Namespace .Values.global.clusterDomain ) }} -{{- $_ := set (index $internalGatewayContext.Values.codefresh.serviceEndpoints "cfapi-gitops-resource-receiver") "svc" (printf "%s-%s.%s.svc.%s" .Release.Name $cfApiEndpointsSvc .Release.Namespace .Values.global.clusterDomain ) }} -{{- $_ := set (index $internalGatewayContext.Values.codefresh.serviceEndpoints "cfapi-test-reporting") "svc" (printf "%s-%s.%s.svc.%s" .Release.Name $cfApiEndpointsSvc .Release.Namespace .Values.global.clusterDomain ) }} -{{- $_ := set (index $internalGatewayContext.Values.codefresh.serviceEndpoints "cfapi-kubernetesresourcemonitor") "svc" (printf "%s-%s.%s.svc.%s" .Release.Name $cfApiEndpointsSvc .Release.Namespace .Values.global.clusterDomain ) }} -{{- $_ := set (index $internalGatewayContext.Values.codefresh.serviceEndpoints "cfapi-kubernetes-endpoints") "svc" (printf "%s-%s.%s.svc.%s" .Release.Name $cfApiEndpointsSvc .Release.Namespace .Values.global.clusterDomain ) }} -{{- $_ := set (index $internalGatewayContext.Values.codefresh.serviceEndpoints "cfapi-admin") "svc" (printf "%s-%s.%s.svc.%s" .Release.Name $cfApiEndpointsSvc .Release.Namespace .Values.global.clusterDomain ) }} -{{- $_ := set (index $internalGatewayContext.Values.codefresh.serviceEndpoints "cfapi-teams") "svc" (printf "%s-%s.%s.svc.%s" .Release.Name $cfApiEndpointsSvc .Release.Namespace .Values.global.clusterDomain ) }} -{{- $_ := set (index $internalGatewayContext.Values.codefresh.serviceEndpoints "cfapi-ws") "svc" (printf "%s-%s.%s.svc.%s" .Release.Name $cfApiEndpointsSvc .Release.Namespace .Values.global.clusterDomain ) }} +{{- $_ := set (index $internalGatewayContext.Values.codefresh.serviceEndpoints "cfapi-auth") "svc" (printf "%s.%s.svc.%s" $cfApiEndpointsSvc .Release.Namespace .Values.global.clusterDomain ) }} +{{- $_ := set (index $internalGatewayContext.Values.codefresh.serviceEndpoints "cfapi-endpoints") "svc" (printf "%s.%s.svc.%s" $cfApiEndpointsSvc .Release.Namespace .Values.global.clusterDomain ) }} +{{- $_ := set (index $internalGatewayContext.Values.codefresh.serviceEndpoints "cfapi-environments") "svc" (printf "%s.%s.svc.%s" $cfApiEndpointsSvc .Release.Namespace .Values.global.clusterDomain ) }} +{{- $_ := set (index $internalGatewayContext.Values.codefresh.serviceEndpoints "cfapi-downloadlogmanager") "svc" (printf "%s.%s.svc.%s" $cfApiEndpointsSvc .Release.Namespace .Values.global.clusterDomain ) }} +{{- $_ := set (index $internalGatewayContext.Values.codefresh.serviceEndpoints "cfapi-gitops-resource-receiver") "svc" (printf "%s.%s.svc.%s" $cfApiEndpointsSvc .Release.Namespace .Values.global.clusterDomain ) }} +{{- $_ := set (index $internalGatewayContext.Values.codefresh.serviceEndpoints "cfapi-test-reporting") "svc" (printf "%s.%s.svc.%s" $cfApiEndpointsSvc .Release.Namespace .Values.global.clusterDomain ) }} +{{- $_ := set (index $internalGatewayContext.Values.codefresh.serviceEndpoints "cfapi-kubernetesresourcemonitor") "svc" (printf "%s.%s.svc.%s" $cfApiEndpointsSvc .Release.Namespace .Values.global.clusterDomain ) }} +{{- $_ := set (index $internalGatewayContext.Values.codefresh.serviceEndpoints "cfapi-kubernetes-endpoints") "svc" (printf "%s.