diff --git a/codefresh/Chart.yaml b/codefresh/Chart.yaml index ff7781edd..1036fbc6a 100644 --- a/codefresh/Chart.yaml +++ b/codefresh/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 description: Helm Chart for Codefresh On-Prem name: codefresh -version: 2.8.5 +version: 2.8.6 keywords: - codefresh home: https://codefresh.io/ @@ -18,8 +18,8 @@ annotations: # artifacthub.io/containsSecurityUpdates: "true" # supported kinds are added, changed, deprecated, removed, fixed and security. artifacthub.io/changes: | - - kind: security - description: "Contains security fixes in cf-api" + - kind: added + description: "Add pre-upgrade hook to enable stable feature flags in rabbitmq" dependencies: - name: cf-common repository: oci://quay.io/codefresh/charts diff --git a/codefresh/README.md b/codefresh/README.md index 80abe860f..990c51dba 100644 --- a/codefresh/README.md +++ b/codefresh/README.md @@ -1,6 +1,6 @@ ## Codefresh On-Premises -![Version: 2.8.5](https://img.shields.io/badge/Version-2.8.5-informational?style=flat-square) ![AppVersion: 2.8.0](https://img.shields.io/badge/AppVersion-2.8.0-informational?style=flat-square) +![Version: 2.8.6](https://img.shields.io/badge/Version-2.8.6-informational?style=flat-square) ![AppVersion: 2.8.0](https://img.shields.io/badge/AppVersion-2.8.0-informational?style=flat-square) Helm chart for deploying [Codefresh On-Premises](https://codefresh.io/docs/docs/getting-started/intro-to-codefresh/) to Kubernetes. @@ -2322,7 +2322,11 @@ spec: ### RabbitMQ update -Default RabbitMQ image is changed from 3.x to 4.x +Default RabbitMQ image is changed from 3.x to 4.0 + +If you run external RabbitMQ, follow the [official instructions](https://www.rabbitmq.com/docs/upgrade) to upgrade to 4.0 + +For built-in RabbitMQ `bitnami/rabbitmq` subchart, pre-upgrade hook was added to enable all stable feature flags. #### Affected values @@ -2595,6 +2599,7 @@ After platform upgrade, Consul fails with the error `refusing to rejoin cluster | hooks | object | See below | Pre/post-upgrade Job hooks. | | hooks.consul | object | `{"affinity":{},"enabled":true,"image":{"registry":"us-docker.pkg.dev/codefresh-inc/public-gcr-io","repository":"codefresh/kubectl","tag":"1.33.0"},"nodeSelector":{},"podSecurityContext":{},"resources":{},"tolerations":[]}` | Recreates `consul-headless` service due to duplicated ports in Service during the upgrade. | | hooks.mongodb | object | `{"affinity":{},"enabled":true,"image":{"registry":"us-docker.pkg.dev/codefresh-inc/public-gcr-io","repository":"codefresh/mongosh","tag":"2.5.0"},"nodeSelector":{},"podSecurityContext":{},"resources":{},"tolerations":[]}` | Updates images in `system/default` runtime. | +| hooks.rabbitmq | object | `{"affinity":{},"enabled":true,"image":{"registry":"us-docker.pkg.dev/codefresh-inc/public-gcr-io","repository":"codefresh/rabbitmqadmin","tag":"2.1.0"},"nodeSelector":{},"podSecurityContext":{},"resources":{},"tolerations":[]}` | Enable stable feature flags in RabbitMQ. | | imageCredentials | object | `{}` | Credentials for Image Pull Secret object | | ingress | object | `{"annotations":{"nginx.ingress.kubernetes.io/service-upstream":"true","nginx.ingress.kubernetes.io/ssl-redirect":"false","nginx.org/redirect-to-https":"false"},"enabled":true,"ingressClassName":"nginx-codefresh","labels":{},"nameOverride":"","services":{"internal-gateway":["/"]},"tls":{"cert":"","enabled":false,"existingSecret":"","key":"","secretName":"star.codefresh.io"}}` | Ingress | | ingress-nginx | object | See below | ingress-nginx Ref: https://github.com/kubernetes/ingress-nginx/blob/main/charts/ingress-nginx/values.yaml | diff --git a/codefresh/README.md.gotmpl b/codefresh/README.md.gotmpl index 4492db31b..538c177d0 100644 --- a/codefresh/README.md.gotmpl +++ b/codefresh/README.md.gotmpl @@ -2331,7 +2331,11 @@ spec: ### RabbitMQ update -Default RabbitMQ image is changed from 3.x to 4.x +Default RabbitMQ image is changed from 3.x to 4.0 + +If you run external RabbitMQ, follow the [official instructions](https://www.rabbitmq.com/docs/upgrade) to upgrade to 4.0 + +For built-in RabbitMQ `bitnami/rabbitmq` subchart, pre-upgrade hook was added to enable all stable feature flags. #### Affected values diff --git a/codefresh/templates/hooks/pre-upgrade/enable-stable-flags-rabbitmq-job.yaml b/codefresh/templates/hooks/pre-upgrade/enable-stable-flags-rabbitmq-job.yaml new file mode 100644 index 000000000..cbff56fa1 --- /dev/null +++ b/codefresh/templates/hooks/pre-upgrade/enable-stable-flags-rabbitmq-job.yaml @@ -0,0 +1,83 @@ +{{- if and .Values.hooks.rabbitmq.enabled .Values.rabbitmq.enabled }} +{{- $libTemplateName := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }} +{{- $tolerations := .Values.hooks.consul.tolerations | default list }} +{{- $globalTolerations := .Values.global.tolerations | default list }} +{{- $allToleration := concat $globalTolerations $tolerations }} +{{- $affinity := .Values.hooks.consul.affinity | default dict }} +{{- $globalAffinity := .Values.global.affinity | default dict }} +{{- $allAffinity := mergeOverwrite $globalAffinity $affinity }} +{{- $nodeSelector := .Values.hooks.consul.nodeSelector | default dict }} +{{- $globalNodeSelector := .Values.global.nodeSelector | default dict }} +{{- $allNodeSelector := mergeOverwrite $globalNodeSelector $nodeSelector }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ template "codefresh.fullname" . }}-rabbitmq-enable-stable-flags + labels: + {{ include "codefresh.labels" . | nindent 4 }} + annotations: + helm.sh/hook: pre-upgrade + helm.sh/hook-weight: "5" + helm.sh/hook-delete-policy: hook-succeeded,before-hook-creation +spec: + ttlSecondsAfterFinished: 300 + backoffLimit: 6 + template: + metadata: + name: {{ template "codefresh.fullname" . }}-rabbitmq-enable-stable-flags + labels: + {{ include "codefresh.labels" . | nindent 8 }} + spec: + {{- include (printf "%s.image.pullSecrets" $libTemplateName ) . | nindent 6 }} + containers: + - name: {{ template "codefresh.fullname" . }}-rabbitmq-enable-stable-flags + image: {{ include (printf "%s.image.name" $libTemplateName) (dict "image" .Values.hooks.rabbitmq.image "context" .) }} + env: + - name: RABBITMQADMIN_TARGET_HOST + valueFrom: + secretKeyRef: + name: {{ template "codefresh.fullname" . }}-rabbitmq-enable-stable-flags + key: RABBITMQADMIN_TARGET_HOST + - name: RABBITMQADMIN_TARGET_PORT + valueFrom: + secretKeyRef: + name: {{ template "codefresh.fullname" . }}-rabbitmq-enable-stable-flags + key: RABBITMQADMIN_TARGET_PORT + - name: RABBITMQADMIN_USERNAME + valueFrom: + secretKeyRef: + name: {{ template "codefresh.fullname" . }}-rabbitmq-enable-stable-flags + key: RABBITMQADMIN_USERNAME + - name: RABBITMQADMIN_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "codefresh.fullname" . }}-rabbitmq-enable-stable-flags + key: RABBITMQADMIN_PASSWORD + command: + - /bin/bash + - -c + - | + set -x + rabbitmqadmin \ + --host=$RABBITMQADMIN_TARGET_HOST \ + --port=$RABBITMQADMIN_TARGET_PORT \ + --username=$RABBITMQADMIN_USERNAME \ + --password=$RABBITMQADMIN_PASSWORD \ + feature_flags enable_all + resources: + {{- toYaml .Values.hooks.rabbitmq.resources | nindent 10 }} + {{- with $allNodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with $allAffinity }} + affinity: + {{- toYaml . | nindent 8}} + {{- end }} + {{- with $allToleration }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + restartPolicy: OnFailure +{{- end }} diff --git a/codefresh/templates/hooks/pre-upgrade/enable-stable-flags-rabbitmq-secret.yaml b/codefresh/templates/hooks/pre-upgrade/enable-stable-flags-rabbitmq-secret.yaml new file mode 100644 index 000000000..7244c570e --- /dev/null +++ b/codefresh/templates/hooks/pre-upgrade/enable-stable-flags-rabbitmq-secret.yaml @@ -0,0 +1,20 @@ +{{- if and .Values.hooks.rabbitmq.enabled .Values.rabbitmq.enabled }} +{{- $libTemplateName := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "codefresh.fullname" . }}-rabbitmq-enable-stable-flags + labels: + {{ include "codefresh.labels" . | nindent 4 }} + annotations: + helm.sh/hook: pre-upgrade + helm.sh/hook-weight: "-10" + helm.sh/hook-delete-policy: hook-succeeded,before-hook-creation,hook-failed +type: Opaque +data: + RABBITMQADMIN_TARGET_HOST: {{ (printf "%s-%s" .Release.Name (coalesce .Values.global.rabbitService .Values.global.rabbitmqService) | lower | trimSuffix ":5672") | b64enc | quote }} + RABBITMQADMIN_TARGET_PORT: {{ printf "%d" 15672 | b64enc | quote }} + RABBITMQADMIN_USERNAME: {{ .Values.rabbitmq.auth.username | b64enc | quote }} + RABBITMQADMIN_PASSWORD: {{ .Values.rabbitmq.auth.password | b64enc | quote }} +{{- end }} diff --git a/codefresh/values.yaml b/codefresh/values.yaml index 4b25ba75c..9ba79edc6 100644 --- a/codefresh/values.yaml +++ b/codefresh/values.yaml @@ -465,7 +465,18 @@ hooks: podSecurityContext: {} resources: {} tolerations: [] - + # -- Enable stable feature flags in RabbitMQ. + rabbitmq: + enabled: true + image: + registry: us-docker.pkg.dev/codefresh-inc/public-gcr-io + repository: codefresh/rabbitmqadmin + tag: 2.1.0 + affinity: {} + nodeSelector: {} + podSecurityContext: {} + resources: {} + tolerations: [] # -- Maintenance postgresql clean job. # Removes a certain number of the last records in the event store table.