diff --git a/charts/codefresh-gitops/.ci/helm-docs.sh b/charts/codefresh-gitops/.ci/helm-docs.sh new file mode 100755 index 0000000000..f93f7172ed --- /dev/null +++ b/charts/codefresh-gitops/.ci/helm-docs.sh @@ -0,0 +1,18 @@ +#!/bin/bash +## Reference: https://github.com/norwoodj/helm-docs +set -eux +REPO_ROOT="$(cd "$(dirname "$0")/.." && pwd)" +echo "$REPO_ROOT" + +echo "Running Helm-Docs" +docker run \ + -v "$REPO_ROOT:/helm-docs" \ + -u $(id -u) \ + --rm \ + --entrypoint /bin/sh \ + jnorwood/helm-docs:v1.11.0 \ + -c \ + helm-docs \ + --chart-search-root=codefresh-gitops \ + --template-files=./_templates.gotmpl \ + --template-files=README.md.gotmpl \ diff --git a/charts/codefresh-gitops/.ci/values/defaults.yaml b/charts/codefresh-gitops/.ci/values/defaults.yaml new file mode 100644 index 0000000000..0fc7e5a561 --- /dev/null +++ b/charts/codefresh-gitops/.ci/values/defaults.yaml @@ -0,0 +1,17 @@ +global: + appUrl: "" # placeholder + imagePullSecrets: + - dockerhub-creds + +ingress: + enabled: true + ingressClassName: nginx + tls: + enabled: false + +cfapi: + rbac: + namespaced: false + container: + env: + DEFAULT_SYSTEM_TYPE: GITOPS diff --git a/charts/codefresh-gitops/.ci/values/e2e.yaml b/charts/codefresh-gitops/.ci/values/e2e.yaml new file mode 100644 index 0000000000..b4e39c3f85 --- /dev/null +++ b/charts/codefresh-gitops/.ci/values/e2e.yaml @@ -0,0 +1,2 @@ +e2e: + enabled: true diff --git a/charts/codefresh-gitops/.helmignore b/charts/codefresh-gitops/.helmignore new file mode 100644 index 0000000000..0e8a0eb36f --- /dev/null +++ b/charts/codefresh-gitops/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/codefresh-gitops/Chart.lock b/charts/codefresh-gitops/Chart.lock new file mode 100644 index 0000000000..8f725d416f --- /dev/null +++ b/charts/codefresh-gitops/Chart.lock @@ -0,0 +1,42 @@ +dependencies: +- name: cf-common + repository: oci://quay.io/codefresh/charts + version: 0.27.0 +- name: internal-gateway + repository: oci://quay.io/codefresh/charts + version: 0.10.4 +- name: mongodb + repository: https://charts.bitnami.com/bitnami + version: 15.6.26 +- name: postgresql + repository: https://charts.bitnami.com/bitnami + version: 16.7.4 +- name: redis + repository: https://charts.bitnami.com/bitnami + version: 20.13.4 +- name: rabbitmq + repository: https://charts.bitnami.com/bitnami + version: 15.5.3 +- name: cfapi + repository: oci://quay.io/codefresh/charts + version: 21.282.3 +- name: runtime-environment-manager + repository: oci://quay.io/codefresh/charts + version: 3.42.2 +- name: cfui + repository: oci://quay.io/codefresh/charts + version: 14.99.7 +- name: cf-platform-analytics + repository: oci://quay.io/codefresh/charts + version: 0.50.2 +- name: cf-platform-analytics + repository: oci://quay.io/codefresh/charts + version: 0.50.2 +- name: argo-platform + repository: oci://quay.io/codefresh/charts + version: 1.3572.0 +- name: argo-hub-platform + repository: oci://quay.io/codefresh/charts + version: 0.1.24 +digest: sha256:b56f7da08872d82f1537ef08977d02d58bb1576ce5fbd0ca0d2e196e45c80115 +generated: "2025-06-13T19:04:26.344602+03:00" diff --git a/charts/codefresh-gitops/Chart.yaml b/charts/codefresh-gitops/Chart.yaml new file mode 100644 index 0000000000..5fde4139d2 --- /dev/null +++ b/charts/codefresh-gitops/Chart.yaml @@ -0,0 +1,77 @@ +apiVersion: v2 +description: Helm Chart for Codefresh GitOps On-Prem +name: codefresh-gitops +version: 0.1.0 +keywords: + - codefresh +home: https://codefresh.io/ +icon: https://avatars1.githubusercontent.com/u/11412079?v=3 +sources: + - https://github.com/codefresh-io/codefresh-onprem-helm +maintainers: + - name: codefresh + url: https://codefresh-io.github.io/ +appVersion: 0.1.0 +annotations: + artifacthub.io/prerelease: "true" + artifacthub.io/alternativeName: "codefresh-gitops-onprem" + # supported kinds are added, changed, deprecated, removed, fixed and security. + artifacthub.io/changes: | + - kind: changed + description: "Initial 0.1.0 release for Codefresh GitOps On-Prem" +dependencies: + - name: cf-common + repository: oci://quay.io/codefresh/charts + version: 0.27.0 + - name: internal-gateway + repository: oci://quay.io/codefresh/charts + version: 0.10.4 + condition: internal-gateway.enabled + - name: mongodb + version: 15.6.26 + repository: https://charts.bitnami.com/bitnami + condition: mongodb.enabled,mongo.enabled,global.mongoDeploy + - name: postgresql + version: 16.7.4 + repository: https://charts.bitnami.com/bitnami + condition: postgresql.enabled + - name: redis + version: 20.13.4 + repository: https://charts.bitnami.com/bitnami + condition: redis.enabled + - name: rabbitmq + version: 15.5.3 + repository: https://charts.bitnami.com/bitnami + condition: rabbitmq.enabled + - name: cfapi + alias: cfapi + version: "*" + repository: oci://quay.io/codefresh/charts + condition: cfapi.enabled + # temporary, need to remove + - name: runtime-environment-manager + version: "*" + repository: oci://quay.io/codefresh/charts + condition: runtime-environment-manager.enabled + - name: cfui + version: "*" + repository: oci://quay.io/codefresh/charts + condition: cfui.enabled + - name: cf-platform-analytics + alias: cf-platform-analytics-platform + version: "*" + repository: oci://quay.io/codefresh/charts + condition: argo-platform.enabled + - name: cf-platform-analytics + alias: cf-platform-analytics-etlstarter + version: "*" + repository: oci://quay.io/codefresh/charts + condition: argo-platform.enabled + - name: argo-platform + version: "*" + repository: oci://quay.io/codefresh/charts + condition: argo-platform.enabled + - name: argo-hub-platform + version: "*" + repository: oci://quay.io/codefresh/charts + condition: argo-platform.enabled diff --git a/charts/codefresh-gitops/README.md b/charts/codefresh-gitops/README.md new file mode 100644 index 0000000000..5aa1422cd7 --- /dev/null +++ b/charts/codefresh-gitops/README.md @@ -0,0 +1,189 @@ +# codefresh-gitops + +![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![AppVersion: 0.1.0](https://img.shields.io/badge/AppVersion-0.1.0-informational?style=flat-square) + +Helm Chart for Codefresh GitOps On-Prem + +**Homepage:** + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| codefresh | | | + +## Source Code + +* + +## Requirements + +| Repository | Name | Version | +|------------|------|---------| +| https://charts.bitnami.com/bitnami | mongodb | 15.6.26 | +| https://charts.bitnami.com/bitnami | postgresql | 16.7.4 | +| https://charts.bitnami.com/bitnami | rabbitmq | 15.5.3 | +| https://charts.bitnami.com/bitnami | redis | 20.13.4 | +| oci://quay.io/codefresh/charts | argo-hub-platform | * | +| oci://quay.io/codefresh/charts | argo-platform | * | +| oci://quay.io/codefresh/charts | cf-common | 0.27.0 | +| oci://quay.io/codefresh/charts | cf-platform-analytics-platform(cf-platform-analytics) | * | +| oci://quay.io/codefresh/charts | cf-platform-analytics-etlstarter(cf-platform-analytics) | * | +| oci://quay.io/codefresh/charts | cfapi(cfapi) | * | +| oci://quay.io/codefresh/charts | cfui | * | +| oci://quay.io/codefresh/charts | internal-gateway | 0.10.4 | +| oci://quay.io/codefresh/charts | runtime-environment-manager | * | + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| argo-hub-platform | object | See below | argo-hub-platform | +| argo-platform | object | See below | argo-platform | +| argo-platform.abac | object | See below | abac | +| argo-platform.analytics-reporter | object | See below | analytics-reporter | +| argo-platform.anchors | object | See below | Anchors | +| argo-platform.api-events | object | See below | api-events | +| argo-platform.api-graphql | object | See below | api-graphql All other services under `.Values.argo-platform` follows the same values structure. | +| argo-platform.api-graphql.affinity | object | `{}` | Set pod's affinity | +| argo-platform.api-graphql.env | object | See below | Env vars | +| argo-platform.api-graphql.hpa | object | `{"enabled":false}` | HPA | +| argo-platform.api-graphql.hpa.enabled | bool | `false` | Enable autoscaler | +| argo-platform.api-graphql.image | object | `{"registry":"us-docker.pkg.dev/codefresh-enterprise/gcr.io","repository":"codefresh-io/argo-platform-api-graphql"}` | Image | +| argo-platform.api-graphql.image.registry | string | `"us-docker.pkg.dev/codefresh-enterprise/gcr.io"` | Registry | +| argo-platform.api-graphql.image.repository | string | `"codefresh-io/argo-platform-api-graphql"` | Repository | +| argo-platform.api-graphql.kind | string | `"Deployment"` | Controller kind. Currently, only `Deployment` is supported | +| argo-platform.api-graphql.pdb | object | `{"enabled":false}` | PDB | +| argo-platform.api-graphql.pdb.enabled | bool | `false` | Enable pod disruption budget | +| argo-platform.api-graphql.podAnnotations | object | `{"checksum/secret":"{{ include (print $.Template.BasePath \"/api-graphql/secret.yaml\") . | sha256sum }}"}` | Set pod's annotations | +| argo-platform.api-graphql.resources | object | See below | Resource limits and requests | +| argo-platform.api-graphql.secrets | object | See below | Secrets | +| argo-platform.api-graphql.tolerations | list | `[]` | Set pod's tolerations | +| argo-platform.argocd-hooks | object | See below | argocd-hooks Don't enable! Not used in onprem! | +| argo-platform.audit | object | See below | audit | +| argo-platform.broadcaster | object | See below | broadcaster | +| argo-platform.cron-executor | object | See below | cron-executor | +| argo-platform.event-handler | object | See below | event-handler | +| argo-platform.promotion-orchestrator | object | See below | promotion-orchestrator | +| argo-platform.runtime-manager | object | See below | runtime-manager Don't enable! Not used in onprem! | +| argo-platform.runtime-monitor | object | See below | runtime-monitor Don't enable! Not used in onprem! | +| argo-platform.ui | object | See below | ui | +| argo-platform.useExternalSecret | bool | `false` | Use regular k8s secret object. Keep `false`! | +| cf-platform-analytics-etlstarter | object | See below | etl-starter | +| cf-platform-analytics-etlstarter.redis.enabled | bool | `false` | Disable redis subchart | +| cf-platform-analytics-etlstarter.system-etl-postgres | object | `{"container":{"env":{"BLUE_GREEN_ENABLED":true}},"controller":{"cronjob":{"ttlSecondsAfterFinished":300}},"enabled":true,"fullnameOverride":"system-etl-postgres"}` | Only postgres ETL should be running in onprem | +| cf-platform-analytics-platform | object | See below | platform-analytics | +| cfapi | object | `{"affinity":{},"container":{"env":{"API_URI":"cfapi","AUDIT_AUTO_CREATE_DB":true,"DEFAULT_SYSTEM_TYPE":"GITOPS","LOGGER_LEVEL":"debug","ON_PREMISE":true,"PIPELINE_MANAGER_URI":"pipeline-manager","PLATFORM_ANALYTICS_URI":"platform-analytics","RUNTIME_ENVIRONMENT_MANAGER_URI":"runtime-environment-manager"},"image":{"digest":"","registry":"us-docker.pkg.dev/codefresh-inc/gcr.io","repository":"codefresh/dev/cf-api","tag":"21.283.0-test-gitops-system-type"}},"controller":{"replicas":2},"enabled":true,"fullnameOverride":"cfapi","hpa":{"enabled":false,"maxReplicas":10,"minReplicas":2,"targetCPUUtilizationPercentage":70},"imagePullSecrets":[],"nodeSelector":{},"pdb":{"enabled":false,"minAvailable":"50%"},"podSecurityContext":{},"resources":{"limits":{},"requests":{"cpu":"200m","memory":"256Mi"}},"tolerations":[]}` | cf-api | +| cfapi.affinity | object | `{}` | Affinity configuration | +| cfapi.container | object | `{"env":{"API_URI":"cfapi","AUDIT_AUTO_CREATE_DB":true,"DEFAULT_SYSTEM_TYPE":"GITOPS","LOGGER_LEVEL":"debug","ON_PREMISE":true,"PIPELINE_MANAGER_URI":"pipeline-manager","PLATFORM_ANALYTICS_URI":"platform-analytics","RUNTIME_ENVIRONMENT_MANAGER_URI":"runtime-environment-manager"},"image":{"digest":"","registry":"us-docker.pkg.dev/codefresh-inc/gcr.io","repository":"codefresh/dev/cf-api","tag":"21.283.0-test-gitops-system-type"}}` | Container configuration | +| cfapi.container.env | object | See below | Env vars | +| cfapi.container.image | object | `{"digest":"","registry":"us-docker.pkg.dev/codefresh-inc/gcr.io","repository":"codefresh/dev/cf-api","tag":"21.283.0-test-gitops-system-type"}` | Image | +| cfapi.container.image.digest | string | `""` | Digest | +| cfapi.container.image.registry | string | `"us-docker.pkg.dev/codefresh-inc/gcr.io"` | Registry prefix | +| cfapi.container.image.repository | string | `"codefresh/dev/cf-api"` | Repository | +| cfapi.container.image.tag | string | `"21.283.0-test-gitops-system-type"` | Tag | +| cfapi.controller | object | `{"replicas":2}` | Controller configuration | +| cfapi.controller.replicas | int | `2` | Replicas number | +| cfapi.enabled | bool | `true` | Enable cf-api | +| cfapi.fullnameOverride | string | `"cfapi"` | Override name | +| cfapi.hpa | object | `{"enabled":false,"maxReplicas":10,"minReplicas":2,"targetCPUUtilizationPercentage":70}` | Autoscaler configuration | +| cfapi.hpa.enabled | bool | `false` | Enable HPA | +| cfapi.hpa.maxReplicas | int | `10` | Maximum number of replicas | +| cfapi.hpa.minReplicas | int | `2` | Minimum number of replicas | +| cfapi.hpa.targetCPUUtilizationPercentage | int | `70` | Average CPU utilization percentage | +| cfapi.imagePullSecrets | list | `[]` | Image pull secrets | +| cfapi.nodeSelector | object | `{}` | Node selector configuration | +| cfapi.pdb | object | `{"enabled":false,"minAvailable":"50%"}` | Pod disruption budget configuration | +| cfapi.pdb.enabled | bool | `false` | Enable PDB | +| cfapi.pdb.minAvailable | string | `"50%"` | Minimum number of replicas in percentage | +| cfapi.podSecurityContext | object | `{}` | Pod security context configuration | +| cfapi.resources | object | `{"limits":{},"requests":{"cpu":"200m","memory":"256Mi"}}` | Resource requests and limits | +| cfapi.tolerations | list | `[]` | Tolerations configuration | +| cfui | object | See below | cf-ui | +| global | object | See below | Global parameters | +| global.affinity | object | `{}` | Global affinity constraints Apply affinity to all Codefresh subcharts. Will not be applied on Bitnami subcharts. | +| global.appProtocol | string | `"https"` | Application protocol. | +| global.appUrl | string | `"onprem.codefresh.local"` | Application root url. Will be used in Ingress objects as hostname | +| global.cfapiEndpointsService | string | `"cfapi"` | Default API endpoints service name | +| global.cfapiInternalPort | int | `3000` | Default API service port. | +| global.cfapiService | string | `"cfapi"` | Default