From c7db0e46715c4472b930cd008785e18f6124b167 Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Wed, 11 Jun 2025 19:29:46 +0300 Subject: [PATCH 1/5] onprem: 2.8.6 --- codefresh/Chart.yaml | 6 +- codefresh/README.md | 3 +- .../enable-stable-flags-rabbitmq-job.yaml | 77 +++++++++++++++++++ .../enable-stable-flags-rabbitmq-secret.yaml | 15 ++++ codefresh/values.yaml | 13 +++- 5 files changed, 109 insertions(+), 5 deletions(-) create mode 100644 codefresh/templates/hooks/pre-upgrade/enable-stable-flags-rabbitmq-job.yaml create mode 100644 codefresh/templates/hooks/pre-upgrade/enable-stable-flags-rabbitmq-secret.yaml diff --git a/codefresh/Chart.yaml b/codefresh/Chart.yaml index ff7781edd..1036fbc6a 100644 --- a/codefresh/Chart.yaml +++ b/codefresh/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 description: Helm Chart for Codefresh On-Prem name: codefresh -version: 2.8.5 +version: 2.8.6 keywords: - codefresh home: https://codefresh.io/ @@ -18,8 +18,8 @@ annotations: # artifacthub.io/containsSecurityUpdates: "true" # supported kinds are added, changed, deprecated, removed, fixed and security. artifacthub.io/changes: | - - kind: security - description: "Contains security fixes in cf-api" + - kind: added + description: "Add pre-upgrade hook to enable stable feature flags in rabbitmq" dependencies: - name: cf-common repository: oci://quay.io/codefresh/charts diff --git a/codefresh/README.md b/codefresh/README.md index 80abe860f..c38f73011 100644 --- a/codefresh/README.md +++ b/codefresh/README.md @@ -1,6 +1,6 @@ ## Codefresh On-Premises -![Version: 2.8.5](https://img.shields.io/badge/Version-2.8.5-informational?style=flat-square) ![AppVersion: 2.8.0](https://img.shields.io/badge/AppVersion-2.8.0-informational?style=flat-square) +![Version: 2.8.6](https://img.shields.io/badge/Version-2.8.6-informational?style=flat-square) ![AppVersion: 2.8.0](https://img.shields.io/badge/AppVersion-2.8.0-informational?style=flat-square) Helm chart for deploying [Codefresh On-Premises](https://codefresh.io/docs/docs/getting-started/intro-to-codefresh/) to Kubernetes. @@ -2595,6 +2595,7 @@ After platform upgrade, Consul fails with the error `refusing to rejoin cluster | hooks | object | See below | Pre/post-upgrade Job hooks. | | hooks.consul | object | `{"affinity":{},"enabled":true,"image":{"registry":"us-docker.pkg.dev/codefresh-inc/public-gcr-io","repository":"codefresh/kubectl","tag":"1.33.0"},"nodeSelector":{},"podSecurityContext":{},"resources":{},"tolerations":[]}` | Recreates `consul-headless` service due to duplicated ports in Service during the upgrade. | | hooks.mongodb | object | `{"affinity":{},"enabled":true,"image":{"registry":"us-docker.pkg.dev/codefresh-inc/public-gcr-io","repository":"codefresh/mongosh","tag":"2.5.0"},"nodeSelector":{},"podSecurityContext":{},"resources":{},"tolerations":[]}` | Updates images in `system/default` runtime. | +| hooks.rabbitmq | object | `{"affinity":{},"enabled":true,"image":{"registry":"quay.io","repository":"codefresh/codefresh-shell","tag":"0.0.25-featadd-rabbitmqadmin"},"nodeSelector":{},"podSecurityContext":{},"resources":{},"tolerations":[]}` | Enable stable feature flags in RabbitMQ. | | imageCredentials | object | `{}` | Credentials for Image Pull Secret object | | ingress | object | `{"annotations":{"nginx.ingress.kubernetes.io/service-upstream":"true","nginx.ingress.kubernetes.io/ssl-redirect":"false","nginx.org/redirect-to-https":"false"},"enabled":true,"ingressClassName":"nginx-codefresh","labels":{},"nameOverride":"","services":{"internal-gateway":["/"]},"tls":{"cert":"","enabled":false,"existingSecret":"","key":"","secretName":"star.codefresh.io"}}` | Ingress | | ingress-nginx | object | See below | ingress-nginx Ref: https://github.com/kubernetes/ingress-nginx/blob/main/charts/ingress-nginx/values.yaml | diff --git a/codefresh/templates/hooks/pre-upgrade/enable-stable-flags-rabbitmq-job.yaml b/codefresh/templates/hooks/pre-upgrade/enable-stable-flags-rabbitmq-job.yaml new file mode 100644 index 000000000..31fd76270 --- /dev/null +++ b/codefresh/templates/hooks/pre-upgrade/enable-stable-flags-rabbitmq-job.yaml @@ -0,0 +1,77 @@ +{{- if and .Values.hooks.rabbitmq.enabled .Values.rabbitmq.enabled }} +{{- $libTemplateName := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }} +{{- $tolerations := .Values.hooks.consul.tolerations | default list }} +{{- $globalTolerations := .Values.global.tolerations | default list }} +{{- $allToleration := concat $globalTolerations $tolerations }} +{{- $affinity := .Values.hooks.consul.affinity | default dict }} +{{- $globalAffinity := .Values.global.affinity | default dict }} +{{- $allAffinity := mergeOverwrite $globalAffinity $affinity }} +{{- $nodeSelector := .Values.hooks.consul.nodeSelector | default dict }} +{{- $globalNodeSelector := .Values.global.nodeSelector | default dict }} +{{- $allNodeSelector := mergeOverwrite $globalNodeSelector $nodeSelector }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ template "codefresh.fullname" . }}-rabbitmq-enable-stable-flags + labels: + {{ include "codefresh.labels" . | nindent 4 }} + annotations: + helm.sh/hook: pre-upgrade + helm.sh/hook-weight: "5" + helm.sh/hook-delete-policy: hook-succeeded,before-hook-creation,hook-failed +spec: + ttlSecondsAfterFinished: 300 + backoffLimit: 0 + template: + metadata: + name: {{ template "codefresh.fullname" . }}-rabbitmq-enable-stable-flags + labels: + {{ include "codefresh.labels" . | nindent 8 }} + spec: + serviceAccountName: {{ template "codefresh.fullname" . }}-rabbitmq-enable-stable-flags + {{- include (printf "%s.image.pullSecrets" $libTemplateName ) . | nindent 6 }} + containers: + - name: {{ template "codefresh.fullname" . }}-rabbitmq-enable-stable-flags + image: {{ include (printf "%s.image.name" $libTemplateName) (dict "image" .Values.hooks.rabbitmq.image "context" .) }} + env: + - name: RABBITMQADMIN_TARGET_HOST + valueFrom: + secretKeyRef: + name: {{ template "codefresh.fullname" . }}-rabbitmq-enable-stable-flags + key: RABBITMQADMIN_TARGET_HOST + - name: RABBITMQADMIN_USERNAME + valueFrom: + secretKeyRef: + name: {{ template "codefresh.fullname" . }}-rabbitmq-enable-stable-flags + key: RABBITMQADMIN_USERNAME + - name: RABBITMQADMIN_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "codefresh.fullname" . }}-rabbitmq-enable-stable-flags + key: RABBITMQADMIN_PASSWORD + command: + - /bin/bash + - -c + - | + rabbitmqadmin \ + --host=$RABBITMQADMIN_TARGET_HOST \ + --username=$RABBITMQADMIN_USERNAME \ + --password=$RABBITMQADMIN_PASSWORD \ + feature_flags enable_all + resources: + {{- toYaml .Values.hooks.rabbitmq.resources | nindent 10 }} + {{- with $allNodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with $allAffinity }} + affinity: + {{- toYaml . | nindent 8}} + {{- end }} + {{- with $allToleration }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + restartPolicy: OnFailure +{{- end }} diff --git a/codefresh/templates/hooks/pre-upgrade/enable-stable-flags-rabbitmq-secret.yaml b/codefresh/templates/hooks/pre-upgrade/enable-stable-flags-rabbitmq-secret.yaml new file mode 100644 index 000000000..1234e464d --- /dev/null +++ b/codefresh/templates/hooks/pre-upgrade/enable-stable-flags-rabbitmq-secret.yaml @@ -0,0 +1,15 @@ +{{- if and .Values.hooks.rabbitmq.enabled .Values.rabbitmq.enabled }} +{{- $libTemplateName := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "codefresh.fullname" . }}-rabbitmq-enable-stable-flags + labels: + {{ include "codefresh.labels" . | nindent 4 }} +type: Opaque +data: + RABBITMQADMIN_TARGET_HOST: {{ (printf "%s-%s" .Release.Name (coalesce .Values.global.rabbitService .Values.global.rabbitmqService) | lower) | b64enc | quote }} + RABBITMQADMIN_USERNAME: {{ .Values.rabbitmq.auth.username | b64enc | quote }} + RABBITMQADMIN_PASSWORD: {{ .Values.rabbitmq.auth.password | b64enc | quote }} +{{- end }} diff --git a/codefresh/values.yaml b/codefresh/values.yaml index 4b25ba75c..8c84031f8 100644 --- a/codefresh/values.yaml +++ b/codefresh/values.yaml @@ -465,7 +465,18 @@ hooks: podSecurityContext: {} resources: {} tolerations: [] - + # -- Enable stable feature flags in RabbitMQ. + rabbitmq: + enabled: true + image: + registry: quay.io + repository: codefresh/codefresh-shell + tag: 0.0.25-featadd-rabbitmqadmin + affinity: {} + nodeSelector: {} + podSecurityContext: {} + resources: {} + tolerations: [] # -- Maintenance postgresql clean job. # Removes a certain number of the last records in the event store table. From 8daacdb588050346302c6502c5423e1209ed42a3 Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Wed, 11 Jun 2025 19:45:21 +0300 Subject: [PATCH 2/5] onprem: 2.8.6 --- .../hooks/pre-upgrade/enable-stable-flags-rabbitmq-job.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/codefresh/templates/hooks/pre-upgrade/enable-stable-flags-rabbitmq-job.yaml b/codefresh/templates/hooks/pre-upgrade/enable-stable-flags-rabbitmq-job.yaml index 31fd76270..adce2a2a3 100644 --- a/codefresh/templates/hooks/pre-upgrade/enable-stable-flags-rabbitmq-job.yaml +++ b/codefresh/templates/hooks/pre-upgrade/enable-stable-flags-rabbitmq-job.yaml @@ -22,14 +22,13 @@ metadata: helm.sh/hook-delete-policy: hook-succeeded,before-hook-creation,hook-failed spec: ttlSecondsAfterFinished: 300 - backoffLimit: 0 + backoffLimit: 6 template: metadata: name: {{ template "codefresh.fullname" . }}-rabbitmq-enable-stable-flags labels: {{ include "codefresh.labels" . | nindent 8 }} spec: - serviceAccountName: {{ template "codefresh.fullname" . }}-rabbitmq-enable-stable-flags {{- include (printf "%s.image.pullSecrets" $libTemplateName ) . | nindent 6 }} containers: - name: {{ template "codefresh.fullname" . }}-rabbitmq-enable-stable-flags From e565e9b4a505e2d3e51d33619ad10ce8b8944910 Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Thu, 12 Jun 2025 13:24:20 +0300 Subject: [PATCH 3/5] onprem: 2.8.6 --- codefresh/README.md | 2 +- .../pre-upgrade/enable-stable-flags-rabbitmq-job.yaml | 9 ++++++++- .../pre-upgrade/enable-stable-flags-rabbitmq-secret.yaml | 7 ++++++- codefresh/values.yaml | 6 +++--- 4 files changed, 18 insertions(+), 6 deletions(-) diff --git