diff --git a/codefresh/.ci/values/defaults-hpa.yaml b/codefresh/.ci/values/defaults-hpa.yaml index 8b80bdcb4b..2b5a4bc0ff 100644 --- a/codefresh/.ci/values/defaults-hpa.yaml +++ b/codefresh/.ci/values/defaults-hpa.yaml @@ -3,6 +3,9 @@ seed-e2e: global: appUrl: "" # placeholder + imagePullSecrets: + - codefresh-registry + - dockerhub-creds cfapi: rbac: diff --git a/codefresh/.ci/values/external-secrets.yaml b/codefresh/.ci/values/external-secrets.yaml index 75dc727633..4582de35c0 100644 --- a/codefresh/.ci/values/external-secrets.yaml +++ b/codefresh/.ci/values/external-secrets.yaml @@ -3,7 +3,7 @@ secrets: ext-mongo: enabled: true stringData: - mongodb-host: cf-mongodb:27017 + mongodb-host: my-mongodb:27017 mongodb-password: mTiXcU2wafr9 mongodb-user: cfuser mongodb-root-user: root @@ -11,20 +11,20 @@ secrets: ext-postgres: enabled: true stringData: - postgres-hostname: cf-postgresql + postgres-hostname: my-postgresql postgres-password: eC9arYka4ZbH postgres-user: postgres ext-redis: enabled: true stringData: - redis-url: cf-redis-master + redis-url: my-redis-master redis-password: hoC9szf7NtrU ext-rabbitmq: enabled: true stringData: rabbitmq-hostname: my-rabbitmq:5672 rabbitmq-password: cVz9ZdJKYm7u - rabbitmq-username: user + rabbitmq-username: myuser ext-firebase: enabled: true stringData: @@ -33,7 +33,7 @@ secrets: e2e-mongo-uri: enabled: true stringData: - mongo-uri: mongodb://cfuser:mTiXcU2wafr9@cf-mongodb:27017/codefresh + mongo-uri: mongodb://cfuser:mTiXcU2wafr9@my-mongodb:27017/codefresh seed: mongoSeedJob: @@ -99,3 +99,18 @@ global: rabbitmq: fullnameOverride: my-rabbitmq + auth: + username: myuser + +redis: + fullnameOverride: my-redis + +postgresql: + fullnameOverride: my-postgresql + +mongodb: + fullnameOverride: my-mongodb + +cf-platform-analytics-platform: + redis: + enabled: false diff --git a/codefresh/.ci/values/mtls-mongodb-redis.yaml b/codefresh/.ci/values/mtls-mongodb-redis.yaml index cea05a324c..6ba0f60cb6 100644 --- a/codefresh/.ci/values/mtls-mongodb-redis.yaml +++ b/codefresh/.ci/values/mtls-mongodb-redis.yaml @@ -150,4 +150,4 @@ extraResources: type: ClusterIP seed-e2e: - enabled: false \ No newline at end of file + enabled: false diff --git a/codefresh/Chart.lock b/codefresh/Chart.lock index c8f75f603c..98cc11773b 100644 --- a/codefresh/Chart.lock +++ b/codefresh/Chart.lock @@ -7,28 +7,28 @@ dependencies: version: 0.10.2 - name: consul repository: https://charts.bitnami.com/bitnami - version: 11.4.10 + version: 11.4.17 - name: mongodb repository: https://charts.bitnami.com/bitnami - version: 14.4.1 + version: 15.6.26 - name: postgresql repository: https://charts.bitnami.com/bitnami - version: 12.5.1 + version: 16.7.4 - name: postgresql-ha - repository: oci://registry-1.docker.io/bitnamicharts + repository: oci://quay.io/codefresh/charts version: 12.0.4 - name: redis repository: https://charts.bitnami.com/bitnami - version: 20.11.3 + version: 20.13.4 - name: redis-ha repository: https://dandydeveloper.github.io/charts version: 4.26.1 - name: rabbitmq repository: https://charts.bitnami.com/bitnami - version: 15.3.3 + version: 15.5.3 - name: nats repository: https://charts.bitnami.com/bitnami - version: 9.0.6 + version: 9.0.17 - name: builder repository: oci://quay.io/codefresh/charts version: 1.4.0 @@ -37,97 +37,97 @@ dependencies: version: 1.4.0 - name: ingress-nginx repository: https://kubernetes.github.io/ingress-nginx - version: 4.11.2 + version: 4.12.1 - name: cluster-providers repository: oci://quay.io/codefresh/charts - version: 1.17.14 + version: 1.17.15 - name: kube-integration repository: oci://quay.io/codefresh/charts - version: 1.31.17 + version: 1.31.19 - name: charts-manager repository: oci://quay.io/codefresh/charts - version: 1.22.2 + version: 1.23.1 - name: cfsign repository: oci://quay.io/codefresh/charts version: 1.8.8 - name: tasker-kubernetes repository: oci://quay.io/codefresh/charts - version: 1.26.17 + version: 1.26.18 - name: context-manager repository: oci://quay.io/codefresh/charts - version: 2.33.6 + version: 2.34.2 - name: pipeline-manager repository: oci://quay.io/codefresh/charts - version: 3.138.3 + version: 3.139.2 - name: gitops-dashboard-manager repository: oci://quay.io/codefresh/charts - version: 1.14.20 + version: 1.14.22 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.9 + version: 21.279.2 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.9 + version: 21.279.2 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.9 + version: 21.279.2 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.9 + version: 21.279.2 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.9 + version: 21.279.2 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.9 + version: 21.279.2 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.9 + version: 21.279.2 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.9 + version: 21.279.2 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.9 + version: 21.279.2 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.9 + version: 21.279.2 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.9 + version: 21.279.2 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.9 + version: 21.279.2 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.9 + version: 21.279.2 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.9 + version: 21.279.2 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.9 + version: 21.279.2 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.9 + version: 21.279.2 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.9 + version: 21.279.2 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.9 + version: 21.279.2 - name: cfui repository: oci://quay.io/codefresh/charts - version: 14.97.50 + version: 14.98.27 - name: k8s-monitor repository: oci://quay.io/codefresh/charts - version: 4.11.13 + version: 4.11.14 - name: runtime-environment-manager repository: oci://quay.io/codefresh/charts - version: 3.39.3 + version: 3.41.1 - name: cf-broadcaster repository: oci://quay.io/codefresh/charts - version: 1.12.21 + version: 1.13.0 - name: helm-repo-manager repository: oci://quay.io/codefresh/charts version: 0.20.2 @@ -142,18 +142,30 @@ dependencies: version: 0.8.10 - name: cf-platform-analytics repository: oci://quay.io/codefresh/charts - version: 0.49.77 + version: 0.49.87 - name: cf-platform-analytics repository: oci://quay.io/codefresh/charts - version: 0.49.77 + version: 0.49.87 - name: argo-platform repository: oci://quay.io/codefresh/charts - version: 1.3344.0 + version: 1.3506.0 - name: argo-hub-platform repository: oci://quay.io/codefresh/charts - version: 0.1.21 + version: 0.1.23 - name: cf-oidc-provider repository: oci://quay.io/codefresh/charts version: 0.0.16 -digest: sha256:83072ee3b8654194f3fb06b189775de8f1220062dad9f8ec858c54641e3aeefb -generated: "2025-03-14T18:07:51.289296+03:00" +- name: mailer + repository: oci://quay.io/codefresh/charts + version: 1.20.8 +- name: payments + repository: oci://quay.io/codefresh/charts + version: 2.23.18 +- name: segment-reporter + repository: oci://quay.io/codefresh/charts + version: 1.17.8 +- name: salesforce-reporter + repository: oci://quay.io/codefresh/charts + version: 1.30.11 +digest: sha256:814b879b8e7b0b276c66b821c69c2c22febbbec4a30fed89117d50530ae0ea5e +generated: "2025-05-19T23:11:03.858637+03:00" diff --git a/codefresh/Chart.yaml b/codefresh/Chart.yaml index 96af206c9d..59e0e1a855 100644 --- a/codefresh/Chart.yaml +++ b/codefresh/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 description: Helm Chart for Codefresh On-Prem name: codefresh -version: 2.7.0 +version: 2.8.0 keywords: - codefresh home: https://codefresh.io/ @@ -15,11 +15,11 @@ appVersion: 2.7.0 annotations: artifacthub.io/prerelease: "true" artifacthub.io/alternativeName: "codefresh-onprem" - # artifacthub.io/containsSecurityUpdates: "true" + artifacthub.io/containsSecurityUpdates: "true" # supported kinds are added, changed, deprecated, removed, fixed and security. artifacthub.io/changes: | - kind: changed - description: "Initial 2.7 release" + description: "Initial 2.8.0 release" dependencies: - name: cf-common repository: oci://quay.io/codefresh/charts @@ -29,23 +29,23 @@ dependencies: version: 0.10.2 condition: internal-gateway.enabled - name: consul - version: 11.4.10 + version: 11.4.17 repository: https://charts.bitnami.com/bitnami condition: consul.enabled - name: mongodb - version: 14.4.1 + version: 15.6.26 repository: https://charts.bitnami.com/bitnami condition: mongodb.enabled,mongo.enabled,global.mongoDeploy - name: postgresql - version: 12.5.1 + version: 16.7.4 repository: https://charts.bitnami.com/bitnami condition: postgresql.enabled - name: postgresql-ha version: 12.0.4 - repository: oci://registry-1.docker.io/bitnamicharts + repository: oci://quay.io/codefresh/charts condition: postgresql-ha.enabled - name: redis - version: 20.11.3 + version: 20.13.4 repository: https://charts.bitnami.com/bitnami condition: redis.enabled - name: redis-ha @@ -53,11 +53,11 @@ dependencies: version: 4.26.1 condition: redis-ha.enabled - name: rabbitmq - version: 15.3.3 + version: 15.5.3 repository: https://charts.bitnami.com/bitnami condition: rabbitmq.enabled - name: nats - version: 9.0.6 + version: 9.0.17 repository: https://charts.bitnami.com/bitnami condition: nats.enabled - name: builder @@ -69,7 +69,7 @@ dependencies: condition: runner.enabled version: 1.4.0 - name: ingress-nginx - version: 4.11.2 + version: 4.12.1 repository: https://kubernetes.github.io/ingress-nginx condition: ingress-nginx.enabled - name: cluster-providers @@ -248,3 +248,19 @@ dependencies: repository: oci://quay.io/codefresh/charts version: "*" condition: cf-oidc-provider.enabled + - name: mailer + version: "*" + repository: oci://quay.io/codefresh/charts + condition: mailer.enabled + - name: payments + version: "*" + repository: oci://quay.io/codefresh/charts + condition: payments.enabled + - name: segment-reporter + version: "*" + repository: oci://quay.io/codefresh/charts + condition: segment-reporter.enabled + - name: salesforce-reporter + version: "*" + repository: oci://quay.io/codefresh/charts + condition: salesforce-reporter.enabled diff --git a/codefresh/README.md b/codefresh/README.md index 2159cd66a8..ec4d301e08 100644 --- a/codefresh/README.md +++ b/codefresh/README.md @@ -1,6 +1,6 @@ ## Codefresh On-Premises -![Version: 2.7.0](https://img.shields.io/badge/Version-2.7.0-informational?style=flat-square) ![AppVersion: 2.7.0](https://img.shields.io/badge/AppVersion-2.7.0-informational?style=flat-square) +![Version: 2.8.0](https://img.shields.io/badge/Version-2.8.0-informational?style=flat-square) ![AppVersion: 2.7.0](https://img.shields.io/badge/AppVersion-2.7.0-informational?style=flat-square) Helm chart for deploying [Codefresh On-Premises](https://codefresh.io/docs/docs/getting-started/intro-to-codefresh/) to Kubernetes. @@ -24,6 +24,7 @@ Helm chart for deploying [Codefresh On-Premises](https://codefresh.io/docs/docs/ - [Configuration with ALB (Application Load Balancer)](#configuration-with-alb-application-load-balancer) - [Configuration with Private Registry](#configuration-with-private-registry) - [Configuration with multi-role CF-API](#configuration-with-multi-role-cf-api) + - [Indexes in MongoDB](#indexes-in-mongodb) - [High Availability](#high-availability) - [Mounting private CA certs](#mounting-private-ca-certs) - [Installing on OpenShift](#installing-on-openshift) @@ -33,21 +34,21 @@ Helm chart for deploying [Codefresh On-Premises](https://codefresh.io/docs/docs/ - [Projects pipelines limit](#projects-pipelines-limit) - [Enable session cookie](#enable-session-cookie) - [X-Frame-Options response header](#x-frame-options-response-header) - - [Auto-index creation in MongoDB](#auto-index-creation-in-mongodb) - [Image digests in containers](#image-digests-in-containers) - [Configuring OIDC Provider](#configuring-oidc-provider) - [Upgrading](#upgrading) - - [To 2.0.0](#to-200) - - [To 2.0.12](#to-2012) - - [To 2.0.17](#to-2017) - - [To 2.1.0](#to-210) - - [To 2.1.7](#to-217) - - [To 2.2.0](#to-220) - - [To 2.3.0](#to-230) - - [To 2.4.0](#to-240) - - [To 2.5.0](#to-250) - - [To 2.6.0](#to-260) - - [To 2.7.0](#to-270) + - [To 2.0.0](#to-2-0-0) + - [To 2.0.12](#to-2-0-12) + - [To 2.0.17](#to-2-0-17) + - [To 2.1.0](#to-2-1-0) + - [To 2.1.7](#to-2-1-7) + - [To 2.2.0](#to-2-2-0) + - [To 2.3.0](#to-2-3-0) + - [To 2.4.0](#to-2-4-0) + - [To 2.5.0](#to-2-5-0) + - [To 2.6.0](#to-2-6-0) + - [To 2.7.0](#to-2-7-0) + - [To 2.8.0](#to-2-8-0) - [Rollback](#rollback) - [Troubleshooting](#troubleshooting) - [Values](#values) @@ -59,7 +60,7 @@ Helm chart for deploying [Codefresh On-Premises](https://codefresh.io/docs/docs/ ## Prerequisites -- Kubernetes **>= 1.28 && <= 1.31** (Supported versions mean that installation passed for the versions listed; however, it **may** work on older k8s versions as well) +- Kubernetes **>= 1.28 && <= 1.32** (Supported versions mean that installation passed for the versions listed; however, it **may** work on older k8s versions as well) - Helm **3.8.0+** - PV provisioner support in the underlying infrastructure (with [resizing](https://kubernetes.io/blog/2018/07/12/resizing-persistent-volumes-using-kubernetes/) available) - Minimal 4vCPU and 8Gi Memory available in the cluster (for production usage the recommended minimal cluster capacity is at least 12vCPUs and 36Gi Memory) @@ -79,6 +80,8 @@ See [Use OCI-based registries](https://helm.sh/docs/topics/registries/) **Important:** only helm 3.8.0+ is supported +**Important:** Read about [Indexes in MongoDB](#indexes-in-mongodb) before installation + Edit default `values.yaml` or create empty `cf-values.yaml` - Pass `sa.json` (as a single line) to `.Values.imageCredentials.password` @@ -115,6 +118,11 @@ global: # firebaseSecretSecretKeyRef: # name: my-secret # key: firebase-secret + + env: + MONGOOSE_AUTO_INDEX: "true" + MONGO_AUTOMATIC_INDEX_CREATION: "true" + ``` - Specify `.Values.ingress.tls.cert` and `.Values.ingress.tls.key` OR `.Values.ingress.tls.existingSecret` @@ -182,11 +190,12 @@ helm show values codefresh/codefresh The following table displays the list of **persistent** services created as part of the on-premises installation: -| Database | Purpose | Latest supported version | +| Database | Purpose | Required version | | :--- | :---- | :--- | -| MongoDB | Stores all account data (account settings, users, projects, pipelines, builds etc.) | 4.4.x | -| Postgresql | Stores data about events for the account (pipeline updates, deletes, etc.). The audit log uses the data from this database. | 13.x | +| MongoDB | Stores all account data (account settings, users, projects, pipelines, builds etc.) | 7.x | +| Postgresql | Stores data about events for the account (pipeline updates, deletes, etc.). The audit log uses the data from this database. | 17.x | | Redis | Used for caching, and as a key-value store for cron trigger manager. | 7.0.x | +| RabbitMQ | Used for message queueing. | 4.0.x | > Running on netfs (nfs, cifs) is not recommended. @@ -206,8 +215,6 @@ However, you might need to use external services like [MongoDB Atlas Database](h #### External MongoDB -**Important:** Recommended version of Mongo is 6.x - ```yaml seed: mongoSeedJob: @@ -318,8 +325,6 @@ global: #### External PostgresSQL -**Important:** Recommended version of Postgres is 13.x - ```yaml seed: postgresSeedJob: @@ -383,8 +388,6 @@ postgresql: #### External Redis -**Important:** Recommended version of Redis is 7.x - ```yaml global: # -- Set redis password in plain text @@ -459,8 +462,6 @@ global: #### External RabbitMQ -**Important:** Recommended version of RabbitMQ is 3.x - ```yaml global: # -- Set rabbitmq protocol (`amqp/amqps`) @@ -781,6 +782,58 @@ cfapi-test-reporting: enabled: true ``` +⚠️ ⚠️ ⚠️ +### Indexes in MongoDB +⚠️ ⚠️ ⚠️ + +Indexes in MongoDB are essential for efficient query performance, especially as your data grows. Without proper indexes, MongoDB must perform full collection scans to find matching documents, which can significantly slow down operations and increase resource usage. For production environments, ensuring that all frequently queried fields are indexed is vital to maintain optimal performance and scalability. + +Auto-index creation in MongoDB is disabled by default in Codefresh On-Prem to prevent unexpected performance issues in production environments during upgrades. When enabled, MongoDB will automatically create indexes for fields used in queries, which can lead to high CPU and disk usage, increased I/O, and potential service disruptions—especially on large datasets. By requiring manual index management, administrators can plan index creation during maintenance windows, ensuring system stability and predictable performance before upgrading Codefresh On-Prem. + +It is critical to ensure that your MongoDB indexes are always aligned with the latest recommended state for your Codefresh On-Prem version. Outdated or missing indexes can lead to degraded performance, slow queries, and increased resource consumption. Always review release notes and update or create indexes as specified during upgrades or when new collections/fields are introduced. Regularly auditing and maintaining your indexes helps ensure optimal system reliability and scalability. + +The indexes list is located at the [codefresh-io/codefresh-onprem-helm](https://github.com/codefresh-io/codefresh-onprem-helm/tree/onprem-2.8.0/indexes) repository. +The indexes are stored in JSON files with keys and options specified. + +The directory structure is: + +```console +codefresh-onprem-helm +├── indexes +│ ├── # MongoDB database name +│ │ ├── .json # MongoDB indexes for the specified collection +``` + +#### Enabling auto-index creation + +For first-time installations, you **must** enable auto-index creation by setting the following values: + +```yaml +global: + env: + MONGOOSE_AUTO_INDEX: "true" + MONGO_AUTOMATIC_INDEX_CREATION: "true" +``` + +You **should** disable it for the next upgrades by setting these variables to `false`: + +```yaml +global: + env: + MONGOOSE_AUTO_INDEX: "false" + MONGO_AUTOMATIC_INDEX_CREATION: "false" +``` + +#### Creating Indexes manually + +> **Note!** If you have a large amount of MongoDB data, it is recommended to create indexes manually. Enabling auto-index creation can cause performance degradation during the index creation process with large datasets. + +Depending on your MongoDB service (e.g., Atlas, self-hosted), you can create indexes using the MongoDB shell or the Atlas UI. + +Ref: +- [Create an Index in Atlas DB](https://www.mongodb.com/docs/atlas/atlas-ui/indexes/#create-an-index) +- [Create an Index with mongosh](https://www.mongodb.com/docs/manual/reference/method/db.collection.createIndex/) + ### High Availability The chart installs the non-HA version of Codefresh by default. If you want to run Codefresh in HA mode, use the example values below. @@ -1204,32 +1257,6 @@ cfapi: USE_SHA256_GITHUB_SIGNATURE: "true" ``` -### Auto-index creation in MongoDB - -In Codefresh On-Prem 2.6.x, the `cfapi` can create indexes in MongoDB automatically. This feature is disabled by default. To enable it, set the following environment variable: - -> **Note!** Enabling this feature can cause performance degradation during the index creation process. - -> **Note!** It is recommended to add indexes during a maintenance window. The indexes list is provided in `codefresh/files/indexes//.json` files. - -```yaml -cfapi: - container: - env: - MONGOOSE_AUTO_INDEX: "true" -``` - -```yaml -argo-platform: - api-graphql: - env: - MONGO_AUTOMATIC_INDEX_CREATION: "true" -``` - -Ref: -- [Create an Index in Atlas DB](https://www.mongodb.com/docs/atlas/atlas-ui/indexes/#create-an-index) -- [Create an Index with mongosh](https://www.mongodb.com/docs/manual/reference/method/db.collection.createIndex/) - ### Image digests in containers In Codefresh On-Prem 2.6.x all Codefresh owner microservices include image digests in the default subchart values. @@ -1458,7 +1485,7 @@ Use [obtain-oidc-id-token](https://github.com/codefresh-io/steps/blob/822afc0a9a ## Upgrading -### To 2.0.0 +### To 2-0-0 This major chart version change (v1.4.X -> v2.0.0) contains some **incompatible breaking change needing manual actions**. @@ -1767,7 +1794,7 @@ helm-repo-manager: repository: myregistry.domain.com/codefresh/chartmuseum ``` -### To 2.0.17 +### To 2-0-17 #### ⚠️ Affected values @@ -1841,7 +1868,7 @@ argo-platform: repository: codefresh-io/argo-platform-ui ``` -### To 2.1.0 +### To 2-1-0 ### [What's new in 2.1.x](https://codefresh.io/docs/docs/whats-new/on-prem-release-notes/#on-premises-version-21) @@ -1877,14 +1904,14 @@ cf-broadcaster: REDIS_DB: 0 ``` -### To 2.1.7 +### To 2-1-7 ⚠️⚠️⚠️ > Since version 2.1.7 chart is pushed **only** to OCI registry at `oci://quay.io/codefresh/codefresh` > Versions prior to 2.1.7 are still available in ChartMuseum at `http://chartmuseum.codefresh.io/codefresh` -### To 2.2.0 +### To 2-2-0 ### [What's new in 2.2.x](https://codefresh.io/docs/docs/whats-new/on-prem-release-notes/#on-premises-version-22) @@ -1912,7 +1939,7 @@ redis-ha: enabled: true ``` -### To 2.3.0 +### To 2-3-0 ### [What's new in 2.3.x](https://codefresh.io/docs/docs/whats-new/on-prem-release-notes/#on-premises-version-23) @@ -1956,7 +1983,7 @@ helm rollback $RELEASE_NAME $RELEASE_NUMBER \ --wait ``` -### To 2.4.0 +### To 2-4-0 ### [What's new in 2.4.x](https://codefresh.io/docs/docs/whats-new/on-prem-release-notes/#on-premises-version-24) @@ -1985,11 +2012,11 @@ cfapi: DEFAULT_SYSTEM_TYPE: CLASSIC ``` -### To 2.5.0 +### To 2-5-0 ### [What's new in 2.5.x](https://codefresh.io/docs/docs/whats-new/on-prem-release-notes/#on-premises-version-25) -### To 2.6.0 +### To 2-6-0 ### [What's new in 2.6.x](https://codefresh.io/docs/docs/whats-new/on-prem-release-notes/#on-premises-version-26) @@ -2001,7 +2028,7 @@ cfapi: [Auto-index creation in MongoDB](#auto-index-creation-in-mongodb) -### To 2.7.0 +### To 2-7-0 ### [What's new in 2.7.x](https://codefresh.io/docs/docs/whats-new/on-prem-release-notes/#on-premises-version-27) @@ -2032,6 +2059,73 @@ global: - "value" ``` +### To 2-8-0 + +### [What's new in 2.8.x](https://codefresh.io/docs/docs/whats-new/on-prem-release-notes/#on-premises-version-28) + +### ⚠️ ⚠️ ⚠️ Breaking changes. Read before upgrading! + +### MongoDB update + +Default MongoDB image is changed from 6.x to 7.x. + +If you run external MongoDB (i.e. [Atlas](https://cloud.mongodb.com)), it is **required** to upgrade it to 7.x after upgrading Codefresh On-Prem to 2.8.x. + +For backward compatibility (in case you need to rollback to 6.x), you can set [`featureCompatibilityVersion`](https://www.mongodb.com/docs/v6.0/reference/command/setFeatureCompatibilityVersion/) to `6.0` in your values file. + +```yaml +mongodb: + migration: + enabled: true + featureCompatibilityVersion: "6.0" +``` + +### PostgreSQL update + +Default PostgreSQL image is changed from 13.x to 17.x + +If you run external PostgreSQL, follow the [official instructions](https://www.postgresql.org/docs/17/upgrading.html) to upgrade to 17.x. + +⚠️ ⚠️ ⚠️ If you run built-in PostgreSQL `bitnami/postgresql` subchart, direct upgrade is not supported. You need to backup your data, delete the old PostgreSQL StatefulSet with PVCs and restore the data into a new PostgreSQL StatefulSet. + +```console +PGUSER=postgres +PGHOST=cf-postgresql +PGPORT=5432 +PGPASSWORD=postgres +BACKUP_DIR=/tmp/pg_backup +BACKUP_SQL=backup.sql +TIMESTAMP=$(date +%Y%m%d%H%M%S) +NAMESPACE=codefresh + +# Backup PostgreSQL data +pg_dumpall --verbose > "$BACKUP_DIR/$BACKUP_SQL.$TIMESTAMP" 2>> "$LOG_FILE" + +# Delete old PostgreSQL StatefulSet +STS_NAME=$(kubectl get sts -n $NAMESPACE -l app.kubernetes.io/instance=$RELEASE_NAME -l app.kubernetes.io/name=postgresql -o jsonpath='{.items[0].metadata.name}') +PVC_NAME=$(kubectl get pvc -n $NAMESPACE -l app.kubernetes.io/instance=$RELEASE_NAME -l app.kubernetes.io/name=postgresql -o jsonpath='{.items[0].metadata.name}') + +kubectl delete sts $STS_NAME -n $NAMESPACE +kubectl delete pvc $PVC_NAME -n $NAMESPACE + +# Perform Codefresh On-Prem upgrade to 2.8.x + +# Restore PostgreSQL data +psql -U -f "$BACKUP_DIR/$BACKUP_SQL.$TIMESTAMP" >> "$LOG_FILE" 2>&1 +``` + +### RabbitMQ update + +Default RabbitMQ image is changed from 3.x to 4.x + +#### Affected values + +- Added option to provide `.Values.global.tolerations`/`.Values.global.nodeSelector`/`.Values.global.affinity` for all Codefresh subcharts + +- Changed default location for public images from `quay.io/codefresh` to `us-docker.pkg.dev/codefresh-inc/public-gcr-io/codefresh` + +- `.Values.hooks` was splitted into `.Values.hooks.mongodb` and `.Values.hooks.consul` + ## Troubleshooting ### Error: Failed to validate connection to Docker daemon; caused by Error: certificate has expired @@ -2132,15 +2226,15 @@ After platform upgrade, Consul fails with the error `refusing to rejoin cluster | argo-platform.runtime-monitor | object | See below | runtime-monitor Don't enable! Not used in onprem! | | argo-platform.ui | object | See below | ui | | argo-platform.useExternalSecret | bool | `false` | Use regular k8s secret object. Keep `false`! | -| builder | object | `{"affinity":{},"container":{"image":{"registry":"docker.io","repository":"library/docker","tag":"28.0-dind"}},"enabled":true,"initContainers":{"register":{"image":{"registry":"quay.io","repository":"codefresh/curl","tag":"8.11.1"}}},"nodeSelector":{},"podSecurityContext":{},"resources":{},"tolerations":[]}` | builder | +| builder | object | `{"affinity":{},"container":{"image":{"registry":"docker.io","repository":"library/docker","tag":"28.0-dind"}},"enabled":true,"imagePullSecrets":[],"initContainers":{"register":{"image":{"registry":"us-docker.pkg.dev/codefresh-inc/public-gcr-io","repository":"codefresh/curl","tag":"8.11.1"}}},"nodeSelector":{},"podSecurityContext":{},"resources":{},"tolerations":[]}` | builder | | cf-broadcaster | object | See below | broadcaster | | cf-oidc-provider | object | See below | cf-oidc-provider | | cf-platform-analytics-etlstarter | object | See below | etl-starter | | cf-platform-analytics-etlstarter.redis.enabled | bool | `false` | Disable redis subchart | | cf-platform-analytics-etlstarter.system-etl-postgres | object | `{"container":{"env":{"BLUE_GREEN_ENABLED":true}},"controller":{"cronjob":{"ttlSecondsAfterFinished":300}},"enabled":true}` | Only postgres ETL should be running in onprem | | cf-platform-analytics-platform | object | See below | platform-analytics | -| cfapi | object | `{"affinity":{},"container":{"env":{"AUDIT_AUTO_CREATE_DB":true,"DEFAULT_SYSTEM_TYPE":"PROJECT_ONE","GITHUB_API_PATH_PREFIX":"/api/v3","LOGGER_LEVEL":"debug","OIDC_PROVIDER_PORT":"{{ .Values.global.oidcProviderPort }}","OIDC_PROVIDER_PROTOCOL":"{{ .Values.global.oidcProviderProtocol }}","OIDC_PROVIDER_TOKEN_ENDPOINT":"{{ .Values.global.oidcProviderTokenEndpoint }}","OIDC_PROVIDER_URI":"{{ .Values.global.oidcProviderService }}","ON_PREMISE":true,"RUNTIME_MONGO_DB":"codefresh","RUNTIME_REDIS_DB":0},"image":{"registry":"us-docker.pkg.dev/codefresh-enterprise/gcr.io","repository":"codefresh/cf-api"}},"controller":{"replicas":2},"enabled":true,"hpa":{"enabled":false,"maxReplicas":10,"minReplicas":2,"targetCPUUtilizationPercentage":70},"nodeSelector":{},"pdb":{"enabled":false,"minAvailable":"50%"},"podSecurityContext":{},"resources":{"limits":{},"requests":{"cpu":"200m","memory":"256Mi"}},"secrets":{"secret":{"enabled":true,"stringData":{"OIDC_PROVIDER_CLIENT_ID":"{{ .Values.global.oidcProviderClientId }}","OIDC_PROVIDER_CLIENT_SECRET":"{{ .Values.global.oidcProviderClientSecret }}"},"type":"Opaque"}},"tolerations":[]}` | cf-api | -| cfapi-internal.<<.affinity | object | `{}` | | +| cfapi | object | `{"affinity":{},"container":{"env":{"AUDIT_AUTO_CREATE_DB":true,"DEFAULT_SYSTEM_TYPE":"PROJECT_ONE","GITHUB_API_PATH_PREFIX":"/api/v3","LOGGER_LEVEL":"debug","OIDC_PROVIDER_PORT":"{{ .Values.global.oidcProviderPort }}","OIDC_PROVIDER_PROTOCOL":"{{ .Values.global.oidcProviderProtocol }}","OIDC_PROVIDER_TOKEN_ENDPOINT":"{{ .Values.global.oidcProviderTokenEndpoint }}","OIDC_PROVIDER_URI":"{{ .Values.global.oidcProviderService }}","ON_PREMISE":true,"RUNTIME_MONGO_DB":"codefresh","RUNTIME_REDIS_DB":0},"image":{"registry":"us-docker.pkg.dev/codefresh-enterprise/gcr.io","repository":"codefresh/cf-api"}},"controller":{"replicas":2},"enabled":true,"hpa":{"enabled":false,"maxReplicas":10,"minReplicas":2,"targetCPUUtilizationPercentage":70},"imagePullSecrets":[],"nodeSelector":{},"pdb":{"enabled":false,"minAvailable":"50%"},"podSecurityContext":{},"resources":{"limits":{},"requests":{"cpu":"200m","memory":"256Mi"}},"secrets":{"secret":{"enabled":true,"stringData":{"OIDC_PROVIDER_CLIENT_ID":"{{ .Values.global.oidcProviderClientId }}","OIDC_PROVIDER_CLIENT_SECRET":"{{ .Values.global.oidcProviderClientSecret }}"},"type":"Opaque"}},"tolerations":[]}` | cf-api | +| cfapi-internal.<<.affinity | object | `{}` | Affinity configuration | | cfapi-internal.<<.container | object | `{"env":{"AUDIT_AUTO_CREATE_DB":true,"DEFAULT_SYSTEM_TYPE":"PROJECT_ONE","GITHUB_API_PATH_PREFIX":"/api/v3","LOGGER_LEVEL":"debug","OIDC_PROVIDER_PORT":"{{ .Values.global.oidcProviderPort }}","OIDC_PROVIDER_PROTOCOL":"{{ .Values.global.oidcProviderProtocol }}","OIDC_PROVIDER_TOKEN_ENDPOINT":"{{ .Values.global.oidcProviderTokenEndpoint }}","OIDC_PROVIDER_URI":"{{ .Values.global.oidcProviderService }}","ON_PREMISE":true,"RUNTIME_MONGO_DB":"codefresh","RUNTIME_REDIS_DB":0},"image":{"registry":"us-docker.pkg.dev/codefresh-enterprise/gcr.io","repository":"codefresh/cf-api"}}` | Container configuration | | cfapi-internal.<<.container.env | object | See below | Env vars | | cfapi-internal.<<.container.image | object | `{"registry":"us-docker.pkg.dev/codefresh-enterprise/gcr.io","repository":"codefresh/cf-api"}` | Image | @@ -2154,18 +2248,17 @@ After platform upgrade, Consul fails with the error `refusing to rejoin cluster | cfapi-internal.<<.hpa.maxReplicas | int | `10` | Maximum number of replicas | | cfapi-internal.<<.hpa.minReplicas | int | `2` | Minimum number of replicas | | cfapi-internal.<<.hpa.targetCPUUtilizationPercentage | int | `70` | Average CPU utilization percentage | -| cfapi-internal.<<.nodeSelector | object | `{}` | | +| cfapi-internal.<<.imagePullSecrets | list | `[]` | Image pull secrets | +| cfapi-internal.<<.nodeSelector | object | `{}` | Node selector configuration | | cfapi-internal.<<.pdb | object | `{"enabled":false,"minAvailable":"50%"}` | Pod disruption budget configuration | | cfapi-internal.