From 4571abffd0e234c9bb07db1d1f6393b5f7ef9d50 Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Mon, 9 Jun 2025 18:10:50 +0300 Subject: [PATCH 01/19] feat: gitops-onprem --- charts/codefresh-gitops/.helmignore | 23 + charts/codefresh-gitops/Chart.yaml | 72 ++ .../hooks}/mongoSetCompatibilityVersion.sh | 0 .../files/seed}/accounts.json | 0 .../codefresh-gitops/files/seed}/idps.json | 0 .../files/seed}/mongoSeedJobScript.sh | 0 .../files/seed}/postgresSeedJobScript.sh | 0 .../codefresh-gitops/files/seed}/users.json | 0 .../templates/_env_var_secret_ref.tpl | 220 ++++ .../codefresh-gitops/templates/_helpers.tpl | 74 ++ .../templates/configmaps/version-info-cm.yaml | 12 + .../set-mongodb-compat-version.yaml | 0 .../codefresh-gitops/templates/ingress.yaml | 49 + .../templates/internal-gateway.yaml | 0 .../templates/secrets/ingress-tls.yaml | 13 + .../templates/secrets/regsecret.yaml | 10 + .../templates/secrets/secret.yaml | 32 + .../templates/seed/mongo-seed-config.yaml | 16 + .../templates/seed/mongo-seed-job.yaml | 97 ++ .../templates/seed/postgres-seed-job.yaml | 72 ++ charts/codefresh-gitops/values.yaml | 1107 +++++++++++++++++ .../codefresh}/.ci/helm-docs.sh | 0 .../codefresh}/.ci/runtime-images.sh | 0 .../.ci/values/cfapi-roles-hpa.yaml | 0 .../codefresh}/.ci/values/defaults-hpa.yaml | 0 .../.ci/values/external-secrets.yaml | 0 .../codefresh}/.ci/values/infra-ha.yaml | 0 .../.ci/values/mtls-mongodb-redis.yaml | 0 .../codefresh}/.ci/values/openshift.yaml | 0 .../codefresh}/.ci/values/registry.yaml | 0 .../.ci/values/values-all-images.yaml | 0 .../.ci/values/values-install-only.yaml | 0 .../.ci/values/values-openshift.yaml | 0 .../.ci/values/values-upgrade-only.yaml | 0 {codefresh => charts/codefresh}/.helmignore | 0 {codefresh => charts/codefresh}/Chart.lock | 0 {codefresh => charts/codefresh}/Chart.yaml | 0 {codefresh => charts/codefresh}/README.md | 0 .../codefresh}/README.md.gotmpl | 0 .../codefresh}/files/assets/accounts-dev.json | 0 charts/codefresh/files/assets/accounts.json | 37 + charts/codefresh/files/assets/idps.json | 8 + .../codefresh}/files/assets/packs.json | 0 charts/codefresh/files/assets/users.json | 37 + charts/codefresh/files/mongoSeedJobScript.sh | 109 ++ .../files/mongoSetCompatibilityVersion.sh | 36 + .../files/postgresCleanJobScript.sh | 0 .../codefresh/files/postgresSeedJobScript.sh | 54 + .../codefresh}/files/updateSystemReImages.sh | 0 .../templates/_env_var_secret_ref.tpl | 0 .../codefresh}/templates/_helpers.tpl | 0 .../templates/configmaps/runtime-envs-cm.yaml | 0 .../configmaps/runtimeEnvironments.json.tpl | 0 .../templates/configmaps/version-info-cm.yaml | 0 .../templates/gencerts/cm-gencerts.yaml | 0 .../templates/gencerts/job-gencerts.yaml | 0 .../templates/gencerts/rbac-gencerts.yaml | 0 .../hooks/post-upgrade/update-system-re.yaml | 0 .../pre-upgrade/delete-consul-svc-job.yaml | 0 .../pre-upgrade/delete-consul-svc-rbac.yaml | 0 .../set-mongodb-compat-version.yaml | 78 ++ .../codefresh}/templates/ingress.yaml | 0 .../codefresh/templates/internal-gateway.yaml | 46 + .../templates/legacy/cf-mongodb-svc.yaml | 0 .../templates/legacy/cm-limits.yaml | 0 .../templates/legacy/cm-registry.yaml | 0 .../templates/legacy/postgres-clean-job.yaml | 0 .../templates/misc/extra-resources.yaml | 0 .../templates/misc/runtime-images-cm.yaml | 0 .../templates/secrets/extra-secrets.yaml | 0 .../templates/secrets/ingress-tls.yaml | 0 .../templates/secrets/regsecret.yaml | 0 .../codefresh}/templates/secrets/secret.yaml | 0 .../templates/seed-e2e/seed-e2e.yaml | 0 .../templates/seed/mongo-seed-config.yaml | 0 .../templates/seed/mongo-seed-job.yaml | 0 .../templates/seed/postgres-seed-job.yaml | 0 .../tests/ingress/ingress_test.yaml | 0 .../tests/misc/global_constrains_test.yaml | 0 .../codefresh}/tests/misc/misc_test.yaml | 0 .../private-registry/cf_charts_test.yaml | 0 .../private-registry/gitops_charts_test.yaml | 0 .../other_templates_test.yaml | 0 .../codefresh}/tests/values/global.yaml | 0 .../tests/values/private-registry.yaml | 0 {codefresh => charts/codefresh}/values.yaml | 0 86 files changed, 2202 insertions(+) create mode 100644 charts/codefresh-gitops/.helmignore create mode 100644 charts/codefresh-gitops/Chart.yaml rename {codefresh/files => charts/codefresh-gitops/files/hooks}/mongoSetCompatibilityVersion.sh (100%) rename {codefresh/files/assets => charts/codefresh-gitops/files/seed}/accounts.json (100%) rename {codefresh/files/assets => charts/codefresh-gitops/files/seed}/idps.json (100%) rename {codefresh/files => charts/codefresh-gitops/files/seed}/mongoSeedJobScript.sh (100%) rename {codefresh/files => charts/codefresh-gitops/files/seed}/postgresSeedJobScript.sh (100%) rename {codefresh/files/assets => charts/codefresh-gitops/files/seed}/users.json (100%) create mode 100644 charts/codefresh-gitops/templates/_env_var_secret_ref.tpl create mode 100644 charts/codefresh-gitops/templates/_helpers.tpl create mode 100644 charts/codefresh-gitops/templates/configmaps/version-info-cm.yaml rename {codefresh => charts/codefresh-gitops}/templates/hooks/pre-upgrade/set-mongodb-compat-version.yaml (100%) create mode 100644 charts/codefresh-gitops/templates/ingress.yaml rename {codefresh => charts/codefresh-gitops}/templates/internal-gateway.yaml (100%) create mode 100644 charts/codefresh-gitops/templates/secrets/ingress-tls.yaml create mode 100644 charts/codefresh-gitops/templates/secrets/regsecret.yaml create mode 100644 charts/codefresh-gitops/templates/secrets/secret.yaml create mode 100644 charts/codefresh-gitops/templates/seed/mongo-seed-config.yaml create mode 100644 charts/codefresh-gitops/templates/seed/mongo-seed-job.yaml create mode 100644 charts/codefresh-gitops/templates/seed/postgres-seed-job.yaml create mode 100644 charts/codefresh-gitops/values.yaml rename {codefresh => charts/codefresh}/.ci/helm-docs.sh (100%) rename {codefresh => charts/codefresh}/.ci/runtime-images.sh (100%) rename {codefresh => charts/codefresh}/.ci/values/cfapi-roles-hpa.yaml (100%) rename {codefresh => charts/codefresh}/.ci/values/defaults-hpa.yaml (100%) rename {codefresh => charts/codefresh}/.ci/values/external-secrets.yaml (100%) rename {codefresh => charts/codefresh}/.ci/values/infra-ha.yaml (100%) rename {codefresh => charts/codefresh}/.ci/values/mtls-mongodb-redis.yaml (100%) rename {codefresh => charts/codefresh}/.ci/values/openshift.yaml (100%) rename {codefresh => charts/codefresh}/.ci/values/registry.yaml (100%) rename {codefresh => charts/codefresh}/.ci/values/values-all-images.yaml (100%) rename {codefresh => charts/codefresh}/.ci/values/values-install-only.yaml (100%) rename {codefresh => charts/codefresh}/.ci/values/values-openshift.yaml (100%) rename {codefresh => charts/codefresh}/.ci/values/values-upgrade-only.yaml (100%) rename {codefresh => charts/codefresh}/.helmignore (100%) rename {codefresh => charts/codefresh}/Chart.lock (100%) rename {codefresh => charts/codefresh}/Chart.yaml (100%) rename {codefresh => charts/codefresh}/README.md (100%) rename {codefresh => charts/codefresh}/README.md.gotmpl (100%) rename {codefresh => charts/codefresh}/files/assets/accounts-dev.json (100%) create mode 100644 charts/codefresh/files/assets/accounts.json create mode 100644 charts/codefresh/files/assets/idps.json rename {codefresh => charts/codefresh}/files/assets/packs.json (100%) create mode 100644 charts/codefresh/files/assets/users.json create mode 100644 charts/codefresh/files/mongoSeedJobScript.sh create mode 100644 charts/codefresh/files/mongoSetCompatibilityVersion.sh rename {codefresh => charts/codefresh}/files/postgresCleanJobScript.sh (100%) create mode 100644 charts/codefresh/files/postgresSeedJobScript.sh rename {codefresh => charts/codefresh}/files/updateSystemReImages.sh (100%) rename {codefresh => charts/codefresh}/templates/_env_var_secret_ref.tpl (100%) rename {codefresh => charts/codefresh}/templates/_helpers.tpl (100%) rename {codefresh => charts/codefresh}/templates/configmaps/runtime-envs-cm.yaml (100%) rename {codefresh => charts/codefresh}/templates/configmaps/runtimeEnvironments.json.tpl (100%) rename {codefresh => charts/codefresh}/templates/configmaps/version-info-cm.yaml (100%) rename {codefresh => charts/codefresh}/templates/gencerts/cm-gencerts.yaml (100%) rename {codefresh => charts/codefresh}/templates/gencerts/job-gencerts.yaml (100%) rename {codefresh => charts/codefresh}/templates/gencerts/rbac-gencerts.yaml (100%) rename {codefresh => charts/codefresh}/templates/hooks/post-upgrade/update-system-re.yaml (100%) rename {codefresh => charts/codefresh}/templates/hooks/pre-upgrade/delete-consul-svc-job.yaml (100%) rename {codefresh => charts/codefresh}/templates/hooks/pre-upgrade/delete-consul-svc-rbac.yaml (100%) create mode 100644 charts/codefresh/templates/hooks/pre-upgrade/set-mongodb-compat-version.yaml rename {codefresh => charts/codefresh}/templates/ingress.yaml (100%) create mode 100644 charts/codefresh/templates/internal-gateway.yaml rename {codefresh => charts/codefresh}/templates/legacy/cf-mongodb-svc.yaml (100%) rename {codefresh => charts/codefresh}/templates/legacy/cm-limits.yaml (100%) rename {codefresh => charts/codefresh}/templates/legacy/cm-registry.yaml (100%) rename {codefresh => charts/codefresh}/templates/legacy/postgres-clean-job.yaml (100%) rename {codefresh => charts/codefresh}/templates/misc/extra-resources.yaml (100%) rename {codefresh => charts/codefresh}/templates/misc/runtime-images-cm.yaml (100%) rename {codefresh => charts/codefresh}/templates/secrets/extra-secrets.yaml (100%) rename {codefresh => charts/codefresh}/templates/secrets/ingress-tls.yaml (100%) rename {codefresh => charts/codefresh}/templates/secrets/regsecret.yaml (100%) rename {codefresh => charts/codefresh}/templates/secrets/secret.yaml (100%) rename {codefresh => charts/codefresh}/templates/seed-e2e/seed-e2e.yaml (100%) rename {codefresh => charts/codefresh}/templates/seed/mongo-seed-config.yaml (100%) rename {codefresh => charts/codefresh}/templates/seed/mongo-seed-job.yaml (100%) rename {codefresh => charts/codefresh}/templates/seed/postgres-seed-job.yaml (100%) rename {codefresh => charts/codefresh}/tests/ingress/ingress_test.yaml (100%) rename {codefresh => charts/codefresh}/tests/misc/global_constrains_test.yaml (100%) rename {codefresh => charts/codefresh}/tests/misc/misc_test.yaml (100%) rename {codefresh => charts/codefresh}/tests/private-registry/cf_charts_test.yaml (100%) rename {codefresh => charts/codefresh}/tests/private-registry/gitops_charts_test.yaml (100%) rename {codefresh => charts/codefresh}/tests/private-registry/other_templates_test.yaml (100%) rename {codefresh => charts/codefresh}/tests/values/global.yaml (100%) rename {codefresh => charts/codefresh}/tests/values/private-registry.yaml (100%) rename {codefresh => charts/codefresh}/values.yaml (100%) diff --git a/charts/codefresh-gitops/.helmignore b/charts/codefresh-gitops/.helmignore new file mode 100644 index 0000000000..0e8a0eb36f --- /dev/null +++ b/charts/codefresh-gitops/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/codefresh-gitops/Chart.yaml b/charts/codefresh-gitops/Chart.yaml new file mode 100644 index 0000000000..07dba79014 --- /dev/null +++ b/charts/codefresh-gitops/Chart.yaml @@ -0,0 +1,72 @@ +apiVersion: v2 +description: Helm Chart for Codefresh GitOps On-Prem +name: codefresh-gitops +version: 0.1.0 +keywords: + - codefresh +home: https://codefresh.io/ +icon: https://avatars1.githubusercontent.com/u/11412079?v=3 +sources: + - https://github.com/codefresh-io/codefresh-onprem-helm +maintainers: + - name: codefresh + url: https://codefresh-io.github.io/ +appVersion: 0.1.0 +annotations: + artifacthub.io/prerelease: "true" + artifacthub.io/alternativeName: "codefresh-gitops-onprem" + # supported kinds are added, changed, deprecated, removed, fixed and security. + artifacthub.io/changes: | + - kind: changed + description: "Initial 0.1.0 release for Codefresh GitOps On-Prem" +dependencies: + - name: cf-common + repository: oci://quay.io/codefresh/charts + version: 0.27.0 + - name: internal-gateway + repository: oci://quay.io/codefresh/charts + version: 0.10.4 + condition: internal-gateway.enabled + - name: mongodb + version: 15.6.26 + repository: https://charts.bitnami.com/bitnami + condition: mongodb.enabled,mongo.enabled,global.mongoDeploy + - name: postgresql + version: 16.7.4 + repository: https://charts.bitnami.com/bitnami + condition: postgresql.enabled + - name: redis + version: 20.13.4 + repository: https://charts.bitnami.com/bitnami + condition: redis.enabled + - name: rabbitmq + version: 15.5.3 + repository: https://charts.bitnami.com/bitnami + condition: rabbitmq.enabled + - name: cfapi + alias: cfapi + version: "*" + repository: oci://quay.io/codefresh/charts + condition: cfapi.enabled + - name: cfui + version: "*" + repository: oci://quay.io/codefresh/charts + condition: cfui.enabled + - name: cf-platform-analytics + alias: cf-platform-analytics-platform + version: "*" + repository: oci://quay.io/codefresh/charts + condition: argo-platform.enabled + - name: cf-platform-analytics + alias: cf-platform-analytics-etlstarter + version: "*" + repository: oci://quay.io/codefresh/charts + condition: argo-platform.enabled + - name: argo-platform + version: "*" + repository: oci://quay.io/codefresh/charts + condition: argo-platform.enabled + - name: argo-hub-platform + version: "*" + repository: oci://quay.io/codefresh/charts + condition: argo-platform.enabled diff --git a/codefresh/files/mongoSetCompatibilityVersion.sh b/charts/codefresh-gitops/files/hooks/mongoSetCompatibilityVersion.sh similarity index 100% rename from codefresh/files/mongoSetCompatibilityVersion.sh rename to charts/codefresh-gitops/files/hooks/mongoSetCompatibilityVersion.sh diff --git a/codefresh/files/assets/accounts.json b/charts/codefresh-gitops/files/seed/accounts.json similarity index 100% rename from codefresh/files/assets/accounts.json rename to charts/codefresh-gitops/files/seed/accounts.json diff --git a/codefresh/files/assets/idps.json b/charts/codefresh-gitops/files/seed/idps.json similarity index 100% rename from codefresh/files/assets/idps.json rename to charts/codefresh-gitops/files/seed/idps.json diff --git a/codefresh/files/mongoSeedJobScript.sh b/charts/codefresh-gitops/files/seed/mongoSeedJobScript.sh similarity index 100% rename from codefresh/files/mongoSeedJobScript.sh rename to charts/codefresh-gitops/files/seed/mongoSeedJobScript.sh diff --git a/codefresh/files/postgresSeedJobScript.sh b/charts/codefresh-gitops/files/seed/postgresSeedJobScript.sh similarity index 100% rename from codefresh/files/postgresSeedJobScript.sh rename to charts/codefresh-gitops/files/seed/postgresSeedJobScript.sh diff --git a/codefresh/files/assets/users.json b/charts/codefresh-gitops/files/seed/users.json similarity index 100% rename from codefresh/files/assets/users.json rename to charts/codefresh-gitops/files/seed/users.json diff --git a/charts/codefresh-gitops/templates/_env_var_secret_ref.tpl b/charts/codefresh-gitops/templates/_env_var_secret_ref.tpl new file mode 100644 index 0000000000..94d81603b0 --- /dev/null +++ b/charts/codefresh-gitops/templates/_env_var_secret_ref.tpl @@ -0,0 +1,220 @@ +{{- /* +MONGODB_HOST env var value +*/}} +{{- define "codefresh-gitops.mongodb-host-env-var-value" }} + {{- if .Values.global.mongodbHostSecretKeyRef }} +valueFrom: + secretKeyRef: + {{- .Values.global.mongodbHostSecretKeyRef | toYaml | nindent 4 }} + {{- else if .Values.global.mongodbHost }} +valueFrom: + secretKeyRef: + name: {{ include "codefresh-gitops.fullname" . }} + key: MONGODB_HOST + optional: true + {{- end }} +{{- end }} + +{{- /* +MONGODB_USER env var value +*/}} +{{- define "codefresh-gitops.mongodb-user-env-var-value" }} + {{- if .Values.global.mongodbUserSecretKeyRef }} +valueFrom: + secretKeyRef: + {{- .Values.global.mongodbUserSecretKeyRef | toYaml | nindent 4 }} + {{- else if .Values.global.mongodbUser }} +valueFrom: + secretKeyRef: + name: {{ include "codefresh-gitops.fullname" . }} + key: MONGODB_USER + optional: true + {{- end }} +{{- end }} + +{{- /* +MONGODB_PASSWORD env var value +*/}} +{{- define "codefresh-gitops.mongodb-password-env-var-value" }} + {{- if .Values.global.mongodbPasswordSecretKeyRef }} +valueFrom: + secretKeyRef: + {{- .Values.global.mongodbPasswordSecretKeyRef | toYaml | nindent 4 }} + {{- else if .Values.global.mongodbPassword }} +valueFrom: + secretKeyRef: + name: {{ include "codefresh-gitops.fullname" . }} + key: MONGODB_PASSWORD + optional: true + {{- end }} +{{- end }} + +{{- /* +MONGO_URI env var value +*/}} +{{- define "codefresh-gitops.mongo-uri-env-var-value" }} +{{- /* +Check for legacy global.mongoURI +*/}} + {{- if .Values.global.mongoURI }} +value: "$(MONGO_URI)" +{{- /* +New secret implementation +*/}} + {{- else }} +value: "$(MONGODB_PROTOCOL)://$(MONGODB_USER):$(MONGODB_PASSWORD)@$(MONGODB_HOST)/$(MONGODB_DATABASE)?