From 058c160b517131d086a5d0f31723135282945d61 Mon Sep 17 00:00:00 2001 From: cf-ci-bot Date: Sat, 15 Mar 2025 07:05:27 +0000 Subject: [PATCH 01/66] onprem: create onprem-release-2.7 branch --- codefresh/Chart.yaml | 50 ++++++++++++++++++++++---------------------- 1 file changed, 25 insertions(+), 25 deletions(-) diff --git a/codefresh/Chart.yaml b/codefresh/Chart.yaml index 96af206c9..3155683a3 100644 --- a/codefresh/Chart.yaml +++ b/codefresh/Chart.yaml @@ -81,7 +81,7 @@ dependencies: repository: oci://quay.io/codefresh/charts condition: kube-integration.enabled - name: charts-manager - version: "*" + version: "~1.22.0" repository: oci://quay.io/codefresh/charts condition: charts-manager.enabled - name: cfsign @@ -93,11 +93,11 @@ dependencies: repository: oci://quay.io/codefresh/charts condition: tasker-kubernetes.enabled - name: context-manager - version: "*" + version: "~2.33.0" repository: oci://quay.io/codefresh/charts condition: context-manager.enabled - name: pipeline-manager - version: "*" + version: "~3.138.0" repository: oci://quay.io/codefresh/charts condition: pipeline-manager.enabled - name: gitops-dashboard-manager @@ -106,96 +106,96 @@ dependencies: condition: gitops-dashboard-manager.enabled - name: cfapi alias: cfapi - version: "*" + version: "~21.274.0" repository: oci://quay.io/codefresh/charts condition: cfapi.enabled - name: cfapi alias: cfapi-auth - version: "*" + version: "~21.274.0" repository: oci://quay.io/codefresh/charts condition: cfapi-auth.enabled - name: cfapi alias: cfapi-internal - version: "*" + version: "~21.274.0" repository: oci://quay.io/codefresh/charts condition: cfapi-internal.enabled - name: cfapi alias: cfapi-ws - version: "*" + version: "~21.274.0" repository: oci://quay.io/codefresh/charts condition: cfapi-ws.enabled - name: cfapi alias: cfapi-admin - version: "*" + version: "~21.274.0" repository: oci://quay.io/codefresh/charts condition: cfapi-admin.enabled - name: cfapi alias: cfapi-endpoints - version: "*" + version: "~21.274.0" repository: oci://quay.io/codefresh/charts condition: cfapi-endpoints.enabled - name: cfapi alias: cfapi-terminators - version: "*" + version: "~21.274.0" repository: oci://quay.io/codefresh/charts condition: cfapi-terminators.enabled - name: cfapi alias: cfapi-sso-group-synchronizer - version: "*" + version: "~21.274.0" repository: oci://quay.io/codefresh/charts condition: cfapi-sso-group-synchronizer.enabled - name: cfapi alias: cfapi-buildmanager - version: "*" + version: "~21.274.0" repository: oci://quay.io/codefresh/charts condition: cfapi-buildmanager.enabled - name: cfapi alias: cfapi-cacheevictmanager - version: "*" + version: "~21.274.0" repository: oci://quay.io/codefresh/charts condition: cfapi-cacheevictmanager.enabled - name: cfapi alias: cfapi-eventsmanagersubscriptions - version: "*" + version: "~21.274.0" repository: oci://quay.io/codefresh/charts condition: cfapi-eventsmanagersubscriptions.enabled - name: cfapi alias: cfapi-kubernetesresourcemonitor - version: "*" + version: "~21.274.0" repository: oci://quay.io/codefresh/charts condition: cfapi-kubernetesresourcemonitor.enabled - name: cfapi alias: cfapi-environments - version: "*" + version: "~21.274.0" repository: oci://quay.io/codefresh/charts condition: cfapi-environments.enabled - name: cfapi alias: cfapi-gitops-resource-receiver - version: "*" + version: "~21.274.0" repository: oci://quay.io/codefresh/charts condition: cfapi-gitops-resource-receiver.enabled - name: cfapi alias: cfapi-downloadlogmanager - version: "*" + version: "~21.274.0" repository: oci://quay.io/codefresh/charts condition: cfapi-downloadlogmanager.enabled - name: cfapi alias: cfapi-teams - version: "*" + version: "~21.274.0" repository: oci://quay.io/codefresh/charts condition: cfapi-teams.enabled - name: cfapi alias: cfapi-kubernetes-endpoints - version: "*" + version: "~21.274.0" repository: oci://quay.io/codefresh/charts condition: cfapi-kubernetes-endpoints.enabled - name: cfapi alias: cfapi-test-reporting - version: "*" + version: "~21.274.0" repository: oci://quay.io/codefresh/charts condition: cfapi-test-reporting.enabled - name: cfui - version: "*" + version: "~14.97.0" repository: oci://quay.io/codefresh/charts condition: cfui.enabled - name: k8s-monitor @@ -203,7 +203,7 @@ dependencies: repository: oci://quay.io/codefresh/charts condition: k8s-monitor.enabled - name: runtime-environment-manager - version: "*" + version: "~3.39.0" repository: oci://quay.io/codefresh/charts condition: runtime-environment-manager.enabled - name: cf-broadcaster @@ -211,7 +211,7 @@ dependencies: repository: oci://quay.io/codefresh/charts condition: cf-broadcaster.enabled - name: helm-repo-manager - version: "*" + version: "~0.20.0" repository: oci://quay.io/codefresh/charts condition: helm-repo-manager.enabled - name: hermes @@ -237,7 +237,7 @@ dependencies: repository: oci://quay.io/codefresh/charts condition: argo-platform.enabled - name: argo-platform - version: "*" + version: "~1.3344.0" repository: oci://quay.io/codefresh/charts condition: argo-platform.enabled - name: argo-hub-platform From dd99b0d9f1076a65015872f905c51462daed053b Mon Sep 17 00:00:00 2001 From: mikhail-klimko Date: Thu, 20 Mar 2025 16:47:15 +0300 Subject: [PATCH 02/66] onprem: 2.7.1 (#31) --- codefresh/Chart.lock | 67 +++-- codefresh/Chart.yaml | 34 ++- codefresh/README.md | 8 +- codefresh/files/assets/accounts-dev.json | 262 ++++++++++++++++++ codefresh/files/assets/packs.json | 103 +++++++ codefresh/files/mongoSeedJobScript.sh | 20 ++ codefresh/templates/_helpers.tpl | 4 + .../configmaps/runtimeEnvironments.json.tpl | 12 +- .../templates/gencerts/job-gencerts.yaml | 20 +- .../hooks/set-mongodb-compat-version.yaml | 15 +- .../templates/hooks/update-system-re.yaml | 20 +- codefresh/templates/ingress.yaml | 12 +- codefresh/templates/internal-gateway.yaml | 38 ++- .../templates/seed/mongo-seed-config.yaml | 108 +------- codefresh/templates/seed/mongo-seed-job.yaml | 28 +- .../templates/seed/postgres-seed-job.yaml | 20 +- .../tests/misc/global_constrains_test.yaml | 132 +++++++++ codefresh/values.yaml | 23 +- 18 files changed, 742 insertions(+), 184 deletions(-) create mode 100644 codefresh/files/assets/accounts-dev.json create mode 100644 codefresh/files/assets/packs.json diff --git a/codefresh/Chart.lock b/codefresh/Chart.lock index c8f75f603..9f26a0c04 100644 --- a/codefresh/Chart.lock +++ b/codefresh/Chart.lock @@ -40,10 +40,10 @@ dependencies: version: 4.11.2 - name: cluster-providers repository: oci://quay.io/codefresh/charts - version: 1.17.14 + version: 1.17.15 - name: kube-integration repository: oci://quay.io/codefresh/charts - version: 1.31.17 + version: 1.31.18 - name: charts-manager repository: oci://quay.io/codefresh/charts version: 1.22.2 @@ -64,58 +64,58 @@ dependencies: version: 1.14.20 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.9 + version: 21.274.10 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.9 + version: 21.274.10 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.9 + version: 21.274.10 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.9 + version: 21.274.10 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.9 + version: 21.274.10 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.9 + version: 21.274.10 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.9 + version: 21.274.10 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.9 + version: 21.274.10 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.9 + version: 21.274.10 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.9 + version: 21.274.10 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.9 + version: 21.274.10 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.9 + version: 21.274.10 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.9 + version: 21.274.10 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.9 + version: 21.274.10 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.9 + version: 21.274.10 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.9 + version: 21.274.10 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.9 + version: 21.274.10 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.9 + version: 21.274.10 - name: cfui repository: oci://quay.io/codefresh/charts version: 14.97.50 @@ -142,18 +142,33 @@ dependencies: version: 0.8.10 - name: cf-platform-analytics repository: oci://quay.io/codefresh/charts - version: 0.49.77 + version: 0.49.78 - name: cf-platform-analytics repository: oci://quay.io/codefresh/charts - version: 0.49.77 + version: 0.49.78 - name: argo-platform repository: oci://quay.io/codefresh/charts - version: 1.3344.0 + version: 1.3344.0-onprem-b84a89b - name: argo-hub-platform repository: oci://quay.io/codefresh/charts - version: 0.1.21 + version: 0.1.22 - name: cf-oidc-provider repository: oci://quay.io/codefresh/charts version: 0.0.16 -digest: sha256:83072ee3b8654194f3fb06b189775de8f1220062dad9f8ec858c54641e3aeefb -generated: "2025-03-14T18:07:51.289296+03:00" +- name: mailer + repository: oci://quay.io/codefresh/charts + version: 1.20.8 +- name: payments + repository: oci://quay.io/codefresh/charts + version: 2.23.17 +- name: segment-reporter + repository: oci://quay.io/codefresh/charts + version: 1.17.8 +- name: salesforce-reporter + repository: oci://quay.io/codefresh/charts + version: 1.30.11 +- name: onboarding-status + repository: oci://quay.io/codefresh/charts + version: 1.8.8 +digest: sha256:b8ea966f7f7cec4c6d6e73e24f5ad0227950009e2d7136e8766c080f9c579b78 +generated: "2025-03-20T14:19:34.976455+03:00" diff --git a/codefresh/Chart.yaml b/codefresh/Chart.yaml index 3155683a3..a34fdf89b 100644 --- a/codefresh/Chart.yaml +++ b/codefresh/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 description: Helm Chart for Codefresh On-Prem name: codefresh -version: 2.7.0 +version: 2.7.1 keywords: - codefresh home: https://codefresh.io/ @@ -18,8 +18,16 @@ annotations: # artifacthub.io/containsSecurityUpdates: "true" # supported kinds are added, changed, deprecated, removed, fixed and security. artifacthub.io/changes: | + - kind: added + description: "Added subcharts for development environment" - kind: changed - description: "Initial 2.7 release" + description: "Disable abacAndRules feature-flag" + - kind: fixed + description: "Add checkmark on LDAP SSO configuration to allow deleting users" + - kind: fixed + description: "Fix global constrains tolerations/nodeSelector/affinity/imagePullSecret for hooks and seed jobs" + - kind: changed + description: "Bump MongoDB featureCompatibilityVersion to 6.0" dependencies: - name: cf-common repository: oci://quay.io/codefresh/charts @@ -237,7 +245,7 @@ dependencies: repository: oci://quay.io/codefresh/charts condition: argo-platform.enabled - name: argo-platform - version: "~1.3344.0" + version: "1.3344.0-onprem-b84a89b" repository: oci://quay.io/codefresh/charts condition: argo-platform.enabled - name: argo-hub-platform @@ -248,3 +256,23 @@ dependencies: repository: oci://quay.io/codefresh/charts version: "*" condition: cf-oidc-provider.enabled + - name: mailer + version: "*" + repository: oci://quay.io/codefresh/charts + condition: mailer.enabled + - name: payments + version: "*" + repository: oci://quay.io/codefresh/charts + condition: payments.enabled + - name: segment-reporter + version: "*" + repository: oci://quay.io/codefresh/charts + condition: segment-reporter.enabled + - name: salesforce-reporter + version: "*" + repository: oci://quay.io/codefresh/charts + condition: salesforce-reporter.enabled + - name: onboarding-status + version: "*" + repository: oci://quay.io/codefresh/charts + condition: onboarding-status.enabled diff --git a/codefresh/README.md b/codefresh/README.md index 2159cd66a..97548732b 100644 --- a/codefresh/README.md +++ b/codefresh/README.md @@ -1,6 +1,6 @@ ## Codefresh On-Premises -![Version: 2.7.0](https://img.shields.io/badge/Version-2.7.0-informational?style=flat-square) ![AppVersion: 2.7.0](https://img.shields.io/badge/AppVersion-2.7.0-informational?style=flat-square) +![Version: 2.7.1](https://img.shields.io/badge/Version-2.7.1-informational?style=flat-square) ![AppVersion: 2.7.0](https://img.shields.io/badge/AppVersion-2.7.0-informational?style=flat-square) Helm chart for deploying [Codefresh On-Premises](https://codefresh.io/docs/docs/getting-started/intro-to-codefresh/) to Kubernetes. @@ -2191,6 +2191,7 @@ After platform upgrade, Consul fails with the error `refusing to rejoin cluster | consul | object | See below | consul Ref: https://github.com/bitnami/charts/blob/main/bitnami/consul/values.yaml | | context-manager | object | See below | context-manager | | cronus | object | See below | cronus | +| developmentChart | bool | `false` | | | dockerconfigjson | object | `{}` | DEPRECATED - Use `.imageCredentials` instead dockerconfig (for `kcfi` tool backward compatibility) for Image Pull Secret. Obtain GCR Service Account JSON (sa.json) at support@codefresh.io ```shell GCR_SA_KEY_B64=$(cat sa.json | base64) DOCKER_CFG_VAR=$(echo -n "_json_key:$(echo ${GCR_SA_KEY_B64} | base64 -d)" | base64 | tr -d '\n') ``` E.g.: dockerconfigjson: auths: gcr.io: auth: | | gencerts | object | See below | Job to generate internal runtime secrets. Required at first install. | | gitops-dashboard-manager | object | See below | gitops-dashboard-manager | @@ -2304,9 +2305,12 @@ After platform upgrade, Consul fails with the error `refusing to rejoin cluster | internal-gateway | object | See below | internal-gateway | | k8s-monitor | object | See below | k8s-monitor | | kube-integration | object | See below | kube-integration | +| mailer.enabled | bool | `false` | | | mongodb | object | See below | mongodb Ref: https://github.com/bitnami/charts/blob/main/bitnami/mongodb/values.yaml | | nats | object | See below | nats Ref: https://github.com/bitnami/charts/blob/main/bitnami/nats/values.yaml | | nomios | object | See below | nomios | +| onboarding-status.enabled | bool | `false` | | +| payments.enabled | bool | `false` | | | pipeline-manager | object | See below | pipeline-manager | | postgresql | object | See below | postgresql Ref: https://github.com/bitnami/charts/blob/main/bitnami/postgresql/values.yaml | | postgresql-ha | object | See below | postgresql Ref: https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/values.yaml | @@ -2317,6 +2321,7 @@ After platform upgrade, Consul fails with the error `refusing to rejoin cluster | runner | object | See below | runner | | runtime-environment-manager | object | See below | runtime-environment-manager | | runtimeImages | object | See below | runtimeImages | +| salesforce-reporter.enabled | bool | `false` | | | seed | object | See below | Seed jobs | | seed-e2e | object | `{"affinity":{},"backoffLimit":10,"enabled":false,"image":{"registry":"docker.io","repository":"mongo","tag":"latest"},"nodeSelector":{},"podSecurityContext":{},"resources":{},"tolerations":[],"ttlSecondsAfterFinished":300}` | CI | | seed.enabled | bool | `true` | Enable all seed jobs | @@ -2330,5 +2335,6 @@ After platform upgrade, Consul fails with the error `refusing to rejoin cluster | seed.postgresSeedJob.postgresPasswordSecretKeyRef | optional | `{}` | Password for "postgres" admin user from existing secret | | seed.postgresSeedJob.postgresUser | optional | `""` | "postgres" admin user in plain text (required ONLY for seed job!) Must be a privileged user allowed to create databases and grant roles. If omitted, username and password from `.Values.global.postgresUser/postgresPassword` will be used. | | seed.postgresSeedJob.postgresUserSecretKeyRef | optional | `{}` | "postgres" admin user from exising secret | +| segment-reporter.enabled | bool | `false` | | | tasker-kubernetes | object | `{"affinity":{},"container":{"image":{"registry":"us-docker.pkg.dev/codefresh-enterprise/gcr.io","repository":"codefresh/tasker-kubernetes"}},"enabled":true,"hpa":{"enabled":false},"nodeSelector":{},"pdb":{"enabled":false},"podSecurityContext":{},"resources":{"limits":{},"requests":{"cpu":"100m","memory":"128Mi"}},"tolerations":[]}` | tasker-kubernetes | | webTLS | object | `{"cert":"","enabled":false,"key":"","secretName":"star.codefresh.io"}` | DEPRECATED - Use `.Values.ingress.tls` instead TLS secret for Ingress | diff --git a/codefresh/files/assets/accounts-dev.json b/codefresh/files/assets/accounts-dev.json new file mode 100644 index 000000000..06ac6be00 --- /dev/null +++ b/codefresh/files/assets/accounts-dev.json @@ -0,0 +1,262 @@ +{ + "_id" : ObjectId("59009117c102763beda7ce71"), + "name" : "codefresh-inc", + "suspension" : { + "isSuspended" : false + }, + "activation" : { + "isActivated" : true, + "performedBy" : "System" + }, + "cloudBuilds" : { + "isActivated" : true, + "isRequested" : false, + "performedBy" : "System" + }, + "allowedDomains" : [ + + ], + "enabledAllowedDomains" : true, + "admins" : [ + ObjectId("59009221c102763beda7cf04") + ], + "environment" : NumberInt(1), + "runtimeEnvironment" : "codefresh", + "integrations" : { + "stash" : { + "active" : false + }, + "github" : { + "active" : false + }, + "gitlab" : { + "active" : false + }, + "aks" : { + "exist" : false + }, + "aks_sp" : { + "exist" : false + }, + "aks_mi" : { + "exist" : false + }, + "gcloud" : { + "exist" : false + }, + "digitalOcean" : { + "exist" : false + }, + "registries" : [ + + ] + }, + "badgeToken" : "eyJhbGciOiJIUzI1NiJ9.NTkwMDkxMTdjMTAyNzYzYmVkYTdjZTcx.B0HOUL6HlpTRNr_e95pVucSRMRzP2cobe5kIoMtrDSc", + "createdAt" : ISODate("2017-04-26T12:22:48.001+0000"), + "updatedAt" : ISODate("2017-04-26T12:27:13.720+0000"), + "build" : { + "strategy" : "account", + "nodes" : NumberInt(0), + "packs" : [ + { + "id" : "5cd1746617313f468d669013", + "metadata" : { + "name" : "small", + "description" : "1 GB RAM 1 CPU" + }, + "workflows" : { + "concurrency" : { + "amount" : NumberInt(1), + "absorb" : NumberInt(0), + "allowUnlimited" : false + } + }, + "runtime" : { + "name" : "system/linux_paying_plan", + "defaultDindResources" : { + "requests" : { + "cpu" : "900m", + "memory" : "1024Mi" + } + }, + "cpu" : "1000m", + "memory" : "1024Mi", + "storage" : "8G", + "dindStorage" : "8G", + "os" : "linux", + "architecture" : "amd64" + } + }, + { + "id" : "5cd1746717313f468d669014", + "metadata" : { + "name" : "medium", + "description" : "4 GB RAM 2 CPU" + }, + "workflows" : { + "concurrency" : { + "amount" : NumberInt(1), + "absorb" : NumberInt(0), + "allowUnlimited" : false + } + }, + "runtime" : { + "name" : "system/linux_paying_plan", + "defaultDindResources" : { + "requests" : { + "cpu" : "1200m", + "memory" : "1500Mi" + } + }, + "cpu" : "2000m", + "memory" : "4096Mi", + "storage" : "16G", + "dindStorage" : "16G", + "os" : "linux", + "architecture" : "amd64" + } + }, + { + "id" : "5cd1746817313f468d669015", + "metadata" : { + "name" : "large", + "description" : "8 GB RAM 4 CPU" + }, + "workflows" : { + "concurrency" : { + "amount" : NumberInt(1), + "absorb" : NumberInt(0), + "allowUnlimited" : false + } + }, + "runtime" : { + "name" : "system/linux_paying_plan", + "defaultDindResources" : { + "requests" : { + "cpu" : "1500m", + "memory" : "3000Mi" + } + }, + "cpu" : "4000m", + "memory" : "8192Mi", + "storage" : "32G", + "dindStorage" : "32G", + "os" : "linux", + "architecture" : "amd64" + } + }, + { + "id" : "5cd1746817313f468d669016", + "metadata" : { + "name" : "runner", + "description" : "Hybrid runtime-environment" + }, + "workflows" : { + "concurrency" : { + "amount" : NumberInt(-1), + "absorb" : NumberInt(1), + "allowUnlimited" : true + } + } + } + ], + "defaultPack" : ObjectId("5cd1746617313f468d669013") + }, + "dedicatedInfrastructure" : false, + "canUsePrivateRepos" : true, + "features" : { + "launchDarklyManagement" : true + }, + "supportPlan" : "PLATINUM", + "increasedAttention" : false, + "cfcrRepositoryPath" : "codefresh-inc", + "paymentPlan" : { + "id" : "PRO_1", + "trial" : { + "trialing" : true, + "trialStart" : ISODate("2025-02-07T15:33:32.532+0000"), + "trialEnd" : ISODate("2025-02-22T15:33:32.532+0000"), + "trialWillEndNotified" : false, + "trialEndedNotified" : false, + "type" : "NEW_ACCOUNT", + "previousSegment" : "BASIC" + }, + "isWiredTransfer" : false, + "provider" : "codefresh" + }, + "gradualExposure" : "SEGMENT", + "codefreshEnv" : "latest", + "imageViewConfig" : { + "version" : "V1" + }, + "buildStepConfig" : { + "version" : "V1", + "disablePush" : false + }, + "CFCRState" : { + "dates" : { + "one" : { + "startDate" : "2020-03-10", + "endDate" : "2020-07-02" + }, + "two" : { + "startDate" : "2020-07-02", + "endDate" : "2020-07-16" + } + }, + "enabled" : false, + "system" : "ACTIVE", + "displayGlobalNotice" : true, + "accountChoice" : "ACTIVE" + }, + "noPersonalAccountForInvitedUser" : true, + "pipelineConfig" : { + "general" : { + "templates" : false, + "clone" : true, + "autoCreateProjectsForTeams" : false, + "lowMemoryWarningThreshold" : "70" + }, + "yaml" : { + "inline" : true, + "git" : true, + "url" : true + }, + "execution" : { + "keepPVCsForPendingApproval" : false, + "pendingApprovalConcurrencyApplied" : false, + "injectClustersFromPipelineSettings" : false, + "permitRestartFromFailedSteps" : true + }, + "pendingApproval" : { + "pendingApprovalConfirmation" : "none" + } + }, + "csdp" : { + "validated" : false + }, + "pauseWorkflowExecution" : false, + "systemType" : "PROJECT_ONE", + "systemTypePrev" : "", + "notifications" : [ + { + "type" : "pr", + "events" : [ + "build-success" + ] + } + ], + "repoPermission" : "public", + "limits" : { + "collaborators" : { + "limit" : NumberInt(10), + "used" : NumberInt(1) + }, + "dataRetention" : { + "weeks" : NumberInt(24) + } + }, + "localUserPasswordIDPEnabled" : true, + "segment" : "ENTERPRISE", + "__v" : NumberInt(0) +} diff --git a/codefresh/files/assets/packs.json b/codefresh/files/assets/packs.json new file mode 100644 index 000000000..61ee50a0d --- /dev/null +++ b/codefresh/files/assets/packs.json @@ -0,0 +1,103 @@ +[ + { + "workflows": { + "concurrency": { + "amount": 2, + "absorb": 2, + "allowUnlimited": false + } + }, + "runtime": { + "defaultDindResources": { + "requests": { + "cpu": "900m", + "memory": "1024Mi" + } + }, + "name": "system/linux_paying_plan", + "os": "linux", + "architecture": "amd64", + "cpu": "1000m", + "memory": "1024Mi", + "storage": "8G", + "dindStorage": "8G" + }, + "id": "5cd1746617313f468d669013", + "metadata": { + "description": "1 GB RAM 1 CPU", + "name": "small" + } + }, + { + "workflows": { + "concurrency": { + "amount": 2, + "absorb": 2, + "allowUnlimited": false + } + }, + "runtime": { + "defaultDindResources": { + "requests": { + "cpu": "1200m", + "memory": "1500Mi" + } + }, + "name": "system/linux_paying_plan", + "os": "linux", + "architecture": "amd64", + "cpu": "2000m", + "memory": "4096Mi", + "storage": "16G", + "dindStorage": "16G" + }, + "id": "5cd1746717313f468d669014", + "metadata": { + "description": "4 GB RAM 2 CPU", + "name": "medium" + } + }, + { + "workflows": { + "concurrency": { + "amount": 2, + "absorb": 2, + "allowUnlimited": false + } + }, + "runtime": { + "defaultDindResources": { + "requests": { + "cpu": "1500m", + "memory": "3000Mi" + } + }, + "name": "system/linux_paying_plan", + "os": "linux", + "architecture": "amd64", + "cpu": "4000m", + "memory": "8192Mi", + "storage": "32G", + "dindStorage": "32G" + }, + "id": "5cd1746817313f468d669015", + "metadata": { + "description": "8 GB RAM 4 CPU", + "name": "large" + } + }, + { + "workflows": { + "concurrency": { + "amount": -1, + "absorb": 0, + "allowUnlimited": true + } + }, + "id": "5cd1746817313f468d669016", + "metadata": { + "description": "Hybrid runtime-environment", + "name": "runner" + } + } +] diff --git a/codefresh/files/mongoSeedJobScript.sh b/codefresh/files/mongoSeedJobScript.sh index 3bcaf6f98..e40eefad7 100644 --- a/codefresh/files/mongoSeedJobScript.sh +++ b/codefresh/files/mongoSeedJobScript.sh @@ -29,6 +29,8 @@ MONGODB_DATABASES=( "platform-analytics-postgres" "read-models" "runtime-environment-manager" + "onboarding-status" + "payments" ) disableMongoTelemetry() { @@ -66,6 +68,18 @@ getMongoVersion() { MONOGDB_VERSION=$(mongosh ${MONGODB_ROOT_URI} --eval "db.version()" 2>&1 | tail -n1) } +setSystemAdmin() { + mongosh $MONGO_URI --eval "db.users.update({}, {\$set: {roles: ['User', 'Admin', 'Account Admin']}}, {multi: true})" +} + +setPacks() { + PACKS=$(cat ${ASSETS_PATH}packs.json) + mongosh $MONGO_URI --eval "db.accounts.update({}, {\$set: {'build.packs': ${PACKS} }}, {multi: true})" + + PAYMENTS_MONGO_URI=${MONGO_URI/\/codefresh/\/payments} + mongosh $PAYMENTS_MONGO_URI --eval "db.accounts.update({}, {\$set: {'plan.packs': ${PACKS} }}, {multi: true})" +} + parseMongoURI $MONGO_URI disableMongoTelemetry @@ -85,6 +99,12 @@ mongosh ${MONGODB_ROOT_URI} --eval "db.getSiblingDB(\"codefresh\").grantRolesToU mongosh ${MONGODB_ROOT_URI} --eval "db.getSiblingDB(\"codefresh\").grantRolesToUser( \"${MONGODB_USER}\", [ { role: \"readWrite\", db: \"platform-analytics-postgres\" } ] )" 2>&1 || true mongosh ${MONGODB_ROOT_URI} --eval "db.getSiblingDB(\"codefresh\").changeUserPassword(\"${MONGODB_USER}\",\"${MONGODB_PASSWORD}\")" 2>&1 || true +if [[ $DEVELOPMENT_CHART == "true" ]]; then + mongoimport --uri ${MONGO_URI} --collection accounts --type json --legacy --file ${ASSETS_PATH}accounts-dev.json + setSystemAdmin + setPacks +fi + mongoimport --uri ${MONGO_URI} --collection idps --type json --legacy --file ${ASSETS_PATH}idps.json mongoimport --uri ${MONGO_URI} --collection accounts --type json --legacy --file ${ASSETS_PATH}accounts.json mongoimport --uri ${MONGO_URI} --collection users --type json --legacy --file ${ASSETS_PATH}users.json diff --git a/codefresh/templates/_helpers.tpl b/codefresh/templates/_helpers.tpl index bbded8dca..b657b6742 100644 --- a/codefresh/templates/_helpers.tpl +++ b/codefresh/templates/_helpers.tpl @@ -66,8 +66,12 @@ Return runtime image (classic runtime) with private registry prefix Return Image Pull Secret */}} {{- define "codefresh.imagePullSecret" }} +{{- if index .Values ".dockerconfigjson" -}} +{{- printf "%s" (index .Values ".dockerconfigjson") }} +{{- else }} {{- printf "{\"auths\": {\"%s\": {\"auth\": \"%s\"}}}" .Values.imageCredentials.registry (printf "%s:%s" .Values.imageCredentials.username .Values.imageCredentials.password | b64enc) | b64enc }} {{- end }} +{{- end }} {{/* Return the secret containing TLS certificates for Ingress diff --git a/codefresh/templates/configmaps/runtimeEnvironments.json.tpl b/codefresh/templates/configmaps/runtimeEnvironments.json.tpl index 4a711ced7..cf88a3a7f 100644 --- a/codefresh/templates/configmaps/runtimeEnvironments.json.tpl +++ b/codefresh/templates/configmaps/runtimeEnvironments.json.tpl @@ -257,6 +257,16 @@ }, "isPublic": true, "nonComplete": false - } + }, + { + "metadata": { + "name": "system/linux_paying_plan", + "agent": false + }, + "description": "MAIN Linux runtime for paying customers", + "extends": [ + "system/default" + ] + } ] {{- end -}} diff --git a/codefresh/templates/gencerts/job-gencerts.yaml b/codefresh/templates/gencerts/job-gencerts.yaml index c8a68d25e..47a22c955 100644 --- a/codefresh/templates/gencerts/job-gencerts.yaml +++ b/codefresh/templates/gencerts/job-gencerts.yaml @@ -1,5 +1,14 @@ {{ $libTemplateName := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }} {{- if or .Values.global.certsJobs .Values.gencerts.enabled }} +{{- $tolerations := .Values.gencerts.tolerations | default list }} +{{- $globalTolerations := .Values.global.tolerations | default list }} +{{- $allToleration := concat $globalTolerations $tolerations }} +{{- $affinity := .Values.gencerts.affinity | default dict }} +{{- $globalAffinity := .Values.global.affinity | default dict }} +{{- $allAffinity := mergeOverwrite $globalAffinity $affinity }} +{{- $nodeSelector := .Values.gencerts.nodeSelector | default dict }} +{{- $globalNodeSelector := .Values.global.nodeSelector | default dict }} +{{- $allNodeSelector := mergeOverwrite $globalNodeSelector $nodeSelector }} apiVersion: batch/v1 kind: Job metadata: @@ -22,10 +31,7 @@ spec: {{- if .Values.gencerts.rbac.enabled }} serviceAccountName: {{ template "codefresh.fullname" . }}-gencerts {{- end }} - {{- if .Values.global.imageRegistry }} - imagePullSecrets: - - name: "{{ .Release.Name }}-{{ .Values.global.codefresh }}-registry" - {{- end }} + {{- include (printf "%s.image.pullSecrets" $libTemplateName ) . | nindent 6 }} containers: {{- if not .Values.global.clientCertsCA }} - name: {{ template "codefresh.fullname" . }}-runtime-certs @@ -49,15 +55,15 @@ spec: mountPath: "/opt/codefresh/gen-ingress-tls.sh" subPath: "gen-ingress-tls.sh" {{- end }} - {{- with .Values.gencerts.nodeSelector }} + {{- with $allNodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.gencerts.affinity }} + {{- with $allAffinity }} affinity: {{- toYaml . | nindent 8}} {{- end }} - {{- with .Values.gencerts.tolerations }} + {{- with $allToleration }} tolerations: {{- toYaml . | nindent 6 }} {{- end }} diff --git a/codefresh/templates/hooks/set-mongodb-compat-version.yaml b/codefresh/templates/hooks/set-mongodb-compat-version.yaml index 788eea98a..6dadaa7cf 100644 --- a/codefresh/templates/hooks/set-mongodb-compat-version.yaml +++ b/codefresh/templates/hooks/set-mongodb-compat-version.yaml @@ -1,6 +1,15 @@ {{ $libTemplateName := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }} {{- if .Values.mongodb.migration.enabled }} --- +{{- $tolerations := .Values.hooks.tolerations | default list }} +{{- $globalTolerations := .Values.global.tolerations | default list }} +{{- $allToleration := concat $globalTolerations $tolerations }} +{{- $affinity := .Values.hooks.affinity | default dict }} +{{- $globalAffinity := .Values.global.affinity | default dict }} +{{- $allAffinity := mergeOverwrite $globalAffinity $affinity }} +{{- $nodeSelector := .Values.hooks.nodeSelector | default dict }} +{{- $globalNodeSelector := .Values.global.nodeSelector | default dict }} +{{- $allNodeSelector := mergeOverwrite $globalNodeSelector $nodeSelector }} apiVersion: batch/v1 kind: Job metadata: @@ -54,15 +63,15 @@ spec: {{- toYaml .Values.hooks.resources | nindent 10 }} volumeMounts: {{- include (printf "%s.volumeMounts" $libTemplateName) (dict "Values" .Values.hooks.volumeMounts "context" $) | indent 10 }} - {{- with .Values.hooks.nodeSelector }} + {{- with $allNodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.hooks.affinity }} + {{- with $allAffinity }} affinity: {{- toYaml . | nindent 8}} {{- end }} - {{- with .Values.hooks.tolerations }} + {{- with $allToleration }} tolerations: {{- toYaml . | nindent 6 }} {{- end }} diff --git a/codefresh/templates/hooks/update-system-re.yaml b/codefresh/templates/hooks/update-system-re.yaml index 79d2c87b5..aa21dba21 100644 --- a/codefresh/templates/hooks/update-system-re.yaml +++ b/codefresh/templates/hooks/update-system-re.yaml @@ -1,5 +1,14 @@ {{ $libTemplateName := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }} --- +{{- $tolerations := .Values.hooks.tolerations | default list }} +{{- $globalTolerations := .Values.global.tolerations | default list }} +{{- $allToleration := concat $globalTolerations $tolerations }} +{{- $affinity := .Values.hooks.affinity | default dict }} +{{- $globalAffinity := .Values.global.affinity | default dict }} +{{- $allAffinity := mergeOverwrite $globalAffinity $affinity }} +{{- $nodeSelector := .Values.hooks.nodeSelector | default dict }} +{{- $globalNodeSelector := .Values.global.nodeSelector | default dict }} +{{- $allNodeSelector := mergeOverwrite $globalNodeSelector $nodeSelector }} apiVersion: batch/v1 kind: Job metadata: @@ -17,10 +26,7 @@ spec: labels: {{ include "codefresh.labels" . | nindent 8 }} spec: - {{- if .Values.global.imageRegistry }} - imagePullSecrets: - - name: "{{ .Release.Name }}-{{ .Values.global.codefresh }}-registry" - {{- end }} + {{- include (printf "%s.image.pullSecrets" $libTemplateName ) . | nindent 6 }} securityContext: {{- toYaml .Values.hooks.podSecurityContext | nindent 8 }} containers: @@ -77,15 +83,15 @@ spec: {{- toYaml .Values.hooks.resources | nindent 10 }} volumeMounts: {{- include (printf "%s.volumeMounts" $libTemplateName) (dict "Values" .Values.hooks.volumeMounts "context" $) | indent 10 }} - {{- with .Values.hooks.nodeSelector }} + {{- with $allNodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.hooks.affinity }} + {{- with $allAffinity }} affinity: {{- toYaml . | nindent 8}} {{- end }} - {{- with .Values.hooks.tolerations }} + {{- with $allToleration }} tolerations: {{- toYaml . | nindent 6 }} {{- end }} diff --git a/codefresh/templates/ingress.yaml b/codefresh/templates/ingress.yaml index 71630a71e..0c8c7feeb 100644 --- a/codefresh/templates/ingress.yaml +++ b/codefresh/templates/ingress.yaml @@ -21,11 +21,6 @@ spec: - {{ .Values.global.appUrl }} secretName: {{ include "codefresh.ingress.tlsSecretName" . }} {{- end }} - defaultBackend: - service: - name: {{ printf "%s-%s" .Release.Name (index .Subcharts "cfui" ).Chart.Name }} - port: - number: {{ (index .Subcharts "cfui" ).Values.service.main.ports.http.port }} rules: - host: {{ .Values.ingress.domain | default .Values.global.appUrl }} http: @@ -37,10 +32,15 @@ spec: pathType: ImplementationSpecific backend: service: + {{- $fullServiceName := (index $.Subcharts $serviceName).Values.fullnameOverride }} + {{- if $fullServiceName }} + name: {{ $fullServiceName }} + {{- else }} name: {{ printf "%s-%s" $.Release.Name (index $.Subcharts $serviceName ).Chart.Name }} + {{- end }} port: number: {{ (index $.Subcharts $serviceName ).Values.service.main.ports.http.port }} {{- end }} {{- end }} {{- end }} -{{- end}} \ No newline at end of file +{{- end}} diff --git a/codefresh/templates/internal-gateway.yaml b/codefresh/templates/internal-gateway.yaml index 3848f33ab..0a4773559 100644 --- a/codefresh/templates/internal-gateway.yaml +++ b/codefresh/templates/internal-gateway.yaml @@ -1,34 +1,46 @@ {{- if index .Values "internal-gateway" "enabled" -}} -{{ $cfApiEndpointsSvc := (index .Subcharts "cfapi" ).Chart.Name }} +{{ $cfApiEndpointsSvc := printf "%s-%s" .Release.Name (index .Subcharts "cfapi" ).Chart.Name }} {{ $cfApiEndpointsPort := (index .Subcharts "cfapi" ).Values.service.main.ports.http.port }} {{- if index .Values "cfapi-endpoints" "enabled" -}} - {{ $cfApiEndpointsSvc = (index .Subcharts "cfapi-endpoints" ).Chart.Name }} + {{ $cfApiEndpointsSvc = printf "%s-%s" .Release.Name (index .Subcharts "cfapi-endpoints" ).Chart.Name }} {{ $cfApiEndpointsPort = (index .Subcharts "cfapi-endpoints" ).Values.service.main.ports.http.port }} {{- end -}} {{- $internalGatewayContext := (index .Subcharts "internal-gateway") }} +{{ $fullnameCfApiEndpointsSvc := (index .Subcharts "cfapi").Values.fullnameOverride }} +{{- if $fullnameCfApiEndpointsSvc }} + {{- $cfApiEndpointsSvc = $fullnameCfApiEndpointsSvc }} +{{- end }} + +{{ $cfUiSvc := printf "%s-%s" .Release.Name (index .Subcharts "cfui" ).Chart.Name }} +{{- $fullnameCfUiSvc := (index .Subcharts "cfui").Values.fullnameOverride }} +{{- if $fullnameCfUiSvc }} + {{- $cfUiSvc = $fullnameCfUiSvc }} +{{- end }} {{- /* If onprem is installed with single-role cf-api mode */}} {{- if and (eq (toString .Values.global.cfapiService) "cfapi") (eq (toString .Values.global.cfapiEndpointsService) "cfapi" ) }} -{{- $_ := set (index $internalGatewayContext.Values.codefresh.serviceEndpoints "cfapi-auth") "svc" (printf "%s-%s.