%s.svc.%s" $cfApiEndpointsSvc .Release.Namespace .Values.global.clusterDomain ) }} +{{- $_ := set (index $internalGatewayContext.Values.codefresh.serviceEndpoints "cfapi-admin") "svc" (printf "%s.%s.svc.%s" $cfApiEndpointsSvc .Release.Namespace .Values.global.clusterDomain ) }} +{{- $_ := set (index $internalGatewayContext.Values.codefresh.serviceEndpoints "cfapi-teams") "svc" (printf "%s.%s.svc.%s" $cfApiEndpointsSvc .Release.Namespace .Values.global.clusterDomain ) }} +{{- $_ := set (index $internalGatewayContext.Values.codefresh.serviceEndpoints "cfapi-ws") "svc" (printf "%s.%s.svc.%s" $cfApiEndpointsSvc .Release.Namespace .Values.global.clusterDomain ) }} {{- end }} +{{- $_ := set (index $internalGatewayContext.Values.codefresh.serviceEndpoints "cfui") "svc" (printf "%s.%s.svc.%s" $cfUiSvc .Release.Namespace .Values.global.clusterDomain ) }} + {{- include "internal-gateway.resources" $internalGatewayContext }} {{- end -}} diff --git a/codefresh/templates/seed/mongo-seed-config.yaml b/codefresh/templates/seed/mongo-seed-config.yaml index cbb57a6ece..40e261e099 100644 --- a/codefresh/templates/seed/mongo-seed-config.yaml +++ b/codefresh/templates/seed/mongo-seed-config.yaml @@ -8,105 +8,13 @@ metadata: {{ include "codefresh.labels" . | nindent 4 }} data: idps.json: | - { - "_id" : ObjectId("5b79a32e3b80d12608352f8e"), - "clientName" : "local", - "displayName" : "local", - "tokenSecret" : "q9MNUmE6assnoANmGZEjtrAa", - "clientType" : "localUserPassword", - "accounts" : [] - } +{{ .Files.Get "files/assets/idps.json" | indent 4 }} accounts.json: | - { - "_id" : ObjectId("59009117c102763beda7ce71"), - "badgeToken" : "eyJhbGciOiJIUzI1NiJ9.NTkwMDkxMTdjMTAyNzYzYmVkYTdjZTcx.B0HOUL6HlpTRNr_e95pVucSRMRzP2cobe5kIoMtrDSc", - "createdAt" : ISODate("2017-04-26T12:22:48.001+0000"), - "updatedAt" : ISODate("2017-04-26T12:27:13.720+0000"), - "name" : "admin-cf", - "runtimeEnvironment" : "codefresh", - "canUsePrivateRepos" : true, - "dedicatedInfrastructure" : false, - "cfcrRepositoryPath": "admin-cf", - "build" : { - "nodes" : NumberInt(0), - "parallel" : NumberInt(10), - "strategy" : "account" - }, - "integrations" : { - "stash" : { - "active" : false - }, - "registries" : [ - - ] - }, - "notifications" : [ - { - "type" : "pr", - "events" : [ - "build-success" - ] - } - ], - "repoPermission" : "public", - "environment" : NumberInt(1), - "admins" : [ - ObjectId("59009221c102763beda7cf04") - ], - "localUserPasswordIDPEnabled": true, -{{- if and (index .Values "seed-e2e" "enabled") }} - "features" : { - "analyticsClassicBuildsReports" : true, - "argoCdFlag" : true, - "commonDashboardProjectOne" : true, - "csdpDoraMetrics" : true, - "csdpIntegrations" : true, - "csdpJiraOauthIntegration" : true, - "environmentsV2Flag" : true, - "helm3NewUIFeature" : true, - "helmOptimizedQueue" : true, - "pipelineScopes" : true, - "pipelinesDashboardProjectOne" : true, - "showGitOpsHomeDashboardInTheProjectOneMenu" : true, - "csdpManagedArgo" : true - }, -{{- end }} - "__v" : NumberInt(0) - } +{{ .Files.Get "files/assets/accounts.json" | indent 4 }} users.json: | - { - "_id" : ObjectId("59009221c102763beda7cf04"), - "register_date" : ISODate("2017-04-26T12:27:13.608+0000"), - "userName" : "AdminCF", - "email" : "admin@codefresh.io", - "defaultAccount" : NumberInt(0), - "notifications" : [ - { - "type" : "mail", - "events" : [ - "build-success", - "build-failure" - ] - } - ], - "logins": [{ - "idp": ObjectId("5b79a32e3b80d12608352f8e") - }], - "status" : "new", - "account" : [ - ObjectId("59009117c102763beda7ce71") - ], - "roles" : [ - "User", - "Admin" - ], - "key" : { - "key" : "-----BEGIN RSA PRIVATE KEY-----\nMIIEowIBAAKCAQEAz6JQxcFORE6KwmBO1UnfpCph/PyARfm65eYXRuCOzdv5EIcz\n+4rRBwooH/SR8Wq49QRjq+Qm6ce2EBj2HD57t4rMj3W6X+5CwoFRXfF0tB4GqPSe\nDagbrNJbx93/dbEM+qEZNFk1MxtoJcBmj3jfrlGdTrarR3VOeBgKVLm/+Wz36pjM\nI4utzupHFAPquSIz0jis02/vccIZ8rAtyVdCd1q6Wz5DVu6iuGyMCYrpa9MFcupR\nc2eggyZ6PyNhmKuP7twr7y22elDQDkSo0G2yv4qbZnHEmShHhO/PKePMETUYMRvM\nzSS9qndT+Nax8vQvxeOCN3cEwm/Jy1oboYiwAwIDAQABAoIBAHyAJpC9nXGl6tws\npXiNKFWmuETbHwtWeDQcKL7uLZLQoOLBP3FIRphDBdZLbytkQ+1fKWjLkG3Du66h\nWQmMieB/kLNA83VMR6mboy+Cdej+zB2JODCWKaoSJMiOm/x1IoQyDwvtpdG0UFm6\nqYTEBNPgykOFkuRxOZEXUTKGgs9K7CFt1TbN8/bGCLgdq9plH2OvlOZkr4Cz0LpS\ns+Y/QJ/H4DDNZ6538NYLpq40Qi2NNq7iFJQ3iddEDi0i5O7pJK3Lziin/h3m99a+\nDbQET1bHm5Jh+Nrfxh1iwHaXdQLLoz5cex/ie5H6jtEMCSdcd53sPivSyHwMprEm\ng+0sNnECgYEA7q1eYNGJoA/UNXotVjPCaArf9/s1xiOTr5Fv1nWkH0jkmrj0WdjB\nsLQByC/wjSmZpfcKp38Z3JDFUimUEuCtZzgBCN6JB6VXe1t3L0wI1VTnxJwvsk8V\nQCB/gTugIDE1oE97kTvDuGl74XyY7uHyA1aYiXVnJ0bw8mcNCW2EzZkCgYEA3rQp\n3JjBGxBXaz7yCfhoQn5YZXw5yMBngyP8emu8u+7excZvCqIG+8NVh5KGFApOw9oe\n0aHUXGgfhSsl+xFA/m+E56mxm/J1PqRrWbnaEkLzPRSoFJBckjBm3ADHb6PuGbOL\nT72qxKPdZ1kdt0QfqIbZpR45COVk6KtmHMCO0/sCgYB6YaL2+fobfIJPOWptvPR9\n7LWSrdiQ1EUxzN0Plhqlf/bX7uY7+4y1Uldnkk1B1IbYNqfb4qwcEI9c5bzrQREo\nz+qX5aNVrE4DDo86TT5qRLLieUNrpmk7DG7UkQI1/4WDwb2WZpKgyFWg9QZl1q0F\nUS29rdlKpnF9maFxqBpkYQKBgBPU31VxlOCgF+jI9izFHiOttJl08oBaAd2/up/8\nMBZcMyJRhVnhC9Ynkto7xgzKzjDKn6vzSUHhU808BmnRI4SE0cT/a32DncUyRwz6\na9zscVSjHkSWhmfOP5qfxyK96loHjwRO04InRXQKj4beXiNXvtHhWxrbspy1hqZQ\nz2c5AoGBAO0tRNKfgoZH+sTiaphR550YFnIn8U9ROa1iQUvSiM0nHW6FraIR1sYB\nUTCtgOSJdffGMFrvH+PhShJPw7u3juZh9NBzrARjZPwBJyBaYDw3elVc3epZWoGC\n8EBEgdFVqFwPctkGvqyJ/5Zl3KnTioXxslHjP45H+Ne/nEWPejuP\n-----END RSA PRIVATE KEY-----\n", - "pubKey" : "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDPolDFwU5ETorCYE7VSd+kKmH8/IBF+brl5hdG4I7N2/kQhzP7itEHCigf9JHxarj1BGOr5Cbpx7YQGPYcPnu3isyPdbpf7kLCgVFd8XS0Hgao9J4NqBus0lvH3f91sQz6oRk0WTUzG2glwGaPeN+uUZ1OtqtHdU54GApUub/5bPfqmMwji63O6kcUA+q5IjPSOKzTb+9xwhnysC3JV0J3WrpbPkNW7qK4bIwJiulr0wVy6lFzZ6CDJno/I2GYq4/u3CvvLbZ6UNAORKjQbbK/iptmccSZKEeE788p48wRNRgxG8zNJL2qd1P41rHy9C/F44I3dwTCb8nLWhuhiLAD blabla\n" - }, - "__v" : NumberInt(1), - "last_login_date" : ISODate("2017-04-26T12:27:21.788+0000"), - "hashedPassword" : "jRFgMK8CYVXa4FRBVsZQyWHdw/ErWSJzO/WKqdGcLpmeOZw8e6X5TvkYIkc617LU76RCB9B1jPNsbNVaTQGt4g==", - "salt" : "GswhajDWen9vNW+fZ+xVbA==" - } -{{- end }} \ No newline at end of file +{{ .Files.Get "files/assets/users.json" | indent 