$(MONGODB_OPTIONS)" + {{- end }} +{{- end }} + +{{- /* +MONGO_SEED_URI env var value +*/}} +{{- define "codefresh-gitops.mongo-seed-uri-env-var-value" }} +{{- /* +Check for legacy global.mongoURI +*/}} + {{- if .Values.global.mongoURI }} +value: "$(MONGO_URI)" +{{- /* +New secret implementation +*/}} + {{- else }} +value: "$(MONGODB_PROTOCOL)://$(MONGODB_USER):$(MONGODB_PASSWORD)@$(MONGODB_HOST)/?$(MONGODB_OPTIONS)" + {{- end }} +{{- end }} + +{{- /* +MONGODB_ROOT_USER env var value +*/}} +{{- define "codefresh-gitops.mongodb-root-user-env-var-value" }} + {{- if or .Values.seed.mongoSeedJob.mongodbRootUserSecretKeyRef .Values.global.mongodbRootUserSecretKeyRef }} +valueFrom: + secretKeyRef: + {{- coalesce .Values.seed.mongoSeedJob.mongodbRootUserSecretKeyRef .Values.global.mongodbRootUserSecretKeyRef | toYaml | nindent 4 }} + {{- else if or .Values.global.mongodbRootUser .Values.seed.mongoSeedJob.mongodbRootUser }} +valueFrom: + secretKeyRef: + name: {{ include "codefresh-gitops.fullname" . }} + key: MONGODB_ROOT_USER + optional: true + {{- end }} +{{- end }} + +{{- /* +MONGODB_ROOT_PASSWORD env var value +*/}} +{{- define "codefresh-gitops.mongodb-root-password-env-var-value" }} + {{- if or .Values.seed.mongoSeedJob.mongodbRootPasswordSecretKeyRef .Values.global.mongodbRootPasswordSecretKeyRef }} +valueFrom: + secretKeyRef: + {{- coalesce .Values.seed.mongoSeedJob.mongodbRootPasswordSecretKeyRef .Values.global.mongodbRootPasswordSecretKeyRef | toYaml | nindent 4 }} + {{- else if or .Values.global.mongodbRootPassword .Values.seed.mongoSeedJob.mongodbRootPassword }} +valueFrom: + secretKeyRef: + name: {{ include "codefresh-gitops.fullname" . }} + key: MONGODB_ROOT_PASSWORD + optional: true + {{- end }} +{{- end }} + +{{- /* +MONGO_URI_RE_MANAGER env var value +*/}} +{{- define "codefresh-gitops.mongo-uri-re-manager-env-var-value" }} +{{- /* +Check for legacy global.mongoURI +*/}} + {{- if .Values.global.mongoURI }} +value: "$(MONGO_URI_RE_MANAGER)" +{{- /* +New secret implementation +*/}} + {{- else }} +value: "$(MONGODB_PROTOCOL)://$(MONGODB_USER):$(MONGODB_PASSWORD)@$(MONGODB_HOST)/$(MONGODB_RE_DATABASE)?$(MONGODB_OPTIONS)" + {{- end }} +{{- end }} + +{{- /* +POSTGRES_USER env var value +*/}} +{{- define "codefresh-gitops.postgres-user-env-var-value" }} + {{- if .Values.global.postgresUserSecretKeyRef }} +valueFrom: + secretKeyRef: + {{- .Values.global.postgresUserSecretKeyRef | toYaml | nindent 4 }} + {{- else if .Values.global.postgresUser }} +valueFrom: + secretKeyRef: + name: {{ include "codefresh-gitops.fullname" . }} + key: POSTGRES_USER + optional: true + {{- end }} +{{- end }} + +{{- /* +POSTGRES_PASSWORD env var value +*/}} +{{- define "codefresh-gitops.postgres-password-env-var-value" }} + {{- if .Values.global.postgresPasswordSecretKeyRef }} +valueFrom: + secretKeyRef: + {{- .Values.global.postgresPasswordSecretKeyRef | toYaml | nindent 4 }} + {{- else if .Values.global.postgresPassword }} +valueFrom: + secretKeyRef: + name: {{ include "codefresh-gitops.fullname" . }} + key: POSTGRES_PASSWORD + optional: true + {{- end }} +{{- end }} + +{{- /* +POSTGRES_HOSTNAME env var value +*/}} +{{- define "codefresh-gitops.postgres-host-env-var-value" }} + {{- if .Values.global.postgresHostnameSecretKeyRef }} +valueFrom: + secretKeyRef: + {{- .Values.global.postgresHostnameSecretKeyRef | toYaml | nindent 4 }} + {{- else if .Values.global.postgresPassword }} +valueFrom: + secretKeyRef: + name: {{ include "codefresh-gitops.fullname" . }} + key: POSTGRES_HOSTNAME + optional: true + {{- end }} +{{- end }} + +{{- /* +POSTGRES_SEED_USER env var value +*/}} +{{- define "codefresh-gitops.postgres-seed-user-env-var-value" }} + {{- if or .Values.seed.postgresSeedJob.postgresUserSecretKeyRef .Values.global.postgresSeedJob.postgresUserSecretKeyRef .Values.global.postgresUserSecretKeyRef }} +valueFrom: + secretKeyRef: + {{- coalesce .Values.seed.postgresSeedJob.postgresUserSecretKeyRef .Values.global.postgresSeedJob.postgresUserSecretKeyRef .Values.global.postgresUserSecretKeyRef | toYaml | nindent 4 }} + {{- else if or .Values.seed.postgresSeedJob.postgresUser .Values.global.postgresSeedJob.postgresUser .Values.global.postgresUser }} +valueFrom: + secretKeyRef: + name: {{ include "codefresh-gitops.fullname" . }} + key: POSTGRES_SEED_USER + optional: true + {{- end }} +{{- end }} + +{{- /* +POSTGRES_SEED_PASSWORD env var value +*/}} +{{- define "codefresh-gitops.postgres-seed-password-env-var-value" }} + {{- if or .Values.seed.postgresSeedJob.postgresPasswordSecretKeyRef .Values.global.postgresSeedJob.postgresPasswordSecretKeyRef .Values.global.postgresPasswordSecretKeyRef }} +valueFrom: + secretKeyRef: + {{- coalesce .Values.seed.postgresSeedJob.postgresPasswordSecretKeyRef .Values.global.postgresSeedJob.postgresPasswordSecretKeyRef .Values.global.postgresPasswordSecretKeyRef | toYaml | nindent 4 }} + {{- else if or .Values.seed.postgresSeedJob.postgresPassword .Values.global.postgresSeedJob.postgresPassword .Values.global.postgresPassword }} +valueFrom: + secretKeyRef: + name: {{ include "codefresh-gitops.fullname" . }} + key: POSTGRES_SEED_PASSWORD + optional: true + {{- end }} +{{- end }} diff --git a/charts/codefresh-gitops/templates/_helpers.tpl b/charts/codefresh-gitops/templates/_helpers.tpl new file mode 100644 index 0000000000..12fb63ce97 --- /dev/null +++ b/charts/codefresh-gitops/templates/_helpers.tpl @@ -0,0 +1,74 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "codefresh-gitops.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "codefresh-gitops.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "codefresh-gitops.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "codefresh-gitops.labels" -}} +helm.sh/chart: {{ include "codefresh-gitops.chart" . }} +{{ include "codefresh-gitops.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "codefresh-gitops.selectorLabels" -}} +app.kubernetes.io/name: {{ include "codefresh-gitops.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "codefresh-gitops.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "codefresh-gitops.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} + +{{/* +Return the secret containing TLS certificates for Ingress +*/}} +{{- define "codefresh-gitops.ingress.tlsSecretName" -}} +{{- $secretName := .Values.ingress.tls.existingSecret -}} +{{- if $secretName -}} + {{- printf "%s" (include (printf "cf-common-%s.tplrender" (index .Subcharts "cf-common").Chart.Version ) ( dict "Values" $secretName "context" $) ) -}} +{{- else -}} + {{- printf "%s-%s" (include "codefresh-gitops.fullname" .) .Values.ingress.tls.secretName -}} +{{- end -}} +{{- end -}} diff --git a/charts/codefresh-gitops/templates/configmaps/version-info-cm.yaml b/charts/codefresh-gitops/templates/configmaps/version-info-cm.yaml new file mode 100644 index 0000000000..7a79ac64a5 --- /dev/null +++ b/charts/codefresh-gitops/templates/configmaps/version-info-cm.yaml @@ -0,0 +1,12 @@ +{{ $name := printf "%v-%v-%v" .Release.Name .Values.global.codefresh "version-info" }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ $name }} + labels: + {{ include "codefresh-gitops.labels" . | nindent 4 }} +data: + app: {{ .Chart.Version | default "unknown" }} + {{- range $i, $dep := .Chart.Dependencies }} + {{ $dep.Name }}: {{ $dep.Version | quote }} + {{- end }} diff --git a/codefresh/templates/hooks/pre-upgrade/set-mongodb-compat-version.yaml b/charts/codefresh-gitops/templates/hooks/pre-upgrade/set-mongodb-compat-version.yaml similarity index 100% rename from codefresh/templates/hooks/pre-upgrade/set-mongodb-compat-version.yaml rename to charts/codefresh-gitops/templates/hooks/pre-upgrade/set-mongodb-compat-version.yaml diff --git a/charts/codefresh-gitops/templates/ingress.yaml b/charts/codefresh-gitops/templates/ingress.yaml new file mode 100644 index 0000000000..0d56e0a5ed --- /dev/null +++ b/charts/codefresh-gitops/templates/ingress.yaml @@ -0,0 +1,49 @@ +{{- $ingressName := printf "%s-ingress" (include "codefresh.fullname" .) }} +{{- if and (hasKey .Values.ingress "nameOverride") .Values.ingress.nameOverride }} + {{- $ingressName = .Values.ingress.nameOverride }} +{{- end }} +{{- if .Values.ingress.enabled }} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ $ingressName }} + labels: + {{ include "codefresh.labels" . | nindent 4 }} + {{- with .Values.ingress.labels }} + {{ toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.ingress.annotations }} + annotations: + {{ toYaml . | nindent 4 }} + {{- end }} +spec: + ingressClassName: {{ .Values.ingress.ingressClassName }} + {{- if .Values.ingress.tls.enabled }} + tls: + - hosts: + - {{ .Values.global.appUrl }} + secretName: {{ include "codefresh-gitops.ingress.tlsSecretName" . }} + {{- end }} + rules: + - host: {{ .Values.ingress.domain | default .Values.global.appUrl }} + http: + paths: + {{- range $serviceName, $paths := .Values.ingress.services }} + {{- if and (index $.Subcharts $serviceName) }} + {{- range $path := $paths }} + - path: {{ $path }} + pathType: ImplementationSpecific + backend: + service: + {{- $fullServiceName := (index $.Subcharts $serviceName).Values.fullnameOverride }} + {{- if $fullServiceName }} + name: {{ $fullServiceName }} + {{- else }} + name: {{ printf "%s-%s" $.Release.Name (index $.Subcharts $serviceName ).Chart.Name }} + {{- end }} + port: + number: {{ (index $.Subcharts $serviceName ).Values.service.main.ports.http.port }} + {{- end }} + {{- end }} + {{- end }} +{{- end}} diff --git a/codefresh/templates/internal-gateway.yaml b/charts/codefresh-gitops/templates/internal-gateway.yaml similarity index 100% rename from codefresh/templates/internal-gateway.yaml rename to charts/codefresh-gitops/templates/internal-gateway.yaml diff --git a/charts/codefresh-gitops/templates/secrets/ingress-tls.yaml b/charts/codefresh-gitops/templates/secrets/ingress-tls.yaml new file mode 100644 index 0000000000..26582c655b --- /dev/null +++ b/charts/codefresh-gitops/templates/secrets/ingress-tls.yaml @@ -0,0 +1,13 @@ +{{- if and .Values.ingress.enabled .Values.ingress.tls.enabled (not .Values.ingress.tls.existingSecret) }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "codefresh-gitops.fullname" . }}-{{ .Values.ingress.tls.secretName }} + labels: + {{ include "codefresh-gitops.labels" . | nindent 4 }} +type: kubernetes.io/tls +data: + {{- $cert := buildCustomCert (required "A valid .Values.ingress.tls.cert is required!" .Values.ingress.tls.cert) (required "A valid .Values.ingress.tls.key is required!" .Values.ingress.tls.key) }} + tls.crt: {{ b64enc $cert.Cert }} + tls.key: {{ b64enc $cert.Key }} +{{- end }} diff --git a/charts/codefresh-gitops/templates/secrets/regsecret.yaml b/charts/codefresh-gitops/templates/secrets/regsecret.yaml new file mode 100644 index 0000000000..e919241ef2 --- /dev/null +++ b/charts/codefresh-gitops/templates/secrets/regsecret.yaml @@ -0,0 +1,10 @@ +--- +apiVersion: v1 +kind: Secret +metadata: + name: codefresh-registry + labels: + {{ include "codefresh-gitops.labels" . | nindent 4 }} +type: kubernetes.io/dockerconfigjson +data: + .dockerconfigjson: {{ include "codefresh.imagePullSecret" . }} diff --git a/charts/codefresh-gitops/templates/secrets/secret.yaml b/charts/codefresh-gitops/templates/secrets/secret.yaml new file mode 100644 index 0000000000..e1ad3c3921 --- /dev/null +++ b/charts/codefresh-gitops/templates/secrets/secret.yaml @@ -0,0 +1,32 @@ +{{ $libTemplateName := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }} +--- +apiVersion: v1 +kind: Secret +type: Opaque +metadata: + name: {{ include "codefresh-gitops.fullname" . }} + labels: + {{ include "codefresh-gitops.labels" . | nindent 4 }} +data: + # new MONGODB_* secrets + MONGODB_HOST: {{ coalesce .Values.global.mongodbHost | b64enc }} + MONGODB_PASSWORD: {{ coalesce .Values.global.mongodbPassword | b64enc }} + MONGODB_USER: {{ coalesce .Values.global.mongodbUser | b64enc }} + MONGODB_OPTIONS: {{ coalesce .Values.global.mongodbOptions | b64enc }} + MONGODB_DATABASE: {{ coalesce .Values.global.mongodbDatabase | default "codefresh" | b64enc }} + MONGODB_PROTOCOL: {{ coalesce .Values.global.mongodbProtocol | default "mongodb" | b64enc }} + + # legacy MONGODB_* secrets + MONGODB_ROOT_USER: {{ coalesce .Values.global.mongodbRootUser .Values.seed.mongoSeedJob.mongodbRootUser | b64enc }} + MONGODB_ROOT_PASSWORD: {{ urlquery (coalesce .Values.global.mongodbRootPassword .Values.seed.mongoSeedJob.mongodbRootPassword) | b64enc }} + MONGO_URI: {{ .Values.global.mongoURI | default "empty" | b64enc}} + MONGO_URI_RE_MANAGER: {{ include (printf "%s.classic.calculateMongoUri" $libTemplateName) (dict "dbName" "runtime-environment-manager" "mongoURI" .Values.global.mongoURI) | default "empty" | b64enc }} + MONGODB_RE_DATABASE: {{ printf "%s" "runtime-environment-manager" | b64enc }} + + POSTGRES_USER: {{ coalesce .Values.global.postgresUser | b64enc }} + POSTGRES_PASSWORD: {{ coalesce .Values.global.postgresPassword | b64enc }} + POSTGRES_SEED_USER: {{ (coalesce .Values.seed.postgresSeedJob.postgresUser .Values.global.postgresSeedJob.postgresUser) | default .Values.global.postgresUser | b64enc}} + POSTGRES_SEED_PASSWORD: {{ (coalesce .Values.seed.postgresSeedJob.postgresPassword .Values.global.postgresSeedJob.postgresPassword) | default .Values.global.postgresPassword | b64enc }} + POSTGRES_HOSTNAME: {{ default (printf "%s-%s" .Release.Name .Values.global.postgresService) .Values.global.postgresHostname | b64enc }} + POSTGRES_PORT: {{ printf "%v" .Values.global.postgresPort | b64enc }} + POSTGRES_DATABASE: {{ .Values.global.postgresDatabase | default "codefresh" | b64enc }} diff --git a/charts/codefresh-gitops/templates/seed/mongo-seed-config.yaml b/charts/codefresh-gitops/templates/seed/mongo-seed-config.yaml new file mode 100644 index 0000000000..3e9317fdad --- /dev/null +++ b/charts/codefresh-gitops/templates/seed/mongo-seed-config.yaml @@ -0,0 +1,16 @@ +{{- if and .Values.seed.enabled (or .Values.global.seedJobs .Values.seed.mongoSeedJob.enabled) }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "codefresh-gitops.fullname" . }}-mongo-seed + labels: + {{ include "codefresh-gitops.labels" . | nindent 4 }} +data: + idps.json: | +{{ .Files.Get "files/assets/idps.json" | indent 4 }} + accounts.json: | +{{ .Files.Get "files/assets/accounts.json" | indent 4 }} + users.json: | +{{ .Files.Get "files/assets/users.json" | indent 4 }} +{{- end }} diff --git a/charts/codefresh-gitops/templates/seed/mongo-seed-job.yaml b/charts/codefresh-gitops/templates/seed/mongo-seed-job.yaml new file mode 100644 index 0000000000..d28ce7b8ca --- /dev/null +++ b/charts/codefresh-gitops/templates/seed/mongo-seed-job.yaml @@ -0,0 +1,97 @@ +{{ $libTemplateName := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }} +{{ $context := deepCopy .Values.seed }} +--- +{{- if and .Values.seed.enabled (or .Values.global.seedJobs .Values.seed.mongoSeedJob.enabled) }} +{{- $tolerations := .Values.seed.tolerations | default list }} +{{- $globalTolerations := .Values.global.tolerations | default list }} +{{- $allToleration := concat $globalTolerations $tolerations }} +{{- $affinity := .Values.seed.affinity | default dict }} +{{- $globalAffinity := .Values.global.affinity | default dict }} +{{- $allAffinity := mergeOverwrite $globalAffinity $affinity }} +{{- $nodeSelector := .Values.seed.nodeSelector | default dict }} +{{- $globalNodeSelector := .Values.global.nodeSelector | default dict }} +{{- $allNodeSelector := mergeOverwrite $globalNodeSelector $nodeSelector }} +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "codefresh-gitops.fullname" . }}-mongo-seed + labels: + {{ include "codefresh-gitops.labels" . | nindent 4 }} +spec: + {{- with .Values.seed.ttlSecondsAfterFinished }} + ttlSecondsAfterFinished: {{ . }} + {{- end }} + {{- with .Values.seed.backoffLimit }} + backoffLimit: {{ . | int }} + {{- end }} + template: + metadata: + name: {{ include "codefresh-gitops.fullname" . }}-mongo-seed + labels: + {{ include "codefresh-gitops.labels" . | nindent 8 }} + spec: + {{- include (printf "%s.image.pullSecrets" $libTemplateName ) . | nindent 6 }} + securityContext: + {{- toYaml .Values.seed.podSecurityContext | nindent 8 }} + containers: + - name: {{ include "codefresh-gitops.fullname" . }}-mongo-seed + image: {{ include (printf "%s.image.name" $libTemplateName) (dict "image" .Values.seed.mongoSeedJob.image "context" .) }} + envFrom: + - secretRef: + name: {{ include "codefresh-gitops.fullname" . }} + env: + - name: MONGODB_HOST + {{- include "codefresh.mongodb-host-env-var-value" . | indent 12 }} + - name: MONGODB_USER + {{- include "codefresh.mongodb-user-env-var-value" . | indent 12 }} + - name: MONGODB_PASSWORD + {{- include "codefresh.mongodb-password-env-var-value" . | indent 12 }} + - name: MONGO_URI + {{- include "codefresh.mongo-seed-uri-env-var-value" . | indent 12 }} + - name: MONGODB_ROOT_USER + {{- include "codefresh.mongodb-root-user-env-var-value" . | indent 12 }} + - name: MONGODB_ROOT_PASSWORD + {{- include "codefresh.mongodb-root-password-env-var-value" . | indent 12 }} + command: + - "/bin/bash" + - "-exc" + - | + {{ .Files.Get "files/mongoSeedJobScript.sh" | nindent 12 }} + resources: + {{- toYaml .Values.seed.resources | nindent 10 }} + volumeMounts: + - name: seed-data + mountPath: "/usr/share/extras/accounts.json" + subPath: "accounts.json" + - name: seed-data + mountPath: "/usr/share/extras/users.json" + subPath: "users.json" + - name: seed-data + mountPath: "/usr/share/extras/idps.json" + subPath: "idps.json" + - name: seed-data + mountPath: "/usr/share/extras/packs.json" + subPath: "packs.json" + - name: seed-data + mountPath: "/usr/share/extras/accounts-dev.json" + subPath: "accounts-dev.json" + {{- include (printf "%s.volumeMounts" $libTemplateName) ( dict "Values" .Values.seed.volumeMounts "context" $ ) | nindent 8 }} + {{- with $allNodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with $allAffinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with $allToleration }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + restartPolicy: OnFailure + volumes: + - name: seed-data + configMap: + name: {{ include "codefresh-gitops.fullname" . }}-mongo-seed + {{- include (printf "%s.volumes" $libTemplateName) ( dict "Values" .Values.seed.volumes "context" $ ) | nindent 6 }} +{{- end }} diff --git a/charts/codefresh-gitops/templates/seed/postgres-seed-job.yaml b/charts/codefresh-gitops/templates/seed/postgres-seed-job.yaml new file mode 100644 index 0000000000..cdec511ae7 --- /dev/null +++ b/charts/codefresh-gitops/templates/seed/postgres-seed-job.yaml @@ -0,0 +1,72 @@ +{{ $libTemplateName := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }} +{{- if and .Values.seed.enabled (or .Values.global.seedJobs .Values.seed.postgresSeedJob.enabled) }} +--- +{{- $tolerations := .Values.seed.tolerations | default list }} +{{- $globalTolerations := .Values.global.tolerations | default list }} +{{- $allToleration := concat $globalTolerations $tolerations }} +{{- $affinity := .Values.seed.affinity | default dict }} +{{- $globalAffinity := .Values.global.affinity | default dict }} +{{- $allAffinity := mergeOverwrite $globalAffinity $affinity }} +{{- $nodeSelector := .Values.seed.nodeSelector | default dict }} +{{- $globalNodeSelector := .Values.global.nodeSelector | default dict }} +{{- $allNodeSelector := mergeOverwrite $globalNodeSelector $nodeSelector }} +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "codefresh-gitops.fullname" . }}-postgres-seed + labels: + {{ include "codefresh-gitops.labels" . | nindent 4 }} +spec: + {{- with .Values.seed.ttlSecondsAfterFinished }} + ttlSecondsAfterFinished: {{ . }} + {{- end }} + {{- with .Values.seed.backoffLimit }} + backoffLimit: {{ . | int }} + {{- end }} + template: + metadata: + name: {{ include "codefresh-gitops.fullname" . }}-postgres-seed + labels: + {{ include "codefresh-gitops.labels" . | nindent 8 }} + spec: + {{- include (printf "%s.image.pullSecrets" $libTemplateName ) . | nindent 6 }} + securityContext: + {{- toYaml .Values.seed.podSecurityContext | nindent 8 }} + containers: + - name: {{ template "codefresh-gitops.fullname" . }}-postgres-seed + image: {{ include (printf "%s.image.name" $libTemplateName) (dict "image" .Values.seed.postgresSeedJob.image "context" .) }} + envFrom: + - secretRef: + name: {{ include "codefresh-gitops.fullname" . }} + env: + - name: POSTGRES_USER + {{- include "codefresh.postgres-user-env-var-value" . | indent 12 }} + - name: POSTGRES_PASSWORD + {{- include "codefresh.postgres-password-env-var-value" . | indent 12 }} + - name: POSTGRES_HOSTNAME + {{- include "codefresh.postgres-host-env-var-value" . | indent 12 }} + - name: POSTGRES_SEED_USER + {{- include "codefresh.postgres-seed-user-env-var-value" . | indent 12 }} + - name: POSTGRES_SEED_PASSWORD + {{- include "codefresh.postgres-seed-password-env-var-value" . | indent 12 }} + resources: + {{- toYaml .Values.seed.resources | nindent 10 }} + command: + - "/bin/bash" + - "-exc" + - | + {{ .Files.Get "files/postgresSeedJobScript.sh" | nindent 12 }} + {{- with $allNodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with $allAffinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with $allToleration }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + restartPolicy: OnFailure +{{- end }} diff --git a/charts/codefresh-gitops/values.yaml b/charts/codefresh-gitops/values.yaml new file mode 100644 index 0000000000..e94f2c0fb2 --- /dev/null +++ b/charts/codefresh-gitops/values.yaml @@ -0,0 +1,1107 @@ +# -- Credentials for Image Pull Secret object +imageCredentials: {} +# Pass sa.json (as a single line). Obtain GCR Service Account JSON (sa.json) at support@codefresh.io +# E.g.: +# imageCredentials: +# registry: us-docker.pkg.dev +# username: _json_key +# password: '{ "type": "service_account", "project_id": "codefresh-enterprise", "private_key_id": ... }' + +# -- Seed jobs +# @default -- See below +seed: + # -- Enable all seed jobs + enabled: true + # -- Mongo Seed Job. Required at first install. Seeds the required data (default idp/user/account), creates cfuser and required databases. + # @default -- See below + mongoSeedJob: + enabled: true + image: + registry: us-docker.pkg.dev/codefresh-inc/public-gcr-io + repository: codefresh/mongosh + tag: 2.5.0 + # -- Root user in plain text (required ONLY for seed job!). + mongodbRootUser: "root" + # -- Root user from existing secret + mongodbRootUserSecretKeyRef: {} + # E.g. + # mongodbRootUserSecretKeyRef: + # name: my-secret + # key: mongodb-root-user + + # -- Root password in plain text (required ONLY for seed job!). + mongodbRootPassword: "XT9nmM8dZD" + # -- Root password from existing secret + mongodbRootPasswordSecretKeyRef: {} + # E.g. + # mongodbRootPasswordSecretKeyRef: + # name: my-secret + # key: mongodb-root-password + + # -- Postgres Seed Job. Required at first install. Creates required user and databases. + # @default -- See below + postgresSeedJob: + enabled: true + image: + registry: us-docker.pkg.dev/codefresh-inc/public-gcr-io + repository: codefresh/postgresql + tag: 17 + # -- (optional) "postgres" admin user in plain text (required ONLY for seed job!) + # Must be a privileged user allowed to create databases and grant roles. + # If omitted, username and password from `.Values.global.postgresUser/postgresPassword` will be used. + postgresUser: "" + # -- (optional) "postgres" admin user from exising secret + postgresUserSecretKeyRef: {} + # E.g. + # postgresUserSecretKeyRef: + # name: my-secret + # key: postgres-user + + # -- (optional) Password for "postgres" admin user (required ONLY for seed job!) + postgresPassword: "" + # -- (optional) Password for "postgres" admin user from existing secret + postgresPasswordSecretKeyRef: {} + # E.g. + # postgresPasswordSecretKeyRef: + # name: my-secret + # key: postgres-password + + ttlSecondsAfterFinished: 300 + backoffLimit: 10 + affinity: {} + nodeSelector: {} + podSecurityContext: {} + resources: {} + tolerations: [] + +# -- Ingress +ingress: + # -- Enable the Ingress + enabled: true + # -- Set the ingressClass that is used for the ingress. + # Default `nginx-codefresh` is created from `ingress-nginx` controller subchart + ingressClassName: "" + # -- Override Ingress resource name + nameOverride: "" + tls: + # -- Enable TLS + enabled: false + # -- Default secret name to be created with provided `cert` and `key` below + secretName: "star.codefresh.io" + # -- Certificate (base64 encoded) + cert: "" + # -- Private key (base64 encoded) + key: "" + # -- Existing `kubernetes.io/tls` type secret with TLS certificates (keys: `tls.crt`, `tls.key`) + existingSecret: "" + # -- Default services and corresponding paths + # @default -- See below + services: + internal-gateway: + - / + # -- Set annotations for ingress. + # @default -- See below + annotations: + nginx.ingress.kubernetes.io/service-upstream: "true" + nginx.ingress.kubernetes.io/ssl-redirect: "false" + nginx.org/redirect-to-https: "false" + # -- Set labels for ingress + labels: {} + +# -- Global parameters +# @default -- See below +global: + # -- Application root url. Will be used in Ingress objects as hostname + appUrl: onprem.codefresh.local + # -- Application protocol. + appProtocol: https + + # -- Global Docker image registry + imageRegistry: "" + + # -- Global Docker registry secret names as array + imagePullSecrets: + - 'codefresh-registry' + + # -- Global StorageClass for Persistent Volume(s) + storageClass: "" + + # -- Global Env vars + env: {} + + # -- Global tolerations constraints + # Apply toleratons to all Codefresh subcharts. Will not be applied on Bitnami subcharts. + tolerations: [] + + # -- Global affinity constraints + # Apply affinity to all Codefresh subcharts. Will not be applied on Bitnami subcharts. + affinity: {} + + # -- Global nodeSelector constraints + # Apply nodeSelector to all Codefresh subcharts. Will not be applied on Bitnami subcharts. + nodeSelector: {} + + # -- New Relic Key + newrelicLicenseKey: "" + + # -- Definitions for internal-gateway nginx resolver + dnsService: kube-dns + dnsNamespace: kube-system + clusterDomain: cluster.local + +#-------- +# MongoDB +#-------- + # -- Set mongodb protocol (`mongodb` / `mongodb+srv`) + mongodbProtocol: mongodb + # -- Set mongodb user in plain text + mongodbUser: "user" + # -- Set mongodb user from existing secret + mongodbUserSecretKeyRef: {} + # E.g. + # mongodbUserSecretKeyRef: + # name: my-secret + # key: mongodb-user + + # -- Set mongodb password in plain text + mongodbPassword: "password" + # -- Set mongodb password from existing secret + mongodbPasswordSecretKeyRef: {} + # E.g. + # mongodbPasswordSecretKeyRef: + # name: my-secret + # key: mongodb-password + + # -- Set mongodb host in plain text + mongodbHost: "mongodb" + # -- Set mongodb host from existing secret + mongodbHostSecretKeyRef: {} + # E.g. + # mongodbHostSecretKeyRef: + # name: my-secret + # key: mongodb-host + + # -- Set mongodb connection string options + # Ref: https://www.mongodb.com/docs/manual/reference/connection-string/#connection-string-options + mongodbOptions: "retryWrites=true" + # -- Default MongoDB database name. Don't change! + mongodbDatabase: codefresh + +#----------- +# Postgresql +#----------- + # -- Set postgres user in plain text + postgresUser: postgres + # -- Set postgres user from existing secret + postgresUserSecretKeyRef: {} + # E.g. + # postgresUserSecretKeyRef: + # name: my-secret + # key: postgres-user + + # -- Set postgres password in plain text + postgresPassword: eC9arYka4ZbH + # -- Set postgres password from existing secret + postgresPasswordSecretKeyRef: {} + # E.g. + # postgresPasswordSecretKeyRef: + # name: my-secret + # key: postgres-password + + # -- Set postgres service address in plain text. Takes precedence over `global.postgresService`! + postgresHostname: "" + # -- Set postgres service from existing secret + postgresHostnameSecretKeyRef: {} + # E.g. + # postgresHostnameSecretKeyRef: + # name: my-secret + # key: postgres-hostname + + # -- Set postgres port number + postgresPort: 5432 + # -- Set postgres database name + postgresDatabase: codefresh + # -- Default internal postgresql service address from bitnami/postgresql subchart + postgresService: postgresql + +#--------- +# RabbitMQ +#--------- + # -- Set rabbitmq protocol (`amqp/amqps`) + rabbitmqProtocol: amqp + # -- Set rabbitmq username in plain text + rabbitmqUsername: user + # -- Set rabbitmq username from existing secret + rabbitmqUsernameSecretKeyRef: {} + # E.g. + # rabbitmqUsernameSecretKeyRef: + # name: my-secret + # key: rabbitmq-username + + # -- Set rabbitmq password in plain text + rabbitmqPassword: cVz9ZdJKYm7u + # -- Set rabbitmq password from existing secret + rabbitmqPasswordSecretKeyRef: {} + # E.g. + # rabbitmqPasswordSecretKeyRef: + # name: my-secret + # key: rabbitmq-password + + # -- Set rabbitmq service address in plain text. Takes precedence over `global.rabbitService`! + rabbitmqHostname: "" + # -- Set rabbitmq service address from existing secret. + rabbitmqHostnameSecretKeyRef: {} + # E.g. + # rabbitmqHostnameSecretKeyRef: + # name: my-secret + # key: rabbitmq-hostname + + # -- Default internal rabbitmq service address from bitnami/rabbitmq subchart. + rabbitService: rabbitmq:5672 + +#------ +# Redis +#------ + # -- Set redis password in plain text + redisPassword: hoC9szf7NtrU + # -- Set redis service port + redisPort: 6379 + # -- Set redis password from existing secret + redisPasswordSecretKeyRef: {} + # E.g. + # redisPasswordSecretKeyRef: + # name: my-secret + # key: redis-password + + # -- Set redis hostname in plain text. Takes precedence over `global.redisService`! + redisUrl: "" + # -- Set redis hostname from existing secret. + redisUrlSecretKeyRef: {} + # E.g. + # redisUrlSecretKeyRef: + # name: my-secret + # key: redis-url + + # -- Default internal redis service address from bitnami/redis subchart + redisService: redis-master + +#---------------------------------- +# Codefresh services. Don't change! +#---------------------------------- + # -- Default API service name. + cfapiService: cfapi + # -- Default API service port. + cfapiInternalPort: 3000 + # -- Default API endpoints service name + cfapiEndpointsService: cfapi + # -- Default platform-analytics service name. + platformAnalyticsService: platform-analytics + # -- Default platform-analytics service port. + platformAnalyticsPort: 80 + + # -- Bitnami + security: + allowInsecureImages: true + +# -- Pre/post-upgrade Job hooks. +# @default -- See below +hooks: + # -- Sets feature compatibility version + mongodb: + enabled: true + image: + registry: us-docker.pkg.dev/codefresh-inc/public-gcr-io + repository: codefresh/mongosh + tag: 2.5.0 + affinity: {} + nodeSelector: {} + podSecurityContext: {} + resources: {} + tolerations: [] + +#-------------------- +# Codefresh subcharts +#-------------------- + +# -- cf-api +cfapi: &cf-api + # -- Enable cf-api + enabled: true + # -- Image pull secrets + imagePullSecrets: [] + # -- Controller configuration + controller: + # -- Replicas number + replicas: 2 + # -- Container configuration + container: + # -- Image + image: + # -- Registry prefix + registry: us-docker.pkg.dev/codefresh-enterprise/gcr.io + # -- Repository + repository: codefresh/cf-api + # -- Env vars + # @default -- See below + env: + AUDIT_AUTO_CREATE_DB: true + LOGGER_LEVEL: debug + ON_PREMISE: true + DEFAULT_SYSTEM_TYPE: GITOPS + # -- Resource requests and limits + resources: + requests: + cpu: 200m + memory: "256Mi" + limits: {} + # -- Autoscaler configuration + hpa: + # -- Enable HPA + enabled: false + # -- Minimum number of replicas + minReplicas: 2 + # -- Maximum number of replicas + maxReplicas: 10 + # -- Average CPU utilization percentage + targetCPUUtilizationPercentage: 70 + # -- Pod disruption budget configuration + pdb: + # -- Enable PDB + enabled: false + # -- Minimum number of replicas in percentage + minAvailable: "50%" + # -- Affinity configuration + affinity: {} + # -- Node selector configuration + nodeSelector: {} + # -- Pod security context configuration + podSecurityContext: {} + # -- Tolerations configuration + tolerations: [] + +# -- internal-gateway +# @default -- See below +internal-gateway: + enabled: true + libraryMode: true + controller: + replicas: 2 + container: + image: + registry: docker.io + repository: nginxinc/nginx-unprivileged + nginx: + config: + locations: + /api/auth/authenticate: + locationDirectives: + proxy_buffers: "4 180k" + proxy_buffer_size: "180k" + resources: + requests: + cpu: 100m + memory: 128Mi + hpa: + enabled: false + pdb: + enabled: false + affinity: {} + nodeSelector: {} + podSecurityContext: {} + tolerations: [] + +# -- etl-starter +# @default -- See below +cf-platform-analytics-etlstarter: + nameOverride: etl-starter + mongodbDatabase: "platform-analytics-postgres" + redis: + # -- Disable redis subchart + enabled: false + imagePullSecrets: [] + controller: + # - Disable default deployment controller + enabled: false + # -- Only postgres ETL should be running in onprem + system-etl-postgres: + enabled: true + controller: + cronjob: + ttlSecondsAfterFinished: 300 + container: + env: + BLUE_GREEN_ENABLED: true + # @ignored + system-etl-gitops: + enabled: false + # @ignored + system-etl-metabase: + enabled: false + + container: + image: + registry: us-docker.pkg.dev/codefresh-enterprise/gcr.io + env: + ENV: production + DATASET_ID: etl + MONGO_DB_DEFAULT_NAME: codefresh + affinity: {} + nodeSelector: {} + podSecurityContext: {} + tolerations: [] + +# -- platform-analytics +# @default -- See below +cf-platform-analytics-platform: + nameOverride: platform-analytics + mongodbDatabase: "platform-analytics-postgres" + imagePullSecrets: [] + container: + image: + registry: us-docker.pkg.dev/codefresh-enterprise/gcr.io + repository: codefresh/cf-platform-analytics + redis: + enabled: true + nameOverride: redis-platform-analytics + resources: + requests: + cpu: 100m + memory: 128Mi + env: + ENV: production + DATASET_ID: etl + NODE_ENV: production + CUBEJS_LOG_LEVEL: trace + CUBEJS_SCHEDULED_REFRESH_TIMER: 60 + REDIS_TLS: false + CUBEJS_DEV_MODE: false + SUPPORTED_DATA_SOURCE: 'CSDP_POSTGRES,CLASSIC_POSTGRES' + affinity: {} + nodeSelector: {} + podSecurityContext: {} + tolerations: [] + +# -- cf-ui +# @default -- See below +cfui: + enabled: true + imagePullSecrets: [] + controller: + replicas: 2 + container: + image: + registry: us-docker.pkg.dev/codefresh-enterprise/gcr.io + repository: codefresh/cf-ui + env: + ON_PREMISE: true + resources: + requests: + cpu: 100m + memory: 128Mi + limits: {} + hpa: + enabled: false + pdb: + enabled: false + affinity: {} + nodeSelector: {} + podSecurityContext: {} + tolerations: [] + +# -- mongodb +# @default -- See below +# Ref: https://github.com/bitnami/charts/blob/main/bitnami/mongodb/values.yaml +mongodb: + enabled: true + fullnameOverride: mongodb + architecture: standalone + useStatefulSet: true + auth: + rootUser: root + rootPassword: password + usernames: + - user + - user + - user + - user + - user + - user + - user + passwords: + - password + - password + - password + - password + - password + - password + - password + databases: + - codefresh + - read-models + - audit + - platform-analytics-postgres + resources: + requests: + cpu: 200m + memory: 256Mi + migration: + enabled: false + featureCompatibilityVersion: "6.0" + +# -- postgresql +# @default -- See below +# Ref: https://github.com/bitnami/charts/blob/main/bitnami/postgresql/values.yaml +postgresql: + enabled: true + fullnameOverride: postgresql + image: + registry: us-docker.pkg.dev/codefresh-inc/public-gcr-io + repository: codefresh/postgresql + tag: 17 + auth: + enablePostgresUser: true + postgresPassword: "postgres" + database: "codefresh" + architecture: standalone + postgresqlSharedPreloadLibraries: pg_partman_bgw,pg_cron + primary: + extendedConfiguration: | + pg_partman_bgw.interval = 3600 + pg_partman_bgw.role = 'postgres' + pg_partman_bgw.dbname = 'postgres' + cron.database_name = 'postgres' + resources: + requests: + cpu: 200m + memory: 256Mi + +# -- redis +# @default -- See below +# Ref: https://github.com/bitnami/charts/blob/main/bitnami/redis/values.yaml +redis: + enabled: true + fullnameOverride: redis + architecture: standalone + auth: + password: "redis" + master: + count: 1 + resources: + requests: + cpu: 200m + memory: 256Mi + +# -- rabbitmq +# @default -- See below +# Ref: https://github.com/bitnami/charts/blob/main/bitnami/rabbitmq/values.yaml +rabbitmq: + enabled: true + image: + tag: "4.0" + replicaCount: 1 + auth: + username: user + password: "rabbitmq" + resources: + requests: + cpu: 200m + memory: 256Mi + +# -- argo-hub-platform +# @default -- See below +argo-hub-platform: + controller: + deployment: + replicas: 1 + container: + image: + registry: us-docker.pkg.dev/codefresh-enterprise/gcr.io + repository: codefresh-io/argo-hub-platform + imagePullSecrets: [] + resources: + requests: + cpu: 100m + memory: 128Mi + limits: {} + hpa: + enabled: false + pdb: + enabled: false + affinity: {} + nodeSelector: {} + podSecurityContext: {} + tolerations: [] + +# -- argo-platform +# @default -- See below +argo-platform: + enabled: true + + # -- Use regular k8s secret object. Keep `false`! + useExternalSecret: false + # -- Anchors + # @default -- See below + anchors: + cache-host: &cache-host '{{ coalesce .Values.redisUrl .Values.global.redisUrl (printf "%s-%s" .Release.Name .Values.global.redisService) }}' + cache-password: &cache-password '{{ coalesce .Values.redisPassword .Values.global.redisPassword }}' + cache-port: &cache-port '{{ coalesce .Values.redisPort .Values.global.redisPort }}' + + mongodb-readmodels-uri: &mongodb-readmodels-uri '{{ include "argo-patform-libs.calculate-mongo-uri" (dict "dbName" "read-models" "mongoURI" .Values.global.mongoURI) | default "null" }}' + mongodb-audit-uri: &mongodb-audit-uri '{{ include "argo-patform-libs.calculate-mongo-uri" (dict "dbName" "audit" "mongoURI" .Values.global.mongoURI) | default "null" }}' + + pg-db-name: &pg-db-name analytics + pg-host-name: &pg-host-name '{{ coalesce .Values.postgresHostname .Values.global.postgresHostname (printf "%s-%s" .Release.Name .Values.global.postgresService) }}' + pg-password: &pg-password '{{ coalesce .Values.postgresPassword .Values.global.postgresPassword }}' + pg-port: &pg-port '{{ coalesce .Values.postgresPort .Values.global.postgresPort }}' + pg-user-name: &pg-user-name '{{ coalesce .Values.postgresUser .Values.global.postgresUser }}' + + mongodb-host: &mongodb-host '{{ coalesce .Values.mongodbHost .Values.global.mongodbHost }}' + mongodb-password: &mongodb-password '{{ coalesce .Values.mongodbPassword .Values.global.mongodbPassword }}' + mongodb-user: &mongodb-user '{{ coalesce .Values.mongodbUser .Values.global.mongodbUser }}' + mongodb-protocol: &mongodb-protocol '{{ coalesce .Values.mongodbProtocol .Values.global.mongodbProtocol "mongodb" }}' + mongodb-options: &mongodb-options '{{ coalesce .Values.mongodbOptions .Values.global.mongodbOptions }}' + + rabbitmq-protocol: &rabbitmq-protocol '{{ coalesce .Values.rabbitmqProtocol .Values.global.rabbitmqProtocol "amqp" }}' + rabbitmq-host: &rabbitmq-host '{{ coalesce .Values.rabbitmqHostname .Values.global.rabbitmqHostname (printf "%s-%s" .Release.Name (coalesce .Values.global.rabbitService .Values.global.rabbitmqService) ) }}' + rabbitmq-password: &rabbitmq-password '{{ coalesce .Values.rabbitmqPassword .Values.global.rabbitmqPassword }}' + rabbitmq-port: &rabbitmq-port '{{ coalesce .Values.rabbitmqPort .Values.global.rabbitmqPort "5672" }}' + rabbitmq-user: &rabbitmq-user '{{ coalesce .Values.rabbitmqUsername .Values.global.rabbitmqUsername }}' + + # -- api-graphql + # @default -- See below + # All other services under `.Values.argo-platform` follows the same values structure. + api-graphql: + enabled: true + # -- Controller kind. Currently, only `Deployment` is supported + kind: Deployment + # -- Image + image: + # -- Registry + registry: us-docker.pkg.dev/codefresh-enterprise/gcr.io + # -- Repository + repository: codefresh-io/argo-platform-api-graphql + # -- Env vars + # @default -- See below + env: + GRAPHQL_PLAYGROUND: true + MONGODB_PROTOCOL: *mongodb-protocol + MONGODB_OPTIONS: *mongodb-options + RABBITMQ_PROTOCOL: *rabbitmq-protocol + MONGODB_READMODELS_URI: '{{ include "argo-patform-libs.env-vars.mongodb-readmodels-uri-env-var-value" . }}' + MONGODB_AUDIT_URI: '{{ include "argo-patform-libs.env-vars.mongodb-audit-uri-env-var-value" . }}' + RABBITMQ_URLS: $(RABBITMQ_PROTOCOL)://$(RABBITMQ_USER):$(RABBITMQ_PASSWORD)@$(RABBITMQ_HOST) + # -- Secrets + # @default -- See below + secrets: + argo-hub-host: http://{{ .Release.Name }}-argo-hub-platform + cache-host: *cache-host + cache-password: *cache-password + cache-port: *cache-port + v1-host: http://{{ .Release.Name }}-{{ .Values.global.cfapiEndpointsService }} + v1-internal-host: http://{{ .Release.Name }}-{{ .Values.global.cfapiService }}:{{ .Values.global.cfapiInternalPort }} + mongodb-protocol: *mongodb-protocol + mongodb-options: *mongodb-options + mongodb-host: *mongodb-host + mongodb-password: *mongodb-password + mongodb-user: *mongodb-user + mongodb-audit-uri: *mongodb-audit-uri + mongodb-readmodels-uri: *mongodb-readmodels-uri + rabbitmq-protocol: *rabbitmq-protocol + rabbitmq-host: *rabbitmq-host + rabbitmq-password: *rabbitmq-password + rabbitmq-port: *rabbitmq-port + rabbitmq-user: *rabbitmq-user + # -- Resource limits and requests + # @default -- See below + resources: + requests: + cpu: 200m + memory: 256Mi + limits: + memory: 1Gi + # -- HPA + hpa: + # -- Enable autoscaler + enabled: false + # -- PDB + pdb: + # -- Enable pod disruption budget + enabled: false + # -- Set pod's affinity + affinity: {} + # -- Set pod's tolerations + tolerations: [] + # -- Set pod's annotations + podAnnotations: + checksum/secret: '{{ include (print $.Template.BasePath "/api-graphql/secret.yaml") . | sha256sum }}' + + # -- abac + # @default -- See below + abac: + enabled: true + kind: Deployment + image: + registry: us-docker.pkg.dev/codefresh-enterprise/gcr.io + repository: codefresh-io/argo-platform-abac + env: + MONGODB_PROTOCOL: *mongodb-protocol + MONGODB_OPTIONS: *mongodb-options + MONGODB_READMODELS_URI: '{{ include "argo-patform-libs.env-vars.mongodb-readmodels-uri-env-var-value" . }}' + MONGODB_AUDIT_URI: '{{ include "argo-patform-libs.env-vars.mongodb-audit-uri-env-var-value" . }}' + secrets: + mongodb-protocol: *mongodb-protocol + mongodb-options: *mongodb-options + mongodb-host: *mongodb-host + mongodb-password: *mongodb-password + mongodb-user: *mongodb-user + mongodb-audit-uri: *mongodb-audit-uri + mongodb-readmodels-uri: *mongodb-readmodels-uri + resources: + requests: + cpu: 100m + memory: 128Mi + limits: + memory: 1Gi + hpa: + enabled: false + pdb: + enabled: false + affinity: {} + tolerations: [] + podAnnotations: + checksum/secret: '{{ include (print $.Template.BasePath "/abac/secret.yaml") . | sha256sum }}' + + # -- analytics-reporter + # @default -- See below + analytics-reporter: + enabled: true + kind: Deployment + image: + registry: us-docker.pkg.dev/codefresh-enterprise/gcr.io + repository: codefresh-io/argo-platform-analytics-reporter + env: + ENABLED_DATABASE_TYPES: POSTGRES + MONGODB_PROTOCOL: *mongodb-protocol + MONGODB_OPTIONS: *mongodb-options + RABBITMQ_PROTOCOL: *rabbitmq-protocol + MONGODB_READMODELS_URI: '{{ include "argo-patform-libs.env-vars.mongodb-readmodels-uri-env-var-value" . }}' + RABBITMQ_URLS: $(RABBITMQ_PROTOCOL)://$(RABBITMQ_USER):$(RABBITMQ_PASSWORD)@$(RABBITMQ_HOST) + secrets: + mongodb-protocol: *mongodb-protocol + mongodb-options: *mongodb-options + mongodb-host: *mongodb-host + mongodb-password: *mongodb-password + mongodb-user: *mongodb-user + mongodb-readmodels-uri: *mongodb-readmodels-uri + pg-db-name: *pg-db-name + pg-host-name: *pg-host-name + pg-password: *pg-password + pg-port: *pg-port + pg-user-name: *pg-user-name + rabbitmq-protocol: *rabbitmq-protocol + rabbitmq-host: *rabbitmq-host + rabbitmq-password: *rabbitmq-password + rabbitmq-port: *rabbitmq-port + rabbitmq-user: *rabbitmq-user + resources: + requests: + cpu: 100m + memory: 128Mi + limits: + memory: 1Gi + hpa: + enabled: false + pdb: + enabled: false + tolerations: [] + affinity: {} + volumes: [] + volumeMounts: [] + podAnnotations: + checksum/secret: '{{ include (print $.Template.BasePath "/analytics-reporter/secret.yaml") . | sha256sum }}' + + # -- api-events + # @default -- See below + api-events: + enabled: true + kind: Deployment + image: + registry: us-docker.pkg.dev/codefresh-enterprise/gcr.io + repository: codefresh-io/argo-platform-api-events + env: + RABBITMQ_PROTOCOL: *rabbitmq-protocol + RABBITMQ_URLS: $(RABBITMQ_PROTOCOL)://$(RABBITMQ_USER):$(RABBITMQ_PASSWORD)@$(RABBITMQ_HOST) + secrets: + rabbitmq-protocol: *rabbitmq-protocol + rabbitmq-host: *rabbitmq-host + rabbitmq-password: *rabbitmq-password + rabbitmq-port: *rabbitmq-port + rabbitmq-user: *rabbitmq-user + resources: + requests: + cpu: 100m + memory: 128Mi + limits: + memory: 1Gi + hpa: + enabled: false + pdb: + enabled: false + affinity: {} + tolerations: [] + podAnnotations: + checksum/secret: '{{ include (print $.Template.BasePath "/api-events/secret.yaml") . | sha256sum }}' + + # -- argocd-hooks + # @default -- See below + # Don't enable! Not used in onprem! + argocd-hooks: + enabled: false + + # -- audit + # @default -- See below + audit: + enabled: true + kind: Deployment + image: + registry: us-docker.pkg.dev/codefresh-enterprise/gcr.io + repository: codefresh-io/argo-platform-audit + env: + MONGODB_PROTOCOL: *mongodb-protocol + MONGODB_OPTIONS: *mongodb-options + RABBITMQ_PROTOCOL: *rabbitmq-protocol + MONGODB_AUDIT_URI: '{{ include "argo-patform-libs.env-vars.mongodb-audit-uri-env-var-value" . }}' + MONGODB_READMODELS_URI: '{{ include "argo-patform-libs.env-vars.mongodb-readmodels-uri-env-var-value" . }}' + RABBITMQ_URLS: $(RABBITMQ_PROTOCOL)://$(RABBITMQ_USER):$(RABBITMQ_PASSWORD)@$(RABBITMQ_HOST) + secrets: + mongodb-protocol: *mongodb-protocol + mongodb-options: *mongodb-options + mongodb-host: *mongodb-host + mongodb-password: *mongodb-password + mongodb-user: *mongodb-user + mongodb-audit-uri: *mongodb-audit-uri + mongodb-readmodels-uri: *mongodb-readmodels-uri + rabbitmq-protocol: *rabbitmq-protocol + rabbitmq-host: *rabbitmq-host + rabbitmq-password: *rabbitmq-password + rabbitmq-port: *rabbitmq-port + rabbitmq-user: *rabbitmq-user + resources: + requests: + cpu: 100m + memory: 128Mi + limits: + memory: 1Gi + hpa: + enabled: false + pdb: + enabled: false + affinity: {} + tolerations: [] + podAnnotations: + checksum/secret: '{{ include (print $.Template.BasePath "/audit/secret.yaml") . | sha256sum }}' + + # -- cron-executor + # @default -- See below + cron-executor: + enabled: true + kind: Deployment + image: + registry: us-docker.pkg.dev/codefresh-enterprise/gcr.io + repository: codefresh-io/argo-platform-cron-executor + env: + MONGODB_PROTOCOL: *mongodb-protocol + MONGODB_OPTIONS: *mongodb-options + RABBITMQ_PROTOCOL: *rabbitmq-protocol + MONGODB_READMODELS_URI: '{{ include "argo-patform-libs.env-vars.mongodb-readmodels-uri-env-var-value" . }}' + MONGODB_AUDIT_URI: '{{ include "argo-patform-libs.env-vars.mongodb-audit-uri-env-var-value" . }}' + RABBITMQ_URLS: $(RABBITMQ_PROTOCOL)://$(RABBITMQ_USER):$(RABBITMQ_PASSWORD)@$(RABBITMQ_HOST) + secrets: + mongodb-protocol: *mongodb-protocol + mongodb-options: *mongodb-options + mongodb-host: *mongodb-host + mongodb-password: *mongodb-password + mongodb-user: *mongodb-user + mongodb-audit-uri: *mongodb-audit-uri + mongodb-readmodels-uri: *mongodb-readmodels-uri + rabbitmq-protocol: *rabbitmq-protocol + rabbitmq-host: *rabbitmq-host + rabbitmq-password: *rabbitmq-password + rabbitmq-port: *rabbitmq-port + rabbitmq-user: *rabbitmq-user + resources: + requests: + cpu: 100m + memory: 128Mi + limits: + memory: 1Gi + hpa: + enabled: false + pdb: + enabled: false + affinity: {} + tolerations: [] + podAnnotations: + checksum/secret: '{{ include (print $.Template.BasePath "/cron-executor/secret.yaml") . | sha256sum }}' + + # -- event-handler + # @default -- See below + event-handler: + enabled: true + kind: Deployment + image: + registry: us-docker.pkg.dev/codefresh-enterprise/gcr.io + repository: codefresh-io/argo-platform-event-handler + env: + MONGODB_PROTOCOL: *mongodb-protocol + MONGODB_OPTIONS: *mongodb-options + RABBITMQ_PROTOCOL: *rabbitmq-protocol + MONGODB_READMODELS_URI: '{{ include "argo-patform-libs.env-vars.mongodb-readmodels-uri-env-var-value" . }}' + RABBITMQ_URLS: $(RABBITMQ_PROTOCOL)://$(RABBITMQ_USER):$(RABBITMQ_PASSWORD)@$(RABBITMQ_HOST) + secrets: + mongodb-protocol: *mongodb-protocol + mongodb-options: *mongodb-options + mongodb-host: *mongodb-host + mongodb-password: *mongodb-password + mongodb-user: *mongodb-user + mongodb-readmodels-uri: *mongodb-readmodels-uri + rabbitmq-protocol: *rabbitmq-protocol + rabbitmq-host: *rabbitmq-host + rabbitmq-password: *rabbitmq-password + rabbitmq-port: *rabbitmq-port + rabbitmq-user: *rabbitmq-user + resources: + requests: + cpu: 100m + memory: 128Mi + limits: + memory: 1Gi + hpa: + enabled: false + pdb: + enabled: false + affinity: {} + tolerations: [] + podAnnotations: + checksum/secret: '{{ include (print $.Template.BasePath "/event-handler/secret.yaml") . | sha256sum }}' + + # -- runtime-manager + # @default -- See below + # Don't enable! Not used in onprem! + runtime-manager: + enabled: false + + # -- runtime-monitor + # @default -- See below + # Don't enable! Not used in onprem! + runtime-monitor: + enabled: false + + # -- ui + # @default -- See below + ui: + enabled: true + kind: Deployment + image: + registry: us-docker.pkg.dev/codefresh-enterprise/gcr.io + repository: codefresh-io/argo-platform-ui + resources: + requests: + cpu: 100m + memory: 128Mi + limits: + memory: 512Mi + hpa: + enabled: false + pdb: + enabled: false + affinity: {} + tolerations: [] + + # -- broadcaster + # @default -- See below + broadcaster: + enabled: true + kind: Deployment + image: + registry: us-docker.pkg.dev/codefresh-enterprise/gcr.io + repository: codefresh-io/argo-platform-broadcaster + env: + MONGODB_PROTOCOL: *mongodb-protocol + MONGODB_OPTIONS: *mongodb-options + RABBITMQ_PROTOCOL: *rabbitmq-protocol + MONGODB_READMODELS_URI: '{{ include "argo-patform-libs.env-vars.mongodb-readmodels-uri-env-var-value" . }}' + RABBITMQ_URLS: $(RABBITMQ_PROTOCOL)://$(RABBITMQ_USER):$(RABBITMQ_PASSWORD)@$(RABBITMQ_HOST) + secrets: + mongodb-protocol: *mongodb-protocol + mongodb-options: *mongodb-options + mongodb-host: *mongodb-host + mongodb-password: *mongodb-password + mongodb-user: *mongodb-user + mongodb-readmodels-uri: *mongodb-readmodels-uri + rabbitmq-protocol: *rabbitmq-protocol + rabbitmq-host: *rabbitmq-host + rabbitmq-password: *rabbitmq-password + rabbitmq-port: *rabbitmq-port + rabbitmq-user: *rabbitmq-user + resources: + requests: + cpu: 100m + memory: 128Mi + limits: + memory: 1Gi + hpa: + enabled: false + pdb: + enabled: false + affinity: {} + tolerations: [] + podAnnotations: + checksum/secret: '{{ include (print $.Template.BasePath "/broadcaster/secret.yaml") . | sha256sum }}' + + # -- promotion-orchestrator + # @default -- See below + promotion-orchestrator: + enabled: true + kind: Deployment + image: + registry: us-docker.pkg.dev/codefresh-enterprise/gcr.io + repository: codefresh-io/argo-platform-promotion-orchestrator + env: + MONGODB_PROTOCOL: *mongodb-protocol + MONGODB_OPTIONS: *mongodb-options + RABBITMQ_PROTOCOL: *rabbitmq-protocol + MONGODB_READMODELS_URI: '{{ include "argo-patform-libs.env-vars.mongodb-readmodels-uri-env-var-value" . }}' + RABBITMQ_URLS: $(RABBITMQ_PROTOCOL)://$(RABBITMQ_USER):$(RABBITMQ_PASSWORD)@$(RABBITMQ_HOST) + secrets: + cache-host: *cache-host + cache-password: *cache-password + cache-port: *cache-port + mongodb-protocol: *mongodb-protocol + mongodb-options: *mongodb-options + mongodb-host: *mongodb-host + mongodb-password: *mongodb-password + mongodb-user: *mongodb-user + mongodb-readmodels-uri: *mongodb-readmodels-uri + rabbitmq-protocol: *rabbitmq-protocol + rabbitmq-host: *rabbitmq-host + rabbitmq-password: *rabbitmq-password + rabbitmq-port: *rabbitmq-port + rabbitmq-user: *rabbitmq-user + resources: + requests: + cpu: 100m + memory: 128Mi + limits: + memory: 1Gi + hpa: + enabled: false + pdb: + enabled: false + affinity: {} + tolerations: [] + podAnnotations: + checksum/secret: '{{ include (print $.Template.BasePath "/promotion-orchestrator/secret.yaml") . | sha256sum }}' + + classic-event-bridge: + enabled: false diff --git a/codefresh/.ci/helm-docs.sh b/charts/codefresh/.ci/helm-docs.sh similarity index 100% rename from codefresh/.ci/helm-docs.sh rename to charts/codefresh/.ci/helm-docs.sh diff --git a/codefresh/.ci/runtime-images.sh b/charts/codefresh/.ci/runtime-images.sh similarity index 100% rename from codefresh/.ci/runtime-images.sh rename to charts/codefresh/.ci/runtime-images.sh diff --git a/codefresh/.ci/values/cfapi-roles-hpa.yaml b/charts/codefresh/.ci/values/cfapi-roles-hpa.yaml similarity index 100% rename from codefresh/.ci/values/cfapi-roles-hpa.yaml rename to charts/codefresh/.ci/values/cfapi-roles-hpa.yaml diff --git a/codefresh/.ci/values/defaults-hpa.yaml b/charts/codefresh/.ci/values/defaults-hpa.yaml similarity index 100% rename from codefresh/.ci/values/defaults-hpa.yaml rename to charts/codefresh/.ci/values/defaults-hpa.yaml diff --git a/codefresh/.ci/values/external-secrets.yaml b/charts/codefresh/.ci/values/external-secrets.yaml similarity index 100% rename from codefresh/.ci/values/external-secrets.yaml rename to charts/codefresh/.ci/values/external-secrets.yaml diff --git a/codefresh/.ci/values/infra-ha.yaml b/charts/codefresh/.ci/values/infra-ha.yaml similarity index 100% rename from codefresh/.ci/values/infra-ha.yaml rename to charts/codefresh/.ci/values/infra-ha.yaml diff --git a/codefresh/.ci/values/mtls-mongodb-redis.yaml b/charts/codefresh/.ci/values/mtls-mongodb-redis.yaml similarity index 100% rename from codefresh/.ci/values/mtls-mongodb-redis.yaml rename to charts/codefresh/.ci/values/mtls-mongodb-redis.yaml diff --git a/codefresh/.ci/values/openshift.yaml b/charts/codefresh/.ci/values/openshift.yaml similarity index 100% rename from codefresh/.ci/values/openshift.yaml rename to charts/codefresh/.ci/values/openshift.yaml diff --git a/codefresh/.ci/values/registry.yaml b/charts/codefresh/.ci/values/registry.yaml similarity index 100% rename from codefresh/.ci/values/registry.yaml rename to charts/codefresh/.ci/values/registry.yaml diff --git a/codefresh/.ci/values/values-all-images.yaml b/charts/codefresh/.ci/values/values-all-images.yaml similarity index 100% rename from codefresh/.ci/values/values-all-images.yaml rename to charts/codefresh/.ci/values/values-all-images.yaml diff --git a/codefresh/.ci/values/values-install-only.yaml b/charts/codefresh/.ci/values/values-install-only.yaml similarity index 100% rename from codefresh/.ci/values/values-install-only.yaml rename to charts/codefresh/.ci/values/values-install-only.yaml diff --git a/codefresh/.ci/values/values-openshift.yaml b/charts/codefresh/.ci/values/values-openshift.yaml similarity index 100% rename from codefresh/.ci/values/values-openshift.yaml rename to charts/codefresh/.ci/values/values-openshift.yaml diff --git a/codefresh/.ci/values/values-upgrade-only.yaml b/charts/codefresh/.ci/values/values-upgrade-only.yaml similarity index 100% rename from codefresh/.ci/values/values-upgrade-only.yaml rename to charts/codefresh/.ci/values/values-upgrade-only.yaml diff --git a/codefresh/.helmignore b/charts/codefresh/.helmignore similarity index 100% rename from codefresh/.helmignore rename to charts/codefresh/.helmignore diff --git a/codefresh/Chart.lock b/charts/codefresh/Chart.lock similarity index 100% rename from codefresh/Chart.lock rename to charts/codefresh/Chart.lock diff --git a/codefresh/Chart.yaml b/charts/codefresh/Chart.yaml similarity index 100% rename from codefresh/Chart.yaml rename to charts/codefresh/Chart.yaml diff --git a/codefresh/README.md b/charts/codefresh/README.md similarity index 100% rename from codefresh/README.md rename to charts/codefresh/README.md diff --git a/codefresh/README.md.gotmpl b/charts/codefresh/README.md.gotmpl similarity index 100% rename from codefresh/README.md.gotmpl rename to charts/codefresh/README.md.gotmpl diff --git a/codefresh/files/assets/accounts-dev.json b/charts/codefresh/files/assets/accounts-dev.json similarity index 100% rename from codefresh/files/assets/accounts-dev.json rename to charts/codefresh/files/assets/accounts-dev.json diff --git a/charts/codefresh/files/assets/accounts.json b/charts/codefresh/files/assets/accounts.json new file mode 100644 index 0000000000..dce410ea93 --- /dev/null +++ b/charts/codefresh/files/assets/accounts.json @@ -0,0 +1,37 @@ +{ + "_id": ObjectId("59009117c102763beda7ce71"), + "badgeToken": "eyJhbGciOiJIUzI1NiJ9.NTkwMDkxMTdjMTAyNzYzYmVkYTdjZTcx.B0HOUL6HlpTRNr_e95pVucSRMRzP2cobe5kIoMtrDSc", + "createdAt": ISODate("2017-04-26T12:22:48.001+0000"), + "updatedAt": ISODate("2017-04-26T12:27:13.720+0000"), + "name": "admin-cf", + "runtimeEnvironment": "codefresh", + "canUsePrivateRepos": true, + "dedicatedInfrastructure": false, + "cfcrRepositoryPath": "admin-cf", + "build": { + "nodes": NumberInt(0), + "parallel": NumberInt(10), + "strategy": "account" + }, + "integrations": { + "stash": { + "active": false + }, + "registries": [] + }, + "notifications": [ + { + "type": "pr", + "events": [ + "build-success" + ] + } + ], + "repoPermission": "public", + "environment": NumberInt(1), + "admins": [ + ObjectId("59009221c102763beda7cf04") + ], + "localUserPasswordIDPEnabled": true, + "__v": NumberInt(0) +} \ No newline at end of file diff --git a/charts/codefresh/files/assets/idps.json b/charts/codefresh/files/assets/idps.json new file mode 100644 index 0000000000..e8a737751a --- /dev/null +++ b/charts/codefresh/files/assets/idps.json @@ -0,0 +1,8 @@ +{ + "_id": ObjectId("5b79a32e3b80d12608352f8e"), + "clientName": "local", + "displayName": "local", + "tokenSecret": "q9MNUmE6assnoANmGZEjtrAa", + "clientType": "localUserPassword", + "accounts": [] +} \ No newline at end of file diff --git a/codefresh/files/assets/packs.json b/charts/codefresh/files/assets/packs.json similarity index 100% rename from codefresh/files/assets/packs.json rename to charts/codefresh/files/assets/packs.json diff --git a/charts/codefresh/files/assets/users.json b/charts/codefresh/files/assets/users.json new file mode 100644 index 0000000000..8f532d520b --- /dev/null +++ b/charts/codefresh/files/assets/users.json @@ -0,0 +1,37 @@ +{ + "_id": ObjectId("59009221c102763beda7cf04"), + "register_date": ISODate("2017-04-26T12:27:13.608+0000"), + "userName": "AdminCF", + "email": "admin@codefresh.io", + "defaultAccount": NumberInt(0), + "notifications": [ + { + "type": "mail", + "events": [ + "build-success", + "build-failure" + ] + } + ], + "logins": [ + { + "idp": ObjectId("5b79a32e3b80d12608352f8e") + } + ], + "status": "new", + "account": [ + ObjectId("59009117c102763beda7ce71") + ], + "roles": [ + "User", + "Admin" + ], + "key": { + "key": "-----BEGIN RSA PRIVATE KEY-----\nMIIEowIBAAKCAQEAz6JQxcFORE6KwmBO1UnfpCph/PyARfm65eYXRuCOzdv5EIcz\n+4rRBwooH/SR8Wq49QRjq+Qm6ce2EBj2HD57t4rMj3W6X+5CwoFRXfF0tB4GqPSe\nDagbrNJbx93/dbEM+qEZNFk1MxtoJcBmj3jfrlGdTrarR3VOeBgKVLm/+Wz36pjM\nI4utzupHFAPquSIz0jis02/vccIZ8rAtyVdCd1q6Wz5DVu6iuGyMCYrpa9MFcupR\nc2eggyZ6PyNhmKuP7twr7y22elDQDkSo0G2yv4qbZnHEmShHhO/PKePMETUYMRvM\nzSS9qndT+Nax8vQvxeOCN3cEwm/Jy1oboYiwAwIDAQABAoIBAHyAJpC9nXGl6tws\npXiNKFWmuETbHwtWeDQcKL7uLZLQoOLBP3FIRphDBdZLbytkQ+1fKWjLkG3Du66h\nWQmMieB/kLNA83VMR6mboy+Cdej+zB2JODCWKaoSJMiOm/x1IoQyDwvtpdG0UFm6\nqYTEBNPgykOFkuRxOZEXUTKGgs9K7CFt1TbN8/bGCLgdq9plH2OvlOZkr4Cz0LpS\ns+Y/QJ/H4DDNZ6538NYLpq40Qi2NNq7iFJQ3iddEDi0i5O7pJK3Lziin/h3m99a+\nDbQET1bHm5Jh+Nrfxh1iwHaXdQLLoz5cex/ie5H6jtEMCSdcd53sPivSyHwMprEm\ng+0sNnECgYEA7q1eYNGJoA/UNXotVjPCaArf9/s1xiOTr5Fv1nWkH0jkmrj0WdjB\nsLQByC/wjSmZpfcKp38Z3JDFUimUEuCtZzgBCN6JB6VXe1t3L0wI1VTnxJwvsk8V\nQCB/gTugIDE1oE97kTvDuGl74XyY7uHyA1aYiXVnJ0bw8mcNCW2EzZkCgYEA3rQp\n3JjBGxBXaz7yCfhoQn5YZXw5yMBngyP8emu8u+7excZvCqIG+8NVh5KGFApOw9oe\n0aHUXGgfhSsl+xFA/m+E56mxm/J1PqRrWbnaEkLzPRSoFJBckjBm3ADHb6PuGbOL\nT72qxKPdZ1kdt0QfqIbZpR45COVk6KtmHMCO0/sCgYB6YaL2+fobfIJPOWptvPR9\n7LWSrdiQ1EUxzN0Plhqlf/bX7uY7+4y1Uldnkk1B1IbYNqfb4qwcEI9c5bzrQREo\nz+qX5aNVrE4DDo86TT5qRLLieUNrpmk7DG7UkQI1/4WDwb2WZpKgyFWg9QZl1q0F\nUS29rdlKpnF9maFxqBpkYQKBgBPU31VxlOCgF+jI9izFHiOttJl08oBaAd2/up/8\nMBZcMyJRhVnhC9Ynkto7xgzKzjDKn6vzSUHhU808BmnRI4SE0cT/a32DncUyRwz6\na9zscVSjHkSWhmfOP5qfxyK96loHjwRO04InRXQKj4beXiNXvtHhWxrbspy1hqZQ\nz2c5AoGBAO0tRNKfgoZH+sTiaphR550YFnIn8U9ROa1iQUvSiM0nHW6FraIR1sYB\nUTCtgOSJdffGMFrvH+PhShJPw7u3juZh9NBzrARjZPwBJyBaYDw3elVc3epZWoGC\n8EBEgdFVqFwPctkGvqyJ/5Zl3KnTioXxslHjP45H+Ne/nEWPejuP\n-----END RSA PRIVATE KEY-----\n", + "pubKey": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDPolDFwU5ETorCYE7VSd+kKmH8/IBF+brl5hdG4I7N2/kQhzP7itEHCigf9JHxarj1BGOr5Cbpx7YQGPYcPnu3isyPdbpf7kLCgVFd8XS0Hgao9J4NqBus0lvH3f91sQz6oRk0WTUzG2glwGaPeN+uUZ1OtqtHdU54GApUub/5bPfqmMwji63O6kcUA+q5IjPSOKzTb+9xwhnysC3JV0J3WrpbPkNW7qK4bIwJiulr0wVy6lFzZ6CDJno/I2GYq4/u3CvvLbZ6UNAORKjQbbK/iptmccSZKEeE788p48wRNRgxG8zNJL2qd1P41rHy9C/F44I3dwTCb8nLWhuhiLAD blabla\n" + }, + "__v": NumberInt(1), + "last_login_date": ISODate("2017-04-26T12:27:21.788+0000"), + "hashedPassword": "jRFgMK8CYVXa4FRBVsZQyWHdw/ErWSJzO/WKqdGcLpmeOZw8e6X5TvkYIkc617LU76RCB9B1jPNsbNVaTQGt4g==", + "salt": "GswhajDWen9vNW+fZ+xVbA==" +} \ No newline at end of file diff --git a/charts/codefresh/files/mongoSeedJobScript.sh b/charts/codefresh/files/mongoSeedJobScript.sh new file mode 100644 index 0000000000..53947038fc --- /dev/null +++ b/charts/codefresh/files/mongoSeedJobScript.sh @@ -0,0 +1,109 @@ +#!