%s.svc.%s" .Release.Name $cfApiEndpointsSvc .Release.Namespace .Values.global.clusterDomain ) }} -{{- $_ := set (index $internalGatewayContext.Values.codefresh.serviceEndpoints "cfapi-endpoints") "svc" (printf "%s-%s.%s.svc.%s" .Release.Name $cfApiEndpointsSvc .Release.Namespace .Values.global.clusterDomain ) }} -{{- $_ := set (index $internalGatewayContext.Values.codefresh.serviceEndpoints "cfapi-environments") "svc" (printf "%s-%s.%s.svc.%s" .Release.Name $cfApiEndpointsSvc .Release.Namespace .Values.global.clusterDomain ) }} -{{- $_ := set (index $internalGatewayContext.Values.codefresh.serviceEndpoints "cfapi-downloadlogmanager") "svc" (printf "%s-%s.%s.svc.%s" .Release.Name $cfApiEndpointsSvc .Release.Namespace .Values.global.clusterDomain ) }} -{{- $_ := set (index $internalGatewayContext.Values.codefresh.serviceEndpoints "cfapi-gitops-resource-receiver") "svc" (printf "%s-%s.%s.svc.%s" .Release.Name $cfApiEndpointsSvc .Release.Namespace .Values.global.clusterDomain ) }} -{{- $_ := set (index $internalGatewayContext.Values.codefresh.serviceEndpoints "cfapi-test-reporting") "svc" (printf "%s-%s.%s.svc.%s" .Release.Name $cfApiEndpointsSvc .Release.Namespace .Values.global.clusterDomain ) }} -{{- $_ := set (index $internalGatewayContext.Values.codefresh.serviceEndpoints "cfapi-kubernetesresourcemonitor") "svc" (printf "%s-%s.%s.svc.%s" .Release.Name $cfApiEndpointsSvc .Release.Namespace .Values.global.clusterDomain ) }} -{{- $_ := set (index $internalGatewayContext.Values.codefresh.serviceEndpoints "cfapi-kubernetes-endpoints") "svc" (printf "%s-%s.%s.svc.%s" .Release.Name $cfApiEndpointsSvc .Release.Namespace .Values.global.clusterDomain ) }} -{{- $_ := set (index $internalGatewayContext.Values.codefresh.serviceEndpoints "cfapi-admin") "svc" (printf "%s-%s.%s.svc.%s" .Release.Name $cfApiEndpointsSvc .Release.Namespace .Values.global.clusterDomain ) }} -{{- $_ := set (index $internalGatewayContext.Values.codefresh.serviceEndpoints "cfapi-teams") "svc" (printf "%s-%s.%s.svc.%s" .Release.Name $cfApiEndpointsSvc .Release.Namespace .Values.global.clusterDomain ) }} -{{- $_ := set (index $internalGatewayContext.Values.codefresh.serviceEndpoints "cfapi-ws") "svc" (printf "%s-%s.%s.svc.%s" .Release.Name $cfApiEndpointsSvc .Release.Namespace .Values.global.clusterDomain ) }} +{{- $_ := set (index $internalGatewayContext.Values.codefresh.serviceEndpoints "cfapi-auth") "svc" (printf "%s.%s.svc.%s" $cfApiEndpointsSvc .Release.Namespace .Values.global.clusterDomain ) }} +{{- $_ := set (index $internalGatewayContext.Values.codefresh.serviceEndpoints "cfapi-endpoints") "svc" (printf "%s.%s.svc.%s" $cfApiEndpointsSvc .Release.Namespace .Values.global.clusterDomain ) }} +{{- $_ := set (index $internalGatewayContext.Values.codefresh.serviceEndpoints "cfapi-environments") "svc" (printf "%s.%s.svc.%s" $cfApiEndpointsSvc .Release.Namespace .Values.global.clusterDomain ) }} +{{- $_ := set (index $internalGatewayContext.Values.codefresh.serviceEndpoints "cfapi-downloadlogmanager") "svc" (printf "%s.%s.svc.%s" $cfApiEndpointsSvc .Release.Namespace .Values.global.clusterDomain ) }} +{{- $_ := set (index $internalGatewayContext.Values.codefresh.serviceEndpoints "cfapi-gitops-resource-receiver") "svc" (printf "%s.%s.svc.%s" $cfApiEndpointsSvc .Release.Namespace .Values.global.clusterDomain ) }} +{{- $_ := set (index $internalGatewayContext.Values.codefresh.serviceEndpoints "cfapi-test-reporting") "svc" (printf "%s.%s.svc.%s" $cfApiEndpointsSvc .Release.Namespace .Values.global.clusterDomain ) }} +{{- $_ := set (index $internalGatewayContext.Values.codefresh.serviceEndpoints "cfapi-kubernetesresourcemonitor") "svc" (printf "%s.%s.svc.%s" $cfApiEndpointsSvc .Release.Namespace .Values.global.clusterDomain ) }} +{{- $_ := set (index $internalGatewayContext.Values.codefresh.serviceEndpoints "cfapi-kubernetes-endpoints") "svc" (printf "%s.%s.svc.%s" $cfApiEndpointsSvc .Release.Namespace .Values.global.clusterDomain ) }} +{{- $_ := set (index $internalGatewayContext.Values.codefresh.serviceEndpoints "cfapi-admin") "svc" (printf "%s.%s.svc.%s" $cfApiEndpointsSvc .Release.Namespace .Values.global.clusterDomain ) }} +{{- $_ := set (index $internalGatewayContext.Values.codefresh.serviceEndpoints "cfapi-teams") "svc" (printf "%s.%s.svc.%s" $cfApiEndpointsSvc .Release.Namespace .Values.global.clusterDomain ) }} +{{- $_ := set (index $internalGatewayContext.Values.codefresh.serviceEndpoints "cfapi-ws") "svc" (printf "%s.%s.svc.%s" $cfApiEndpointsSvc .Release.Namespace .Values.global.clusterDomain ) }} {{- end }} +{{- $_ := set (index $internalGatewayContext.Values.codefresh.serviceEndpoints "cfui") "svc" (printf "%s.%s.svc.%s" $cfUiSvc .Release.Namespace .Values.global.clusterDomain ) }} + {{- include "internal-gateway.resources" $internalGatewayContext }} {{- end -}} diff --git a/codefresh/templates/seed/mongo-seed-config.yaml b/codefresh/templates/seed/mongo-seed-config.yaml index cbb57a6ec..40e261e09 100644 --- a/codefresh/templates/seed/mongo-seed-config.yaml +++ b/codefresh/templates/seed/mongo-seed-config.yaml @@ -8,105 +8,13 @@ metadata: {{ include "codefresh.labels" . | nindent 4 }} data: idps.json: | - { - "_id" : ObjectId("5b79a32e3b80d12608352f8e"), - "clientName" : "local", - "displayName" : "local", - "tokenSecret" : "q9MNUmE6assnoANmGZEjtrAa", - "clientType" : "localUserPassword", - "accounts" : [] - } +{{ .Files.Get "files/assets/idps.json" | indent 4 }} accounts.json: | - { - "_id" : ObjectId("59009117c102763beda7ce71"), - "badgeToken" : "eyJhbGciOiJIUzI1NiJ9.NTkwMDkxMTdjMTAyNzYzYmVkYTdjZTcx.B0HOUL6HlpTRNr_e95pVucSRMRzP2cobe5kIoMtrDSc", - "createdAt" : ISODate("2017-04-26T12:22:48.001+0000"), - "updatedAt" : ISODate("2017-04-26T12:27:13.720+0000"), - "name" : "admin-cf", - "runtimeEnvironment" : "codefresh", - "canUsePrivateRepos" : true, - "dedicatedInfrastructure" : false, - "cfcrRepositoryPath": "admin-cf", - "build" : { - "nodes" : NumberInt(0), - "parallel" : NumberInt(10), - "strategy" : "account" - }, - "integrations" : { - "stash" : { - "active" : false - }, - "registries" : [ - - ] - }, - "notifications" : [ - { - "type" : "pr", - "events" : [ - "build-success" - ] - } - ], - "repoPermission" : "public", - "environment" : NumberInt(1), - "admins" : [ - ObjectId("59009221c102763beda7cf04") - ], - "localUserPasswordIDPEnabled": true, -{{- if and (index .Values "seed-e2e" "enabled") }} - "features" : { - "analyticsClassicBuildsReports" : true, - "argoCdFlag" : true, - "commonDashboardProjectOne" : true, - "csdpDoraMetrics" : true, - "csdpIntegrations" : true, - "csdpJiraOauthIntegration" : true, - "environmentsV2Flag" : true, - "helm3NewUIFeature" : true, - "helmOptimizedQueue" : true, - "pipelineScopes" : true, - "pipelinesDashboardProjectOne" : true, - "showGitOpsHomeDashboardInTheProjectOneMenu" : true, - "csdpManagedArgo" : true - }, -{{- end }} - "__v" : NumberInt(0) - } +{{ .Files.Get "files/assets/accounts.json" | indent 4 }} users.json: | - { - "_id" : ObjectId("59009221c102763beda7cf04"), - "register_date" : ISODate("2017-04-26T12:27:13.608+0000"), - "userName" : "AdminCF", - "email" : "admin@codefresh.io", - "defaultAccount" : NumberInt(0), - "notifications" : [ - { - "type" : "mail", - "events" : [ - "build-success", - "build-failure" - ] - } - ], - "logins": [{ - "idp": ObjectId("5b79a32e3b80d12608352f8e") - }], - "status" : "new", - "account" : [ - ObjectId("59009117c102763beda7ce71") - ], - "roles" : [ - "User", - "Admin" - ], - "key" : { - "key" : "-----BEGIN RSA PRIVATE KEY-----\nMIIEowIBAAKCAQEAz6JQxcFORE6KwmBO1UnfpCph/PyARfm65eYXRuCOzdv5EIcz\n+4rRBwooH/SR8Wq49QRjq+Qm6ce2EBj2HD57t4rMj3W6X+5CwoFRXfF0tB4GqPSe\nDagbrNJbx93/dbEM+qEZNFk1MxtoJcBmj3jfrlGdTrarR3VOeBgKVLm/+Wz36pjM\nI4utzupHFAPquSIz0jis02/vccIZ8rAtyVdCd1q6Wz5DVu6iuGyMCYrpa9MFcupR\nc2eggyZ6PyNhmKuP7twr7y22elDQDkSo0G2yv4qbZnHEmShHhO/PKePMETUYMRvM\nzSS9qndT+Nax8vQvxeOCN3cEwm/Jy1oboYiwAwIDAQABAoIBAHyAJpC9nXGl6tws\npXiNKFWmuETbHwtWeDQcKL7uLZLQoOLBP3FIRphDBdZLbytkQ+1fKWjLkG3Du66h\nWQmMieB/kLNA83VMR6mboy+Cdej+zB2JODCWKaoSJMiOm/x1IoQyDwvtpdG0UFm6\nqYTEBNPgykOFkuRxOZEXUTKGgs9K7CFt1TbN8/bGCLgdq9plH2OvlOZkr4Cz0LpS\ns+Y/QJ/H4DDNZ6538NYLpq40Qi2NNq7iFJQ3iddEDi0i5O7pJK3Lziin/h3m99a+\nDbQET1bHm5Jh+Nrfxh1iwHaXdQLLoz5cex/ie5H6jtEMCSdcd53sPivSyHwMprEm\ng+0sNnECgYEA7q1eYNGJoA/UNXotVjPCaArf9/s1xiOTr5Fv1nWkH0jkmrj0WdjB\nsLQByC/wjSmZpfcKp38Z3JDFUimUEuCtZzgBCN6JB6VXe1t3L0wI1VTnxJwvsk8V\nQCB/gTugIDE1oE97kTvDuGl74XyY7uHyA1aYiXVnJ0bw8mcNCW2EzZkCgYEA3rQp\n3JjBGxBXaz7yCfhoQn5YZXw5yMBngyP8emu8u+7excZvCqIG+8NVh5KGFApOw9oe\n0aHUXGgfhSsl+xFA/m+E56mxm/J1PqRrWbnaEkLzPRSoFJBckjBm3ADHb6PuGbOL\nT72qxKPdZ1kdt0QfqIbZpR45COVk6KtmHMCO0/sCgYB6YaL2+fobfIJPOWptvPR9\n7LWSrdiQ1EUxzN0Plhqlf/bX7uY7+4y1Uldnkk1B1IbYNqfb4qwcEI9c5bzrQREo\nz+qX5aNVrE4DDo86TT5qRLLieUNrpmk7DG7UkQI1/4WDwb2WZpKgyFWg9QZl1q0F\nUS29rdlKpnF9maFxqBpkYQKBgBPU31VxlOCgF+jI9izFHiOttJl08oBaAd2/up/8\nMBZcMyJRhVnhC9Ynkto7xgzKzjDKn6vzSUHhU808BmnRI4SE0cT/a32DncUyRwz6\na9zscVSjHkSWhmfOP5qfxyK96loHjwRO04InRXQKj4beXiNXvtHhWxrbspy1hqZQ\nz2c5AoGBAO0tRNKfgoZH+sTiaphR550YFnIn8U9ROa1iQUvSiM0nHW6FraIR1sYB\nUTCtgOSJdffGMFrvH+PhShJPw7u3juZh9NBzrARjZPwBJyBaYDw3elVc3epZWoGC\n8EBEgdFVqFwPctkGvqyJ/5Zl3KnTioXxslHjP45H+Ne/nEWPejuP\n-----END RSA PRIVATE KEY-----\n", - "pubKey" : "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDPolDFwU5ETorCYE7VSd+kKmH8/IBF+brl5hdG4I7N2/kQhzP7itEHCigf9JHxarj1BGOr5Cbpx7YQGPYcPnu3isyPdbpf7kLCgVFd8XS0Hgao9J4NqBus0lvH3f91sQz6oRk0WTUzG2glwGaPeN+uUZ1OtqtHdU54GApUub/5bPfqmMwji63O6kcUA+q5IjPSOKzTb+9xwhnysC3JV0J3WrpbPkNW7qK4bIwJiulr0wVy6lFzZ6CDJno/I2GYq4/u3CvvLbZ6UNAORKjQbbK/iptmccSZKEeE788p48wRNRgxG8zNJL2qd1P41rHy9C/F44I3dwTCb8nLWhuhiLAD blabla\n" - }, - "__v" : NumberInt(1), - "last_login_date" : ISODate("2017-04-26T12:27:21.788+0000"), - "hashedPassword" : "jRFgMK8CYVXa4FRBVsZQyWHdw/ErWSJzO/WKqdGcLpmeOZw8e6X5TvkYIkc617LU76RCB9B1jPNsbNVaTQGt4g==", - "salt" : "GswhajDWen9vNW+fZ+xVbA==" - } -{{- end }} \ No newline at end of file +{{ .Files.Get "files/assets/users.json" | indent 4 }} + packs.json: | +{{ .Files.Get "files/assets/packs.json" | indent 4 }} + accounts-dev.json: | +{{ .Files.Get "files/assets/accounts-dev.json" | indent 4 }} +{{- end }} diff --git a/codefresh/templates/seed/mongo-seed-job.yaml b/codefresh/templates/seed/mongo-seed-job.yaml index 85a8c3eca..a97706859 100644 --- a/codefresh/templates/seed/mongo-seed-job.yaml +++ b/codefresh/templates/seed/mongo-seed-job.yaml @@ -2,6 +2,15 @@ {{ $context := deepCopy .Values.seed }} --- {{- if and .Values.seed.enabled (or .Values.global.seedJobs .Values.seed.mongoSeedJob.enabled) }} +{{- $tolerations := .Values.seed.tolerations | default list }} +{{- $globalTolerations := .Values.global.tolerations | default list }} +{{- $allToleration := concat $globalTolerations $tolerations }} +{{- $affinity := .Values.seed.affinity | default dict }} +{{- $globalAffinity := .Values.global.affinity | default dict }} +{{- $allAffinity := mergeOverwrite $globalAffinity $affinity }} +{{- $nodeSelector := .Values.seed.nodeSelector | default dict }} +{{- $globalNodeSelector := .Values.global.nodeSelector | default dict }} +{{- $allNodeSelector := mergeOverwrite $globalNodeSelector $nodeSelector }} apiVersion: batch/v1 kind: Job metadata: @@ -21,10 +30,7 @@ spec: labels: {{ include "codefresh.labels" . | nindent 8 }} spec: - {{- if .Values.global.imageRegistry }} - imagePullSecrets: - - name: "{{ .Release.Name }}-{{ .Values.global.codefresh }}-registry" - {{- end }} + {{- include (printf "%s.image.pullSecrets" $libTemplateName ) . | nindent 6 }} securityContext: {{- toYaml .Values.seed.podSecurityContext | nindent 8 }} containers: @@ -46,6 +52,8 @@ spec: {{- include "codefresh.mongodb-root-user-env-var-value" . | indent 12 }} - name: MONGODB_ROOT_PASSWORD {{- include "codefresh.mongodb-root-password-env-var-value" . | indent 12 }} + - name: DEVELOPMENT_CHART + value: {{ .Values.developmentChart | quote }} command: - "/bin/bash" - "-exc" @@ -63,16 +71,22 @@ spec: - name: seed-data mountPath: "/usr/share/extras/idps.json" subPath: "idps.json" + - name: seed-data + mountPath: "/usr/share/extras/packs.json" + subPath: "packs.json" + - name: seed-data + mountPath: "/usr/share/extras/accounts-dev.json" + subPath: "accounts-dev.json" {{- include (printf "%s.volumeMounts" $libTemplateName) ( dict "Values" .Values.seed.volumeMounts "context" $ ) | nindent 8 }} - {{- with .Values.seed.nodeSelector }} + {{- with $allNodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.seed.affinity }} + {{- with $allAffinity }} affinity: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.seed.tolerations }} + {{- with $allToleration }} tolerations: {{- toYaml . | nindent 6 }} {{- end }} diff --git a/codefresh/templates/seed/postgres-seed-job.yaml b/codefresh/templates/seed/postgres-seed-job.yaml index 5a18b31e9..6ff5366b1 100644 --- a/codefresh/templates/seed/postgres-seed-job.yaml +++ b/codefresh/templates/seed/postgres-seed-job.yaml @@ -1,6 +1,15 @@ {{ $libTemplateName := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }} {{- if and .Values.seed.enabled (or .Values.global.seedJobs .Values.seed.postgresSeedJob.enabled) }} --- +{{- $tolerations := .Values.seed.tolerations | default list }} +{{- $globalTolerations := .Values.global.tolerations | default list }} +{{- $allToleration := concat $globalTolerations $tolerations }} +{{- $affinity := .Values.seed.affinity | default dict }} +{{- $globalAffinity := .Values.global.affinity | default dict }} +{{- $allAffinity := mergeOverwrite $globalAffinity $affinity }} +{{- $nodeSelector := .Values.seed.nodeSelector | default dict }} +{{- $globalNodeSelector := .Values.global.nodeSelector | default dict }} +{{- $allNodeSelector := mergeOverwrite $globalNodeSelector $nodeSelector }} apiVersion: batch/v1 kind: Job metadata: @@ -20,10 +29,7 @@ spec: labels: {{ include "codefresh.labels" . | nindent 8 }} spec: - {{- if .Values.global.imageRegistry }} - imagePullSecrets: - - name: "{{ .Release.Name }}-{{ .Values.global.codefresh }}-registry" - {{- end }} + {{- include (printf "%s.image.pullSecrets" $libTemplateName ) . | nindent 6 }} securityContext: {{- toYaml .Values.seed.podSecurityContext | nindent 8 }} containers: @@ -50,15 +56,15 @@ spec: - "-exc" - | {{ .Files.Get "files/postgresSeedJobScript.sh" | nindent 12 }} - {{- with .Values.seed.nodeSelector }} + {{- with $allNodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.seed.affinity }} + {{- with $allAffinity }} affinity: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.seed.tolerations }} + {{- with $allToleration }} tolerations: {{- toYaml . | nindent 6 }} {{- end }} diff --git a/codefresh/tests/misc/global_constrains_test.yaml b/codefresh/tests/misc/global_constrains_test.yaml index 55fdc75a3..6127f95f8 100644 --- a/codefresh/tests/misc/global_constrains_test.yaml +++ b/codefresh/tests/misc/global_constrains_test.yaml @@ -3,6 +3,10 @@ suite: Should test global tolerations/nodeSelector/affinity/imagePullSecret templates: - charts/**/*.yaml - internal-gateway.yaml + - seed/mongo-seed-job.yaml + - seed/postgres-seed-job.yaml + - gencerts/job-gencerts.yaml + - hooks/update-system-re.yaml tests: - it: argo-platform-abac should have global tolerations/nodeSelector/affinity/imagePullSecret values: @@ -1063,3 +1067,131 @@ tests: operator: "In" values: - "value" + + - it: mongo-seed-job should have global tolerations/nodeSelector/affinity/imagePullSecret + values: + - ../values/global.yaml + template: seed/mongo-seed-job.yaml + asserts: + - contains: + path: spec.template.spec.imagePullSecrets + content: + name: my-secret + - contains: + path: spec.template.spec.tolerations + content: + key: "key" + operator: "Equal" + value: "value" + effect: "NoSchedule" + - equal: + path: spec.template.spec.nodeSelector + value: + key: "value" + - equal: + path: spec.template.spec.affinity + value: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: "key" + operator: "In" + values: + - "value" + + - it: postgres-seed-job should have global tolerations/nodeSelector/affinity/imagePullSecret + values: + - ../values/global.yaml + template: seed/postgres-seed-job.yaml + asserts: + - contains: + path: spec.template.spec.imagePullSecrets + content: + name: my-secret + - contains: + path: spec.template.spec.tolerations + content: + key: "key" + operator: "Equal" + value: "value" + effect: "NoSchedule" + - equal: + path: spec.template.spec.nodeSelector + value: + key: "value" + - equal: + path: spec.template.spec.affinity + value: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: "key" + operator: "In" + values: + - "value" + + - it: job-gencerts should have global tolerations/nodeSelector/affinity/imagePullSecret + values: + - ../values/global.yaml + template: gencerts/job-gencerts.yaml + asserts: + - contains: + path: spec.template.spec.imagePullSecrets + content: + name: my-secret + - contains: + path: spec.template.spec.tolerations + content: + key: "key" + operator: "Equal" + value: "value" + effect: "NoSchedule" + - equal: + path: spec.template.spec.nodeSelector + value: + key: "value" + - equal: + path: spec.template.spec.affinity + value: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: "key" + operator: "In" + values: + - "value" + + - it: update-system-re job should have global tolerations/nodeSelector/affinity/imagePullSecret + values: + - ../values/global.yaml + template: hooks/update-system-re.yaml + asserts: + - contains: + path: spec.template.spec.imagePullSecrets + content: + name: my-secret + - contains: + path: spec.template.spec.tolerations + content: + key: "key" + operator: "Equal" + value: "value" + effect: "NoSchedule" + - equal: + path: spec.template.spec.nodeSelector + value: + key: "value" + - equal: + path: spec.template.spec.affinity + value: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: "key" + operator: "In" + values: + - "value" diff --git a/codefresh/values.yaml b/codefresh/values.yaml index ad2c63698..6835b4177 100644 --- a/codefresh/values.yaml +++ b/codefresh/values.yaml @@ -474,11 +474,11 @@ runtimeImages: COMPOSE_IMAGE: quay.io/codefresh/compose:v2.32.2-1.5.2 CONTAINER_LOGGER_IMAGE: quay.io/codefresh/cf-container-logger:1.12.2 DIND_IMAGE: quay.io/codefresh/dind:26.1.4-1.28.8 - DOCKER_BUILDER_IMAGE: quay.io/codefresh/cf-docker-builder:1.4.2 + DOCKER_BUILDER_IMAGE: quay.io/codefresh/cf-docker-builder:1.4.3 DOCKER_PULLER_IMAGE: quay.io/codefresh/cf-docker-puller:8.0.18 DOCKER_PUSHER_IMAGE: quay.io/codefresh/cf-docker-pusher:6.0.16 DOCKER_TAG_PUSHER_IMAGE: quay.io/codefresh/cf-docker-tag-pusher:1.3.15 - ENGINE_IMAGE: quay.io/codefresh/engine:1.177.4 + ENGINE_IMAGE: quay.io/codefresh/engine:1.177.5 FS_OPS_IMAGE: quay.io/codefresh/fs-ops:1.2.8 GIT_CLONE_IMAGE: quay.io/codefresh/cf-git-cloner:10.2.0 KUBE_DEPLOY: quay.io/codefresh/cf-deploy-kubernetes:16.2.6 @@ -1070,7 +1070,7 @@ mongodb: memory: 256Mi migration: enabled: false - featureCompatibilityVersion: "5.0" + featureCompatibilityVersion: "6.0" # -- nats # @default -- See below @@ -1906,3 +1906,20 @@ seed-e2e: ci: enabled: false + +developmentChart: false + +mailer: + enabled: false + +payments: + enabled: false + +segment-reporter: + enabled: false + +salesforce-reporter: + enabled: false + +onboarding-status: + enabled: false From 40596aae22a060993b97214ab8f593d9b08da55f Mon Sep 17 00:00:00 2001 From: mikhail-klimko Date: Tue, 25 Mar 2025 14:17:23 +0300 Subject: [PATCH 03/66] onprem: 2.7.2 (#32) --- codefresh/.ci/values/external-secrets.yaml | 4 +++- codefresh/Chart.lock | 10 +++++----- codefresh/Chart.yaml | 14 +++----------- codefresh/README.md | 2 +- codefresh/files/mongoSeedJobScript.sh | 1 - 5 files changed, 12 insertions(+), 19 deletions(-) diff --git a/codefresh/.ci/values/external-secrets.yaml b/codefresh/.ci/values/external-secrets.yaml index 75dc72763..e146a6d1d 100644 --- a/codefresh/.ci/values/external-secrets.yaml +++ b/codefresh/.ci/values/external-secrets.yaml @@ -24,7 +24,7 @@ secrets: stringData: rabbitmq-hostname: my-rabbitmq:5672 rabbitmq-password: cVz9ZdJKYm7u - rabbitmq-username: user + rabbitmq-username: myuser ext-firebase: enabled: true stringData: @@ -99,3 +99,5 @@ global: rabbitmq: fullnameOverride: my-rabbitmq + auth: + username: myuser diff --git a/codefresh/Chart.lock b/codefresh/Chart.lock index 9f26a0c04..02057dc38 100644 --- a/codefresh/Chart.lock +++ b/codefresh/Chart.lock @@ -142,13 +142,13 @@ dependencies: version: 0.8.10 - name: cf-platform-analytics repository: oci://quay.io/codefresh/charts - version: 0.49.78 + version: 0.49.79 - name: cf-platform-analytics repository: oci://quay.io/codefresh/charts - version: 0.49.78 + version: 0.49.79 - name: argo-platform repository: oci://quay.io/codefresh/charts - version: 1.3344.0-onprem-b84a89b + version: 1.3344.0-onprem-5c8af92 - name: argo-hub-platform repository: oci://quay.io/codefresh/charts version: 0.1.22 @@ -170,5 +170,5 @@ dependencies: - name: onboarding-status repository: oci://quay.io/codefresh/charts version: 1.8.8 -digest: sha256:b8ea966f7f7cec4c6d6e73e24f5ad0227950009e2d7136e8766c080f9c579b78 -generated: "2025-03-20T14:19:34.976455+03:00" +digest: sha256:90d46a6e96b2979af6f6a7b02d8702d954bf0f1aacb5a1e0d4b2a86cdaf1c1b0 +generated: "2025-03-25T13:27:58.231388+03:00" diff --git a/codefresh/Chart.yaml b/codefresh/Chart.yaml index a34fdf89b..39ad73b35 100644 --- a/codefresh/Chart.yaml +++ b/codefresh/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 description: Helm Chart for Codefresh On-Prem name: codefresh -version: 2.7.1 +version: 2.7.2 keywords: - codefresh home: https://codefresh.io/ @@ -18,16 +18,8 @@ annotations: # artifacthub.io/containsSecurityUpdates: "true" # supported kinds are added, changed, deprecated, removed, fixed and security. artifacthub.io/changes: | - - kind: added - description: "Added subcharts for development environment" - - kind: changed - description: "Disable abacAndRules feature-flag" - kind: fixed - description: "Add checkmark on LDAP SSO configuration to allow deleting users" - - kind: fixed - description: "Fix global constrains tolerations/nodeSelector/affinity/imagePullSecret for hooks and seed jobs" - - kind: changed - description: "Bump MongoDB featureCompatibilityVersion to 6.0" + description: "Fix RABBITMQ_USER env var in argo-platform" dependencies: - name: cf-common repository: oci://quay.io/codefresh/charts @@ -245,7 +237,7 @@ dependencies: repository: oci://quay.io/codefresh/charts condition: argo-platform.enabled - name: argo-platform - version: "1.3344.0-onprem-b84a89b" + version: "1.3344.0-onprem-5c8af92" repository: oci://quay.io/codefresh/charts condition: argo-platform.enabled - name: argo-hub-platform diff --git a/codefresh/README.md b/codefresh/README.md index 97548732b..8f88e8a7a 100644 --- a/codefresh/README.md +++ b/codefresh/README.md @@ -1,6 +1,6 @@ ## Codefresh On-Premises -![Version: 2.7.1](https://img.shields.io/badge/Version-2.7.1-informational?style=flat-square) ![AppVersion: 2.7.0](https://img.shields.io/badge/AppVersion-2.7.0-informational?style=flat-square) +![Version: 2.7.2](https://img.shields.io/badge/Version-2.7.2-informational?style=flat-square) ![AppVersion: 2.7.0](https://img.shields.io/badge/AppVersion-2.7.0-informational?style=flat-square) Helm chart for deploying [Codefresh On-Premises](https://codefresh.io/docs/docs/getting-started/intro-to-codefresh/) to Kubernetes. diff --git a/codefresh/files/mongoSeedJobScript.sh b/codefresh/files/mongoSeedJobScript.sh index e40eefad7..53947038f 100644 --- a/codefresh/files/mongoSeedJobScript.sh +++ b/codefresh/files/mongoSeedJobScript.sh @@ -100,7 +100,6 @@ mongosh ${MONGODB_ROOT_URI} --eval "db.getSiblingDB(\"codefresh\").grantRolesToU mongosh ${MONGODB_ROOT_URI} --eval "db.getSiblingDB(\"codefresh\").changeUserPassword(\"${MONGODB_USER}\",\"${MONGODB_PASSWORD}\")" 2>&1 || true if [[ $DEVELOPMENT_CHART == "true" ]]; then - mongoimport --uri ${MONGO_URI} --collection accounts --type json --legacy --file ${ASSETS_PATH}accounts-dev.json setSystemAdmin setPacks fi From e1f0d1a5a7b9696f158f7414f555f09bb942b569 Mon Sep 17 00:00:00 2001 From: mikhail-klimko Date: Tue, 25 Mar 2025 17:11:50 +0300 Subject: [PATCH 04/66] onprem: 2.7.3 (#33) --- codefresh/Chart.lock | 10 +++++----- codefresh/Chart.yaml | 9 ++++++--- codefresh/README.md | 2 +- 3 files changed, 12 insertions(+), 9 deletions(-) diff --git a/codefresh/Chart.lock b/codefresh/Chart.lock index 02057dc38..78a0959c8 100644 --- a/codefresh/Chart.lock +++ b/codefresh/Chart.lock @@ -127,7 +127,7 @@ dependencies: version: 3.39.3 - name: cf-broadcaster repository: oci://quay.io/codefresh/charts - version: 1.12.21 + version: 1.12.22 - name: helm-repo-manager repository: oci://quay.io/codefresh/charts version: 0.20.2 @@ -142,10 +142,10 @@ dependencies: version: 0.8.10 - name: cf-platform-analytics repository: oci://quay.io/codefresh/charts - version: 0.49.79 + version: 0.49.80 - name: cf-platform-analytics repository: oci://quay.io/codefresh/charts - version: 0.49.79 + version: 0.49.80 - name: argo-platform repository: oci://quay.io/codefresh/charts version: 1.3344.0-onprem-5c8af92 @@ -170,5 +170,5 @@ dependencies: - name: onboarding-status repository: oci://quay.io/codefresh/charts version: 1.8.8 -digest: sha256:90d46a6e96b2979af6f6a7b02d8702d954bf0f1aacb5a1e0d4b2a86cdaf1c1b0 -generated: "2025-03-25T13:27:58.231388+03:00" +digest: sha256:c3bcab5928da688346f58ad2e73f9e7fb22e9c48e83f8a585d05376953376943 +generated: "2025-03-25T16:14:59.451476+03:00" diff --git a/codefresh/Chart.yaml b/codefresh/Chart.yaml index 39ad73b35..c00155686 100644 --- a/codefresh/Chart.yaml +++ b/codefresh/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 description: Helm Chart for Codefresh On-Prem name: codefresh -version: 2.7.2 +version: 2.7.3 keywords: - codefresh home: https://codefresh.io/ @@ -18,8 +18,11 @@ annotations: # artifacthub.io/containsSecurityUpdates: "true" # supported kinds are added, changed, deprecated, removed, fixed and security. artifacthub.io/changes: | - - kind: fixed - description: "Fix RABBITMQ_USER env var in argo-platform" + - kind: changed + description: "Add procps to cf-system-etl-postgres" + links: + - name: JIRA Issue + url: https://codefresh-io.atlassian.net/browse/CR-27956 dependencies: - name: cf-common repository: oci://quay.io/codefresh/charts diff --git a/codefresh/README.md b/codefresh/README.md index 8f88e8a7a..4aa54ac9d 100644 --- a/codefresh/README.md +++ b/codefresh/README.md @@ -1,6 +1,6 @@ ## Codefresh On-Premises -![Version: 2.7.2](https://img.shields.io/badge/Version-2.7.2-informational?style=flat-square) ![AppVersion: 2.7.0](https://img.shields.io/badge/AppVersion-2.7.0-informational?style=flat-square) +![Version: 2.7.3](https://img.shields.io/badge/Version-2.7.3-informational?style=flat-square) ![AppVersion: 2.7.0](https://img.shields.io/badge/AppVersion-2.7.0-informational?style=flat-square) Helm chart for deploying [Codefresh On-Premises](https://codefresh.io/docs/docs/getting-started/intro-to-codefresh/) to Kubernetes. From f421fc7d76670caf5fc189facad5f1a317517ccc Mon Sep 17 00:00:00 2001 From: mikhail-klimko Date: Wed, 26 Mar 2025 12:36:12 +0300 Subject: [PATCH 05/66] onprem: 2.7.4 (#35) --- codefresh/.ci/values/defaults-hpa.yaml | 3 ++ codefresh/.ci/values/external-secrets.yaml | 15 ++++++-- codefresh/Chart.lock | 42 +++++++++++----------- codefresh/Chart.yaml | 9 ++--- codefresh/README.md | 2 +- codefresh/templates/seed-e2e/seed-e2e.yaml | 17 ++++++--- 6 files changed, 53 insertions(+), 35 deletions(-) diff --git a/codefresh/.ci/values/defaults-hpa.yaml b/codefresh/.ci/values/defaults-hpa.yaml index 8b80bdcb4..2b5a4bc0f 100644 --- a/codefresh/.ci/values/defaults-hpa.yaml +++ b/codefresh/.ci/values/defaults-hpa.yaml @@ -3,6 +3,9 @@ seed-e2e: global: appUrl: "" # placeholder + imagePullSecrets: + - codefresh-registry + - dockerhub-creds cfapi: rbac: diff --git a/codefresh/.ci/values/external-secrets.yaml b/codefresh/.ci/values/external-secrets.yaml index e146a6d1d..356912d99 100644 --- a/codefresh/.ci/values/external-secrets.yaml +++ b/codefresh/.ci/values/external-secrets.yaml @@ -3,7 +3,7 @@ secrets: ext-mongo: enabled: true stringData: - mongodb-host: cf-mongodb:27017 + mongodb-host: my-mongodb:27017 mongodb-password: mTiXcU2wafr9 mongodb-user: cfuser mongodb-root-user: root @@ -11,13 +11,13 @@ secrets: ext-postgres: enabled: true stringData: - postgres-hostname: cf-postgresql + postgres-hostname: my-postgresql postgres-password: eC9arYka4ZbH postgres-user: postgres ext-redis: enabled: true stringData: - redis-url: cf-redis-master + redis-url: my-redis-master redis-password: hoC9szf7NtrU ext-rabbitmq: enabled: true @@ -101,3 +101,12 @@ rabbitmq: fullnameOverride: my-rabbitmq auth: username: myuser + +redis: + fullnameOverride: my-redis + +postgresql: + fullnameOverride: my-postgresql + +mongodb: + fullnameOverride: my-mongodb diff --git a/codefresh/Chart.lock b/codefresh/Chart.lock index 78a0959c8..9d32339f0 100644 --- a/codefresh/Chart.lock +++ b/codefresh/Chart.lock @@ -52,7 +52,7 @@ dependencies: version: 1.8.8 - name: tasker-kubernetes repository: oci://quay.io/codefresh/charts - version: 1.26.17 + version: 1.26.18 - name: context-manager repository: oci://quay.io/codefresh/charts version: 2.33.6 @@ -64,58 +64,58 @@ dependencies: version: 1.14.20 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.10 + version: 21.274.11 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.10 + version: 21.274.11 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.10 + version: 21.274.11 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.10 + version: 21.274.11 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.10 + version: 21.274.11 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.10 + version: 21.274.11 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.10 + version: 21.274.11 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.10 + version: 21.274.11 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.10 + version: 21.274.11 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.10 + version: 21.274.11 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.10 + version: 21.274.11 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.10 + version: 21.274.11 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.10 + version: 21.274.11 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.10 + version: 21.274.11 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.10 + version: 21.274.11 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.10 + version: 21.274.11 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.10 + version: 21.274.11 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.10 + version: 21.274.11 - name: cfui repository: oci://quay.io/codefresh/charts version: 14.97.50 @@ -170,5 +170,5 @@ dependencies: - name: onboarding-status repository: oci://quay.io/codefresh/charts version: 1.8.8 -digest: sha256:c3bcab5928da688346f58ad2e73f9e7fb22e9c48e83f8a585d05376953376943 -generated: "2025-03-25T16:14:59.451476+03:00" +digest: sha256:1a674a100aee5e84b21984cd9586ffe3ca48dc6951fed91023cf93bf58c67111 +generated: "2025-03-26T11:42:09.123651+03:00" diff --git a/codefresh/Chart.yaml b/codefresh/Chart.yaml index c00155686..4b1515006 100644 --- a/codefresh/Chart.yaml +++ b/codefresh/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 description: Helm Chart for Codefresh On-Prem name: codefresh -version: 2.7.3 +version: 2.7.4 keywords: - codefresh home: https://codefresh.io/ @@ -18,11 +18,8 @@ annotations: # artifacthub.io/containsSecurityUpdates: "true" # supported kinds are added, changed, deprecated, removed, fixed and security. artifacthub.io/changes: | - - kind: changed - description: "Add procps to cf-system-etl-postgres" - links: - - name: JIRA Issue - url: https://codefresh-io.atlassian.net/browse/CR-27956 + - kind: fixed + description: "REDIS_FEATURE_* env vars in cf-api" dependencies: - name: cf-common repository: oci://quay.io/codefresh/charts diff --git a/codefresh/README.md b/codefresh/README.md index 4aa54ac9d..c942f2ae6 100644 --- a/codefresh/README.md +++ b/codefresh/README.md @@ -1,6 +1,6 @@ ## Codefresh On-Premises -![Version: 2.7.3](https://img.shields.io/badge/Version-2.7.3-informational?style=flat-square) ![AppVersion: 2.7.0](https://img.shields.io/badge/AppVersion-2.7.0-informational?style=flat-square) +![Version: 2.7.4](https://img.shields.io/badge/Version-2.7.4-informational?style=flat-square) ![AppVersion: 2.7.0](https://img.shields.io/badge/AppVersion-2.7.0-informational?style=flat-square) Helm chart for deploying [Codefresh On-Premises](https://codefresh.io/docs/docs/getting-started/intro-to-codefresh/) to Kubernetes. diff --git a/codefresh/templates/seed-e2e/seed-e2e.yaml b/codefresh/templates/seed-e2e/seed-e2e.yaml index 5e8932c6e..18a5e0c22 100644 --- a/codefresh/templates/seed-e2e/seed-e2e.yaml +++ b/codefresh/templates/seed-e2e/seed-e2e.yaml @@ -25,10 +25,7 @@ spec: labels: {{ include "codefresh.labels" . | nindent 8 }} spec: - {{- if .Values.global.imageRegistry }} - imagePullSecrets: - - name: "{{ .Release.Name }}-{{ .Values.global.codefresh }}-registry" - {{- end }} + {{- include (printf "%s.image.pullSecrets" $libTemplateName ) . | nindent 6 }} securityContext: {{- toYaml $context.podSecurityContext | nindent 8 }} containers: @@ -38,6 +35,18 @@ spec: - secretRef: name: {{ include "codefresh.fullname" . }} env: + - name: MONGODB_HOST + {{- include "codefresh.mongodb-host-env-var-value" . | indent 10 }} + - name: MONGODB_USER + {{- include "codefresh.mongodb-user-env-var-value" . | indent 10 }} + - name: MONGODB_PASSWORD + {{- include "codefresh.mongodb-password-env-var-value" . | indent 10 }} + - name: MONGO_URI + {{- include "codefresh.mongo-seed-uri-env-var-value" . | indent 10 }} + - name: MONGODB_ROOT_USER + {{- include "codefresh.mongodb-root-user-env-var-value" . | indent 10 }} + - name: MONGODB_ROOT_PASSWORD + {{- include "codefresh.mongodb-root-password-env-var-value" . | indent 10 }} - name: MONGO_URI value: $(MONGODB_PROTOCOL)://$(MONGODB_USER):$(MONGODB_PASSWORD)@$(MONGODB_HOST)/$(MONGODB_DATABASE)?