diff --git a/codefresh/Chart.lock b/codefresh/Chart.lock index 46471c40c..678905846 100644 --- a/codefresh/Chart.lock +++ b/codefresh/Chart.lock @@ -7,7 +7,7 @@ dependencies: version: 0.10.2 - name: consul repository: https://charts.bitnami.com/bitnami - version: 11.4.10 + version: 11.4.17 - name: mongodb repository: https://charts.bitnami.com/bitnami version: 14.4.1 @@ -19,7 +19,7 @@ dependencies: version: 12.0.4 - name: redis repository: https://charts.bitnami.com/bitnami - version: 20.11.3 + version: 20.13.4 - name: redis-ha repository: https://dandydeveloper.github.io/charts version: 4.26.1 @@ -58,67 +58,67 @@ dependencies: version: 2.33.7 - name: pipeline-manager repository: oci://quay.io/codefresh/charts - version: 3.138.4 + version: 3.138.5 - name: gitops-dashboard-manager repository: oci://quay.io/codefresh/charts version: 1.14.22 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.13 + version: 21.274.14 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.13 + version: 21.274.14 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.13 + version: 21.274.14 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.13 + version: 21.274.14 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.13 + version: 21.274.14 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.13 + version: 21.274.14 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.13 + version: 21.274.14 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.13 + version: 21.274.14 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.13 + version: 21.274.14 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.13 + version: 21.274.14 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.13 + version: 21.274.14 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.13 + version: 21.274.14 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.13 + version: 21.274.14 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.13 + version: 21.274.14 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.13 + version: 21.274.14 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.13 + version: 21.274.14 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.13 + version: 21.274.14 - name: cfapi repository: oci://quay.io/codefresh/charts - version: 21.274.13 + version: 21.274.14 - name: cfui repository: oci://quay.io/codefresh/charts - version: 14.97.50 + version: 14.97.51 - name: k8s-monitor repository: oci://quay.io/codefresh/charts version: 4.11.14 @@ -170,5 +170,5 @@ dependencies: - name: onboarding-status repository: oci://quay.io/codefresh/charts version: 1.8.8 -digest: sha256:95c63dadcae268e4dda42cd7b59f80671a522e88eec616dc9faa71a1748b9766 -generated: "2025-05-08T10:19:03.299891+03:00" +digest: sha256:a62a6e4e034aee314dce2de3984c60fa402806015df7fe0080a5df2491ea23d8 +generated: "2025-05-13T15:30:41.843589+03:00" diff --git a/codefresh/Chart.yaml b/codefresh/Chart.yaml index 54d9547a3..2c4c88f8d 100644 --- a/codefresh/Chart.yaml +++ b/codefresh/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 description: Helm Chart for Codefresh On-Prem name: codefresh -version: 2.7.11 +version: 2.7.12 keywords: - codefresh home: https://codefresh.io/ @@ -18,8 +18,10 @@ annotations: artifacthub.io/containsSecurityUpdates: "true" # supported kinds are added, changed, deprecated, removed, fixed and security. artifacthub.io/changes: | + - kind: security + description: "Misc security fixes" - kind: fixed - description: "argo-hub-platform image repository" + description: "cf-ui: fix Back to Application button in Admin panel for GitOps system type" dependencies: - name: cf-common repository: oci://quay.io/codefresh/charts @@ -29,7 +31,7 @@ dependencies: version: 0.10.2 condition: internal-gateway.enabled - name: consul - version: 11.4.10 + version: 11.4.17 repository: https://charts.bitnami.com/bitnami condition: consul.enabled - name: mongodb @@ -45,7 +47,7 @@ dependencies: repository: oci://registry-1.docker.io/bitnamicharts condition: postgresql-ha.enabled - name: redis - version: 20.11.3 + version: 20.13.4 repository: https://charts.bitnami.com/bitnami condition: redis.enabled - name: redis-ha diff --git a/codefresh/README.md b/codefresh/README.md index 22f9a7696..351945ee7 100644 --- a/codefresh/README.md +++ b/codefresh/README.md @@ -1,6 +1,6 @@ ## Codefresh On-Premises -![Version: 2.7.11](https://img.shields.io/badge/Version-2.7.11-informational?style=flat-square) ![AppVersion: 2.7.0](https://img.shields.io/badge/AppVersion-2.7.0-informational?style=flat-square) +![Version: 2.7.12](https://img.shields.io/badge/Version-2.7.12-informational?style=flat-square) ![AppVersion: 2.7.0](https://img.shields.io/badge/AppVersion-2.7.0-informational?style=flat-square) Helm chart for deploying [Codefresh On-Premises](https://codefresh.io/docs/docs/getting-started/intro-to-codefresh/) to Kubernetes. diff --git