/usr/bin/env bash + +<&1) + + echo -e "MongoDB status:\n$status" + if $(echo $status | grep 'ok: 1' -q); then + break + fi + + echo "Sleeping 3 seconds ..." + sleep 3 + done +} + +parseMongoURI() { + local proto="$(echo $1 | grep :// | sed -e's,^\(.*://\).*,\1,g')" + local parameters="$(echo $1 | grep '?' | cut -d '?' -f2)"; if [[ -n $parameters ]]; then parameters="?${parameters}"; fi + local url="$(echo ${1/$proto/})" + local userpass="$(echo $url | grep @ | cut -d@ -f1)" + local hostport="$(echo $url | sed s/$userpass// | sed "s/\/\?$parameters//" | sed -re "s/\/\?|@//g" | sed 's/\/$//')" + + MONGODB_PASSWORD="$(echo $userpass | grep : | cut -d: -f2)" + MONGODB_USER="$(echo $userpass | grep : | cut -d: -f1)" + MONGO_URI="$proto$userpass@$hostport/${MONGODB_DATABASE}$parameters" + MONGODB_ROOT_URI="$proto${MONGODB_ROOT_USER}:${MONGODB_ROOT_PASSWORD}@$hostport/admin$parameters" +} + +getMongoVersion() { + MONOGDB_VERSION=$(mongosh ${MONGODB_ROOT_URI} --eval "db.version()" 2>&1 | tail -n1) +} + +setSystemAdmin() { + mongosh $MONGO_URI --eval "db.users.update({}, {\$set: {roles: ['User', 'Admin', 'Account Admin']}}, {multi: true})" +} + +setPacks() { + PACKS=$(cat ${ASSETS_PATH}packs.json) + mongosh $MONGO_URI --eval "db.accounts.update({}, {\$set: {'build.packs': ${PACKS} }}, {multi: true})" + + PAYMENTS_MONGO_URI=${MONGO_URI/\/codefresh/\/payments} + mongosh $PAYMENTS_MONGO_URI --eval "db.accounts.update({}, {\$set: {'plan.packs': ${PACKS} }}, {multi: true})" +} + +parseMongoURI $MONGO_URI + +disableMongoTelemetry + +waitForMongoDB + +getMongoVersion + +for MONGODB_DATABASE in ${MONGODB_DATABASES[@]}; do + waitForMongoDB + mongosh ${MONGODB_ROOT_URI} --eval "db.getSiblingDB(\"${MONGODB_DATABASE}\").createUser({user: \"${MONGODB_USER}\", pwd: \"${MONGODB_PASSWORD}\", roles: [\"readWrite\"]})" 2>&1 || true + waitForMongoDB + mongosh ${MONGODB_ROOT_URI} --eval "db.getSiblingDB(\"${MONGODB_DATABASE}\").changeUserPassword(\"${MONGODB_USER}\",\"${MONGODB_PASSWORD}\")" 2>&1 || true +done + +mongosh ${MONGODB_ROOT_URI} --eval "db.getSiblingDB(\"codefresh\").grantRolesToUser( \"${MONGODB_USER}\", [ { role: \"readWrite\", db: \"pipeline-manager\" } ] )" 2>&1 || true +mongosh ${MONGODB_ROOT_URI} --eval "db.getSiblingDB(\"codefresh\").grantRolesToUser( \"${MONGODB_USER}\", [ { role: \"readWrite\", db: \"platform-analytics-postgres\" } ] )" 2>&1 || true +mongosh ${MONGODB_ROOT_URI} --eval "db.getSiblingDB(\"codefresh\").changeUserPassword(\"${MONGODB_USER}\",\"${MONGODB_PASSWORD}\")" 2>&1 || true + +if [[ $DEVELOPMENT_CHART == "true" ]]; then + setSystemAdmin + setPacks +fi + +mongoimport --uri ${MONGO_URI} --collection idps --type json --legacy --file ${ASSETS_PATH}idps.json +mongoimport --uri ${MONGO_URI} --collection accounts --type json --legacy --file ${ASSETS_PATH}accounts.json +mongoimport --uri ${MONGO_URI} --collection users --type json --legacy --file ${ASSETS_PATH}users.json diff --git a/charts/codefresh/files/mongoSetCompatibilityVersion.sh b/charts/codefresh/files/mongoSetCompatibilityVersion.sh new file mode 100644 index 0000000000..b539b9e6fc --- /dev/null +++ b/charts/codefresh/files/mongoSetCompatibilityVersion.sh @@ -0,0 +1,36 @@ +#!/usr/bin/env bash + +# Set https://docs.mongodb.com/manual/reference/command/setFeatureCompatibilityVersion/#dbcmd.setFeatureCompatibilityVersion + +waitForMongoDB() { + while true; do + status=$(mongosh ${MONGODB_ROOT_URI} --eval "db.adminCommand('ping')" 2>&1) + + echo -e "MongoDB status:\n$status" + if $(echo $status | grep 'ok: 1' -q); then + break + fi + + echo "Sleeping 3 seconds ..." + sleep 3 + done +} + +parseMongoURI() { + local proto="$(echo $1 | grep :// | sed -e's,^\(.*://\).*,\1,g')" + local parameters="$(echo $1 | grep '?' | cut -d '?' -f2)"; if [[ -n $parameters ]]; then parameters="?${parameters}"; fi + local url="$(echo ${1/$proto/})" + local userpass="$(echo $url | grep @ | cut -d@ -f1)" + local hostport="$(echo $url | sed s/$userpass// | sed "s/\/\?$parameters//" | sed -re "s/\/\?|@//g" | sed 's/\/$//')" + + MONGODB_PASSWORD="$(echo $userpass | grep : | cut -d: -f2)" + MONGODB_USER="$(echo $userpass | grep : | cut -d: -f1)" + MONGO_URI="$proto$userpass@$hostport/${MONGODB_DATABASE}$parameters" + MONGODB_ROOT_URI="$proto${MONGODB_ROOT_USER}:${MONGODB_ROOT_PASSWORD}@$hostport/admin$parameters" +} + +parseMongoURI $MONGO_URI + +waitForMongoDB + +mongosh ${MONGODB_ROOT_URI} --eval "db.adminCommand( { setFeatureCompatibilityVersion: \"$MONGODB_COMPAT_VERSION\" } )" diff --git a/codefresh/files/postgresCleanJobScript.sh b/charts/codefresh/files/postgresCleanJobScript.sh similarity index 100% rename from codefresh/files/postgresCleanJobScript.sh rename to charts/codefresh/files/postgresCleanJobScript.sh diff --git a/charts/codefresh/files/postgresSeedJobScript.sh b/charts/codefresh/files/postgresSeedJobScript.sh new file mode 100644 index 0000000000..8ba8852ac4 --- /dev/null +++ b/charts/codefresh/files/postgresSeedJobScript.sh @@ -0,0 +1,54 @@ +#!/bin/bash + +set -xeuo pipefail + +POSTGRES_DATABASES=( + "codefresh" + "audit" + "analytics" + "analytics_pre_aggregations" +) +POSTGRES_PORT="${POSTGRES_PORT:-5432}" + +# To create a separate non-privileged user the for Codefresh, +# which has access only to the relevant databases, it is needed to specify +# additionally the POSTGRES_SEED_USER and POSTGRES_SEED_PASSWORD vars. +# Otherwise only POSTGRES_USER and POSTGRES_PASSWORD will be used both +# during seed job execution and runtime + +POSTGRES_SEED_USER="${POSTGRES_SEED_USER:-$POSTGRES_USER}" +POSTGRES_SEED_PASSWORD="${POSTGRES_SEED_PASSWORD:-$POSTGRES_PASSWORD}" + +function createDB() { + psql -tc "SELECT 1 FROM pg_database WHERE datname = '${1}'" | grep -q 1 || psql -c "CREATE DATABASE ${1}" +} + +function createUser() { + echo "Creating a separate non-privileged user for Codefresh" + psql -c "CREATE USER ${POSTGRES_USER} WITH PASSWORD '${POSTGRES_PASSWORD}'" +} + +function grantPrivileges() { + psql -c "GRANT ALL ON DATABASE ${1} TO ${POSTGRES_USER}" +} + +function runSeed() { + + export PGUSER=${POSTGRES_SEED_USER} + export PGPASSWORD=${POSTGRES_SEED_PASSWORD} + export PGHOST=${POSTGRES_HOSTNAME} + export PGPORT=${POSTGRES_PORT} + + if [[ "${POSTGRES_SEED_USER}" != "${POSTGRES_USER}" ]]; then + createUser + else + echo "There is no a separate user specified for the seed job, skipping user creation" + fi + + for POSTGRES_DATABASE in ${POSTGRES_DATABASES[@]}; do + createDB $POSTGRES_DATABASE + grantPrivileges $POSTGRES_DATABASE + done +} + +runSeed \ No newline at end of file diff --git a/codefresh/files/updateSystemReImages.sh b/charts/codefresh/files/updateSystemReImages.sh similarity index 100% rename from codefresh/files/updateSystemReImages.sh rename to charts/codefresh/files/updateSystemReImages.sh diff --git a/codefresh/templates/_env_var_secret_ref.tpl b/charts/codefresh/templates/_env_var_secret_ref.tpl similarity index 100% rename from codefresh/templates/_env_var_secret_ref.tpl rename to charts/codefresh/templates/_env_var_secret_ref.tpl diff --git a/codefresh/templates/_helpers.tpl b/charts/codefresh/templates/_helpers.tpl similarity index 100% rename from codefresh/templates/_helpers.tpl rename to charts/codefresh/templates/_helpers.tpl diff --git a/codefresh/templates/configmaps/runtime-envs-cm.yaml b/charts/codefresh/templates/configmaps/runtime-envs-cm.yaml similarity index 100% rename from codefresh/templates/configmaps/runtime-envs-cm.yaml rename to charts/codefresh/templates/configmaps/runtime-envs-cm.yaml diff --git a/codefresh/templates/configmaps/runtimeEnvironments.json.tpl b/charts/codefresh/templates/configmaps/runtimeEnvironments.json.tpl similarity index 100% rename from codefresh/templates/configmaps/runtimeEnvironments.json.tpl rename to charts/codefresh/templates/configmaps/runtimeEnvironments.json.tpl diff --git a/codefresh/templates/configmaps/version-info-cm.yaml b/charts/codefresh/templates/configmaps/version-info-cm.yaml similarity index 100% rename from codefresh/templates/configmaps/version-info-cm.yaml rename to charts/codefresh/templates/configmaps/version-info-cm.yaml diff --git a/codefresh/templates/gencerts/cm-gencerts.yaml b/charts/codefresh/templates/gencerts/cm-gencerts.yaml similarity index 100% rename from codefresh/templates/gencerts/cm-gencerts.yaml rename to charts/codefresh/templates/gencerts/cm-gencerts.yaml diff --git a/codefresh/templates/gencerts/job-gencerts.yaml b/charts/codefresh/templates/gencerts/job-gencerts.yaml similarity index 100% rename from codefresh/templates/gencerts/job-gencerts.yaml rename to charts/codefresh/templates/gencerts/job-gencerts.yaml diff --git a/codefresh/templates/gencerts/rbac-gencerts.yaml b/charts/codefresh/templates/gencerts/rbac-gencerts.yaml similarity index 100% rename from codefresh/templates/gencerts/rbac-gencerts.yaml rename to charts/codefresh/templates/gencerts/rbac-gencerts.yaml diff --git a/codefresh/templates/hooks/post-upgrade/update-system-re.yaml b/charts/codefresh/templates/hooks/post-upgrade/update-system-re.yaml similarity index 100% rename from codefresh/templates/hooks/post-upgrade/update-system-re.yaml rename to charts/codefresh/templates/hooks/post-upgrade/update-system-re.yaml diff --git a/codefresh/templates/hooks/pre-upgrade/delete-consul-svc-job.yaml b/charts/codefresh/templates/hooks/pre-upgrade/delete-consul-svc-job.yaml similarity index 100% rename from codefresh/templates/hooks/pre-upgrade/delete-consul-svc-job.yaml rename to charts/codefresh/templates/hooks/pre-upgrade/delete-consul-svc-job.yaml diff --git a/codefresh/templates/hooks/pre-upgrade/delete-consul-svc-rbac.yaml b/charts/codefresh/templates/hooks/pre-upgrade/delete-consul-svc-rbac.yaml similarity index 100% rename from codefresh/templates/hooks/pre-upgrade/delete-consul-svc-rbac.yaml rename to charts/codefresh/templates/hooks/pre-upgrade/delete-consul-svc-rbac.yaml diff --git a/charts/codefresh/templates/hooks/pre-upgrade/set-mongodb-compat-version.yaml b/charts/codefresh/templates/hooks/pre-upgrade/set-mongodb-compat-version.yaml new file mode 100644 index 0000000000..a6ea9cec3c --- /dev/null +++ b/charts/codefresh/templates/hooks/pre-upgrade/set-mongodb-compat-version.yaml @@ -0,0 +1,78 @@ +{{ $libTemplateName := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }} +{{- if .Values.mongodb.migration.enabled }} +--- +{{- $tolerations := .Values.hooks.mongodb.tolerations | default list }} +{{- $globalTolerations := .Values.global.tolerations | default list }} +{{- $allToleration := concat $globalTolerations $tolerations }} +{{- $affinity := .Values.hooks.mongodb.affinity | default dict }} +{{- $globalAffinity := .Values.global.affinity | default dict }} +{{- $allAffinity := mergeOverwrite $globalAffinity $affinity }} +{{- $nodeSelector := .Values.hooks.mongodb.nodeSelector | default dict }} +{{- $globalNodeSelector := .Values.global.nodeSelector | default dict }} +{{- $allNodeSelector := mergeOverwrite $globalNodeSelector $nodeSelector }} +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "codefresh.fullname" . }}-set-mongodb-compat-version + labels: + {{ include "codefresh.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": pre-upgrade + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded +spec: + ttlSecondsAfterFinished: 180 + template: + metadata: + name: {{ include "codefresh.fullname" . }}-set-mongodb-compat-version + labels: + {{ include "codefresh.labels" . | nindent 8 }} + spec: + {{- include (printf "%s.image.pullSecrets" $libTemplateName ) . | nindent 6 }} + securityContext: + {{- toYaml .Values.hooks.mongodb.podSecurityContext | nindent 8 }} + containers: + - name: {{ include "codefresh.fullname" . }}-set-mongodb-compat-version + image: {{ include (printf "%s.image.name" $libTemplateName) (dict "image" .Values.hooks.mongodb.image "context" .) }} + envFrom: + - secretRef: + name: {{ include "codefresh.fullname" . }} + env: + - name: MONGODB_HOST + {{- include "codefresh.mongodb-host-env-var-value" . | indent 12 }} + - name: MONGODB_USER + {{- include "codefresh.mongodb-user-env-var-value" . | indent 12 }} + - name: MONGODB_PASSWORD + {{- include "codefresh.mongodb-password-env-var-value" . | indent 12 }} + - name: MONGO_URI + {{- include "codefresh.mongo-seed-uri-env-var-value" . | indent 12 }} + - name: MONGODB_ROOT_USER + {{- include "codefresh.mongodb-root-user-env-var-value" . | indent 12 }} + - name: MONGODB_ROOT_PASSWORD + {{- include "codefresh.mongodb-root-password-env-var-value" . | indent 12 }} + - name: MONGODB_COMPAT_VERSION + value: "{{ .Values.mongodb.migration.featureCompatibilityVersion }}" + command: + - "/bin/bash" + - "-c" + - | + {{ .Files.Get "files/mongoSetCompatibilityVersion.sh" | nindent 12 }} + resources: + {{- toYaml .Values.hooks.mongodb.resources | nindent 10 }} + volumeMounts: + {{- include (printf "%s.volumeMounts" $libTemplateName) (dict "Values" .Values.hooks.mongodb.volumeMounts "context" $) | indent 10 }} + {{- with $allNodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with $allAffinity }} + affinity: + {{- toYaml . | nindent 8}} + {{- end }} + {{- with $allToleration }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + volumes: + {{- include (printf "%s.volumes" $libTemplateName) (dict "Values" .Values.hooks.mongodb.volumes "context" $) | indent 8 }} + restartPolicy: Never +{{- end }} diff --git a/codefresh/templates/ingress.yaml b/charts/codefresh/templates/ingress.yaml similarity index 100% rename from codefresh/templates/ingress.yaml rename to charts/codefresh/templates/ingress.yaml diff --git a/charts/codefresh/templates/internal-gateway.yaml b/charts/codefresh/templates/internal-gateway.yaml new file mode 100644 index 0000000000..0a47735594 --- /dev/null +++ b/charts/codefresh/templates/internal-gateway.yaml @@ -0,0 +1,46 @@ +{{- if index .Values "internal-gateway" "enabled" -}} + +{{ $cfApiEndpointsSvc := printf "%s-%s" .Release.Name (index .Subcharts "cfapi" ).Chart.Name }} +{{ $cfApiEndpointsPort := (index .Subcharts "cfapi" ).Values.service.main.ports.http.port }} +{{- if index .Values "cfapi-endpoints" "enabled" -}} + {{ $cfApiEndpointsSvc = printf "%s-%s" .Release.Name (index .Subcharts "cfapi-endpoints" ).Chart.Name }} + {{ $cfApiEndpointsPort = (index .Subcharts "cfapi-endpoints" ).Values.service.main.ports.http.port }} +{{- end -}} + +{{- $internalGatewayContext := (index .Subcharts "internal-gateway") }} + +{{ $fullnameCfApiEndpointsSvc := (index .Subcharts "cfapi").Values.fullnameOverride }} +{{- if $fullnameCfApiEndpointsSvc }} + {{- $cfApiEndpointsSvc = $fullnameCfApiEndpointsSvc }} +{{- end }} + +{{ $cfUiSvc := printf "%s-%s" .Release.Name (index .Subcharts "cfui" ).Chart.Name }} +{{- $fullnameCfUiSvc := (index .Subcharts "cfui").Values.fullnameOverride }} +{{- if $fullnameCfUiSvc }} + {{- $cfUiSvc = $fullnameCfUiSvc }} +{{- end }} + +{{- /* +If onprem is installed with single-role cf-api mode +*/}} +{{- if and (eq (toString .Values.global.cfapiService) "cfapi") (eq (toString .Values.global.cfapiEndpointsService) "cfapi" ) }} + +{{- $_ := set (index $internalGatewayContext.Values.codefresh.serviceEndpoints "cfapi-auth") "svc" (printf "%s.