$(MONGODB_OPTIONS) command: From c53f20fdd0b38acb8ad9df7aaa23f483b39f62ea Mon Sep 17 00:00:00 2001 From: mikhail-klimko Date: Wed, 26 Mar 2025 14:15:24 +0300 Subject: [PATCH 06/66] onprem: 2.7.5 (#36) --- codefresh/Chart.lock | 6 +++--- codefresh/Chart.yaml | 8 ++++---- codefresh/README.md | 4 ++-- codefresh/values.yaml | 7 +++---- 4 files changed, 12 insertions(+), 13 deletions(-) diff --git a/codefresh/Chart.lock b/codefresh/Chart.lock index 9d32339f0..ceef2b909 100644 --- a/codefresh/Chart.lock +++ b/codefresh/Chart.lock @@ -37,7 +37,7 @@ dependencies: version: 1.4.0 - name: ingress-nginx repository: https://kubernetes.github.io/ingress-nginx - version: 4.11.2 + version: 4.12.1 - name: cluster-providers repository: oci://quay.io/codefresh/charts version: 1.17.15 @@ -170,5 +170,5 @@ dependencies: - name: onboarding-status repository: oci://quay.io/codefresh/charts version: 1.8.8 -digest: sha256:1a674a100aee5e84b21984cd9586ffe3ca48dc6951fed91023cf93bf58c67111 -generated: "2025-03-26T11:42:09.123651+03:00" +digest: sha256:bdf0f27e7c70cc8fcd0c09ab72616db6f0429f171941f75e5edb554d542979a6 +generated: "2025-03-26T12:45:57.737771+03:00" diff --git a/codefresh/Chart.yaml b/codefresh/Chart.yaml index 4b1515006..c3eef6171 100644 --- a/codefresh/Chart.yaml +++ b/codefresh/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 description: Helm Chart for Codefresh On-Prem name: codefresh -version: 2.7.4 +version: 2.7.5 keywords: - codefresh home: https://codefresh.io/ @@ -18,8 +18,8 @@ annotations: # artifacthub.io/containsSecurityUpdates: "true" # supported kinds are added, changed, deprecated, removed, fixed and security. artifacthub.io/changes: | - - kind: fixed - description: "REDIS_FEATURE_* env vars in cf-api" + - kind: security + description: "Upgrade ingress-nginx controller" dependencies: - name: cf-common repository: oci://quay.io/codefresh/charts @@ -69,7 +69,7 @@ dependencies: condition: runner.enabled version: 1.4.0 - name: ingress-nginx - version: 4.11.2 + version: 4.12.1 repository: https://kubernetes.github.io/ingress-nginx condition: ingress-nginx.enabled - name: cluster-providers diff --git a/codefresh/README.md b/codefresh/README.md index c942f2ae6..18497cea0 100644 --- a/codefresh/README.md +++ b/codefresh/README.md @@ -1,6 +1,6 @@ ## Codefresh On-Premises -![Version: 2.7.4](https://img.shields.io/badge/Version-2.7.4-informational?style=flat-square) ![AppVersion: 2.7.0](https://img.shields.io/badge/AppVersion-2.7.0-informational?style=flat-square) +![Version: 2.7.5](https://img.shields.io/badge/Version-2.7.5-informational?style=flat-square) ![AppVersion: 2.7.0](https://img.shields.io/badge/AppVersion-2.7.0-informational?style=flat-square) Helm chart for deploying [Codefresh On-Premises](https://codefresh.io/docs/docs/getting-started/intro-to-codefresh/) to Kubernetes. @@ -2290,7 +2290,7 @@ After platform upgrade, Consul fails with the error `refusing to rejoin cluster | hermes | object | See below | hermes | | hooks | object | See below | Pre/post-upgrade Job hooks. Updates images in `system/default` runtime. | | imageCredentials | object | `{}` | Credentials for Image Pull Secret object | -| ingress | object | `{"annotations":{"nginx.ingress.kubernetes.io/configuration-snippet":"more_set_headers \"X-Request-ID: $request_id\";\nproxy_set_header X-Request-ID $request_id;\n","nginx.ingress.kubernetes.io/service-upstream":"true","nginx.ingress.kubernetes.io/ssl-redirect":"false","nginx.org/redirect-to-https":"false"},"enabled":true,"ingressClassName":"nginx-codefresh","nameOverride":"","services":{"internal-gateway":["/"]},"tls":{"cert":"","enabled":false,"existingSecret":"","key":"","secretName":"star.codefresh.io"}}` | Ingress | +| ingress | object | `{"annotations":{"nginx.ingress.kubernetes.io/service-upstream":"true","nginx.ingress.kubernetes.io/ssl-redirect":"false","nginx.org/redirect-to-https":"false"},"enabled":true,"ingressClassName":"nginx-codefresh","nameOverride":"","services":{"internal-gateway":["/"]},"tls":{"cert":"","enabled":false,"existingSecret":"","key":"","secretName":"star.codefresh.io"}}` | Ingress | | ingress-nginx | object | See below | ingress-nginx Ref: https://github.com/kubernetes/ingress-nginx/blob/main/charts/ingress-nginx/values.yaml | | ingress.annotations | object | See below | Set annotations for ingress. | | ingress.enabled | bool | `true` | Enable the Ingress | diff --git a/codefresh/values.yaml b/codefresh/values.yaml index 6835b4177..daae2861d 100644 --- a/codefresh/values.yaml +++ b/codefresh/values.yaml @@ -122,9 +122,6 @@ ingress: nginx.ingress.kubernetes.io/service-upstream: "true" nginx.ingress.kubernetes.io/ssl-redirect: "false" nginx.org/redirect-to-https: "false" - nginx.ingress.kubernetes.io/configuration-snippet: | - more_set_headers "X-Request-ID: $request_id"; - proxy_set_header X-Request-ID $request_id; # -- Global parameters # @default -- See below @@ -986,7 +983,7 @@ ingress-nginx: enabled: true controller: enableAnnotationValidations: true - allowSnippetAnnotations: true + allowSnippetAnnotations: false ingressClassResource: enabled: true default: false @@ -1006,6 +1003,8 @@ ingress-nginx: proxy-body-size: "5M" log-format-escape-json: "true" log-format-upstream: '{ "time": "$time_iso8601", "remote_addr": "$proxy_protocol_addr", "x-forward-for": "$proxy_add_x_forwarded_for", "remote_user": "$remote_user", "bytes_sent": $bytes_sent, "request_time": $request_time, "status": $status, "vhost": "$host", "request_proto": "$server_protocol", "path": "$uri", "request_query": "$args", "request_length": $request_length, "duration": $request_time, "method": "$request_method", "http_referrer": "$http_referer", "http_user_agent": "$http_user_agent", "http_x_github_delivery": "$http_x_github_delivery", "http_x_hook_uuid": "$http_x_hook_uuid", "metadata": { "correlationId": "$request_id", "service": "ingress", "time": "$time_iso8601" } }' + http-snippet: | + proxy_set_header X-Request-ID $request_id; # -- k8s-monitor # @default -- See below From 6ce3a3431963d9278799c750ef442aef147db84e Mon Sep 17 00:00:00 2001 From: mikhail-klimko Date: Tue, 8 Apr 2025 16:35:32 +0300 Subject: [PATCH 07/66] onprem: 2.7.6 (#39) --- codefresh/.ci/values/external-secrets.yaml | 6 ++- codefresh/.ci/values/mtls-mongodb-redis.yaml | 2 +- codefresh/Chart.lock | 50 ++++++++++---------- codefresh/Chart.yaml | 8 ++-- codefresh/README.md | 2 +- 5 files changed, 36 insertions(+), 32 deletions(-) diff --git a/codefresh/.ci/values/external-secrets.yaml b/codefresh/.ci/values/external-secrets.yaml index 356912d99..4582de35c 100644 --- a/codefresh/.ci/values/external-secrets.yaml +++ b/codefresh/.ci/values/external-secrets.yaml @@ -33,7 +33,7 @@ secrets: e2e-mongo-uri: enabled: true stringData: - mongo-uri: mongodb://cfuser:mTiXcU2wafr9@cf-mongodb:27017/codefresh + mongo-uri: mongodb://cfuser:mTiXcU2wafr9@my-mongodb:27017/codefresh seed: mongoSeedJob: @@ -110,3 +110,7 @@ postgresql: mongodb: fullnameOverride: my-mongodb + +cf-platform-analytics-platform: + redis: + enabled: false diff --git a/codefresh/.ci/values/mtls-mongodb-redis.yaml b/codefresh/.ci/values/mtls-mongodb-redis.yaml index cea05a324..6ba0f60cb 100644 --- a/codefresh/.ci/values/mtls-mongodb-redis.yaml +++ b/codefresh/.ci/values/mtls-mongodb-redis.yaml @@ -150,4 +150,4 @@ extraResources: type: ClusterIP seed-e2e: - enabled: false \ No newline at end of file + enabled: false diff --git a/codefresh/Chart.lock b/codefresh/Chart.lock index ceef2b909..eaede0ec9 100644 --- a/codefresh/Chart.lock +++ b/codefresh/Chart.lock @@ -43,7 +43,7 @@ dependencies: version: 1.17.15 - name: kube-integration repository: oci://quay.io/codefresh/charts - version: 1.31.18 + version: 1.31.19 - name: charts-manager repository: oci://quay.io/codefresh/charts version: 1.22.2 @@ -61,61 +61,61 @@ dependencies: version: 3.138.3 - name: gitops-dashboard-manager repository: oci://quay.io/codefresh/charts - version: 1.14.20 + version: 1.14.21 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.11 + version: 21.274.12 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.11 + version: 21.274.12 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.11 + version: 21.274.12 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.11 + version: 21.274.12 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.11 + version: 21.274.12 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.11 + version: 21.274.12 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.11 + version: 21.274.12 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.11 + version: 21.274.12 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.11 + version: 21.274.12 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.11 + version: 21.274.12 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.11 + version: 21.274.12 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.11 + version: 21.274.12 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.11 + version: 21.274.12 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.11 + version: 21.274.12 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.11 + version: 21.274.12 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.11 + version: 21.274.12 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.11 + version: 21.274.12 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.11 + version: 21.274.12 - name: cfui repository: oci://quay.io/codefresh/charts version: 14.97.50 @@ -142,10 +142,10 @@ dependencies: version: 0.8.10 - name: cf-platform-analytics repository: oci://quay.io/codefresh/charts - version: 0.49.80 + version: 0.49.82 - name: cf-platform-analytics repository: oci://quay.io/codefresh/charts - version: 0.49.80 + version: 0.49.82 - name: argo-platform repository: oci://quay.io/codefresh/charts version: 1.3344.0-onprem-5c8af92 @@ -160,7 +160,7 @@ dependencies: version: 1.20.8 - name: payments repository: oci://quay.io/codefresh/charts - version: 2.23.17 + version: 2.23.18 - name: segment-reporter repository: oci://quay.io/codefresh/charts version: 1.17.8 @@ -170,5 +170,5 @@ dependencies: - name: onboarding-status repository: oci://quay.io/codefresh/charts version: 1.8.8 -digest: sha256:bdf0f27e7c70cc8fcd0c09ab72616db6f0429f171941f75e5edb554d542979a6 -generated: "2025-03-26T12:45:57.737771+03:00" +digest: sha256:468880bb055bb47b7de880c54d9e9daabd072a7f96f698c85e289072810d90e5 +generated: "2025-04-08T15:00:56.927304+03:00" diff --git a/codefresh/Chart.yaml b/codefresh/Chart.yaml index c3eef6171..f28e6095a 100644 --- a/codefresh/Chart.yaml +++ b/codefresh/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 description: Helm Chart for Codefresh On-Prem name: codefresh -version: 2.7.5 +version: 2.7.6 keywords: - codefresh home: https://codefresh.io/ @@ -13,13 +13,13 @@ maintainers: url: https://codefresh-io.github.io/ appVersion: 2.7.0 annotations: - artifacthub.io/prerelease: "true" + # artifacthub.io/prerelease: "true" artifacthub.io/alternativeName: "codefresh-onprem" # artifacthub.io/containsSecurityUpdates: "true" # supported kinds are added, changed, deprecated, removed, fixed and security. artifacthub.io/changes: | - - kind: security - description: "Upgrade ingress-nginx controller" + - kind: fixed + description: "Fix platform-analytics with external Redis" dependencies: - name: cf-common repository: oci://quay.io/codefresh/charts diff --git a/codefresh/README.md b/codefresh/README.md index 18497cea0..44215f443 100644 --- a/codefresh/README.md +++ b/codefresh/README.md @@ -1,6 +1,6 @@ ## Codefresh On-Premises -![Version: 2.7.5](https://img.shields.io/badge/Version-2.7.5-informational?style=flat-square) ![AppVersion: 2.7.0](https://img.shields.io/badge/AppVersion-2.7.0-informational?style=flat-square) +![Version: 2.7.6](https://img.shields.io/badge/Version-2.7.6-informational?style=flat-square) ![AppVersion: 2.7.0](https://img.shields.io/badge/AppVersion-2.7.0-informational?style=flat-square) Helm chart for deploying [Codefresh On-Premises](https://codefresh.io/docs/docs/getting-started/intro-to-codefresh/) to Kubernetes. From 588952b2d3fd649ab604241d656250abb11ea1b8 Mon Sep 17 00:00:00 2001 From: vitalii-codefresh Date: Fri, 11 Apr 2025 12:05:54 +0300 Subject: [PATCH 08/66] onprem: 2.7.7 (#40) * onprem: 2.7.7 --- codefresh/Chart.lock | 52 +++++++++++++++++++++---------------------- codefresh/Chart.yaml | 8 +++---- codefresh/README.md | 2 +- codefresh/values.yaml | 4 ++-- 4 files changed, 33 insertions(+), 33 deletions(-) diff --git a/codefresh/Chart.lock b/codefresh/Chart.lock index eaede0ec9..618b533a8 100644 --- a/codefresh/Chart.lock +++ b/codefresh/Chart.lock @@ -46,7 +46,7 @@ dependencies: version: 1.31.19 - name: charts-manager repository: oci://quay.io/codefresh/charts - version: 1.22.2 + version: 1.22.3 - name: cfsign repository: oci://quay.io/codefresh/charts version: 1.8.8 @@ -55,67 +55,67 @@ dependencies: version: 1.26.18 - name: context-manager repository: oci://quay.io/codefresh/charts - version: 2.33.6 + version: 2.33.7 - name: pipeline-manager repository: oci://quay.io/codefresh/charts - version: 3.138.3 + version: 3.138.4 - name: gitops-dashboard-manager repository: oci://quay.io/codefresh/charts version: 1.14.21 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.12 + version: 21.274.13 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.12 + version: 21.274.13 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.12 + version: 21.274.13 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.12 + version: 21.274.13 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.12 + version: 21.274.13 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.12 + version: 21.274.13 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.12 + version: 21.274.13 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.12 + version: 21.274.13 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.12 + version: 21.274.13 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.12 + version: 21.274.13 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.12 + version: 21.274.13 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.12 + version: 21.274.13 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.12 + version: 21.274.13 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.12 + version: 21.274.13 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.12 + version: 21.274.13 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.12 + version: 21.274.13 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.12 + version: 21.274.13 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.12 + version: 21.274.13 - name: cfui repository: oci://quay.io/codefresh/charts version: 14.97.50 @@ -124,7 +124,7 @@ dependencies: version: 4.11.13 - name: runtime-environment-manager repository: oci://quay.io/codefresh/charts - version: 3.39.3 + version: 3.39.4 - name: cf-broadcaster repository: oci://quay.io/codefresh/charts version: 1.12.22 @@ -142,10 +142,10 @@ dependencies: version: 0.8.10 - name: cf-platform-analytics repository: oci://quay.io/codefresh/charts - version: 0.49.82 + version: 0.49.83 - name: cf-platform-analytics repository: oci://quay.io/codefresh/charts - version: 0.49.82 + version: 0.49.83 - name: argo-platform repository: oci://quay.io/codefresh/charts version: 1.3344.0-onprem-5c8af92 @@ -170,5 +170,5 @@ dependencies: - name: onboarding-status repository: oci://quay.io/codefresh/charts version: 1.8.8 -digest: sha256:468880bb055bb47b7de880c54d9e9daabd072a7f96f698c85e289072810d90e5 -generated: "2025-04-08T15:00:56.927304+03:00" +digest: sha256:ed1d24ed0c9cd7c89b08b15b7daff4c5fdbdee45827ec50c11f656f2c97453df +generated: "2025-04-10T16:57:20.2068+03:00" diff --git a/codefresh/Chart.yaml b/codefresh/Chart.yaml index f28e6095a..eddc47ff3 100644 --- a/codefresh/Chart.yaml +++ b/codefresh/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 description: Helm Chart for Codefresh On-Prem name: codefresh -version: 2.7.6 +version: 2.7.7 keywords: - codefresh home: https://codefresh.io/ @@ -15,11 +15,11 @@ appVersion: 2.7.0 annotations: # artifacthub.io/prerelease: "true" artifacthub.io/alternativeName: "codefresh-onprem" - # artifacthub.io/containsSecurityUpdates: "true" + artifacthub.io/containsSecurityUpdates: "true" # supported kinds are added, changed, deprecated, removed, fixed and security. artifacthub.io/changes: | - - kind: fixed - description: "Fix platform-analytics with external Redis" + - kind: security + description: "Contains security updates" dependencies: - name: cf-common repository: oci://quay.io/codefresh/charts diff --git a/codefresh/README.md b/codefresh/README.md index 44215f443..16e43e138 100644 --- a/codefresh/README.md +++ b/codefresh/README.md @@ -1,6 +1,6 @@ ## Codefresh On-Premises -![Version: 2.7.6](https://img.shields.io/badge/Version-2.7.6-informational?style=flat-square) ![AppVersion: 2.7.0](https://img.shields.io/badge/AppVersion-2.7.0-informational?style=flat-square) +![Version: 2.7.7](https://img.shields.io/badge/Version-2.7.7-informational?style=flat-square) ![AppVersion: 2.7.0](https://img.shields.io/badge/AppVersion-2.7.0-informational?style=flat-square) Helm chart for deploying [Codefresh On-Premises](https://codefresh.io/docs/docs/getting-started/intro-to-codefresh/) to Kubernetes. diff --git a/codefresh/values.yaml b/codefresh/values.yaml index daae2861d..c18cff0a0 100644 --- a/codefresh/values.yaml +++ b/codefresh/values.yaml @@ -36,7 +36,7 @@ seed: image: registry: quay.io repository: codefresh/mongosh - tag: 2.3.7 + tag: 2.4.2 # -- Root user in plain text (required ONLY for seed job!). mongodbRootUser: "root" # -- Root user from existing secret @@ -475,7 +475,7 @@ runtimeImages: DOCKER_PULLER_IMAGE: quay.io/codefresh/cf-docker-puller:8.0.18 DOCKER_PUSHER_IMAGE: quay.io/codefresh/cf-docker-pusher:6.0.16 DOCKER_TAG_PUSHER_IMAGE: quay.io/codefresh/cf-docker-tag-pusher:1.3.15 - ENGINE_IMAGE: quay.io/codefresh/engine:1.177.5 + ENGINE_IMAGE: quay.io/codefresh/engine:1.177.6 FS_OPS_IMAGE: quay.io/codefresh/fs-ops:1.2.8 GIT_CLONE_IMAGE: quay.io/codefresh/cf-git-cloner:10.2.0 KUBE_DEPLOY: quay.io/codefresh/cf-deploy-kubernetes:16.2.6 From 64f6d2cbc612ac9bb4ef5ee8921b1fcbf9d2b762 Mon Sep 17 00:00:00 2001 From: mikhail-klimko Date: Fri, 11 Apr 2025 16:46:17 +0300 Subject: [PATCH 09/66] onprem: 2.7.8 (#41) --- codefresh/Chart.yaml | 6 +++--- codefresh/README.md | 5 +++-- codefresh/templates/ingress.yaml | 3 +++ codefresh/tests/ingress/ingress_test.yaml | 15 ++++++++++++++- codefresh/values.yaml | 2 ++ 5 files changed, 25 insertions(+), 6 deletions(-) diff --git a/codefresh/Chart.yaml b/codefresh/Chart.yaml index eddc47ff3..89e9ef3c7 100644 --- a/codefresh/Chart.yaml +++ b/codefresh/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 description: Helm Chart for Codefresh On-Prem name: codefresh -version: 2.7.7 +version: 2.7.8 keywords: - codefresh home: https://codefresh.io/ @@ -18,8 +18,8 @@ annotations: artifacthub.io/containsSecurityUpdates: "true" # supported kinds are added, changed, deprecated, removed, fixed and security. artifacthub.io/changes: | - - kind: security - description: "Contains security updates" + - kind: added + description: "Add option to specify labels for Ingress object" dependencies: - name: cf-common repository: oci://quay.io/codefresh/charts diff --git a/codefresh/README.md b/codefresh/README.md index 16e43e138..3943e9c30 100644 --- a/codefresh/README.md +++ b/codefresh/README.md @@ -1,6 +1,6 @@ ## Codefresh On-Premises -![Version: 2.7.7](https://img.shields.io/badge/Version-2.7.7-informational?style=flat-square) ![AppVersion: 2.7.0](https://img.shields.io/badge/AppVersion-2.7.0-informational?style=flat-square) +![Version: 2.7.8](https://img.shields.io/badge/Version-2.7.8-informational?style=flat-square) ![AppVersion: 2.7.0](https://img.shields.io/badge/AppVersion-2.7.0-informational?style=flat-square) Helm chart for deploying [Codefresh On-Premises](https://codefresh.io/docs/docs/getting-started/intro-to-codefresh/) to Kubernetes. @@ -2290,11 +2290,12 @@ After platform upgrade, Consul fails with the error `refusing to rejoin cluster | hermes | object | See below | hermes | | hooks | object | See below | Pre/post-upgrade Job hooks. Updates images in `system/default` runtime. | | imageCredentials | object | `{}` | Credentials for Image Pull Secret object | -| ingress | object | `{"annotations":{"nginx.ingress.kubernetes.io/service-upstream":"true","nginx.ingress.kubernetes.io/ssl-redirect":"false","nginx.org/redirect-to-https":"false"},"enabled":true,"ingressClassName":"nginx-codefresh","nameOverride":"","services":{"internal-gateway":["/"]},"tls":{"cert":"","enabled":false,"existingSecret":"","key":"","secretName":"star.codefresh.io"}}` | Ingress | +| ingress | object | `{"annotations":{"nginx.ingress.kubernetes.io/service-upstream":"true","nginx.ingress.kubernetes.io/ssl-redirect":"false","nginx.org/redirect-to-https":"false"},"enabled":true,"ingressClassName":"nginx-codefresh","labels":{},"nameOverride":"","services":{"internal-gateway":["/"]},"tls":{"cert":"","enabled":false,"existingSecret":"","key":"","secretName":"star.codefresh.io"}}` | Ingress | | ingress-nginx | object | See below | ingress-nginx Ref: https://github.com/kubernetes/ingress-nginx/blob/main/charts/ingress-nginx/values.yaml | | ingress.annotations | object | See below | Set annotations for ingress. | | ingress.enabled | bool | `true` | Enable the Ingress | | ingress.ingressClassName | string | `"nginx-codefresh"` | Set the ingressClass that is used for the ingress. Default `nginx-codefresh` is created from `ingress-nginx` controller subchart | +| ingress.labels | object | `{}` | Set labels for ingress | | ingress.nameOverride | string | `""` | Override Ingress resource name | | ingress.services | object | See below | Default services and corresponding paths | | ingress.tls.cert | string | `""` | Certificate (base64 encoded) | diff --git a/codefresh/templates/ingress.yaml b/codefresh/templates/ingress.yaml index 0c8c7feeb..1b871e374 100644 --- a/codefresh/templates/ingress.yaml +++ b/codefresh/templates/ingress.yaml @@ -9,6 +9,9 @@ metadata: name: {{ $ingressName }} labels: {{ include "codefresh.labels" . | nindent 4 }} + {{- with .Values.ingress.labels }} + {{ toYaml . | nindent 4 }} + {{- end }} {{- with .Values.ingress.annotations }} annotations: {{ toYaml . | nindent 4 }} diff --git a/codefresh/tests/ingress/ingress_test.yaml b/codefresh/tests/ingress/ingress_test.yaml index 979f6ba7a..c377f7a0a 100644 --- a/codefresh/tests/ingress/ingress_test.yaml +++ b/codefresh/tests/ingress/ingress_test.yaml @@ -41,4 +41,17 @@ tests: enabled: true asserts: - failedTemplate: - errorMessage: "A valid .Values.ingress.tls.cert is required!" \ No newline at end of file + errorMessage: "A valid .Values.ingress.tls.cert is required!" + + - it: ingress with extra labels + template: templates/ingress.yaml + set: + global: + appUrl: mydomain.local + ingress: + labels: + foo: bar + asserts: + - equal: + path: metadata.labels.foo + value: bar diff --git a/codefresh/values.yaml b/codefresh/values.yaml index c18cff0a0..cca4d1546 100644 --- a/codefresh/values.yaml +++ b/codefresh/values.yaml @@ -122,6 +122,8 @@ ingress: nginx.ingress.kubernetes.io/service-upstream: "true" nginx.ingress.kubernetes.io/ssl-redirect: "false" nginx.org/redirect-to-https: "false" + # -- Set labels for ingress + labels: {} # -- Global parameters # @default -- See below From 33524a34480602483f7ae4770364e676837a28cf Mon Sep 17 00:00:00 2001 From: vitalii-codefresh Date: Thu, 17 Apr 2025 09:58:35 +0300 Subject: [PATCH 10/66] onprem 2.7.9 (#44) --- codefresh/Chart.lock | 8 ++++---- codefresh/Chart.yaml | 6 +++--- codefresh/README.md | 2 +- codefresh/values.yaml | 10 +++++----- 4 files changed, 13 insertions(+), 13 deletions(-) diff --git a/codefresh/Chart.lock b/codefresh/Chart.lock index 618b533a8..f33e781fb 100644 --- a/codefresh/Chart.lock +++ b/codefresh/Chart.lock @@ -142,10 +142,10 @@ dependencies: version: 0.8.10 - name: cf-platform-analytics repository: oci://quay.io/codefresh/charts - version: 0.49.83 + version: 0.49.85 - name: cf-platform-analytics repository: oci://quay.io/codefresh/charts - version: 0.49.83 + version: 0.49.85 - name: argo-platform repository: oci://quay.io/codefresh/charts version: 1.3344.0-onprem-5c8af92 @@ -170,5 +170,5 @@ dependencies: - name: onboarding-status repository: oci://quay.io/codefresh/charts version: 1.8.8 -digest: sha256:ed1d24ed0c9cd7c89b08b15b7daff4c5fdbdee45827ec50c11f656f2c97453df -generated: "2025-04-10T16:57:20.2068+03:00" +digest: sha256:2ebb0041093b91a6e3aa653e7a1730f208a7f7cc67b5e295fee67d07e3b592c5 +generated: "2025-04-16T07:13:53.947555+03:00" diff --git a/codefresh/Chart.yaml b/codefresh/Chart.yaml index 89e9ef3c7..db3c511bb 100644 --- a/codefresh/Chart.yaml +++ b/codefresh/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 description: Helm Chart for Codefresh On-Prem name: codefresh -version: 2.7.8 +version: 2.7.9 keywords: - codefresh home: https://codefresh.io/ @@ -18,8 +18,8 @@ annotations: artifacthub.io/containsSecurityUpdates: "true" # supported kinds are added, changed, deprecated, removed, fixed and security. artifacthub.io/changes: | - - kind: added - description: "Add option to specify labels for Ingress object" + - kind: security + description: "Contains security updates" dependencies: - name: cf-common repository: oci://quay.io/codefresh/charts diff --git a/codefresh/README.md b/codefresh/README.md index 3943e9c30..69f659075 100644 --- a/codefresh/README.md +++ b/codefresh/README.md @@ -1,6 +1,6 @@ ## Codefresh On-Premises -![Version: 2.7.8](https://img.shields.io/badge/Version-2.7.8-informational?style=flat-square) ![AppVersion: 2.7.0](https://img.shields.io/badge/AppVersion-2.7.0-informational?style=flat-square) +![Version: 2.7.9](https://img.shields.io/badge/Version-2.7.9-informational?style=flat-square) ![AppVersion: 2.7.0](https://img.shields.io/badge/AppVersion-2.7.0-informational?style=flat-square) Helm chart for deploying [Codefresh On-Premises](https://codefresh.io/docs/docs/getting-started/intro-to-codefresh/) to Kubernetes. diff --git a/codefresh/values.yaml b/codefresh/values.yaml index cca4d1546..5d66e8d4e 100644 --- a/codefresh/values.yaml +++ b/codefresh/values.yaml @@ -441,7 +441,7 @@ hooks: image: registry: quay.io repository: codefresh/mongosh - tag: 2.3.7 + tag: 2.4.2 affinity: {} nodeSelector: {} podSecurityContext: {} @@ -473,16 +473,16 @@ runtimeImages: COMPOSE_IMAGE: quay.io/codefresh/compose:v2.32.2-1.5.2 CONTAINER_LOGGER_IMAGE: quay.io/codefresh/cf-container-logger:1.12.2 DIND_IMAGE: quay.io/codefresh/dind:26.1.4-1.28.8 - DOCKER_BUILDER_IMAGE: quay.io/codefresh/cf-docker-builder:1.4.3 - DOCKER_PULLER_IMAGE: quay.io/codefresh/cf-docker-puller:8.0.18 - DOCKER_PUSHER_IMAGE: quay.io/codefresh/cf-docker-pusher:6.0.16 + DOCKER_BUILDER_IMAGE: quay.io/codefresh/cf-docker-builder:1.4.4 + DOCKER_PULLER_IMAGE: quay.io/codefresh/cf-docker-puller:8.0.20 + DOCKER_PUSHER_IMAGE: quay.io/codefresh/cf-docker-pusher:6.0.17 DOCKER_TAG_PUSHER_IMAGE: quay.io/codefresh/cf-docker-tag-pusher:1.3.15 ENGINE_IMAGE: quay.io/codefresh/engine:1.177.6 FS_OPS_IMAGE: quay.io/codefresh/fs-ops:1.2.8 GIT_CLONE_IMAGE: quay.io/codefresh/cf-git-cloner:10.2.0 KUBE_DEPLOY: quay.io/codefresh/cf-deploy-kubernetes:16.2.6 PIPELINE_DEBUGGER_IMAGE: quay.io/codefresh/cf-debugger:1.3.7 - TEMPLATE_ENGINE: quay.io/codefresh/pikolo:0.14.2 + TEMPLATE_ENGINE: quay.io/codefresh/pikolo:0.14.3 CR_6177_FIXER: docker.io/library/alpine:3.21 GC_BUILDER_IMAGE: docker.io/library/alpine:3.21 From ade3bc1029d12830c37c380611255fcd75ecc93e Mon Sep 17 00:00:00 2001 From: mikhail-klimko Date: Wed, 30 Apr 2025 20:26:57 +0300 Subject: [PATCH 11/66] onprem: 2.7.10 (#47) --- codefresh/Chart.lock | 12 ++++++------ codefresh/Chart.yaml | 8 ++++++-- codefresh/README.md | 28 ++++++++++++++++------------ codefresh/values.yaml | 35 ++++++++++++++++++++++++++++++----- 4 files changed, 58 insertions(+), 25 deletions(-) diff --git a/codefresh/Chart.lock b/codefresh/Chart.lock index f33e781fb..e492fbeeb 100644 --- a/codefresh/Chart.lock +++ b/codefresh/Chart.lock @@ -121,13 +121,13 @@ dependencies: version: 14.97.50 - name: k8s-monitor repository: oci://quay.io/codefresh/charts - version: 4.11.13 + version: 4.11.14 - name: runtime-environment-manager repository: oci://quay.io/codefresh/charts version: 3.39.4 - name: cf-broadcaster repository: oci://quay.io/codefresh/charts - version: 1.12.22 + version: 1.13.0 - name: helm-repo-manager repository: oci://quay.io/codefresh/charts version: 0.20.2 @@ -142,10 +142,10 @@ dependencies: version: 0.8.10 - name: cf-platform-analytics repository: oci://quay.io/codefresh/charts - version: 0.49.85 + version: 0.49.86 - name: cf-platform-analytics repository: oci://quay.io/codefresh/charts - version: 0.49.85 + version: 0.49.86 - name: argo-platform repository: oci://quay.io/codefresh/charts version: 1.3344.0-onprem-5c8af92 @@ -170,5 +170,5 @@ dependencies: - name: onboarding-status repository: oci://quay.io/codefresh/charts version: 1.8.8 -digest: sha256:2ebb0041093b91a6e3aa653e7a1730f208a7f7cc67b5e295fee67d07e3b592c5 -generated: "2025-04-16T07:13:53.947555+03:00" +digest: sha256:6a3903f52d8a056d7d95f295ca3303f62ceb32532be77795a4703147a4cbb9b5 +generated: "2025-04-30T11:54:17.265065+03:00" diff --git a/codefresh/Chart.yaml b/codefresh/Chart.yaml index db3c511bb..8229842e8 100644 --- a/codefresh/Chart.yaml +++ b/codefresh/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 description: Helm Chart for Codefresh On-Prem name: codefresh -version: 2.7.9 +version: 2.7.10 keywords: - codefresh home: https://codefresh.io/ @@ -18,8 +18,12 @@ annotations: artifacthub.io/containsSecurityUpdates: "true" # supported kinds are added, changed, deprecated, removed, fixed and security. artifacthub.io/changes: | + - kind: fixed + description: "Remove duplicated cf-codefresh-registry imagePullSecret secret from workloads" - kind: security - description: "Contains security updates" + description: "Misc security updates" + - kind: fixed + description: "Fix mongoimport in mongo-seed job" dependencies: - name: cf-common repository: oci://quay.io/codefresh/charts diff --git a/codefresh/README.md b/codefresh/README.md index 69f659075..aafa22f75 100644 --- a/codefresh/README.md +++ b/codefresh/README.md @@ -1,6 +1,6 @@ ## Codefresh On-Premises -![Version: 2.7.9](https://img.shields.io/badge/Version-2.7.9-informational?style=flat-square) ![AppVersion: 2.7.0](https://img.shields.io/badge/AppVersion-2.7.0-informational?style=flat-square) +![Version: 2.7.10](https://img.shields.io/badge/Version-2.7.10-informational?style=flat-square) ![AppVersion: 2.7.0](https://img.shields.io/badge/AppVersion-2.7.0-informational?style=flat-square) Helm chart for deploying [Codefresh On-Premises](https://codefresh.io/docs/docs/getting-started/intro-to-codefresh/) to Kubernetes. @@ -2132,15 +2132,15 @@ After platform upgrade, Consul fails with the error `refusing to rejoin cluster | argo-platform.runtime-monitor | object | See below | runtime-monitor Don't enable! Not used in onprem! | | argo-platform.ui | object | See below | ui | | argo-platform.useExternalSecret | bool | `false` | Use regular k8s secret object. Keep `false`! | -| builder | object | `{"affinity":{},"container":{"image":{"registry":"docker.io","repository":"library/docker","tag":"28.0-dind"}},"enabled":true,"initContainers":{"register":{"image":{"registry":"quay.io","repository":"codefresh/curl","tag":"8.11.1"}}},"nodeSelector":{},"podSecurityContext":{},"resources":{},"tolerations":[]}` | builder | +| builder | object | `{"affinity":{},"container":{"image":{"registry":"docker.io","repository":"library/docker","tag":"28.0-dind"}},"enabled":true,"imagePullSecrets":[],"initContainers":{"register":{"image":{"registry":"quay.io","repository":"codefresh/curl","tag":"8.11.1"}}},"nodeSelector":{},"podSecurityContext":{},"resources":{},"tolerations":[]}` | builder | | cf-broadcaster | object | See below | broadcaster | | cf-oidc-provider | object | See below | cf-oidc-provider | | cf-platform-analytics-etlstarter | object | See below | etl-starter | | cf-platform-analytics-etlstarter.redis.enabled | bool | `false` | Disable redis subchart | | cf-platform-analytics-etlstarter.system-etl-postgres | object | `{"container":{"env":{"BLUE_GREEN_ENABLED":true}},"controller":{"cronjob":{"ttlSecondsAfterFinished":300}},"enabled":true}` | Only postgres ETL should be running in onprem | | cf-platform-analytics-platform | object | See below | platform-analytics | -| cfapi | object | `{"affinity":{},"container":{"env":{"AUDIT_AUTO_CREATE_DB":true,"DEFAULT_SYSTEM_TYPE":"PROJECT_ONE","GITHUB_API_PATH_PREFIX":"/api/v3","LOGGER_LEVEL":"debug","OIDC_PROVIDER_PORT":"{{ .Values.global.oidcProviderPort }}","OIDC_PROVIDER_PROTOCOL":"{{ .Values.global.oidcProviderProtocol }}","OIDC_PROVIDER_TOKEN_ENDPOINT":"{{ .Values.global.oidcProviderTokenEndpoint }}","OIDC_PROVIDER_URI":"{{ .Values.global.oidcProviderService }}","ON_PREMISE":true,"RUNTIME_MONGO_DB":"codefresh","RUNTIME_REDIS_DB":0},"image":{"registry":"us-docker.pkg.dev/codefresh-enterprise/gcr.io","repository":"codefresh/cf-api"}},"controller":{"replicas":2},"enabled":true,"hpa":{"enabled":false,"maxReplicas":10,"minReplicas":2,"targetCPUUtilizationPercentage":70},"nodeSelector":{},"pdb":{"enabled":false,"minAvailable":"50%"},"podSecurityContext":{},"resources":{"limits":{},"requests":{"cpu":"200m","memory":"256Mi"}},"secrets":{"secret":{"enabled":true,"stringData":{"OIDC_PROVIDER_CLIENT_ID":"{{ .Values.global.oidcProviderClientId }}","OIDC_PROVIDER_CLIENT_SECRET":"{{ .Values.global.oidcProviderClientSecret }}"},"type":"Opaque"}},"tolerations":[]}` | cf-api | -| cfapi-internal.