API service name. | +| global.dnsService | string | `"kube-dns"` | Definitions for internal-gateway nginx resolver | +| global.env | object | `{}` | Global Env vars | +| global.imagePullSecrets | list | `["codefresh-registry"]` | Global Docker registry secret names as array | +| global.imageRegistry | string | `""` | Global Docker image registry | +| global.mongoURI | string | `""` | Legacy MongoDB connection string. Keep empty! | +| global.mongodbDatabase | string | `"codefresh"` | Default MongoDB database name. Don't change! | +| global.mongodbHost | string | `"mongodb"` | Set mongodb host in plain text | +| global.mongodbHostSecretKeyRef | object | `{}` | Set mongodb host from existing secret | +| global.mongodbOptions | string | `"retryWrites=true"` | Set mongodb connection string options Ref: https://www.mongodb.com/docs/manual/reference/connection-string/#connection-string-options | +| global.mongodbPassword | string | `"password"` | Set mongodb password in plain text | +| global.mongodbPasswordSecretKeyRef | object | `{}` | Set mongodb password from existing secret | +| global.mongodbProtocol | string | `"mongodb"` | Set mongodb protocol (`mongodb` / `mongodb+srv`) | +| global.mongodbUser | string | `"user"` | Set mongodb user in plain text | +| global.mongodbUserSecretKeyRef | object | `{}` | Set mongodb user from existing secret | +| global.newrelicLicenseKey | string | `""` | New Relic Key | +| global.nodeSelector | object | `{}` | Global nodeSelector constraints Apply nodeSelector to all Codefresh subcharts. Will not be applied on Bitnami subcharts. | +| global.platformAnalyticsPort | int | `80` | Default platform-analytics service port. | +| global.platformAnalyticsService | string | `"platform-analytics"` | Default platform-analytics service name. | +| global.postgresDatabase | string | `"codefresh"` | Set postgres database name | +| global.postgresHostname | string | `"postgresql"` | Set postgres service address in plain text. Takes precedence over `global.postgresService`! | +| global.postgresHostnameSecretKeyRef | object | `{}` | Set postgres service from existing secret | +| global.postgresPassword | string | `"postgres"` | Set postgres password in plain text | +| global.postgresPasswordSecretKeyRef | object | `{}` | Set postgres password from existing secret | +| global.postgresPort | int | `5432` | Set postgres port number | +| global.postgresService | string | `"postgresql"` | Default internal postgresql service address from bitnami/postgresql subchart | +| global.postgresUser | string | `"postgres"` | Set postgres user in plain text | +| global.postgresUserSecretKeyRef | object | `{}` | Set postgres user from existing secret | +| global.rabbitService | string | `"rabbitmq:5672"` | Default internal rabbitmq service address from bitnami/rabbitmq subchart. | +| global.rabbitmqHostname | string | `"rabbitmq:5672"` | Set rabbitmq service address in plain text. Takes precedence over `global.rabbitService`! | +| global.rabbitmqHostnameSecretKeyRef | object | `{}` | Set rabbitmq service address from existing secret. | +| global.rabbitmqPassword | string | `"rabbitmq"` | Set rabbitmq password in plain text | +| global.rabbitmqPasswordSecretKeyRef | object | `{}` | Set rabbitmq password from existing secret | +| global.rabbitmqProtocol | string | `"amqp"` | Set rabbitmq protocol (`amqp/amqps`) | +| global.rabbitmqUsername | string | `"user"` | Set rabbitmq username in plain text | +| global.rabbitmqUsernameSecretKeyRef | object | `{}` | Set rabbitmq username from existing secret | +| global.redisPassword | string | `"redis"` | Set redis password in plain text | +| global.redisPasswordSecretKeyRef | object | `{}` | Set redis password from existing secret | +| global.redisPort | int | `6379` | Set redis service port | +| global.redisService | string | `"redis-master"` | Default internal redis service address from bitnami/redis subchart | +| global.redisUrl | string | `"redis-master"` | Set redis hostname in plain text. Takes precedence over `global.redisService`! | +| global.redisUrlSecretKeyRef | object | `{}` | Set redis hostname from existing secret. | +| global.security | object | `{"allowInsecureImages":true}` | Bitnami | +| global.storageClass | string | `""` | Global StorageClass for Persistent Volume(s) | +| global.tolerations | list | `[]` | Global tolerations constraints Apply toleratons to all Codefresh subcharts. Will not be applied on Bitnami subcharts. | +| hooks | object | See below | Pre/post-upgrade Job hooks. | +| hooks.mongodb | object | `{"affinity":{},"enabled":true,"image":{"registry":"us-docker.pkg.dev/codefresh-inc/public-gcr-io","repository":"codefresh/mongosh","tag":"2.5.0"},"nodeSelector":{},"podSecurityContext":{},"resources":{},"tolerations":[]}` | Sets feature compatibility version | +| imageCredentials | object | `{}` | Credentials for Image Pull Secret object | +| ingress | object | `{"annotations":{"nginx.ingress.kubernetes.io/service-upstream":"true","nginx.ingress.kubernetes.io/ssl-redirect":"false","nginx.org/redirect-to-https":"false"},"enabled":true,"ingressClassName":"","labels":{},"nameOverride":"","services":{"internal-gateway":["/"]},"tls":{"cert":"","enabled":false,"existingSecret":"","key":"","secretName":"star.codefresh.io"}}` | Ingress | +| ingress.annotations | object | See below | Set annotations for ingress. | +| ingress.enabled | bool | `true` | Enable the Ingress | +| ingress.ingressClassName | string | `""` | Set the ingressClass that is used for the ingress. Default `nginx-codefresh` is created from `ingress-nginx` controller subchart | +| ingress.labels | object | `{}` | Set labels for ingress | +| ingress.nameOverride | string | `""` | Override Ingress resource name | +| ingress.services | object | See below | Default services and corresponding paths | +| ingress.tls.cert | string | `""` | Certificate (base64 encoded) | +| ingress.tls.enabled | bool | `false` | Enable TLS | +| ingress.tls.existingSecret | string | `""` | Existing `kubernetes.io/tls` type secret with TLS certificates (keys: `tls.crt`, `tls.key`) | +| ingress.tls.key | string | `""` | Private key (base64 encoded) | +| ingress.tls.secretName | string | `"star.codefresh.io"` | Default secret name to be created with provided `cert` and `key` below | +| internal-gateway | object | See below | internal-gateway | +| mongodb | object | See below | mongodb Ref: https://github.com/bitnami/charts/blob/main/bitnami/mongodb/values.yaml | +| postgresql | object | See below | postgresql Ref: https://github.com/bitnami/charts/blob/main/bitnami/postgresql/values.yaml | +| rabbitmq | object | See below | rabbitmq Ref: https://github.com/bitnami/charts/blob/main/bitnami/rabbitmq/values.yaml | +| redis | object | See below | redis Ref: https://github.com/bitnami/charts/blob/main/bitnami/redis/values.yaml | +| runtime-environment-manager | object | See below | runtime-environment-manager | +| seed | object | See below | Seed jobs | +| seed.enabled | bool | `true` | Enable all seed jobs | +| seed.mongoSeedJob | object | See below | Mongo Seed Job. Required at first install. Seeds the required data (default idp/user/account), creates cfuser and required databases. | +| seed.mongoSeedJob.mongodbRootPassword | string | `"password"` | Root password in plain text (required ONLY for seed job!). | +| seed.mongoSeedJob.mongodbRootPasswordSecretKeyRef | object | `{}` | Root password from existing secret | +| seed.mongoSeedJob.mongodbRootUser | string | `"root"` | Root user in plain text (required ONLY for seed job!). | +| seed.mongoSeedJob.mongodbRootUserSecretKeyRef | object | `{}` | Root user from existing secret | +| seed.postgresSeedJob | object | See below | Postgres Seed Job. Required at first install. Creates required user and databases. | +| seed.postgresSeedJob.postgresPassword | optional | `""` | Password for "postgres" admin user (required ONLY for seed job!) | +| seed.postgresSeedJob.postgresPasswordSecretKeyRef | optional | `{}` | Password for "postgres" admin user from existing secret | +| seed.postgresSeedJob.postgresUser | optional | `""` | "postgres" admin user in plain text (required ONLY for seed job!) Must be a privileged user allowed to create databases and grant roles. If omitted, username and password from `.Values.global.postgresUser/postgresPassword` will be used. | +| seed.postgresSeedJob.postgresUserSecretKeyRef | optional | `{}` | "postgres" admin user from exising secret | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/codefresh/files/mongoSetCompatibilityVersion.sh b/charts/codefresh-gitops/files/hooks/mongoSetCompatibilityVersion.sh similarity index 100% rename from codefresh/files/mongoSetCompatibilityVersion.sh rename to charts/codefresh-gitops/files/hooks/mongoSetCompatibilityVersion.sh diff --git a/charts/codefresh-gitops/files/seed/accounts.json b/charts/codefresh-gitops/files/seed/accounts.json new file mode 100644 index 0000000000..e50ac625aa --- /dev/null +++ b/charts/codefresh-gitops/files/seed/accounts.json @@ -0,0 +1,38 @@ +{ + "_id": ObjectId("59009117c102763beda7ce71"), + "systemType": "GITOPS", + "badgeToken": "eyJhbGciOiJIUzI1NiJ9.NTkwMDkxMTdjMTAyNzYzYmVkYTdjZTcx.B0HOUL6HlpTRNr_e95pVucSRMRzP2cobe5kIoMtrDSc", + "createdAt": ISODate("2017-04-26T12:22:48.001+0000"), + "updatedAt": ISODate("2017-04-26T12:27:13.720+0000"), + "name": "admin-cf", + "runtimeEnvironment": "codefresh", + "canUsePrivateRepos": true, + "dedicatedInfrastructure": false, + "cfcrRepositoryPath": "admin-cf", + "build": { + "nodes": NumberInt(0), + "parallel": NumberInt(10), + "strategy": "account" + }, + "integrations": { + "stash": { + "active": false + }, + "registries": [] + }, + "notifications": [ + { + "type": "pr", + "events": [ + "build-success" + ] + } + ], + "repoPermission": "public", + "environment": NumberInt(1), + "admins": [ + ObjectId("59009221c102763beda7cf04") + ], + "localUserPasswordIDPEnabled": true, + "__v": NumberInt(0) +} diff --git a/codefresh/files/assets/idps.json b/charts/codefresh-gitops/files/seed/idps.json similarity index 100% rename from codefresh/files/assets/idps.json rename to charts/codefresh-gitops/files/seed/idps.json diff --git a/charts/codefresh-gitops/files/seed/mongoSeedJobScript.sh b/charts/codefresh-gitops/files/seed/mongoSeedJobScript.sh new file mode 100644 index 0000000000..d8d6373c2c --- /dev/null +++ b/charts/codefresh-gitops/files/seed/mongoSeedJobScript.sh @@ -0,0 +1,126 @@ +#!/usr/bin/env bash + +<&1) + + echo -e "MongoDB status:\n$status" + if $(echo $status | grep 'ok: 1' -q); then + break + fi + + echo "Sleeping 3 seconds ..." + sleep 3 + done +} + +parseMongoURI() { + local proto="$(echo $1 | grep :// | sed -e's,^\(.*://\).*,\1,g')" + local parameters="$(echo $1 | grep '?' | cut -d '?' -f2)"; if [[ -n $parameters ]]; then parameters="?${parameters}"; fi + local url="$(echo ${1/$proto/})" + local userpass="$(echo $url | grep @ | cut -d@ -f1)" + if [[ -z $userpass ]]; then + local hostport="$(echo $url | sed "s/\/\?$parameters//" | sed -re "s/\/\?|@//g" | sed 's/\/$//')" + MONGO_URI="$proto$hostport/${MONGODB_DATABASE}$parameters" + else + local hostport="$(echo $url | sed s/$userpass// | sed "s/\/\?$parameters//" | sed -re "s/\/\?|@//g" | sed 's/\/$//')" + MONGODB_PASSWORD="$(echo $userpass | grep : | cut -d: -f2)" + MONGODB_USER="$(echo $userpass | grep : | cut -d: -f1)" + MONGO_URI="$proto$userpass@$hostport/${MONGODB_DATABASE}$parameters" + fi + + + if [[ -z $MONGODB_ROOT_OPTIONS ]]; then + MONGODB_ROOT_URI="$proto${MONGODB_ROOT_USER}:${MONGODB_ROOT_PASSWORD}@$hostport/admin$parameters" + else + MONGODB_ROOT_URI="$proto${MONGODB_ROOT_USER}:${MONGODB_ROOT_PASSWORD}@$hostport/admin?${MONGODB_ROOT_OPTIONS}" + fi + +} + +getMongoVersion() { + MONOGDB_VERSION=$(mongosh ${MONGODB_ROOT_URI} --eval "db.version()" 2>&1 | tail -n1) +} + +setSystemAdmin() { + mongosh $MONGO_URI --eval "db.users.update({}, {\$set: {roles: ['User', 'Admin', 'Account Admin']}}, {multi: true})" +} + +setPacks() { + PACKS=$(cat ${ASSETS_PATH}packs.json) + mongosh $MONGO_URI --eval "db.accounts.update({}, {\$set: {'build.packs': ${PACKS} }}, {multi: true})" + + PAYMENTS_MONGO_URI=${MONGO_URI/\/codefresh/\/payments} + mongosh $PAYMENTS_MONGO_URI --eval "db.accounts.update({}, {\$set: {'plan.packs': ${PACKS} }}, {multi: true})" +} + +parseMongoURI $MONGO_URI + +if [[ -s ${MTLS_CERT_PATH} ]]; then + MONGO_URI_EXTRA_PARAMS="--tls --tlsCertificateKeyFile ${MTLS_CERT_PATH} --tlsAllowInvalidHostnames --tlsAllowInvalidCertificates" + MONGOIMPORT_EXTRA_PARAMS="--ssl --sslPEMKeyFile ${MTLS_CERT_PATH} --sslAllowInvalidHostnames --sslAllowInvalidCertificates" +else + MONGO_URI_EXTRA_PARAMS="" + MONGOIMPORT_EXTRA_PARAMS="" +fi + +disableMongoTelemetry + +waitForMongoDB + +getMongoVersion + +for MONGODB_DATABASE in ${MONGODB_DATABASES[@]}; do + waitForMongoDB + mongosh ${MONGODB_ROOT_URI} ${MONGO_URI_EXTRA_PARAMS} --eval "db.getSiblingDB(\"${MONGODB_DATABASE}\").createUser({user: \"${MONGODB_USER}\", pwd: \"${MONGODB_PASSWORD}\", roles: [\"readWrite\"]})" 2>&1 || true + waitForMongoDB + mongosh ${MONGODB_ROOT_URI} ${MONGO_URI_EXTRA_PARAMS} --eval "db.getSiblingDB(\"${MONGODB_DATABASE}\").changeUserPassword(\"${MONGODB_USER}\",\"${MONGODB_PASSWORD}\")" 2>&1 || true + + # MongoDB Atlas + mongosh ${MONGODB_ROOT_URI} ${MONGO_URI_EXTRA_PARAMS} --eval "db = db.getSiblingDB(\"${MONGODB_DATABASE}\"); db[\"${MONGODB_DATABASE}\"].insertOne({ name: \"init\", value: true })" 2>&1 || true +done + +mongosh ${MONGODB_ROOT_URI} ${MONGO_URI_EXTRA_PARAMS} --eval "db.getSiblingDB(\"codefresh\").grantRolesToUser( \"${MONGODB_USER}\", [ { role: \"readWrite\", db: \"pipeline-manager\" } ] )" 2>&1 || true +mongosh ${MONGODB_ROOT_URI} ${MONGO_URI_EXTRA_PARAMS} --eval "db.getSiblingDB(\"codefresh\").grantRolesToUser( \"${MONGODB_USER}\", [ { role: \"readWrite\", db: \"platform-analytics-postgres\" } ] )" 2>&1 || true +mongosh ${MONGODB_ROOT_URI} ${MONGO_URI_EXTRA_PARAMS} --eval "db.getSiblingDB(\"codefresh\").changeUserPassword(\"${MONGODB_USER}\",\"${MONGODB_PASSWORD}\")" 2>&1 || true + +if [[ $DEVELOPMENT_CHART == "true" ]]; then + setSystemAdmin + setPacks +fi + +mongoimport --uri ${MONGO_URI} ${MONGOIMPORT_EXTRA_PARAMS} --collection idps --type json --legacy --file ${ASSETS_PATH}idps.json +mongoimport --uri ${MONGO_URI} ${MONGOIMPORT_EXTRA_PARAMS} --collection accounts --type json --legacy --file ${ASSETS_PATH}accounts.json +mongoimport --uri ${MONGO_URI} ${MONGOIMPORT_EXTRA_PARAMS} --collection