<<.pdb.enabled | bool | `false` | Enable PDB | | cfapi-internal.<<.pdb.minAvailable | string | `"50%"` | Minimum number of replicas in percentage | -| cfapi-internal.<<.podSecurityContext | object | `{}` | | +| cfapi-internal.<<.podSecurityContext | object | `{}` | Pod security context configuration | | cfapi-internal.<<.resources | object | `{"limits":{},"requests":{"cpu":"200m","memory":"256Mi"}}` | Resource requests and limits | -| cfapi-internal.<<.secrets.secret.enabled | bool | `true` | | -| cfapi-internal.<<.secrets.secret.stringData.OIDC_PROVIDER_CLIENT_ID | string | `"{{ .Values.global.oidcProviderClientId }}"` | | -| cfapi-internal.<<.secrets.secret.stringData.OIDC_PROVIDER_CLIENT_SECRET | string | `"{{ .Values.global.oidcProviderClientSecret }}"` | | -| cfapi-internal.<<.secrets.secret.type | string | `"Opaque"` | | -| cfapi-internal.<<.tolerations | list | `[]` | | +| cfapi-internal.<<.secrets | object | `{"secret":{"enabled":true,"stringData":{"OIDC_PROVIDER_CLIENT_ID":"{{ .Values.global.oidcProviderClientId }}","OIDC_PROVIDER_CLIENT_SECRET":"{{ .Values.global.oidcProviderClientSecret }}"},"type":"Opaque"}}` | Secrets configuration | +| cfapi-internal.<<.tolerations | list | `[]` | Tolerations configuration | | cfapi-internal.enabled | bool | `false` | | +| cfapi.affinity | object | `{}` | Affinity configuration | | cfapi.container | object | `{"env":{"AUDIT_AUTO_CREATE_DB":true,"DEFAULT_SYSTEM_TYPE":"PROJECT_ONE","GITHUB_API_PATH_PREFIX":"/api/v3","LOGGER_LEVEL":"debug","OIDC_PROVIDER_PORT":"{{ .Values.global.oidcProviderPort }}","OIDC_PROVIDER_PROTOCOL":"{{ .Values.global.oidcProviderProtocol }}","OIDC_PROVIDER_TOKEN_ENDPOINT":"{{ .Values.global.oidcProviderTokenEndpoint }}","OIDC_PROVIDER_URI":"{{ .Values.global.oidcProviderService }}","ON_PREMISE":true,"RUNTIME_MONGO_DB":"codefresh","RUNTIME_REDIS_DB":0},"image":{"registry":"us-docker.pkg.dev/codefresh-enterprise/gcr.io","repository":"codefresh/cf-api"}}` | Container configuration | | cfapi.container.env | object | See below | Env vars | | cfapi.container.image | object | `{"registry":"us-docker.pkg.dev/codefresh-enterprise/gcr.io","repository":"codefresh/cf-api"}` | Image | @@ -2179,10 +2272,15 @@ After platform upgrade, Consul fails with the error `refusing to rejoin cluster | cfapi.hpa.maxReplicas | int | `10` | Maximum number of replicas | | cfapi.hpa.minReplicas | int | `2` | Minimum number of replicas | | cfapi.hpa.targetCPUUtilizationPercentage | int | `70` | Average CPU utilization percentage | +| cfapi.imagePullSecrets | list | `[]` | Image pull secrets | +| cfapi.nodeSelector | object | `{}` | Node selector configuration | | cfapi.pdb | object | `{"enabled":false,"minAvailable":"50%"}` | Pod disruption budget configuration | | cfapi.pdb.enabled | bool | `false` | Enable PDB | | cfapi.pdb.minAvailable | string | `"50%"` | Minimum number of replicas in percentage | +| cfapi.podSecurityContext | object | `{}` | Pod security context configuration | | cfapi.resources | object | `{"limits":{},"requests":{"cpu":"200m","memory":"256Mi"}}` | Resource requests and limits | +| cfapi.secrets | object | `{"secret":{"enabled":true,"stringData":{"OIDC_PROVIDER_CLIENT_ID":"{{ .Values.global.oidcProviderClientId }}","OIDC_PROVIDER_CLIENT_SECRET":"{{ .Values.global.oidcProviderClientSecret }}"},"type":"Opaque"}}` | Secrets configuration | +| cfapi.tolerations | list | `[]` | Tolerations configuration | | cfsign | object | See below | tls-sign | | cfui | object | See below | cf-ui | | charts-manager | object | See below | charts-manager | @@ -2191,6 +2289,7 @@ After platform upgrade, Consul fails with the error `refusing to rejoin cluster | consul | object | See below | consul Ref: https://github.com/bitnami/charts/blob/main/bitnami/consul/values.yaml | | context-manager | object | See below | context-manager | | cronus | object | See below | cronus | +| developmentChart | bool | `false` | | | dockerconfigjson | object | `{}` | DEPRECATED - Use `.imageCredentials` instead dockerconfig (for `kcfi` tool backward compatibility) for Image Pull Secret. Obtain GCR Service Account JSON (sa.json) at support@codefresh.io ```shell GCR_SA_KEY_B64=$(cat sa.json | base64) DOCKER_CFG_VAR=$(echo -n "_json_key:$(echo ${GCR_SA_KEY_B64} | base64 -d)" | base64 | tr -d '\n') ``` E.g.: dockerconfigjson: auths: gcr.io: auth: | | gencerts | object | See below | Job to generate internal runtime secrets. Required at first install. | | gitops-dashboard-manager | object | See below | gitops-dashboard-manager | @@ -2287,13 +2386,16 @@ After platform upgrade, Consul fails with the error `refusing to rejoin cluster | global.tolerations | list | `[]` | Global tolerations constraints Apply toleratons to all Codefresh subcharts. Will not be applied on Bitnami subcharts. | | helm-repo-manager | object | See below | helm-repo-manager | | hermes | object | See below | hermes | -| hooks | object | See below | Pre/post-upgrade Job hooks. Updates images in `system/default` runtime. | +| hooks | object | See below | Pre/post-upgrade Job hooks. | +| hooks.consul | object | `{"affinity":{},"enabled":true,"image":{"registry":"us-docker.pkg.dev/codefresh-inc/public-gcr-io","repository":"codefresh/kubectl","tag":"1.33.0"},"nodeSelector":{},"podSecurityContext":{},"resources":{},"tolerations":[]}` | Recreates `consul-headless` service due to duplicated ports in Service during the upgrade. | +| hooks.mongodb | object | `{"affinity":{},"enabled":true,"image":{"registry":"us-docker.pkg.dev/codefresh-inc/public-gcr-io","repository":"codefresh/mongosh","tag":"2.5.0"},"nodeSelector":{},"podSecurityContext":{},"resources":{},"tolerations":[]}` | Updates images in `system/default` runtime. | | imageCredentials | object | `{}` | Credentials for Image Pull Secret object | -| ingress | object | `{"annotations":{"nginx.ingress.kubernetes.io/configuration-snippet":"more_set_headers \"X-Request-ID: $request_id\";\nproxy_set_header X-Request-ID $request_id;\n","nginx.ingress.kubernetes.io/service-upstream":"true","nginx.ingress.kubernetes.io/ssl-redirect":"false","nginx.org/redirect-to-https":"false"},"enabled":true,"ingressClassName":"nginx-codefresh","nameOverride":"","services":{"internal-gateway":["/"]},"tls":{"cert":"","enabled":false,"existingSecret":"","key":"","secretName":"star.codefresh.io"}}` | Ingress | +| ingress | object | `{"annotations":{"nginx.ingress.kubernetes.io/service-upstream":"true","nginx.ingress.kubernetes.io/ssl-redirect":"false","nginx.org/redirect-to-https":"false"},"enabled":true,"ingressClassName":"nginx-codefresh","labels":{},"nameOverride":"","services":{"internal-gateway":["/"]},"tls":{"cert":"","enabled":false,"existingSecret":"","key":"","secretName":"star.codefresh.io"}}` | Ingress | | ingress-nginx | object | See below | ingress-nginx Ref: https://github.com/kubernetes/ingress-nginx/blob/main/charts/ingress-nginx/values.yaml | | ingress.annotations | object | See below | Set annotations for ingress. | | ingress.enabled | bool | `true` | Enable the Ingress | | ingress.ingressClassName | string | `"nginx-codefresh"` | Set the ingressClass that is used for the ingress. Default `nginx-codefresh` is created from `ingress-nginx` controller subchart | +| ingress.labels | object | `{}` | Set labels for ingress | | ingress.nameOverride | string | `""` | Override Ingress resource name | | ingress.services | object | See below | Default services and corresponding paths | | ingress.tls.cert | string | `""` | Certificate (base64 encoded) | @@ -2304,9 +2406,11 @@ After platform upgrade, Consul fails with the error `refusing to rejoin cluster | internal-gateway | object | See below | internal-gateway | | k8s-monitor | object | See below | k8s-monitor | | kube-integration | object | See below | kube-integration | +| mailer.enabled | bool | `false` | | | mongodb | object | See below | mongodb Ref: https://github.com/bitnami/charts/blob/main/bitnami/mongodb/values.yaml | | nats | object | See below | nats Ref: https://github.com/bitnami/charts/blob/main/bitnami/nats/values.yaml | | nomios | object | See below | nomios | +| payments.enabled | bool | `false` | | | pipeline-manager | object | See below | pipeline-manager | | postgresql | object | See below | postgresql Ref: https://github.com/bitnami/charts/blob/main/bitnami/postgresql/values.yaml | | postgresql-ha | object | See below | postgresql Ref: https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/values.yaml | @@ -2317,6 +2421,7 @@ After platform upgrade, Consul fails with the error `refusing to rejoin cluster | runner | object | See below | runner | | runtime-environment-manager | object | See below | runtime-environment-manager | | runtimeImages | object | See below | runtimeImages | +| salesforce-reporter.enabled | bool | `false` | | | seed | object | See below | Seed jobs | | seed-e2e | object | `{"affinity":{},"backoffLimit":10,"enabled":false,"image":{"registry":"docker.io","repository":"mongo","tag":"latest"},"nodeSelector":{},"podSecurityContext":{},"resources":{},"tolerations":[],"ttlSecondsAfterFinished":300}` | CI | | seed.enabled | bool | `true` | Enable all seed jobs | @@ -2330,5 +2435,6 @@ After platform upgrade, Consul fails with the error `refusing to rejoin cluster | seed.postgresSeedJob.postgresPasswordSecretKeyRef | optional | `{}` | Password for "postgres" admin user from existing secret | | seed.postgresSeedJob.postgresUser | optional | `""` | "postgres" admin user in plain text (required ONLY for seed job!) Must be a privileged user allowed to create databases and grant roles. If omitted, username and password from `.Values.global.postgresUser/postgresPassword` will be used. | | seed.postgresSeedJob.postgresUserSecretKeyRef | optional | `{}` | "postgres" admin user from exising secret | -| tasker-kubernetes | object | `{"affinity":{},"container":{"image":{"registry":"us-docker.pkg.dev/codefresh-enterprise/gcr.io","repository":"codefresh/tasker-kubernetes"}},"enabled":true,"hpa":{"enabled":false},"nodeSelector":{},"pdb":{"enabled":false},"podSecurityContext":{},"resources":{"limits":{},"requests":{"cpu":"100m","memory":"128Mi"}},"tolerations":[]}` | tasker-kubernetes | +| segment-reporter.enabled | bool | `false` | | +| tasker-kubernetes | object | `{"affinity":{},"container":{"image":{"registry":"us-docker.pkg.dev/codefresh-enterprise/gcr.io","repository":"codefresh/tasker-kubernetes"}},"enabled":true,"hpa":{"enabled":false},"imagePullSecrets":[],"nodeSelector":{},"pdb":{"enabled":false},"podSecurityContext":{},"resources":{"limits":{},"requests":{"cpu":"100m","memory":"128Mi"}},"tolerations":[]}` | tasker-kubernetes | | webTLS | object | `{"cert":"","enabled":false,"key":"","secretName":"star.codefresh.io"}` | DEPRECATED - Use `.Values.ingress.tls` instead TLS secret for Ingress | diff --git a/codefresh/README.md.gotmpl b/codefresh/README.md.gotmpl index 295d908120..2d3038ebee 100644 --- a/codefresh/README.md.gotmpl +++ b/codefresh/README.md.gotmpl @@ -24,6 +24,7 @@ Helm chart for deploying [Codefresh On-Premises](https://codefresh.io/docs/docs/ - [Configuration with ALB (Application Load Balancer)](#configuration-with-alb-application-load-balancer) - [Configuration with Private Registry](#configuration-with-private-registry) - [Configuration with multi-role CF-API](#configuration-with-multi-role-cf-api) + - [Indexes in MongoDB](#indexes-in-mongodb) - [High Availability](#high-availability) - [Mounting private CA certs](#mounting-private-ca-certs) - [Installing on OpenShift](#installing-on-openshift) @@ -33,21 +34,21 @@ Helm chart for deploying [Codefresh On-Premises](https://codefresh.io/docs/docs/ - [Projects pipelines limit](#projects-pipelines-limit) - [Enable session cookie](#enable-session-cookie) - [X-Frame-Options response header](#x-frame-options-response-header) - - [Auto-index creation in MongoDB](#auto-index-creation-in-mongodb) - [Image digests in containers](#image-digests-in-containers) - [Configuring OIDC Provider](#configuring-oidc-provider) - [Upgrading](#upgrading) - - [To 2.0.0](#to-200) - - [To 2.0.12](#to-2012) - - [To 2.0.17](#to-2017) - - [To 2.1.0](#to-210) - - [To 2.1.7](#to-217) - - [To 2.2.0](#to-220) - - [To 2.3.0](#to-230) - - [To 2.4.0](#to-240) - - [To 2.5.0](#to-250) - - [To 2.6.0](#to-260) - - [To 2.7.0](#to-270) + - [To 2.0.0](#to-2-0-0) + - [To 2.0.12](#to-2-0-12) + - [To 2.0.17](#to-2-0-17) + - [To 2.1.0](#to-2-1-0) + - [To 2.1.7](#to-2-1-7) + - [To 2.2.0](#to-2-2-0) + - [To 2.3.0](#to-2-3-0) + - [To 2.4.0](#to-2-4-0) + - [To 2.5.0](#to-2-5-0) + - [To 2.6.0](#to-2-6-0) + - [To 2.7.0](#to-2-7-0) + - [To 2.8.0](#to-2-8-0) - [Rollback](#rollback) - [Troubleshooting](#troubleshooting) - [Values](#values) @@ -60,7 +61,7 @@ Helm chart for deploying [Codefresh On-Premises](https://codefresh.io/docs/docs/ ## Prerequisites -- Kubernetes **>= 1.28 && <= 1.31** (Supported versions mean that installation passed for the versions listed; however, it **may** work on older k8s versions as well) +- Kubernetes **>= 1.28 && <= 1.32** (Supported versions mean that installation passed for the versions listed; however, it **may** work on older k8s versions as well) - Helm **3.8.0+** - PV provisioner support in the underlying infrastructure (with [resizing](https://kubernetes.io/blog/2018/07/12/resizing-persistent-volumes-using-kubernetes/) available) - Minimal 4vCPU and 8Gi Memory available in the cluster (for production usage the recommended minimal cluster capacity is at least 12vCPUs and 36Gi Memory) @@ -80,6 +81,8 @@ See [Use OCI-based registries](https://helm.sh/docs/topics/registries/) **Important:** only helm 3.8.0+ is supported +**Important:** Read about [Indexes in MongoDB](#indexes-in-mongodb) before installation + Edit default `values.yaml` or create empty `cf-values.yaml` - Pass `sa.json` (as a single line) to `.Values.imageCredentials.password` @@ -116,6 +119,11 @@ global: # firebaseSecretSecretKeyRef: # name: my-secret # key: firebase-secret + + env: + MONGOOSE_AUTO_INDEX: "true" + MONGO_AUTOMATIC_INDEX_CREATION: "true" + ``` - Specify `.Values.ingress.tls.cert` and `.Values.ingress.tls.key` OR `.Values.ingress.tls.existingSecret` @@ -183,11 +191,12 @@ helm show values codefresh/codefresh The following table displays the list of **persistent** services created as part of the on-premises installation: -| Database | Purpose | Latest supported version | +| Database | Purpose | Required version | | :--- | :---- | :--- | -| MongoDB | Stores all account data (account settings, users, projects, pipelines, builds etc.) | 4.4.x | -| Postgresql | Stores data about events for the account (pipeline updates, deletes, etc.). The audit log uses the data from this database. | 13.x | +| MongoDB | Stores all account data (account settings, users, projects, pipelines, builds etc.) | 7.x | +| Postgresql | Stores data about events for the account (pipeline updates, deletes, etc.). The audit log uses the data from this database. | 17.x | | Redis | Used for caching, and as a key-value store for cron trigger manager. | 7.0.x | +| RabbitMQ | Used for message queueing. | 4.0.x | > Running on netfs (nfs, cifs) is not recommended. @@ -207,8 +216,6 @@ However, you might need to use external services like [MongoDB Atlas Database](h #### External MongoDB -**Important:** Recommended