<<.affinity | object | `{}` | | +| cfapi | object | `{"affinity":{},"container":{"env":{"AUDIT_AUTO_CREATE_DB":true,"DEFAULT_SYSTEM_TYPE":"PROJECT_ONE","GITHUB_API_PATH_PREFIX":"/api/v3","LOGGER_LEVEL":"debug","OIDC_PROVIDER_PORT":"{{ .Values.global.oidcProviderPort }}","OIDC_PROVIDER_PROTOCOL":"{{ .Values.global.oidcProviderProtocol }}","OIDC_PROVIDER_TOKEN_ENDPOINT":"{{ .Values.global.oidcProviderTokenEndpoint }}","OIDC_PROVIDER_URI":"{{ .Values.global.oidcProviderService }}","ON_PREMISE":true,"RUNTIME_MONGO_DB":"codefresh","RUNTIME_REDIS_DB":0},"image":{"registry":"us-docker.pkg.dev/codefresh-enterprise/gcr.io","repository":"codefresh/cf-api"}},"controller":{"replicas":2},"enabled":true,"hpa":{"enabled":false,"maxReplicas":10,"minReplicas":2,"targetCPUUtilizationPercentage":70},"imagePullSecrets":[],"nodeSelector":{},"pdb":{"enabled":false,"minAvailable":"50%"},"podSecurityContext":{},"resources":{"limits":{},"requests":{"cpu":"200m","memory":"256Mi"}},"secrets":{"secret":{"enabled":true,"stringData":{"OIDC_PROVIDER_CLIENT_ID":"{{ .Values.global.oidcProviderClientId }}","OIDC_PROVIDER_CLIENT_SECRET":"{{ .Values.global.oidcProviderClientSecret }}"},"type":"Opaque"}},"tolerations":[]}` | cf-api | +| cfapi-internal.<<.affinity | object | `{}` | Affinity configuration | | cfapi-internal.<<.container | object | `{"env":{"AUDIT_AUTO_CREATE_DB":true,"DEFAULT_SYSTEM_TYPE":"PROJECT_ONE","GITHUB_API_PATH_PREFIX":"/api/v3","LOGGER_LEVEL":"debug","OIDC_PROVIDER_PORT":"{{ .Values.global.oidcProviderPort }}","OIDC_PROVIDER_PROTOCOL":"{{ .Values.global.oidcProviderProtocol }}","OIDC_PROVIDER_TOKEN_ENDPOINT":"{{ .Values.global.oidcProviderTokenEndpoint }}","OIDC_PROVIDER_URI":"{{ .Values.global.oidcProviderService }}","ON_PREMISE":true,"RUNTIME_MONGO_DB":"codefresh","RUNTIME_REDIS_DB":0},"image":{"registry":"us-docker.pkg.dev/codefresh-enterprise/gcr.io","repository":"codefresh/cf-api"}}` | Container configuration | | cfapi-internal.<<.container.env | object | See below | Env vars | | cfapi-internal.<<.container.image | object | `{"registry":"us-docker.pkg.dev/codefresh-enterprise/gcr.io","repository":"codefresh/cf-api"}` | Image | @@ -2154,18 +2154,17 @@ After platform upgrade, Consul fails with the error `refusing to rejoin cluster | cfapi-internal.<<.hpa.maxReplicas | int | `10` | Maximum number of replicas | | cfapi-internal.<<.hpa.minReplicas | int | `2` | Minimum number of replicas | | cfapi-internal.<<.hpa.targetCPUUtilizationPercentage | int | `70` | Average CPU utilization percentage | -| cfapi-internal.<<.nodeSelector | object | `{}` | | +| cfapi-internal.<<.imagePullSecrets | list | `[]` | Image pull secrets | +| cfapi-internal.<<.nodeSelector | object | `{}` | Node selector configuration | | cfapi-internal.<<.pdb | object | `{"enabled":false,"minAvailable":"50%"}` | Pod disruption budget configuration | | cfapi-internal.<<.pdb.enabled | bool | `false` | Enable PDB | | cfapi-internal.<<.pdb.minAvailable | string | `"50%"` | Minimum number of replicas in percentage | -| cfapi-internal.<<.podSecurityContext | object | `{}` | | +| cfapi-internal.<<.podSecurityContext | object | `{}` | Pod security context configuration | | cfapi-internal.<<.resources | object | `{"limits":{},"requests":{"cpu":"200m","memory":"256Mi"}}` | Resource requests and limits | -| cfapi-internal.<<.secrets.secret.enabled | bool | `true` | | -| cfapi-internal.<<.secrets.secret.stringData.OIDC_PROVIDER_CLIENT_ID | string | `"{{ .Values.global.oidcProviderClientId }}"` | | -| cfapi-internal.<<.secrets.secret.stringData.OIDC_PROVIDER_CLIENT_SECRET | string | `"{{ .Values.global.oidcProviderClientSecret }}"` | | -| cfapi-internal.<<.secrets.secret.type | string | `"Opaque"` | | -| cfapi-internal.<<.tolerations | list | `[]` | | +| cfapi-internal.<<.secrets | object | `{"secret":{"enabled":true,"stringData":{"OIDC_PROVIDER_CLIENT_ID":"{{ .Values.global.oidcProviderClientId }}","OIDC_PROVIDER_CLIENT_SECRET":"{{ .Values.global.oidcProviderClientSecret }}"},"type":"Opaque"}}` | Secrets configuration | +| cfapi-internal.<<.tolerations | list | `[]` | Tolerations configuration | | cfapi-internal.enabled | bool | `false` | | +| cfapi.affinity | object | `{}` | Affinity configuration | | cfapi.container | object | `{"env":{"AUDIT_AUTO_CREATE_DB":true,"DEFAULT_SYSTEM_TYPE":"PROJECT_ONE","GITHUB_API_PATH_PREFIX":"/api/v3","LOGGER_LEVEL":"debug","OIDC_PROVIDER_PORT":"{{ .Values.global.oidcProviderPort }}","OIDC_PROVIDER_PROTOCOL":"{{ .Values.global.oidcProviderProtocol }}","OIDC_PROVIDER_TOKEN_ENDPOINT":"{{ .Values.global.oidcProviderTokenEndpoint }}","OIDC_PROVIDER_URI":"{{ .Values.global.oidcProviderService }}","ON_PREMISE":true,"RUNTIME_MONGO_DB":"codefresh","RUNTIME_REDIS_DB":0},"image":{"registry":"us-docker.pkg.dev/codefresh-enterprise/gcr.io","repository":"codefresh/cf-api"}}` | Container configuration | | cfapi.container.env | object | See below | Env vars | | cfapi.container.image | object | `{"registry":"us-docker.pkg.dev/codefresh-enterprise/gcr.io","repository":"codefresh/cf-api"}` | Image | @@ -2179,10 +2178,15 @@ After platform upgrade, Consul fails with the error `refusing to rejoin cluster | cfapi.hpa.maxReplicas | int | `10` | Maximum number of replicas | | cfapi.hpa.minReplicas | int | `2` | Minimum number of replicas | | cfapi.hpa.targetCPUUtilizationPercentage | int | `70` | Average CPU utilization percentage | +| cfapi.imagePullSecrets | list | `[]` | Image pull secrets | +| cfapi.nodeSelector | object | `{}` | Node selector configuration | | cfapi.pdb | object | `{"enabled":false,"minAvailable":"50%"}` | Pod disruption budget configuration | | cfapi.pdb.enabled | bool | `false` | Enable PDB | | cfapi.pdb.minAvailable | string | `"50%"` | Minimum number of replicas in percentage | +| cfapi.podSecurityContext | object | `{}` | Pod security context configuration | | cfapi.resources | object | `{"limits":{},"requests":{"cpu":"200m","memory":"256Mi"}}` | Resource requests and limits | +| cfapi.secrets | object | `{"secret":{"enabled":true,"stringData":{"OIDC_PROVIDER_CLIENT_ID":"{{ .Values.global.oidcProviderClientId }}","OIDC_PROVIDER_CLIENT_SECRET":"{{ .Values.global.oidcProviderClientSecret }}"},"type":"Opaque"}}` | Secrets configuration | +| cfapi.tolerations | list | `[]` | Tolerations configuration | | cfsign | object | See below | tls-sign | | cfui | object | See below | cf-ui | | charts-manager | object | See below | charts-manager | @@ -2337,5 +2341,5 @@ After platform upgrade, Consul fails with the error `refusing to rejoin cluster | seed.postgresSeedJob.postgresUser | optional | `""` | "postgres" admin user in plain text (required ONLY for seed job!) Must be a privileged user allowed to create databases and grant roles. If omitted, username and password from `.Values.global.postgresUser/postgresPassword` will be used. | | seed.postgresSeedJob.postgresUserSecretKeyRef | optional | `{}` | "postgres" admin user from exising secret | | segment-reporter.enabled | bool | `false` | | -| tasker-kubernetes | object | `{"affinity":{},"container":{"image":{"registry":"us-docker.pkg.dev/codefresh-enterprise/gcr.io","repository":"codefresh/tasker-kubernetes"}},"enabled":true,"hpa":{"enabled":false},"nodeSelector":{},"pdb":{"enabled":false},"podSecurityContext":{},"resources":{"limits":{},"requests":{"cpu":"100m","memory":"128Mi"}},"tolerations":[]}` | tasker-kubernetes | +| tasker-kubernetes | object | `{"affinity":{},"container":{"image":{"registry":"us-docker.pkg.dev/codefresh-enterprise/gcr.io","repository":"codefresh/tasker-kubernetes"}},"enabled":true,"hpa":{"enabled":false},"imagePullSecrets":[],"nodeSelector":{},"pdb":{"enabled":false},"podSecurityContext":{},"resources":{"limits":{},"requests":{"cpu":"100m","memory":"128Mi"}},"tolerations":[]}` | tasker-kubernetes | | webTLS | object | `{"cert":"","enabled":false,"key":"","secretName":"star.codefresh.io"}` | DEPRECATED - Use `.Values.ingress.tls` instead TLS secret for Ingress | diff --git a/codefresh/values.yaml b/codefresh/values.yaml index 5d66e8d4e..14ffd7592 100644 --- a/codefresh/values.yaml +++ b/codefresh/values.yaml @@ -36,7 +36,7 @@ seed: image: registry: quay.io repository: codefresh/mongosh - tag: 2.4.2 + tag: 2.5.0 # -- Root user in plain text (required ONLY for seed job!). mongodbRootUser: "root" # -- Root user from existing secret @@ -441,7 +441,7 @@ hooks: image: registry: quay.io repository: codefresh/mongosh - tag: 2.4.2 + tag: 2.5.0 affinity: {} nodeSelector: {} podSecurityContext: {} @@ -494,6 +494,8 @@ runtimeImages: cfapi: &cf-api # -- Enable cf-api enabled: true + # -- Image pull secrets + imagePullSecrets: [] # -- Controller configuration controller: # -- Replicas number @@ -520,6 +522,7 @@ cfapi: &cf-api OIDC_PROVIDER_PROTOCOL: '{{ .Values.global.oidcProviderProtocol }}' OIDC_PROVIDER_TOKEN_ENDPOINT: '{{ .Values.global.oidcProviderTokenEndpoint }}' DEFAULT_SYSTEM_TYPE: PROJECT_ONE + # -- Secrets configuration secrets: secret: enabled: true @@ -527,7 +530,6 @@ cfapi: &cf-api stringData: OIDC_PROVIDER_CLIENT_ID: '{{ .Values.global.oidcProviderClientId }}' OIDC_PROVIDER_CLIENT_SECRET: '{{ .Values.global.oidcProviderClientSecret }}' - # -- Resource requests and limits resources: requests: @@ -550,9 +552,13 @@ cfapi: &cf-api enabled: false # -- Minimum number of replicas in percentage minAvailable: "50%" + # -- Affinity configuration affinity: {} + # -- Node selector configuration nodeSelector: {} + # -- Pod security context configuration podSecurityContext: {} + # -- Tolerations configuration tolerations: [] # cfapi roles @@ -659,6 +665,7 @@ internal-gateway: # @default -- See below cf-broadcaster: enabled: true + imagePullSecrets: [] controller: replicas: 3 container: @@ -690,6 +697,7 @@ cf-platform-analytics-etlstarter: redis: # -- Disable redis subchart enabled: false + imagePullSecrets: [] controller: # - Disable default deployment controller enabled: false @@ -726,6 +734,7 @@ cf-platform-analytics-etlstarter: cf-platform-analytics-platform: nameOverride: platform-analytics mongodbDatabase: "platform-analytics-postgres" + imagePullSecrets: [] container: image: registry: us-docker.pkg.dev/codefresh-enterprise/gcr.io @@ -755,6 +764,7 @@ cf-platform-analytics-platform: # @default -- See below cfsign: enabled: true + imagePullSecrets: [] container: image: registry: us-docker.pkg.dev/codefresh-enterprise/gcr.io @@ -794,6 +804,7 @@ cfsign: # @default -- See below cfui: enabled: true + imagePullSecrets: [] controller: replicas: 2 container: @@ -820,6 +831,7 @@ cfui: # @default -- See below charts-manager: enabled: true + imagePullSecrets: [] container: image: registry: us-docker.pkg.dev/codefresh-enterprise/gcr.io @@ -842,6 +854,7 @@ charts-manager: # @default -- See below cluster-providers: enabled: true + imagePullSecrets: [] container: image: registry: us-docker.pkg.dev/codefresh-enterprise/gcr.io @@ -875,6 +888,7 @@ consul: # @default -- See below context-manager: enabled: true + imagePullSecrets: [] container: image: registry: us-docker.pkg.dev/codefresh-enterprise/gcr.io @@ -897,6 +911,7 @@ context-manager: # @default -- See below cronus: enabled: true + imagePullSecrets: [] container: image: registry: us-docker.pkg.dev/codefresh-enterprise/gcr.io @@ -910,6 +925,7 @@ cronus: # @default -- See below gitops-dashboard-manager: enabled: true + imagePullSecrets: [] container: image: registry: us-docker.pkg.dev/codefresh-enterprise/gcr.io @@ -932,6 +948,7 @@ gitops-dashboard-manager: # @default -- See below helm-repo-manager: enabled: true + imagePullSecrets: [] container: image: registry: us-docker.pkg.dev/codefresh-enterprise/gcr.io @@ -962,6 +979,7 @@ helm-repo-manager: # -- hermes # @default -- See below hermes: + imagePullSecrets: [] controller: replicas: 1 container: @@ -1012,6 +1030,7 @@ ingress-nginx: # @default -- See below k8s-monitor: enabled: true + imagePullSecrets: [] container: image: registry: us-docker.pkg.dev/codefresh-enterprise/gcr.io @@ -1034,6 +1053,7 @@ k8s-monitor: # @default -- See below kube-integration: enabled: true + imagePullSecrets: [] container: image: registry: us-docker.pkg.dev/codefresh-enterprise/gcr.io @@ -1089,6 +1109,7 @@ nats: # @default -- See below nomios: enabled: true + imagePullSecrets: [] container: image: registry: us-docker.pkg.dev/codefresh-enterprise/gcr.io @@ -1207,6 +1228,7 @@ rabbitmq: # -- builder builder: enabled: true + imagePullSecrets: [] initContainers: register: image: @@ -1228,6 +1250,7 @@ builder: # @default -- See below runner: enabled: true + imagePullSecrets: [] initContainers: register: image: @@ -1249,6 +1272,7 @@ runner: # @default -- See below pipeline-manager: enabled: true + imagePullSecrets: [] container: image: registry: us-docker.pkg.dev/codefresh-enterprise/gcr.io @@ -1271,6 +1295,7 @@ pipeline-manager: # @default -- See below runtime-environment-manager: enabled: true + imagePullSecrets: [] container: image: registry: us-docker.pkg.dev/codefresh-enterprise/gcr.io @@ -1294,6 +1319,7 @@ runtime-environment-manager: # -- tasker-kubernetes tasker-kubernetes: enabled: true + imagePullSecrets: [] container: image: registry: us-docker.pkg.dev/codefresh-enterprise/gcr.io @@ -1322,8 +1348,7 @@ argo-hub-platform: image: registry: us-docker.pkg.dev/codefresh-enterprise/gcr.io repository: codefresh-io/argo-hub-platform - imagePullSecrets: - - '{{ .Release.Name }}-registry' + imagePullSecrets: [] resources: requests: cpu: 100m From f6a2d9b7165aeba100a430450b059d2c09b1816e Mon Sep 17 00:00:00 2001 From: mikhail-klimko Date: Thu, 8 May 2025 11:51:37 +0300 Subject: [PATCH 12/66] onprem: 2.7.11 (#49) --- codefresh/Chart.lock | 8 ++++---- codefresh/Chart.yaml | 8 ++------ codefresh/README.md | 2 +- 3 files changed, 7 insertions(+), 11 deletions(-) diff --git a/codefresh/Chart.lock b/codefresh/Chart.lock index e492fbeeb..46471c40c 100644 --- a/codefresh/Chart.lock +++ b/codefresh/Chart.lock @@ -61,7 +61,7 @@ dependencies: version: 3.138.4 - name: gitops-dashboard-manager repository: oci://quay.io/codefresh/charts - version: 1.14.21 + version: 1.14.22 - name: cfapi repository: oci://quay.io/codefresh/charts version: 21.274.13 @@ -151,7 +151,7 @@ dependencies: version: 1.3344.0-onprem-5c8af92 - name: argo-hub-platform repository: oci://quay.io/codefresh/charts - version: 0.1.22 + version: 0.1.23 - name: cf-oidc-provider repository: oci://quay.io/codefresh/charts version: 0.0.16 @@ -170,5 +170,5 @@ dependencies: - name: onboarding-status repository: oci://quay.io/codefresh/charts version: 1.8.8 -digest: sha256:6a3903f52d8a056d7d95f295ca3303f62ceb32532be77795a4703147a4cbb9b5 -generated: "2025-04-30T11:54:17.265065+03:00" +digest: sha256:95c63dadcae268e4dda42cd7b59f80671a522e88eec616dc9faa71a1748b9766 +generated: "2025-05-08T10:19:03.299891+03:00" diff --git a/codefresh/Chart.yaml b/codefresh/Chart.yaml index 8229842e8..54d9547a3 100644 --- a/codefresh/Chart.yaml +++ b/codefresh/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 description: Helm Chart for Codefresh On-Prem name: codefresh -version: 2.7.10 +version: 2.7.11 keywords: - codefresh home: https://codefresh.io/ @@ -19,11 +19,7 @@ annotations: # supported kinds are added, changed, deprecated, removed, fixed and security. artifacthub.io/changes: | - kind: fixed - description: "Remove duplicated cf-codefresh-registry imagePullSecret secret from workloads" - - kind: security - description: "Misc security updates" - - kind: fixed - description: "Fix mongoimport in mongo-seed job" + description: "argo-hub-platform image repository" dependencies: - name: cf-common repository: oci://quay.io/codefresh/charts diff --git a/codefresh/README.md b/codefresh/README.md index aafa22f75..22f9a7696 100644 --- a/codefresh/README.md +++ b/codefresh/README.md @@ -1,6 +1,6 @@ ## Codefresh On-Premises -![Version: 2.7.10](https://img.shields.io/badge/Version-2.7.10-informational?style=flat-square) ![AppVersion: 2.7.0](https://img.shields.io/badge/AppVersion-2.7.0-informational?style=flat-square) +![Version: 2.7.11](https://img.shields.io/badge/Version-2.7.11-informational?style=flat-square) ![AppVersion: 2.7.0](https://img.shields.io/badge/AppVersion-2.7.0-informational?style=flat-square) Helm chart for deploying [Codefresh On-Premises](https://codefresh.io/docs/docs/getting-started/intro-to-codefresh/) to Kubernetes. From ac61dfcc8804d4f291f1c311dc3aab62cd77c25d Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Thu, 8 May 2025 18:25:03 +0300 Subject: [PATCH 13/66] onprem: 2.8.0 --- codefresh/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/codefresh/Chart.yaml b/codefresh/Chart.yaml index 54d9547a3..373d7b1a2 100644 --- a/codefresh/Chart.yaml +++ b/codefresh/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 description: Helm Chart for Codefresh On-Prem name: codefresh -version: 2.7.11 +version: 2.8.0 keywords: - codefresh home: https://codefresh.io/ From c9a1388d898d0f2318415c68e60c15fea646a2ca Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Sun, 11 May 2025 15:40:24 +0300 Subject: [PATCH 14/66] onprem: 2.8.0 --- codefresh/Chart.lock | 50 ++++++++++++++++++++-------------------- codefresh/Chart.yaml | 54 ++++++++++++++++++++++---------------------- codefresh/README.md | 2 +- 3 files changed, 53 insertions(+), 53 deletions(-) diff --git a/codefresh/Chart.lock b/codefresh/Chart.lock index 46471c40c..fb964d4d1 100644 --- a/codefresh/Chart.lock +++ b/codefresh/Chart.lock @@ -46,7 +46,7 @@ dependencies: version: 1.31.19 - name: charts-manager repository: oci://quay.io/codefresh/charts - version: 1.22.3 + version: 1.23.1 - name: cfsign repository: oci://quay.io/codefresh/charts version: 1.8.8 @@ -55,76 +55,76 @@ dependencies: version: 1.26.18 - name: context-manager repository: oci://quay.io/codefresh/charts - version: 2.33.7 + version: 2.34.2 - name: pipeline-manager repository: oci://quay.io/codefresh/charts - version: 3.138.4 + version: 3.139.2 - name: gitops-dashboard-manager repository: oci://quay.io/codefresh/charts version: 1.14.22 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.13 + version: 21.278.1 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.13 + version: 21.278.1 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.13 + version: 21.278.1 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.13 + version: 21.278.1 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.13 + version: 21.278.1 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.13 + version: 21.278.1 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.13 + version: 21.278.1 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.13 + version: 21.278.1 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.13 + version: 21.278.1 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.13 + version: 21.278.1 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.13 + version: 21.278.1 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.13 + version: 21.278.1 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.13 + version: 21.278.1 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.13 + version: 21.278.1 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.13 + version: 21.278.1 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.13 + version: 21.278.1 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.13 + version: 21.278.1 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.13 + version: 21.278.1 - name: cfui repository: oci://quay.io/codefresh/charts - version: 14.97.50 + version: 14.98.25 - name: k8s-monitor repository: oci://quay.io/codefresh/charts version: 4.11.14 - name: runtime-environment-manager repository: oci://quay.io/codefresh/charts - version: 3.39.4 + version: 3.41.1 - name: cf-broadcaster repository: oci://quay.io/codefresh/charts version: 1.13.0 @@ -170,5 +170,5 @@ dependencies: - name: onboarding-status repository: oci://quay.io/codefresh/charts version: 1.8.8 -digest: sha256:95c63dadcae268e4dda42cd7b59f80671a522e88eec616dc9faa71a1748b9766 -generated: "2025-05-08T10:19:03.299891+03:00" +digest: sha256:ac862633b7a04644baea154ae6918356730bb6676b0f0d1763d1eb4dfbe754ed +generated: "2025-05-11T15:36:29.092398+03:00" diff --git a/codefresh/Chart.yaml b/codefresh/Chart.yaml index 373d7b1a2..41a82912b 100644 --- a/codefresh/Chart.yaml +++ b/codefresh/Chart.yaml @@ -13,13 +13,13 @@ maintainers: url: https://codefresh-io.github.io/ appVersion: 2.7.0 annotations: - # artifacthub.io/prerelease: "true" + artifacthub.io/prerelease: "true" artifacthub.io/alternativeName: "codefresh-onprem" artifacthub.io/containsSecurityUpdates: "true" # supported kinds are added, changed, deprecated, removed, fixed and security. artifacthub.io/changes: | - - kind: fixed - description: "argo-hub-platform image repository" + - kind: Changed + description: "Initial 2.8.0 release" dependencies: - name: cf-common repository: oci://quay.io/codefresh/charts @@ -81,7 +81,7 @@ dependencies: repository: oci://quay.io/codefresh/charts condition: kube-integration.enabled - name: charts-manager - version: "~1.22.0" + version: "*" repository: oci://quay.io/codefresh/charts condition: charts-manager.enabled - name: cfsign @@ -93,11 +93,11 @@ dependencies: repository: oci://quay.io/codefresh/charts condition: tasker-kubernetes.enabled - name: context-manager - version: "~2.33.0" + version: "*" repository: oci://quay.io/codefresh/charts condition: context-manager.enabled - name: pipeline-manager - version: "~3.138.0" + version: "*" repository: oci://quay.io/codefresh/charts condition: pipeline-manager.enabled - name: gitops-dashboard-manager @@ -106,96 +106,96 @@ dependencies: condition: gitops-dashboard-manager.enabled - name: cfapi alias: cfapi - version: "~21.274.0" + version: "*" repository: oci://quay.io/codefresh/charts condition: cfapi.enabled - name: cfapi alias: cfapi-auth - version: "~21.274.0" + version: "*" repository: oci://quay.io/codefresh/charts condition: cfapi-auth.enabled - name: cfapi alias: cfapi-internal - version: "~21.274.0" + version: "*" repository: oci://quay.io/codefresh/charts condition: cfapi-internal.enabled - name: cfapi alias: cfapi-ws - version: "~21.274.0" + version: "*" repository: oci://quay.io/codefresh/charts condition: cfapi-ws.enabled - name: cfapi alias: cfapi-admin - version: "~21.274.0" + version: "*" repository: oci://quay.io/codefresh/charts condition: cfapi-admin.enabled - name: cfapi alias: cfapi-endpoints - version: "~21.274.0" + version: "*" repository: oci://quay.io/codefresh/charts condition: cfapi-endpoints.enabled - name: cfapi alias: cfapi-terminators - version: "~21.274.0" + version: "*" repository: oci://quay.io/codefresh/charts condition: cfapi-terminators.enabled - name: cfapi alias: cfapi-sso-group-synchronizer - version: "~21.274.0" + version: "*" repository: oci://quay.io/codefresh/charts condition: cfapi-sso-group-synchronizer.enabled - name: cfapi alias: cfapi-buildmanager - version: "~21.274.0" + version: "*" repository: oci://quay.io/codefresh/charts condition: cfapi-buildmanager.enabled - name: cfapi alias: cfapi-cacheevictmanager - version: "~21.274.0" + version: "*" repository: oci://quay.io/codefresh/charts condition: cfapi-cacheevictmanager.enabled - name: cfapi alias: cfapi-eventsmanagersubscriptions - version: "~21.274.0" + version: "*" repository: oci://quay.io/codefresh/charts condition: cfapi-eventsmanagersubscriptions.enabled - name: cfapi alias: cfapi-kubernetesresourcemonitor - version: "~21.274.0" + version: "*" repository: oci://quay.io/codefresh/charts condition: cfapi-kubernetesresourcemonitor.enabled - name: cfapi alias: cfapi-environments - version: "~21.274.0" + version: "*" repository: oci://quay.io/codefresh/charts condition: cfapi-environments.enabled - name: cfapi alias: cfapi-gitops-resource-receiver - version: "~21.274.0" + version: "*" repository: oci://quay.io/codefresh/charts condition: cfapi-gitops-resource-receiver.enabled - name: cfapi alias: cfapi-downloadlogmanager - version: "~21.274.0" + version: "*" repository: oci://quay.io/codefresh/charts condition: cfapi-downloadlogmanager.enabled - name: cfapi alias: cfapi-teams - version: "~21.274.0" + version: "*" repository: oci://quay.io/codefresh/charts condition: cfapi-teams.enabled - name: cfapi alias: cfapi-kubernetes-endpoints - version: "~21.274.0" + version: "*" repository: oci://quay.io/codefresh/charts condition: cfapi-kubernetes-endpoints.enabled - name: cfapi alias: cfapi-test-reporting - version: "~21.274.0" + version: "*" repository: oci://quay.io/codefresh/charts condition: cfapi-test-reporting.enabled - name: cfui - version: "~14.97.0" + version: "*" repository: oci://quay.io/codefresh/charts condition: cfui.enabled - name: k8s-monitor @@ -203,7 +203,7 @@ dependencies: repository: oci://quay.io/codefresh/charts condition: k8s-monitor.enabled - name: runtime-environment-manager - version: "~3.39.0" + version: "*" repository: oci://quay.io/codefresh/charts condition: runtime-environment-manager.enabled - name: cf-broadcaster @@ -211,7 +211,7 @@ dependencies: repository: oci://quay.io/codefresh/charts condition: cf-broadcaster.enabled - name: helm-repo-manager - version: "~0.20.0" + version: "*" repository: oci://quay.io/codefresh/charts condition: helm-repo-manager.enabled - name: hermes diff --git a/codefresh/README.md b/codefresh/README.md index 22f9a7696..b14806dd0 100644 --- a/codefresh/README.md +++ b/codefresh/README.md @@ -1,6 +1,6 @@ ## Codefresh On-Premises -![Version: 2.7.11](https://img.shields.io/badge/Version-2.7.11-informational?style=flat-square) ![AppVersion: 2.7.0](https://img.shields.io/badge/AppVersion-2.7.0-informational?style=flat-square) +![Version: 2.8.0](https://img.shields.io/badge/Version-2.8.0-informational?style=flat-square) ![AppVersion: 2.7.0](https://img.shields.io/badge/AppVersion-2.7.0-informational?style=flat-square) Helm chart for deploying [Codefresh On-Premises](https://codefresh.io/docs/docs/getting-started/intro-to-codefresh/) to Kubernetes. From 45df9941da123e4ab61da498d9f679bcfb4f1489 Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Sun, 11 May 2025 15:46:28 +0300 Subject: [PATCH 15/66] onprem: 2.8.0 --- codefresh/Chart.lock | 6 +++--- codefresh/Chart.yaml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/codefresh/Chart.lock b/codefresh/Chart.lock index fb964d4d1..5b7fa4d6e 100644 --- a/codefresh/Chart.lock +++ b/codefresh/Chart.lock @@ -148,7 +148,7 @@ dependencies: version: 0.49.86 - name: argo-platform repository: oci://quay.io/codefresh/charts - version: 1.3344.0-onprem-5c8af92 + version: 1.3483.0 - name: argo-hub-platform repository: oci://quay.io/codefresh/charts version: 0.1.23 @@ -170,5 +170,5 @@ dependencies: - name: onboarding-status repository: oci://quay.io/codefresh/charts version: 1.8.8 -digest: sha256:ac862633b7a04644baea154ae6918356730bb6676b0f0d1763d1eb4dfbe754ed -generated: "2025-05-11T15:36:29.092398+03:00" +digest: sha256:a0e508f5f98480aca2335131c7465df991d2d1b4c09a6ab74bdd5bbc911e4751 +generated: "2025-05-11T15:44:19.501893+03:00" diff --git a/codefresh/Chart.yaml b/codefresh/Chart.yaml index 41a82912b..fb5793ec4 100644 --- a/codefresh/Chart.yaml +++ b/codefresh/Chart.yaml @@ -237,7 +237,7 @@ dependencies: repository: oci://quay.io/codefresh/charts condition: argo-platform.enabled - name: argo-platform - version: "1.3344.0-onprem-5c8af92" + version: "*" repository: oci://quay.io/codefresh/charts condition: argo-platform.enabled - name: argo-hub-platform From faa0bad9302fd4d4098b8b4607018fee0b114978 Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Mon, 12 May 2025 10:06:58 +0300 Subject: [PATCH 16/66] onprem: 2.8.0 --- codefresh/Chart.