%s.svc.%s" $cfApiEndpointsSvc .Release.Namespace .Values.global.clusterDomain ) }} +{{- $_ := set (index $internalGatewayContext.Values.codefresh.serviceEndpoints "cfapi-endpoints") "svc" (printf "%s.%s.svc.%s" $cfApiEndpointsSvc .Release.Namespace .Values.global.clusterDomain ) }} +{{- $_ := set (index $internalGatewayContext.Values.codefresh.serviceEndpoints "cfapi-environments") "svc" (printf "%s.%s.svc.%s" $cfApiEndpointsSvc .Release.Namespace .Values.global.clusterDomain ) }} +{{- $_ := set (index $internalGatewayContext.Values.codefresh.serviceEndpoints "cfapi-downloadlogmanager") "svc" (printf "%s.%s.svc.%s" $cfApiEndpointsSvc .Release.Namespace .Values.global.clusterDomain ) }} +{{- $_ := set (index $internalGatewayContext.Values.codefresh.serviceEndpoints "cfapi-gitops-resource-receiver") "svc" (printf "%s.%s.svc.%s" $cfApiEndpointsSvc .Release.Namespace .Values.global.clusterDomain ) }} +{{- $_ := set (index $internalGatewayContext.Values.codefresh.serviceEndpoints "cfapi-test-reporting") "svc" (printf "%s.%s.svc.%s" $cfApiEndpointsSvc .Release.Namespace .Values.global.clusterDomain ) }} +{{- $_ := set (index $internalGatewayContext.Values.codefresh.serviceEndpoints "cfapi-kubernetesresourcemonitor") "svc" (printf "%s.%s.svc.%s" $cfApiEndpointsSvc .Release.Namespace .Values.global.clusterDomain ) }} +{{- $_ := set (index $internalGatewayContext.Values.codefresh.serviceEndpoints "cfapi-kubernetes-endpoints") "svc" (printf "%s.%s.svc.%s" $cfApiEndpointsSvc .Release.Namespace .Values.global.clusterDomain ) }} +{{- $_ := set (index $internalGatewayContext.Values.codefresh.serviceEndpoints "cfapi-admin") "svc" (printf "%s.%s.svc.%s" $cfApiEndpointsSvc .Release.Namespace .Values.global.clusterDomain ) }} +{{- $_ := set (index $internalGatewayContext.Values.codefresh.serviceEndpoints "cfapi-teams") "svc" (printf "%s.%s.svc.%s" $cfApiEndpointsSvc .Release.Namespace .Values.global.clusterDomain ) }} +{{- $_ := set (index $internalGatewayContext.Values.codefresh.serviceEndpoints "cfapi-ws") "svc" (printf "%s.%s.svc.%s" $cfApiEndpointsSvc .Release.Namespace .Values.global.clusterDomain ) }} + +{{- end }} + +{{- $_ := set (index $internalGatewayContext.Values.codefresh.serviceEndpoints "cfui") "svc" (printf "%s.%s.svc.%s" $cfUiSvc .Release.Namespace .Values.global.clusterDomain ) }} + +{{- include "internal-gateway.resources" $internalGatewayContext }} + +{{- end -}} diff --git a/codefresh/templates/legacy/cf-mongodb-svc.yaml b/charts/codefresh/templates/legacy/cf-mongodb-svc.yaml similarity index 100% rename from codefresh/templates/legacy/cf-mongodb-svc.yaml rename to charts/codefresh/templates/legacy/cf-mongodb-svc.yaml diff --git a/codefresh/templates/legacy/cm-limits.yaml b/charts/codefresh/templates/legacy/cm-limits.yaml similarity index 100% rename from codefresh/templates/legacy/cm-limits.yaml rename to charts/codefresh/templates/legacy/cm-limits.yaml diff --git a/codefresh/templates/legacy/cm-registry.yaml b/charts/codefresh/templates/legacy/cm-registry.yaml similarity index 100% rename from codefresh/templates/legacy/cm-registry.yaml rename to charts/codefresh/templates/legacy/cm-registry.yaml diff --git a/codefresh/templates/legacy/postgres-clean-job.yaml b/charts/codefresh/templates/legacy/postgres-clean-job.yaml similarity index 100% rename from codefresh/templates/legacy/postgres-clean-job.yaml rename to charts/codefresh/templates/legacy/postgres-clean-job.yaml diff --git a/codefresh/templates/misc/extra-resources.yaml b/charts/codefresh/templates/misc/extra-resources.yaml similarity index 100% rename from codefresh/templates/misc/extra-resources.yaml rename to charts/codefresh/templates/misc/extra-resources.yaml diff --git a/codefresh/templates/misc/runtime-images-cm.yaml b/charts/codefresh/templates/misc/runtime-images-cm.yaml similarity index 100% rename from codefresh/templates/misc/runtime-images-cm.yaml rename to charts/codefresh/templates/misc/runtime-images-cm.yaml diff --git a/codefresh/templates/secrets/extra-secrets.yaml b/charts/codefresh/templates/secrets/extra-secrets.yaml similarity index 100% rename from codefresh/templates/secrets/extra-secrets.yaml rename to charts/codefresh/templates/secrets/extra-secrets.yaml diff --git a/codefresh/templates/secrets/ingress-tls.yaml b/charts/codefresh/templates/secrets/ingress-tls.yaml similarity index 100% rename from codefresh/templates/secrets/ingress-tls.yaml rename to charts/codefresh/templates/secrets/ingress-tls.yaml diff --git a/codefresh/templates/secrets/regsecret.yaml b/charts/codefresh/templates/secrets/regsecret.yaml similarity index 100% rename from codefresh/templates/secrets/regsecret.yaml rename to charts/codefresh/templates/secrets/regsecret.yaml diff --git a/codefresh/templates/secrets/secret.yaml b/charts/codefresh/templates/secrets/secret.yaml similarity index 100% rename from codefresh/templates/secrets/secret.yaml rename to charts/codefresh/templates/secrets/secret.yaml diff --git a/codefresh/templates/seed-e2e/seed-e2e.yaml b/charts/codefresh/templates/seed-e2e/seed-e2e.yaml similarity index 100% rename from codefresh/templates/seed-e2e/seed-e2e.yaml rename to charts/codefresh/templates/seed-e2e/seed-e2e.yaml diff --git a/codefresh/templates/seed/mongo-seed-config.yaml b/charts/codefresh/templates/seed/mongo-seed-config.yaml similarity index 100% rename from codefresh/templates/seed/mongo-seed-config.yaml rename to charts/codefresh/templates/seed/mongo-seed-config.yaml diff --git a/codefresh/templates/seed/mongo-seed-job.yaml b/charts/codefresh/templates/seed/mongo-seed-job.yaml similarity index 100% rename from codefresh/templates/seed/mongo-seed-job.yaml rename to charts/codefresh/templates/seed/mongo-seed-job.yaml diff --git a/codefresh/templates/seed/postgres-seed-job.yaml b/charts/codefresh/templates/seed/postgres-seed-job.yaml similarity index 100% rename from codefresh/templates/seed/postgres-seed-job.yaml rename to charts/codefresh/templates/seed/postgres-seed-job.yaml diff --git a/codefresh/tests/ingress/ingress_test.yaml b/charts/codefresh/tests/ingress/ingress_test.yaml similarity index 100% rename from codefresh/tests/ingress/ingress_test.yaml rename to charts/codefresh/tests/ingress/ingress_test.yaml diff --git a/codefresh/tests/misc/global_constrains_test.yaml b/charts/codefresh/tests/misc/global_constrains_test.yaml similarity index 100% rename from codefresh/tests/misc/global_constrains_test.yaml rename to charts/codefresh/tests/misc/global_constrains_test.yaml diff --git a/codefresh/tests/misc/misc_test.yaml b/charts/codefresh/tests/misc/misc_test.yaml similarity index 100% rename from codefresh/tests/misc/misc_test.yaml rename to charts/codefresh/tests/misc/misc_test.yaml diff --git a/codefresh/tests/private-registry/cf_charts_test.yaml b/charts/codefresh/tests/private-registry/cf_charts_test.yaml similarity index 100% rename from codefresh/tests/private-registry/cf_charts_test.yaml rename to charts/codefresh/tests/private-registry/cf_charts_test.yaml diff --git a/codefresh/tests/private-registry/gitops_charts_test.yaml b/charts/codefresh/tests/private-registry/gitops_charts_test.yaml similarity index 100% rename from codefresh/tests/private-registry/gitops_charts_test.yaml rename to charts/codefresh/tests/private-registry/gitops_charts_test.yaml diff --git a/codefresh/tests/private-registry/other_templates_test.yaml b/charts/codefresh/tests/private-registry/other_templates_test.yaml similarity index 100% rename from codefresh/tests/private-registry/other_templates_test.yaml rename to charts/codefresh/tests/private-registry/other_templates_test.yaml diff --git a/codefresh/tests/values/global.yaml b/charts/codefresh/tests/values/global.yaml similarity index 100% rename from codefresh/tests/values/global.yaml rename to charts/codefresh/tests/values/global.yaml diff --git a/codefresh/tests/values/private-registry.yaml b/charts/codefresh/tests/values/private-registry.yaml similarity index 100% rename from codefresh/tests/values/private-registry.yaml rename to charts/codefresh/tests/values/private-registry.yaml diff --git a/codefresh/values.yaml b/charts/codefresh/values.yaml similarity index 100% rename from codefresh/values.yaml rename to charts/codefresh/values.yaml From 4d9e6440e2fa48d10314684ebf1b90a3526244c8 Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Thu, 12 Jun 2025 16:34:42 +0300 Subject: [PATCH 02/19] feat: gitops-onprem --- charts/codefresh-gitops/Chart.yaml | 5 +++++ charts/codefresh-gitops/values.yaml | 34 +++++++++++++++++++++++++++-- 2 files changed, 37 insertions(+), 2 deletions(-) diff --git a/charts/codefresh-gitops/Chart.yaml b/charts/codefresh-gitops/Chart.yaml index 07dba79014..5fde4139d2 100644 --- a/charts/codefresh-gitops/Chart.yaml +++ b/charts/codefresh-gitops/Chart.yaml @@ -48,6 +48,11 @@ dependencies: version: "*" repository: oci://quay.io/codefresh/charts condition: cfapi.enabled + # temporary, need to remove + - name: runtime-environment-manager + version: "*" + repository: oci://quay.io/codefresh/charts + condition: runtime-environment-manager.enabled - name: cfui version: "*" repository: oci://quay.io/codefresh/charts diff --git a/charts/codefresh-gitops/values.yaml b/charts/codefresh-gitops/values.yaml index e94f2c0fb2..f3a2f16c92 100644 --- a/charts/codefresh-gitops/values.yaml +++ b/charts/codefresh-gitops/values.yaml @@ -327,6 +327,8 @@ hooks: cfapi: &cf-api # -- Enable cf-api enabled: true + # -- Override name + fullnameOverride: cfapi # -- Image pull secrets imagePullSecrets: [] # -- Controller configuration @@ -383,6 +385,7 @@ cfapi: &cf-api # @default -- See below internal-gateway: enabled: true + fullnameOverride: internal-gateway libraryMode: true controller: replicas: 2 @@ -413,7 +416,7 @@ internal-gateway: # -- etl-starter # @default -- See below cf-platform-analytics-etlstarter: - nameOverride: etl-starter + fllnameOverride: etl-starter mongodbDatabase: "platform-analytics-postgres" redis: # -- Disable redis subchart @@ -453,7 +456,7 @@ cf-platform-analytics-etlstarter: # -- platform-analytics # @default -- See below cf-platform-analytics-platform: - nameOverride: platform-analytics + fullnameOverride: platform-analytics mongodbDatabase: "platform-analytics-postgres" imagePullSecrets: [] container: @@ -485,6 +488,7 @@ cf-platform-analytics-platform: # @default -- See below cfui: enabled: true + fullnameOverride: cfui imagePullSecrets: [] controller: replicas: 2 @@ -508,6 +512,32 @@ cfui: podSecurityContext: {} tolerations: [] +# -- runtime-environment-manager +# @default -- See below +runtime-environment-manager: + enabled: true + fullnameOverride: runtime-environment-manager + imagePullSecrets: [] + container: + image: + registry: us-docker.pkg.dev/codefresh-enterprise/gcr.io + repository: codefresh/runtime-environment-manager + env: + ON_PREMISE: true + resources: + requests: + cpu: 100m + memory: 128Mi + limits: {} + hpa: + enabled: false + pdb: + enabled: false + affinity: {} + nodeSelector: {} + podSecurityContext: {} + tolerations: [] + # -- mongodb # @default -- See below # Ref: https://github.com/bitnami/charts/blob/main/bitnami/mongodb/values.yaml From a54ecbac09d873ac849fc88f1a1aaa5939e7ca90 Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Fri, 13 Jun 2025 11:35:22 +0300 Subject: [PATCH 03/19] feat: gitops-onprem --- charts/codefresh-gitops/Chart.lock | 42 ++++++++++++ .../codefresh-gitops/files/seed/accounts.json | 3 +- .../files/seed/mongoSeedJobScript.sh | 65 ++++++++++++------- .../templates/_env_var_secret_ref.tpl | 12 ++-- .../codefresh-gitops/templates/_helpers.tpl | 27 ++++++++ .../templates/configmaps/runtime-envs-cm.yaml | 9 +++ .../configmaps/runtimeEnvironments.json.tpl | 40 ++++++++++++ .../templates/configmaps/version-info-cm.yaml | 2 +- .../set-mongodb-compat-version.yaml | 26 ++++---- .../codefresh-gitops/templates/ingress.yaml | 4 +- .../templates/internal-gateway.yaml | 4 -- .../templates/secrets/regsecret.yaml | 2 +- .../templates/secrets/secret.yaml | 9 ++- .../templates/seed/mongo-seed-config.yaml | 6 +- .../templates/seed/mongo-seed-job.yaml | 14 ++-- .../templates/seed/postgres-seed-job.yaml | 12 ++-- charts/codefresh-gitops/values.yaml | 52 ++++++++++----- 17 files changed, 239 insertions(+), 90 deletions(-) create mode 100644 charts/codefresh-gitops/Chart.lock create mode 100644 charts/codefresh-gitops/templates/configmaps/runtime-envs-cm.yaml create mode 100644 charts/codefresh-gitops/templates/configmaps/runtimeEnvironments.json.tpl diff --git a/charts/codefresh-gitops/Chart.lock b/charts/codefresh-gitops/Chart.lock new file mode 100644 index 0000000000..4e9ff9234b --- /dev/null +++ b/charts/codefresh-gitops/Chart.lock @@ -0,0 +1,42 @@ +dependencies: +- name: cf-common + repository: oci://quay.io/codefresh/charts + version: 0.27.0 +- name: internal-gateway + repository: oci://quay.io/codefresh/charts + version: 0.10.4 +- name: mongodb + repository: https://charts.bitnami.com/bitnami + version: 15.6.26 +- name: postgresql + repository: https://charts.bitnami.com/bitnami + version: 16.7.4 +- name: redis + repository: https://charts.bitnami.com/bitnami + version: 20.13.4 +- name: rabbitmq + repository: https://charts.bitnami.com/bitnami + version: 15.5.3 +- name: cfapi + repository: oci://quay.io/codefresh/charts + version: 21.282.3 +- name: runtime-environment-manager + repository: oci://quay.io/codefresh/charts + version: 3.42.2 +- name: cfui + repository: oci://quay.io/codefresh/charts + version: 14.99.7 +- name: cf-platform-analytics + repository: oci://quay.io/codefresh/charts + version: 0.50.2 +- name: cf-platform-analytics + repository: oci://quay.io/codefresh/charts + version: 0.50.2 +- name: argo-platform + repository: oci://quay.io/codefresh/charts + version: 1.3570.0 +- name: argo-hub-platform + repository: oci://quay.io/codefresh/charts + version: 0.1.24 +digest: sha256:37cbd8cc05247116c6592e97f1ac2a694bd18356c56450a01bc834cc5cc0ad55 +generated: "2025-06-12T16:36:27.827516+03:00" diff --git a/charts/codefresh-gitops/files/seed/accounts.json b/charts/codefresh-gitops/files/seed/accounts.json index dce410ea93..e50ac625aa 100644 --- a/charts/codefresh-gitops/files/seed/accounts.json +++ b/charts/codefresh-gitops/files/seed/accounts.json @@ -1,5 +1,6 @@ { "_id": ObjectId("59009117c102763beda7ce71"), + "systemType": "GITOPS", "badgeToken": "eyJhbGciOiJIUzI1NiJ9.NTkwMDkxMTdjMTAyNzYzYmVkYTdjZTcx.B0HOUL6HlpTRNr_e95pVucSRMRzP2cobe5kIoMtrDSc", "createdAt": ISODate("2017-04-26T12:22:48.001+0000"), "updatedAt": ISODate("2017-04-26T12:27:13.720+0000"), @@ -34,4 +35,4 @@ ], "localUserPasswordIDPEnabled": true, "__v": NumberInt(0) -} \ No newline at end of file +} diff --git a/charts/codefresh-gitops/files/seed/mongoSeedJobScript.sh b/charts/codefresh-gitops/files/seed/mongoSeedJobScript.sh index 53947038fc..d8d6373c2c 100644 --- a/charts/codefresh-gitops/files/seed/mongoSeedJobScript.sh +++ b/charts/codefresh-gitops/files/seed/mongoSeedJobScript.sh @@ -12,34 +12,29 @@ export MONGODB_ROOT_PASSWORD=... COMMENT -# set -eou pipefail +if [[ -n $DEBUG ]]; then + set -o xtrace +fi ASSETS_PATH=${ASSETS_PATH:-/usr/share/extras/} +MTLS_CERT_PATH=${MTLS_CERT_PATH:-/etc/ssl/mongodb/ca.pem} MONGODB_DATABASES=( "archive" "audit" - "charts-manager" - "cluster-providers" "codefresh" - "context-manager" - "gitops-dashboard-manager" - "k8s-monitor" - "pipeline-manager" "platform-analytics-postgres" "read-models" "runtime-environment-manager" - "onboarding-status" - "payments" ) disableMongoTelemetry() { - mongosh --nodb --eval "disableTelemetry()" + mongosh --nodb --eval "disableTelemetry()" || true } waitForMongoDB() { while true; do - status=$(mongosh ${MONGODB_ROOT_URI} --eval "db.adminCommand('ping')" 2>&1) + status=$(mongosh ${MONGODB_ROOT_URI} ${MONGO_URI_EXTRA_PARAMS} --eval "db.adminCommand('ping')" 2>&1) echo -e "MongoDB status:\n$status" if $(echo $status | grep 'ok: 1' -q); then @@ -56,12 +51,23 @@ parseMongoURI() { local parameters="$(echo $1 | grep '?' | cut -d '?' -f2)"; if [[ -n $parameters ]]; then parameters="?