version of Mongo is 6.x - ```yaml seed: mongoSeedJob: @@ -320,8 +327,6 @@ global: #### External PostgresSQL -**Important:** Recommended version of Postgres is 13.x - ```yaml seed: postgresSeedJob: @@ -385,8 +390,6 @@ postgresql: #### External Redis -**Important:** Recommended version of Redis is 7.x - ```yaml global: # -- Set redis password in plain text @@ -462,8 +465,6 @@ global: #### External RabbitMQ -**Important:** Recommended version of RabbitMQ is 3.x - ```yaml global: # -- Set rabbitmq protocol (`amqp/amqps`) @@ -784,6 +785,59 @@ cfapi-test-reporting: enabled: true ``` +⚠️ ⚠️ ⚠️ +### Indexes in MongoDB +⚠️ ⚠️ ⚠️ + +Indexes in MongoDB are essential for efficient query performance, especially as your data grows. Without proper indexes, MongoDB must perform full collection scans to find matching documents, which can significantly slow down operations and increase resource usage. For production environments, ensuring that all frequently queried fields are indexed is vital to maintain optimal performance and scalability. + +Auto-index creation in MongoDB is disabled by default in Codefresh On-Prem to prevent unexpected performance issues in production environments during upgrades. When enabled, MongoDB will automatically create indexes for fields used in queries, which can lead to high CPU and disk usage, increased I/O, and potential service disruptions—especially on large datasets. By requiring manual index management, administrators can plan index creation during maintenance windows, ensuring system stability and predictable performance before upgrading Codefresh On-Prem. + +It is critical to ensure that your MongoDB indexes are always aligned with the latest recommended state for your Codefresh On-Prem version. Outdated or missing indexes can lead to degraded performance, slow queries, and increased resource consumption. Always review release notes and update or create indexes as specified during upgrades or when new collections/fields are introduced. Regularly auditing and maintaining your indexes helps ensure optimal system reliability and scalability. + +The indexes list is located at the [codefresh-io/codefresh-onprem-helm](https://github.com/codefresh-io/codefresh-onprem-helm/tree/onprem-2.8.0/indexes) repository. +The indexes are stored in JSON files with keys and options specified. + +The directory structure is: + +```console +codefresh-onprem-helm +├── indexes +│ ├── # MongoDB database name +│ │ ├── .json # MongoDB indexes for the specified collection +``` + +#### Enabling auto-index creation + +For first-time installations, you **must** enable auto-index creation by setting the following values: + +```yaml +global: + env: + MONGOOSE_AUTO_INDEX: "true" + MONGO_AUTOMATIC_INDEX_CREATION: "true" +``` + +You **should** disable it for the next upgrades by setting these variables to `false`: + +```yaml +global: + env: + MONGOOSE_AUTO_INDEX: "false" + MONGO_AUTOMATIC_INDEX_CREATION: "false" +``` + +#### Creating Indexes manually + +> **Note!** If you have a large amount of MongoDB data, it is recommended to create indexes manually. Enabling auto-index creation can cause performance degradation during the index creation process with large datasets. + +Depending on your MongoDB service (e.g., Atlas, self-hosted), you can create indexes using the MongoDB shell or the Atlas UI. + +Ref: +- [Create an Index in Atlas DB](https://www.mongodb.com/docs/atlas/atlas-ui/indexes/#create-an-index) +- [Create an Index with mongosh](https://www.mongodb.com/docs/manual/reference/method/db.collection.createIndex/) + + ### High Availability The chart installs the non-HA version of Codefresh by default. If you want to run Codefresh in HA mode, use the example values below. @@ -1209,32 +1263,6 @@ cfapi: USE_SHA256_GITHUB_SIGNATURE: "true" ``` -### Auto-index creation in MongoDB - -In Codefresh On-Prem 2.6.x, the `cfapi` can create indexes in MongoDB automatically. This feature is disabled by default. To enable it, set the following environment variable: - -> **Note!** Enabling this feature can cause performance degradation during the index creation process. - -> **Note!** It is recommended to add indexes during a maintenance window. The indexes list is provided in `codefresh/files/indexes//.json` files. - -```yaml -cfapi: - container: - env: - MONGOOSE_AUTO_INDEX: "true" -``` - -```yaml -argo-platform: - api-graphql: - env: - MONGO_AUTOMATIC_INDEX_CREATION: "true" -``` - -Ref: -- [Create an Index in Atlas DB](https://www.mongodb.com/docs/atlas/atlas-ui/indexes/#create-an-index) -- [Create an Index with mongosh](https://www.mongodb.com/docs/manual/reference/method/db.collection.createIndex/) - ### Image digests in containers In Codefresh On-Prem 2.6.x all Codefresh owner microservices include image digests in the default subchart values. @@ -1268,7 +1296,7 @@ cfapi: image: tag: 21.268.1 # -- Set empty tag for digest - digest: "" + digest: "" ``` @@ -1466,7 +1494,7 @@ Use [obtain-oidc-id-token](https://github.com/codefresh-io/steps/blob/822afc0a9a ## Upgrading -### To 2.0.0 +### To 2-0-0 This major chart version change (v1.4.X -> v2.0.0) contains some **incompatible breaking change needing manual actions**. @@ -1775,7 +1803,7 @@ helm-repo-manager: repository: myregistry.domain.com/codefresh/chartmuseum ``` -### To 2.0.17 +### To 2-0-17 #### ⚠️ Affected values @@ -1849,7 +1877,7 @@ argo-platform: repository: codefresh-io/argo-platform-ui ``` -### To 2.1.0 +### To 2-1-0 ### [What's new in 2.1.x](https://codefresh.io/docs/docs/whats-new/on-prem-release-notes/#on-premises-version-21) @@ -1886,14 +1914,14 @@ cf-broadcaster: ``` -### To 2.1.7 +### To 2-1-7 ⚠️⚠️⚠️ > Since version 2.1.7 chart is pushed **only** to OCI registry at `oci://quay.io/codefresh/codefresh` > Versions prior to 2.1.7 are still available in ChartMuseum at `http://chartmuseum.codefresh.io/codefresh` -### To 2.2.0 +### To 2-2-0 ### [What's new in 2.2.x](https://codefresh.io/docs/docs/whats-new/on-prem-release-notes/#on-premises-version-22) @@ -1921,7 +1949,7 @@ redis-ha: enabled: true ``` -### To 2.3.0 +### To 2-3-0 ### [What's new in 2.3.x](https://codefresh.io/docs/docs/whats-new/on-prem-release-notes/#on-premises-version-23) @@ -1965,7 +1993,7 @@ helm rollback $RELEASE_NAME $RELEASE_NUMBER \ --wait ``` -### To 2.4.0 +### To 2-4-0 ### [What's new in 2.4.x](https://codefresh.io/docs/docs/whats-new/on-prem-release-notes/#on-premises-version-24) @@ -1994,11 +2022,11 @@ cfapi: DEFAULT_SYSTEM_TYPE: CLASSIC ``` -### To 2.5.0 +### To 2-5-0 ### [What's new in 2.5.x](https://codefresh.io/docs/docs/whats-new/on-prem-release-notes/#on-premises-version-25) -### To 2.6.0 +### To 2-6-0 ### [What's new in 2.6.x](https://codefresh.io/docs/docs/whats-new/on-prem-release-notes/#on-premises-version-26) @@ -2010,7 +2038,7 @@ cfapi: [Auto-index creation in MongoDB](#auto-index-creation-in-mongodb) -### To 2.7.0 +### To 2-7-0 ### [What's new in 2.7.x](https://codefresh.io/docs/docs/whats-new/on-prem-release-notes/#on-premises-version-27) @@ -2041,6 +2069,73 @@ global: - "value" ``` +### To 2-8-0 + +### [What's new in 2.8.x](https://codefresh.io/docs/docs/whats-new/on-prem-release-notes/#on-premises-version-28) + +### ⚠️ ⚠️ ⚠️ Breaking changes. Read before upgrading! + +### MongoDB update + +Default MongoDB image is changed from 6.x to 7.x. + +If you run external MongoDB (i.e. [Atlas](https://cloud.mongodb.com)), it is **required** to upgrade it to 7.x after upgrading Codefresh On-Prem to 2.8.x. + +For backward compatibility (in case you need to rollback to 6.x), you can set [`featureCompatibilityVersion`](https://www.mongodb.com/docs/v6.0/reference/command/setFeatureCompatibilityVersion/) to `6.0` in your values file. + +```yaml +mongodb: + migration: + enabled: true + featureCompatibilityVersion: "6.0" +``` + +### PostgreSQL update + +Default PostgreSQL image is changed from 13.x to 17.x + +If you run external PostgreSQL, follow the [official instructions](https://www.postgresql.org/docs/17/upgrading.html) to upgrade to 17.x. + +⚠️ ⚠️ ⚠️ If you run built-in PostgreSQL `bitnami/postgresql` subchart, direct upgrade is not supported. You need to backup your data, delete the old PostgreSQL StatefulSet with PVCs and restore the data into a new PostgreSQL StatefulSet. + +```console +PGUSER=postgres +PGHOST=cf-postgresql +PGPORT=5432 +PGPASSWORD=postgres +BACKUP_DIR=/tmp/pg_backup +BACKUP_SQL=backup.sql +TIMESTAMP=$(date +%Y%m%d%H%M%S) +NAMESPACE=codefresh + +# Backup PostgreSQL data +pg_dumpall --verbose > "$BACKUP_DIR/$BACKUP_SQL.$TIMESTAMP" 2>> "$LOG_FILE" + +# Delete old PostgreSQL StatefulSet +STS_NAME=$(kubectl get sts -n $NAMESPACE -l app.kubernetes.io/instance=$RELEASE_NAME -l app.kubernetes.io/name=postgresql -o jsonpath='{.items[0].metadata.name}') +PVC_NAME=$(kubectl get pvc -n $NAMESPACE -l app.kubernetes.io/instance=$RELEASE_NAME -l app.kubernetes.io/name=postgresql -o jsonpath='{.items[0].metadata.name}') + +kubectl delete sts $STS_NAME -n $NAMESPACE +kubectl delete pvc $PVC_NAME -n $NAMESPACE + +# Perform Codefresh On-Prem upgrade to 2.8.x + +# Restore PostgreSQL data +psql -U -f "$BACKUP_DIR/$BACKUP_SQL.$TIMESTAMP" >> "$LOG_FILE" 2>&1 +``` + +### RabbitMQ update + +Default RabbitMQ image is changed from 3.x to 4.x + +#### Affected values + +- Added option to provide `.Values.global.tolerations`/`.Values.global.nodeSelector`/`.Values.global.affinity` for all Codefresh subcharts + +- Changed default location for public images from `quay.io/codefresh` to `us-docker.pkg.dev/codefresh-inc/public-gcr-io/codefresh` + +- `.Values.hooks` was splitted into `.Values.hooks.mongodb` and `.Values.hooks.consul` + ## Troubleshooting ### Error: Failed to validate connection to Docker daemon; caused by Error: certificate has expired diff --git a/codefresh/files/assets/accounts-dev.json b/codefresh/files/assets/accounts-dev.json new file mode 100644 index 0000000000..06ac6be00c --- /dev/null +++ b/codefresh/files/assets/accounts-dev.json @@ -0,0 +1,262 @@ +{ + "_id" : ObjectId("59009117c102763beda7ce71"), + "name" : "codefresh-inc", + "suspension" : { + "isSuspended" : false + }, + "activation" : { + "isActivated" : true, + "performedBy" : "System" + }, + "cloudBuilds" : { + "isActivated" : true, + "isRequested" : false, + "performedBy" : "System" + }, + "allowedDomains" : [ + + ], + "enabledAllowedDomains" : true, + "admins" : [ + ObjectId("59009221c102763beda7cf04") + ], + "environment" : NumberInt(1), + "runtimeEnvironment" : "codefresh", + "integrations" : { + "stash" : { + "active" : false + }, + "github" : { + "active" : false + }, + "gitlab" : { + "active" : false + }, + "aks" : { + "exist" : false + }, + "aks_sp" : { + "exist" : false + }, + "aks_mi" : { + "exist" : false + }, + "gcloud" : { + "exist" : false + }, + "digitalOcean" : { + "exist" : false + }, + "registries" : [ + + ] + }, + "badgeToken" : "eyJhbGciOiJIUzI1NiJ9.NTkwMDkxMTdjMTAyNzYzYmVkYTdjZTcx.B0HOUL6HlpTRNr_e95pVucSRMRzP2cobe5kIoMtrDSc", + "createdAt" : ISODate("2017-04-26T12:22:48.001+0000"), + "updatedAt" : ISODate("2017-04-26T12:27:13.720+0000"), + "build" : { + "strategy" : "account", + "nodes" : NumberInt(0), + "packs" : [ + { + "id" : "5cd1746617313f468d669013", + "metadata" : { + "name" : "small", + "description" : "1 GB RAM 1 CPU" + }, + "workflows" : { + "concurrency" : { + "amount" : NumberInt(1), + "absorb" : NumberInt(0), + "allowUnlimited" : false + } + }, + "runtime" : { + "name" : "system/linux_paying_plan", + "defaultDindResources" : { + "requests" : { + "cpu" : "900m", + "memory" : "1024Mi" + } + }, + "cpu" : "1000m", + "memory" : "1024Mi", + "storage" : "8G", + "dindStorage" : "8G", + "os" : "linux", + "architecture" : "amd64" + } + }, + { + "id" : "5cd1746717313f468d669014", + "metadata" : { + "name" : "medium", + "description" : "4 GB RAM 2 CPU" + }, + "workflows" : { + "concurrency" : { + "amount" : NumberInt(1), + "absorb" : NumberInt(0), + "allowUnlimited" : false + } + }, + "runtime" : { + "name" : "system/linux_paying_plan", + "defaultDindResources" : { + "requests" : { + "cpu" : "1200m", + "memory" : "1500Mi" + } + }, + "cpu" : "2000m", + "memory" : "4096Mi", + "storage" : "16G", + "dindStorage" : "16G", + "os" : "linux", + "architecture" : "amd64" + } + }, + { + "id" : "5cd1746817313f468d669015", + "metadata" : { + "name" : "large", + "description" : "8 GB RAM 4 CPU" + }, + "workflows" : { + "concurrency" : { + "amount" : NumberInt(1), + "absorb" : NumberInt(0), + "allowUnlimited" : false + } + }, + "runtime" : { + "name" : "system/linux_paying_plan", + "defaultDindResources" : { + "requests" : { + "cpu" : "1500m", + "memory" : "3000Mi" + } + }, + "cpu" : "4000m", + "memory" : "8192Mi", + "storage" : "32G", + "dindStorage" : "32G", + "os" : "linux", + "architecture" : "amd64" + } + }, + { + "id" : "5cd1746817313f468d669016", + "metadata" : { + "name" : "runner", + "description" : "Hybrid runtime-environment" + }, + "workflows" : { + "concurrency" : { + "amount" : NumberInt(-1), + "absorb" : NumberInt(1), + "allowUnlimited" : true + } + } + } + ], + "defaultPack" : ObjectId("5cd1746617313f468d669013") + }, + "dedicatedInfrastructure" : false, + "canUsePrivateRepos" : true, + "features" : { + "launchDarklyManagement" : true + }, + "supportPlan" : "PLATINUM", + "increasedAttention" : false, + "cfcrRepositoryPath" : "codefresh-inc", + "paymentPlan" : { + "id" : "PRO_1", + "trial" : { + "trialing" : true, + "trialStart" : ISODate("2025-02-07T15:33:32.532+0000"), + "trialEnd" : ISODate("2025-02-22T15:33:32.532+0000"), + "trialWillEndNotified" : false, + "trialEndedNotified" : false, + "type" : "NEW_ACCOUNT", + "previousSegment" : "BASIC" + }, + "isWiredTransfer" : false, + "provider" : "codefresh" + }, + "gradualExposure" : "SEGMENT", + "codefreshEnv" : "latest", + "imageViewConfig" : { + "version" : "V1" + }, + "buildStepConfig" : { + "version" : "V1", + "disablePush" : false + }, + "CFCRState" : { + "dates" : { + "one" : { + "startDate" : "2020-03-10", + "endDate" : "2020-07-02" + }, + "two" : { + "startDate" : "2020-07-02", + "endDate" : "2020-07-16" + } + }, + "enabled" : false, + "system" : "ACTIVE", + "displayGlobalNotice" : true, + "accountChoice" : "ACTIVE" + }, + "noPersonalAccountForInvitedUser" : true, + "pipelineConfig" : { + "general" : { + "templates" : false, + "clone" : true, + "autoCreateProjectsForTeams" : false, + "lowMemoryWarningThreshold" : "70" + }, + "yaml" : { + "inline" : true, + "git" : true, + "url" : true + }, + "execution" : { + "keepPVCsForPendingApproval" : false, + "pendingApprovalConcurrencyApplied" : false, + "injectClustersFromPipelineSettings" : false, + "permitRestartFromFailedSteps" : true + }, + "pendingApproval" : { + "pendingApprovalConfirmation" : "none" + } + }, + "csdp" : { + "validated" : false + }, + "pauseWorkflowExecution" : false, + "systemType" : "PROJECT_ONE", + "systemTypePrev" : "", + "notifications" : [ + { + "type" : "pr", + "events" : [ + "build-success" + ] + } + ], + "repoPermission" : "public", + "limits" : { + "collaborators" : { + "limit" : NumberInt(10), + "used" : NumberInt(1) + }, + "dataRetention" : { + "weeks" : NumberInt(24) + } + }, + "localUserPasswordIDPEnabled" : true, + "segment" : "ENTERPRISE", + "__v" : NumberInt(0) +} diff --git a/codefresh/files/assets/packs.json b/codefresh/files/assets/packs.json