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/codefresh/Chart.lock b/codefresh/Chart.lock index 5b7fa4d6e..cfa69fc3a 100644 --- a/codefresh/Chart.lock +++ b/codefresh/Chart.lock @@ -148,7 +148,7 @@ dependencies: version: 0.49.86 - name: argo-platform repository: oci://quay.io/codefresh/charts - version: 1.3483.0 + version: 1.3484.0 - name: argo-hub-platform repository: oci://quay.io/codefresh/charts version: 0.1.23 @@ -170,5 +170,5 @@ dependencies: - name: onboarding-status repository: oci://quay.io/codefresh/charts version: 1.8.8 -digest: sha256:a0e508f5f98480aca2335131c7465df991d2d1b4c09a6ab74bdd5bbc911e4751 -generated: "2025-05-11T15:44:19.501893+03:00" +digest: sha256:91557789375ab1ec32f1e49d912395210db0556816d30b9fa0be207c9704e333 +generated: "2025-05-12T10:03:34.249848+03:00" From eef85fd9a2610cb905cb201ab908360a0b77fd95 Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Wed, 14 May 2025 13:38:31 +0300 Subject: [PATCH 17/66] onprem: 2.8.0 --- codefresh/Chart.lock | 42 ++++++------- .../delete-consul-svc-job.yaml | 62 +++++++++++++++++++ .../delete-consul-svc-rbac.yaml | 45 ++++++++++++++ 3 files changed, 128 insertions(+), 21 deletions(-) create mode 100644 codefresh/templates/hooks/delete-consul-svc/delete-consul-svc-job.yaml create mode 100644 codefresh/templates/hooks/delete-consul-svc/delete-consul-svc-rbac.yaml diff --git a/codefresh/Chart.lock b/codefresh/Chart.lock index cfa69fc3a..baa169d6b 100644 --- a/codefresh/Chart.lock +++ b/codefresh/Chart.lock @@ -64,58 +64,58 @@ dependencies: version: 1.14.22 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.278.1 + version: 21.278.2 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.278.1 + version: 21.278.2 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.278.1 + version: 21.278.2 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.278.1 + version: 21.278.2 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.278.1 + version: 21.278.2 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.278.1 + version: 21.278.2 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.278.1 + version: 21.278.2 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.278.1 + version: 21.278.2 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.278.1 + version: 21.278.2 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.278.1 + version: 21.278.2 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.278.1 + version: 21.278.2 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.278.1 + version: 21.278.2 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.278.1 + version: 21.278.2 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.278.1 + version: 21.278.2 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.278.1 + version: 21.278.2 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.278.1 + version: 21.278.2 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.278.1 + version: 21.278.2 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.278.1 + version: 21.278.2 - name: cfui repository: oci://quay.io/codefresh/charts version: 14.98.25 @@ -148,7 +148,7 @@ dependencies: version: 0.49.86 - name: argo-platform repository: oci://quay.io/codefresh/charts - version: 1.3484.0 + version: 1.3492.0 - name: argo-hub-platform repository: oci://quay.io/codefresh/charts version: 0.1.23 @@ -170,5 +170,5 @@ dependencies: - name: onboarding-status repository: oci://quay.io/codefresh/charts version: 1.8.8 -digest: sha256:91557789375ab1ec32f1e49d912395210db0556816d30b9fa0be207c9704e333 -generated: "2025-05-12T10:03:34.249848+03:00" +digest: sha256:b6a9f131b360997a69161e324feb19d73d0eea4dbb50806128362ace120c46ae +generated: "2025-05-14T13:35:58.40587+03:00" diff --git a/codefresh/templates/hooks/delete-consul-svc/delete-consul-svc-job.yaml b/codefresh/templates/hooks/delete-consul-svc/delete-consul-svc-job.yaml new file mode 100644 index 000000000..88314e655 --- /dev/null +++ b/codefresh/templates/hooks/delete-consul-svc/delete-consul-svc-job.yaml @@ -0,0 +1,62 @@ +{{ $libTemplateName := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }} +{{- $tolerations := .Values.gencerts.tolerations | default list }} +{{- $globalTolerations := .Values.global.tolerations | default list }} +{{- $allToleration := concat $globalTolerations $tolerations }} +{{- $affinity := .Values.gencerts.affinity | default dict }} +{{- $globalAffinity := .Values.global.affinity | default dict }} +{{- $allAffinity := mergeOverwrite $globalAffinity $affinity }} +{{- $nodeSelector := .Values.gencerts.nodeSelector | default dict }} +{{- $globalNodeSelector := .Values.global.nodeSelector | default dict }} +{{- $allNodeSelector := mergeOverwrite $globalNodeSelector $nodeSelector }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ template "codefresh.fullname" . }}-delete-consul-svc + labels: + {{ include "codefresh.labels" . | nindent 4 }} + annotations: + helm.sh/hook: pre-upgrade + helm.sh/hook-weight: "5" + helm.sh/hook-delete-policy: hook-succeeded,before-hook-creation,hook-failed +spec: + ttlSecondsAfterFinished: 300 + backoffLimit: 0 + template: + metadata: + name: {{ template "codefresh.fullname" . }}-delete-consul-svc + labels: + {{ include "codefresh.labels" . | nindent 8 }} + spec: + serviceAccountName: {{ template "codefresh.fullname" . }}-delete-consul-svc + {{- include (printf "%s.image.pullSecrets" $libTemplateName ) . | nindent 6 }} + containers: + - name: {{ template "codefresh.fullname" . }}-delete-consul-svc + image: {{ include (printf "%s.image.name" $libTemplateName) (dict "image" .Values.gencerts.image "context" .) }} + command: + - /bin/sh + - -c + - | + set -e + CONSUL_SVC_HEADLESS=$(kubectl get svc -n {{ .Release.Namespace }} \ + -l app.kubernetes.io/instance={{ include "codefresh.fullname" . }}\ + -l app.kubernetes.io/name=consul \ + -o name | grep headless ) + if [ -n "$CONSUL_SVC_HEADLESS" ]; then + kubectl delete -n {{ .Release.Namespace }} $CONSUL_SVC_HEADLESS --ignore-not-found + fi + resources: + {{- toYaml .Values.gencerts.resources | nindent 10 }} + {{- with $allNodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with $allAffinity }} + affinity: + {{- toYaml . | nindent 8}} + {{- end }} + {{- with $allToleration }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + restartPolicy: OnFailure diff --git a/codefresh/templates/hooks/delete-consul-svc/delete-consul-svc-rbac.yaml b/codefresh/templates/hooks/delete-consul-svc/delete-consul-svc-rbac.yaml new file mode 100644 index 000000000..1fc639e4e --- /dev/null +++ b/codefresh/templates/hooks/delete-consul-svc/delete-consul-svc-rbac.yaml @@ -0,0 +1,45 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "codefresh.fullname" . }}-delete-consul-svc + namespace: {{ .Release.Namespace }} + annotations: + helm.sh/hook: pre-upgrade + helm.sh/hook-weight: "-10" + helm.sh/hook-delete-policy: hook-succeeded,before-hook-creation,hook-failed +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "codefresh.fullname" . }}-delete-consul-svc + namespace: {{ .Release.Namespace }} + annotations: + helm.sh/hook: pre-upgrade + helm.sh/hook-weight: "-10" + helm.sh/hook-delete-policy: hook-succeeded,before-hook-creation,hook-failed +rules: + - apiGroups: + - "" + resources: + - services + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "codefresh.fullname" . }}-delete-consul-svc + namespace: {{ .Release.Namespace }} + annotations: + helm.sh/hook: pre-upgrade + helm.sh/hook-weight: "-10" + helm.sh/hook-delete-policy: hook-succeeded,before-hook-creation,hook-failed +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "codefresh.fullname" . }}-delete-consul-svc +subjects: + - kind: ServiceAccount + name: {{ include "codefresh.fullname" . }}-delete-consul-svc + namespace: {{ .Release.Namespace }} From 4ecfb53f8db1df6c08449b364bcd003d4daeebb9 Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Wed, 14 May 2025 16:24:05 +0300 Subject: [PATCH 18/66] onprem: 2.8.0 --- .../templates/legacy/postgres-clean-job.yaml | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/codefresh/templates/legacy/postgres-clean-job.yaml b/codefresh/templates/legacy/postgres-clean-job.yaml index b0abb1c69..17a932bf2 100644 --- a/codefresh/templates/legacy/postgres-clean-job.yaml +++ b/codefresh/templates/legacy/postgres-clean-job.yaml @@ -1,4 +1,13 @@ {{ $libTemplateName := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }} +{{- $tolerations := .Values.postgresqlCleanJob.tolerations | default list }} +{{- $globalTolerations := .Values.global.tolerations | default list }} +{{- $allToleration := concat $globalTolerations $tolerations }} +{{- $affinity := .Values.postgresqlCleanJob.affinity | default dict }} +{{- $globalAffinity := .Values.global.affinity | default dict }} +{{- $allAffinity := mergeOverwrite $globalAffinity $affinity }} +{{- $nodeSelector := .Values.postgresqlCleanJob.nodeSelector | default dict }} +{{- $globalNodeSelector := .Values.global.nodeSelector | default dict }} +{{- $allNodeSelector := mergeOverwrite $globalNodeSelector $nodeSelector }} {{- if and .Values.postgresqlCleanJob.enabled }} --- apiVersion: batch/v1 @@ -57,15 +66,15 @@ spec: - "-exc" - | {{ .Files.Get "files/postgresCleanJobScript.sh" | nindent 16 }} - {{- with .Values.postgresqlCleanJob.nodeSelector }} + {{- with $allNodeSelector }} nodeSelector: {{- toYaml . | nindent 12 }} {{- end }} - {{- with .Values.postgresqlCleanJob.affinity }} + {{- with $allAffinity }} affinity: {{- toYaml . | nindent 12 }} {{- end }} - {{- with .Values.postgresqlCleanJob.tolerations }} + {{- with .$allToleration }} tolerations: {{- toYaml . | nindent 10 }} {{- end }} From 906968594c6aecdf80498083749d1828ff9411b1 Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Wed, 14 May 2025 16:37:08 +0300 Subject: [PATCH 19/66] onprem: 2.8.0 --- codefresh/templates/legacy/postgres-clean-job.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/codefresh/templates/legacy/postgres-clean-job.yaml b/codefresh/templates/legacy/postgres-clean-job.yaml index 17a932bf2..38c88f0cb 100644 --- a/codefresh/templates/legacy/postgres-clean-job.yaml +++ b/codefresh/templates/legacy/postgres-clean-job.yaml @@ -74,7 +74,7 @@ spec: affinity: {{- toYaml . | nindent 12 }} {{- end }} - {{- with .$allToleration }} + {{- with $allToleration }} tolerations: {{- toYaml . | nindent 10 }} {{- end }} From 6f4b53976d296b9a0bf2c1a4cb72ed104104670b Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Wed, 14 May 2025 18:58:52 +0300 Subject: [PATCH 20/66] onprem: 2.8.0 --- codefresh/Chart.lock | 10 +++++----- codefresh/Chart.yaml | 2 +- codefresh/values.yaml | 4 ++-- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/codefresh/Chart.lock b/codefresh/Chart.lock index baa169d6b..f192d93e8 100644 --- a/codefresh/Chart.lock +++ b/codefresh/Chart.lock @@ -10,7 +10,7 @@ dependencies: version: 11.4.10 - name: mongodb repository: https://charts.bitnami.com/bitnami - version: 14.4.1 + version: 15.6.26 - name: postgresql repository: https://charts.bitnami.com/bitnami version: 12.5.1 @@ -118,7 +118,7 @@ dependencies: version: 21.278.2 - name: cfui repository: oci://quay.io/codefresh/charts - version: 14.98.25 + version: 14.98.26 - name: k8s-monitor repository: oci://quay.io/codefresh/charts version: 4.11.14 @@ -148,7 +148,7 @@ dependencies: version: 0.49.86 - name: argo-platform repository: oci://quay.io/codefresh/charts - version: 1.3492.0 + version: 1.3495.0 - name: argo-hub-platform repository: oci://quay.io/codefresh/charts version: 0.1.23 @@ -170,5 +170,5 @@ dependencies: - name: onboarding-status repository: oci://quay.io/codefresh/charts version: 1.8.8 -digest: sha256:b6a9f131b360997a69161e324feb19d73d0eea4dbb50806128362ace120c46ae -generated: "2025-05-14T13:35:58.40587+03:00" +digest: sha256:66cbf79aa7c0fdc97f450ff15cbe93814ab45cfd49ba19cfd070d3bf01e3265f +generated: "2025-05-14T18:55:21.591661+03:00" diff --git a/codefresh/Chart.yaml b/codefresh/Chart.yaml index fb5793ec4..31217b639 100644 --- a/codefresh/Chart.yaml +++ b/codefresh/Chart.yaml @@ -33,7 +33,7 @@ dependencies: repository: https://charts.bitnami.com/bitnami condition: consul.enabled - name: mongodb - version: 14.4.1 + version: 15.6.26 repository: https://charts.bitnami.com/bitnami condition: mongodb.enabled,mongo.enabled,global.mongoDeploy - name: postgresql diff --git a/codefresh/values.yaml b/codefresh/values.yaml index 14ffd7592..ab3ddfa5e 100644 --- a/codefresh/values.yaml +++ b/codefresh/values.yaml @@ -477,7 +477,7 @@ runtimeImages: DOCKER_PULLER_IMAGE: quay.io/codefresh/cf-docker-puller:8.0.20 DOCKER_PUSHER_IMAGE: quay.io/codefresh/cf-docker-pusher:6.0.17 DOCKER_TAG_PUSHER_IMAGE: quay.io/codefresh/cf-docker-tag-pusher:1.3.15 - ENGINE_IMAGE: quay.io/codefresh/engine:1.177.6 + ENGINE_IMAGE: quay.io/codefresh/engine:1.177.7 FS_OPS_IMAGE: quay.io/codefresh/fs-ops:1.2.8 GIT_CLONE_IMAGE: quay.io/codefresh/cf-git-cloner:10.2.0 KUBE_DEPLOY: quay.io/codefresh/cf-deploy-kubernetes:16.2.6 @@ -1090,7 +1090,7 @@ mongodb: cpu: 200m memory: 256Mi migration: - enabled: false + enabled: true featureCompatibilityVersion: "6.0" # -- nats From e24b5c5856fcafc050deb2b5501cf8bc4c77358a Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Wed, 14 May 2025 19:32:15 +0300 Subject: [PATCH 21/66] onprem: 2.8.0 --- codefresh/Chart.lock | 6 +++--- codefresh/Chart.yaml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/codefresh/Chart.lock b/codefresh/Chart.lock index f192d93e8..59c79baa7 100644 --- a/codefresh/Chart.lock +++ b/codefresh/Chart.lock @@ -15,7 +15,7 @@ dependencies: repository: https://charts.bitnami.com/bitnami version: 12.5.1 - name: postgresql-ha - repository: oci://registry-1.docker.io/bitnamicharts + repository: oci://quay.io/codefresh/charts version: 12.0.4 - name: redis repository: https://charts.bitnami.com/bitnami @@ -170,5 +170,5 @@ dependencies: - name: onboarding-status repository: oci://quay.io/codefresh/charts version: 1.8.8 -digest: sha256:66cbf79aa7c0fdc97f450ff15cbe93814ab45cfd49ba19cfd070d3bf01e3265f -generated: "2025-05-14T18:55:21.591661+03:00" +digest: sha256:af1566dcf00186987f5611033297cdcc4afbcf25f340672801038e2348550f7a +generated: "2025-05-14T19:26:19.494994+03:00" diff --git a/codefresh/Chart.yaml b/codefresh/Chart.yaml index 31217b639..241066a8a 100644 --- a/codefresh/Chart.yaml +++ b/codefresh/Chart.yaml @@ -42,7 +42,7 @@ dependencies: condition: postgresql.enabled - name: postgresql-ha version: 12.0.4 - repository: oci://registry-1.docker.io/bitnamicharts + repository: oci://quay.io/codefresh/charts condition: postgresql-ha.enabled - name: redis version: 20.11.3 From 72964017e8ccc9ea22a307ea50de115f7558ec70 Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Wed, 14 May 2025 20:09:29 +0300 Subject: [PATCH 22/66] onprem: 2.8.0 --- codefresh/values.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/codefresh/values.yaml b/codefresh/values.yaml index ab3ddfa5e..d24ced2e0 100644 --- a/codefresh/values.yaml +++ b/codefresh/values.yaml @@ -1077,8 +1077,6 @@ kube-integration: # Ref: https://github.com/bitnami/charts/blob/main/bitnami/mongodb/values.yaml mongodb: enabled: true - image: - tag: "6.0" architecture: standalone useStatefulSet: true auth: From 77387f6987854ac23800d2c5007ffb9992405fe7 Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Thu, 15 May 2025 11:06:49 +0300 Subject: [PATCH 23/66] onprem: 2.8.0 --- codefresh/Chart.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/codefresh/Chart.yaml b/codefresh/Chart.yaml index 241066a8a..cf1bf0523 100644 --- a/codefresh/Chart.yaml +++ b/codefresh/Chart.yaml @@ -29,7 +29,7 @@ dependencies: version: 0.10.2 condition: internal-gateway.enabled - name: consul - version: 11.4.10 + version: 11.4.17 repository: https://charts.bitnami.com/bitnami condition: consul.enabled - name: mongodb @@ -37,7 +37,7 @@ dependencies: repository: https://charts.bitnami.com/bitnami condition: mongodb.enabled,mongo.enabled,global.mongoDeploy - name: postgresql - version: 12.5.1 + version: 16.7.4 repository: https://charts.bitnami.com/bitnami condition: postgresql.enabled - name: postgresql-ha @@ -45,7 +45,7 @@ dependencies: repository: oci://quay.io/codefresh/charts condition: postgresql-ha.enabled - name: redis - version: 20.11.3 + version: 20.13.4 repository: https://charts.bitnami.com/bitnami condition: redis.enabled - name: redis-ha @@ -53,11 +53,11 @@ dependencies: version: 4.26.1 condition: redis-ha.enabled - name: rabbitmq - version: 15.3.3 + version: 16.0.2 repository: https://charts.bitnami.com/bitnami condition: rabbitmq.enabled - name: nats - version: 9.0.6 + version: 9.0.17 repository: https://charts.bitnami.com/bitnami condition: nats.enabled - name: builder From debdfaaf42c8ba72efa1ce817565d0877b18ad17 Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Thu, 15 May 2025 11:18:54 +0300 Subject: [PATCH 24/66] onprem: 2.8.0 --- codefresh/values.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/codefresh/values.yaml b/codefresh/values.yaml index d24ced2e0..0316d8de4 100644 --- a/codefresh/values.yaml +++ b/codefresh/values.yaml @@ -1128,7 +1128,7 @@ postgresql: image: registry: quay.io repository: codefresh/postgresql - tag: 13 + tag: 17 auth: enablePostgresUser: true postgresPassword: "eC9arYka4ZbH" @@ -1155,7 +1155,7 @@ postgresql-ha: image: registry: quay.io repository: codefresh/postgresql-repmgr - tag: 13 + tag: 17 username: postgres password: "eC9arYka4ZbH" database: "codefresh" From 2941719db1b9634d4cabd763321cec2a6f42cc30 Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Thu, 15 May 2025 11:24:33 +0300 Subject: [PATCH 25/66] onprem: 2.8.0 --- codefresh/values.yaml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/codefresh/values.yaml b/codefresh/values.yaml index 0316d8de4..fc10b7afb 100644 --- a/codefresh/values.yaml +++ b/codefresh/values.yaml @@ -62,7 +62,7 @@ seed: image: registry: quay.io repository: codefresh/postgresql - tag: 13 + tag: 17 # -- (optional) "postgres" admin user in plain text (required ONLY for seed job!) # Must be a privileged user allowed to create databases and grant roles. # If omitted, username and password from `.Values.global.postgresUser/postgresPassword` will be used. @@ -456,7 +456,7 @@ postgresqlCleanJob: image: registry: quay.io repository: codefresh/postgresql - tag: 13 + tag: 17 schedule: "0 0 * * *" successfulJobsHistoryLimit: 1 failedJobsHistoryLimit: 1 @@ -1211,8 +1211,6 @@ redis-ha: # Ref: https://github.com/bitnami/charts/blob/main/bitnami/rabbitmq/values.yaml rabbitmq: enabled: true - image: - tag: 3.13.7-debian-12-r5 replicaCount: 1 auth: username: user From 375c7ed0b06b9feaabe0c6d882bacf166d686035 Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Thu, 15 May 2025 19:28:15 +0300 Subject: [PATCH 26/66] onprem: 2.8.0 --- codefresh/README.md.gotmpl | 53 +++++++++++++++++++++++++++++++++++++- codefresh/values.yaml | 2 +- 2 files changed, 53 insertions(+), 2 deletions(-) diff --git a/codefresh/README.md.gotmpl b/codefresh/README.md.gotmpl index 295d90812..9cf22b2be 100644 --- a/codefresh/README.md.gotmpl +++ b/codefresh/README.md.gotmpl @@ -1268,7 +1268,7 @@ cfapi: image: tag: 21.268.1 # -- Set empty tag for digest - digest: "" + digest: "" ``` @@ -2041,6 +2041,57 @@ global: - "value" ``` +### To 2.8.0 + +### [What's new in 2.8.x](https://codefresh.io/docs/docs/whats-new/on-prem-release-notes/#on-premises-version-28) + +### ⚠️ ⚠️ ⚠️ Breaking changes. Read before upgrading! + +### MongoDB update + +Default MongoDB image is changed from 6.x to 7.x. + +If you run external MongoDB (i.e. [Atlas](https://cloud.mongodb.com)), it is **required** to upgrade it to 7.x after upgrading Codefresh On-Prem to 2.8.x. + +### PostgreSQL update + +Default PostgreSQL image is changed from 13.x to 17.x + +If you run external PostgreSQL, follow the [official instructions](https://www.postgresql.org/docs/17/upgrading.html) to upgrade to 17.x. + +⚠️ ⚠️ ⚠️ If you run built-in PostgreSQL `bitnami/postgresql` subchart, direct upgrade is not supported. You need to backup your data, delete the old PostgreSQL StatefulSet with PVCs and restore the data into a new PostgreSQL StatefulSet. + +```console +PGUSER=postgres +PGHOST=cf-postgresql +PGPORT=5432 +PGPASSWORD=postgres +BACKUP_DIR=/tmp/pg_backup +BACKUP_SQL=backup.sql +TIMESTAMP=$(date +%Y%m%d%H%M%S) +NAMESPACE=codefresh + +# Backup PostgreSQL data +pg_dumpall --verbose > "$BACKUP_DIR/$BACKUP_SQL.$TIMESTAMP" 2>> "$LOG_FILE" + +# Delete old PostgreSQL StatefulSet +STS_NAME=$(kubectl get sts -n $NAMESPACE -l app.kubernetes.io/instance=$RELEASE_NAME -l app.kubernetes.io/name=postgresql -o jsonpath='{.items[0].metadata.name}') +PVC_NAME=$(kubectl get pvc -n $NAMESPACE -l app.kubernetes.io/instance=$RELEASE_NAME -l app.kubernetes.io/name=postgresql -o jsonpath='{.items[0].metadata.name}') + +kubectl delete sts $STS_NAME -n $NAMESPACE +kubectl delete pvc $PVC_NAME -n $NAMESPACE + +# Perform Codefresh On-Prem upgrade to 2.8.x + +# Restore PostgreSQL data +psql -U -f "$BACKUP_DIR/$BACKUP_SQL.$TIMESTAMP" >> "$LOG_FILE" 2>&1 +``` + +### RabbitMQ update + +Default RabbitMQ image is changed from 3.x to 4.x + + ## Troubleshooting ### Error: Failed to validate connection to Docker daemon; caused by Error: certificate has expired diff --git a/codefresh/values.yaml b/codefresh/values.yaml index fc10b7afb..67eb275be 100644 --- a/codefresh/values.yaml +++ b/codefresh/values.yaml @@ -1128,7 +1128,7 @@ postgresql: image: registry: quay.io repository: codefresh/postgresql - tag: 17 + tag: 13 auth: enablePostgresUser: true postgresPassword: "eC9arYka4ZbH" From a4be7f5c49fed8414da324a40c367d7ef9d4fe7f Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Thu, 15 May 2025 19:28:21 +0300 Subject: [PATCH 27/66] onprem: 2.8.0 --- codefresh/values.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/codefresh/values.yaml b/codefresh/values.yaml index 67eb275be..ea19a9001 100644 --- a/codefresh/values.yaml +++ b/codefresh/values.yaml @@ -1211,6 +1211,8 @@ redis-ha: # Ref: https://github.com/bitnami/charts/blob/main/bitnami/rabbitmq/values.yaml rabbitmq: enabled: true + image: + tag: 3.13.7-debian-12-r5 replicaCount: 1 auth: username: user From 163ce312df49835f07336b5b7ce2028d4a7e3c22 Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Thu, 15 May 2025 19:36:08 +0300 Subject: [PATCH 28/66] onprem: 2.8.0 --- codefresh/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/codefresh/values.yaml b/codefresh/values.yaml index ea19a9001..fd53622d4 100644 --- a/codefresh/values.yaml +++ b/codefresh/values.yaml @@ -1212,7 +1212,7 @@ redis-ha: rabbitmq: enabled: true image: - tag: 3.13.7-debian-12-r5 + tag: 4.0 replicaCount: 1 auth: username: user From 18fe0a69cbb70a2c45fe82fa765cf8b8cff1ede5 Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Thu, 15 May 2025 19:36:20 +0300 Subject: [PATCH 29/66] onprem: 2.8.0 --- codefresh/README.md | 50 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) diff --git a/codefresh/README.md b/codefresh/README.md index b14806dd0..90ba2657b 100644 --- a/codefresh/README.md +++ b/codefresh/README.md @@ -2032,6 +2032,56 @@ global: - "value" ``` +### To 2.8.0 + +### [What's new in 2.8.x](https://codefresh.io/docs/docs/whats-new/on-prem-release-notes/#on-premises-version-28) + +### ⚠️ ⚠️ ⚠️ Breaking changes. Read before upgrading! + +### MongoDB update + +Default MongoDB image is changed from 6.x to 7.x. + +If you run external MongoDB (i.e. [Atlas](https://cloud.mongodb.com)), it is **required** to upgrade it to 7.x after upgrading Codefresh On-Prem to 2.8.x. + +### PostgreSQL update + +Default PostgreSQL image is changed from 13.x to 17.x + +If you run external PostgreSQL, follow the [official instructions](https://www.postgresql.org/docs/17/upgrading.html) to upgrade to 17.x. + +⚠️ ⚠️ ⚠️ If you run built-in PostgreSQL `bitnami/postgresql` subchart, direct upgrade is not supported. You need to backup your data, delete the old PostgreSQL StatefulSet with PVCs and restore the data into a new PostgreSQL StatefulSet. + +```console +PGUSER=postgres +PGHOST=cf-postgresql +PGPORT=5432 +PGPASSWORD=postgres +BACKUP_DIR=/tmp/pg_backup +BACKUP_SQL=backup.sql +TIMESTAMP=$(date +%Y%m%d%H%M%S) +NAMESPACE=codefresh + +# Backup PostgreSQL data +pg_dumpall --verbose > "$BACKUP_DIR/$BACKUP_SQL.$TIMESTAMP" 2>> "$LOG_FILE" + +# Delete old PostgreSQL StatefulSet +STS_NAME=$(kubectl get sts -n $NAMESPACE -l app.kubernetes.io/instance=$RELEASE_NAME -l app.kubernetes.io/name=postgresql -o jsonpath='{.items[0].metadata.name}') +PVC_NAME=$(kubectl get pvc -n $NAMESPACE -l app.kubernetes.io/instance=$RELEASE_NAME -l app.kubernetes.io/name=postgresql -o jsonpath='{.items[0].metadata.name}') + +kubectl delete sts $STS_NAME -n $NAMESPACE +kubectl delete pvc $PVC_NAME -n $NAMESPACE + +# Perform Codefresh On-Prem upgrade to 2.8.x + +# Restore PostgreSQL data +psql -U -f "$BACKUP_DIR/$BACKUP_SQL.$TIMESTAMP" >> "$LOG_FILE" 2>&1 +``` + +### RabbitMQ update + +Default RabbitMQ image is changed from 3.x to 4.x + ## Troubleshooting ### Error: Failed to validate connection to Docker daemon; caused by Error: certificate has expired From 89c5b38697dde745176eb6e8a49a292a94cc332f Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Thu, 15 May 2025 19:50:21 +0300 Subject: [PATCH 30/66] onprem: 2.8.0 --- codefresh/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/codefresh/values.yaml b/codefresh/values.yaml index fd53622d4..04f2bf9df 100644 --- a/codefresh/values.yaml +++ b/codefresh/values.yaml @@ -1212,7 +1212,7 @@ redis-ha: rabbitmq: enabled: true image: - tag: 4.0 + tag: "4.0" replicaCount: 1 auth: username: user From 74733522df3863b560b44dbfd20938bb3ed6293e Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Thu, 15 May 2025 20:03:54 +0300 Subject: [PATCH 31/66] onprem: 2.8.0 --- codefresh/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/codefresh/Chart.yaml b/codefresh/Chart.yaml index cf1bf0523..ff3e5d75f 100644 --- a/codefresh/Chart.yaml +++ b/codefresh/Chart.yaml @@ -53,7 +53,7 @@ dependencies: version: 4.26.1 condition: redis-ha.enabled - name: rabbitmq - version: 16.0.2 + version: 15.5.3 repository: https://charts.bitnami.com/bitnami condition: rabbitmq.enabled - name: nats From 9357576637b4853b4808a9b235c3fc9ded7a8620 Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Thu, 15 May 2025 22:35:30 +0300 Subject: [PATCH 32/66] onprem: 2.8.0 --- codefresh/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/codefresh/values.yaml b/codefresh/values.yaml index 04f2bf9df..7bca2aef2 100644 --- a/codefresh/values.yaml +++ b/codefresh/values.yaml @@ -1128,7 +1128,7 @@ postgresql: image: registry: quay.io repository: codefresh/postgresql - tag: 13 + tag: 17 auth: enablePostgresUser: true postgresPassword: "eC9arYka4ZbH" From 01d5db6ee064f460910e051e81f41a2c35fabb2a Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Fri, 16 May 2025 11:25:09 +0300 Subject: [PATCH 33/66] onprem: 2.8.0 --- codefresh/values.yaml | 26 +++++++++++++------------- scripts/update_re_images.sh | 2 +- 2 files changed, 14 insertions(+), 14 deletions(-) diff --git a/codefresh/values.yaml b/codefresh/values.yaml index 7bca2aef2..c046b358f 100644 --- a/codefresh/values.yaml +++ b/codefresh/values.yaml @@ -470,19 +470,19 @@ postgresqlCleanJob: # -- runtimeImages # @default -- See below runtimeImages: - COMPOSE_IMAGE: quay.io/codefresh/compose:v2.32.2-1.5.2 - CONTAINER_LOGGER_IMAGE: quay.io/codefresh/cf-container-logger:1.12.2 - DIND_IMAGE: quay.io/codefresh/dind:26.1.4-1.28.8 - DOCKER_BUILDER_IMAGE: quay.io/codefresh/cf-docker-builder:1.4.4 - DOCKER_PULLER_IMAGE: quay.io/codefresh/cf-docker-puller:8.0.20 - DOCKER_PUSHER_IMAGE: quay.io/codefresh/cf-docker-pusher:6.0.17 - DOCKER_TAG_PUSHER_IMAGE: quay.io/codefresh/cf-docker-tag-pusher:1.3.15 - ENGINE_IMAGE: quay.io/codefresh/engine:1.177.7 - FS_OPS_IMAGE: quay.io/codefresh/fs-ops:1.2.8 - GIT_CLONE_IMAGE: quay.io/codefresh/cf-git-cloner:10.2.0 - KUBE_DEPLOY: quay.io/codefresh/cf-deploy-kubernetes:16.2.6 - PIPELINE_DEBUGGER_IMAGE: quay.io/codefresh/cf-debugger:1.3.7 - TEMPLATE_ENGINE: quay.io/codefresh/pikolo:0.14.3 + COMPOSE_IMAGE: us-docker.pkg.dev/codefresh-inc/public-gcr-io/codefresh/compose:v2.32.2-1.5.2 + CONTAINER_LOGGER_IMAGE: us-docker.pkg.dev/codefresh-inc/public-gcr-io/codefresh/cf-container-logger:1.12.5 + DIND_IMAGE: us-docker.pkg.dev/codefresh-inc/public-gcr-io/codefresh/dind:26.1.4-1.28.8 + DOCKER_BUILDER_IMAGE: us-docker.pkg.dev/codefresh-inc/public-gcr-io/codefresh/cf-docker-builder:1.4.4 + DOCKER_PULLER_IMAGE: us-docker.pkg.dev/codefresh-inc/public-gcr-io/codefresh/cf-docker-puller:8.0.20 + DOCKER_PUSHER_IMAGE: us-docker.pkg.dev/codefresh-inc/public-gcr-io/codefresh/cf-docker-pusher:6.0.17 + DOCKER_TAG_PUSHER_IMAGE: us-docker.pkg.dev/codefresh-inc/public-gcr-io/codefresh/cf-docker-tag-pusher:1.3.15 + ENGINE_IMAGE: us-docker.pkg.dev/codefresh-inc/public-gcr-io/codefresh/engine:1.177.8 + FS_OPS_IMAGE: us-docker.pkg.dev/codefresh-inc/public-gcr-io/codefresh/fs-ops:1.2.10 + GIT_CLONE_IMAGE: us-docker.pkg.dev/codefresh-inc/public-gcr-io/codefresh/cf-git-cloner:10.2.0 + KUBE_DEPLOY: us-docker.pkg.dev/codefresh-inc/public-gcr-io/codefresh/cf-deploy-kubernetes:16.2.6 + PIPELINE_DEBUGGER_IMAGE: us-docker.pkg.dev/codefresh-inc/public-gcr-io/codefresh/cf-debugger:1.3.9 + TEMPLATE_ENGINE: us-docker.pkg.dev/codefresh-inc/public-gcr-io/codefresh/pikolo:0.14.3 CR_6177_FIXER: docker.io/library/alpine:3.21 GC_BUILDER_IMAGE: docker.io/library/alpine:3.21 diff --git a/scripts/update_re_images.sh b/scripts/update_re_images.sh index b87405f9d..e5f6d31ac 100755 --- a/scripts/update_re_images.sh +++ b/scripts/update_re_images.sh @@ -56,7 +56,7 @@ for k in ${RUNTIME_IMAGES[@]}; do fi done -sed -i 's|us-docker.pkg.dev/codefresh-inc/public-gcr-io|quay.io|' $CHARTDIR/values.yaml +# sed -i 's|us-docker.pkg.dev/codefresh-inc/public-gcr-io|quay.io|' $CHARTDIR/values.yaml sed -i 's/!!merge //g' $CHARTDIR/values.yaml From 6e562fbadd51c522e492403325185ab1c91872db Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Fri, 16 May 2025 11:29:37 +0300 Subject: [PATCH 34/66] onprem: 2.8.0 --- codefresh/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/codefresh/values.yaml b/codefresh/values.yaml index c046b358f..1e4a405c6 100644 --- a/codefresh/values.yaml +++ b/codefresh/values.yaml @@ -14,7 +14,7 @@ gencerts: image: registry: quay.io repository: codefresh/kubectl - tag: 1.31.2 + tag: 1.33.0 rbac: enabled: true ttlSecondsAfterFinished: 300 From af6fb84f90647a879650e750b1eb5b1b9679ca7b Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Fri, 16 May 2025 11:55:40 +0300 Subject: [PATCH 35/66] onprem: 2.8.0 --- codefresh/README.md | 2 +- codefresh/values.yaml | 22 +++++++++++----------- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/codefresh/README.md b/codefresh/README.md index 90ba2657b..f9369f763 100644 --- a/codefresh/README.md +++ b/codefresh/README.md @@ -2182,7 +2182,7 @@ After platform upgrade, Consul fails with the error `refusing to rejoin cluster | argo-platform.runtime-monitor | object | See below | runtime-monitor Don't enable! Not used in onprem! | | argo-platform.ui | object | See below | ui | | argo-platform.useExternalSecret | bool | `false` | Use regular k8s secret object. Keep `false`! | -| builder | object | `{"affinity":{},"container":{"image":{"registry":"docker.io","repository":"library/docker","tag":"28.0-dind"}},"enabled":true,"imagePullSecrets":[],"initContainers":{"register":{"image":{"registry":"quay.io","repository":"codefresh/curl","tag":"8.11.1"}}},"nodeSelector":{},"podSecurityContext":{},"resources":{},"tolerations":[]}` | builder | +| builder | object | `{"affinity":{},"container":{"image":{"registry":"docker.io","repository":"library/docker","tag":"28.0-dind"}},"enabled":true,"imagePullSecrets":[],"initContainers":{"register":{"image":{"registry":"us-docker.pkg.dev/codefresh-inc/public-gcr-io","repository":"codefresh/curl","tag":"8.11.1"}}},"nodeSelector":{},"podSecurityContext":{},"resources":{},"tolerations":[]}` | builder | | cf-broadcaster | object | See below | broadcaster | | cf-oidc-provider | object | See below | cf-oidc-provider | | cf-platform-analytics-etlstarter | object | See below | etl-starter | diff --git a/codefresh/values.yaml b/codefresh/values.yaml index 1e4a405c6..39f0f18f5 100644 --- a/codefresh/values.yaml +++ b/codefresh/values.yaml @@ -12,7 +12,7 @@ imageCredentials: {} gencerts: enabled: true image: - registry: quay.io + registry: us-docker.pkg.dev/codefresh-inc/public-gcr-io repository: codefresh/kubectl tag: 1.33.0 rbac: @@ -34,7 +34,7 @@ seed: mongoSeedJob: enabled: true image: - registry: quay.io + registry: us-docker.pkg.dev/codefresh-inc/public-gcr-io repository: codefresh/mongosh tag: 2.5.0 # -- Root user in plain text (required ONLY for seed job!). @@ -60,7 +60,7 @@ seed: postgresSeedJob: enabled: true image: - registry: quay.io + registry: us-docker.pkg.dev/codefresh-inc/public-gcr-io repository: codefresh/postgresql tag: 17 # -- (optional) "postgres" admin user in plain text (required ONLY for seed job!) @@ -439,7 +439,7 @@ global: hooks: enabled: true image: - registry: quay.io + registry: us-docker.pkg.dev/codefresh-inc/public-gcr-io repository: codefresh/mongosh tag: 2.5.0 affinity: {} @@ -454,7 +454,7 @@ hooks: postgresqlCleanJob: enabled: true image: - registry: quay.io + registry: us-docker.pkg.dev/codefresh-inc/public-gcr-io repository: codefresh/postgresql tag: 17 schedule: "0 0 * * *" @@ -791,7 +791,7 @@ cfsign: volume-permissions: enabled: true image: - registry: quay.io + registry: us-docker.pkg.dev/codefresh-inc/public-gcr-io repository: codefresh/curl tag: 8.11.1 affinity: {} @@ -960,7 +960,7 @@ helm-repo-manager: ingress: enabled: false image: - repository: quay.io/codefresh/chartmuseum + repository: us-docker.pkg.dev/codefresh-enterprise/gcr.io/codefresh/chartmuseum tag: 8795e993 resources: requests: @@ -1126,7 +1126,7 @@ nomios: postgresql: enabled: true