users --type json --legacy --file ${ASSETS_PATH}users.json diff --git a/codefresh/files/postgresSeedJobScript.sh b/charts/codefresh-gitops/files/seed/postgresSeedJobScript.sh similarity index 100% rename from codefresh/files/postgresSeedJobScript.sh rename to charts/codefresh-gitops/files/seed/postgresSeedJobScript.sh diff --git a/codefresh/files/assets/users.json b/charts/codefresh-gitops/files/seed/users.json similarity index 100% rename from codefresh/files/assets/users.json rename to charts/codefresh-gitops/files/seed/users.json diff --git a/charts/codefresh-gitops/templates/_env_var_secret_ref.tpl b/charts/codefresh-gitops/templates/_env_var_secret_ref.tpl new file mode 100644 index 0000000000..062768755c --- /dev/null +++ b/charts/codefresh-gitops/templates/_env_var_secret_ref.tpl @@ -0,0 +1,220 @@ +{{- /* +MONGODB_HOST env var value +*/}} +{{- define "codefresh-gitops.mongodb-host-env-var-value" }} + {{- if .Values.global.mongodbHostSecretKeyRef }} +valueFrom: + secretKeyRef: + {{- .Values.global.mongodbHostSecretKeyRef | toYaml | nindent 4 }} + {{- else if .Values.global.mongodbHost }} +valueFrom: + secretKeyRef: + name: {{ include "codefresh-gitops.fullname" . }} + key: MONGODB_HOST + optional: true + {{- end }} +{{- end }} + +{{- /* +MONGODB_USER env var value +*/}} +{{- define "codefresh-gitops.mongodb-user-env-var-value" }} + {{- if .Values.global.mongodbUserSecretKeyRef }} +valueFrom: + secretKeyRef: + {{- .Values.global.mongodbUserSecretKeyRef | toYaml | nindent 4 }} + {{- else if .Values.global.mongodbUser }} +valueFrom: + secretKeyRef: + name: {{ include "codefresh-gitops.fullname" . }} + key: MONGODB_USER + optional: true + {{- end }} +{{- end }} + +{{- /* +MONGODB_PASSWORD env var value +*/}} +{{- define "codefresh-gitops.mongodb-password-env-var-value" }} + {{- if .Values.global.mongodbPasswordSecretKeyRef }} +valueFrom: + secretKeyRef: + {{- .Values.global.mongodbPasswordSecretKeyRef | toYaml | nindent 4 }} + {{- else if .Values.global.mongodbPassword }} +valueFrom: + secretKeyRef: + name: {{ include "codefresh-gitops.fullname" . }} + key: MONGODB_PASSWORD + optional: true + {{- end }} +{{- end }} + +{{- /* +MONGO_URI env var value +*/}} +{{- define "codefresh-gitops.mongo-uri-env-var-value" }} +{{- /* +Check for legacy global.mongoURI +*/}} + {{- if .Values.global.mongoURI }} +value: "$(MONGO_URI)" +{{- /* +New secret implementation +*/}} + {{- else }} +value: "$(MONGODB_PROTOCOL)://$(MONGODB_USER):$(MONGODB_PASSWORD)@$(MONGODB_HOST)/$(MONGODB_DATABASE)?$(MONGODB_OPTIONS)" + {{- end }} +{{- end }} + +{{- /* +MONGO_SEED_URI env var value +*/}} +{{- define "codefresh-gitops.mongo-seed-uri-env-var-value" }} +{{- /* +Check for legacy global.mongoURI +*/}} + {{- if .Values.global.mongoURI }} +value: "$(MONGO_URI)" +{{- /* +New secret implementation +*/}} + {{- else }} +value: "$(MONGODB_PROTOCOL)://$(MONGODB_USER):$(MONGODB_PASSWORD)@$(MONGODB_HOST)/?$(MONGODB_OPTIONS)" + {{- end }} +{{- end }} + +{{- /* +MONGODB_ROOT_USER env var value +*/}} +{{- define "codefresh-gitops.mongodb-root-user-env-var-value" }} + {{- if or .Values.seed.mongoSeedJob.mongodbRootUserSecretKeyRef .Values.global.mongodbRootUserSecretKeyRef }} +valueFrom: + secretKeyRef: + {{- coalesce .Values.seed.mongoSeedJob.mongodbRootUserSecretKeyRef .Values.global.mongodbRootUserSecretKeyRef | toYaml | nindent 4 }} + {{- else if or .Values.global.mongodbRootUser .Values.seed.mongoSeedJob.mongodbRootUser }} +valueFrom: + secretKeyRef: + name: {{ include "codefresh-gitops.fullname" . }} + key: MONGODB_ROOT_USER + optional: true + {{- end }} +{{- end }} + +{{- /* +MONGODB_ROOT_PASSWORD env var value +*/}} +{{- define "codefresh-gitops.mongodb-root-password-env-var-value" }} + {{- if or .Values.seed.mongoSeedJob.mongodbRootPasswordSecretKeyRef .Values.global.mongodbRootPasswordSecretKeyRef }} +valueFrom: + secretKeyRef: + {{- coalesce .Values.seed.mongoSeedJob.mongodbRootPasswordSecretKeyRef .Values.global.mongodbRootPasswordSecretKeyRef | toYaml | nindent 4 }} + {{- else if or .Values.global.mongodbRootPassword .Values.seed.mongoSeedJob.mongodbRootPassword }} +valueFrom: + secretKeyRef: + name: {{ include "codefresh-gitops.fullname" . }} + key: MONGODB_ROOT_PASSWORD + optional: true + {{- end }} +{{- end }} + +{{- /* +MONGO_URI_RE_MANAGER env var value +*/}} +{{- define "codefresh-gitops.mongo-uri-re-manager-env-var-value" }} +{{- /* +Check for legacy global.mongoURI +*/}} + {{- if .Values.global.mongoURI }} +value: "$(MONGO_URI_RE_MANAGER)" +{{- /* +New secret implementation +*/}} + {{- else }} +value: "$(MONGODB_PROTOCOL)://$(MONGODB_USER):$(MONGODB_PASSWORD)@$(MONGODB_HOST)/$(MONGODB_RE_DATABASE)?$(MONGODB_OPTIONS)" + {{- end }} +{{- end }} + +{{- /* +POSTGRES_USER env var value +*/}} +{{- define "codefresh-gitops.postgres-user-env-var-value" }} + {{- if .Values.global.postgresUserSecretKeyRef }} +valueFrom: + secretKeyRef: + {{- .Values.global.postgresUserSecretKeyRef | toYaml | nindent 4 }} + {{- else if .Values.global.postgresUser }} +valueFrom: + secretKeyRef: + name: {{ include "codefresh-gitops.fullname" . }} + key: POSTGRES_USER + optional: true + {{- end }} +{{- end }} + +{{- /* +POSTGRES_PASSWORD env var value +*/}} +{{- define "codefresh-gitops.postgres-password-env-var-value" }} + {{- if .Values.global.postgresPasswordSecretKeyRef }} +valueFrom: + secretKeyRef: + {{- .Values.global.postgresPasswordSecretKeyRef | toYaml | nindent 4 }} + {{- else if .Values.global.postgresPassword }} +valueFrom: + secretKeyRef: + name: {{ include "codefresh-gitops.fullname" . }} + key: POSTGRES_PASSWORD + optional: true + {{- end }} +{{- end }} + +{{- /* +POSTGRES_HOSTNAME env var value +*/}} +{{- define "codefresh-gitops.postgres-host-env-var-value" }} + {{- if .Values.global.postgresHostnameSecretKeyRef }} +valueFrom: + secretKeyRef: + {{- .Values.global.postgresHostnameSecretKeyRef | toYaml | nindent 4 }} + {{- else if .Values.global.postgresPassword }} +valueFrom: + secretKeyRef: + name: {{ include "codefresh-gitops.fullname" . }} + key: POSTGRES_HOSTNAME + optional: true + {{- end }} +{{- end }} + +{{- /* +POSTGRES_SEED_USER env var value +*/}} +{{- define "codefresh-gitops.postgres-seed-user-env-var-value" }} + {{- if and .Values.seed.postgresSeedJob.postgresUserSecretKeyRef }} +valueFrom: + secretKeyRef: + {{- .Values.seed.postgresSeedJob.postgresUserSecretKeyRef | toYaml | nindent 4 }} + {{- else if or .Values.seed.postgresSeedJob.postgresUser .Values.global.postgresUser }} +valueFrom: + secretKeyRef: + name: {{ include "codefresh-gitops.fullname" . }} + key: POSTGRES_SEED_USER + optional: true + {{- end }} +{{- end }} + +{{- /* +POSTGRES_SEED_PASSWORD env var value +*/}} +{{- define "codefresh-gitops.postgres-seed-password-env-var-value" }} + {{- if and .Values.seed.postgresSeedJob.postgresPasswordSecretKeyRef }} +valueFrom: + secretKeyRef: + {{- coalesce .Values.seed.postgresSeedJob.postgresPasswordSecretKeyRef | toYaml | nindent 4 }} + {{- else if or .Values.seed.postgresSeedJob.postgresPassword .Values.global.postgresPassword }} +valueFrom: + secretKeyRef: + name: {{ include "codefresh-gitops.fullname" . }} + key: POSTGRES_SEED_PASSWORD + optional: true + {{- end }} +{{- end }} diff --git a/charts/codefresh-gitops/templates/_helpers.tpl b/charts/codefresh-gitops/templates/_helpers.tpl new file mode 100644 index 0000000000..bda63d48f6 --- /dev/null +++ b/charts/codefresh-gitops/templates/_helpers.tpl @@ -0,0 +1,101 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "codefresh-gitops.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "codefresh-gitops.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "codefresh-gitops.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "codefresh-gitops.labels" -}} +helm.sh/chart: {{ include "codefresh-gitops.chart" . }} +{{ include "codefresh-gitops.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "codefresh-gitops.selectorLabels" -}} +app.kubernetes.io/name: {{ include "codefresh-gitops.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "codefresh-gitops.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "codefresh-gitops.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} + +{{/* +Return the secret containing TLS certificates for Ingress +*/}} +{{- define "codefresh-gitops.ingress.tlsSecretName" -}} +{{- $secretName := .Values.ingress.tls.existingSecret -}} +{{- if $secretName -}} + {{- printf "%s" (include (printf "cf-common-%s.tplrender" (index .Subcharts "cf-common").Chart.Version ) ( dict "Values" $secretName "context" $) ) -}} +{{- else -}} + {{- printf "%s-%s" (include "codefresh-gitops.fullname" .) .Values.ingress.tls.secretName -}} +{{- end -}} +{{- end -}} + +{{/* +Return Image Pull Secret +*/}} +{{- define "codefresh-gitops.imagePullSecret" }} +{{- if index .Values ".dockerconfigjson" -}} +{{- printf "%s" (index .Values ".dockerconfigjson") }} +{{- else }} +{{- printf "{\"auths\": {\"%s\": {\"auth\": \"%s\"}}}" .Values.imageCredentials.registry (printf "%s:%s" .Values.imageCredentials.username .Values.imageCredentials.password | b64enc) | b64enc }} +{{- end }} +{{- end }} + +{{/* +Calculate Mongo Uri (for On-Prem) +Usage: +{{ include "codefresh.calculateMongoUri" (dict "dbName" .Values.path.to.the.value "mongoURI" .Values.path.to.the.value) }} +*/}} +{{- define "codefresh-gitops.calculateMongoUri" -}} + {{- if contains "?" .mongoURI -}} + {{- $mongoURI := (splitList "?" .mongoURI) -}} + {{- printf "%s%s?%s" (first $mongoURI) .dbName (last $mongoURI) }} + {{- else if .mongoURI -}} + {{- printf "%s/%s" (trimSuffix "/" .mongoURI) .dbName -}} + {{- else -}} + {{- printf "" -}} + {{- end -}} +{{- end -}} diff --git a/charts/codefresh-gitops/templates/configmaps/runtime-envs-cm.yaml b/charts/codefresh-gitops/templates/configmaps/runtime-envs-cm.yaml new file mode 100644 index 0000000000..fce3f58d71 --- /dev/null +++ b/charts/codefresh-gitops/templates/configmaps/runtime-envs-cm.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: runtime-environments + labels: + {{ include "codefresh-gitops.labels" . | nindent 4 }} +data: + runtimeEnvironments.json: | +{{ include "runtime-environment-config" . | indent 4 }} diff --git a/charts/codefresh-gitops/templates/configmaps/runtimeEnvironments.json.tpl b/charts/codefresh-gitops/templates/configmaps/runtimeEnvironments.json.tpl new file mode 100644 index 0000000000..64f5902209 --- /dev/null +++ b/charts/codefresh-gitops/templates/configmaps/runtimeEnvironments.json.tpl @@ -0,0 +1,40 @@ +{{- define "runtime-environment-config" -}} +[ + { + "metadata": { + "name": "system/default" + }, + "description": "System default template for plan", + "environmentCertPath": "/etc/ssl/cf/", + "dockerDaemonScheduler": { + "type": "ConsulNodes", + "cluster": { + "name": "codefresh", + "type": "builder", + "returnRunnerIfNoBuilder": true + }, + "notCheckServerCa": true, + "clientCertPath": "/etc/ssl/cf/" + }, + "runtimeScheduler": { + "type": "KubernetesPod", + "internalInfra": true, + "cluster": { + "inCluster": true, + "namespace": "{{ .Release.Namespace }}" + }, + "image": "us-docker.pkg.dev/codefresh-inc/public-gcr-io/codefresh/engine:latest", + "command": [ + "npm", + "run", + "start" + ], + "envVars": { + }, + "volumeMounts": {}, + "volumes": {} + }, + "isPublic": true + } +] +{{- end -}} diff --git a/charts/codefresh-gitops/templates/configmaps/version-info-cm.yaml b/charts/codefresh-gitops/templates/configmaps/version-info-cm.yaml new file mode 100644 index 0000000000..588eb09e29 --- /dev/null +++ b/charts/codefresh-gitops/templates/configmaps/version-info-cm.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: codefresh-gitops-version-info + labels: + {{ include "codefresh-gitops.labels" . | nindent 4 }} +data: + app: {{ .Chart.Version | default "unknown" }} + {{- range $i, $dep := .Chart.Dependencies }} + {{ $dep.Name }}: {{ $dep.Version | quote }} + {{- end }} diff --git a/charts/codefresh-gitops/templates/hooks/pre-upgrade/set-mongodb-compat-version.yaml b/charts/codefresh-gitops/templates/hooks/pre-upgrade/set-mongodb-compat-version.yaml new file mode 100644 index 0000000000..e31c0359ec --- /dev/null +++ b/charts/codefresh-gitops/templates/hooks/pre-upgrade/set-mongodb-compat-version.yaml @@ -0,0 +1,78 @@ +{{ $libTemplateName := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }} +{{- if .Values.mongodb.migration.enabled }} +--- +{{- $tolerations := .Values.hooks.mongodb.tolerations | default list }} +{{- $globalTolerations := .Values.global.tolerations | default list }} +{{- $allToleration := concat $globalTolerations $tolerations }} +{{- $affinity := .Values.hooks.mongodb.affinity | default dict }} +{{- $globalAffinity := .Values.global.affinity | default dict }} +{{- $allAffinity := mergeOverwrite $globalAffinity $affinity }} +{{- $nodeSelector := .Values.hooks.mongodb.nodeSelector | default dict }} +{{- $globalNodeSelector := .Values.global.nodeSelector | default dict }} +{{- $allNodeSelector := mergeOverwrite $globalNodeSelector $nodeSelector }} +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "codefresh-gitops.fullname" . }}-set-mongodb-compat-version + labels: + {{ include "codefresh-gitops.