new file mode 100644 index 0000000000..61ee50a0de --- /dev/null +++ b/codefresh/files/assets/packs.json @@ -0,0 +1,103 @@ +[ + { + "workflows": { + "concurrency": { + "amount": 2, + "absorb": 2, + "allowUnlimited": false + } + }, + "runtime": { + "defaultDindResources": { + "requests": { + "cpu": "900m", + "memory": "1024Mi" + } + }, + "name": "system/linux_paying_plan", + "os": "linux", + "architecture": "amd64", + "cpu": "1000m", + "memory": "1024Mi", + "storage": "8G", + "dindStorage": "8G" + }, + "id": "5cd1746617313f468d669013", + "metadata": { + "description": "1 GB RAM 1 CPU", + "name": "small" + } + }, + { + "workflows": { + "concurrency": { + "amount": 2, + "absorb": 2, + "allowUnlimited": false + } + }, + "runtime": { + "defaultDindResources": { + "requests": { + "cpu": "1200m", + "memory": "1500Mi" + } + }, + "name": "system/linux_paying_plan", + "os": "linux", + "architecture": "amd64", + "cpu": "2000m", + "memory": "4096Mi", + "storage": "16G", + "dindStorage": "16G" + }, + "id": "5cd1746717313f468d669014", + "metadata": { + "description": "4 GB RAM 2 CPU", + "name": "medium" + } + }, + { + "workflows": { + "concurrency": { + "amount": 2, + "absorb": 2, + "allowUnlimited": false + } + }, + "runtime": { + "defaultDindResources": { + "requests": { + "cpu": "1500m", + "memory": "3000Mi" + } + }, + "name": "system/linux_paying_plan", + "os": "linux", + "architecture": "amd64", + "cpu": "4000m", + "memory": "8192Mi", + "storage": "32G", + "dindStorage": "32G" + }, + "id": "5cd1746817313f468d669015", + "metadata": { + "description": "8 GB RAM 4 CPU", + "name": "large" + } + }, + { + "workflows": { + "concurrency": { + "amount": -1, + "absorb": 0, + "allowUnlimited": true + } + }, + "id": "5cd1746817313f468d669016", + "metadata": { + "description": "Hybrid runtime-environment", + "name": "runner" + } + } +] diff --git a/codefresh/files/mongoSeedJobScript.sh b/codefresh/files/mongoSeedJobScript.sh index 3bcaf6f98a..53947038fc 100644 --- a/codefresh/files/mongoSeedJobScript.sh +++ b/codefresh/files/mongoSeedJobScript.sh @@ -29,6 +29,8 @@ MONGODB_DATABASES=( "platform-analytics-postgres" "read-models" "runtime-environment-manager" + "onboarding-status" + "payments" ) disableMongoTelemetry() { @@ -66,6 +68,18 @@ getMongoVersion() { MONOGDB_VERSION=$(mongosh ${MONGODB_ROOT_URI} --eval "db.version()" 2>&1 | tail -n1) } +setSystemAdmin() { + mongosh $MONGO_URI --eval "db.users.update({}, {\$set: {roles: ['User', 'Admin', 'Account Admin']}}, {multi: true})" +} + +setPacks() { + PACKS=$(cat ${ASSETS_PATH}packs.json) + mongosh $MONGO_URI --eval "db.accounts.update({}, {\$set: {'build.packs': ${PACKS} }}, {multi: true})" + + PAYMENTS_MONGO_URI=${MONGO_URI/\/codefresh/\/payments} + mongosh $PAYMENTS_MONGO_URI --eval "db.accounts.update({}, {\$set: {'plan.packs': ${PACKS} }}, {multi: true})" +} + parseMongoURI $MONGO_URI disableMongoTelemetry @@ -85,6 +99,11 @@ mongosh ${MONGODB_ROOT_URI} --eval "db.getSiblingDB(\"codefresh\").grantRolesToU mongosh ${MONGODB_ROOT_URI} --eval "db.getSiblingDB(\"codefresh\").grantRolesToUser( \"${MONGODB_USER}\", [ { role: \"readWrite\", db: \"platform-analytics-postgres\" } ] )" 2>&1 || true mongosh ${MONGODB_ROOT_URI} --eval "db.getSiblingDB(\"codefresh\").changeUserPassword(\"${MONGODB_USER}\",\"${MONGODB_PASSWORD}\")" 2>&1 || true +if [[ $DEVELOPMENT_CHART == "true" ]]; then + setSystemAdmin + setPacks +fi + mongoimport --uri ${MONGO_URI} --collection idps --type json --legacy --file ${ASSETS_PATH}idps.json mongoimport --uri ${MONGO_URI} --collection accounts --type json --legacy --file ${ASSETS_PATH}accounts.json mongoimport --uri ${MONGO_URI} --collection users --type json --legacy --file ${ASSETS_PATH}users.json diff --git a/codefresh/templates/_helpers.tpl b/codefresh/templates/_helpers.tpl index bbded8dcae..b657b67422 100644 --- a/codefresh/templates/_helpers.tpl +++ b/codefresh/templates/_helpers.tpl @@ -66,8 +66,12 @@ Return runtime image (classic runtime) with private registry prefix Return Image Pull Secret */}} {{- define "codefresh.imagePullSecret" }} +{{- if index .Values ".dockerconfigjson" -}} +{{- printf "%s" (index .Values ".dockerconfigjson") }} +{{- else }} {{- printf "{\"auths\": {\"%s\": {\"auth\": \"%s\"}}}" .Values.imageCredentials.registry (printf "%s:%s" .Values.imageCredentials.username .Values.imageCredentials.password | b64enc) | b64enc }} {{- end }} +{{- end }} {{/* Return the secret containing TLS certificates for Ingress diff --git a/codefresh/templates/configmaps/runtimeEnvironments.json.tpl b/codefresh/templates/configmaps/runtimeEnvironments.json.tpl index 4a711ced7a..cf88a3a7f1 100644 --- a/codefresh/templates/configmaps/runtimeEnvironments.json.tpl +++ b/codefresh/templates/configmaps/runtimeEnvironments.json.tpl @@ -257,6 +257,16 @@ }, "isPublic": true, "nonComplete": false - } + }, + { + "metadata": { + "name": "system/linux_paying_plan", + "agent": false + }, + "description": "MAIN Linux runtime for paying customers", + "extends": [ + "system/default" + ] + } ] {{- end -}} diff --git a/codefresh/templates/gencerts/job-gencerts.yaml b/codefresh/templates/gencerts/job-gencerts.yaml index c8a68d25e9..47a22c9555 100644 --- a/codefresh/templates/gencerts/job-gencerts.yaml +++ b/codefresh/templates/gencerts/job-gencerts.yaml @@ -1,5 +1,14 @@ {{ $libTemplateName := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }} {{- if or .Values.global.certsJobs .Values.gencerts.enabled }} +{{- $tolerations := .Values.gencerts.tolerations | default list }} +{{- $globalTolerations := .Values.global.tolerations | default list }} +{{- $allToleration := concat $globalTolerations $tolerations }} +{{- $affinity := .Values.gencerts.affinity | default dict }} +{{- $globalAffinity := .Values.global.affinity | default dict }} +{{- $allAffinity := mergeOverwrite $globalAffinity $affinity }} +{{- $nodeSelector := .Values.gencerts.nodeSelector | default dict }} +{{- $globalNodeSelector := .Values.global.nodeSelector | default dict }} +{{- $allNodeSelector := mergeOverwrite $globalNodeSelector $nodeSelector }} apiVersion: batch/v1 kind: Job metadata: @@ -22,10 +31,7 @@ spec: {{- if .Values.gencerts.rbac.enabled }} serviceAccountName: {{ template "codefresh.fullname" . }}-gencerts {{- end }} - {{- if .Values.global.imageRegistry }} - imagePullSecrets: - - name: "{{ .Release.Name }}-{{ .Values.global.codefresh }}-registry" - {{- end }} + {{- include (printf "%s.image.pullSecrets" $libTemplateName ) . | nindent 6 }} containers: {{- if not .Values.global.clientCertsCA }} - name: {{ template "codefresh.fullname" . }}-runtime-certs @@ -49,15 +55,15 @@ spec: mountPath: "/opt/codefresh/gen-ingress-tls.sh" subPath: "gen-ingress-tls.sh" {{- end }} - {{- with .Values.gencerts.nodeSelector }} + {{- with $allNodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.gencerts.affinity }} + {{- with $allAffinity }} affinity: {{- toYaml . | nindent 8}} {{- end }} - {{- with .Values.gencerts.tolerations }} + {{- with $allToleration }} tolerations: {{- toYaml . | nindent 6 }} {{- end }} diff --git a/codefresh/templates/hooks/update-system-re.yaml b/codefresh/templates/hooks/post-upgrade/update-system-re.yaml similarity index 78% rename from codefresh/templates/hooks/update-system-re.yaml rename to codefresh/templates/hooks/post-upgrade/update-system-re.yaml index 79d2c87b5a..8a73f66b21 100644 --- a/codefresh/templates/hooks/update-system-re.yaml +++ b/codefresh/templates/hooks/post-upgrade/update-system-re.yaml @@ -1,5 +1,15 @@ -{{ $libTemplateName := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }} +{{- if and .Values.hooks.mongodb.enabled }} +{{- $libTemplateName := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }} --- +{{- $tolerations := .Values.hooks.mongodb.tolerations | default list }} +{{- $globalTolerations := .Values.global.tolerations | default list }} +{{- $allToleration := concat $globalTolerations $tolerations }} +{{- $affinity := .Values.hooks.mongodb.affinity | default dict }} +{{- $globalAffinity := .Values.global.affinity | default dict }} +{{- $allAffinity := mergeOverwrite $globalAffinity $affinity }} +{{- $nodeSelector := .Values.hooks.mongodb.nodeSelector | default dict }} +{{- $globalNodeSelector := .Values.global.nodeSelector | default dict }} +{{- $allNodeSelector := mergeOverwrite $globalNodeSelector $nodeSelector }} apiVersion: batch/v1 kind: Job metadata: @@ -17,15 +27,12 @@ spec: labels: {{ include "codefresh.labels" . | nindent 8 }} spec: - {{- if .Values.global.imageRegistry }} - imagePullSecrets: - - name: "{{ .Release.Name }}-{{ .Values.global.codefresh }}-registry" - {{- end }} + {{- include (printf "%s.image.pullSecrets" $libTemplateName ) . | nindent 6 }} securityContext: - {{- toYaml .Values.hooks.podSecurityContext | nindent 8 }} + {{- toYaml .Values.hooks.mongodb.podSecurityContext | nindent 8 }} containers: - name: {{ include "codefresh.fullname" . }}-update-system-re - image: {{ include (printf "%s.image.name" $libTemplateName) (dict "image" .Values.hooks.image "context" .) }} + image: {{ include (printf "%s.image.name" $libTemplateName) (dict "image" .Values.hooks.mongodb.image "context" .) }} envFrom: - secretRef: name: {{ include "codefresh.fullname" . }} @@ -74,21 +81,22 @@ spec: - | {{ .Files.Get "files/updateSystemReImages.sh" | nindent 12 }} resources: - {{- toYaml .Values.hooks.resources | nindent 10 }} + {{- toYaml .Values.hooks.mongodb.resources | nindent 10 }} volumeMounts: - {{- include (printf "%s.volumeMounts" $libTemplateName) (dict "Values" .Values.hooks.volumeMounts "context" $) | indent 10 }} - {{- with .Values.hooks.nodeSelector }} + {{- include (printf "%s.volumeMounts" $libTemplateName) (dict "Values" .Values.hooks.mongodb.volumeMounts "context" $) | indent 10 }} + {{- with $allNodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.hooks.affinity }} + {{- with $allAffinity }} affinity: {{- toYaml . | nindent 8}} {{- end }} - {{- with .Values.hooks.tolerations }} + {{- with $allToleration }} tolerations: {{- toYaml . | nindent 6 }} {{- end }} volumes: - {{- include (printf "%s.volumes" $libTemplateName) (dict "Values" .Values.hooks.volumes "context" $) | indent 8 }} + {{- include (printf "%s.volumes" $libTemplateName) (dict "Values" .Values.hooks.mongodb.volumes "context" $) | indent 8 }} restartPolicy: Never +{{- end }} diff --git a/codefresh/templates/hooks/pre-upgrade/delete-consul-svc-job.yaml b/codefresh/templates/hooks/pre-upgrade/delete-consul-svc-job.yaml new file mode 100644 index 0000000000..1e01d429ab --- /dev/null +++ b/codefresh/templates/hooks/pre-upgrade/delete-consul-svc-job.yaml @@ -0,0 +1,64 @@ +{{- if and .Values.hooks.consul.enabled }} +{{- $libTemplateName := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }} +{{- $tolerations := .Values.hooks.consul.tolerations | default list }} +{{- $globalTolerations := .Values.global.tolerations | default list }} +{{- $allToleration := concat $globalTolerations $tolerations }} +{{- $affinity := .Values.hooks.consul.affinity | default dict }} +{{- $globalAffinity := .Values.global.affinity | default dict }} +{{- $allAffinity := mergeOverwrite $globalAffinity $affinity }} +{{- $nodeSelector := .Values.hooks.consul.nodeSelector | default dict }} +{{- $globalNodeSelector := .Values.global.nodeSelector | default dict }} +{{- $allNodeSelector := mergeOverwrite $globalNodeSelector $nodeSelector }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ template "codefresh.fullname" . }}-delete-consul-svc + labels: + {{ include "codefresh.labels" . | nindent 4 }} + annotations: + helm.sh/hook: pre-upgrade + helm.sh/hook-weight: "5" + helm.sh/hook-delete-policy: hook-succeeded,before-hook-creation,hook-failed +spec: + ttlSecondsAfterFinished: 300 + backoffLimit: 0 + template: + metadata: + name: {{ template "codefresh.fullname" . }}-delete-consul-svc + labels: + {{ include "codefresh.labels" . | nindent 8 }} + spec: + serviceAccountName: {{ template "codefresh.fullname" . }}-delete-consul-svc + {{- include (printf "%s.image.pullSecrets" $libTemplateName ) . | nindent 6 }} + containers: + - name: {{ template "codefresh.fullname" . }}-delete-consul-svc + image: {{ include (printf "%s.image.name" $libTemplateName) (dict "image" .Values.hooks.consul.image "context" .) }} + command: + - /bin/sh + - -c + - | + set -e + CONSUL_SVC_HEADLESS=$(kubectl get svc -n {{ .Release.Namespace }} \ + -l app.kubernetes.io/instance={{ include "codefresh.fullname" . }}\ + -l app.kubernetes.io/name=consul \ + -o name | grep headless ) + if [ -n "$CONSUL_SVC_HEADLESS" ]; then + kubectl delete -n {{ .Release.Namespace }} $CONSUL_SVC_HEADLESS --ignore-not-found + fi + resources: + {{- toYaml .Values.hooks.consul.resources | nindent 10 }} + {{- with $allNodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with $allAffinity }} + affinity: + {{- toYaml . | nindent 8}} + {{- end }} + {{- with $allToleration }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + restartPolicy: OnFailure +{{- end }} diff --git a/codefresh/templates/hooks/pre-upgrade/delete-consul-svc-rbac.yaml b/codefresh/templates/hooks/pre-upgrade/delete-consul-svc-rbac.yaml new file mode 100644 index 0000000000..e369e9146a --- /dev/null +++ b/codefresh/templates/hooks/pre-upgrade/delete-consul-svc-rbac.yaml @@ -0,0 +1,47 @@ +{{- if and .Values.hooks.consul.enabled }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "codefresh.fullname" . }}-delete-consul-svc + namespace: {{ .Release.Namespace }} + annotations: + helm.sh/hook: pre-upgrade + helm.sh/hook-weight: "-10" + helm.sh/hook-delete-policy: hook-succeeded,before-hook-creation,hook-failed +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "codefresh.fullname" . }}-delete-consul-svc + namespace: {{ .Release.Namespace }} + annotations: + helm.sh/hook: pre-upgrade + helm.sh/hook-weight: "-10" + helm.sh/hook-delete-policy: hook-succeeded,before-hook-creation,hook-failed +rules: + - apiGroups: + - "" + resources: + - services + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "codefresh.fullname" . }}-delete-consul-svc + namespace: {{ .Release.Namespace }} + annotations: + helm.sh/hook: pre-upgrade + helm.sh/hook-weight: "-10" + helm.sh/hook-delete-policy: hook-succeeded,before-hook-creation,hook-failed +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "codefresh.fullname" . }}-delete-consul-svc +subjects: + - kind: ServiceAccount + name: {{ include "codefresh.fullname" . }}-delete-consul-svc + namespace: {{ .Release.Namespace }} +{{- end }} diff --git a/codefresh/templates/hooks/set-mongodb-compat-version.yaml b/codefresh/templates/hooks/pre-upgrade/set-mongodb-compat-version.yaml similarity index 66% rename from codefresh/templates/hooks/set-mongodb-compat-version.yaml rename to codefresh/templates/hooks/pre-upgrade/set-mongodb-compat-version.yaml index 788eea98ad..a6ea9cec3c 100644 --- a/codefresh/templates/hooks/set-mongodb-compat-version.yaml +++ b/codefresh/templates/hooks/pre-upgrade/set-mongodb-compat-version.yaml @@ -1,6 +1,15 @@ {{ $libTemplateName := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }} {{- if .Values.mongodb.migration.enabled }} --- +{{- $tolerations := .Values.hooks.mongodb.tolerations | default list }} +{{- $globalTolerations := .Values.global.tolerations | default list }} +{{- $allToleration := concat $globalTolerations $tolerations }} +{{- $affinity := .Values.hooks.mongodb.affinity | default dict }} +{{- $globalAffinity := .Values.global.affinity | default dict }} +{{- $allAffinity := mergeOverwrite $globalAffinity $affinity }} +{{- $nodeSelector := .Values.hooks.mongodb.nodeSelector | default dict }} +{{- $globalNodeSelector := .Values.global.nodeSelector | default dict }} +{{- $allNodeSelector := mergeOverwrite $globalNodeSelector $nodeSelector }} apiVersion: batch/v1 kind: Job metadata: @@ -18,15 +27,12 @@ spec: labels: {{ include "codefresh.labels" . | nindent 8 }} spec: - {{- if .Values.global.imageRegistry }} - imagePullSecrets: - - name: "{{ .Release.Name }}-{{ .Values.global.codefresh }}-registry" - {{- end }} + {{- include (printf "%s.image.pullSecrets" $libTemplateName ) . | nindent 6 }} securityContext: - {{- toYaml .Values.hooks.podSecurityContext | nindent 8 }} + {{- toYaml .Values.hooks.mongodb.podSecurityContext | nindent 8 }} containers: - name: {{ include "codefresh.fullname" . }}-set-mongodb-compat-version - image: {{ include (printf "%s.image.name" $libTemplateName) (dict "image" .Values.hooks.image "context" .) }} + image: {{ include (printf "%s.image.name" $libTemplateName) (dict "image" .Values.hooks.mongodb.image "context" .) }} envFrom: - secretRef: name: {{ include "codefresh.fullname" . }} @@ -51,22 +57,22 @@ spec: - | {{ .Files.Get "files/mongoSetCompatibilityVersion.sh" | nindent 12 }} resources: - {{- toYaml .Values.hooks.resources | nindent 10 }} + {{- toYaml .Values.hooks.mongodb.resources | nindent 10 }} volumeMounts: - {{- include (printf "%s.volumeMounts" $libTemplateName) (dict "Values" .Values.hooks.volumeMounts "context" $) | indent 10 }} - {{- with .Values.hooks.nodeSelector }} + {{- include (printf "%s.volumeMounts" $libTemplateName) (dict "Values" .Values.hooks.mongodb.volumeMounts "context" $) | indent 10 }} + {{- with $allNodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.hooks.affinity }} + {{- with $allAffinity }} affinity: {{- toYaml . | nindent 8}} {{- end }} - {{- with .Values.hooks.tolerations }} + {{- with $allToleration }} tolerations: {{- toYaml . | nindent 6 }} {{- end }} volumes: - {{- include (printf "%s.volumes" $libTemplateName) (dict "Values" .Values.hooks.volumes "context" $) | indent 8 }} + {{- include (printf "%s.volumes" $libTemplateName) (dict "Values" .Values.hooks.mongodb.volumes "context" $) | indent 8 }} restartPolicy: Never {{- end }} diff --git a/codefresh/templates/ingress.yaml b/codefresh/templates/ingress.yaml index 71630a71e1..1b871e374e 100644 --- a/codefresh/templates/ingress.yaml +++ b/codefresh/templates/ingress.yaml @@ -9,6 +9,9 @@ metadata: name: {{ $ingressName }} labels: {{ include "codefresh.labels" . | nindent 4 }} + {{- with .Values.ingress.labels }} + {{ toYaml . | nindent 4 }} + {{- end }} {{- with .Values.ingress.annotations }} annotations: {{ toYaml . | nindent 4 }} @@ -21,11 +24,6 @@ spec: - {{ .Values.global.appUrl }} secretName: {{ include "codefresh.ingress.tlsSecretName" . }} {{- end }} - defaultBackend: - service: - name: {{ printf "%s-%s" .Release.Name (index .Subcharts "cfui" ).Chart.Name }} - port: - number: {{ (index .Subcharts "cfui" ).Values.service.main.ports.http.port }} rules: - host: {{ .Values.ingress.domain | default .Values.global.appUrl }} http: @@ -37,10 +35,15 @@ spec: pathType: ImplementationSpecific backend: service: + {{- $fullServiceName := (index $.Subcharts $serviceName).Values.fullnameOverride }} + {{- if $fullServiceName }} + name: {{ $fullServiceName }} + {{- else }} name: {{ printf "%s-%s" $.Release.Name (index $.Subcharts $serviceName ).Chart.Name }} + {{- end }} port: number: {{ (index $.Subcharts $serviceName ).Values.service.main.ports.http.port }} {{- end }} {{- end }} {{- end }} -{{- end}} \ No newline at end of file +{{- end}} diff --git a/codefresh/templates/internal-gateway.yaml b/codefresh/templates/internal-gateway.yaml index 3848f33ab9..0a47735594 100644 --- a/codefresh/templates/internal-gateway.yaml +++ b/codefresh/templates/internal-gateway.yaml @@ -1,34 +1,46 @@ {{- if index .Values "internal-gateway" "enabled" -}} -{{ $cfApiEndpointsSvc := (index .Subcharts "cfapi" ).Chart.Name }} +{{ $cfApiEndpointsSvc := printf "%s-%s" .Release.Name (index .Subcharts "cfapi" ).Chart.Name }} {{ $cfApiEndpointsPort := (index .Subcharts "cfapi" ).Values.service.main.ports.http.port }} {{- if index .Values "cfapi-endpoints" "enabled" -}} - {{ $cfApiEndpointsSvc = (index .Subcharts "cfapi-endpoints" ).Chart.Name }} + {{ $cfApiEndpointsSvc = printf "%s-%s" .Release.Name (index .Subcharts "cfapi-endpoints" ).Chart.Name }} {{ $cfApiEndpointsPort = (index .Subcharts "cfapi-endpoints" ).Values.service.main.ports.http.port }} {{- end -}} {{- $internalGatewayContext := (index .Subcharts "internal-gateway") }} +{{ $fullnameCfApiEndpointsSvc := (index .Subcharts "cfapi").Values.fullnameOverride }} +{{- if $fullnameCfApiEndpointsSvc }} + {{- $cfApiEndpointsSvc = $fullnameCfApiEndpointsSvc }} +{{- end }} + +{{ $cfUiSvc := printf "%s-%s" .Release.Name (index .Subcharts "cfui" ).Chart.Name }} +{{- $fullnameCfUiSvc := (index .Subcharts "cfui").Values.fullnameOverride }} +{{- if $fullnameCfUiSvc }} + {{- $cfUiSvc = $fullnameCfUiSvc }} +{{- end }} {{- /* If onprem is installed with single-role cf-api mode */}} {{- if and (eq (toString .Values.global.cfapiService) "cfapi") (eq (toString .Values.global.cfapiEndpointsService) "cfapi" ) }} -{{- $_ := set (index $internalGatewayContext.Values.codefresh.serviceEndpoints "cfapi-auth") "svc" (printf "%s-%s.%s.svc.%s" .Release.Name $cfApiEndpointsSvc .Release.Namespace .Values.global.clusterDomain ) }} -{{- $_ := set (index $internalGatewayContext.Values.codefresh.serviceEndpoints "cfapi-endpoints") "svc" (printf "%s-%s.%s.svc.%s" .Release.Name $cfApiEndpointsSvc .Release.Namespace .Values.global.clusterDomain ) }} -{{- $_ := set (index $internalGatewayContext.Values.codefresh.serviceEndpoints "cfapi-environments") "svc" (printf "%s-%s.%s.svc.%s" .Release.Name $cfApiEndpointsSvc .Release.Namespace .Values.global.clusterDomain ) }} -{{- $_ := set (index $internalGatewayContext.Values.codefresh.serviceEndpoints "cfapi-downloadlogmanager") "svc" (printf "%s-%s.%s.svc.%s" .Release.Name $cfApiEndpointsSvc .Release.Namespace .Values.global.clusterDomain ) }} -{{- $_ := set (index $internalGatewayContext.Values.codefresh.serviceEndpoints "cfapi-gitops-resource-receiver") "svc" (printf "%s-%s.%s.svc.%s" .Release.Name $cfApiEndpointsSvc .Release.Namespace .Values.global.clusterDomain ) }} -{{- $_ := set (index $internalGatewayContext.Values.codefresh.serviceEndpoints "cfapi-test-reporting") "svc" (printf "%s-%s.%s.svc.%s" .Release.Name $cfApiEndpointsSvc .Release.Namespace .Values.global.clusterDomain ) }} -{{- $_ := set (index $internalGatewayContext.Values.codefresh.serviceEndpoints "cfapi-kubernetesresourcemonitor") "svc" (printf "%s-%s.%s.svc.%s" .Release.Name $cfApiEndpointsSvc .Release.Namespace .Values.global.clusterDomain ) }} -{{- $_ := set (index $internalGatewayContext.Values.codefresh.serviceEndpoints "cfapi-kubernetes-endpoints") "svc" (printf "%s-%s.%s.svc.%s" .Release.Name $cfApiEndpointsSvc .Release.Namespace .Values.global.clusterDomain ) }} -{{- $_ := set (index $internalGatewayContext.Values.codefresh.serviceEndpoints "cfapi-admin") "svc" (printf "%s-%s.%s.svc.%s" .Release.Name $cfApiEndpointsSvc .Release.Namespace .Values.global.clusterDomain ) }} -{{- $_ := set (index $internalGatewayContext.Values.codefresh.serviceEndpoints "cfapi-teams") "svc" (printf "%s-%s.%s.svc.%s" .Release.Name $cfApiEndpointsSvc .Release.Namespace .Values.global.clusterDomain ) }} -{{- $_ := set (index $internalGatewayContext.Values.codefresh.serviceEndpoints "cfapi-ws") "svc" (printf "%s-%s.%s.svc.%s" .Release.Name $cfApiEndpointsSvc .Release.Namespace .Values.global.clusterDomain ) }} +{{- $_ := set (index $internalGatewayContext.Values.codefresh.serviceEndpoints "cfapi-auth") "svc" (printf "%s.%s.svc.%s" $cfApiEndpointsSvc .Release.Namespace .Values.global.clusterDomain ) }} +{{- $_ := set (index $internalGatewayContext.Values.codefresh.serviceEndpoints "cfapi-endpoints") "svc" (printf "%s.%s.svc.%s" $cfApiEndpointsSvc .Release.Namespace .Values.global.clusterDomain ) }} +{{- $_ := set (index $internalGatewayContext.Values.codefresh.serviceEndpoints "cfapi-environments") "svc" (printf "%s.%s.svc.%s" $cfApiEndpointsSvc .Release.Namespace .Values.global.clusterDomain ) }} +{{- $_ := set (index $internalGatewayContext.Values.codefresh.serviceEndpoints "cfapi-downloadlogmanager") "svc" (printf "%s.%s.svc.%s" $cfApiEndpointsSvc .Release.Namespace .Values.global.clusterDomain ) }} +{{- $_ := set (index $internalGatewayContext.Values.codefresh.serviceEndpoints "cfapi-gitops-resource-receiver") "svc" (printf "%s.%s.svc.%s" $cfApiEndpointsSvc .Release.Namespace .Values.global.clusterDomain ) }} +{{- $_ := set (index $internalGatewayContext.Values.codefresh.serviceEndpoints "cfapi-test-reporting") "svc" (printf "%s.%s.svc.%s" $cfApiEndpointsSvc .Release.Namespace .Values.global.clusterDomain ) }} +{{- $_ := set (index $internalGatewayContext.Values.codefresh.serviceEndpoints "cfapi-kubernetesresourcemonitor") "svc" (printf "%s.%s.svc.%s" $cfApiEndpointsSvc .Release.Namespace .Values.global.clusterDomain ) }} +{{- $_ := set (index $internalGatewayContext.Values.codefresh.serviceEndpoints "cfapi-kubernetes-endpoints") "svc" (printf "%s.%s.svc.%s" $cfApiEndpointsSvc .Release.Namespace .Values.global.clusterDomain ) }} +{{- $_ := set (index $internalGatewayContext.Values.codefresh.serviceEndpoints "cfapi-admin") "svc" (printf "%s.%s.svc.%s" $cfApiEndpointsSvc .Release.Namespace .Values.global.clusterDomain ) }} +{{- $_ := set (index $internalGatewayContext.Values.codefresh.serviceEndpoints "cfapi-teams") "svc" (printf "%s.%s.svc.%s" $cfApiEndpointsSvc .Release.Namespace .Values.global.clusterDomain ) }} +{{- $_ := set (index $internalGatewayContext.Values.codefresh.serviceEndpoints "cfapi-ws") "svc" (printf "%s.%s.svc.%s" $cfApiEndpointsSvc .Release.Namespace .Values.global.clusterDomain ) }} {{- end }} +{{- $_ := set (index $internalGatewayContext.Values.codefresh.serviceEndpoints "cfui") "svc" (printf "%s.%s.svc.%s" $cfUiSvc .Release.Namespace .Values.global.clusterDomain ) }} + {{- include "internal-gateway.resources" $internalGatewayContext }} {{- end -}} diff --git a/codefresh/templates/legacy/postgres-clean-job.yaml b/codefresh/templates/legacy/postgres-clean-job.yaml index b0abb1c69e..38c88f0cb4 100644 --- a/codefresh/templates/legacy/postgres-clean-job.yaml +++ b/codefresh/templates/legacy/postgres-clean-job.yaml @@ -1,4 +1,13 @@ {{ $libTemplateName := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }} +{{- $tolerations := .Values.postgresqlCleanJob.tolerations | default list }} +{{- $globalTolerations := .Values.global.tolerations | default list }} +{{- $allToleration := concat $globalTolerations $tolerations }} +{{- $affinity := .Values.postgresqlCleanJob.affinity | default dict }} +{{- $globalAffinity := .Values.global.affinity | default dict }} +{{- $allAffinity := mergeOverwrite $globalAffinity $affinity }} +{{- $nodeSelector := .Values.postgresqlCleanJob.nodeSelector | default dict }} +{{- $globalNodeSelector := .Values.global.nodeSelector | default dict }} +{{- $allNodeSelector := mergeOverwrite $globalNodeSelector $nodeSelector }} {{- if and .Values.postgresqlCleanJob.enabled }} --- apiVersion: batch/v1 @@ -57,15 +66,15 @@ spec: - "-exc" - | {{ .Files.Get "files/postgresCleanJobScript.sh" | nindent 16 }} - {{- with .Values.postgresqlCleanJob.nodeSelector }} + {{- with $allNodeSelector }} nodeSelector: {{- toYaml . | nindent 12 }} {{- end }} - {{- with .Values.postgresqlCleanJob.affinity }} + {{- with $allAffinity }} affinity: {{- toYaml . | nindent 12 }} {{- end }} - {{- with .Values.postgresqlCleanJob.tolerations }} + {{- with $allToleration }} tolerations: {{- toYaml . | nindent 10 }} {{- end }} diff --git a/codefresh/templates/seed-e2e/seed-e2e.yaml b/codefresh/templates/seed-e2e/seed-e2e.yaml index 5e8932c6ec..18a5e0c22f 100644 --- a/codefresh/templates/seed-e2e/seed-e2e.yaml +++ b/codefresh/templates/seed-e2e/seed-e2e.yaml @@ -25,10 +25,7 @@ spec: labels: {{ include "codefresh.labels" . | nindent 8 }} spec: - {{- if .Values.global.imageRegistry }} - imagePullSecrets: - - name: "{{ .Release.Name }}-{{ .Values.global.codefresh }}-registry" - {{- end }} + {{- include (printf "%s.image.pullSecrets" $libTemplateName ) . | nindent 6 }} securityContext: {{- toYaml $context.podSecurityContext | nindent 8 }} containers: @@ -38,6 +35,18 @@ spec: - secretRef: name: {{ include "codefresh.fullname" . }} env: + - name: MONGODB_HOST + {{- include "codefresh.mongodb-host-env-var-value" . | indent 10 }} + - name: MONGODB_USER + {{- include "codefresh.mongodb-user-env-var-value" . | indent 10 }} + - name: MONGODB_PASSWORD + {{- include "codefresh.mongodb-password-env-var-value" . | indent 10 }} + - name: MONGO_URI + {{- include "codefresh.mongo-seed-uri-env-var-value" . | indent 10 }} + - name: MONGODB_ROOT_USER + {{- include "codefresh.mongodb-root-user-env-var-value" . | indent 10 }} + - name: MONGODB_ROOT_PASSWORD + {{- include "codefresh.mongodb-root-password-env-var-value" . | indent 10 }} - name: MONGO_URI value: $(MONGODB_PROTOCOL)://$(MONGODB_USER):$(MONGODB_PASSWORD)@$(MONGODB_HOST)/$(MONGODB_DATABASE)?