image: - registry: quay.io + registry: us-docker.pkg.dev/codefresh-inc/public-gcr-io repository: codefresh/postgresql tag: 17 auth: @@ -1153,7 +1153,7 @@ postgresql-ha: enabled: false postgresql: image: - registry: quay.io + registry: us-docker.pkg.dev/codefresh-inc/public-gcr-io repository: codefresh/postgresql-repmgr tag: 17 username: postgres @@ -1230,7 +1230,7 @@ builder: initContainers: register: image: - registry: quay.io + registry: us-docker.pkg.dev/codefresh-inc/public-gcr-io repository: codefresh/curl tag: 8.11.1 container: @@ -1252,7 +1252,7 @@ runner: initContainers: register: image: - registry: quay.io + registry: us-docker.pkg.dev/codefresh-inc/public-gcr-io repository: codefresh/curl tag: 8.11.1 container: From f6fd478ad7eba6369816b48b75906abdf41e809c Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Fri, 16 May 2025 12:06:51 +0300 Subject: [PATCH 36/66] onprem: 2.8.0 --- codefresh/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/codefresh/values.yaml b/codefresh/values.yaml index 39f0f18f5..02fc05905 100644 --- a/codefresh/values.yaml +++ b/codefresh/values.yaml @@ -960,7 +960,7 @@ helm-repo-manager: ingress: enabled: false image: - repository: us-docker.pkg.dev/codefresh-enterprise/gcr.io/codefresh/chartmuseum + repository: us-docker.pkg.dev/codefresh-inc/public-gcr-io/codefresh/chartmuseum tag: 8795e993 resources: requests: From 1cf6a520f45566ddc98cea371f39ec62bccb51cc Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Fri, 16 May 2025 16:00:50 +0300 Subject: [PATCH 37/66] onprem: 2.8.0 --- codefresh/Chart.lock | 56 ++++++++--------- codefresh/README.md | 60 ++++++++++-------- codefresh/README.md.gotmpl | 61 +++++++++++-------- .../{2.6 => codefresh}/agenttasks.json | 0 .../{2.6 => codefresh}/analysisruns.json | 0 .../{2.6 => codefresh}/images-binaries.json | 0 .../indexes/{2.6 => codefresh}/releases.json | 0 .../indexes/{2.6 => codefresh}/rollouts.json | 0 .../{2.6 => codefresh}/workflowprocesses.json | 0 9 files changed, 95 insertions(+), 82 deletions(-) rename codefresh/files/indexes/{2.6 => codefresh}/agenttasks.json (100%) rename codefresh/files/indexes/{2.6 => codefresh}/analysisruns.json (100%) rename codefresh/files/indexes/{2.6 => codefresh}/images-binaries.json (100%) rename codefresh/files/indexes/{2.6 => codefresh}/releases.json (100%) rename codefresh/files/indexes/{2.6 => codefresh}/rollouts.json (100%) rename codefresh/files/indexes/{2.6 => codefresh}/workflowprocesses.json (100%) diff --git a/codefresh/Chart.lock b/codefresh/Chart.lock index 59c79baa7..58940488d 100644 --- a/codefresh/Chart.lock +++ b/codefresh/Chart.lock @@ -7,28 +7,28 @@ dependencies: version: 0.10.2 - name: consul repository: https://charts.bitnami.com/bitnami - version: 11.4.10 + version: 11.4.17 - name: mongodb repository: https://charts.bitnami.com/bitnami version: 15.6.26 - name: postgresql repository: https://charts.bitnami.com/bitnami - version: 12.5.1 + version: 16.7.4 - name: postgresql-ha repository: oci://quay.io/codefresh/charts version: 12.0.4 - name: redis repository: https://charts.bitnami.com/bitnami - version: 20.11.3 + version: 20.13.4 - name: redis-ha repository: https://dandydeveloper.github.io/charts version: 4.26.1 - name: rabbitmq repository: https://charts.bitnami.com/bitnami - version: 15.3.3 + version: 15.5.3 - name: nats repository: https://charts.bitnami.com/bitnami - version: 9.0.6 + version: 9.0.17 - name: builder repository: oci://quay.io/codefresh/charts version: 1.4.0 @@ -64,58 +64,58 @@ dependencies: version: 1.14.22 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.278.2 + version: 21.279.1 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.278.2 + version: 21.279.1 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.278.2 + version: 21.279.1 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.278.2 + version: 21.279.1 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.278.2 + version: 21.279.1 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.278.2 + version: 21.279.1 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.278.2 + version: 21.279.1 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.278.2 + version: 21.279.1 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.278.2 + version: 21.279.1 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.278.2 + version: 21.279.1 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.278.2 + version: 21.279.1 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.278.2 + version: 21.279.1 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.278.2 + version: 21.279.1 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.278.2 + version: 21.279.1 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.278.2 + version: 21.279.1 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.278.2 + version: 21.279.1 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.278.2 + version: 21.279.1 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.278.2 + version: 21.279.1 - name: cfui repository: oci://quay.io/codefresh/charts version: 14.98.26 @@ -142,13 +142,13 @@ dependencies: version: 0.8.10 - name: cf-platform-analytics repository: oci://quay.io/codefresh/charts - version: 0.49.86 + version: 0.49.87 - name: cf-platform-analytics repository: oci://quay.io/codefresh/charts - version: 0.49.86 + version: 0.49.87 - name: argo-platform repository: oci://quay.io/codefresh/charts - version: 1.3495.0 + version: 1.3499.0 - name: argo-hub-platform repository: oci://quay.io/codefresh/charts version: 0.1.23 @@ -170,5 +170,5 @@ dependencies: - name: onboarding-status repository: oci://quay.io/codefresh/charts version: 1.8.8 -digest: sha256:af1566dcf00186987f5611033297cdcc4afbcf25f340672801038e2348550f7a -generated: "2025-05-14T19:26:19.494994+03:00" +digest: sha256:285c57c88431c64030358f7323e32bedea07866502c1162728450c91cb55beaa +generated: "2025-05-16T12:27:14.289482+03:00" diff --git a/codefresh/README.md b/codefresh/README.md index f9369f763..69db24708 100644 --- a/codefresh/README.md +++ b/codefresh/README.md @@ -24,6 +24,7 @@ Helm chart for deploying [Codefresh On-Premises](https://codefresh.io/docs/docs/ - [Configuration with ALB (Application Load Balancer)](#configuration-with-alb-application-load-balancer) - [Configuration with Private Registry](#configuration-with-private-registry) - [Configuration with multi-role CF-API](#configuration-with-multi-role-cf-api) + - [Indexes in MongoDB](#indexes-in-mongodb) - [High Availability](#high-availability) - [Mounting private CA certs](#mounting-private-ca-certs) - [Installing on OpenShift](#installing-on-openshift) @@ -33,7 +34,6 @@ Helm chart for deploying [Codefresh On-Premises](https://codefresh.io/docs/docs/ - [Projects pipelines limit](#projects-pipelines-limit) - [Enable session cookie](#enable-session-cookie) - [X-Frame-Options response header](#x-frame-options-response-header) - - [Auto-index creation in MongoDB](#auto-index-creation-in-mongodb) - [Image digests in containers](#image-digests-in-containers) - [Configuring OIDC Provider](#configuring-oidc-provider) - [Upgrading](#upgrading) @@ -115,6 +115,11 @@ global: # firebaseSecretSecretKeyRef: # name: my-secret # key: firebase-secret + + env: + MONGOOSE_AUTO_INDEX: "true" + MONGO_AUTOMATIC_INDEX_CREATION: "true" + ``` - Specify `.Values.ingress.tls.cert` and `.Values.ingress.tls.key` OR `.Values.ingress.tls.existingSecret` @@ -781,6 +786,33 @@ cfapi-test-reporting: enabled: true ``` +### Indexes in MongoDB + +Indexes in MongoDB are essential for efficient query performance, especially as your data grows. Without proper indexes, MongoDB must perform full collection scans to find matching documents, which can significantly slow down operations and increase resource usage. For production environments, ensuring that all frequently queried fields are indexed is vital to maintain optimal performance and scalability. + +Auto-index creation in MongoDB is disabled by default in Codefresh On-Prem to prevent unexpected performance issues in production environments. When enabled, MongoDB will automatically create indexes for fields used in queries, which can lead to high CPU and disk usage, increased I/O, and potential service disruptions—especially on large datasets. By requiring manual index management, administrators can plan index creation during maintenance windows, ensuring system stability and predictable performance. + +For first-time installations, you **should** enable auto-index creation by setting the following values: + +```yaml +global: + env: + MONGOOSE_AUTO_INDEX: "true" + MONGO_AUTOMATIC_INDEX_CREATION: "true" +``` + +> **Note!** If you have a large amount of MongoDB data, it is recommended to create indexes manually. Enabling this feature can cause performance degradation during the index creation process with large datasets. + +#### Creating Indexes manually + +Depending on your MongoDB service (e.g., Atlas, self-hosted), you can create indexes using the MongoDB shell or the Atlas UI. The indexes are defined in the `codefresh/files/indexes//.json` files. + +The indexes list is provided in `codefresh/files/indexes//.json` files. + +Ref: +- [Create an Index in Atlas DB](https://www.mongodb.com/docs/atlas/atlas-ui/indexes/#create-an-index) +- [Create an Index with mongosh](https://www.mongodb.com/docs/manual/reference/method/db.collection.createIndex/) + ### High Availability The chart installs the non-HA version of Codefresh by default. If you want to run Codefresh in HA mode, use the example values below. @@ -1204,32 +1236,6 @@ cfapi: USE_SHA256_GITHUB_SIGNATURE: "true" ``` -### Auto-index creation in MongoDB - -In Codefresh On-Prem 2.6.x, the `cfapi` can create indexes in MongoDB automatically. This feature is disabled by default. To enable it, set the following environment variable: - -> **Note!** Enabling this feature can cause performance degradation during the index creation process. - -> **Note!** It is recommended to add indexes during a maintenance window. The indexes list is provided in `codefresh/files/indexes//.json` files. - -```yaml -cfapi: - container: - env: - MONGOOSE_AUTO_INDEX: "true" -``` - -```yaml -argo-platform: - api-graphql: - env: - MONGO_AUTOMATIC_INDEX_CREATION: "true" -``` - -Ref: -- [Create an Index in Atlas DB](https://www.mongodb.com/docs/atlas/atlas-ui/indexes/#create-an-index) -- [Create an Index with mongosh](https://www.mongodb.com/docs/manual/reference/method/db.collection.createIndex/) - ### Image digests in containers In Codefresh On-Prem 2.6.x all Codefresh owner microservices include image digests in the default subchart values. diff --git a/codefresh/README.md.gotmpl b/codefresh/README.md.gotmpl index 9cf22b2be..0b31d190d 100644 --- a/codefresh/README.md.gotmpl +++ b/codefresh/README.md.gotmpl @@ -24,6 +24,7 @@ Helm chart for deploying [Codefresh On-Premises](https://codefresh.io/docs/docs/ - [Configuration with ALB (Application Load Balancer)](#configuration-with-alb-application-load-balancer) - [Configuration with Private Registry](#configuration-with-private-registry) - [Configuration with multi-role CF-API](#configuration-with-multi-role-cf-api) + - [Indexes in MongoDB](#indexes-in-mongodb) - [High Availability](#high-availability) - [Mounting private CA certs](#mounting-private-ca-certs) - [Installing on OpenShift](#installing-on-openshift) @@ -33,7 +34,6 @@ Helm chart for deploying [Codefresh On-Premises](https://codefresh.io/docs/docs/ - [Projects pipelines limit](#projects-pipelines-limit) - [Enable session cookie](#enable-session-cookie) - [X-Frame-Options response header](#x-frame-options-response-header) - - [Auto-index creation in MongoDB](#auto-index-creation-in-mongodb) - [Image digests in containers](#image-digests-in-containers) - [Configuring OIDC Provider](#configuring-oidc-provider) - [Upgrading](#upgrading) @@ -116,6 +116,11 @@ global: # firebaseSecretSecretKeyRef: # name: my-secret # key: firebase-secret + + env: + MONGOOSE_AUTO_INDEX: "true" + MONGO_AUTOMATIC_INDEX_CREATION: "true" + ``` - Specify `.Values.ingress.tls.cert` and `.Values.ingress.tls.key` OR `.Values.ingress.tls.existingSecret` @@ -784,6 +789,34 @@ cfapi-test-reporting: enabled: true ``` +### Indexes in MongoDB + +Indexes in MongoDB are essential for efficient query performance, especially as your data grows. Without proper indexes, MongoDB must perform full collection scans to find matching documents, which can significantly slow down operations and increase resource usage. For production environments, ensuring that all frequently queried fields are indexed is vital to maintain optimal performance and scalability. + +Auto-index creation in MongoDB is disabled by default in Codefresh On-Prem to prevent unexpected performance issues in production environments. When enabled, MongoDB will automatically create indexes for fields used in queries, which can lead to high CPU and disk usage, increased I/O, and potential service disruptions—especially on large datasets. By requiring manual index management, administrators can plan index creation during maintenance windows, ensuring system stability and predictable performance. + +For first-time installations, you **should** enable auto-index creation by setting the following values: + +```yaml +global: + env: + MONGOOSE_AUTO_INDEX: "true" + MONGO_AUTOMATIC_INDEX_CREATION: "true" +``` + +> **Note!** If you have a large amount of MongoDB data, it is recommended to create indexes manually. Enabling this feature can cause performance degradation during the index creation process with large datasets. + +#### Creating Indexes manually + +Depending on your MongoDB service (e.g., Atlas, self-hosted), you can create indexes using the MongoDB shell or the Atlas UI. The indexes are defined in the `codefresh/files/indexes//.json` files. + +The indexes list is provided in `codefresh/files/indexes//.json` files. + +Ref: +- [Create an Index in Atlas DB](https://www.mongodb.com/docs/atlas/atlas-ui/indexes/#create-an-index) +- [Create an Index with mongosh](https://www.mongodb.com/docs/manual/reference/method/db.collection.createIndex/) + + ### High Availability The chart installs the non-HA version of Codefresh by default. If you want to run Codefresh in HA mode, use the example values below. @@ -1209,32 +1242,6 @@ cfapi: USE_SHA256_GITHUB_SIGNATURE: "true" ``` -### Auto-index creation in MongoDB - -In Codefresh On-Prem 2.6.x, the `cfapi` can create indexes in MongoDB automatically. This feature is disabled by default. To enable it, set the following environment variable: - -> **Note!** Enabling this feature can cause performance degradation during the index creation process. - -> **Note!** It is recommended to add indexes during a maintenance window. The indexes list is provided in `codefresh/files/indexes//.json` files. - -```yaml -cfapi: - container: - env: - MONGOOSE_AUTO_INDEX: "true" -``` - -```yaml -argo-platform: - api-graphql: - env: - MONGO_AUTOMATIC_INDEX_CREATION: "true" -``` - -Ref: -- [Create an Index in Atlas DB](https://www.mongodb.com/docs/atlas/atlas-ui/indexes/#create-an-index) -- [Create an Index with mongosh](https://www.mongodb.com/docs/manual/reference/method/db.collection.createIndex/) - ### Image digests in containers In Codefresh On-Prem 2.6.x all Codefresh owner microservices include image digests in the default subchart values. diff --git a/codefresh/files/indexes/2.6/agenttasks.json b/codefresh/files/indexes/codefresh/agenttasks.json similarity index 100% rename from codefresh/files/indexes/2.6/agenttasks.json rename to codefresh/files/indexes/codefresh/agenttasks.json diff --git a/codefresh/files/indexes/2.6/analysisruns.json b/codefresh/files/indexes/codefresh/analysisruns.json similarity index 100% rename from codefresh/files/indexes/2.6/analysisruns.json rename to codefresh/files/indexes/codefresh/analysisruns.json diff --git a/codefresh/files/indexes/2.6/images-binaries.json b/codefresh/files/indexes/codefresh/images-binaries.json similarity index 100% rename from codefresh/files/indexes/2.6/images-binaries.json rename to codefresh/files/indexes/codefresh/images-binaries.json diff --git a/codefresh/files/indexes/2.6/releases.json b/codefresh/files/indexes/codefresh/releases.json similarity index 100% rename from codefresh/files/indexes/2.6/releases.json rename to codefresh/files/indexes/codefresh/releases.json diff --git a/codefresh/files/indexes/2.6/rollouts.json b/codefresh/files/indexes/codefresh/rollouts.json similarity index 100% rename from codefresh/files/indexes/2.6/rollouts.json rename to codefresh/files/indexes/codefresh/rollouts.json diff --git a/codefresh/files/indexes/2.6/workflowprocesses.json b/codefresh/files/indexes/codefresh/workflowprocesses.json similarity index 100% rename from codefresh/files/indexes/2.6/workflowprocesses.json rename to codefresh/files/indexes/codefresh/workflowprocesses.json From b3c2fba1a8be22cebc68c436545bbc451d87c32a Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Fri, 16 May 2025 16:03:48 +0300 Subject: [PATCH 38/66] onprem: 2.8.0 --- codefresh/README.md | 8 +++++--- codefresh/README.md.gotmpl | 8 +++++--- 2 files changed, 10 insertions(+), 6 deletions(-) diff --git a/codefresh/README.md b/codefresh/README.md index 69db24708..70cb1be46 100644 --- a/codefresh/README.md +++ b/codefresh/README.md @@ -790,7 +790,9 @@ cfapi-test-reporting: Indexes in MongoDB are essential for efficient query performance, especially as your data grows. Without proper indexes, MongoDB must perform full collection scans to find matching documents, which can significantly slow down operations and increase resource usage. For production environments, ensuring that all frequently queried fields are indexed is vital to maintain optimal performance and scalability. -Auto-index creation in MongoDB is disabled by default in Codefresh On-Prem to prevent unexpected performance issues in production environments. When enabled, MongoDB will automatically create indexes for fields used in queries, which can lead to high CPU and disk usage, increased I/O, and potential service disruptions—especially on large datasets. By requiring manual index management, administrators can plan index creation during maintenance windows, ensuring system stability and predictable performance. +Auto-index creation in MongoDB is disabled by default in Codefresh On-Prem to prevent unexpected performance issues in production environments during upgrades. When enabled, MongoDB will automatically create indexes for fields used in queries, which can lead to high CPU and disk usage, increased I/O, and potential service disruptions—especially on large datasets. By requiring manual index management, administrators can plan index creation during maintenance windows, ensuring system stability and predictable performance before upgrading Codefresh On-Prem. + +#### Enabling auto-index creation For first-time installations, you **should** enable auto-index creation by setting the following values: @@ -801,10 +803,10 @@ global: MONGO_AUTOMATIC_INDEX_CREATION: "true" ``` -> **Note!** If you have a large amount of MongoDB data, it is recommended to create indexes manually. Enabling this feature can cause performance degradation during the index creation process with large datasets. - #### Creating Indexes manually +> **Note!** If you have a large amount of MongoDB data, it is recommended to create indexes manually. Enabling auto-index creation can cause performance degradation during the index creation process with large datasets. + Depending on your MongoDB service (e.g., Atlas, self-hosted), you can create indexes using the MongoDB shell or the Atlas UI. The indexes are defined in the `codefresh/files/indexes//.json` files. The indexes list is provided in `codefresh/files/indexes//.json` files. diff --git a/codefresh/README.md.gotmpl b/codefresh/README.md.gotmpl index 0b31d190d..43340cefc 100644 --- a/codefresh/README.md.gotmpl +++ b/codefresh/README.md.gotmpl @@ -793,7 +793,9 @@ cfapi-test-reporting: Indexes in MongoDB are essential for efficient query performance, especially as your data grows. Without proper indexes, MongoDB must perform full collection scans to find matching documents, which can significantly slow down operations and increase resource usage. For production environments, ensuring that all frequently queried fields are indexed is vital to maintain optimal performance and scalability. -Auto-index creation in MongoDB is disabled by default in Codefresh On-Prem to prevent unexpected performance issues in production environments. When enabled, MongoDB will automatically create indexes for fields used in queries, which can lead to high CPU and disk usage, increased I/O, and potential service disruptions—especially on large datasets. By requiring manual index management, administrators can plan index creation during maintenance windows, ensuring system stability and predictable performance. +Auto-index creation in MongoDB is disabled by default in Codefresh On-Prem to prevent unexpected performance issues in production environments during upgrades. When enabled, MongoDB will automatically create indexes for fields used in queries, which can lead to high CPU and disk usage, increased I/O, and potential service disruptions—especially on large datasets. By requiring manual index management, administrators can plan index creation during maintenance windows, ensuring system stability and predictable performance before upgrading Codefresh On-Prem. + +#### Enabling auto-index creation For first-time installations, you **should** enable auto-index creation by setting the following values: @@ -804,10 +806,10 @@ global: MONGO_AUTOMATIC_INDEX_CREATION: "true" ``` -> **Note!** If you have a large amount of MongoDB data, it is recommended to create indexes manually. Enabling this feature can cause performance degradation during the index creation process with large datasets. - #### Creating Indexes manually +> **Note!** If you have a large amount of MongoDB data, it is recommended to create indexes manually. Enabling auto-index creation can cause performance degradation during the index creation process with large datasets. + Depending on your MongoDB service (e.g., Atlas, self-hosted), you can create indexes using the MongoDB shell or the Atlas UI. The indexes are defined in the `codefresh/files/indexes//.json` files. The indexes list is provided in `codefresh/files/indexes//.json` files. From c67b802525b53778a34f498b9eac3a487ec3b3aa Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Fri, 16 May 2025 16:10:59 +0300 Subject: [PATCH 39/66] onprem: 2.8.0 --- codefresh/README.md | 8 +++++--- codefresh/README.md.gotmpl | 8 +++++--- .../files/indexes => indexes}/codefresh/agenttasks.json | 0 .../files/indexes => indexes}/codefresh/analysisruns.json | 0 .../indexes => indexes}/codefresh/images-binaries.json | 0 .../files/indexes => indexes}/codefresh/releases.json | 0 .../files/indexes => indexes}/codefresh/rollouts.json | 0 .../indexes => indexes}/codefresh/workflowprocesses.json | 0 8 files changed, 10 insertions(+), 6 deletions(-) rename {codefresh/files/indexes => indexes}/codefresh/agenttasks.json (100%) rename {codefresh/files/indexes => indexes}/codefresh/analysisruns.json (100%) rename {codefresh/files/indexes => indexes}/codefresh/images-binaries.json (100%) rename {codefresh/files/indexes => indexes}/codefresh/releases.json (100%) rename {codefresh/files/indexes => indexes}/codefresh/rollouts.json (100%) rename {codefresh/files/indexes => indexes}/codefresh/workflowprocesses.json (100%) diff --git a/codefresh/README.md b/codefresh/README.md index 70cb1be46..338fd9610 100644 --- a/codefresh/README.md +++ b/codefresh/README.md @@ -792,6 +792,10 @@ Indexes in MongoDB are essential for efficient query performance, especially as Auto-index creation in MongoDB is disabled by default in Codefresh On-Prem to prevent unexpected performance issues in production environments during upgrades. When enabled, MongoDB will automatically create indexes for fields used in queries, which can lead to high CPU and disk usage, increased I/O, and potential service disruptions—especially on large datasets. By requiring manual index management, administrators can plan index creation during maintenance windows, ensuring system stability and predictable performance before upgrading Codefresh On-Prem. +It is critical to ensure that your MongoDB indexes are always aligned with the latest recommended state for your Codefresh On-Prem version. Outdated or missing indexes can lead to degraded performance, slow queries, and increased resource consumption. Always review release notes and update or create indexes as specified during upgrades or when new collections/fields are introduced. Regularly auditing and maintaining your indexes helps ensure optimal system reliability and scalability. + +The indexes list are located in `./indexes//.json` files in the root of the repository. The files contain the indexes that should be created for each collection in the database. + #### Enabling auto-index creation For first-time installations, you **should** enable auto-index creation by setting the following values: @@ -807,9 +811,7 @@ global: > **Note!** If you have a large amount of MongoDB data, it is recommended to create indexes manually. Enabling auto-index creation can cause performance degradation during the index creation process with large datasets. -Depending on your MongoDB service (e.g., Atlas, self-hosted), you can create indexes using the MongoDB shell or the Atlas UI. The indexes are defined in the `codefresh/files/indexes//.json` files. - -The indexes list is provided in `codefresh/files/indexes//.json` files. +Depending on your MongoDB service (e.g., Atlas, self-hosted), you can create indexes using the MongoDB shell or the Atlas UI. Ref: - [Create an Index in Atlas DB](https://www.mongodb.com/docs/atlas/atlas-ui/indexes/#create-an-index) diff --git a/codefresh/README.md.gotmpl b/codefresh/README.md.gotmpl index 43340cefc..79d947abe 100644 --- a/codefresh/README.md.gotmpl +++ b/codefresh/README.md.gotmpl @@ -795,6 +795,10 @@ Indexes in MongoDB are essential for efficient query performance, especially as Auto-index creation in MongoDB is disabled by default in Codefresh On-Prem to prevent unexpected performance issues in production environments during upgrades. When enabled, MongoDB will automatically create indexes for fields used in queries, which can lead to high CPU and disk usage, increased I/O, and potential service disruptions—especially on large datasets. By requiring manual index management, administrators can plan index creation during maintenance windows, ensuring system stability and predictable performance before upgrading Codefresh On-Prem. +It is critical to ensure that your MongoDB indexes are always aligned with the latest recommended state for your Codefresh On-Prem version. Outdated or missing indexes can lead to degraded performance, slow queries, and increased resource consumption. Always review release notes and update or create indexes as specified during upgrades or when new collections/fields are introduced. Regularly auditing and maintaining your indexes helps ensure optimal system reliability and scalability. + +The indexes list are located in `./indexes//.json` files in the root of the repository. The files contain the indexes that should be created for each collection in the database. + #### Enabling auto-index creation For first-time installations, you **should** enable auto-index creation by setting the following values: @@ -810,9 +814,7 @@ global: > **Note!** If you have a large amount of MongoDB data, it is recommended to create indexes manually. Enabling auto-index creation can cause performance degradation during the index creation process with large datasets. -Depending on your MongoDB service (e.g., Atlas, self-hosted), you can create indexes using the MongoDB shell or the Atlas UI. The indexes are defined in the `codefresh/files/indexes//.json` files. - -The indexes list is provided in `codefresh/files/indexes//.json` files. +Depending on your MongoDB service (e.g., Atlas, self-hosted), you can create indexes using the MongoDB shell or the Atlas UI. Ref: - [Create an Index in Atlas DB](https://www.mongodb.com/docs/atlas/atlas-ui/indexes/#create-an-index) diff --git a/codefresh/files/indexes/codefresh/agenttasks.json b/indexes/codefresh/agenttasks.json similarity index 100% rename from codefresh/files/indexes/codefresh/agenttasks.json rename to indexes/codefresh/agenttasks.json diff --git a/codefresh/files/indexes/codefresh/analysisruns.json b/indexes/codefresh/analysisruns.json similarity index 100% rename from codefresh/files/indexes/codefresh/analysisruns.json rename to indexes/codefresh/analysisruns.json diff --git a/codefresh/files/indexes/codefresh/images-binaries.json b/indexes/codefresh/images-binaries.json similarity index 100% rename from codefresh/files/indexes/codefresh/images-binaries.json rename to indexes/codefresh/images-binaries.json diff --git a/codefresh/files/indexes/codefresh/releases.json b/indexes/codefresh/releases.json similarity index 100% rename from codefresh/files/indexes/codefresh/releases.json rename to indexes/codefresh/releases.json diff --git a/codefresh/files/indexes/codefresh/rollouts.json b/indexes/codefresh/rollouts.json similarity index 100% rename from codefresh/files/indexes/codefresh/rollouts.json rename to indexes/codefresh/rollouts.json diff --git a/codefresh/files/indexes/codefresh/workflowprocesses.json b/indexes/codefresh/workflowprocesses.json similarity index 100% rename from codefresh/files/indexes/codefresh/workflowprocesses.json rename to indexes/codefresh/workflowprocesses.json From a76986bb2706eeec94ffc05b9019df1590debc2d Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Fri, 16 May 2025 16:13:53 +0300 Subject: [PATCH 40/66] onprem: 2.8.0 --- codefresh/README.md | 4 +++- codefresh/README.md.gotmpl | 4 +++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/codefresh/README.md b/codefresh/README.md index 338fd9610..9678ce82f 100644 --- a/codefresh/README.md +++ b/codefresh/README.md @@ -79,6 +79,8 @@ See [Use OCI-based registries](https://helm.sh/docs/topics/registries/) **Important:** only helm 3.8.0+ is supported +**Important:** Read about [Indexes in MongoDB](#indexes-in-mongodb) before installation + Edit default `values.yaml` or create empty `cf-values.yaml` - Pass `sa.json` (as a single line) to `.Values.imageCredentials.password` @@ -786,7 +788,7 @@ cfapi-test-reporting: enabled: true ``` -### Indexes in MongoDB +### ⚠️ ⚠️ ⚠️ Indexes in MongoDB Indexes in MongoDB are essential for efficient query performance, especially as your data grows. Without proper indexes, MongoDB must perform full collection scans to find matching documents, which can significantly slow down operations and increase resource usage. For production environments, ensuring that all frequently queried fields are indexed is vital to maintain optimal performance and scalability. diff --git a/codefresh/README.md.gotmpl b/codefresh/README.md.gotmpl index 79d947abe..a53794ba4 100644 --- a/codefresh/README.md.gotmpl +++ b/codefresh/README.md.gotmpl @@ -80,6 +80,8 @@ See [Use OCI-based registries](https://helm.sh/docs/topics/registries/) **Important:** only helm 3.8.0+ is supported +**Important:** Read about [Indexes in MongoDB](#indexes-in-mongodb) before installation + Edit default `values.yaml` or create empty `cf-values.yaml` - Pass `sa.json` (as a single line) to `.Values.imageCredentials.password` @@ -789,7 +791,7 @@ cfapi-test-reporting: enabled: true ``` -### Indexes in MongoDB +### ⚠️ ⚠️ ⚠️ Indexes in MongoDB Indexes in MongoDB are essential for efficient query performance, especially as your data grows. Without proper indexes, MongoDB must perform full collection scans to find matching documents, which can significantly slow down operations and increase resource usage. For production environments, ensuring that all frequently queried fields are indexed is vital to maintain optimal performance and scalability. From 2840c73e1327f8eee714ec4eca19a3cd20a06485 Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Fri, 16 May 2025 16:26:10 +0300 Subject: [PATCH 41/66] onprem: 2.8.0 --- codefresh/README.md | 13 +++---------- codefresh/README.md.gotmpl | 13 +++---------- 2 files changed, 6 insertions(+), 20 deletions(-) diff --git a/codefresh/README.md b/codefresh/README.md index 9678ce82f..efc88435e 100644 --- a/codefresh/README.md +++ b/codefresh/README.md @@ -191,9 +191,10 @@ The following table displays the list of **persistent** services created as part | Database | Purpose | Latest supported version | | :--- | :---- | :--- | -| MongoDB | Stores all account data (account settings, users, projects, pipelines, builds etc.) | 4.4.x | -| Postgresql | Stores data about events for the account (pipeline