4 }} + packs.json: | +{{ .Files.Get "files/assets/packs.json" | indent 4 }} + accounts-dev.json: | +{{ .Files.Get "files/assets/accounts-dev.json" | indent 4 }} +{{- end }} diff --git a/codefresh/templates/seed/mongo-seed-job.yaml b/codefresh/templates/seed/mongo-seed-job.yaml index 85a8c3eca1..a977068599 100644 --- a/codefresh/templates/seed/mongo-seed-job.yaml +++ b/codefresh/templates/seed/mongo-seed-job.yaml @@ -2,6 +2,15 @@ {{ $context := deepCopy .Values.seed }} --- {{- if and .Values.seed.enabled (or .Values.global.seedJobs .Values.seed.mongoSeedJob.enabled) }} +{{- $tolerations := .Values.seed.tolerations | default list }} +{{- $globalTolerations := .Values.global.tolerations | default list }} +{{- $allToleration := concat $globalTolerations $tolerations }} +{{- $affinity := .Values.seed.affinity | default dict }} +{{- $globalAffinity := .Values.global.affinity | default dict }} +{{- $allAffinity := mergeOverwrite $globalAffinity $affinity }} +{{- $nodeSelector := .Values.seed.nodeSelector | default dict }} +{{- $globalNodeSelector := .Values.global.nodeSelector | default dict }} +{{- $allNodeSelector := mergeOverwrite $globalNodeSelector $nodeSelector }} apiVersion: batch/v1 kind: Job metadata: @@ -21,10 +30,7 @@ spec: labels: {{ include "codefresh.labels" . | nindent 8 }} spec: - {{- if .Values.global.imageRegistry }} - imagePullSecrets: - - name: "{{ .Release.Name }}-{{ .Values.global.codefresh }}-registry" - {{- end }} + {{- include (printf "%s.image.pullSecrets" $libTemplateName ) . | nindent 6 }} securityContext: {{- toYaml .Values.seed.podSecurityContext | nindent 8 }} containers: @@ -46,6 +52,8 @@ spec: {{- include "codefresh.mongodb-root-user-env-var-value" . | indent 12 }} - name: MONGODB_ROOT_PASSWORD {{- include "codefresh.mongodb-root-password-env-var-value" . | indent 12 }} + - name: DEVELOPMENT_CHART + value: {{ .Values.developmentChart | quote }} command: - "/bin/bash" - "-exc" @@ -63,16 +71,22 @@ spec: - name: seed-data mountPath: "/usr/share/extras/idps.json" subPath: "idps.json" + - name: seed-data + mountPath: "/usr/share/extras/packs.json" + subPath: "packs.json" + - name: seed-data + mountPath: "/usr/share/extras/accounts-dev.json" + subPath: "accounts-dev.json" {{- include (printf "%s.volumeMounts" $libTemplateName) ( dict "Values" .Values.seed.volumeMounts "context" $ ) | nindent 8 }} - {{- with .Values.seed.nodeSelector }} + {{- with $allNodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.seed.affinity }} + {{- with $allAffinity }} affinity: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.seed.tolerations }} + {{- with $allToleration }} tolerations: {{- toYaml . | nindent 6 }} {{- end }} diff --git a/codefresh/templates/seed/postgres-seed-job.yaml b/codefresh/templates/seed/postgres-seed-job.yaml index 5a18b31e9d..6ff5366b13 100644 --- a/codefresh/templates/seed/postgres-seed-job.yaml +++ b/codefresh/templates/seed/postgres-seed-job.yaml @@ -1,6 +1,15 @@ {{ $libTemplateName := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }} {{- if and .Values.seed.enabled (or .Values.global.seedJobs .Values.seed.postgresSeedJob.enabled) }} --- +{{- $tolerations := .Values.seed.tolerations | default list }} +{{- $globalTolerations := .Values.global.tolerations | default list }} +{{- $allToleration := concat $globalTolerations $tolerations }} +{{- $affinity := .Values.seed.affinity | default dict }} +{{- $globalAffinity := .Values.global.affinity | default dict }} +{{- $allAffinity := mergeOverwrite $globalAffinity $affinity }} +{{- $nodeSelector := .Values.seed.nodeSelector | default dict }} +{{- $globalNodeSelector := .Values.global.nodeSelector | default dict }} +{{- $allNodeSelector := mergeOverwrite $globalNodeSelector $nodeSelector }} apiVersion: batch/v1 kind: Job metadata: @@ -20,10 +29,7 @@ spec: labels: {{ include "codefresh.labels" . | nindent 8 }} spec: - {{- if .Values.global.imageRegistry }} - imagePullSecrets: - - name: "{{ .Release.Name }}-{{ .Values.global.codefresh }}-registry" - {{- end }} + {{- include (printf "%s.image.pullSecrets" $libTemplateName ) . | nindent 6 }} securityContext: {{- toYaml .Values.seed.podSecurityContext | nindent 8 }} containers: @@ -50,15 +56,15 @@ spec: - "-exc" - | {{ .Files.Get "files/postgresSeedJobScript.sh" | nindent 12 }} - {{- with .Values.seed.nodeSelector }} + {{- with $allNodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.seed.affinity }} + {{- with $allAffinity }} affinity: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.seed.tolerations }} + {{- with $allToleration }} tolerations: {{- toYaml . | nindent 6 }} {{- end }} diff --git a/codefresh/tests/misc/global_constrains_test.yaml b/codefresh/tests/misc/global_constrains_test.yaml index 55fdc75a3b..6127f95f81 100644 --- a/codefresh/tests/misc/global_constrains_test.yaml +++ b/codefresh/tests/misc/global_constrains_test.yaml @@ -3,6 +3,10 @@ suite: Should test global tolerations/nodeSelector/affinity/imagePullSecret templates: - charts/**/*.yaml - internal-gateway.yaml + - seed/mongo-seed-job.yaml + - seed/postgres-seed-job.yaml + - gencerts/job-gencerts.yaml + - hooks/update-system-re.yaml tests: - it: argo-platform-abac should have global tolerations/nodeSelector/affinity/imagePullSecret values: @@ -1063,3 +1067,131 @@ tests: operator: "In" values: - "value" + + - it: mongo-seed-job should have global tolerations/nodeSelector/affinity/imagePullSecret + values: + - ../values/global.yaml + template: seed/mongo-seed-job.yaml + asserts: + - contains: + path: spec.template.spec.imagePullSecrets + content: + name: my-secret + - contains: + path: spec.template.spec.tolerations + content: + key: "key" + operator: "Equal" + value: "value" + effect: "NoSchedule" + - equal: + path: spec.template.spec.nodeSelector + value: + key: "value" + - equal: + path: spec.template.spec.affinity + value: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: "key" + operator: "In" + values: + - "value" + + - it: postgres-seed-job should have global tolerations/nodeSelector/affinity/imagePullSecret + values: + - ../values/global.yaml + template: seed/postgres-seed-job.yaml + asserts: + - contains: + path: spec.template.spec.imagePullSecrets + content: + name: my-secret + - contains: + path: spec.template.spec.tolerations + content: + key: "key" + operator: "Equal" + value: "value" + effect: "NoSchedule" + - equal: + path: spec.template.spec.nodeSelector + value: + key: "value" + - equal: + path: spec.template.spec.affinity + value: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: "key" + operator: "In" + values: + - "value" + + - it: job-gencerts should have global tolerations/nodeSelector/affinity/imagePullSecret + values: + - ../values/global.yaml + template: gencerts/job-gencerts.yaml + asserts: + - contains: + path: spec.template.spec.imagePullSecrets + content: + name: my-secret + - contains: + path: spec.template.spec.tolerations + content: + key: "key" + operator: "Equal" + value: "value" + effect: "NoSchedule" + - equal: + path: spec.template.spec.nodeSelector + value: + key: "value" + - equal: + path: spec.template.spec.affinity + value: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: "key" + operator: "In" + values: + - "value" + + - it: update-system-re job should have global tolerations/nodeSelector/affinity/imagePullSecret + values: + - ../values/global.yaml + template: hooks/update-system-re.yaml + asserts: + - contains: + path: spec.template.spec.imagePullSecrets + content: + name: my-secret + - contains: + path: spec.template.spec.tolerations + content: + key: "key" + operator: "Equal" + value: "value" + effect: "NoSchedule" + - equal: + path: spec.template.spec.nodeSelector + value: + key: "value" + - equal: + path: spec.template.spec.affinity + value: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: "key" + operator: "In" + values: + - "value" diff --git a/codefresh/values.yaml b/codefresh/values.yaml index ad2c636989..6835b41778 100644 --- a/codefresh/values.yaml +++ b/codefresh/values.yaml @@ -474,11 +474,11 @@ runtimeImages: COMPOSE_IMAGE: quay.io/codefresh/compose:v2.32.2-1.5.2 CONTAINER_LOGGER_IMAGE: quay.io/codefresh/cf-container-logger:1.12.2 DIND_IMAGE: quay.io/codefresh/dind:26.1.4-1.28.8 - DOCKER_BUILDER_IMAGE: quay.io/codefresh/cf-docker-builder:1.4.2 + DOCKER_BUILDER_IMAGE: quay.io/codefresh/cf-docker-builder:1.4.3 DOCKER_PULLER_IMAGE: quay.io/codefresh/cf-docker-puller:8.0.18 DOCKER_PUSHER_IMAGE: quay.io/codefresh/cf-docker-pusher:6.0.16 DOCKER_TAG_PUSHER_IMAGE: quay.io/codefresh/cf-docker-tag-pusher:1.3.15 - ENGINE_IMAGE: quay.io/codefresh/engine:1.177.4 + ENGINE_IMAGE: quay.io/codefresh/engine:1.177.5 FS_OPS_IMAGE: quay.io/codefresh/fs-ops:1.2.8 GIT_CLONE_IMAGE: quay.io/codefresh/cf-git-cloner:10.2.0 KUBE_DEPLOY: quay.io/codefresh/cf-deploy-kubernetes:16.2.6 @@ -1070,7 +1070,7 @@ mongodb: memory: 256Mi migration: enabled: false - featureCompatibilityVersion: "5.0" + featureCompatibilityVersion: "6.0" # -- nats # @default -- See below @@ -1906,3 +1906,20 @@ seed-e2e: ci: enabled: false + +developmentChart: false + +mailer: + enabled: false + +payments: + enabled: false + +segment-reporter: + enabled: false + +salesforce-reporter: + enabled: false + +onboarding-status: + enabled: false