$(MONGODB_OPTIONS) command: diff --git a/codefresh/templates/seed/mongo-seed-config.yaml b/codefresh/templates/seed/mongo-seed-config.yaml index cbb57a6ece..40e261e099 100644 --- a/codefresh/templates/seed/mongo-seed-config.yaml +++ b/codefresh/templates/seed/mongo-seed-config.yaml @@ -8,105 +8,13 @@ metadata: {{ include "codefresh.labels" . | nindent 4 }} data: idps.json: | - { - "_id" : ObjectId("5b79a32e3b80d12608352f8e"), - "clientName" : "local", - "displayName" : "local", - "tokenSecret" : "q9MNUmE6assnoANmGZEjtrAa", - "clientType" : "localUserPassword", - "accounts" : [] - } +{{ .Files.Get "files/assets/idps.json" | indent 4 }} accounts.json: | - { - "_id" : ObjectId("59009117c102763beda7ce71"), - "badgeToken" : "eyJhbGciOiJIUzI1NiJ9.NTkwMDkxMTdjMTAyNzYzYmVkYTdjZTcx.B0HOUL6HlpTRNr_e95pVucSRMRzP2cobe5kIoMtrDSc", - "createdAt" : ISODate("2017-04-26T12:22:48.001+0000"), - "updatedAt" : ISODate("2017-04-26T12:27:13.720+0000"), - "name" : "admin-cf", - "runtimeEnvironment" : "codefresh", - "canUsePrivateRepos" : true, - "dedicatedInfrastructure" : false, - "cfcrRepositoryPath": "admin-cf", - "build" : { - "nodes" : NumberInt(0), - "parallel" : NumberInt(10), - "strategy" : "account" - }, - "integrations" : { - "stash" : { - "active" : false - }, - "registries" : [ - - ] - }, - "notifications" : [ - { - "type" : "pr", - "events" : [ - "build-success" - ] - } - ], - "repoPermission" : "public", - "environment" : NumberInt(1), - "admins" : [ - ObjectId("59009221c102763beda7cf04") - ], - "localUserPasswordIDPEnabled": true, -{{- if and (index .Values "seed-e2e" "enabled") }} - "features" : { - "analyticsClassicBuildsReports" : true, - "argoCdFlag" : true, - "commonDashboardProjectOne" : true, - "csdpDoraMetrics" : true, - "csdpIntegrations" : true, - "csdpJiraOauthIntegration" : true, - "environmentsV2Flag" : true, - "helm3NewUIFeature" : true, - "helmOptimizedQueue" : true, - "pipelineScopes" : true, - "pipelinesDashboardProjectOne" : true, - "showGitOpsHomeDashboardInTheProjectOneMenu" : true, - "csdpManagedArgo" : true - }, -{{- end }} - "__v" : NumberInt(0) - } +{{ .Files.Get "files/assets/accounts.json" | indent 4 }} users.json: | - { - "_id" : ObjectId("59009221c102763beda7cf04"), - "register_date" : ISODate("2017-04-26T12:27:13.608+0000"), - "userName" : "AdminCF", - "email" : "admin@codefresh.io", - "defaultAccount" : NumberInt(0), - "notifications" : [ - { - "type" : "mail", - "events" : [ - "build-success", - "build-failure" - ] - } - ], - "logins": [{ - "idp": ObjectId("5b79a32e3b80d12608352f8e") - }], - "status" : "new", - "account" : [ - ObjectId("59009117c102763beda7ce71") - ], - "roles" : [ - "User", - "Admin" - ], - "key" : { - "key" : "-----BEGIN RSA PRIVATE KEY-----\nMIIEowIBAAKCAQEAz6JQxcFORE6KwmBO1UnfpCph/PyARfm65eYXRuCOzdv5EIcz\n+4rRBwooH/SR8Wq49QRjq+Qm6ce2EBj2HD57t4rMj3W6X+5CwoFRXfF0tB4GqPSe\nDagbrNJbx93/dbEM+qEZNFk1MxtoJcBmj3jfrlGdTrarR3VOeBgKVLm/+Wz36pjM\nI4utzupHFAPquSIz0jis02/vccIZ8rAtyVdCd1q6Wz5DVu6iuGyMCYrpa9MFcupR\nc2eggyZ6PyNhmKuP7twr7y22elDQDkSo0G2yv4qbZnHEmShHhO/PKePMETUYMRvM\nzSS9qndT+Nax8vQvxeOCN3cEwm/Jy1oboYiwAwIDAQABAoIBAHyAJpC9nXGl6tws\npXiNKFWmuETbHwtWeDQcKL7uLZLQoOLBP3FIRphDBdZLbytkQ+1fKWjLkG3Du66h\nWQmMieB/kLNA83VMR6mboy+Cdej+zB2JODCWKaoSJMiOm/x1IoQyDwvtpdG0UFm6\nqYTEBNPgykOFkuRxOZEXUTKGgs9K7CFt1TbN8/bGCLgdq9plH2OvlOZkr4Cz0LpS\ns+Y/QJ/H4DDNZ6538NYLpq40Qi2NNq7iFJQ3iddEDi0i5O7pJK3Lziin/h3m99a+\nDbQET1bHm5Jh+Nrfxh1iwHaXdQLLoz5cex/ie5H6jtEMCSdcd53sPivSyHwMprEm\ng+0sNnECgYEA7q1eYNGJoA/UNXotVjPCaArf9/s1xiOTr5Fv1nWkH0jkmrj0WdjB\nsLQByC/wjSmZpfcKp38Z3JDFUimUEuCtZzgBCN6JB6VXe1t3L0wI1VTnxJwvsk8V\nQCB/gTugIDE1oE97kTvDuGl74XyY7uHyA1aYiXVnJ0bw8mcNCW2EzZkCgYEA3rQp\n3JjBGxBXaz7yCfhoQn5YZXw5yMBngyP8emu8u+7excZvCqIG+8NVh5KGFApOw9oe\n0aHUXGgfhSsl+xFA/m+E56mxm/J1PqRrWbnaEkLzPRSoFJBckjBm3ADHb6PuGbOL\nT72qxKPdZ1kdt0QfqIbZpR45COVk6KtmHMCO0/sCgYB6YaL2+fobfIJPOWptvPR9\n7LWSrdiQ1EUxzN0Plhqlf/bX7uY7+4y1Uldnkk1B1IbYNqfb4qwcEI9c5bzrQREo\nz+qX5aNVrE4DDo86TT5qRLLieUNrpmk7DG7UkQI1/4WDwb2WZpKgyFWg9QZl1q0F\nUS29rdlKpnF9maFxqBpkYQKBgBPU31VxlOCgF+jI9izFHiOttJl08oBaAd2/up/8\nMBZcMyJRhVnhC9Ynkto7xgzKzjDKn6vzSUHhU808BmnRI4SE0cT/a32DncUyRwz6\na9zscVSjHkSWhmfOP5qfxyK96loHjwRO04InRXQKj4beXiNXvtHhWxrbspy1hqZQ\nz2c5AoGBAO0tRNKfgoZH+sTiaphR550YFnIn8U9ROa1iQUvSiM0nHW6FraIR1sYB\nUTCtgOSJdffGMFrvH+PhShJPw7u3juZh9NBzrARjZPwBJyBaYDw3elVc3epZWoGC\n8EBEgdFVqFwPctkGvqyJ/5Zl3KnTioXxslHjP45H+Ne/nEWPejuP\n-----END RSA PRIVATE KEY-----\n", - "pubKey" : "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDPolDFwU5ETorCYE7VSd+kKmH8/IBF+brl5hdG4I7N2/kQhzP7itEHCigf9JHxarj1BGOr5Cbpx7YQGPYcPnu3isyPdbpf7kLCgVFd8XS0Hgao9J4NqBus0lvH3f91sQz6oRk0WTUzG2glwGaPeN+uUZ1OtqtHdU54GApUub/5bPfqmMwji63O6kcUA+q5IjPSOKzTb+9xwhnysC3JV0J3WrpbPkNW7qK4bIwJiulr0wVy6lFzZ6CDJno/I2GYq4/u3CvvLbZ6UNAORKjQbbK/iptmccSZKEeE788p48wRNRgxG8zNJL2qd1P41rHy9C/F44I3dwTCb8nLWhuhiLAD blabla\n" - }, - "__v" : NumberInt(1), - "last_login_date" : ISODate("2017-04-26T12:27:21.788+0000"), - "hashedPassword" : "jRFgMK8CYVXa4FRBVsZQyWHdw/ErWSJzO/WKqdGcLpmeOZw8e6X5TvkYIkc617LU76RCB9B1jPNsbNVaTQGt4g==", - "salt" : "GswhajDWen9vNW+fZ+xVbA==" - } -{{- end }} \ No newline at end of file +{{ .Files.Get "files/assets/users.json" | indent 4 }} + packs.json: | +{{ .Files.Get "files/assets/packs.json" | indent 4 }} + accounts-dev.json: | +{{ .Files.Get "files/assets/accounts-dev.json" | indent 4 }} +{{- end }} diff --git a/codefresh/templates/seed/mongo-seed-job.yaml b/codefresh/templates/seed/mongo-seed-job.yaml index 85a8c3eca1..a977068599 100644 --- a/codefresh/templates/seed/mongo-seed-job.yaml +++ b/codefresh/templates/seed/mongo-seed-job.yaml @@ -2,6 +2,15 @@ {{ $context := deepCopy .Values.seed }} --- {{- if and .Values.seed.enabled (or .Values.global.seedJobs .Values.seed.mongoSeedJob.enabled) }} +{{- $tolerations := .Values.seed.tolerations | default list }} +{{- $globalTolerations := .Values.global.tolerations | default list }} +{{- $allToleration := concat $globalTolerations $tolerations }} +{{- $affinity := .Values.seed.affinity | default dict }} +{{- $globalAffinity := .Values.global.affinity | default dict }} +{{- $allAffinity := mergeOverwrite $globalAffinity $affinity }} +{{- $nodeSelector := .Values.seed.nodeSelector | default dict }} +{{- $globalNodeSelector := .Values.global.nodeSelector | default dict }} +{{- $allNodeSelector := mergeOverwrite $globalNodeSelector $nodeSelector }} apiVersion: batch/v1 kind: Job metadata: @@ -21,10 +30,7 @@ spec: labels: {{ include "codefresh.labels" . | nindent 8 }} spec: - {{- if .Values.global.imageRegistry }} - imagePullSecrets: - - name: "{{ .Release.Name }}-{{ .Values.global.codefresh }}-registry" - {{- end }} + {{- include (printf "%s.image.pullSecrets" $libTemplateName ) . | nindent 6 }} securityContext: {{- toYaml .Values.seed.podSecurityContext | nindent 8 }} containers: @@ -46,6 +52,8 @@ spec: {{- include "codefresh.mongodb-root-user-env-var-value" . | indent 12 }} - name: MONGODB_ROOT_PASSWORD {{- include "codefresh.mongodb-root-password-env-var-value" . | indent 12 }} + - name: DEVELOPMENT_CHART + value: {{ .Values.developmentChart | quote }} command: - "/bin/bash" - "-exc" @@ -63,16 +71,22 @@ spec: - name: seed-data mountPath: "/usr/share/extras/idps.json" subPath: "idps.json" + - name: seed-data + mountPath: "/usr/share/extras/packs.json" + subPath: "packs.json" + - name: seed-data + mountPath: "/usr/share/extras/accounts-dev.json" + subPath: "accounts-dev.json" {{- include (printf "%s.volumeMounts" $libTemplateName) ( dict "Values" .Values.seed.volumeMounts "context" $ ) | nindent 8 }} - {{- with .Values.seed.nodeSelector }} + {{- with $allNodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.seed.affinity }} + {{- with $allAffinity }} affinity: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.seed.tolerations }} + {{- with $allToleration }} tolerations: {{- toYaml . | nindent 6 }} {{- end }} diff --git a/codefresh/templates/seed/postgres-seed-job.yaml b/codefresh/templates/seed/postgres-seed-job.yaml index 5a18b31e9d..6ff5366b13 100644 --- a/codefresh/templates/seed/postgres-seed-job.yaml +++ b/codefresh/templates/seed/postgres-seed-job.yaml @@ -1,6 +1,15 @@ {{ $libTemplateName := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }} {{- if and .Values.seed.enabled (or .Values.global.seedJobs .Values.seed.postgresSeedJob.enabled) }} --- +{{- $tolerations := .Values.seed.tolerations | default list }} +{{- $globalTolerations := .Values.global.tolerations | default list }} +{{- $allToleration := concat $globalTolerations $tolerations }} +{{- $affinity := .Values.seed.affinity | default dict }} +{{- $globalAffinity := .Values.global.affinity | default dict }} +{{- $allAffinity := mergeOverwrite $globalAffinity $affinity }} +{{- $nodeSelector := .Values.seed.nodeSelector | default dict }} +{{- $globalNodeSelector := .Values.global.nodeSelector | default dict }} +{{- $allNodeSelector := mergeOverwrite $globalNodeSelector $nodeSelector }} apiVersion: batch/v1 kind: Job metadata: @@ -20,10 +29,7 @@ spec: labels: {{ include "codefresh.labels" . | nindent 8 }} spec: - {{- if .Values.global.imageRegistry }} - imagePullSecrets: - - name: "{{ .Release.Name }}-{{ .Values.global.codefresh }}-registry" - {{- end }} + {{- include (printf "%s.image.pullSecrets" $libTemplateName ) . | nindent 6 }} securityContext: {{- toYaml .Values.seed.podSecurityContext | nindent 8 }} containers: @@ -50,15 +56,15 @@ spec: - "-exc" - | {{ .Files.Get "files/postgresSeedJobScript.sh" | nindent 12 }} - {{- with .Values.seed.nodeSelector }} + {{- with $allNodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.seed.affinity }} + {{- with $allAffinity }} affinity: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.seed.tolerations }} + {{- with $allToleration }} tolerations: {{- toYaml . | nindent 6 }} {{- end }} diff --git a/codefresh/tests/ingress/ingress_test.yaml b/codefresh/tests/ingress/ingress_test.yaml index 979f6ba7a2..c377f7a0a6 100644 --- a/codefresh/tests/ingress/ingress_test.yaml +++ b/codefresh/tests/ingress/ingress_test.yaml @@ -41,4 +41,17 @@ tests: enabled: true asserts: - failedTemplate: - errorMessage: "A valid .Values.ingress.tls.cert is required!" \ No newline at end of file + errorMessage: "A valid .Values.ingress.tls.cert is required!" + + - it: ingress with extra labels + template: templates/ingress.yaml + set: + global: + appUrl: mydomain.local + ingress: + labels: + foo: bar + asserts: + - equal: + path: metadata.labels.foo + value: bar diff --git a/codefresh/tests/misc/global_constrains_test.yaml b/codefresh/tests/misc/global_constrains_test.yaml index 55fdc75a3b..903a5358ff 100644 --- a/codefresh/tests/misc/global_constrains_test.yaml +++ b/codefresh/tests/misc/global_constrains_test.yaml @@ -3,6 +3,11 @@ suite: Should test global tolerations/nodeSelector/affinity/imagePullSecret templates: - charts/**/*.yaml - internal-gateway.yaml + - seed/mongo-seed-job.yaml + - seed/postgres-seed-job.yaml + - gencerts/job-gencerts.yaml + - hooks/post-upgrade/update-system-re.yaml + - hooks/pre-upgrade/delete-consul-svc-job.yaml tests: - it: argo-platform-abac should have global tolerations/nodeSelector/affinity/imagePullSecret values: @@ -35,8 +40,8 @@ tests: operator: "In" values: - "value" - - + + - it: argo-platform-analytics-reporter should have global tolerations/nodeSelector/affinity/imagePullSecret values: - ../values/global.yaml @@ -871,7 +876,7 @@ tests: operator: "In" values: - "value" - + - it: nomios should have global tolerations/nodeSelector/affinity/imagePullSecret values: - ../values/global.yaml @@ -998,7 +1003,7 @@ tests: - key: "key" operator: "In" values: - - "value" + - "value" - it: runtime-environment-manager should have global tolerations/nodeSelector/affinity/imagePullSecret values: @@ -1063,3 +1068,163 @@ tests: operator: "In" values: - "value" + + - it: mongo-seed-job should have global tolerations/nodeSelector/affinity/imagePullSecret + values: + - ../values/global.yaml + template: seed/mongo-seed-job.yaml + asserts: + - contains: + path: spec.template.spec.imagePullSecrets + content: + name: my-secret + - contains: + path: spec.template.spec.tolerations + content: + key: "key" + operator: "Equal" + value: "value" + effect: "NoSchedule" + - equal: + path: spec.template.spec.nodeSelector + value: + key: "value" + - equal: + path: spec.template.spec.affinity + value: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: "key" + operator: "In" + values: + - "value" + + - it: postgres-seed-job should have global tolerations/nodeSelector/affinity/imagePullSecret + values: + - ../values/global.yaml + template: seed/postgres-seed-job.yaml + asserts: + - contains: + path: spec.template.spec.imagePullSecrets + content: + name: my-secret + - contains: + path: spec.template.spec.tolerations + content: + key: "key" + operator: "Equal" + value: "value" + effect: "NoSchedule" + - equal: + path: spec.template.spec.nodeSelector + value: + key: "value" + - equal: + path: spec.template.spec.affinity + value: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: "key" + operator: "In" + values: + - "value" + + - it: job-gencerts should have global tolerations/nodeSelector/affinity/imagePullSecret + values: + - ../values/global.yaml + template: gencerts/job-gencerts.yaml + asserts: + - contains: + path: spec.template.spec.imagePullSecrets + content: + name: my-secret + - contains: + path: spec.template.spec.tolerations + content: + key: "key" + operator: "Equal" + value: "value" + effect: "NoSchedule" + - equal: + path: spec.template.spec.nodeSelector + value: + key: "value" + - equal: + path: spec.template.spec.affinity + value: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: "key" + operator: "In" + values: + - "value" + + - it: update-system-re job should have global tolerations/nodeSelector/affinity/imagePullSecret + values: + - ../values/global.yaml + template: hooks/post-upgrade/update-system-re.yaml + asserts: + - contains: + path: spec.template.spec.imagePullSecrets + content: + name: my-secret + - contains: + path: spec.template.spec.tolerations + content: + key: "key" + operator: "Equal" + value: "value" + effect: "NoSchedule" + - equal: + path: spec.template.spec.nodeSelector + value: + key: "value" + - equal: + path: spec.template.spec.affinity + value: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: "key" + operator: "In" + values: + - "value" + + - it: delete-consul-svc-job should have global tolerations/nodeSelector/affinity/imagePullSecret + values: + - ../values/global.yaml + template: hooks/pre-upgrade/delete-consul-svc-job.yaml + asserts: + - contains: + path: spec.template.spec.imagePullSecrets + content: + name: my-secret + - contains: + path: spec.template.spec.tolerations + content: + key: "key" + operator: "Equal" + value: "value" + effect: "NoSchedule" + - equal: + path: spec.template.spec.nodeSelector + value: + key: "value" + - equal: + path: spec.template.spec.affinity + value: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: "key" + operator: "In" + values: + - "value" diff --git a/codefresh/tests/private-registry/other_templates_test.yaml b/codefresh/tests/private-registry/other_templates_test.yaml index d88d20a6af..ce8cdf8cad 100644 --- a/codefresh/tests/private-registry/other_templates_test.yaml +++ b/codefresh/tests/private-registry/other_templates_test.yaml @@ -4,7 +4,9 @@ templates: - seed/mongo-seed-job.yaml - seed/postgres-seed-job.yaml - gencerts/job-gencerts.yaml - - hooks/update-system-re.yaml + - hooks/post-upgrade/update-system-re.yaml + - hooks/pre-upgrade/set-mongodb-compat-version.yaml + - hooks/pre-upgrade/delete-consul-svc-job.yaml - legacy/postgres-clean-job.yaml tests: - it: "(Other templates) should test image private registry prefix" @@ -30,9 +32,19 @@ tests: - matchRegex: path: spec.template.spec.containers[0].image pattern: ^myregistry.io/.*$ - template: hooks/update-system-re.yaml + template: hooks/post-upgrade/update-system-re.yaml # postgres-clean-job template - matchRegex: path: spec.jobTemplate.spec.template.spec.containers[0].image pattern: ^myregistry.io/.*$ - template: legacy/postgres-clean-job.yaml \ No newline at end of file + template: legacy/postgres-clean-job.yaml + # set-mongodb-compact template + - matchRegex: + path: spec.template.spec.containers[0].image + pattern: ^myregistry.io/.*$ + template: hooks/pre-upgrade/set-mongodb-compat-version.yaml + # delete-consul- template + - matchRegex: + path: spec.template.spec.containers[0].image + pattern: ^myregistry.io/.