updates, deletes, etc.). The audit log uses the data from this database. | 13.x | +| MongoDB | Stores all account data (account settings, users, projects, pipelines, builds etc.) | 7.x | +| Postgresql | Stores data about events for the account (pipeline updates, deletes, etc.). The audit log uses the data from this database. | 17.x | | Redis | Used for caching, and as a key-value store for cron trigger manager. | 7.0.x | +| RabbitMQ | Used for message queueing. | 4.x | > Running on netfs (nfs, cifs) is not recommended. @@ -213,8 +214,6 @@ However, you might need to use external services like [MongoDB Atlas Database](h #### External MongoDB -**Important:** Recommended version of Mongo is 6.x - ```yaml seed: mongoSeedJob: @@ -325,8 +324,6 @@ global: #### External PostgresSQL -**Important:** Recommended version of Postgres is 13.x - ```yaml seed: postgresSeedJob: @@ -390,8 +387,6 @@ postgresql: #### External Redis -**Important:** Recommended version of Redis is 7.x - ```yaml global: # -- Set redis password in plain text @@ -466,8 +461,6 @@ global: #### External RabbitMQ -**Important:** Recommended version of RabbitMQ is 3.x - ```yaml global: # -- Set rabbitmq protocol (`amqp/amqps`) diff --git a/codefresh/README.md.gotmpl b/codefresh/README.md.gotmpl index a53794ba4..49b3ee9f2 100644 --- a/codefresh/README.md.gotmpl +++ b/codefresh/README.md.gotmpl @@ -192,9 +192,10 @@ The following table displays the list of **persistent** services created as part | Database | Purpose | Latest supported version | | :--- | :---- | :--- | -| MongoDB | Stores all account data (account settings, users, projects, pipelines, builds etc.) | 4.4.x | -| Postgresql | Stores data about events for the account (pipeline updates, deletes, etc.). The audit log uses the data from this database. | 13.x | +| MongoDB | Stores all account data (account settings, users, projects, pipelines, builds etc.) | 7.x | +| Postgresql | Stores data about events for the account (pipeline updates, deletes, etc.). The audit log uses the data from this database. | 17.x | | Redis | Used for caching, and as a key-value store for cron trigger manager. | 7.0.x | +| RabbitMQ | Used for message queueing. | 4.x | > Running on netfs (nfs, cifs) is not recommended. @@ -214,8 +215,6 @@ However, you might need to use external services like [MongoDB Atlas Database](h #### External MongoDB -**Important:** Recommended version of Mongo is 6.x - ```yaml seed: mongoSeedJob: @@ -327,8 +326,6 @@ global: #### External PostgresSQL -**Important:** Recommended version of Postgres is 13.x - ```yaml seed: postgresSeedJob: @@ -392,8 +389,6 @@ postgresql: #### External Redis -**Important:** Recommended version of Redis is 7.x - ```yaml global: # -- Set redis password in plain text @@ -469,8 +464,6 @@ global: #### External RabbitMQ -**Important:** Recommended version of RabbitMQ is 3.x - ```yaml global: # -- Set rabbitmq protocol (`amqp/amqps`) From f817f0ff7bcf44d6ad73e7c3def8cb11ef595ab6 Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Fri, 16 May 2025 16:27:46 +0300 Subject: [PATCH 42/66] onprem: 2.8.0 --- codefresh/README.md | 4 +++- codefresh/README.md.gotmpl | 4 +++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/codefresh/README.md b/codefresh/README.md index efc88435e..fecbf3d19 100644 --- a/codefresh/README.md +++ b/codefresh/README.md @@ -781,7 +781,9 @@ cfapi-test-reporting: enabled: true ``` -### ⚠️ ⚠️ ⚠️ Indexes in MongoDB +⚠️ ⚠️ ⚠️ +### Indexes in MongoDB +⚠️ ⚠️ ⚠️ Indexes in MongoDB are essential for efficient query performance, especially as your data grows. Without proper indexes, MongoDB must perform full collection scans to find matching documents, which can significantly slow down operations and increase resource usage. For production environments, ensuring that all frequently queried fields are indexed is vital to maintain optimal performance and scalability. diff --git a/codefresh/README.md.gotmpl b/codefresh/README.md.gotmpl index 49b3ee9f2..bc946464c 100644 --- a/codefresh/README.md.gotmpl +++ b/codefresh/README.md.gotmpl @@ -784,7 +784,9 @@ cfapi-test-reporting: enabled: true ``` -### ⚠️ ⚠️ ⚠️ Indexes in MongoDB +⚠️ ⚠️ ⚠️ +### Indexes in MongoDB +⚠️ ⚠️ ⚠️ Indexes in MongoDB are essential for efficient query performance, especially as your data grows. Without proper indexes, MongoDB must perform full collection scans to find matching documents, which can significantly slow down operations and increase resource usage. For production environments, ensuring that all frequently queried fields are indexed is vital to maintain optimal performance and scalability. From a88b3567e1c306e114782a6e989954d518bdbdd7 Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Fri, 16 May 2025 16:29:26 +0300 Subject: [PATCH 43/66] onprem: 2.8.0 --- codefresh/README.md | 2 +- codefresh/README.md.gotmpl | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/codefresh/README.md b/codefresh/README.md index fecbf3d19..e02c7f9fa 100644 --- a/codefresh/README.md +++ b/codefresh/README.md @@ -189,7 +189,7 @@ helm show values codefresh/codefresh The following table displays the list of **persistent** services created as part of the on-premises installation: -| Database | Purpose | Latest supported version | +| Database | Purpose | Required version | | :--- | :---- | :--- | | MongoDB | Stores all account data (account settings, users, projects, pipelines, builds etc.) | 7.x | | Postgresql | Stores data about events for the account (pipeline updates, deletes, etc.). The audit log uses the data from this database. | 17.x | diff --git a/codefresh/README.md.gotmpl b/codefresh/README.md.gotmpl index bc946464c..b82701af2 100644 --- a/codefresh/README.md.gotmpl +++ b/codefresh/README.md.gotmpl @@ -190,7 +190,7 @@ helm show values codefresh/codefresh The following table displays the list of **persistent** services created as part of the on-premises installation: -| Database | Purpose | Latest supported version | +| Database | Purpose | Required version | | :--- | :---- | :--- | | MongoDB | Stores all account data (account settings, users, projects, pipelines, builds etc.) | 7.x | | Postgresql | Stores data about events for the account (pipeline updates, deletes, etc.). The audit log uses the data from this database. | 17.x | From 8475ffc2f2019aee75e395a4f536155d4888d341 Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Fri, 16 May 2025 16:34:16 +0300 Subject: [PATCH 44/66] onprem: 2.8.0 --- codefresh/README.md | 2 +- codefresh/README.md.gotmpl | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/codefresh/README.md b/codefresh/README.md index e02c7f9fa..be7209002 100644 --- a/codefresh/README.md +++ b/codefresh/README.md @@ -59,7 +59,7 @@ Helm chart for deploying [Codefresh On-Premises](https://codefresh.io/docs/docs/ ## Prerequisites -- Kubernetes **>= 1.28 && <= 1.31** (Supported versions mean that installation passed for the versions listed; however, it **may** work on older k8s versions as well) +- Kubernetes **>= 1.28 && <= 1.32** (Supported versions mean that installation passed for the versions listed; however, it **may** work on older k8s versions as well) - Helm **3.8.0+** - PV provisioner support in the underlying infrastructure (with [resizing](https://kubernetes.io/blog/2018/07/12/resizing-persistent-volumes-using-kubernetes/) available) - Minimal 4vCPU and 8Gi Memory available in the cluster (for production usage the recommended minimal cluster capacity is at least 12vCPUs and 36Gi Memory) diff --git a/codefresh/README.md.gotmpl b/codefresh/README.md.gotmpl index b82701af2..44b3850a6 100644 --- a/codefresh/README.md.gotmpl +++ b/codefresh/README.md.gotmpl @@ -60,7 +60,7 @@ Helm chart for deploying [Codefresh On-Premises](https://codefresh.io/docs/docs/ ## Prerequisites -- Kubernetes **>= 1.28 && <= 1.31** (Supported versions mean that installation passed for the versions listed; however, it **may** work on older k8s versions as well) +- Kubernetes **>= 1.28 && <= 1.32** (Supported versions mean that installation passed for the versions listed; however, it **may** work on older k8s versions as well) - Helm **3.8.0+** - PV provisioner support in the underlying infrastructure (with [resizing](https://kubernetes.io/blog/2018/07/12/resizing-persistent-volumes-using-kubernetes/) available) - Minimal 4vCPU and 8Gi Memory available in the cluster (for production usage the recommended minimal cluster capacity is at least 12vCPUs and 36Gi Memory) From 119719fe33482ce23ad1fce5a643af6a7b78c3dc Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Fri, 16 May 2025 16:36:45 +0300 Subject: [PATCH 45/66] onprem: 2.8.0 --- codefresh/README.md | 22 +++++++++++----------- codefresh/README.md.gotmpl | 22 +++++++++++----------- 2 files changed, 22 insertions(+), 22 deletions(-) diff --git a/codefresh/README.md b/codefresh/README.md index be7209002..0cf70801c 100644 --- a/codefresh/README.md +++ b/codefresh/README.md @@ -37,17 +37,17 @@ Helm chart for deploying [Codefresh On-Premises](https://codefresh.io/docs/docs/ - [Image digests in containers](#image-digests-in-containers) - [Configuring OIDC Provider](#configuring-oidc-provider) - [Upgrading](#upgrading) - - [To 2.0.0](#to-200) - - [To 2.0.12](#to-2012) - - [To 2.0.17](#to-2017) - - [To 2.1.0](#to-210) - - [To 2.1.7](#to-217) - - [To 2.2.0](#to-220) - - [To 2.3.0](#to-230) - - [To 2.4.0](#to-240) - - [To 2.5.0](#to-250) - - [To 2.6.0](#to-260) - - [To 2.7.0](#to-270) + - [To 2.0.0](#to-2-0-0) + - [To 2.0.12](#to-2-0-12) + - [To 2.0.17](#to-2-0-17) + - [To 2.1.0](#to-2-1-0) + - [To 2.1.7](#to-2-1-7) + - [To 2.2.0](#to-2-2-0) + - [To 2.3.0](#to-2-3-0) + - [To 2.4.0](#to-2-4-0) + - [To 2.5.0](#to-2-5-0) + - [To 2.6.0](#to-2-6-0) + - [To 2.7.0](#to-2-7-0) - [Rollback](#rollback) - [Troubleshooting](#troubleshooting) - [Values](#values) diff --git a/codefresh/README.md.gotmpl b/codefresh/README.md.gotmpl index 44b3850a6..313532bf2 100644 --- a/codefresh/README.md.gotmpl +++ b/codefresh/README.md.gotmpl @@ -37,17 +37,17 @@ Helm chart for deploying [Codefresh On-Premises](https://codefresh.io/docs/docs/ - [Image digests in containers](#image-digests-in-containers) - [Configuring OIDC Provider](#configuring-oidc-provider) - [Upgrading](#upgrading) - - [To 2.0.0](#to-200) - - [To 2.0.12](#to-2012) - - [To 2.0.17](#to-2017) - - [To 2.1.0](#to-210) - - [To 2.1.7](#to-217) - - [To 2.2.0](#to-220) - - [To 2.3.0](#to-230) - - [To 2.4.0](#to-240) - - [To 2.5.0](#to-250) - - [To 2.6.0](#to-260) - - [To 2.7.0](#to-270) + - [To 2.0.0](#to-2-0-0) + - [To 2.0.12](#to-2-0-12) + - [To 2.0.17](#to-2-0-17) + - [To 2.1.0](#to-2-1-0) + - [To 2.1.7](#to-2-1-7) + - [To 2.2.0](#to-2-2-0) + - [To 2.3.0](#to-2-3-0) + - [To 2.4.0](#to-2-4-0) + - [To 2.5.0](#to-2-5-0) + - [To 2.6.0](#to-2-6-0) + - [To 2.7.0](#to-2-7-0) - [Rollback](#rollback) - [Troubleshooting](#troubleshooting) - [Values](#values) From 39a401d7fcd0898f96eb66448c9f7906f8090fc9 Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Fri, 16 May 2025 16:37:47 +0300 Subject: [PATCH 46/66] onprem: 2.8.0 --- codefresh/README.md | 2 +- codefresh/README.md.gotmpl | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/codefresh/README.md b/codefresh/README.md index 0cf70801c..60128cb73 100644 --- a/codefresh/README.md +++ b/codefresh/README.md @@ -1465,7 +1465,7 @@ Use [obtain-oidc-id-token](https://github.com/codefresh-io/steps/blob/822afc0a9a ## Upgrading -### To 2.0.0 +### To 2-0-0 This major chart version change (v1.4.X -> v2.0.0) contains some **incompatible breaking change needing manual actions**. diff --git a/codefresh/README.md.gotmpl b/codefresh/README.md.gotmpl index 313532bf2..0a2ae5f2f 100644 --- a/codefresh/README.md.gotmpl +++ b/codefresh/README.md.gotmpl @@ -1474,7 +1474,7 @@ Use [obtain-oidc-id-token](https://github.com/codefresh-io/steps/blob/822afc0a9a ## Upgrading -### To 2.0.0 +### To 2-0-0 This major chart version change (v1.4.X -> v2.0.0) contains some **incompatible breaking change needing manual actions**. From 388683952339c94d2a8ec2633d654bfe23679c15 Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Fri, 16 May 2025 16:41:21 +0300 Subject: [PATCH 47/66] onprem: 2.8.0 --- codefresh/README.md | 20 ++++++++++---------- codefresh/README.md.gotmpl | 20 ++++++++++---------- 2 files changed, 20 insertions(+), 20 deletions(-) diff --git a/codefresh/README.md b/codefresh/README.md index 60128cb73..fdd85f20e 100644 --- a/codefresh/README.md +++ b/codefresh/README.md @@ -1774,7 +1774,7 @@ helm-repo-manager: repository: myregistry.domain.com/codefresh/chartmuseum ``` -### To 2.0.17 +### To 2-0-17 #### ⚠️ Affected values @@ -1848,7 +1848,7 @@ argo-platform: repository: codefresh-io/argo-platform-ui ``` -### To 2.1.0 +### To 2-1-0 ### [What's new in 2.1.x](https://codefresh.io/docs/docs/whats-new/on-prem-release-notes/#on-premises-version-21) @@ -1884,14 +1884,14 @@ cf-broadcaster: REDIS_DB: 0 ``` -### To 2.1.7 +### To 2-1-7 ⚠️⚠️⚠️ > Since version 2.1.7 chart is pushed **only** to OCI registry at `oci://quay.io/codefresh/codefresh` > Versions prior to 2.1.7 are still available in ChartMuseum at `http://chartmuseum.codefresh.io/codefresh` -### To 2.2.0 +### To 2-2-0 ### [What's new in 2.2.x](https://codefresh.io/docs/docs/whats-new/on-prem-release-notes/#on-premises-version-22) @@ -1919,7 +1919,7 @@ redis-ha: enabled: true ``` -### To 2.3.0 +### To 2-3-0 ### [What's new in 2.3.x](https://codefresh.io/docs/docs/whats-new/on-prem-release-notes/#on-premises-version-23) @@ -1963,7 +1963,7 @@ helm rollback $RELEASE_NAME $RELEASE_NUMBER \ --wait ``` -### To 2.4.0 +### To 2-4-0 ### [What's new in 2.4.x](https://codefresh.io/docs/docs/whats-new/on-prem-release-notes/#on-premises-version-24) @@ -1992,11 +1992,11 @@ cfapi: DEFAULT_SYSTEM_TYPE: CLASSIC ``` -### To 2.5.0 +### To 2-5-0 ### [What's new in 2.5.x](https://codefresh.io/docs/docs/whats-new/on-prem-release-notes/#on-premises-version-25) -### To 2.6.0 +### To 2-6-0 ### [What's new in 2.6.x](https://codefresh.io/docs/docs/whats-new/on-prem-release-notes/#on-premises-version-26) @@ -2008,7 +2008,7 @@ cfapi: [Auto-index creation in MongoDB](#auto-index-creation-in-mongodb) -### To 2.7.0 +### To 2-7-0 ### [What's new in 2.7.x](https://codefresh.io/docs/docs/whats-new/on-prem-release-notes/#on-premises-version-27) @@ -2039,7 +2039,7 @@ global: - "value" ``` -### To 2.8.0 +### To 2-8-0 ### [What's new in 2.8.x](https://codefresh.io/docs/docs/whats-new/on-prem-release-notes/#on-premises-version-28) diff --git a/codefresh/README.md.gotmpl b/codefresh/README.md.gotmpl index 0a2ae5f2f..c63cb7d6f 100644 --- a/codefresh/README.md.gotmpl +++ b/codefresh/README.md.gotmpl @@ -1783,7 +1783,7 @@ helm-repo-manager: repository: myregistry.domain.com/codefresh/chartmuseum ``` -### To 2.0.17 +### To 2-0-17 #### ⚠️ Affected values @@ -1857,7 +1857,7 @@ argo-platform: repository: codefresh-io/argo-platform-ui ``` -### To 2.1.0 +### To 2-1-0 ### [What's new in 2.1.x](https://codefresh.io/docs/docs/whats-new/on-prem-release-notes/#on-premises-version-21) @@ -1894,14 +1894,14 @@ cf-broadcaster: ``` -### To 2.1.7 +### To 2-1-7 ⚠️⚠️⚠️ > Since version 2.1.7 chart is pushed **only** to OCI registry at `oci://quay.io/codefresh/codefresh` > Versions prior to 2.1.7 are still available in ChartMuseum at `http://chartmuseum.codefresh.io/codefresh` -### To 2.2.0 +### To 2-2-0 ### [What's new in 2.2.x](https://codefresh.io/docs/docs/whats-new/on-prem-release-notes/#on-premises-version-22) @@ -1929,7 +1929,7 @@ redis-ha: enabled: true ``` -### To 2.3.0 +### To 2-3-0 ### [What's new in 2.3.x](https://codefresh.io/docs/docs/whats-new/on-prem-release-notes/#on-premises-version-23) @@ -1973,7 +1973,7 @@ helm rollback $RELEASE_NAME $RELEASE_NUMBER \ --wait ``` -### To 2.4.0 +### To 2-4-0 ### [What's new in 2.4.x](https://codefresh.io/docs/docs/whats-new/on-prem-release-notes/#on-premises-version-24) @@ -2002,11 +2002,11 @@ cfapi: DEFAULT_SYSTEM_TYPE: CLASSIC ``` -### To 2.5.0 +### To 2-5-0 ### [What's new in 2.5.x](https://codefresh.io/docs/docs/whats-new/on-prem-release-notes/#on-premises-version-25) -### To 2.6.0 +### To 2-6-0 ### [What's new in 2.6.x](https://codefresh.io/docs/docs/whats-new/on-prem-release-notes/#on-premises-version-26) @@ -2018,7 +2018,7 @@ cfapi: [Auto-index creation in MongoDB](#auto-index-creation-in-mongodb) -### To 2.7.0 +### To 2-7-0 ### [What's new in 2.7.x](https://codefresh.io/docs/docs/whats-new/on-prem-release-notes/#on-premises-version-27) @@ -2049,7 +2049,7 @@ global: - "value" ``` -### To 2.8.0 +### To 2-8-0 ### [What's new in 2.8.x](https://codefresh.io/docs/docs/whats-new/on-prem-release-notes/#on-premises-version-28) From b3cf7a53c29530a6275b96f93800e8da7e1e5248 Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Fri, 16 May 2025 16:42:10 +0300 Subject: [PATCH 48/66] onprem: 2.8.0 --- codefresh/README.md | 2 +- codefresh/README.md.gotmpl | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/codefresh/README.md b/codefresh/README.md index fdd85f20e..ec981870b 100644 --- a/codefresh/README.md +++ b/codefresh/README.md @@ -194,7 +194,7 @@ The following table displays the list of **persistent** services created as part | MongoDB | Stores all account data (account settings, users, projects, pipelines, builds etc.) | 7.x | | Postgresql | Stores data about events for the account (pipeline updates, deletes, etc.). The audit log uses the data from this database. | 17.x | | Redis | Used for caching, and as a key-value store for cron trigger manager. | 7.0.x | -| RabbitMQ | Used for message queueing. | 4.x | +| RabbitMQ | Used for message queueing. | 4.0.x | > Running on netfs (nfs, cifs) is not recommended. diff --git a/codefresh/README.md.gotmpl b/codefresh/README.md.gotmpl index c63cb7d6f..0f7e5b1fd 100644 --- a/codefresh/README.md.gotmpl +++ b/codefresh/README.md.gotmpl @@ -195,7 +195,7 @@ The following table displays the list of **persistent** services created as part | MongoDB | Stores all account data (account settings, users, projects, pipelines, builds etc.) | 7.x | | Postgresql | Stores data about events for the account (pipeline updates, deletes, etc.). The audit log uses the data from this database. | 17.x | | Redis | Used for caching, and as a key-value store for cron trigger manager. | 7.0.x | -| RabbitMQ | Used for message queueing. | 4.x | +| RabbitMQ | Used for message queueing. | 4.0.x | > Running on netfs (nfs, cifs) is not recommended. From 96c66156e968b524ad5cc430fa81d240ddacd4e0 Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Fri, 16 May 2025 16:46:26 +0300 Subject: [PATCH 49/66] onprem: 2.8.0 --- codefresh/README.md | 1 + codefresh/README.md.gotmpl | 1 + 2 files changed, 2 insertions(+) diff --git a/codefresh/README.md b/codefresh/README.md index ec981870b..976701e8b 100644 --- a/codefresh/README.md +++ b/codefresh/README.md @@ -48,6 +48,7 @@ Helm chart for deploying [Codefresh On-Premises](https://codefresh.io/docs/docs/ - [To 2.5.0](#to-2-5-0) - [To 2.6.0](#to-2-6-0) - [To 2.7.0](#to-2-7-0) + - [To 2.8.0](#to-2-8-0) - [Rollback](#rollback) - [Troubleshooting](#troubleshooting) - [Values](#values) diff --git a/codefresh/README.md.gotmpl b/codefresh/README.md.gotmpl index 0f7e5b1fd..ff38e1871 100644 --- a/codefresh/README.md.gotmpl +++ b/codefresh/README.md.gotmpl @@ -48,6 +48,7 @@ Helm chart for deploying [Codefresh On-Premises](https://codefresh.io/docs/docs/ - [To 2.5.0](#to-2-5-0) - [To 2.6.0](#to-2-6-0) - [To 2.7.0](#to-2-7-0) + - [To 2.8.0](#to-2-8-0) - [Rollback](#rollback) - [Troubleshooting](#troubleshooting) - [Values](#values) From 23b04b03901c01b1041a5057d24e8e9a646fd983 Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Fri, 16 May 2025 16:51:05 +0300 Subject: [PATCH 50/66] onprem: 2.8.0 --- codefresh/README.md | 4 ++++ codefresh/README.md.gotmpl | 5 +++++ 2 files changed, 9 insertions(+) diff --git a/codefresh/README.md b/codefresh/README.md index 976701e8b..ba703cbaa 100644 --- a/codefresh/README.md +++ b/codefresh/README.md @@ -2090,6 +2090,10 @@ psql -U -f "$BACKUP_DIR/$BACKUP_SQL.$TIMESTAMP" >> "$LOG_FILE" 2>&1 Default RabbitMQ image is changed from 3.x to 4.x +#### Affected values + +- Added option to provide `.Values.global.tolerations`/`.Values.global.nodeSelector`/`.Values.global.affinity` for all Codefresh subcharts + ## Troubleshooting ### Error: Failed to validate connection to Docker daemon; caused by Error: certificate has expired diff --git a/codefresh/README.md.gotmpl b/codefresh/README.md.gotmpl index ff38e1871..4ca3d775f 100644 --- a/codefresh/README.md.gotmpl +++ b/codefresh/README.md.gotmpl @@ -2100,6 +2100,11 @@ psql -U -f "$BACKUP_DIR/$BACKUP_SQL.$TIMESTAMP" >> "$LOG_FILE" 2>&1 Default RabbitMQ image is changed from 3.x to 4.x +#### Affected values + +- Added option to provide `.Values.global.tolerations`/`.Values.global.nodeSelector`/`.Values.global.affinity` for all Codefresh subcharts + + ## Troubleshooting From aca85ba1cc7686c940122e7b8a95f8aa67214acb Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Fri, 16 May 2025 16:58:06 +0300 Subject: [PATCH 51/66] onprem: 2.8.0 --- codefresh/README.md.gotmpl | 3 +++ .../templates/hooks/{ => post-upgrade}/update-system-re.yaml | 0 .../delete-consul-svc-job.yaml | 0 .../delete-consul-svc-rbac.yaml | 0 .../hooks/{ => pre-upgrade}/set-mongodb-compat-version.yaml | 0 5 files changed, 3 insertions(+) rename codefresh/templates/hooks/{ => post-upgrade}/update-system-re.yaml (100%) rename codefresh/templates/hooks/{delete-consul-svc => pre-upgrade}/delete-consul-svc-job.yaml (100%) rename codefresh/templates/hooks/{delete-consul-svc => pre-upgrade}/delete-consul-svc-rbac.yaml (100%) rename codefresh/templates/hooks/{ => pre-upgrade}/set-mongodb-compat-version.yaml (100%) diff --git a/codefresh/README.md.gotmpl b/codefresh/README.md.gotmpl index 4ca3d775f..bca4d9a06 100644 --- a/codefresh/README.md.gotmpl +++ b/codefresh/README.md.gotmpl @@ -2104,6 +2104,9 @@ Default RabbitMQ image is changed from 3.x to 4.x - Added option to provide `.Values.global.tolerations`/`.Values.global.nodeSelector`/`.Values.global.affinity` for all Codefresh subcharts +- Changed default location for public images from `quay.io/codefresh` to `us-docker.pkg.dev/codefresh-inc/public-gcr-io/codefresh` + + ## Troubleshooting diff --git a/codefresh/templates/hooks/update-system-re.yaml b/codefresh/templates/hooks/post-upgrade/update-system-re.yaml similarity index 100% rename from codefresh/templates/hooks/update-system-re.yaml rename to codefresh/templates/hooks/post-upgrade/update-system-re.yaml diff --git a/codefresh/templates/hooks/delete-consul-svc/delete-consul-svc-job.yaml b/codefresh/templates/hooks/pre-upgrade/delete-consul-svc-job.yaml similarity index 100% rename from codefresh/templates/hooks/delete-consul-svc/delete-consul-svc-job.yaml rename to codefresh/templates/hooks/pre-upgrade/delete-consul-svc-job.yaml diff --git a/codefresh/templates/hooks/delete-consul-svc/delete-consul-svc-rbac.yaml b/codefresh/templates/hooks/pre-upgrade/delete-consul-svc-rbac.yaml similarity index 100% rename from codefresh/templates/hooks/delete-consul-svc/delete-consul-svc-rbac.yaml rename to codefresh/templates/hooks/pre-upgrade/delete-consul-svc-rbac.yaml diff --git a/codefresh/templates/hooks/set-mongodb-compat-version.yaml b/codefresh/templates/hooks/pre-upgrade/set-mongodb-compat-version.yaml similarity index 100% rename from codefresh/templates/hooks/set-mongodb-compat-version.yaml rename to codefresh/templates/hooks/pre-upgrade/set-mongodb-compat-version.yaml From d9180fd14f3e3880c40f6c3903363f380f7fefb3 Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Fri, 16 May 2025 16:59:05 +0300 Subject: [PATCH 52/66] onprem: 2.8.0 --- codefresh/README.md | 2 ++ codefresh/README.md.gotmpl | 3 --- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/codefresh/README.md b/codefresh/README.md index ba703cbaa..3853e90cc 100644 --- a/codefresh/README.md +++ b/codefresh/README.md @@ -2094,6 +2094,8 @@ Default RabbitMQ image is changed from 3.x to 4.x - Added option to provide `.Values.global.tolerations`/`.Values.global.nodeSelector`/`.Values.global.affinity` for all Codefresh subcharts +- Changed default location for public images from `quay.io/codefresh` to `us-docker.pkg.dev/codefresh-inc/public-gcr-io/codefresh` + ## Troubleshooting ### Error: Failed to validate connection to Docker daemon; caused by Error: certificate has expired diff --git a/codefresh/README.md.gotmpl b/codefresh/README.md.gotmpl index bca4d9a06..33c301b5e 100644 --- a/codefresh/README.md.gotmpl +++ b/codefresh/README.md.gotmpl @@ -2106,9 +2106,6 @@ Default RabbitMQ image is changed from 3.x to 4.x - Changed default location for public images from `quay.io/codefresh` to `us-docker.pkg.dev/codefresh-inc/public-gcr-io/codefresh` - - - ## Troubleshooting ### Error: Failed to validate connection to Docker daemon; caused by Error: certificate has expired From af5584f804d7dc8da4fcc2a2e5ec0921755feef5 Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Fri, 16 May 2025 19:16:59 +0300 Subject: [PATCH 53/66] onprem: 2.8.0 --- codefresh/README.md | 22 ++++++++++++++++++++-- codefresh/README.md.gotmpl | 22 ++++++++++++++++++++-- 2 files changed, 40 insertions(+), 4 deletions(-) diff --git a/codefresh/README.md b/codefresh/README.md index 3853e90cc..6c1a8d5dc 100644 --- a/codefresh/README.md +++ b/codefresh/README.md @@ -792,11 +792,20 @@ Auto-index creation in MongoDB is disabled by default in Codefresh On-Prem to pr It is critical to ensure that your MongoDB indexes are always aligned with the latest recommended state for your Codefresh On-Prem version. Outdated or missing indexes can lead to degraded performance, slow queries, and increased resource consumption. Always review release notes and update or create indexes as specified during upgrades or when new collections/fields are introduced. Regularly auditing and maintaining your indexes helps ensure optimal system reliability and scalability. -The indexes list are located in `./indexes//.json` files in the root of the repository. The files contain the indexes that should be created for each collection in the database. +The indexes list is located at the [codefresh-io/codefresh-onprem-helm](https://github.com/codefresh-io/codefresh-onprem-helm/tree/onprem-2.8.0/indexes) + +The directory structure is: + +```console +codefresh-onprem-helm +├── indexes +│ ├── # MongoDB database name +│ │ ├── .json # MongoDB indexes for the specified collection +``` #### Enabling auto-index creation -For first-time installations, you **should** enable auto-index creation by setting the following values: +For first-time installations, you **must** enable auto-index creation by setting the following values: ```yaml global: @@ -805,6 +814,15 @@ global: MONGO_AUTOMATIC_INDEX_CREATION: "true" ``` +You **should** disable it for the next upgrades by setting these variables to `false`: + +```yaml +global: + env: + MONGOOSE_AUTO_INDEX: "false" + MONGO_AUTOMATIC_INDEX_CREATION: "false" +``` + #### Creating Indexes manually > **Note!** If you have a large amount of MongoDB data, it is recommended to create indexes manually. Enabling auto-index creation can cause performance degradation during the index creation process with large datasets. diff --git a/codefresh/README.md.gotmpl b/codefresh/README.md.gotmpl index 33c301b5e..e0b85ea07 100644 --- a/codefresh/README.md.gotmpl +++ b/codefresh/README.md.gotmpl @@ -795,11 +795,20 @@ Auto-index creation in MongoDB is disabled by default in Codefresh On-Prem to pr It is critical to ensure that your MongoDB indexes are always aligned with the latest recommended state for your Codefresh On-Prem version. Outdated or missing indexes can lead to degraded performance, slow queries, and increased resource consumption. Always review release notes and update or create indexes as specified during upgrades or when new collections/fields are introduced. Regularly auditing and maintaining your indexes helps ensure optimal system reliability and scalability. -The indexes list are located in `./indexes//.json` files in the root of the repository. The files contain the indexes that should be created for each collection in the database. +The indexes list is located at the [codefresh-io/codefresh-onprem-helm](https://github.com/codefresh-io/codefresh-onprem-helm/tree/onprem-2.8.0/indexes) + +The directory structure is: + +```console +codefresh-onprem-helm +├── indexes +│ ├── # MongoDB database name +│ │ ├── .json # MongoDB indexes for the specified collection +``` #### Enabling auto-index creation -For first-time installations, you **should** enable auto-index creation by setting the following values: +For first-time installations, you **must** enable auto-index creation by setting the following values: ```yaml global: @@ -808,6 +817,15 @@ global: MONGO_AUTOMATIC_INDEX_CREATION: "true" ``` +You **should** disable it for the next upgrades by setting these variables to `false`: + +```yaml +global: + env: + MONGOOSE_AUTO_INDEX: "false" + MONGO_AUTOMATIC_INDEX_CREATION: "false" +``` + #### Creating Indexes manually > **Note!** If you have a large amount of MongoDB data, it is recommended to create indexes manually. Enabling auto-index creation can cause performance degradation during the index creation process with large datasets. From 90375a90b7e7f1c387e40e8a7473bd6a7c4b39e7 Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Fri, 16 May 2025 19:17:58 +0300 Subject: [PATCH 54/66] onprem: 2.8.0 --- codefresh/README.md.gotmpl | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/codefresh/README.md.gotmpl b/codefresh/README.md.gotmpl index e0b85ea07..83a208b58 100644 --- a/codefresh/README.md.gotmpl +++ b/codefresh/README.md.gotmpl @@ -795,7 +795,8 @@ Auto-index creation in MongoDB is disabled by default in Codefresh On-Prem to pr It is critical to ensure that your MongoDB indexes are always aligned with the latest recommended state for your Codefresh On-Prem version. Outdated or missing indexes can lead to degraded performance, slow queries, and increased resource consumption. Always review release notes and update or create indexes as specified during upgrades or when new collections/fields are introduced. Regularly auditing and maintaining your indexes helps ensure optimal system reliability and scalability. -The indexes list is located at the [codefresh-io/codefresh-onprem-helm](https://github.com/codefresh-io/codefresh-onprem-helm/tree/onprem-2.8.0/indexes) +The indexes list is located at the [codefresh-io/codefresh-onprem-helm](https://github.com/codefresh-io/codefresh-onprem-helm/tree/onprem-2.8.0/indexes) repository. +The indexes are stored in JSON files with keys and options specified. The directory structure is: From d1afa810a426644481a884ab24ea908ecae80aa0 Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Fri, 16 May 2025 19:18:05 +0300 Subject: [PATCH 55/66] onprem: 2.8.0 --- codefresh/README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/codefresh/README.md b/codefresh/README.md index 6c1a8d5dc..917ea3cf7 100644 --- a/codefresh/README.md +++ b/codefresh/README.md @@ -792,7 +792,8 @@ Auto-index creation in MongoDB is disabled by default in Codefresh On-Prem to pr It is critical to ensure that your MongoDB indexes are always aligned with the latest recommended state for your Codefresh On-Prem version. Outdated or missing indexes can lead to degraded performance, slow queries, and increased resource consumption. Always review release notes and update or create indexes as specified during upgrades or when new collections/fields are introduced. Regularly auditing and maintaining your indexes helps ensure optimal system reliability and scalability. -The indexes list is located at the [codefresh-io/codefresh-onprem-helm](https://github.com/codefresh-io/codefresh-onprem-helm/tree/onprem-2.8.0/indexes) +The indexes list is located at the [codefresh-io/codefresh-onprem-helm](https://github.com/codefresh-io/codefresh-onprem-helm/tree/onprem-2.8.0/indexes) repository. +The indexes are stored in JSON files with keys and options specified. The directory structure is: From fa746a2f7c94211b8ffd4e58ca00b8f05f98fd52 Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Mon, 19 May 2025 11:51:05 +0300 Subject: [PATCH 56/66] onprem: 2.8.0 --- .../codefresh/feature-store-versioned.json | 25 +++++++++++++++++++ .../analysisruns.json | 0 .../images-binaries.json | 0 .../{codefresh => read-models}/releases.json | 0 .../{codefresh => read-models}/rollouts.json | 0 5 files changed, 25 insertions(+) create mode 100644 indexes/codefresh/feature-store-versioned.json rename indexes/{codefresh => read-models}/analysisruns.json (100%) rename indexes/{codefresh => read-models}/images-binaries.json (100%) rename indexes/{codefresh => read-models}/releases.json (100%) rename indexes/{codefresh => read-models}/rollouts.json (100%) diff --git a/indexes/codefresh/feature-store-versioned.json b/indexes/codefresh/feature-store-versioned.json new file mode 100644 index 000000000..4be0e7132 --- /dev/null +++ b/indexes/codefresh/feature-store-versioned.json @@ -0,0 +1,25 @@ +[ + { + "expireAfterSeconds": 43200.0, + "key": { + "createdAt": 1.0 + }, + "name": "createdAt_1", + "v": 2.0 + }, + { + "key": { + "_id": -1.0, + "LDRedisStoreVersion": 1.0 + }, + "name": "LDRedisStoreVersion_1__id_-1", + "v": 2.0 + }, + { + "key": { + "_id": 1.0 + }, + "name": "_id_", + "v": 2.0 + } +] diff --git a/indexes/codefresh/analysisruns.json b/indexes/read-models/analysisruns.json similarity index 100% rename from indexes/codefresh/analysisruns.json rename to indexes/read-models/analysisruns.json diff --git a/indexes/codefresh/images-binaries.json b/indexes/read-models/images-binaries.json similarity index 100% rename from indexes/codefresh/images-binaries.json rename to indexes/read-models/images-binaries.json diff --git a/indexes/codefresh/releases.json b/indexes/read-models/releases.json similarity index 100% rename from indexes/codefresh/releases.json rename to indexes/read-models/releases.json diff --git a/indexes/codefresh/rollouts.json b/indexes/read-models/rollouts.json similarity index 100% rename from indexes/codefresh/rollouts.json rename to indexes/read-models/rollouts.json From a8474124471ac1b00c6227827856435bf00d460d Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Mon, 19 May 2025 12:16:10 +0300 Subject: [PATCH 57/66] onprem: 2.8.0 --- codefresh/Chart.