a/codefresh/README.md b/codefresh/README.md index c38f73011..b0f6c4e45 100644 --- a/codefresh/README.md +++ b/codefresh/README.md @@ -2595,7 +2595,7 @@ After platform upgrade, Consul fails with the error `refusing to rejoin cluster | hooks | object | See below | Pre/post-upgrade Job hooks. | | hooks.consul | object | `{"affinity":{},"enabled":true,"image":{"registry":"us-docker.pkg.dev/codefresh-inc/public-gcr-io","repository":"codefresh/kubectl","tag":"1.33.0"},"nodeSelector":{},"podSecurityContext":{},"resources":{},"tolerations":[]}` | Recreates `consul-headless` service due to duplicated ports in Service during the upgrade. | | hooks.mongodb | object | `{"affinity":{},"enabled":true,"image":{"registry":"us-docker.pkg.dev/codefresh-inc/public-gcr-io","repository":"codefresh/mongosh","tag":"2.5.0"},"nodeSelector":{},"podSecurityContext":{},"resources":{},"tolerations":[]}` | Updates images in `system/default` runtime. | -| hooks.rabbitmq | object | `{"affinity":{},"enabled":true,"image":{"registry":"quay.io","repository":"codefresh/codefresh-shell","tag":"0.0.25-featadd-rabbitmqadmin"},"nodeSelector":{},"podSecurityContext":{},"resources":{},"tolerations":[]}` | Enable stable feature flags in RabbitMQ. | +| hooks.rabbitmq | object | `{"affinity":{},"enabled":true,"image":{"registry":"us-docker.pkg.dev/codefresh-inc/public-gcr-io","repository":"codefresh/rabbitmqadmin","tag":"2.1.0"},"nodeSelector":{},"podSecurityContext":{},"resources":{},"tolerations":[]}` | Enable stable feature flags in RabbitMQ. | | imageCredentials | object | `{}` | Credentials for Image Pull Secret object | | ingress | object | `{"annotations":{"nginx.ingress.kubernetes.io/service-upstream":"true","nginx.ingress.kubernetes.io/ssl-redirect":"false","nginx.org/redirect-to-https":"false"},"enabled":true,"ingressClassName":"nginx-codefresh","labels":{},"nameOverride":"","services":{"internal-gateway":["/"]},"tls":{"cert":"","enabled":false,"existingSecret":"","key":"","secretName":"star.codefresh.io"}}` | Ingress | | ingress-nginx | object | See below | ingress-nginx Ref: https://github.com/kubernetes/ingress-nginx/blob/main/charts/ingress-nginx/values.yaml | diff --git a/codefresh/templates/hooks/pre-upgrade/enable-stable-flags-rabbitmq-job.yaml b/codefresh/templates/hooks/pre-upgrade/enable-stable-flags-rabbitmq-job.yaml index adce2a2a3..cbff56fa1 100644 --- a/codefresh/templates/hooks/pre-upgrade/enable-stable-flags-rabbitmq-job.yaml +++ b/codefresh/templates/hooks/pre-upgrade/enable-stable-flags-rabbitmq-job.yaml @@ -19,7 +19,7 @@ metadata: annotations: helm.sh/hook: pre-upgrade helm.sh/hook-weight: "5" - helm.sh/hook-delete-policy: hook-succeeded,before-hook-creation,hook-failed + helm.sh/hook-delete-policy: hook-succeeded,before-hook-creation spec: ttlSecondsAfterFinished: 300 backoffLimit: 6 @@ -39,6 +39,11 @@ spec: secretKeyRef: name: {{ template "codefresh.fullname" . }}-rabbitmq-enable-stable-flags key: RABBITMQADMIN_TARGET_HOST + - name: RABBITMQADMIN_TARGET_PORT + valueFrom: + secretKeyRef: + name: {{ template "codefresh.fullname" . }}-rabbitmq-enable-stable-flags + key: RABBITMQADMIN_TARGET_PORT - name: RABBITMQADMIN_USERNAME valueFrom: secretKeyRef: @@ -53,8 +58,10 @@ spec: - /bin/bash - -c - | + set -x rabbitmqadmin \ --host=$RABBITMQADMIN_TARGET_HOST \ + --port=$RABBITMQADMIN_TARGET_PORT \ --username=$RABBITMQADMIN_USERNAME \ --password=$RABBITMQADMIN_PASSWORD \ feature_flags enable_all diff --git a/codefresh/templates/hooks/pre-upgrade/enable-stable-flags-rabbitmq-secret.yaml b/codefresh/templates/hooks/pre-upgrade/enable-stable-flags-rabbitmq-secret.yaml index 1234e464d..7244c570e 100644 --- a/codefresh/templates/hooks/pre-upgrade/enable-stable-flags-rabbitmq-secret.yaml +++ b/codefresh/templates/hooks/pre-upgrade/enable-stable-flags-rabbitmq-secret.yaml @@ -7,9 +7,14 @@ metadata: name: {{ template "codefresh.fullname" . }}-rabbitmq-enable-stable-flags labels: {{ include "codefresh.labels" . | nindent 4 }} + annotations: + helm.sh/hook: pre-upgrade + helm.sh/hook-weight: "-10" + helm.sh/hook-delete-policy: hook-succeeded,before-hook-creation,hook-failed type: Opaque data: - RABBITMQADMIN_TARGET_HOST: {{ (printf "%s-%s" .Release.Name (coalesce .Values.global.rabbitService .Values.global.rabbitmqService) | lower) | b64enc | quote }} + RABBITMQADMIN_TARGET_HOST: {{ (printf "%s-%s" .Release.Name (coalesce .Values.global.rabbitService .Values.global.rabbitmqService) | lower | trimSuffix ":5672") | b64enc | quote }} + RABBITMQADMIN_TARGET_PORT: {{ printf "%d" 15672 | b64enc | quote }} RABBITMQADMIN_USERNAME: {{ .Values.rabbitmq.auth.username | b64enc | quote }} RABBITMQADMIN_PASSWORD: {{ .Values.rabbitmq.auth.password | b64enc | quote }} {{- end }} diff --git a/codefresh/values.yaml b/codefresh/values.yaml index 8c84031f8..9ba79edc6 100644 --- a/codefresh/values.yaml +++ b/codefresh/values.yaml @@ -469,9 +469,9 @@ hooks: rabbitmq: enabled: true image: - registry: quay.io - repository: codefresh/codefresh-shell - tag: 0.0.25-featadd-rabbitmqadmin + registry: us-docker.pkg.dev/codefresh-inc/public-gcr-io + repository: codefresh/rabbitmqadmin + tag: 2.1.0 affinity: {} nodeSelector: {} podSecurityContext: {} From b0e4cbfc5fb3f615ddfc5ca9f236184a9a3206ca Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Thu, 12 Jun 2025 13:30:20 +0300 Subject: [PATCH 4/5] onprem: 2.8.6 From 2cc8a59e4af04c6a81e95134a47ee03b9d4d14ef Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Thu, 12 Jun 2025 13:31:21 +0300 Subject: [PATCH 5/5] onprem: 2.8.6 --- codefresh/README.md | 6 +++++- codefresh/README.md.gotmpl | 6 +++++- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/codefresh/README.md b/codefresh/README.md index b0f6c4e45..990c51dba 100644 --- a/codefresh/README.md +++ b/codefresh/README.md @@ -2322,7 +2322,11 @@ spec: ### RabbitMQ update -Default RabbitMQ image is changed from 3.x to 4.x +Default RabbitMQ image is changed from 3.x to 4.0 + +If you run external RabbitMQ, follow the [official instructions](https://www.rabbitmq.com/docs/upgrade) to upgrade to 4.0 + +For built-in RabbitMQ `bitnami/rabbitmq` subchart, pre-upgrade hook was added to enable all stable feature flags. #### Affected values diff --git a/codefresh/README.md.gotmpl b/codefresh/README.md.gotmpl index 4492db31b..538c177d0 100644 --- a/codefresh/README.md.gotmpl +++ b/codefresh/README.md.gotmpl @@ -2331,7 +2331,11 @@ spec: ### RabbitMQ update -Default RabbitMQ image is changed from 3.x to 4.x +Default RabbitMQ image is changed from 3.x to 4.0 + +If you run external RabbitMQ, follow the [official instructions](https://www.rabbitmq.com/docs/upgrade) to upgrade to 4.0 + +For built-in RabbitMQ `bitnami/rabbitmq` subchart, pre-upgrade hook was added to enable all stable feature flags. #### Affected values