*$ + template: hooks/pre-upgrade/delete-consul-svc-job.yaml diff --git a/codefresh/tests/values/private-registry.yaml b/codefresh/tests/values/private-registry.yaml index d8b703e16c..36ef990780 100644 --- a/codefresh/tests/values/private-registry.yaml +++ b/codefresh/tests/values/private-registry.yaml @@ -8,4 +8,9 @@ ingress-nginx: registry: myregistry.io cf-oidc-provider: - enabled: true \ No newline at end of file + enabled: true + +mongodb: + migration: + enabled: true + featureCompatibilityVersion: "6.0" diff --git a/codefresh/values.yaml b/codefresh/values.yaml index ad2c636989..9a4b9df36e 100644 --- a/codefresh/values.yaml +++ b/codefresh/values.yaml @@ -12,9 +12,9 @@ imageCredentials: {} gencerts: enabled: true image: - registry: quay.io + registry: us-docker.pkg.dev/codefresh-inc/public-gcr-io repository: codefresh/kubectl - tag: 1.31.2 + tag: 1.33.0 rbac: enabled: true ttlSecondsAfterFinished: 300 @@ -34,9 +34,9 @@ seed: mongoSeedJob: enabled: true image: - registry: quay.io + registry: us-docker.pkg.dev/codefresh-inc/public-gcr-io repository: codefresh/mongosh - tag: 2.3.7 + tag: 2.5.0 # -- Root user in plain text (required ONLY for seed job!). mongodbRootUser: "root" # -- Root user from existing secret @@ -60,9 +60,9 @@ seed: postgresSeedJob: enabled: true image: - registry: quay.io + registry: us-docker.pkg.dev/codefresh-inc/public-gcr-io repository: codefresh/postgresql - tag: 13 + tag: 17 # -- (optional) "postgres" admin user in plain text (required ONLY for seed job!) # Must be a privileged user allowed to create databases and grant roles. # If omitted, username and password from `.Values.global.postgresUser/postgresPassword` will be used. @@ -122,9 +122,8 @@ ingress: nginx.ingress.kubernetes.io/service-upstream: "true" nginx.ingress.kubernetes.io/ssl-redirect: "false" nginx.org/redirect-to-https: "false" - nginx.ingress.kubernetes.io/configuration-snippet: | - more_set_headers "X-Request-ID: $request_id"; - proxy_set_header X-Request-ID $request_id; + # -- Set labels for ingress + labels: {} # -- Global parameters # @default -- See below @@ -435,19 +434,33 @@ global: allowInsecureImages: true # -- Pre/post-upgrade Job hooks. -# Updates images in `system/default` runtime. # @default -- See below hooks: - enabled: true - image: - registry: quay.io - repository: codefresh/mongosh - tag: 2.3.7 - affinity: {} - nodeSelector: {} - podSecurityContext: {} - resources: {} - tolerations: [] + # -- Updates images in `system/default` runtime. + mongodb: + enabled: true + image: + registry: us-docker.pkg.dev/codefresh-inc/public-gcr-io + repository: codefresh/mongosh + tag: 2.5.0 + affinity: {} + nodeSelector: {} + podSecurityContext: {} + resources: {} + tolerations: [] + # -- Recreates `consul-headless` service due to duplicated ports in Service during the upgrade. + consul: + enabled: true + image: + registry: us-docker.pkg.dev/codefresh-inc/public-gcr-io + repository: codefresh/kubectl + tag: 1.33.0 + affinity: {} + nodeSelector: {} + podSecurityContext: {} + resources: {} + tolerations: [] + # -- Maintenance postgresql clean job. # Removes a certain number of the last records in the event store table. @@ -455,9 +468,9 @@ hooks: postgresqlCleanJob: enabled: true image: - registry: quay.io + registry: us-docker.pkg.dev/codefresh-inc/public-gcr-io repository: codefresh/postgresql - tag: 13 + tag: 17 schedule: "0 0 * * *" successfulJobsHistoryLimit: 1 failedJobsHistoryLimit: 1 @@ -471,19 +484,19 @@ postgresqlCleanJob: # -- runtimeImages # @default -- See below runtimeImages: - COMPOSE_IMAGE: quay.io/codefresh/compose:v2.32.2-1.5.2 - CONTAINER_LOGGER_IMAGE: quay.io/codefresh/cf-container-logger:1.12.2 - DIND_IMAGE: quay.io/codefresh/dind:26.1.4-1.28.8 - DOCKER_BUILDER_IMAGE: quay.io/codefresh/cf-docker-builder:1.4.2 - DOCKER_PULLER_IMAGE: quay.io/codefresh/cf-docker-puller:8.0.18 - DOCKER_PUSHER_IMAGE: quay.io/codefresh/cf-docker-pusher:6.0.16 - DOCKER_TAG_PUSHER_IMAGE: quay.io/codefresh/cf-docker-tag-pusher:1.3.15 - ENGINE_IMAGE: quay.io/codefresh/engine:1.177.4 - FS_OPS_IMAGE: quay.io/codefresh/fs-ops:1.2.8 - GIT_CLONE_IMAGE: quay.io/codefresh/cf-git-cloner:10.2.0 - KUBE_DEPLOY: quay.io/codefresh/cf-deploy-kubernetes:16.2.6 - PIPELINE_DEBUGGER_IMAGE: quay.io/codefresh/cf-debugger:1.3.7 - TEMPLATE_ENGINE: quay.io/codefresh/pikolo:0.14.2 + COMPOSE_IMAGE: us-docker.pkg.dev/codefresh-inc/public-gcr-io/codefresh/compose:v2.32.2-1.5.2 + CONTAINER_LOGGER_IMAGE: us-docker.pkg.dev/codefresh-inc/public-gcr-io/codefresh/cf-container-logger:1.12.5 + DIND_IMAGE: us-docker.pkg.dev/codefresh-inc/public-gcr-io/codefresh/dind:26.1.4-1.28.8 + DOCKER_BUILDER_IMAGE: us-docker.pkg.dev/codefresh-inc/public-gcr-io/codefresh/cf-docker-builder:1.4.4 + DOCKER_PULLER_IMAGE: us-docker.pkg.dev/codefresh-inc/public-gcr-io/codefresh/cf-docker-puller:8.0.20 + DOCKER_PUSHER_IMAGE: us-docker.pkg.dev/codefresh-inc/public-gcr-io/codefresh/cf-docker-pusher:6.0.17 + DOCKER_TAG_PUSHER_IMAGE: us-docker.pkg.dev/codefresh-inc/public-gcr-io/codefresh/cf-docker-tag-pusher:1.3.15 + ENGINE_IMAGE: us-docker.pkg.dev/codefresh-inc/public-gcr-io/codefresh/engine:1.177.8 + FS_OPS_IMAGE: us-docker.pkg.dev/codefresh-inc/public-gcr-io/codefresh/fs-ops:1.2.10 + GIT_CLONE_IMAGE: us-docker.pkg.dev/codefresh-inc/public-gcr-io/codefresh/cf-git-cloner:10.2.0 + KUBE_DEPLOY: us-docker.pkg.dev/codefresh-inc/public-gcr-io/codefresh/cf-deploy-kubernetes:16.2.6 + PIPELINE_DEBUGGER_IMAGE: us-docker.pkg.dev/codefresh-inc/public-gcr-io/codefresh/cf-debugger:1.3.9 + TEMPLATE_ENGINE: us-docker.pkg.dev/codefresh-inc/public-gcr-io/codefresh/pikolo:0.14.3 CR_6177_FIXER: docker.io/library/alpine:3.21 GC_BUILDER_IMAGE: docker.io/library/alpine:3.21 @@ -495,6 +508,8 @@ runtimeImages: cfapi: &cf-api # -- Enable cf-api enabled: true + # -- Image pull secrets + imagePullSecrets: [] # -- Controller configuration controller: # -- Replicas number @@ -521,6 +536,7 @@ cfapi: &cf-api OIDC_PROVIDER_PROTOCOL: '{{ .Values.global.oidcProviderProtocol }}' OIDC_PROVIDER_TOKEN_ENDPOINT: '{{ .Values.global.oidcProviderTokenEndpoint }}' DEFAULT_SYSTEM_TYPE: PROJECT_ONE + # -- Secrets configuration secrets: secret: enabled: true @@ -528,7 +544,6 @@ cfapi: &cf-api stringData: OIDC_PROVIDER_CLIENT_ID: '{{ .Values.global.oidcProviderClientId }}' OIDC_PROVIDER_CLIENT_SECRET: '{{ .Values.global.oidcProviderClientSecret }}' - # -- Resource requests and limits resources: requests: @@ -551,9 +566,13 @@ cfapi: &cf-api enabled: false # -- Minimum number of replicas in percentage minAvailable: "50%" + # -- Affinity configuration affinity: {} + # -- Node selector configuration nodeSelector: {} + # -- Pod security context configuration podSecurityContext: {} + # -- Tolerations configuration tolerations: [] # cfapi roles @@ -660,6 +679,7 @@ internal-gateway: # @default -- See below cf-broadcaster: enabled: true + imagePullSecrets: [] controller: replicas: 3 container: @@ -691,6 +711,7 @@ cf-platform-analytics-etlstarter: redis: # -- Disable redis subchart enabled: false + imagePullSecrets: [] controller: # - Disable default deployment controller enabled: false @@ -727,6 +748,7 @@ cf-platform-analytics-etlstarter: cf-platform-analytics-platform: nameOverride: platform-analytics mongodbDatabase: "platform-analytics-postgres" + imagePullSecrets: [] container: image: registry: us-docker.pkg.dev/codefresh-enterprise/gcr.io @@ -756,6 +778,7 @@ cf-platform-analytics-platform: # @default -- See below cfsign: enabled: true + imagePullSecrets: [] container: image: registry: us-docker.pkg.dev/codefresh-enterprise/gcr.io @@ -782,7 +805,7 @@ cfsign: volume-permissions: enabled: true image: - registry: quay.io + registry: us-docker.pkg.dev/codefresh-inc/public-gcr-io repository: codefresh/curl tag: 8.11.1 affinity: {} @@ -795,6 +818,7 @@ cfsign: # @default -- See below cfui: enabled: true + imagePullSecrets: [] controller: replicas: 2 container: @@ -821,6 +845,7 @@ cfui: # @default -- See below charts-manager: enabled: true + imagePullSecrets: [] container: image: registry: us-docker.pkg.dev/codefresh-enterprise/gcr.io @@ -843,6 +868,7 @@ charts-manager: # @default -- See below cluster-providers: enabled: true + imagePullSecrets: [] container: image: registry: us-docker.pkg.dev/codefresh-enterprise/gcr.io @@ -876,6 +902,7 @@ consul: # @default -- See below context-manager: enabled: true + imagePullSecrets: [] container: image: registry: us-docker.pkg.dev/codefresh-enterprise/gcr.io @@ -898,6 +925,7 @@ context-manager: # @default -- See below cronus: enabled: true + imagePullSecrets: [] container: image: registry: us-docker.pkg.dev/codefresh-enterprise/gcr.io @@ -911,6 +939,7 @@ cronus: # @default -- See below gitops-dashboard-manager: enabled: true + imagePullSecrets: [] container: image: registry: us-docker.pkg.dev/codefresh-enterprise/gcr.io @@ -933,6 +962,7 @@ gitops-dashboard-manager: # @default -- See below helm-repo-manager: enabled: true + imagePullSecrets: [] container: image: registry: us-docker.pkg.dev/codefresh-enterprise/gcr.io @@ -944,7 +974,7 @@ helm-repo-manager: ingress: enabled: false image: - repository: quay.io/codefresh/chartmuseum + repository: us-docker.pkg.dev/codefresh-inc/public-gcr-io/codefresh/chartmuseum tag: 8795e993 resources: requests: @@ -963,6 +993,7 @@ helm-repo-manager: # -- hermes # @default -- See below hermes: + imagePullSecrets: [] controller: replicas: 1 container: @@ -986,7 +1017,7 @@ ingress-nginx: enabled: true controller: enableAnnotationValidations: true - allowSnippetAnnotations: true + allowSnippetAnnotations: false ingressClassResource: enabled: true default: false @@ -1006,11 +1037,14 @@ ingress-nginx: proxy-body-size: "5M" log-format-escape-json: "true" log-format-upstream: '{ "time": "$time_iso8601", "remote_addr": "$proxy_protocol_addr", "x-forward-for": "$proxy_add_x_forwarded_for", "remote_user": "$remote_user", "bytes_sent": $bytes_sent, "request_time": $request_time, "status": $status, "vhost": "$host", "request_proto": "$server_protocol", "path": "$uri", "request_query": "$args", "request_length": $request_length, "duration": $request_time, "method": "$request_method", "http_referrer": "$http_referer", "http_user_agent": "$http_user_agent", "http_x_github_delivery": "$http_x_github_delivery", "http_x_hook_uuid": "$http_x_hook_uuid", "metadata": { "correlationId": "$request_id", "service": "ingress", "time": "$time_iso8601" } }' + http-snippet: | + proxy_set_header X-Request-ID $request_id; # -- k8s-monitor # @default -- See below k8s-monitor: enabled: true + imagePullSecrets: [] container: image: registry: us-docker.pkg.dev/codefresh-enterprise/gcr.io @@ -1033,6 +1067,7 @@ k8s-monitor: # @default -- See below kube-integration: enabled: true + imagePullSecrets: [] container: image: registry: us-docker.pkg.dev/codefresh-enterprise/gcr.io @@ -1056,8 +1091,6 @@ kube-integration: # Ref: https://github.com/bitnami/charts/blob/main/bitnami/mongodb/values.yaml mongodb: enabled: true - image: - tag: "6.0" architecture: standalone useStatefulSet: true auth: @@ -1069,8 +1102,8 @@ mongodb: cpu: 200m memory: 256Mi migration: - enabled: false - featureCompatibilityVersion: "5.0" + enabled: true + featureCompatibilityVersion: "6.0" # -- nats # @default -- See below @@ -1088,6 +1121,7 @@ nats: # @default -- See below nomios: enabled: true + imagePullSecrets: [] container: image: registry: us-docker.pkg.dev/codefresh-enterprise/gcr.io @@ -1106,9 +1140,9 @@ nomios: postgresql: enabled: true image: - registry: quay.io + registry: us-docker.pkg.dev/codefresh-inc/public-gcr-io repository: codefresh/postgresql - tag: 13 + tag: 17 auth: enablePostgresUser: true postgresPassword: "eC9arYka4ZbH" @@ -1133,9 +1167,9 @@ postgresql-ha: enabled: false postgresql: image: - registry: quay.io + registry: us-docker.pkg.dev/codefresh-inc/public-gcr-io repository: codefresh/postgresql-repmgr - tag: 13 + tag: 17 username: postgres password: "eC9arYka4ZbH" database: "codefresh" @@ -1192,7 +1226,7 @@ redis-ha: rabbitmq: enabled: true image: - tag: 3.13.7-debian-12-r5 + tag: "4.0" replicaCount: 1 auth: username: user @@ -1206,10 +1240,11 @@ rabbitmq: # -- builder builder: enabled: true + imagePullSecrets: [] initContainers: register: image: - registry: quay.io + registry: us-docker.pkg.dev/codefresh-inc/public-gcr-io repository: codefresh/curl tag: 8.11.1 container: @@ -1227,10 +1262,11 @@ builder: # @default -- See below runner: enabled: true + imagePullSecrets: [] initContainers: register: image: - registry: quay.io + registry: us-docker.pkg.dev/codefresh-inc/public-gcr-io repository: codefresh/curl tag: 8.11.1 container: @@ -1248,6 +1284,7 @@ runner: # @default -- See below pipeline-manager: enabled: true + imagePullSecrets: [] container: image: registry: us-docker.pkg.dev/codefresh-enterprise/gcr.io @@ -1270,6 +1307,7 @@ pipeline-manager: # @default -- See below runtime-environment-manager: enabled: true + imagePullSecrets: [] container: image: registry: us-docker.pkg.dev/codefresh-enterprise/gcr.io @@ -1293,6 +1331,7 @@ runtime-environment-manager: # -- tasker-kubernetes tasker-kubernetes: enabled: true + imagePullSecrets: [] container: image: registry: us-docker.pkg.dev/codefresh-enterprise/gcr.io @@ -1321,8 +1360,7 @@ argo-hub-platform: image: registry: us-docker.pkg.dev/codefresh-enterprise/gcr.io repository: codefresh-io/argo-hub-platform - imagePullSecrets: - - '{{ .Release.Name }}-registry' + imagePullSecrets: [] resources: requests: cpu: 100m @@ -1906,3 +1944,17 @@ seed-e2e: ci: enabled: false + +developmentChart: false + +mailer: + enabled: false + +payments: + enabled: false + +segment-reporter: + enabled: false + +salesforce-reporter: + enabled: false diff --git a/codefresh/files/indexes/2.6/agenttasks.json b/indexes/codefresh/agenttasks.json similarity index 100% rename from codefresh/files/indexes/2.6/agenttasks.json rename to indexes/codefresh/agenttasks.json diff --git a/indexes/codefresh/feature-store-versioned.json b/indexes/codefresh/feature-store-versioned.json new file mode 100644 index 0000000000..4be0e71322 --- /dev/null +++ b/indexes/codefresh/feature-store-versioned.json @@ -0,0 +1,25 @@ +[ + { + "expireAfterSeconds": 43200.0, + "key": { + "createdAt": 1.0 + }, + "name": "createdAt_1", + "v": 2.0 + }, + { + "key": { + "_id": -1.0, + "LDRedisStoreVersion": 1.0 + }, + "name": "LDRedisStoreVersion_1__id_-1", + "v": 2.0 + }, + { + "key": { + "_id": 1.0 + }, + "name": "_id_", + "v": 2.0 + } +] diff --git a/codefresh/files/indexes/2.6/workflowprocesses.json b/indexes/codefresh/workflowprocesses.json similarity index 100% rename from codefresh/files/indexes/2.6/workflowprocesses.json rename to indexes/codefresh/workflowprocesses.json diff --git a/codefresh/files/indexes/2.6/analysisruns.json b/indexes/read-models/analysisruns.json similarity index 100% rename from codefresh/files/indexes/2.6/analysisruns.json rename to indexes/read-models/analysisruns.json diff --git a/codefresh/files/indexes/2.6/images-binaries.json b/indexes/read-models/images-binaries.json similarity index 100% rename from codefresh/files/indexes/2.6/images-binaries.json rename to indexes/read-models/images-binaries.json diff --git a/codefresh/files/indexes/2.6/releases.json b/indexes/read-models/releases.json similarity index 100% rename from codefresh/files/indexes/2.6/releases.json rename to indexes/read-models/releases.json diff --git a/codefresh/files/indexes/2.6/rollouts.json b/indexes/read-models/rollouts.json similarity index 100% rename from codefresh/files/indexes/2.6/rollouts.json rename to indexes/read-models/rollouts.json diff --git a/scripts/update_re_images.sh b/scripts/update_re_images.sh index b87405f9dd..e5f6d31acc 100755 --- a/scripts/update_re_images.sh +++ b/scripts/update_re_images.sh @@ -56,7 +56,7 @@ for k in ${RUNTIME_IMAGES[@]}; do fi done -sed -i 's|us-docker.pkg.dev/codefresh-inc/public-gcr-io|quay.io|' $CHARTDIR/values.yaml +# sed -i 's|us-docker.pkg.dev/codefresh-inc/public-gcr-io|quay.io|' $CHARTDIR/values.yaml sed -i 's/!!merge //g' $CHARTDIR/values.yaml