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/codefresh/Chart.lock b/codefresh/Chart.lock index 58940488d..b004a6621 100644 --- a/codefresh/Chart.lock +++ b/codefresh/Chart.lock @@ -118,7 +118,7 @@ dependencies: version: 21.279.1 - name: cfui repository: oci://quay.io/codefresh/charts - version: 14.98.26 + version: 14.98.27 - name: k8s-monitor repository: oci://quay.io/codefresh/charts version: 4.11.14 @@ -148,7 +148,7 @@ dependencies: version: 0.49.87 - name: argo-platform repository: oci://quay.io/codefresh/charts - version: 1.3499.0 + version: 1.3502.0 - name: argo-hub-platform repository: oci://quay.io/codefresh/charts version: 0.1.23 @@ -170,5 +170,5 @@ dependencies: - name: onboarding-status repository: oci://quay.io/codefresh/charts version: 1.8.8 -digest: sha256:285c57c88431c64030358f7323e32bedea07866502c1162728450c91cb55beaa -generated: "2025-05-16T12:27:14.289482+03:00" +digest: sha256:d32862c859a59d908af72ce0b502a6beb1ed167062ff575fc92a87a76738037e +generated: "2025-05-19T12:12:32.196823+03:00" From 52b8a5aa44624135b21edb066bbf8f20e3377a5a Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Mon, 19 May 2025 13:32:22 +0300 Subject: [PATCH 58/66] onprem: 2.8.0 --- codefresh/README.md | 6 +++- codefresh/README.md.gotmpl | 2 ++ .../hooks/post-upgrade/update-system-re.yaml | 4 ++- .../pre-upgrade/delete-consul-svc-job.yaml | 4 ++- .../pre-upgrade/delete-consul-svc-rbac.yaml | 2 ++ .../other_templates_test.yaml | 18 ++++++++-- codefresh/values.yaml | 36 +++++++++++++------ 7 files changed, 55 insertions(+), 17 deletions(-) diff --git a/codefresh/README.md b/codefresh/README.md index 917ea3cf7..a333406ef 100644 --- a/codefresh/README.md +++ b/codefresh/README.md @@ -2115,6 +2115,8 @@ Default RabbitMQ image is changed from 3.x to 4.x - Changed default location for public images from `quay.io/codefresh` to `us-docker.pkg.dev/codefresh-inc/public-gcr-io/codefresh` +- `.Values.hooks` was splitted into `.Values.hooks.mongodb` and `.Values.hooks.consul` + ## Troubleshooting ### Error: Failed to validate connection to Docker daemon; caused by Error: certificate has expired @@ -2375,7 +2377,9 @@ After platform upgrade, Consul fails with the error `refusing to rejoin cluster | global.tolerations | list | `[]` | Global tolerations constraints Apply toleratons to all Codefresh subcharts. Will not be applied on Bitnami subcharts. | | helm-repo-manager | object | See below | helm-repo-manager | | hermes | object | See below | hermes | -| hooks | object | See below | Pre/post-upgrade Job hooks. Updates images in `system/default` runtime. | +| hooks | object | See below | Pre/post-upgrade Job hooks. | +| hooks.consul | object | `{"affinity":{},"enabled":true,"image":{"registry":"us-docker.pkg.dev/codefresh-inc/public-gcr-io","repository":"codefresh/kubectl","tag":"1.33.0"},"nodeSelector":{},"podSecurityContext":{},"resources":{},"tolerations":[]}` | Recreates `consul-headless` service due to duplicated ports in Service during the upgrade. | +| hooks.mongodb | object | `{"affinity":{},"enabled":true,"image":{"registry":"us-docker.pkg.dev/codefresh-inc/public-gcr-io","repository":"codefresh/mongosh","tag":"2.5.0"},"nodeSelector":{},"podSecurityContext":{},"resources":{},"tolerations":[]}` | Updates images in `system/default` runtime. | | imageCredentials | object | `{}` | Credentials for Image Pull Secret object | | ingress | object | `{"annotations":{"nginx.ingress.kubernetes.io/service-upstream":"true","nginx.ingress.kubernetes.io/ssl-redirect":"false","nginx.org/redirect-to-https":"false"},"enabled":true,"ingressClassName":"nginx-codefresh","labels":{},"nameOverride":"","services":{"internal-gateway":["/"]},"tls":{"cert":"","enabled":false,"existingSecret":"","key":"","secretName":"star.codefresh.io"}}` | Ingress | | ingress-nginx | object | See below | ingress-nginx Ref: https://github.com/kubernetes/ingress-nginx/blob/main/charts/ingress-nginx/values.yaml | diff --git a/codefresh/README.md.gotmpl b/codefresh/README.md.gotmpl index 83a208b58..0de71f7ae 100644 --- a/codefresh/README.md.gotmpl +++ b/codefresh/README.md.gotmpl @@ -2125,6 +2125,8 @@ Default RabbitMQ image is changed from 3.x to 4.x - Changed default location for public images from `quay.io/codefresh` to `us-docker.pkg.dev/codefresh-inc/public-gcr-io/codefresh` +- `.Values.hooks` was splitted into `.Values.hooks.mongodb` and `.Values.hooks.consul` + ## Troubleshooting ### Error: Failed to validate connection to Docker daemon; caused by Error: certificate has expired diff --git a/codefresh/templates/hooks/post-upgrade/update-system-re.yaml b/codefresh/templates/hooks/post-upgrade/update-system-re.yaml index aa21dba21..e72aa64c9 100644 --- a/codefresh/templates/hooks/post-upgrade/update-system-re.yaml +++ b/codefresh/templates/hooks/post-upgrade/update-system-re.yaml @@ -1,4 +1,5 @@ -{{ $libTemplateName := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }} +{{- if and .Values.hooks.mongodb.enabled }} +{{- $libTemplateName := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }} --- {{- $tolerations := .Values.hooks.tolerations | default list }} {{- $globalTolerations := .Values.global.tolerations | default list }} @@ -98,3 +99,4 @@ spec: volumes: {{- include (printf "%s.volumes" $libTemplateName) (dict "Values" .Values.hooks.volumes "context" $) | indent 8 }} restartPolicy: Never +{{- end }} diff --git a/codefresh/templates/hooks/pre-upgrade/delete-consul-svc-job.yaml b/codefresh/templates/hooks/pre-upgrade/delete-consul-svc-job.yaml index 88314e655..47c3822bc 100644 --- a/codefresh/templates/hooks/pre-upgrade/delete-consul-svc-job.yaml +++ b/codefresh/templates/hooks/pre-upgrade/delete-consul-svc-job.yaml @@ -1,4 +1,5 @@ -{{ $libTemplateName := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }} +{{- if and .Values.hooks.consul.enabled }} +{{- $libTemplateName := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }} {{- $tolerations := .Values.gencerts.tolerations | default list }} {{- $globalTolerations := .Values.global.tolerations | default list }} {{- $allToleration := concat $globalTolerations $tolerations }} @@ -60,3 +61,4 @@ spec: {{- toYaml . | nindent 6 }} {{- end }} restartPolicy: OnFailure +{{- end }} diff --git a/codefresh/templates/hooks/pre-upgrade/delete-consul-svc-rbac.yaml b/codefresh/templates/hooks/pre-upgrade/delete-consul-svc-rbac.yaml index 1fc639e4e..e369e9146 100644 --- a/codefresh/templates/hooks/pre-upgrade/delete-consul-svc-rbac.yaml +++ b/codefresh/templates/hooks/pre-upgrade/delete-consul-svc-rbac.yaml @@ -1,3 +1,4 @@ +{{- if and .Values.hooks.consul.enabled }} --- apiVersion: v1 kind: ServiceAccount @@ -43,3 +44,4 @@ subjects: - kind: ServiceAccount name: {{ include "codefresh.fullname" . }}-delete-consul-svc namespace: {{ .Release.Namespace }} +{{- end }} diff --git a/codefresh/tests/private-registry/other_templates_test.yaml b/codefresh/tests/private-registry/other_templates_test.yaml index d88d20a6a..409910184 100644 --- a/codefresh/tests/private-registry/other_templates_test.yaml +++ b/codefresh/tests/private-registry/other_templates_test.yaml @@ -4,7 +4,9 @@ templates: - seed/mongo-seed-job.yaml - seed/postgres-seed-job.yaml - gencerts/job-gencerts.yaml - - hooks/update-system-re.yaml + - hooks/post-upgdare/update-system-re.yaml + - hooks/pre-upgrade/set-mongodb-compat-version.yaml + - hooks/pre-upgrade/delete-consul-svc-job.yaml - legacy/postgres-clean-job.yaml tests: - it: "(Other templates) should test image private registry prefix" @@ -30,9 +32,19 @@ tests: - matchRegex: path: spec.template.spec.containers[0].image pattern: ^myregistry.io/.*$ - template: hooks/update-system-re.yaml + template: hooks/post-upgdare/update-system-re.yaml # postgres-clean-job template - matchRegex: path: spec.jobTemplate.spec.template.spec.containers[0].image pattern: ^myregistry.io/.*$ - template: legacy/postgres-clean-job.yaml \ No newline at end of file + template: legacy/postgres-clean-job.yaml + # set-mongodb-compact template + - matchRegex: + path: spec.template.spec.containers[0].image + pattern: ^myregistry.io/.*$ + template: hooks/pre-upgdare/set-mongodb-compat-version.yaml + # delete-consul- template + - matchRegex: + path: spec.template.spec.containers[0].image + pattern: ^myregistry.io/.*$ + template: hooks/pre-upgdare/delete-consul-svc-job.yaml diff --git a/codefresh/values.yaml b/codefresh/values.yaml index 02fc05905..e60b22f4f 100644 --- a/codefresh/values.yaml +++ b/codefresh/values.yaml @@ -434,19 +434,33 @@ global: allowInsecureImages: true # -- Pre/post-upgrade Job hooks. -# Updates images in `system/default` runtime. # @default -- See below hooks: - enabled: true - image: - registry: us-docker.pkg.dev/codefresh-inc/public-gcr-io - repository: codefresh/mongosh - tag: 2.5.0 - affinity: {} - nodeSelector: {} - podSecurityContext: {} - resources: {} - tolerations: [] + # -- Updates images in `system/default` runtime. + mongodb: + enabled: true + image: + registry: us-docker.pkg.dev/codefresh-inc/public-gcr-io + repository: codefresh/mongosh + tag: 2.5.0 + affinity: {} + nodeSelector: {} + podSecurityContext: {} + resources: {} + tolerations: [] + # -- Recreates `consul-headless` service due to duplicated ports in Service during the upgrade. + consul: + enabled: true + image: + registry: us-docker.pkg.dev/codefresh-inc/public-gcr-io + repository: codefresh/kubectl + tag: 1.33.0 + affinity: {} + nodeSelector: {} + podSecurityContext: {} + resources: {} + tolerations: [] + # -- Maintenance postgresql clean job. # Removes a certain number of the last records in the event store table. From 512de427a57ae8c6ca27a2bb8b5c2396bc7f961e Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Mon, 19 May 2025 13:36:29 +0300 Subject: [PATCH 59/66] onprem: 2.8.0 --- .../hooks/post-upgrade/update-system-re.yaml | 16 ++++++++-------- .../hooks/pre-upgrade/delete-consul-svc-job.yaml | 10 +++++----- 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/codefresh/templates/hooks/post-upgrade/update-system-re.yaml b/codefresh/templates/hooks/post-upgrade/update-system-re.yaml index e72aa64c9..8a73f66b2 100644 --- a/codefresh/templates/hooks/post-upgrade/update-system-re.yaml +++ b/codefresh/templates/hooks/post-upgrade/update-system-re.yaml @@ -1,13 +1,13 @@ {{- if and .Values.hooks.mongodb.enabled }} {{- $libTemplateName := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }} --- -{{- $tolerations := .Values.hooks.tolerations | default list }} +{{- $tolerations := .Values.hooks.mongodb.tolerations | default list }} {{- $globalTolerations := .Values.global.tolerations | default list }} {{- $allToleration := concat $globalTolerations $tolerations }} -{{- $affinity := .Values.hooks.affinity | default dict }} +{{- $affinity := .Values.hooks.mongodb.affinity | default dict }} {{- $globalAffinity := .Values.global.affinity | default dict }} {{- $allAffinity := mergeOverwrite $globalAffinity $affinity }} -{{- $nodeSelector := .Values.hooks.nodeSelector | default dict }} +{{- $nodeSelector := .Values.hooks.mongodb.nodeSelector | default dict }} {{- $globalNodeSelector := .Values.global.nodeSelector | default dict }} {{- $allNodeSelector := mergeOverwrite $globalNodeSelector $nodeSelector }} apiVersion: batch/v1 @@ -29,10 +29,10 @@ spec: spec: {{- include (printf "%s.image.pullSecrets" $libTemplateName ) . | nindent 6 }} securityContext: - {{- toYaml .Values.hooks.podSecurityContext | nindent 8 }} + {{- toYaml .Values.hooks.mongodb.podSecurityContext | nindent 8 }} containers: - name: {{ include "codefresh.fullname" . }}-update-system-re - image: {{ include (printf "%s.image.name" $libTemplateName) (dict "image" .Values.hooks.image "context" .) }} + image: {{ include (printf "%s.image.name" $libTemplateName) (dict "image" .Values.hooks.mongodb.image "context" .) }} envFrom: - secretRef: name: {{ include "codefresh.fullname" . }} @@ -81,9 +81,9 @@ spec: - | {{ .Files.Get "files/updateSystemReImages.sh" | nindent 12 }} resources: - {{- toYaml .Values.hooks.resources | nindent 10 }} + {{- toYaml .Values.hooks.mongodb.resources | nindent 10 }} volumeMounts: - {{- include (printf "%s.volumeMounts" $libTemplateName) (dict "Values" .Values.hooks.volumeMounts "context" $) | indent 10 }} + {{- include (printf "%s.volumeMounts" $libTemplateName) (dict "Values" .Values.hooks.mongodb.volumeMounts "context" $) | indent 10 }} {{- with $allNodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} @@ -97,6 +97,6 @@ spec: {{- toYaml . | nindent 6 }} {{- end }} volumes: - {{- include (printf "%s.volumes" $libTemplateName) (dict "Values" .Values.hooks.volumes "context" $) | indent 8 }} + {{- include (printf "%s.volumes" $libTemplateName) (dict "Values" .Values.hooks.mongodb.volumes "context" $) | indent 8 }} restartPolicy: Never {{- end }} diff --git a/codefresh/templates/hooks/pre-upgrade/delete-consul-svc-job.yaml b/codefresh/templates/hooks/pre-upgrade/delete-consul-svc-job.yaml index 47c3822bc..1e01d429a 100644 --- a/codefresh/templates/hooks/pre-upgrade/delete-consul-svc-job.yaml +++ b/codefresh/templates/hooks/pre-upgrade/delete-consul-svc-job.yaml @@ -1,12 +1,12 @@ {{- if and .Values.hooks.consul.enabled }} {{- $libTemplateName := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }} -{{- $tolerations := .Values.gencerts.tolerations | default list }} +{{- $tolerations := .Values.hooks.consul.tolerations | default list }} {{- $globalTolerations := .Values.global.tolerations | default list }} {{- $allToleration := concat $globalTolerations $tolerations }} -{{- $affinity := .Values.gencerts.affinity | default dict }} +{{- $affinity := .Values.hooks.consul.affinity | default dict }} {{- $globalAffinity := .Values.global.affinity | default dict }} {{- $allAffinity := mergeOverwrite $globalAffinity $affinity }} -{{- $nodeSelector := .Values.gencerts.nodeSelector | default dict }} +{{- $nodeSelector := .Values.hooks.consul.nodeSelector | default dict }} {{- $globalNodeSelector := .Values.global.nodeSelector | default dict }} {{- $allNodeSelector := mergeOverwrite $globalNodeSelector $nodeSelector }} --- @@ -33,7 +33,7 @@ spec: {{- include (printf "%s.image.pullSecrets" $libTemplateName ) . | nindent 6 }} containers: - name: {{ template "codefresh.fullname" . }}-delete-consul-svc - image: {{ include (printf "%s.image.name" $libTemplateName) (dict "image" .Values.gencerts.image "context" .) }} + image: {{ include (printf "%s.image.name" $libTemplateName) (dict "image" .Values.hooks.consul.image "context" .) }} command: - /bin/sh - -c @@ -47,7 +47,7 @@ spec: kubectl delete -n {{ .Release.Namespace }} $CONSUL_SVC_HEADLESS --ignore-not-found fi resources: - {{- toYaml .Values.gencerts.resources | nindent 10 }} + {{- toYaml .Values.hooks.consul.resources | nindent 10 }} {{- with $allNodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} From 38ab93204b506736e68e429faa54e982123bad2c Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Mon, 19 May 2025 13:46:53 +0300 Subject: [PATCH 60/66] onprem: 2.8.0 --- .../pre-upgrade/set-mongodb-compat-version.yaml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/codefresh/templates/hooks/pre-upgrade/set-mongodb-compat-version.yaml b/codefresh/templates/hooks/pre-upgrade/set-mongodb-compat-version.yaml index 6dadaa7cf..d8bfa0523 100644 --- a/codefresh/templates/hooks/pre-upgrade/set-mongodb-compat-version.yaml +++ b/codefresh/templates/hooks/pre-upgrade/set-mongodb-compat-version.yaml @@ -1,13 +1,13 @@ {{ $libTemplateName := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }} {{- if .Values.mongodb.migration.enabled }} --- -{{- $tolerations := .Values.hooks.tolerations | default list }} +{{- $tolerations := .Values.hooks.mongodb.tolerations | default list }} {{- $globalTolerations := .Values.global.tolerations | default list }} {{- $allToleration := concat $globalTolerations $tolerations }} -{{- $affinity := .Values.hooks.affinity | default dict }} +{{- $affinity := .Values.hooks.mongodb.affinity | default dict }} {{- $globalAffinity := .Values.global.affinity | default dict }} {{- $allAffinity := mergeOverwrite $globalAffinity $affinity }} -{{- $nodeSelector := .Values.hooks.nodeSelector | default dict }} +{{- $nodeSelector := .Values.hooks.mongodb.nodeSelector | default dict }} {{- $globalNodeSelector := .Values.global.nodeSelector | default dict }} {{- $allNodeSelector := mergeOverwrite $globalNodeSelector $nodeSelector }} apiVersion: batch/v1 @@ -32,10 +32,10 @@ spec: - name: "{{ .Release.Name }}-{{ .Values.global.codefresh }}-registry" {{- end }} securityContext: - {{- toYaml .Values.hooks.podSecurityContext | nindent 8 }} + {{- toYaml .Values.hooks.mongodb.podSecurityContext | nindent 8 }} containers: - name: {{ include "codefresh.fullname" . }}-set-mongodb-compat-version - image: {{ include (printf "%s.image.name" $libTemplateName) (dict "image" .Values.hooks.image "context" .) }} + image: {{ include (printf "%s.image.name" $libTemplateName) (dict "image" .Values.hooks.mongodb.image "context" .) }} envFrom: - secretRef: name: {{ include "codefresh.fullname" . }} @@ -60,9 +60,9 @@ spec: - | {{ .Files.Get "files/mongoSetCompatibilityVersion.sh" | nindent 12 }} resources: - {{- toYaml .Values.hooks.resources | nindent 10 }} + {{- toYaml .Values.hooks.mongodb.resources | nindent 10 }} volumeMounts: - {{- include (printf "%s.volumeMounts" $libTemplateName) (dict "Values" .Values.hooks.volumeMounts "context" $) | indent 10 }} + {{- include (printf "%s.volumeMounts" $libTemplateName) (dict "Values" .Values.hooks.mongodb.volumeMounts "context" $) | indent 10 }} {{- with $allNodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} @@ -76,6 +76,6 @@ spec: {{- toYaml . | nindent 6 }} {{- end }} volumes: - {{- include (printf "%s.volumes" $libTemplateName) (dict "Values" .Values.hooks.volumes "context" $) | indent 8 }} + {{- include (printf "%s.volumes" $libTemplateName) (dict "Values" .Values.hooks.mongodb.volumes "context" $) | indent 8 }} restartPolicy: Never {{- end }} From de63d9ba2eb864250205bfa1f52539ae3a88c9a2 Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Mon, 19 May 2025 15:06:30 +0300 Subject: [PATCH 61/66] onprem: 2.8.0 --- codefresh/README.md | 9 +++++++++ codefresh/README.md.gotmpl | 9 +++++++++ .../hooks/pre-upgrade/set-mongodb-compat-version.yaml | 5 +---- codefresh/values.yaml | 2 +- 4 files changed, 20 insertions(+), 5 deletions(-) diff --git a/codefresh/README.md b/codefresh/README.md index a333406ef..1aadd8133 100644 --- a/codefresh/README.md +++ b/codefresh/README.md @@ -2071,6 +2071,15 @@ Default MongoDB image is changed from 6.x to 7.x. If you run external MongoDB (i.e. [Atlas](https://cloud.mongodb.com)), it is **required** to upgrade it to 7.x after upgrading Codefresh On-Prem to 2.8.x. +For backward compatibility (in case you need to rollback to 6.x), you can set [`featureCompatibilityVersion`](https://www.mongodb.com/docs/v6.0/reference/command/setFeatureCompatibilityVersion/) to `6.0` in your values file. + +```yaml +mongodb: + migration: + enabled: true + featureCompatibilityVersion: "6.0" +``` + ### PostgreSQL update Default PostgreSQL image is changed from 13.x to 17.x diff --git a/codefresh/README.md.gotmpl b/codefresh/README.md.gotmpl index 0de71f7ae..2d3038ebe 100644 --- a/codefresh/README.md.gotmpl +++ b/codefresh/README.md.gotmpl @@ -2081,6 +2081,15 @@ Default MongoDB image is changed from 6.x to 7.x. If you run external MongoDB (i.e. [Atlas](https://cloud.mongodb.com)), it is **required** to upgrade it to 7.x after upgrading Codefresh On-Prem to 2.8.x. +For backward compatibility (in case you need to rollback to 6.x), you can set [`featureCompatibilityVersion`](https://www.mongodb.com/docs/v6.0/reference/command/setFeatureCompatibilityVersion/) to `6.0` in your values file. + +```yaml +mongodb: + migration: + enabled: true + featureCompatibilityVersion: "6.0" +``` + ### PostgreSQL update Default PostgreSQL image is changed from 13.x to 17.x diff --git a/codefresh/templates/hooks/pre-upgrade/set-mongodb-compat-version.yaml b/codefresh/templates/hooks/pre-upgrade/set-mongodb-compat-version.yaml index d8bfa0523..a6ea9cec3 100644 --- a/codefresh/templates/hooks/pre-upgrade/set-mongodb-compat-version.yaml +++ b/codefresh/templates/hooks/pre-upgrade/set-mongodb-compat-version.yaml @@ -27,10 +27,7 @@ spec: labels: {{ include "codefresh.labels" . | nindent 8 }} spec: - {{- if .Values.global.imageRegistry }} - imagePullSecrets: - - name: "{{ .Release.Name }}-{{ .Values.global.codefresh }}-registry" - {{- end }} + {{- include (printf "%s.image.pullSecrets" $libTemplateName ) . | nindent 6 }} securityContext: {{- toYaml .Values.hooks.mongodb.podSecurityContext | nindent 8 }} containers: diff --git a/codefresh/values.yaml b/codefresh/values.yaml index e60b22f4f..c1b7a50f5 100644 --- a/codefresh/values.yaml +++ b/codefresh/values.yaml @@ -1102,7 +1102,7 @@ mongodb: cpu: 200m memory: 256Mi migration: - enabled: true + enabled: false featureCompatibilityVersion: "6.0" # -- nats From 54114ebe08e5849a825004c7f9d5c2789cdde118 Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Mon, 19 May 2025 15:47:50 +0300 Subject: [PATCH 62/66] onprem: 2.8.0 --- .../tests/private-registry/other_templates_test.yaml | 8 ++++---- codefresh/tests/values/private-registry.yaml | 7 ++++++- codefresh/values.yaml | 2 +- 3 files changed, 11 insertions(+), 6 deletions(-) diff --git a/codefresh/tests/private-registry/other_templates_test.yaml b/codefresh/tests/private-registry/other_templates_test.yaml index 409910184..ce8cdf8ca 100644 --- a/codefresh/tests/private-registry/other_templates_test.yaml +++ b/codefresh/tests/private-registry/other_templates_test.yaml @@ -4,7 +4,7 @@ templates: - seed/mongo-seed-job.yaml - seed/postgres-seed-job.yaml - gencerts/job-gencerts.yaml - - hooks/post-upgdare/update-system-re.yaml + - hooks/post-upgrade/update-system-re.yaml - hooks/pre-upgrade/set-mongodb-compat-version.yaml - hooks/pre-upgrade/delete-consul-svc-job.yaml - legacy/postgres-clean-job.yaml @@ -32,7 +32,7 @@ tests: - matchRegex: path: spec.template.spec.containers[0].image pattern: ^myregistry.io/.*$ - template: hooks/post-upgdare/update-system-re.yaml + template: hooks/post-upgrade/update-system-re.yaml # postgres-clean-job template - matchRegex: path: spec.jobTemplate.spec.template.spec.containers[0].image @@ -42,9 +42,9 @@ tests: - matchRegex: path: spec.template.spec.containers[0].image pattern: ^myregistry.io/.*$ - template: hooks/pre-upgdare/set-mongodb-compat-version.yaml + template: hooks/pre-upgrade/set-mongodb-compat-version.yaml # delete-consul- template - matchRegex: path: spec.template.spec.containers[0].image pattern: ^myregistry.io/.*$ - template: hooks/pre-upgdare/delete-consul-svc-job.yaml + template: hooks/pre-upgrade/delete-consul-svc-job.yaml diff --git a/codefresh/tests/values/private-registry.yaml b/codefresh/tests/values/private-registry.yaml index d8b703e16..36ef99078 100644 --- a/codefresh/tests/values/private-registry.yaml +++ b/codefresh/tests/values/private-registry.yaml @@ -8,4 +8,9 @@ ingress-nginx: registry: myregistry.io cf-oidc-provider: - enabled: true \ No newline at end of file + enabled: true + +mongodb: + migration: + enabled: true + featureCompatibilityVersion: "6.0" diff --git a/codefresh/values.yaml b/codefresh/values.yaml index c1b7a50f5..e60b22f4f 100644 --- a/codefresh/values.yaml +++ b/codefresh/values.yaml @@ -1102,7 +1102,7 @@ mongodb: cpu: 200m memory: 256Mi migration: - enabled: false + enabled: true featureCompatibilityVersion: "6.0" # -- nats From aa1f8dc8ee749875dc2a2ed15eb94734e719266f Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Mon, 19 May 2025 16:04:06 +0300 Subject: [PATCH 63/66] onprem: 2.8.0 --- .../tests/misc/global_constrains_test.yaml | 44 ++++++++++++++++--- 1 file changed, 38 insertions(+), 6 deletions(-) diff --git a/codefresh/tests/misc/global_constrains_test.yaml b/codefresh/tests/misc/global_constrains_test.yaml index 6127f95f8..ebc375dcd 100644 --- a/codefresh/tests/misc/global_constrains_test.yaml +++ b/codefresh/tests/misc/global_constrains_test.yaml @@ -6,7 +6,7 @@ templates: - seed/mongo-seed-job.yaml - seed/postgres-seed-job.yaml - gencerts/job-gencerts.yaml - - hooks/update-system-re.yaml + - hooks/post-upgrade/update-system-re.yaml tests: - it: argo-platform-abac should have global tolerations/nodeSelector/affinity/imagePullSecret values: @@ -39,8 +39,8 @@ tests: operator: "In" values: - "value" - - + + - it: argo-platform-analytics-reporter should have global tolerations/nodeSelector/affinity/imagePullSecret values: - ../values/global.yaml @@ -875,7 +875,7 @@ tests: operator: "In" values: - "value" - + - it: nomios should have global tolerations/nodeSelector/affinity/imagePullSecret values: - ../values/global.yaml @@ -1002,7 +1002,7 @@ tests: - key: "key" operator: "In" values: - - "value" + - "value" - it: runtime-environment-manager should have global tolerations/nodeSelector/affinity/imagePullSecret values: @@ -1167,7 +1167,39 @@ tests: - it: update-system-re job should have global tolerations/nodeSelector/affinity/imagePullSecret values: - ../values/global.yaml - template: hooks/update-system-re.yaml + template: hooks/post-upgrade/update-system-re.yaml + asserts: + - contains: + path: spec.template.spec.imagePullSecrets + content: + name: my-secret + - contains: + path: spec.template.spec.tolerations + content: + key: "key" + operator: "Equal" + value: "value" + effect: "NoSchedule" + - equal: + path: spec.template.spec.nodeSelector + value: + key: "value" + - equal: + path: spec.template.spec.affinity + value: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: "key" + operator: "In" + values: + - "value" + + - it: delete-consul-svc-job should have global tolerations/nodeSelector/affinity/imagePullSecret + values: + - ../values/global.yaml + template: hooks/pre-upgrade/delete-consul-svc-job.yaml asserts: - contains: path: spec.template.spec.imagePullSecrets From 230b438c56a793b9a8107e85a5139306532ba6ef Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Mon, 19 May 2025 16:27:45 +0300 Subject: [PATCH 64/66] onprem: 2.8.0 --- codefresh/tests/misc/global_constrains_test.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/codefresh/tests/misc/global_constrains_test.yaml b/codefresh/tests/misc/global_constrains_test.yaml index ebc375dcd..903a5358f 100644 --- a/codefresh/tests/misc/global_constrains_test.yaml +++ b/codefresh/tests/misc/global_constrains_test.yaml @@ -7,6 +7,7 @@ templates: - seed/postgres-seed-job.yaml - gencerts/job-gencerts.yaml - hooks/post-upgrade/update-system-re.yaml + - hooks/pre-upgrade/delete-consul-svc-job.yaml tests: - it: argo-platform-abac should have global tolerations/nodeSelector/affinity/imagePullSecret values: From 6edc5304a41a9c94682fd3487bb403f0e3815c27 Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Mon, 19 May 2025 23:09:24 +0300 Subject: [PATCH 65/66] onprem: 2.8.0 --- codefresh/Chart.yaml | 6 +----- codefresh/README.md | 1 - codefresh/values.yaml | 3 --- 3 files changed, 1 insertion(+), 9 deletions(-) diff --git a/codefresh/Chart.yaml b/codefresh/Chart.yaml index ff3e5d75f..59e0e1a85 100644 --- a/codefresh/Chart.yaml +++ b/codefresh/Chart.yaml @@ -18,7 +18,7 @@ annotations: artifacthub.io/containsSecurityUpdates: "true" # supported kinds are added, changed, deprecated, removed, fixed and security. artifacthub.io/changes: | - - kind: Changed + - kind: changed description: "Initial 2.8.0 release" dependencies: - name: cf-common @@ -264,7 +264,3 @@ dependencies: version: "*" repository: oci://quay.io/codefresh/charts condition: salesforce-reporter.enabled - - name: onboarding-status - version: "*" - repository: oci://quay.io/codefresh/charts - condition: onboarding-status.enabled diff --git a/codefresh/README.md b/codefresh/README.md index 1aadd8133..ec4d301e0 100644 --- a/codefresh/README.md +++ b/codefresh/README.md @@ -2410,7 +2410,6 @@ After platform upgrade, Consul fails with the error `refusing to rejoin cluster | mongodb | object | See below | mongodb Ref: https://github.com/bitnami/charts/blob/main/bitnami/mongodb/values.yaml | | nats | object | See below | nats Ref: https://github.com/bitnami/charts/blob/main/bitnami/nats/values.yaml | | nomios | object | See below | nomios | -| onboarding-status.enabled | bool | `false` | | | payments.enabled | bool | `false` | | | pipeline-manager | object | See below | pipeline-manager | | postgresql | object | See below | postgresql Ref: https://github.com/bitnami/charts/blob/main/bitnami/postgresql/values.yaml | diff --git a/codefresh/values.yaml b/codefresh/values.yaml index e60b22f4f..9a4b9df36 100644 --- a/codefresh/values.yaml +++ b/codefresh/values.yaml @@ -1958,6 +1958,3 @@ segment-reporter: salesforce-reporter: enabled: false - -onboarding-status: - enabled: false From 34cb84288ef7748d0203f5790b424f21e06740a5 Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Mon, 19 May 2025 23:15:37 +0300 Subject: [PATCH 66/66] onprem: 2.8.0 --- codefresh/Chart.lock | 45 +++++++++++++++++++++----------------------- 1 file changed, 21 insertions(+), 24 deletions(-) diff --git a/codefresh/Chart.lock b/codefresh/Chart.lock index b004a6621..98cc11773 100644 --- a/codefresh/Chart.lock +++ b/codefresh/Chart.lock @@ -64,58 +64,58 @@ dependencies: version: 1.14.22 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.279.1 + version: 21.279.2 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.279.1 + version: 21.279.2 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.279.1 + version: 21.279.2 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.279.1 + version: 21.279.2 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.279.1 + version: 21.279.2 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.279.1 + version: 21.279.2 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.279.1 + version: 21.279.2 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.279.1 + version: 21.279.2 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.279.1 + version: 21.279.2 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.279.1 + version: 21.279.2 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.279.1 + version: 21.279.2 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.279.1 + version: 21.279.2 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.279.1 + version: 21.279.2 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.279.1 + version: 21.279.2 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.279.1 + version: 21.279.2 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.279.1 + version: 21.279.2 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.279.1 + version: 21.279.2 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.279.1 + version: 21.279.2 - name: cfui repository: oci://quay.io/codefresh/charts version: 14.98.27 @@ -148,7 +148,7 @@ dependencies: version: 0.49.87 - name: argo-platform repository: oci://quay.io/codefresh/charts - version: 1.3502.0 + version: 1.3506.0 - name: argo-hub-platform repository: oci://quay.io/codefresh/charts version: 0.1.23 @@ -167,8 +167,5 @@ dependencies: - name: salesforce-reporter repository: oci://quay.io/codefresh/charts version: 1.30.11 -- name: onboarding-status - repository: oci://quay.io/codefresh/charts - version: 1.8.8 -digest: sha256:d32862c859a59d908af72ce0b502a6beb1ed167062ff575fc92a87a76738037e -generated: "2025-05-19T12:12:32.196823+03:00" +digest: sha256:814b879b8e7b0b276c66b821c69c2c22febbbec4a30fed89117d50530ae0ea5e +generated: "2025-05-19T23:11:03.858637+03:00"