a/codefresh/templates/hooks/delete-consul-svc/delete-consul-svc-job.yaml b/codefresh/templates/hooks/delete-consul-svc/delete-consul-svc-job.yaml new file mode 100644 index 000000000..88314e655 --- /dev/null +++ b/codefresh/templates/hooks/delete-consul-svc/delete-consul-svc-job.yaml @@ -0,0 +1,62 @@ +{{ $libTemplateName := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }} +{{- $tolerations := .Values.gencerts.tolerations | default list }} +{{- $globalTolerations := .Values.global.tolerations | default list }} +{{- $allToleration := concat $globalTolerations $tolerations }} +{{- $affinity := .Values.gencerts.affinity | default dict }} +{{- $globalAffinity := .Values.global.affinity | default dict }} +{{- $allAffinity := mergeOverwrite $globalAffinity $affinity }} +{{- $nodeSelector := .Values.gencerts.nodeSelector | default dict }} +{{- $globalNodeSelector := .Values.global.nodeSelector | default dict }} +{{- $allNodeSelector := mergeOverwrite $globalNodeSelector $nodeSelector }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ template "codefresh.fullname" . }}-delete-consul-svc + labels: + {{ include "codefresh.labels" . | nindent 4 }} + annotations: + helm.sh/hook: pre-upgrade + helm.sh/hook-weight: "5" + helm.sh/hook-delete-policy: hook-succeeded,before-hook-creation,hook-failed +spec: + ttlSecondsAfterFinished: 300 + backoffLimit: 0 + template: + metadata: + name: {{ template "codefresh.fullname" . }}-delete-consul-svc + labels: + {{ include "codefresh.labels" . | nindent 8 }} + spec: + serviceAccountName: {{ template "codefresh.fullname" . }}-delete-consul-svc + {{- include (printf "%s.image.pullSecrets" $libTemplateName ) . | nindent 6 }} + containers: + - name: {{ template "codefresh.fullname" . }}-delete-consul-svc + image: {{ include (printf "%s.image.name" $libTemplateName) (dict "image" .Values.gencerts.image "context" .) }} + command: + - /bin/sh + - -c + - | + set -e + CONSUL_SVC_HEADLESS=$(kubectl get svc -n {{ .Release.Namespace }} \ + -l app.kubernetes.io/instance={{ include "codefresh.fullname" . }}\ + -l app.kubernetes.io/name=consul \ + -o name | grep headless ) + if [ -n "$CONSUL_SVC_HEADLESS" ]; then + kubectl delete -n {{ .Release.Namespace }} $CONSUL_SVC_HEADLESS --ignore-not-found + fi + resources: + {{- toYaml .Values.gencerts.resources | nindent 10 }} + {{- with $allNodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with $allAffinity }} + affinity: + {{- toYaml . | nindent 8}} + {{- end }} + {{- with $allToleration }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + restartPolicy: OnFailure diff --git a/codefresh/templates/hooks/delete-consul-svc/delete-consul-svc-rbac.yaml b/codefresh/templates/hooks/delete-consul-svc/delete-consul-svc-rbac.yaml new file mode 100644 index 000000000..1fc639e4e --- /dev/null +++ b/codefresh/templates/hooks/delete-consul-svc/delete-consul-svc-rbac.yaml @@ -0,0 +1,45 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "codefresh.fullname" . }}-delete-consul-svc + namespace: {{ .Release.Namespace }} + annotations: + helm.sh/hook: pre-upgrade + helm.sh/hook-weight: "-10" + helm.sh/hook-delete-policy: hook-succeeded,before-hook-creation,hook-failed +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "codefresh.fullname" . }}-delete-consul-svc + namespace: {{ .Release.Namespace }} + annotations: + helm.sh/hook: pre-upgrade + helm.sh/hook-weight: "-10" + helm.sh/hook-delete-policy: hook-succeeded,before-hook-creation,hook-failed +rules: + - apiGroups: + - "" + resources: + - services + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "codefresh.fullname" . }}-delete-consul-svc + namespace: {{ .Release.Namespace }} + annotations: + helm.sh/hook: pre-upgrade + helm.sh/hook-weight: "-10" + helm.sh/hook-delete-policy: hook-succeeded,before-hook-creation,hook-failed +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "codefresh.fullname" . }}-delete-consul-svc +subjects: + - kind: ServiceAccount + name: {{ include "codefresh.fullname" . }}-delete-consul-svc + namespace: {{ .Release.Namespace }} diff --git a/codefresh/values.yaml b/codefresh/values.yaml index 14ffd7592..9f09fe5e6 100644 --- a/codefresh/values.yaml +++ b/codefresh/values.yaml @@ -14,7 +14,7 @@ gencerts: image: registry: quay.io repository: codefresh/kubectl - tag: 1.31.2 + tag: 1.33.0 rbac: enabled: true ttlSecondsAfterFinished: 300 @@ -477,7 +477,7 @@ runtimeImages: DOCKER_PULLER_IMAGE: quay.io/codefresh/cf-docker-puller:8.0.20 DOCKER_PUSHER_IMAGE: quay.io/codefresh/cf-docker-pusher:6.0.17 DOCKER_TAG_PUSHER_IMAGE: quay.io/codefresh/cf-docker-tag-pusher:1.3.15 - ENGINE_IMAGE: quay.io/codefresh/engine:1.177.6 + ENGINE_IMAGE: quay.io/codefresh/engine:1.177.7 FS_OPS_IMAGE: quay.io/codefresh/fs-ops:1.2.8 GIT_CLONE_IMAGE: quay.io/codefresh/cf-git-cloner:10.2.0 KUBE_DEPLOY: quay.io/codefresh/cf-deploy-kubernetes:16.2.6