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": pre-upgrade + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded +spec: + ttlSecondsAfterFinished: 180 + template: + metadata: + name: {{ include "codefresh-gitops.fullname" . }}-set-mongodb-compat-version + labels: + {{ include "codefresh-gitops.labels" . | nindent 8 }} + spec: + {{- include (printf "%s.image.pullSecrets" $libTemplateName ) . | nindent 6 }} + securityContext: + {{- toYaml .Values.hooks.mongodb.podSecurityContext | nindent 8 }} + containers: + - name: {{ include "codefresh-gitops.fullname" . }}-set-mongodb-compat-version + image: {{ include (printf "%s.image.name" $libTemplateName) (dict "image" .Values.hooks.mongodb.image "context" .) }} + envFrom: + - secretRef: + name: {{ include "codefresh-gitops.fullname" . }} + env: + - name: MONGODB_HOST + {{- include "codefresh-gitops.mongodb-host-env-var-value" . | indent 12 }} + - name: MONGODB_USER + {{- include "codefresh-gitops.mongodb-user-env-var-value" . | indent 12 }} + - name: MONGODB_PASSWORD + {{- include "codefresh-gitops.mongodb-password-env-var-value" . | indent 12 }} + - name: MONGO_URI + {{- include "codefresh-gitops.mongo-seed-uri-env-var-value" . | indent 12 }} + - name: MONGODB_ROOT_USER + {{- include "codefresh-gitops.mongodb-root-user-env-var-value" . | indent 12 }} + - name: MONGODB_ROOT_PASSWORD + {{- include "codefresh-gitops.mongodb-root-password-env-var-value" . | indent 12 }} + - name: MONGODB_COMPAT_VERSION + value: "{{ .Values.mongodb.migration.featureCompatibilityVersion }}" + command: + - "/bin/bash" + - "-c" + - | + {{ .Files.Get "files/hooks/mongoSetCompatibilityVersion.sh" | nindent 12 }} + resources: + {{- toYaml .Values.hooks.mongodb.resources | nindent 10 }} + volumeMounts: + {{- include (printf "%s.volumeMounts" $libTemplateName) (dict "Values" .Values.hooks.mongodb.volumeMounts "context" $) | indent 10 }} + {{- with $allNodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with $allAffinity }} + affinity: + {{- toYaml . | nindent 8}} + {{- end }} + {{- with $allToleration }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + volumes: + {{- include (printf "%s.volumes" $libTemplateName) (dict "Values" .Values.hooks.mongodb.volumes "context" $) | indent 8 }} + restartPolicy: Never +{{- end }} diff --git a/charts/codefresh-gitops/templates/ingress.yaml b/charts/codefresh-gitops/templates/ingress.yaml new file mode 100644 index 0000000000..a52bb333f2 --- /dev/null +++ b/charts/codefresh-gitops/templates/ingress.yaml @@ -0,0 +1,49 @@ +{{- $ingressName := printf "%s-ingress" (include "codefresh-gitops.fullname" .) }} +{{- if and (hasKey .Values.ingress "nameOverride") .Values.ingress.nameOverride }} + {{- $ingressName = .Values.ingress.nameOverride }} +{{- end }} +{{- if .Values.ingress.enabled }} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ $ingressName }} + labels: + {{ include "codefresh-gitops.labels" . | nindent 4 }} + {{- with .Values.ingress.labels }} + {{ toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.ingress.annotations }} + annotations: + {{ toYaml . | nindent 4 }} + {{- end }} +spec: + ingressClassName: {{ .Values.ingress.ingressClassName }} + {{- if .Values.ingress.tls.enabled }} + tls: + - hosts: + - {{ .Values.global.appUrl }} + secretName: {{ include "codefresh-gitops.ingress.tlsSecretName" . }} + {{- end }} + rules: + - host: {{ .Values.ingress.domain | default .Values.global.appUrl }} + http: + paths: + {{- range $serviceName, $paths := .Values.ingress.services }} + {{- if and (index $.Subcharts $serviceName) }} + {{- range $path := $paths }} + - path: {{ $path }} + pathType: ImplementationSpecific + backend: + service: + {{- $fullServiceName := (index $.Subcharts $serviceName).Values.fullnameOverride }} + {{- if $fullServiceName }} + name: {{ $fullServiceName }} + {{- else }} + name: {{ printf "%s-%s" $.Release.Name (index $.Subcharts $serviceName ).Chart.Name }} + {{- end }} + port: + number: {{ (index $.Subcharts $serviceName ).Values.service.main.ports.http.port }} + {{- end }} + {{- end }} + {{- end }} +{{- end}} diff --git a/charts/codefresh-gitops/templates/internal-gateway.yaml b/charts/codefresh-gitops/templates/internal-gateway.yaml new file mode 100644 index 0000000000..bef620cdf1 --- /dev/null +++ b/charts/codefresh-gitops/templates/internal-gateway.yaml @@ -0,0 +1,42 @@ +{{- if index .Values "internal-gateway" "enabled" -}} + +{{ $cfApiEndpointsSvc := printf "%s-%s" .Release.Name (index .Subcharts "cfapi" ).Chart.Name }} +{{ $cfApiEndpointsPort := (index .Subcharts "cfapi" ).Values.service.main.ports.http.port }} + +{{- $internalGatewayContext := (index .Subcharts "internal-gateway") }} + +{{ $fullnameCfApiEndpointsSvc := (index .Subcharts "cfapi").Values.fullnameOverride }} +{{- if $fullnameCfApiEndpointsSvc }} + {{- $cfApiEndpointsSvc = $fullnameCfApiEndpointsSvc }} +{{- end }} + +{{ $cfUiSvc := printf "%s-%s" .Release.Name (index .Subcharts "cfui" ).Chart.Name }} +{{- $fullnameCfUiSvc := (index .Subcharts "cfui").Values.fullnameOverride }} +{{- if $fullnameCfUiSvc }} + {{- $cfUiSvc = $fullnameCfUiSvc }} +{{- end }} + +{{- /* +If onprem is installed with single-role cf-api mode +*/}} +{{- if and (eq (toString .Values.global.cfapiService) "cfapi") (eq (toString .Values.global.cfapiEndpointsService) "cfapi" ) }} + +{{- $_ := set (index $internalGatewayContext.Values.codefresh.serviceEndpoints "cfapi-auth") "svc" (printf "%s.%s.svc.%s" $cfApiEndpointsSvc .Release.Namespace .Values.global.clusterDomain ) }} +{{- $_ := set (index $internalGatewayContext.Values.codefresh.serviceEndpoints "cfapi-endpoints") "svc" (printf "%s.%s.svc.%s" $cfApiEndpointsSvc .Release.Namespace .Values.global.clusterDomain ) }} +{{- $_ := set (index $internalGatewayContext.Values.codefresh.serviceEndpoints "cfapi-environments") "svc" (printf "%s.%s.svc.%s" $cfApiEndpointsSvc .Release.Namespace .Values.global.clusterDomain ) }} +{{- $_ := set (index $internalGatewayContext.Values.codefresh.serviceEndpoints "cfapi-downloadlogmanager") "svc" (printf "%s.%s.svc.%s" $cfApiEndpointsSvc .Release.Namespace .Values.global.clusterDomain ) }} +{{- $_ := set (index $internalGatewayContext.Values.codefresh.serviceEndpoints "cfapi-gitops-resource-receiver") "svc" (printf "%s.%s.svc.%s" $cfApiEndpointsSvc .Release.Namespace .Values.global.clusterDomain ) }} +{{- $_ := set (index $internalGatewayContext.Values.codefresh.serviceEndpoints "cfapi-test-reporting") "svc" (printf "%s.%s.svc.%s" $cfApiEndpointsSvc .Release.Namespace .Values.global.clusterDomain ) }} +{{- $_ := set (index $internalGatewayContext.Values.codefresh.serviceEndpoints "cfapi-kubernetesresourcemonitor") "svc" (printf "%s.%s.svc.%s" $cfApiEndpointsSvc .Release.Namespace .Values.global.clusterDomain ) }} +{{- $_ := set (index $internalGatewayContext.Values.codefresh.serviceEndpoints "cfapi-kubernetes-endpoints") "svc" (printf "%s.%s.svc.%s" $cfApiEndpointsSvc .Release.Namespace .Values.global.clusterDomain ) }} +{{- $_ := set (index $internalGatewayContext.Values.codefresh.serviceEndpoints "cfapi-admin") "svc" (printf "%s.%s.svc.%s" $cfApiEndpointsSvc .Release.Namespace .Values.global.clusterDomain ) }} +{{- $_ := set (index $internalGatewayContext.Values.codefresh.serviceEndpoints "cfapi-teams") "svc" (printf "%s.%s.svc.%s" $cfApiEndpointsSvc .Release.Namespace .Values.global.clusterDomain ) }} +{{- $_ := set (index $internalGatewayContext.Values.codefresh.serviceEndpoints "cfapi-ws") "svc" (printf "%s.%s.svc.%s" $cfApiEndpointsSvc .Release.Namespace .Values.global.clusterDomain ) }} + +{{- end }} + +{{- $_ := set (index $internalGatewayContext.Values.codefresh.serviceEndpoints "cfui") "svc" (printf "%s.%s.svc.%s" $cfUiSvc .Release.Namespace .Values.global.clusterDomain ) }} + +{{- include "internal-gateway.resources" $internalGatewayContext }} + +{{- end -}} diff --git a/charts/codefresh-gitops/templates/secrets/ingress-tls.yaml b/charts/codefresh-gitops/templates/secrets/ingress-tls.yaml new file mode 100644 index 0000000000..26582c655b --- /dev/null +++ b/charts/codefresh-gitops/templates/secrets/ingress-tls.yaml @@ -0,0 +1,13 @@ +{{- if and .Values.ingress.enabled .Values.ingress.tls.enabled (not .Values.ingress.tls.existingSecret) }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "codefresh-gitops.fullname" . }}-{{ .Values.ingress.tls.secretName }} + labels: + {{ include "codefresh-gitops.labels" . | nindent 4 }} +type: kubernetes.io/tls +data: + {{- $cert := buildCustomCert (required "A valid .Values.ingress.tls.cert is required!" .Values.ingress.tls.cert) (required "A valid .Values.ingress.tls.key is required!" .Values.ingress.tls.key) }} + tls.crt: {{ b64enc $cert.Cert }} + tls.key: {{ b64enc $cert.Key }} +{{- end }} diff --git a/charts/codefresh-gitops/templates/secrets/regsecret.yaml b/charts/codefresh-gitops/templates/secrets/regsecret.yaml new file mode 100644 index 0000000000..b6a06162df --- /dev/null +++ b/charts/codefresh-gitops/templates/secrets/regsecret.yaml @@ -0,0 +1,10 @@ +--- +apiVersion: v1 +kind: Secret +metadata: + name: codefresh-registry + labels: + {{ include "codefresh-gitops.labels" . | nindent 4 }} +type: kubernetes.io/dockerconfigjson +data: + .dockerconfigjson: {{ include "codefresh-gitops.imagePullSecret" . }} diff --git a/charts/codefresh-gitops/templates/secrets/secret.yaml b/charts/codefresh-gitops/templates/secrets/secret.yaml new file mode 100644 index 0000000000..5d239d686c --- /dev/null +++ b/charts/codefresh-gitops/templates/secrets/secret.yaml @@ -0,0 +1,31 @@ +{{ $libTemplateName := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }} +--- +apiVersion: v1 +kind: Secret +type: Opaque +metadata: + name: {{ include "codefresh-gitops.fullname" . }} + labels: + {{ include "codefresh-gitops.labels" . | nindent 4 }} +data: + # new MONGODB_* secrets + MONGODB_HOST: {{ coalesce .Values.global.mongodbHost | b64enc }} + MONGODB_PASSWORD: {{ coalesce .Values.global.mongodbPassword | b64enc }} + MONGODB_USER: {{ coalesce .Values.global.mongodbUser | b64enc }} + MONGODB_OPTIONS: {{ coalesce .Values.global.mongodbOptions | b64enc }} + MONGODB_DATABASE: {{ coalesce .Values.global.mongodbDatabase | default "codefresh" | b64enc }} + MONGODB_PROTOCOL: {{ coalesce .Values.global.mongodbProtocol | default "mongodb" | b64enc }} + + # legacy MONGODB_* secrets + MONGODB_ROOT_USER: {{ .Values.seed.mongoSeedJob.mongodbRootUser | b64enc }} + MONGODB_ROOT_PASSWORD: {{ urlquery (.Values.seed.mongoSeedJob.mongodbRootPassword) | b64enc }} + MONGO_URI: {{ .Values.global.mongoURI | default "empty" | b64enc}} + MONGODB_RE_DATABASE: {{ printf "%s" "runtime-environment-manager" | b64enc }} + + POSTGRES_USER: {{ coalesce .Values.global.postgresUser | b64enc }} + POSTGRES_PASSWORD: {{ coalesce .Values.global.postgresPassword | b64enc }} + POSTGRES_SEED_USER: {{ .Values.seed.postgresSeedJob.postgresUser | default .Values.global.postgresUser | b64enc}} + POSTGRES_SEED_PASSWORD: {{ .Values.seed.postgresSeedJob.postgresPassword | default .Values.global.postgresPassword | b64enc }} + POSTGRES_HOSTNAME: {{ default (printf "%s-%s" .Release.Name .Values.global.postgresService) .Values.global.postgresHostname | b64enc }} + POSTGRES_PORT: {{ printf "%v" .Values.global.postgresPort | b64enc }} + POSTGRES_DATABASE: {{ .Values.global.postgresDatabase | default "codefresh" | b64enc }} diff --git a/charts/codefresh-gitops/templates/seed/mongo-seed-config.yaml b/charts/codefresh-gitops/templates/seed/mongo-seed-config.yaml new file mode 100644 index 0000000000..dc71e1a5ad --- /dev/null +++ b/charts/codefresh-gitops/templates/seed/mongo-seed-config.yaml @@ -0,0 +1,16 @@ +{{- if and .Values.seed.enabled (or .Values.global.seedJobs .Values.seed.mongoSeedJob.enabled) }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "codefresh-gitops.fullname" . }}-mongo-seed + labels: + {{ include "codefresh-gitops.labels" . | nindent 4 }} +data: + idps.json: | +{{ .Files.Get "files/seed/idps.json" | indent 4 }} + accounts.json: | +{{ .Files.Get "files/seed/accounts.json" | indent 4 }} + users.json: | +{{ .Files.Get "files/seed/users.json" | indent 4 }} +{{- end }} diff --git a/charts/codefresh-gitops/templates/seed/mongo-seed-job.yaml b/charts/codefresh-gitops/templates/seed/mongo-seed-job.yaml new file mode 100644 index 0000000000..f85fd714bb --- /dev/null +++ b/charts/codefresh-gitops/templates/seed/mongo-seed-job.yaml @@ -0,0 +1,97 @@ +{{ $libTemplateName := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }} +{{ $context := deepCopy .Values.seed }} +--- +{{- if and .Values.seed.enabled (or .Values.global.seedJobs .Values.seed.mongoSeedJob.enabled) }} +{{- $tolerations := .Values.seed.tolerations | default list }} +{{- $globalTolerations := .Values.global.tolerations | default list }} +{{- $allToleration := concat $globalTolerations $tolerations }} +{{- $affinity := .Values.seed.affinity | default dict }} +{{- $globalAffinity := .Values.global.affinity | default dict }} +{{- $allAffinity := mergeOverwrite $globalAffinity $affinity }} +{{- $nodeSelector := .Values.seed.nodeSelector | default dict }} +{{- $globalNodeSelector := .Values.global.nodeSelector | default dict }} +{{- $allNodeSelector := mergeOverwrite $globalNodeSelector $nodeSelector }} +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "codefresh-gitops.fullname" . }}-mongo-seed + labels: + {{ include "codefresh-gitops.labels" . | nindent 4 }} +spec: + {{- with .Values.seed.ttlSecondsAfterFinished }} + ttlSecondsAfterFinished: {{ . }} + {{- end }} + {{- with .Values.seed.backoffLimit }} + backoffLimit: {{ . | int }} + {{- end }} + template: + metadata: + name: {{ include "codefresh-gitops.fullname" . }}-mongo-seed + labels: + {{ include "codefresh-gitops.labels" . | nindent 8 }} + spec: + {{- include (printf "%s.image.pullSecrets" $libTemplateName ) . | nindent 6 }} + securityContext: + {{- toYaml .Values.seed.podSecurityContext | nindent 8 }} + containers: + - name: {{ include "codefresh-gitops.fullname" . }}-mongo-seed + image: {{ include (printf "%s.image.name" $libTemplateName) (dict "image" .Values.seed.mongoSeedJob.image "context" .) }} + envFrom: + - secretRef: + name: {{ include "codefresh-gitops.fullname" . }} + env: + - name: MONGODB_HOST + {{- include "codefresh-gitops.mongodb-host-env-var-value" . | indent 12 }} + - name: MONGODB_USER + {{- include "codefresh-gitops.mongodb-user-env-var-value" . | indent 12 }} + - name: MONGODB_PASSWORD + {{- include "codefresh-gitops.mongodb-password-env-var-value" . | indent 12 }} + - name: MONGO_URI + {{- include "codefresh-gitops.mongo-seed-uri-env-var-value" . | indent 12 }} + - name: MONGODB_ROOT_USER + {{- include "codefresh-gitops.mongodb-root-user-env-var-value" . | indent 12 }} + - name: MONGODB_ROOT_PASSWORD + {{- include "codefresh-gitops.mongodb-root-password-env-var-value" . | indent 12 }} + command: + - "/bin/bash" + - "-exc" + - | + {{ .Files.Get "files/seed/mongoSeedJobScript.sh" | nindent 12 }} + resources: + {{- toYaml .Values.seed.resources | nindent 10 }} + volumeMounts: + - name: seed-data + mountPath: "/usr/share/extras/accounts.json" + subPath: "accounts.json" + - name: seed-data + mountPath: "/usr/share/extras/users.json" + subPath: "users.json" + - name: seed-data + mountPath: "/usr/share/extras/idps.json" + subPath: "idps.json" + - name: seed-data + mountPath: "/usr/share/extras/packs.json" + subPath: "packs.json" + - name: seed-data + mountPath: "/usr/share/extras/accounts-dev.json" + subPath: "accounts-dev.json" + {{- include (printf "%s.volumeMounts" $libTemplateName) ( dict "Values" .Values.seed.volumeMounts "context" $ ) | nindent 8 }} + {{- with $allNodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with $allAffinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with $allToleration }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + restartPolicy: OnFailure + volumes: + - name: seed-data + configMap: + name: {{ include "codefresh-gitops.fullname" . }}-mongo-seed + {{- include (printf "%s.volumes" $libTemplateName) ( dict "Values" .Values.seed.volumes "context" $ ) | nindent 6 }} +{{- end }} diff --git a/charts/codefresh-gitops/templates/seed/postgres-seed-job.yaml b/charts/codefresh-gitops/templates/seed/postgres-seed-job.yaml new file mode 100644 index 0000000000..42a583ad39 --- /dev/null +++ b/charts/codefresh-gitops/templates/seed/postgres-seed-job.yaml @@ -0,0 +1,72 @@ +{{ $libTemplateName := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }} +{{- if and .Values.seed.enabled (or .Values.global.seedJobs .Values.seed.postgresSeedJob.enabled) }} +--- +{{- $tolerations := .Values.seed.tolerations | default list }} +{{- $globalTolerations := .Values.global.tolerations | default list }} +{{- $allToleration := concat $globalTolerations $tolerations }} +{{- $affinity := .Values.seed.affinity | default dict }} +{{- $globalAffinity := .Values.global.affinity | default dict }} +{{- $allAffinity := mergeOverwrite $globalAffinity $affinity }} +{{- $nodeSelector := .Values.seed.nodeSelector | default dict }} +{{- $globalNodeSelector := .Values.global.nodeSelector | default dict }} +{{- $allNodeSelector := mergeOverwrite $globalNodeSelector $nodeSelector }} +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "codefresh-gitops.fullname" . }}-postgres-seed + labels: + {{ include "codefresh-gitops.labels" . | nindent 4 }} +spec: + {{- with .Values.seed.ttlSecondsAfterFinished }} + ttlSecondsAfterFinished: {{ . }} + {{- end }} + {{- with .Values.seed.backoffLimit }} + backoffLimit: {{ . | int }} + {{- end }} + template: + metadata: + name: {{ include "codefresh-gitops.fullname" . }}-postgres-seed + labels: + {{ include "codefresh-gitops.labels" . | nindent 8 }} + spec: + {{- include (printf "%s.image.pullSecrets" $libTemplateName ) . | nindent 6 }} + securityContext: + {{- toYaml .Values.seed.podSecurityContext | nindent 8 }} + containers: + - name: {{ template "codefresh-gitops.fullname" . }}-postgres-seed + image: {{ include (printf "%s.image.name" $libTemplateName) (dict "image" .Values.seed.postgresSeedJob.image "context" .) }} + envFrom: + - secretRef: + name: {{ include "codefresh-gitops.fullname" . }} + env: + - name: POSTGRES_USER + {{- include "codefresh-gitops.postgres-user-env-var-value" . | indent 12 }} + - name: POSTGRES_PASSWORD + {{- include "codefresh-gitops.postgres-password-env-var-value" . | indent 12 }} + - name: POSTGRES_HOSTNAME + {{- include "codefresh-gitops.postgres-host-env-var-value" . | indent 12 }} + - name: POSTGRES_SEED_USER + {{- include "codefresh-gitops.postgres-seed-user-env-var-value" . | indent 12 }} + - name: POSTGRES_SEED_PASSWORD + {{- include "codefresh-gitops.postgres-seed-password-env-var-value" . | indent 12 }} + resources: + {{- toYaml .Values.seed.resources | nindent 10 }} + command: + - "/bin/bash" + - "-exc" + - | + {{ .Files.Get "files/seed/postgresSeedJobScript.sh" | nindent 12 }} + {{- with $allNodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with $allAffinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with $allToleration }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + restartPolicy: OnFailure +{{- end }} diff --git a/charts/codefresh-gitops/values.yaml b/charts/codefresh-gitops/values.yaml new file mode 100644 index 0000000000..5d8d08f30d --- /dev/null +++ b/charts/codefresh-gitops/values.yaml @@ -0,0 +1,1164 @@ +# -- Credentials for Image Pull Secret object +imageCredentials: {} +# Pass sa.json (as a single line). Obtain GCR Service Account JSON (sa.json) at support@codefresh.io +# E.g.: +# imageCredentials: +# registry: us-docker.pkg.dev +# username: _json_key +# password: '{ "type": "service_account", "project_id": "codefresh-enterprise", "private_key_id": ... }' + +# -- Seed jobs +# @default -- See below +seed: + # -- Enable all seed jobs + enabled: true + # -- Mongo Seed Job. Required at first install. Seeds the required data (default idp/user/account), creates cfuser and required databases. + # @default -- See below + mongoSeedJob: + enabled: true + image: + registry: us-docker.pkg.dev/codefresh-inc/public-gcr-io + repository: codefresh/mongosh + tag: 2.5.0 + # -- Root user in plain text (required ONLY for seed job!). + mongodbRootUser: "root" + # -- Root user from existing secret + mongodbRootUserSecretKeyRef: {} + # E.g. + # mongodbRootUserSecretKeyRef: + # name: my-secret + # key: mongodb-root-user + + # -- Root password in plain text (required ONLY for seed job!). + mongodbRootPassword: "password" + # -- Root password from existing secret + mongodbRootPasswordSecretKeyRef: {} + # E.g. + # mongodbRootPasswordSecretKeyRef: + # name: my-secret + # key: mongodb-root-password + + # -- Postgres Seed Job. Required at first install. Creates required user and databases. + # @default -- See below + postgresSeedJob: + enabled: true + image: + registry: us-docker.pkg.dev/codefresh-inc/public-gcr-io + repository: codefresh/postgresql + tag: 17 + # -- (optional) "postgres" admin user in plain text (required ONLY for seed job!) + # Must be a privileged user allowed to create databases and grant roles. + # If omitted, username and password from `.Values.global.postgresUser/postgresPassword` will be used. + postgresUser: "" + # -- (optional) "postgres" admin user from exising secret + postgresUserSecretKeyRef: {} + # E.g. + # postgresUserSecretKeyRef: + # name: my-secret + # key: postgres-user + + # -- (optional) Password for "postgres" admin user (required ONLY for seed job!) + postgresPassword: "" + # -- (optional) Password for "postgres" admin user from existing secret + postgresPasswordSecretKeyRef: {} + # E.g. + # postgresPasswordSecretKeyRef: + # name: my-secret + # key: postgres-password + + ttlSecondsAfterFinished: 300 + backoffLimit: 10 + affinity: {} + nodeSelector: {} + podSecurityContext: {} + resources: {} + tolerations: [] + +# -- Ingress +ingress: + # -- Enable the Ingress + enabled: true + # -- Set the ingressClass that is used for the ingress. + # Default `nginx-codefresh` is created from `ingress-nginx` controller subchart + ingressClassName: "" + # -- Override Ingress resource name + nameOverride: "" + tls: + # -- Enable TLS + enabled: false + # -- Default secret name to be created with provided `cert` and `key` below + secretName: "star.codefresh.io" + # -- Certificate (base64 encoded) + cert: "" + # -- Private key (base64 encoded) + key: "" + # -- Existing `kubernetes.io/tls` type secret with TLS certificates (keys: `tls.crt`, `tls.key`) + existingSecret: "" + # -- Default services and corresponding paths + # @default -- See below + services: + internal-gateway: + - / + # -- Set annotations for ingress. + # @default -- See below + annotations: + nginx.ingress.kubernetes.io/service-upstream: "true" + nginx.ingress.kubernetes.io/ssl-redirect: "false" + nginx.org/redirect-to-https: "false" + # -- Set labels for ingress + labels: {} + +# -- Global parameters +# @default -- See below +global: + # -- Application root url. Will be used in Ingress objects as hostname + appUrl: onprem.codefresh.local + # -- Application protocol. + appProtocol: https + + # -- Global Docker image registry + imageRegistry: "" + + # -- Global Docker registry secret names as array + imagePullSecrets: + - 'codefresh-registry' + + # -- Global StorageClass for Persistent Volume(s) + storageClass: "" + + # -- Global Env vars + env: {} + + # -- Global tolerations constraints + # Apply toleratons to all Codefresh subcharts. Will not be applied on Bitnami subcharts. + tolerations: [] + + # -- Global affinity constraints + # Apply affinity to all Codefresh subcharts. Will not be applied on Bitnami subcharts. + affinity: {} + + # -- Global nodeSelector constraints + # Apply nodeSelector to all Codefresh subcharts. Will not be applied on Bitnami subcharts. + nodeSelector: {} + + # -- New Relic Key + newrelicLicenseKey: "" + + # -- Definitions for internal-gateway nginx resolver + dnsService: kube-dns + dnsNamespace: kube-system + clusterDomain: cluster.local + +#-------- +# MongoDB +#-------- + # -- Legacy MongoDB connection string. Keep empty! + mongoURI: "" + + # -- Set mongodb protocol (`mongodb` / `mongodb+srv`) + mongodbProtocol: mongodb + # -- Set mongodb user in plain text + mongodbUser: "user" + # -- Set mongodb user from existing secret + mongodbUserSecretKeyRef: {} + # E.g. + # mongodbUserSecretKeyRef: + # name: my-secret + # key: mongodb-user + + # -- Set mongodb password in plain text + mongodbPassword: "password" + # -- Set mongodb password from existing secret + mongodbPasswordSecretKeyRef: {} + # E.g. + # mongodbPasswordSecretKeyRef: + # name: my-secret + # key: mongodb-password + + # -- Set mongodb host in plain text + mongodbHost: "mongodb" + # -- Set mongodb host from existing secret + mongodbHostSecretKeyRef: {} + # E.g. + # mongodbHostSecretKeyRef: + # name: my-secret + # key: mongodb-host + + # -- Set mongodb connection string options + # Ref: https://www.mongodb.com/docs/manual/reference/connection-string/#connection-string-options + mongodbOptions: "retryWrites=true" + # -- Default MongoDB database name. Don't change! + mongodbDatabase: codefresh + +#----------- +# Postgresql +#----------- + # -- Set postgres user in plain text + postgresUser: postgres + # -- Set postgres user from existing secret + postgresUserSecretKeyRef: {} + # E.g. + # postgresUserSecretKeyRef: + # name: my-secret + # key: postgres-user + + # -- Set postgres password in plain text + postgresPassword: postgres + # -- Set postgres password from existing secret + postgresPasswordSecretKeyRef: {} + # E.g. + # postgresPasswordSecretKeyRef: + # name: my-secret + # key: postgres-password + + # -- Set postgres service address in plain text. Takes precedence over `global.postgresService`! + postgresHostname: "postgresql" + # -- Set postgres service from existing secret + postgresHostnameSecretKeyRef: {} + # E.g. + # postgresHostnameSecretKeyRef: + # name: my-secret + # key: postgres-hostname + + # -- Set postgres port number + postgresPort: 5432 + # -- Set postgres database name + postgresDatabase: codefresh + # -- Default internal postgresql service address from bitnami/postgresql subchart + postgresService: postgresql + +#--------- +# RabbitMQ +#--------- + # -- Set rabbitmq protocol (`amqp/amqps`) + rabbitmqProtocol: amqp + # -- Set rabbitmq username in plain text + rabbitmqUsername: user + # -- Set rabbitmq username from existing secret + rabbitmqUsernameSecretKeyRef: {} + # E.g. + # rabbitmqUsernameSecretKeyRef: + # name: my-secret + # key: rabbitmq-username + + # -- Set rabbitmq password in plain text + rabbitmqPassword: rabbitmq + # -- Set rabbitmq password from existing secret + rabbitmqPasswordSecretKeyRef: {} + # E.g. + # rabbitmqPasswordSecretKeyRef: + # name: my-secret + # key: rabbitmq-password + + # -- Set rabbitmq service address in plain text. Takes precedence over `global.rabbitService`! + rabbitmqHostname: "rabbitmq:5672" + # -- Set rabbitmq service address from existing secret. + rabbitmqHostnameSecretKeyRef: {} + # E.g. + # rabbitmqHostnameSecretKeyRef: + # name: my-secret + # key: rabbitmq-hostname + + # -- Default internal rabbitmq service address from bitnami/rabbitmq subchart. + rabbitService: rabbitmq:5672 + +#------ +# Redis +#------ + # -- Set redis password in plain text + redisPassword: redis + # -- Set redis service port + redisPort: 6379 + # -- Set redis password from existing secret + redisPasswordSecretKeyRef: {} + # E.g. + # redisPasswordSecretKeyRef: + # name: my-secret + # key: redis-password + + # -- Set redis hostname in plain text. Takes precedence over `global.redisService`! + redisUrl: "redis-master" + # -- Set redis hostname from existing secret. + redisUrlSecretKeyRef: {} + # E.g. + # redisUrlSecretKeyRef: + # name: my-secret + # key: redis-url + + # -- Default internal redis service address from bitnami/redis subchart + redisService: redis-master + +#---------------------------------- +# Codefresh services. Don't change! +#---------------------------------- + # -- Default API service name. + cfapiService: cfapi + # -- Default API service port. + cfapiInternalPort: 3000 + # -- Default API endpoints service name + cfapiEndpointsService: cfapi + # -- Default platform-analytics service name. + platformAnalyticsService: platform-analytics + # -- Default platform-analytics service port. + platformAnalyticsPort: 80 + + # -- Bitnami + security: + allowInsecureImages: true + +# -- Pre/post-upgrade Job hooks. +# @default -- See below +hooks: + # -- Sets feature compatibility version + mongodb: + enabled: true + image: + registry: us-docker.pkg.dev/codefresh-inc/public-gcr-io + repository: codefresh/mongosh + tag: 2.5.0 + affinity: {} + nodeSelector: {} + podSecurityContext: {} + resources: {} + tolerations: [] + +#-------------------- +# Codefresh subcharts +#-------------------- + +# -- cf-api +cfapi: &cf-api + # -- Enable cf-api + enabled: true + # -- Override name + fullnameOverride: cfapi + # -- Image pull secrets + imagePullSecrets: [] + # -- Controller configuration + controller: + # -- Replicas number + replicas: 2 + # -- Container configuration + container: + # -- Image + image: + # -- Registry prefix + registry: us-docker.pkg.dev/codefresh-inc/gcr.io + # -- Repository + repository: codefresh/dev/cf-api + # -- Tag + tag: 21.283.0-test-gitops-system-type + # -- Digest + digest: "" + # -- Env vars + # @default -- See below + env: + AUDIT_AUTO_CREATE_DB: true + LOGGER_LEVEL: debug + ON_PREMISE: true + DEFAULT_SYSTEM_TYPE: GITOPS + API_URI: cfapi + PIPELINE_MANAGER_URI: pipeline-manager # temorary, need to remove + PLATFORM_ANALYTICS_URI: platform-analytics + RUNTIME_ENVIRONMENT_MANAGER_URI: runtime-environment-manager # temporary, need to remove + # -- Resource requests and limits + resources: + requests: + cpu: 200m + memory: "256Mi" + limits: {} + # -- Autoscaler configuration + hpa: + # -- Enable HPA + enabled: false + # -- Minimum number of replicas + minReplicas: 2 + # -- Maximum number of replicas + maxReplicas: 10 + # -- Average CPU utilization percentage + targetCPUUtilizationPercentage: 70 + # -- Pod disruption budget configuration + pdb: + # -- Enable PDB + enabled: false + # -- Minimum number of replicas in percentage + minAvailable: "50%" + # -- Affinity configuration + affinity: {} + # -- Node selector configuration + nodeSelector: {} + # -- Pod security context configuration + podSecurityContext: {} + # -- Tolerations configuration + tolerations: [] + +# -- internal-gateway +# @default -- See below +internal-gateway: + enabled: true + fullnameOverride: internal-gateway + libraryMode: true + controller: + replicas: 2 + container: + image: + registry: docker.io + repository: nginxinc/nginx-unprivileged + nginx: + config: + locations: + /api/auth/authenticate: + locationDirectives: + proxy_buffers: "4 180k" + proxy_buffer_size: "180k" + resources: + requests: + cpu: 100m + memory: 128Mi + hpa: + enabled: false + pdb: + enabled: false + affinity: {} + nodeSelector: {} + podSecurityContext: {} + tolerations: [] + +# -- etl-starter +# @default -- See below +cf-platform-analytics-etlstarter: + fullnameOverride: etl-starter + mongodbDatabase: "platform-analytics-postgres" + redis: + # -- Disable redis subchart + enabled: false + imagePullSecrets: [] + controller: + # - Disable default deployment controller + enabled: false + # -- Only postgres ETL should be running in onprem + system-etl-postgres: + enabled: true + fullnameOverride: system-etl-postgres + controller: + cronjob: + ttlSecondsAfterFinished: 300 + container: + env: + BLUE_GREEN_ENABLED: true + # @ignored + system-etl-gitops: + enabled: false + # @ignored + system-etl-metabase: + enabled: false + + container: + image: + registry: us-docker.pkg.dev/codefresh-enterprise/gcr.io + env: + ENV: production + DATASET_ID: etl + MONGO_DB_DEFAULT_NAME: codefresh + affinity: {} + nodeSelector: {} + podSecurityContext: {} + tolerations: [] + +# -- platform-analytics +# @default -- See below +cf-platform-analytics-platform: + fullnameOverride: platform-analytics + mongodbDatabase: "platform-analytics-postgres" + imagePullSecrets: [] + container: + image: + registry: us-docker.pkg.dev/codefresh-enterprise/gcr.io + repository: codefresh/cf-platform-analytics + redis: + enabled: false + resources: + requests: + cpu: 100m + memory: 128Mi + env: + ENV: production + DATASET_ID: etl + NODE_ENV: production + CUBEJS_LOG_LEVEL: trace + CUBEJS_SCHEDULED_REFRESH_TIMER: 60 + REDIS_TLS: false + CUBEJS_DEV_MODE: false + SUPPORTED_DATA_SOURCE: 'CSDP_POSTGRES,CLASSIC_POSTGRES' + affinity: {} + nodeSelector: {} + podSecurityContext: {} + tolerations: [] + +# -- cf-ui +# @default -- See below +cfui: + enabled: true + fullnameOverride: cfui + imagePullSecrets: [] + controller: + replicas: 2 + container: + image: + registry: us-docker.pkg.dev/codefresh-enterprise/gcr.io + repository: codefresh/cf-ui + env: + ON_PREMISE: true + ONPREM_VERSION: + valueFrom: + configMapKeyRef: + name: codefresh-gitops-version-info + key: app + optional: true + resources: + requests: + cpu: 100m + memory: 128Mi + limits: {} + hpa: + enabled: false + pdb: + enabled: false + affinity: {} + nodeSelector: {} + podSecurityContext: {} + tolerations: [] + +# -- runtime-environment-manager +# @default -- See below +runtime-environment-manager: + enabled: true + fullnameOverride: runtime-environment-manager + imagePullSecrets: [] + container: + image: + registry: us-docker.pkg.dev/codefresh-enterprise/gcr.io + repository: codefresh/runtime-environment-manager + env: + ON_PREMISE: true + resources: + requests: + cpu: 100m + memory: 128Mi + limits: {} + hpa: + enabled: false + pdb: + enabled: false + affinity: {} + nodeSelector: {} + podSecurityContext: {} + tolerations: [] + volumes: + runtime-environments: + nameOverride: runtime-environments + +# -- mongodb +# @default -- See below +# Ref: https://github.com/bitnami/charts/blob/main/bitnami/mongodb/values.yaml +mongodb: + enabled: true + fullnameOverride: mongodb + architecture: standalone + useStatefulSet: true + auth: + rootUser: root + rootPassword: password + usernames: + - user + - user + - user + - user + - user + - user + - user + passwords: + - password + - password + - password + - password + - password + - password + - password + databases: + - archive + - codefresh + - runtime-environment-manager # temporary, need to remove + - read-models + - audit + - platform-analytics-postgres + - payments # temporary, need to remove + resources: + requests: + cpu: 200m + memory: 256Mi + migration: + enabled: false + featureCompatibilityVersion: "6.0" + +# -- postgresql +# @default -- See below +# Ref: https://github.com/bitnami/charts/blob/main/bitnami/postgresql/values.yaml +postgresql: + enabled: true + fullnameOverride: postgresql + image: + registry: us-docker.pkg.dev/codefresh-inc/public-gcr-io + repository: codefresh/postgresql + tag: 17 + auth: + enablePostgresUser: true + postgresPassword: "postgres" + database: "codefresh" + architecture: standalone + postgresqlSharedPreloadLibraries: pg_partman_bgw,pg_cron + primary: + extendedConfiguration: | + pg_partman_bgw.interval = 3600 + pg_partman_bgw.role = 'postgres' + pg_partman_bgw.dbname = 'postgres' + cron.database_name = 'postgres' + resources: + requests: + cpu: 200m + memory: 256Mi + +# -- redis +# @default -- See below +# Ref: https://github.com/bitnami/charts/blob/main/bitnami/redis/values.yaml +redis: + enabled: true + fullnameOverride: redis + architecture: standalone + auth: + password: "redis" + master: + count: 1 + resources: + requests: + cpu: 200m + memory: 256Mi + +# -- rabbitmq +# @default -- See below +# Ref: https://github.com/bitnami/charts/blob/main/bitnami/rabbitmq/values.yaml +rabbitmq: + enabled: true + fullnameOverride: rabbitmq + image: + tag: "4.0" + replicaCount: 1 + auth: + username: user + password: "rabbitmq" + resources: + requests: + cpu: 200m + memory: 256Mi + +# -- argo-hub-platform +# @default -- See below +argo-hub-platform: + fullnameOverride: argo-hub-platform + controller: + deployment: + replicas: 1 + container: + image: + registry: us-docker.pkg.dev/codefresh-enterprise/gcr.io + repository: codefresh-io/argo-hub-platform + imagePullSecrets: [] + resources: + requests: + cpu: 100m + memory: 128Mi + limits: {} + hpa: + enabled: false + pdb: + enabled: false + affinity: {} + nodeSelector: {} + podSecurityContext: {} + tolerations: [] + +# -- argo-platform +# @default -- See below +argo-platform: + enabled: true + + # -- Use regular k8s secret object. Keep `false`! + useExternalSecret: false + # -- Anchors + # @default -- See below + anchors: + cache-host: &cache-host '{{ coalesce .Values.redisUrl .Values.global.redisUrl (printf "%s-%s" .Release.Name .Values.global.redisService) }}' + cache-password: &cache-password '{{ coalesce .Values.redisPassword .Values.global.redisPassword }}' + cache-port: &cache-port '{{ coalesce .Values.redisPort .Values.global.redisPort }}' + + mongodb-readmodels-uri: &mongodb-readmodels-uri '{{ include "argo-patform-libs.calculate-mongo-uri" (dict "dbName" "read-models" "mongoURI" .Values.global.mongoURI) | default "null" }}' + mongodb-audit-uri: &mongodb-audit-uri '{{ include "argo-patform-libs.calculate-mongo-uri" (dict "dbName" "audit" "mongoURI" .Values.global.mongoURI) | default "null" }}' + + pg-db-name: &pg-db-name analytics + pg-host-name: &pg-host-name '{{ coalesce .Values.postgresHostname .Values.global.postgresHostname (printf "%s-%s" .Release.Name .Values.global.postgresService) }}' + pg-password: &pg-password '{{ coalesce .Values.postgresPassword .Values.global.postgresPassword }}' + pg-port: &pg-port '{{ coalesce .Values.postgresPort .Values.global.postgresPort }}' + pg-user-name: &pg-user-name '{{ coalesce .Values.postgresUser .Values.global.postgresUser }}' + + mongodb-host: &mongodb-host '{{ coalesce .Values.mongodbHost .Values.global.mongodbHost }}' + mongodb-password: &mongodb-password '{{ coalesce .Values.mongodbPassword .Values.global.mongodbPassword }}' + mongodb-user: &mongodb-user '{{ coalesce .Values.mongodbUser .Values.global.mongodbUser }}' + mongodb-protocol: &mongodb-protocol '{{ coalesce .Values.mongodbProtocol .Values.global.mongodbProtocol "mongodb" }}' + mongodb-options: &mongodb-options '{{ coalesce .Values.mongodbOptions .Values.global.mongodbOptions }}' + + rabbitmq-protocol: &rabbitmq-protocol '{{ coalesce .Values.rabbitmqProtocol .Values.global.rabbitmqProtocol "amqp" }}' + rabbitmq-host: &rabbitmq-host '{{ coalesce .Values.rabbitmqHostname .Values.global.rabbitmqHostname (printf "%s-%s" .Release.Name (coalesce .Values.global.rabbitService .Values.global.rabbitmqService) ) }}' + rabbitmq-password: &rabbitmq-password '{{ coalesce .Values.rabbitmqPassword .Values.global.rabbitmqPassword }}' + rabbitmq-port: &rabbitmq-port '{{ coalesce .Values.rabbitmqPort .Values.global.rabbitmqPort "5672" }}' + rabbitmq-user: &rabbitmq-user '{{ coalesce .Values.rabbitmqUsername .Values.global.rabbitmqUsername }}' + + # -- api-graphql + # @default -- See below + # All other services under `.Values.argo-platform` follows the same values structure. + api-graphql: + enabled: true + # -- Controller kind. Currently, only `Deployment` is supported + kind: Deployment + # -- Image + image: + # -- Registry + registry: us-docker.pkg.dev/codefresh-enterprise/gcr.io + # -- Repository + repository: codefresh-io/argo-platform-api-graphql + # -- Env vars + # @default -- See below + env: + GRAPHQL_PLAYGROUND: true + MONGODB_PROTOCOL: *mongodb-protocol + MONGODB_OPTIONS: *mongodb-options + RABBITMQ_PROTOCOL: *rabbitmq-protocol + MONGODB_READMODELS_URI: '{{ include "argo-patform-libs.env-vars.mongodb-readmodels-uri-env-var-value" . }}' + MONGODB_AUDIT_URI: '{{ include "argo-patform-libs.env-vars.mongodb-audit-uri-env-var-value" . }}' + RABBITMQ_URLS: $(RABBITMQ_PROTOCOL)://$(RABBITMQ_USER):$(RABBITMQ_PASSWORD)@$(RABBITMQ_HOST) + # -- Secrets + # @default -- See below + secrets: + argo-hub-host: http://argo-hub-platform + cache-host: *cache-host + cache-password: *cache-password + cache-port: *cache-port + v1-host: http://{{ .Values.global.cfapiEndpointsService }} + v1-internal-host: http://{{ .Values.global.cfapiService }}:{{ .Values.global.cfapiInternalPort }} + mongodb-protocol: *mongodb-protocol + mongodb-options: *mongodb-options + mongodb-host: *mongodb-host + mongodb-password: *mongodb-password + mongodb-user: *mongodb-user + mongodb-audit-uri: *mongodb-audit-uri + mongodb-readmodels-uri: *mongodb-readmodels-uri + rabbitmq-protocol: *rabbitmq-protocol + rabbitmq-host: *rabbitmq-host + rabbitmq-password: *rabbitmq-password + rabbitmq-port: *rabbitmq-port + rabbitmq-user: *rabbitmq-user + # -- Resource limits and requests + # @default -- See below + resources: + requests: + cpu: 200m + memory: 256Mi + limits: + memory: 1Gi + # -- HPA + hpa: + # -- Enable autoscaler + enabled: false + # -- PDB + pdb: + # -- Enable pod disruption budget + enabled: false + # -- Set pod's affinity + affinity: {} + # -- Set pod's tolerations + tolerations: [] + # -- Set pod's annotations + podAnnotations: + checksum/secret: '{{ include (print $.Template.BasePath "/api-graphql/secret.yaml") . | sha256sum }}' + + # -- abac + # @default -- See below + abac: + enabled: true + kind: Deployment + image: + registry: us-docker.pkg.dev/codefresh-enterprise/gcr.io + repository: codefresh-io/argo-platform-abac + env: + MONGODB_PROTOCOL: *mongodb-protocol + MONGODB_OPTIONS: *mongodb-options + MONGODB_READMODELS_URI: '{{ include "argo-patform-libs.env-vars.mongodb-readmodels-uri-env-var-value" . }}' + MONGODB_AUDIT_URI: '{{ include "argo-patform-libs.env-vars.mongodb-audit-uri-env-var-value" . }}' + secrets: + mongodb-protocol: *mongodb-protocol + mongodb-options: *mongodb-options + mongodb-host: *mongodb-host + mongodb-password: *mongodb-password + mongodb-user: *mongodb-user + mongodb-audit-uri: *mongodb-audit-uri + mongodb-readmodels-uri: *mongodb-readmodels-uri + resources: + requests: + cpu: 100m + memory: 128Mi + limits: + memory: 1Gi + hpa: + enabled: false + pdb: + enabled: false + affinity: {} + tolerations: [] + podAnnotations: + checksum/secret: '{{ include (print $.Template.BasePath "/abac/secret.yaml") . | sha256sum }}' + + # -- analytics-reporter + # @default -- See below + analytics-reporter: + enabled: true + kind: Deployment + image: + registry: us-docker.pkg.dev/codefresh-enterprise/gcr.io + repository: codefresh-io/argo-platform-analytics-reporter + env: + ENABLED_DATABASE_TYPES: POSTGRES + MONGODB_PROTOCOL: *mongodb-protocol + MONGODB_OPTIONS: *mongodb-options + RABBITMQ_PROTOCOL: *rabbitmq-protocol + MONGODB_READMODELS_URI: '{{ include "argo-patform-libs.env-vars.mongodb-readmodels-uri-env-var-value" . }}' + RABBITMQ_URLS: $(RABBITMQ_PROTOCOL)://$(RABBITMQ_USER):$(RABBITMQ_PASSWORD)@$(RABBITMQ_HOST) + secrets: + mongodb-protocol: *mongodb-protocol + mongodb-options: *mongodb-options + mongodb-host: *mongodb-host + mongodb-password: *mongodb-password + mongodb-user: *mongodb-user + mongodb-readmodels-uri: *mongodb-readmodels-uri + pg-db-name: *pg-db-name + pg-host-name: *pg-host-name + pg-password: *pg-password + pg-port: *pg-port + pg-user-name: *pg-user-name + rabbitmq-protocol: *rabbitmq-protocol + rabbitmq-host: *rabbitmq-host + rabbitmq-password: *rabbitmq-password + rabbitmq-port: *rabbitmq-port + rabbitmq-user: *rabbitmq-user + resources: + requests: + cpu: 100m + memory: 128Mi + limits: + memory: 1Gi + hpa: + enabled: false + pdb: + enabled: false + tolerations: [] + affinity: {} + volumes: [] + volumeMounts: [] + podAnnotations: + checksum/secret: '{{ include (print $.Template.BasePath "/analytics-reporter/secret.yaml") . | sha256sum }}' + + # -- api-events + # @default -- See below + api-events: + enabled: true + kind: Deployment + image: + registry: us-docker.pkg.dev/codefresh-enterprise/gcr.io + repository: codefresh-io/argo-platform-api-events + env: + RABBITMQ_PROTOCOL: *rabbitmq-protocol + RABBITMQ_URLS: $(RABBITMQ_PROTOCOL)://$(RABBITMQ_USER):$(RABBITMQ_PASSWORD)@$(RABBITMQ_HOST) + secrets: + rabbitmq-protocol: *rabbitmq-protocol + rabbitmq-host: *rabbitmq-host + rabbitmq-password: *rabbitmq-password + rabbitmq-port: *rabbitmq-port + rabbitmq-user: *rabbitmq-user + resources: + requests: + cpu: 100m + memory: 128Mi + limits: + memory: 1Gi + hpa: + enabled: false + pdb: + enabled: false + affinity: {} + tolerations: [] + podAnnotations: + checksum/secret: '{{ include (print $.Template.BasePath "/api-events/secret.yaml") . | sha256sum }}' + + # -- argocd-hooks + # @default -- See below + # Don't enable! Not used in onprem! + argocd-hooks: + enabled: false + + # -- audit + # @default -- See below + audit: + enabled: true + kind: Deployment + image: + registry: us-docker.pkg.dev/codefresh-enterprise/gcr.io + repository: codefresh-io/argo-platform-audit + env: + MONGODB_PROTOCOL: *mongodb-protocol + MONGODB_OPTIONS: *mongodb-options + RABBITMQ_PROTOCOL: *rabbitmq-protocol + MONGODB_AUDIT_URI: '{{ include "argo-patform-libs.env-vars.mongodb-audit-uri-env-var-value" . }}' + MONGODB_READMODELS_URI: '{{ include "argo-patform-libs.env-vars.mongodb-readmodels-uri-env-var-value" . }}' + RABBITMQ_URLS: $(RABBITMQ_PROTOCOL)://$(RABBITMQ_USER):$(RABBITMQ_PASSWORD)@$(RABBITMQ_HOST) + secrets: + mongodb-protocol: *mongodb-protocol + mongodb-options: *mongodb-options + mongodb-host: *mongodb-host + mongodb-password: *mongodb-password + mongodb-user: *mongodb-user + mongodb-audit-uri: *mongodb-audit-uri + mongodb-readmodels-uri: *mongodb-readmodels-uri + rabbitmq-protocol: *rabbitmq-protocol + rabbitmq-host: *rabbitmq-host + rabbitmq-password: *rabbitmq-password + rabbitmq-port: *rabbitmq-port + rabbitmq-user: *rabbitmq-user + resources: + requests: + cpu: 100m + memory: 128Mi + limits: + memory: 1Gi + hpa: + enabled: false + pdb: + enabled: false + affinity: {} + tolerations: [] + podAnnotations: + checksum/secret: '{{ include (print $.Template.BasePath "/audit/secret.yaml") . | sha256sum }}' + + # -- cron-executor + # @default -- See below + cron-executor: + enabled: true + kind: Deployment + image: + registry: us-docker.pkg.dev/codefresh-enterprise/gcr.io + repository: codefresh-io/argo-platform-cron-executor + env: + MONGODB_PROTOCOL: *mongodb-protocol + MONGODB_OPTIONS: *mongodb-options + RABBITMQ_PROTOCOL: *rabbitmq-protocol + MONGODB_READMODELS_URI: '{{ include "argo-patform-libs.env-vars.mongodb-readmodels-uri-env-var-value" . }}' + MONGODB_AUDIT_URI: '{{ include "argo-patform-libs.env-vars.mongodb-audit-uri-env-var-value" . }}' + RABBITMQ_URLS: $(RABBITMQ_PROTOCOL)://$(RABBITMQ_USER):$(RABBITMQ_PASSWORD)@$(RABBITMQ_HOST) + secrets: + mongodb-protocol: *mongodb-protocol + mongodb-options: *mongodb-options + mongodb-host: *mongodb-host + mongodb-password: *mongodb-password + mongodb-user: *mongodb-user + mongodb-audit-uri: *mongodb-audit-uri + mongodb-readmodels-uri: *mongodb-readmodels-uri + rabbitmq-protocol: *rabbitmq-protocol + rabbitmq-host: *rabbitmq-host + rabbitmq-password: *rabbitmq-password + rabbitmq-port: *rabbitmq-port + rabbitmq-user: *rabbitmq-user + resources: + requests: + cpu: 100m + memory: 128Mi + limits: + memory: 1Gi + hpa: + enabled: false + pdb: + enabled: false + affinity: {} + tolerations: [] + podAnnotations: + checksum/secret: '{{ include (print $.Template.BasePath "/cron-executor/secret.yaml") . | sha256sum }}' + + # -- event-handler + # @default -- See below + event-handler: + enabled: true + kind: Deployment + image: + registry: us-docker.pkg.dev/codefresh-enterprise/gcr.io + repository: codefresh-io/argo-platform-event-handler + env: + MONGODB_PROTOCOL: *mongodb-protocol + MONGODB_OPTIONS: *mongodb-options + RABBITMQ_PROTOCOL: *rabbitmq-protocol + MONGODB_READMODELS_URI: '{{ include "argo-patform-libs.env-vars.mongodb-readmodels-uri-env-var-value" . }}' + RABBITMQ_URLS: $(RABBITMQ_PROTOCOL)://$(RABBITMQ_USER):$(RABBITMQ_PASSWORD)@$(RABBITMQ_HOST) + secrets: + mongodb-protocol: *mongodb-protocol + mongodb-options: *mongodb-options + mongodb-host: *mongodb-host + mongodb-password: *mongodb-password + mongodb-user: *mongodb-user + mongodb-readmodels-uri: *mongodb-readmodels-uri + rabbitmq-protocol: *rabbitmq-protocol + rabbitmq-host: *rabbitmq-host + rabbitmq-password: *rabbitmq-password + rabbitmq-port: *rabbitmq-port + rabbitmq-user: *rabbitmq-user + resources: + requests: + cpu: 100m + memory: 128Mi + limits: + memory: 1Gi + hpa: + enabled: false + pdb: + enabled: false + affinity: {} + tolerations: [] + podAnnotations: + checksum/secret: '{{ include (print $.Template.BasePath "/event-handler/secret.yaml") . | sha256sum }}' + + # -- runtime-manager + # @default -- See below + # Don't enable! Not used in onprem! + runtime-manager: + enabled: false + + # -- runtime-monitor + # @default -- See below + # Don't enable! Not used in onprem! + runtime-monitor: + enabled: false + + # -- ui + # @default -- See below + ui: + enabled: true + kind: Deployment + image: + registry: us-docker.pkg.dev/codefresh-enterprise/gcr.io + repository: codefresh-io/argo-platform-ui + resources: + requests: + cpu: 100m + memory: 128Mi + limits: + memory: 512Mi + hpa: + enabled: false + pdb: + enabled: false + affinity: {} + tolerations: [] + + # -- broadcaster + # @default -- See below + broadcaster: + enabled: true + kind: Deployment + image: + registry: us-docker.pkg.dev/codefresh-enterprise/gcr.io + repository: codefresh-io/argo-platform-broadcaster + env: + MONGODB_PROTOCOL: *mongodb-protocol + MONGODB_OPTIONS: *mongodb-options + RABBITMQ_PROTOCOL: *rabbitmq-protocol + MONGODB_READMODELS_URI: '{{ include "argo-patform-libs.env-vars.mongodb-readmodels-uri-env-var-value" . }}' + RABBITMQ_URLS: $(RABBITMQ_PROTOCOL)://$(RABBITMQ_USER):$(RABBITMQ_PASSWORD)@$(RABBITMQ_HOST) + secrets: + v1-host: http://{{ .Values.global.cfapiEndpointsService }} + v1-internal-host: http://{{ .Values.global.cfapiService }}:{{ .Values.global.cfapiInternalPort }} + mongodb-protocol: *mongodb-protocol + mongodb-options: *mongodb-options + mongodb-host: *mongodb-host + mongodb-password: *mongodb-password + mongodb-user: *mongodb-user + mongodb-readmodels-uri: *mongodb-readmodels-uri + rabbitmq-protocol: *rabbitmq-protocol + rabbitmq-host: *rabbitmq-host + rabbitmq-password: *rabbitmq-password + rabbitmq-port: *rabbitmq-port + rabbitmq-user: *rabbitmq-user + resources: + requests: + cpu: 100m + memory: 128Mi + limits: + memory: 1Gi + hpa: + enabled: false + pdb: + enabled: false + affinity: {} + tolerations: [] + podAnnotations: + checksum/secret: '{{ include (print $.Template.BasePath "/broadcaster/secret.yaml") . | sha256sum }}' + + # -- promotion-orchestrator + # @default -- See below + promotion-orchestrator: + enabled: true + kind: Deployment + image: + registry: us-docker.pkg.dev/codefresh-enterprise/gcr.io + repository: codefresh-io/argo-platform-promotion-orchestrator + env: + MONGODB_PROTOCOL: *mongodb-protocol + MONGODB_OPTIONS: *mongodb-options + RABBITMQ_PROTOCOL: *rabbitmq-protocol + MONGODB_READMODELS_URI: '{{ include "argo-patform-libs.env-vars.mongodb-readmodels-uri-env-var-value" . }}' + RABBITMQ_URLS: $(RABBITMQ_PROTOCOL)://$(RABBITMQ_USER):$(RABBITMQ_PASSWORD)@$(RABBITMQ_HOST) + secrets: + cache-host: *cache-host + cache-password: *cache-password + cache-port: *cache-port + mongodb-protocol: *mongodb-protocol + mongodb-options: *mongodb-options + mongodb-host: *mongodb-host + mongodb-password: *mongodb-password + mongodb-user: *mongodb-user + mongodb-readmodels-uri: *mongodb-readmodels-uri + rabbitmq-protocol: *rabbitmq-protocol + rabbitmq-host: *rabbitmq-host + rabbitmq-password: *rabbitmq-password + rabbitmq-port: *rabbitmq-port + rabbitmq-user: *rabbitmq-user + resources: + requests: + cpu: 100m + memory: 128Mi + limits: + memory: 1Gi + hpa: + enabled: false + pdb: + enabled: false + affinity: {} + tolerations: [] + podAnnotations: + checksum/secret: '{{ include (print $.Template.BasePath "/promotion-orchestrator/secret.yaml") . | sha256sum }}' + + classic-event-bridge: + enabled: false diff --git a/codefresh/.ci/helm-docs.sh b/charts/codefresh/.ci/helm-docs.sh similarity index 100% rename from codefresh/.ci/helm-docs.sh rename to charts/codefresh/.ci/helm-docs.sh diff --git a/codefresh/.ci/runtime-images.sh b/charts/codefresh/.ci/runtime-images.sh similarity index 100% rename from codefresh/.ci/runtime-images.sh rename to charts/codefresh/.ci/runtime-images.sh diff --git a/codefresh/.ci/values/cfapi-roles-hpa.yaml b/charts/codefresh/.ci/values/cfapi-roles-hpa.yaml similarity index 100% rename from codefresh/.ci/values/cfapi-roles-hpa.yaml rename to charts/codefresh/.ci/values/cfapi-roles-hpa.yaml diff --git a/codefresh/.ci/values/defaults-hpa.yaml b/charts/codefresh/.ci/values/defaults-hpa.yaml similarity index 100% rename from codefresh/.ci/values/defaults-hpa.yaml rename to charts/codefresh/.ci/values/defaults-hpa.yaml diff --git a/codefresh/.ci/values/external-secrets.yaml b/charts/codefresh/.ci/values/external-secrets.yaml similarity index 100% rename from codefresh/.ci/values/external-secrets.yaml rename to charts/codefresh/.ci/values/external-secrets.yaml diff --git a/codefresh/.ci/values/infra-ha.yaml b/charts/codefresh/.ci/values/infra-ha.yaml similarity index 100% rename from codefresh/.ci/values/infra-ha.yaml rename to charts/codefresh/.ci/values/infra-ha.yaml diff --git a/codefresh/.ci/values/mtls-mongodb-redis.yaml b/charts/codefresh/.ci/values/mtls-mongodb-redis.yaml similarity index 100% rename from codefresh/.ci/values/mtls-mongodb-redis.yaml rename to charts/codefresh/.ci/values/mtls-mongodb-redis.yaml diff --git a/codefresh/.ci/values/openshift.yaml b/charts/codefresh/.ci/values/openshift.yaml similarity index 100% rename from codefresh/.ci/values/openshift.yaml rename to charts/codefresh/.ci/values/openshift.yaml diff --git a/codefresh/.ci/values/registry.yaml b/charts/codefresh/.ci/values/registry.yaml similarity index 100% rename from codefresh/.ci/values/registry.yaml rename to charts/codefresh/.ci/values/registry.yaml diff --git a/codefresh/.ci/values/values-all-images.yaml b/charts/codefresh/.ci/values/values-all-images.yaml similarity index 100% rename from codefresh/.ci/values/values-all-images.yaml rename to charts/codefresh/.ci/values/values-all-images.yaml diff --git a/codefresh/.ci/values/values-install-only.yaml b/charts/codefresh/.ci/values/values-install-only.yaml similarity index 100% rename from codefresh/.ci/values/values-install-only.yaml rename to charts/codefresh/.ci/values/values-install-only.yaml diff --git a/codefresh/.ci/values/values-openshift.yaml b/charts/codefresh/.ci/values/values-openshift.yaml similarity index 100% rename from codefresh/.ci/values/values-openshift.yaml rename to charts/codefresh/.ci/values/values-openshift.yaml diff --git a/codefresh/.ci/values/values-upgrade-only.yaml b/charts/codefresh/.ci/values/values-upgrade-only.yaml similarity index 100% rename from codefresh/.ci/values/values-upgrade-only.yaml rename to charts/codefresh/.ci/values/values-upgrade-only.yaml diff --git a/codefresh/.helmignore b/charts/codefresh/.helmignore similarity index 100% rename from codefresh/.helmignore rename to charts/codefresh/.helmignore diff --git a/codefresh/Chart.lock b/charts/codefresh/Chart.lock similarity index 100% rename from codefresh/Chart.lock rename to charts/codefresh/Chart.lock diff --git a/codefresh/Chart.yaml b/charts/codefresh/Chart.yaml similarity index 100% rename from codefresh/Chart.yaml rename to charts/codefresh/Chart.yaml diff --git a/codefresh/README.md b/charts/codefresh/README.md similarity index 100% rename from codefresh/README.md rename to charts/codefresh/README.md diff --git a/codefresh/README.md.gotmpl b/charts/codefresh/README.md.gotmpl similarity index 100% rename from codefresh/README.md.gotmpl rename to charts/codefresh/README.md.gotmpl diff --git a/codefresh/files/assets/accounts-dev.json b/charts/codefresh/files/assets/accounts-dev.json similarity index 100% rename from codefresh/files/assets/accounts-dev.json rename to charts/codefresh/files/assets/accounts-dev.json diff --git a/codefresh/files/assets/accounts.json b/charts/codefresh/files/assets/accounts.json similarity index 100% rename from codefresh/files/assets/accounts.json rename to charts/codefresh/files/assets/accounts.json diff --git a/charts/codefresh/files/assets/idps.json b/charts/codefresh/files/assets/idps.json new file mode 100644 index 0000000000..e8a737751a --- /dev/null +++ b/charts/codefresh/files/assets/idps.json @@ -0,0 +1,8 @@ +{ + "_id": ObjectId("5b79a32e3b80d12608352f8e"), + "clientName": "local", + "displayName": "local", + "tokenSecret": "q9MNUmE6assnoANmGZEjtrAa", + "clientType": "localUserPassword", + "accounts": [] +} \ No newline at end of file diff --git a/codefresh/files/assets/packs.json b/charts/codefresh/files/assets/packs.json similarity index 100% rename from codefresh/files/assets/packs.json rename to charts/codefresh/files/assets/packs.json diff --git a/charts/codefresh/files/assets/users.json b/charts/codefresh/files/assets/users.json new file mode 100644 index 0000000000..8f532d520b --- /dev/null +++ b/charts/codefresh/files/assets/users.json @@ -0,0 +1,37 @@ +{ + "_id": ObjectId("59009221c102763beda7cf04"), + "register_date": ISODate("2017-04-26T12:27:13.608+0000"), + "userName": "AdminCF", + "email": "admin@codefresh.io", + "defaultAccount": NumberInt(0), + "notifications": [ + { + "type": "mail", + "events": [ + "build-success", + "build-failure" + ] + } + ], + "logins": [ + { + "idp": ObjectId("5b79a32e3b80d12608352f8e") + } + ], + "status": "new", + "account": [ + ObjectId("59009117c102763beda7ce71") + ], + "roles": [ + "User", + "Admin" + ], + "key": { + "key": "-----BEGIN RSA PRIVATE KEY-----\nMIIEowIBAAKCAQEAz6JQxcFORE6KwmBO1UnfpCph/PyARfm65eYXRuCOzdv5EIcz\n+4rRBwooH/SR8Wq49QRjq+Qm6ce2EBj2HD57t4rMj3W6X+5CwoFRXfF0tB4GqPSe\nDagbrNJbx93/dbEM+qEZNFk1MxtoJcBmj3jfrlGdTrarR3VOeBgKVLm/+Wz36pjM\nI4utzupHFAPquSIz0jis02/vccIZ8rAtyVdCd1q6Wz5DVu6iuGyMCYrpa9MFcupR\nc2eggyZ6PyNhmKuP7twr7y22elDQDkSo0G2yv4qbZnHEmShHhO/PKePMETUYMRvM\nzSS9qndT+Nax8vQvxeOCN3cEwm/Jy1oboYiwAwIDAQABAoIBAHyAJpC9nXGl6tws\npXiNKFWmuETbHwtWeDQcKL7uLZLQoOLBP3FIRphDBdZLbytkQ+1fKWjLkG3Du66h\nWQmMieB/kLNA83VMR6mboy+Cdej+zB2JODCWKaoSJMiOm/x1IoQyDwvtpdG0UFm6\nqYTEBNPgykOFkuRxOZEXUTKGgs9K7CFt1TbN8/bGCLgdq9plH2OvlOZkr4Cz0LpS\ns+Y/QJ/H4DDNZ6538NYLpq40Qi2NNq7iFJQ3iddEDi0i5O7pJK3Lziin/h3m99a+\nDbQET1bHm5Jh+Nrfxh1iwHaXdQLLoz5cex/ie5H6jtEMCSdcd53sPivSyHwMprEm\ng+0sNnECgYEA7q1eYNGJoA/UNXotVjPCaArf9/s1xiOTr5Fv1nWkH0jkmrj0WdjB\nsLQByC/wjSmZpfcKp38Z3JDFUimUEuCtZzgBCN6JB6VXe1t3L0wI1VTnxJwvsk8V\nQCB/gTugIDE1oE97kTvDuGl74XyY7uHyA1aYiXVnJ0bw8mcNCW2EzZkCgYEA3rQp\n3JjBGxBXaz7yCfhoQn5YZXw5yMBngyP8emu8u+7excZvCqIG+8NVh5KGFApOw9oe\n0aHUXGgfhSsl+xFA/m+E56mxm/J1PqRrWbnaEkLzPRSoFJBckjBm3ADHb6PuGbOL\nT72qxKPdZ1kdt0QfqIbZpR45COVk6KtmHMCO0/sCgYB6YaL2+fobfIJPOWptvPR9\n7LWSrdiQ1EUxzN0Plhqlf/bX7uY7+4y1Uldnkk1B1IbYNqfb4qwcEI9c5bzrQREo\nz+qX5aNVrE4DDo86TT5qRLLieUNrpmk7DG7UkQI1/4WDwb2WZpKgyFWg9QZl1q0F\nUS29rdlKpnF9maFxqBpkYQKBgBPU31VxlOCgF+jI9izFHiOttJl08oBaAd2/up/8\nMBZcMyJRhVnhC9Ynkto7xgzKzjDKn6vzSUHhU808BmnRI4SE0cT/a32DncUyRwz6\na9zscVSjHkSWhmfOP5qfxyK96loHjwRO04InRXQKj4beXiNXvtHhWxrbspy1hqZQ\nz2c5AoGBAO0tRNKfgoZH+sTiaphR550YFnIn8U9ROa1iQUvSiM0nHW6FraIR1sYB\nUTCtgOSJdffGMFrvH+PhShJPw7u3juZh9NBzrARjZPwBJyBaYDw3elVc3epZWoGC\n8EBEgdFVqFwPctkGvqyJ/5Zl3KnTioXxslHjP45H+Ne/nEWPejuP\n-----END RSA PRIVATE KEY-----\n", + "pubKey": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDPolDFwU5ETorCYE7VSd+kKmH8/IBF+brl5hdG4I7N2/kQhzP7itEHCigf9JHxarj1BGOr5Cbpx7YQGPYcPnu3isyPdbpf7kLCgVFd8XS0Hgao9J4NqBus0lvH3f91sQz6oRk0WTUzG2glwGaPeN+uUZ1OtqtHdU54GApUub/5bPfqmMwji63O6kcUA+q5IjPSOKzTb+9xwhnysC3JV0J3WrpbPkNW7qK4bIwJiulr0wVy6lFzZ6CDJno/I2GYq4/u3CvvLbZ6UNAORKjQbbK/iptmccSZKEeE788p48wRNRgxG8zNJL2qd1P41rHy9C/F44I3dwTCb8nLWhuhiLAD blabla\n" + }, + "__v": NumberInt(1), + "last_login_date": ISODate("2017-04-26T12:27:21.788+0000"), + "hashedPassword": "jRFgMK8CYVXa4FRBVsZQyWHdw/ErWSJzO/WKqdGcLpmeOZw8e6X5TvkYIkc617LU76RCB9B1jPNsbNVaTQGt4g==", + "salt": "GswhajDWen9vNW+fZ+xVbA==" +} \ No newline at end of file diff --git a/codefresh/files/mongoSeedJobScript.sh b/charts/codefresh/files/mongoSeedJobScript.sh similarity index 100% rename from codefresh/files/mongoSeedJobScript.sh rename to charts/codefresh/files/mongoSeedJobScript.sh diff --git a/charts/codefresh/files/mongoSetCompatibilityVersion.sh b/charts/codefresh/files/mongoSetCompatibilityVersion.sh new file mode 100644 index 0000000000..b539b9e6fc --- /dev/null +++ b/charts/codefresh/files/mongoSetCompatibilityVersion.sh @@ -0,0 +1,36 @@ +#!/usr/bin/env bash + +# Set https://docs.mongodb.com/manual/reference/command/setFeatureCompatibilityVersion/#dbcmd.setFeatureCompatibilityVersion + +waitForMongoDB() { + while true; do + status=$(mongosh ${MONGODB_ROOT_URI} --eval "db.adminCommand('ping')" 2>&1) + + echo -e "MongoDB status:\n$status" + if $(echo $status | grep 'ok: 1' -q); then + break + fi + + echo "Sleeping 3 seconds ..." + sleep 3 + done +} + +parseMongoURI() { + local proto="$(echo $1 | grep :// | sed -e's,^\(.*://\).*,\1,g')" + local parameters="$(echo $1 | grep '?' | cut -d '?' -f2)"; if [[ -n $parameters ]]; then parameters="?${parameters}"; fi + local url="$(echo ${1/$proto/})" + local userpass="$(echo $url | grep @ | cut -d@ -f1)" + local hostport="$(echo $url | sed s/$userpass// | sed "s/\/\?$parameters//" | sed -re "s/\/\?|@//g" | sed 's/\/$//')" + + MONGODB_PASSWORD="$(echo $userpass | grep : | cut -d: -f2)" + MONGODB_USER="$(echo $userpass | grep : | cut -d: -f1)" + MONGO_URI="$proto$userpass@$hostport/${MONGODB_DATABASE}$parameters" + MONGODB_ROOT_URI="$proto${MONGODB_ROOT_USER}:${MONGODB_ROOT_PASSWORD}@$hostport/admin$parameters" +} + +parseMongoURI $MONGO_URI + +waitForMongoDB + +mongosh ${MONGODB_ROOT_URI} --eval "db.adminCommand( { setFeatureCompatibilityVersion: \"$MONGODB_COMPAT_VERSION\" } )" diff --git a/codefresh/files/postgresCleanJobScript.sh b/charts/codefresh/files/postgresCleanJobScript.sh similarity index 100% rename from codefresh/files/postgresCleanJobScript.sh rename to charts/codefresh/files/postgresCleanJobScript.sh diff --git a/charts/codefresh/files/postgresSeedJobScript.sh b/charts/codefresh/files/postgresSeedJobScript.sh new file mode 100644 index 0000000000..8ba8852ac4 --- /dev/null +++ b/charts/codefresh/files/postgresSeedJobScript.sh @@ -0,0 +1,54 @@ +#!/bin/bash + +set -xeuo pipefail + +POSTGRES_DATABASES=( + "codefresh" + "audit" + "analytics" + "analytics_pre_aggregations" +) +POSTGRES_PORT="${POSTGRES_PORT:-5432}" + +# To create a separate non-privileged user the for Codefresh, +# which has access only to the relevant databases, it is needed to specify +# additionally the POSTGRES_SEED_USER and POSTGRES_SEED_PASSWORD vars. +# Otherwise only POSTGRES_USER and POSTGRES_PASSWORD will be used both +# during seed job execution and runtime + +POSTGRES_SEED_USER="${POSTGRES_SEED_USER:-$POSTGRES_USER}" +POSTGRES_SEED_PASSWORD="${POSTGRES_SEED_PASSWORD:-$POSTGRES_PASSWORD}" + +function createDB() { + psql -tc "SELECT 1 FROM pg_database WHERE datname = '${1}'" | grep -q 1 || psql -c "CREATE DATABASE ${1}" +} + +function createUser() { + echo "Creating a separate non-privileged user for Codefresh" + psql -c "CREATE USER ${POSTGRES_USER} WITH PASSWORD '${POSTGRES_PASSWORD}'" +} + +function grantPrivileges() { + psql -c "GRANT ALL ON DATABASE ${1} TO ${POSTGRES_USER}" +} + +function runSeed() { + + export PGUSER=${POSTGRES_SEED_USER} + export PGPASSWORD=${POSTGRES_SEED_PASSWORD} + export PGHOST=${POSTGRES_HOSTNAME} + export PGPORT=${POSTGRES_PORT} + + if [[ "${POSTGRES_SEED_USER}" != "${POSTGRES_USER}" ]]; then + createUser + else + echo "There is no a separate user specified for the seed job, skipping user creation" + fi + + for POSTGRES_DATABASE in ${POSTGRES_DATABASES[@]}; do + createDB $POSTGRES_DATABASE + grantPrivileges $POSTGRES_DATABASE + done +} + +runSeed \ No newline at end of file diff --git a/codefresh/files/updateSystemReImages.sh b/charts/codefresh/files/updateSystemReImages.sh similarity index 100% rename from codefresh/files/updateSystemReImages.sh rename to charts/codefresh/files/updateSystemReImages.sh diff --git a/codefresh/templates/_env_var_secret_ref.tpl b/charts/codefresh/templates/_env_var_secret_ref.tpl similarity index 100% rename from codefresh/templates/_env_var_secret_ref.tpl rename to charts/codefresh/templates/_env_var_secret_ref.tpl diff --git a/codefresh/templates/_helpers.tpl b/charts/codefresh/templates/_helpers.tpl similarity index 100% rename from codefresh/templates/_helpers.tpl rename to charts/codefresh/templates/_helpers.tpl diff --git a/codefresh/templates/configmaps/runtime-envs-cm.yaml b/charts/codefresh/templates/configmaps/runtime-envs-cm.yaml similarity index 100% rename from codefresh/templates/configmaps/runtime-envs-cm.yaml rename to charts/codefresh/templates/configmaps/runtime-envs-cm.yaml diff --git a/codefresh/templates/configmaps/runtimeEnvironments.json.tpl b/charts/codefresh/templates/configmaps/runtimeEnvironments.json.tpl similarity index 100% rename from codefresh/templates/configmaps/runtimeEnvironments.json.tpl rename to charts/codefresh/templates/configmaps/runtimeEnvironments.json.tpl diff --git a/codefresh/templates/configmaps/version-info-cm.yaml b/charts/codefresh/templates/configmaps/version-info-cm.yaml similarity index 100% rename from codefresh/templates/configmaps/version-info-cm.yaml rename to charts/codefresh/templates/configmaps/version-info-cm.yaml diff --git a/codefresh/templates/gencerts/cm-gencerts.yaml b/charts/codefresh/templates/gencerts/cm-gencerts.yaml similarity index 100% rename from codefresh/templates/gencerts/cm-gencerts.yaml rename to charts/codefresh/templates/gencerts/cm-gencerts.yaml diff --git a/codefresh/templates/gencerts/job-gencerts.yaml b/charts/codefresh/templates/gencerts/job-gencerts.yaml similarity index 100% rename from codefresh/templates/gencerts/job-gencerts.yaml rename to charts/codefresh/templates/gencerts/job-gencerts.yaml diff --git a/codefresh/templates/gencerts/rbac-gencerts.yaml b/charts/codefresh/templates/gencerts/rbac-gencerts.yaml similarity index 100% rename from codefresh/templates/gencerts/rbac-gencerts.yaml rename to charts/codefresh/templates/gencerts/rbac-gencerts.yaml diff --git a/codefresh/templates/hooks/post-upgrade/update-system-re.yaml b/charts/codefresh/templates/hooks/post-upgrade/update-system-re.yaml similarity index 100% rename from codefresh/templates/hooks/post-upgrade/update-system-re.yaml rename to charts/codefresh/templates/hooks/post-upgrade/update-system-re.yaml diff --git a/codefresh/templates/hooks/pre-upgrade/delete-consul-svc-job.yaml b/charts/codefresh/templates/hooks/pre-upgrade/delete-consul-svc-job.yaml similarity index 100% rename from codefresh/templates/hooks/pre-upgrade/delete-consul-svc-job.yaml rename to charts/codefresh/templates/hooks/pre-upgrade/delete-consul-svc-job.yaml diff --git a/codefresh/templates/hooks/pre-upgrade/delete-consul-svc-rbac.yaml b/charts/codefresh/templates/hooks/pre-upgrade/delete-consul-svc-rbac.yaml similarity index 100% rename from codefresh/templates/hooks/pre-upgrade/delete-consul-svc-rbac.yaml rename to charts/codefresh/templates/hooks/pre-upgrade/delete-consul-svc-rbac.yaml diff --git a/codefresh/templates/hooks/pre-upgrade/set-mongodb-compat-version.yaml b/charts/codefresh/templates/hooks/pre-upgrade/set-mongodb-compat-version.yaml similarity index 100% rename from codefresh/templates/hooks/pre-upgrade/set-mongodb-compat-version.yaml rename to charts/codefresh/templates/hooks/pre-upgrade/set-mongodb-compat-version.yaml diff --git a/codefresh/templates/ingress.yaml b/charts/codefresh/templates/ingress.yaml similarity index 100% rename from codefresh/templates/ingress.yaml rename to charts/codefresh/templates/ingress.yaml diff --git a/codefresh/templates/internal-gateway.yaml b/charts/codefresh/templates/internal-gateway.yaml similarity index 100% rename from codefresh/templates/internal-gateway.yaml rename to charts/codefresh/templates/internal-gateway.yaml diff --git a/codefresh/templates/legacy/cf-mongodb-svc.yaml b/charts/codefresh/templates/legacy/cf-mongodb-svc.yaml similarity index 100% rename from codefresh/templates/legacy/cf-mongodb-svc.yaml rename to charts/codefresh/templates/legacy/cf-mongodb-svc.yaml diff --git a/codefresh/templates/legacy/cm-limits.yaml b/charts/codefresh/templates/legacy/cm-limits.yaml similarity index 100% rename from codefresh/templates/legacy/cm-limits.yaml rename to charts/codefresh/templates/legacy/cm-limits.yaml diff --git a/codefresh/templates/legacy/cm-registry.yaml b/charts/codefresh/templates/legacy/cm-registry.yaml similarity index 100% rename from codefresh/templates/legacy/cm-registry.yaml rename to charts/codefresh/templates/legacy/cm-registry.yaml diff --git a/codefresh/templates/legacy/postgres-clean-job.yaml b/charts/codefresh/templates/legacy/postgres-clean-job.yaml similarity index 100% rename from codefresh/templates/legacy/postgres-clean-job.yaml rename to charts/codefresh/templates/legacy/postgres-clean-job.yaml diff --git a/codefresh/templates/misc/extra-resources.yaml b/charts/codefresh/templates/misc/extra-resources.yaml similarity index 100% rename from codefresh/templates/misc/extra-resources.yaml rename to charts/codefresh/templates/misc/extra-resources.yaml diff --git a/codefresh/templates/misc/runtime-images-cm.yaml b/charts/codefresh/templates/misc/runtime-images-cm.yaml similarity index 100% rename from codefresh/templates/misc/runtime-images-cm.yaml rename to charts/codefresh/templates/misc/runtime-images-cm.yaml diff --git a/codefresh/templates/secrets/extra-secrets.yaml b/charts/codefresh/templates/secrets/extra-secrets.yaml similarity index 100% rename from codefresh/templates/secrets/extra-secrets.yaml rename to charts/codefresh/templates/secrets/extra-secrets.yaml diff --git a/codefresh/templates/secrets/ingress-tls.yaml b/charts/codefresh/templates/secrets/ingress-tls.yaml similarity index 100% rename from codefresh/templates/secrets/ingress-tls.yaml rename to charts/codefresh/templates/secrets/ingress-tls.yaml diff --git a/codefresh/templates/secrets/regsecret.yaml b/charts/codefresh/templates/secrets/regsecret.yaml similarity index 100% rename from codefresh/templates/secrets/regsecret.yaml rename to charts/codefresh/templates/secrets/regsecret.yaml diff --git a/codefresh/templates/secrets/secret.yaml b/charts/codefresh/templates/secrets/secret.yaml similarity index 100% rename from codefresh/templates/secrets/secret.yaml rename to charts/codefresh/templates/secrets/secret.yaml diff --git a/codefresh/templates/seed-e2e/seed-e2e.yaml b/charts/codefresh/templates/seed-e2e/seed-e2e.yaml similarity index 100% rename from codefresh/templates/seed-e2e/seed-e2e.yaml rename to charts/codefresh/templates/seed-e2e/seed-e2e.yaml diff --git a/codefresh/templates/seed/mongo-seed-config.yaml b/charts/codefresh/templates/seed/mongo-seed-config.yaml similarity index 100% rename from codefresh/templates/seed/mongo-seed-config.yaml rename to charts/codefresh/templates/seed/mongo-seed-config.yaml diff --git a/codefresh/templates/seed/mongo-seed-job.yaml b/charts/codefresh/templates/seed/mongo-seed-job.yaml similarity index 100% rename from codefresh/templates/seed/mongo-seed-job.yaml rename to charts/codefresh/templates/seed/mongo-seed-job.yaml diff --git a/codefresh/templates/seed/postgres-seed-job.yaml b/charts/codefresh/templates/seed/postgres-seed-job.yaml similarity index 100% rename from codefresh/templates/seed/postgres-seed-job.yaml rename to charts/codefresh/templates/seed/postgres-seed-job.yaml diff --git a/codefresh/tests/ingress/ingress_test.yaml b/charts/codefresh/tests/ingress/ingress_test.yaml similarity index 100% rename from codefresh/tests/ingress/ingress_test.yaml rename to charts/codefresh/tests/ingress/ingress_test.yaml diff --git a/codefresh/tests/misc/global_constrains_test.yaml b/charts/codefresh/tests/misc/global_constrains_test.yaml similarity index 100% rename from codefresh/tests/misc/global_constrains_test.yaml rename to charts/codefresh/tests/misc/global_constrains_test.yaml diff --git a/codefresh/tests/misc/misc_test.yaml b/charts/codefresh/tests/misc/misc_test.yaml similarity index 100% rename from codefresh/tests/misc/misc_test.yaml rename to charts/codefresh/tests/misc/misc_test.yaml diff --git a/codefresh/tests/private-registry/cf_charts_test.yaml b/charts/codefresh/tests/private-registry/cf_charts_test.yaml similarity index 100% rename from codefresh/tests/private-registry/cf_charts_test.yaml rename to charts/codefresh/tests/private-registry/cf_charts_test.yaml diff --git a/codefresh/tests/private-registry/gitops_charts_test.yaml b/charts/codefresh/tests/private-registry/gitops_charts_test.yaml similarity index 100% rename from codefresh/tests/private-registry/gitops_charts_test.yaml rename to charts/codefresh/tests/private-registry/gitops_charts_test.yaml diff --git a/codefresh/tests/private-registry/other_templates_test.yaml b/charts/codefresh/tests/private-registry/other_templates_test.yaml similarity index 100% rename from codefresh/tests/private-registry/other_templates_test.yaml rename to charts/codefresh/tests/private-registry/other_templates_test.yaml diff --git a/codefresh/tests/values/global.yaml b/charts/codefresh/tests/values/global.yaml similarity index 100% rename from codefresh/tests/values/global.yaml rename to charts/codefresh/tests/values/global.yaml diff --git a/codefresh/tests/values/private-registry.yaml b/charts/codefresh/tests/values/private-registry.yaml similarity index 100% rename from codefresh/tests/values/private-registry.yaml rename to charts/codefresh/tests/values/private-registry.yaml diff --git a/codefresh/values.yaml b/charts/codefresh/values.yaml similarity index 100% rename from codefresh/values.yaml rename to charts/codefresh/values.yaml