${parameters}"; fi local url="$(echo ${1/$proto/})" local userpass="$(echo $url | grep @ | cut -d@ -f1)" - local hostport="$(echo $url | sed s/$userpass// | sed "s/\/\?$parameters//" | sed -re "s/\/\?|@//g" | sed 's/\/$//')" + if [[ -z $userpass ]]; then + local hostport="$(echo $url | sed "s/\/\?$parameters//" | sed -re "s/\/\?|@//g" | sed 's/\/$//')" + MONGO_URI="$proto$hostport/${MONGODB_DATABASE}$parameters" + else + local hostport="$(echo $url | sed s/$userpass// | sed "s/\/\?$parameters//" | sed -re "s/\/\?|@//g" | sed 's/\/$//')" + MONGODB_PASSWORD="$(echo $userpass | grep : | cut -d: -f2)" + MONGODB_USER="$(echo $userpass | grep : | cut -d: -f1)" + MONGO_URI="$proto$userpass@$hostport/${MONGODB_DATABASE}$parameters" + fi + + + if [[ -z $MONGODB_ROOT_OPTIONS ]]; then + MONGODB_ROOT_URI="$proto${MONGODB_ROOT_USER}:${MONGODB_ROOT_PASSWORD}@$hostport/admin$parameters" + else + MONGODB_ROOT_URI="$proto${MONGODB_ROOT_USER}:${MONGODB_ROOT_PASSWORD}@$hostport/admin?${MONGODB_ROOT_OPTIONS}" + fi - MONGODB_PASSWORD="$(echo $userpass | grep : | cut -d: -f2)" - MONGODB_USER="$(echo $userpass | grep : | cut -d: -f1)" - MONGO_URI="$proto$userpass@$hostport/${MONGODB_DATABASE}$parameters" - MONGODB_ROOT_URI="$proto${MONGODB_ROOT_USER}:${MONGODB_ROOT_PASSWORD}@$hostport/admin$parameters" } getMongoVersion() { @@ -82,6 +88,14 @@ setPacks() { parseMongoURI $MONGO_URI +if [[ -s ${MTLS_CERT_PATH} ]]; then + MONGO_URI_EXTRA_PARAMS="--tls --tlsCertificateKeyFile ${MTLS_CERT_PATH} --tlsAllowInvalidHostnames --tlsAllowInvalidCertificates" + MONGOIMPORT_EXTRA_PARAMS="--ssl --sslPEMKeyFile ${MTLS_CERT_PATH} --sslAllowInvalidHostnames --sslAllowInvalidCertificates" +else + MONGO_URI_EXTRA_PARAMS="" + MONGOIMPORT_EXTRA_PARAMS="" +fi + disableMongoTelemetry waitForMongoDB @@ -90,20 +104,23 @@ getMongoVersion for MONGODB_DATABASE in ${MONGODB_DATABASES[@]}; do waitForMongoDB - mongosh ${MONGODB_ROOT_URI} --eval "db.getSiblingDB(\"${MONGODB_DATABASE}\").createUser({user: \"${MONGODB_USER}\", pwd: \"${MONGODB_PASSWORD}\", roles: [\"readWrite\"]})" 2>&1 || true + mongosh ${MONGODB_ROOT_URI} ${MONGO_URI_EXTRA_PARAMS} --eval "db.getSiblingDB(\"${MONGODB_DATABASE}\").createUser({user: \"${MONGODB_USER}\", pwd: \"${MONGODB_PASSWORD}\", roles: [\"readWrite\"]})" 2>&1 || true waitForMongoDB - mongosh ${MONGODB_ROOT_URI} --eval "db.getSiblingDB(\"${MONGODB_DATABASE}\").changeUserPassword(\"${MONGODB_USER}\",\"${MONGODB_PASSWORD}\")" 2>&1 || true + mongosh ${MONGODB_ROOT_URI} ${MONGO_URI_EXTRA_PARAMS} --eval "db.getSiblingDB(\"${MONGODB_DATABASE}\").changeUserPassword(\"${MONGODB_USER}\",\"${MONGODB_PASSWORD}\")" 2>&1 || true + + # MongoDB Atlas + mongosh ${MONGODB_ROOT_URI} ${MONGO_URI_EXTRA_PARAMS} --eval "db = db.getSiblingDB(\"${MONGODB_DATABASE}\"); db[\"${MONGODB_DATABASE}\"].insertOne({ name: \"init\", value: true })" 2>&1 || true done -mongosh ${MONGODB_ROOT_URI} --eval "db.getSiblingDB(\"codefresh\").grantRolesToUser( \"${MONGODB_USER}\", [ { role: \"readWrite\", db: \"pipeline-manager\" } ] )" 2>&1 || true -mongosh ${MONGODB_ROOT_URI} --eval "db.getSiblingDB(\"codefresh\").grantRolesToUser( \"${MONGODB_USER}\", [ { role: \"readWrite\", db: \"platform-analytics-postgres\" } ] )" 2>&1 || true -mongosh ${MONGODB_ROOT_URI} --eval "db.getSiblingDB(\"codefresh\").changeUserPassword(\"${MONGODB_USER}\",\"${MONGODB_PASSWORD}\")" 2>&1 || true +mongosh ${MONGODB_ROOT_URI} ${MONGO_URI_EXTRA_PARAMS} --eval "db.getSiblingDB(\"codefresh\").grantRolesToUser( \"${MONGODB_USER}\", [ { role: \"readWrite\", db: \"pipeline-manager\" } ] )" 2>&1 || true +mongosh ${MONGODB_ROOT_URI} ${MONGO_URI_EXTRA_PARAMS} --eval "db.getSiblingDB(\"codefresh\").grantRolesToUser( \"${MONGODB_USER}\", [ { role: \"readWrite\", db: \"platform-analytics-postgres\" } ] )" 2>&1 || true +mongosh ${MONGODB_ROOT_URI} ${MONGO_URI_EXTRA_PARAMS} --eval "db.getSiblingDB(\"codefresh\").changeUserPassword(\"${MONGODB_USER}\",\"${MONGODB_PASSWORD}\")" 2>&1 || true if [[ $DEVELOPMENT_CHART == "true" ]]; then setSystemAdmin setPacks fi -mongoimport --uri ${MONGO_URI} --collection idps --type json --legacy --file ${ASSETS_PATH}idps.json -mongoimport --uri ${MONGO_URI} --collection accounts --type json --legacy --file ${ASSETS_PATH}accounts.json -mongoimport --uri ${MONGO_URI} --collection users --type json --legacy --file ${ASSETS_PATH}users.json +mongoimport --uri ${MONGO_URI} ${MONGOIMPORT_EXTRA_PARAMS} --collection idps --type json --legacy --file ${ASSETS_PATH}idps.json +mongoimport --uri ${MONGO_URI} ${MONGOIMPORT_EXTRA_PARAMS} --collection accounts --type json --legacy --file ${ASSETS_PATH}accounts.json +mongoimport --uri ${MONGO_URI} ${MONGOIMPORT_EXTRA_PARAMS} --collection users --type json --legacy --file ${ASSETS_PATH}users.json diff --git a/charts/codefresh-gitops/templates/_env_var_secret_ref.tpl b/charts/codefresh-gitops/templates/_env_var_secret_ref.tpl index 94d81603b0..062768755c 100644 --- a/charts/codefresh-gitops/templates/_env_var_secret_ref.tpl +++ b/charts/codefresh-gitops/templates/_env_var_secret_ref.tpl @@ -189,11 +189,11 @@ valueFrom: POSTGRES_SEED_USER env var value */}} {{- define "codefresh-gitops.postgres-seed-user-env-var-value" }} - {{- if or .Values.seed.postgresSeedJob.postgresUserSecretKeyRef .Values.global.postgresSeedJob.postgresUserSecretKeyRef .Values.global.postgresUserSecretKeyRef }} + {{- if and .Values.seed.postgresSeedJob.postgresUserSecretKeyRef }} valueFrom: secretKeyRef: - {{- coalesce .Values.seed.postgresSeedJob.postgresUserSecretKeyRef .Values.global.postgresSeedJob.postgresUserSecretKeyRef .Values.global.postgresUserSecretKeyRef | toYaml | nindent 4 }} - {{- else if or .Values.seed.postgresSeedJob.postgresUser .Values.global.postgresSeedJob.postgresUser .Values.global.postgresUser }} + {{- .Values.seed.postgresSeedJob.postgresUserSecretKeyRef | toYaml | nindent 4 }} + {{- else if or .Values.seed.postgresSeedJob.postgresUser .Values.global.postgresUser }} valueFrom: secretKeyRef: name: {{ include "codefresh-gitops.fullname" . }} @@ -206,11 +206,11 @@ valueFrom: POSTGRES_SEED_PASSWORD env var value */}} {{- define "codefresh-gitops.postgres-seed-password-env-var-value" }} - {{- if or .Values.seed.postgresSeedJob.postgresPasswordSecretKeyRef .Values.global.postgresSeedJob.postgresPasswordSecretKeyRef .Values.global.postgresPasswordSecretKeyRef }} + {{- if and .Values.seed.postgresSeedJob.postgresPasswordSecretKeyRef }} valueFrom: secretKeyRef: - {{- coalesce .Values.seed.postgresSeedJob.postgresPasswordSecretKeyRef .Values.global.postgresSeedJob.postgresPasswordSecretKeyRef .Values.global.postgresPasswordSecretKeyRef | toYaml | nindent 4 }} - {{- else if or .Values.seed.postgresSeedJob.postgresPassword .Values.global.postgresSeedJob.postgresPassword .Values.global.postgresPassword }} + {{- coalesce .Values.seed.postgresSeedJob.postgresPasswordSecretKeyRef | toYaml | nindent 4 }} + {{- else if or .Values.seed.postgresSeedJob.postgresPassword .Values.global.postgresPassword }} valueFrom: secretKeyRef: name: {{ include "codefresh-gitops.fullname" . }} diff --git a/charts/codefresh-gitops/templates/_helpers.tpl b/charts/codefresh-gitops/templates/_helpers.tpl index 12fb63ce97..bda63d48f6 100644 --- a/charts/codefresh-gitops/templates/_helpers.tpl +++ b/charts/codefresh-gitops/templates/_helpers.tpl @@ -72,3 +72,30 @@ Return the secret containing TLS certificates for Ingress {{- printf "%s-%s" (include "codefresh-gitops.fullname" .) .Values.ingress.tls.secretName -}} {{- end -}} {{- end -}} + +{{/* +Return Image Pull Secret +*/}} +{{- define "codefresh-gitops.imagePullSecret" }} +{{- if index .Values ".dockerconfigjson" -}} +{{- printf "%s" (index .Values ".dockerconfigjson") }} +{{- else }} +{{- printf "{\"auths\": {\"%s\": {\"auth\": \"%s\"}}}" .Values.imageCredentials.registry (printf "%s:%s" .Values.imageCredentials.username .Values.imageCredentials.password | b64enc) | b64enc }} +{{- end }} +{{- end }} + +{{/* +Calculate Mongo Uri (for On-Prem) +Usage: +{{ include "codefresh.calculateMongoUri" (dict "dbName" .Values.path.to.the.value "mongoURI" .Values.path.to.the.value) }} +*/}} +{{- define "codefresh-gitops.calculateMongoUri" -}} + {{- if contains "?" .mongoURI -}} + {{- $mongoURI := (splitList "?" .mongoURI) -}} + {{- printf "%s%s?%s" (first $mongoURI) .dbName (last $mongoURI) }} + {{- else if .mongoURI -}} + {{- printf "%s/%s" (trimSuffix "/" .mongoURI) .dbName -}} + {{- else -}} + {{- printf "" -}} + {{- end -}} +{{- end -}} diff --git a/charts/codefresh-gitops/templates/configmaps/runtime-envs-cm.yaml b/charts/codefresh-gitops/templates/configmaps/runtime-envs-cm.yaml new file mode 100644 index 0000000000..fce3f58d71 --- /dev/null +++ b/charts/codefresh-gitops/templates/configmaps/runtime-envs-cm.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: runtime-environments + labels: + {{ include "codefresh-gitops.labels" . | nindent 4 }} +data: + runtimeEnvironments.json: | +{{ include "runtime-environment-config" . | indent 4 }} diff --git a/charts/codefresh-gitops/templates/configmaps/runtimeEnvironments.json.tpl b/charts/codefresh-gitops/templates/configmaps/runtimeEnvironments.json.tpl new file mode 100644 index 0000000000..64f5902209 --- /dev/null +++ b/charts/codefresh-gitops/templates/configmaps/runtimeEnvironments.json.tpl @@ -0,0 +1,40 @@ +{{- define "runtime-environment-config" -}} +[ + { + "metadata": { + "name": "system/default" + }, + "description": "System default template for plan", + "environmentCertPath": "/etc/ssl/cf/", + "dockerDaemonScheduler": { + "type": "ConsulNodes", + "cluster": { + "name": "codefresh", + "type": "builder", + "returnRunnerIfNoBuilder": true + }, + "notCheckServerCa": true, + "clientCertPath": "/etc/ssl/cf/" + }, + "runtimeScheduler": { + "type": "KubernetesPod", + "internalInfra": true, + "cluster": { + "inCluster": true, + "namespace": "{{ .Release.Namespace }}" + }, + "image": "us-docker.pkg.dev/codefresh-inc/public-gcr-io/codefresh/engine:latest", + "command": [ + "npm", + "run", + "start" + ], + "envVars": { + }, + "volumeMounts": {}, + "volumes": {} + }, + "isPublic": true + } +] +{{- end -}} diff --git a/charts/codefresh-gitops/templates/configmaps/version-info-cm.yaml b/charts/codefresh-gitops/templates/configmaps/version-info-cm.yaml index 7a79ac64a5..33f5a00c20 100644 --- a/charts/codefresh-gitops/templates/configmaps/version-info-cm.yaml +++ b/charts/codefresh-gitops/templates/configmaps/version-info-cm.yaml @@ -1,4 +1,4 @@ -{{ $name := printf "%v-%v-%v" .Release.Name .Values.global.codefresh "version-info" }} +{{ $name := printf "%v-%v" (include "codefresh-gitops.fullname" .) "version-info" }} apiVersion: v1 kind: ConfigMap metadata: diff --git a/charts/codefresh-gitops/templates/hooks/pre-upgrade/set-mongodb-compat-version.yaml b/charts/codefresh-gitops/templates/hooks/pre-upgrade/set-mongodb-compat-version.yaml index a6ea9cec3c..e31c0359ec 100644 --- a/charts/codefresh-gitops/templates/hooks/pre-upgrade/set-mongodb-compat-version.yaml +++ b/charts/codefresh-gitops/templates/hooks/pre-upgrade/set-mongodb-compat-version.yaml @@ -13,9 +13,9 @@ apiVersion: batch/v1 kind: Job metadata: - name: {{ include "codefresh.fullname" . }}-set-mongodb-compat-version + name: {{ include "codefresh-gitops.fullname" . }}-set-mongodb-compat-version labels: - {{ include "codefresh.labels" . | nindent 4 }} + {{ include "codefresh-gitops.labels" . | nindent 4 }} annotations: "helm.sh/hook": pre-upgrade "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded @@ -23,39 +23,39 @@ spec: ttlSecondsAfterFinished: 180 template: metadata: - name: {{ include "codefresh.fullname" . }}-set-mongodb-compat-version + name: {{ include "codefresh-gitops.fullname" . }}-set-mongodb-compat-version labels: - {{ include "codefresh.labels" . | nindent 8 }} + {{ include "codefresh-gitops.labels" . | nindent 8 }} spec: {{- include (printf "%s.image.pullSecrets" $libTemplateName ) . | nindent 6 }} securityContext: {{- toYaml .Values.hooks.mongodb.podSecurityContext | nindent 8 }} containers: - - name: {{ include "codefresh.fullname" . }}-set-mongodb-compat-version + - name: {{ include "codefresh-gitops.fullname" . }}-set-mongodb-compat-version image: {{ include (printf "%s.image.name" $libTemplateName) (dict "image" .Values.hooks.mongodb.image "context" .) }} envFrom: - secretRef: - name: {{ include "codefresh.fullname" . }} + name: {{ include "codefresh-gitops.fullname" . }} env: - name: MONGODB_HOST - {{- include "codefresh.mongodb-host-env-var-value" . | indent 12 }} + {{- include "codefresh-gitops.mongodb-host-env-var-value" . | indent 12 }} - name: MONGODB_USER - {{- include "codefresh.mongodb-user-env-var-value" . | indent 12 }} + {{- include "codefresh-gitops.mongodb-user-env-var-value" . | indent 12 }} - name: MONGODB_PASSWORD - {{- include "codefresh.mongodb-password-env-var-value" . | indent 12 }} + {{- include "codefresh-gitops.mongodb-password-env-var-value" . | indent 12 }} - name: MONGO_URI - {{- include "codefresh.mongo-seed-uri-env-var-value" . | indent 12 }} + {{- include "codefresh-gitops.mongo-seed-uri-env-var-value" . | indent 12 }} - name: MONGODB_ROOT_USER - {{- include "codefresh.mongodb-root-user-env-var-value" . | indent 12 }} + {{- include "codefresh-gitops.mongodb-root-user-env-var-value" . | indent 12 }} - name: MONGODB_ROOT_PASSWORD - {{- include "codefresh.mongodb-root-password-env-var-value" . | indent 12 }} + {{- include "codefresh-gitops.mongodb-root-password-env-var-value" . | indent 12 }} - name: MONGODB_COMPAT_VERSION value: "{{ .Values.mongodb.migration.featureCompatibilityVersion }}" command: - "/bin/bash" - "-c" - | - {{ .Files.Get "files/mongoSetCompatibilityVersion.sh" | nindent 12 }} + {{ .Files.Get "files/hooks/mongoSetCompatibilityVersion.sh" | nindent 12 }} resources: {{- toYaml .Values.hooks.mongodb.resources | nindent 10 }} volumeMounts: diff --git a/charts/codefresh-gitops/templates/ingress.yaml b/charts/codefresh-gitops/templates/ingress.yaml index 0d56e0a5ed..a52bb333f2 100644 --- a/charts/codefresh-gitops/templates/ingress.yaml +++ b/charts/codefresh-gitops/templates/ingress.yaml @@ -1,4 +1,4 @@ -{{- $ingressName := printf "%s-ingress" (include "codefresh.fullname" .) }} +{{- $ingressName := printf "%s-ingress" (include "codefresh-gitops.fullname" .) }} {{- if and (hasKey .Values.ingress "nameOverride") .Values.ingress.nameOverride }} {{- $ingressName = .Values.ingress.nameOverride }} {{- end }} @@ -8,7 +8,7 @@ kind: Ingress metadata: name: {{ $ingressName }} labels: - {{ include "codefresh.labels" . | nindent 4 }} + {{ include "codefresh-gitops.labels" . | nindent 4 }} {{- with .Values.ingress.labels }} {{ toYaml . | nindent 4 }} {{- end }} diff --git a/charts/codefresh-gitops/templates/internal-gateway.yaml b/charts/codefresh-gitops/templates/internal-gateway.yaml index 0a47735594..bef620cdf1 100644 --- a/charts/codefresh-gitops/templates/internal-gateway.yaml +++ b/charts/codefresh-gitops/templates/internal-gateway.yaml @@ -2,10 +2,6 @@ {{ $cfApiEndpointsSvc := printf "%s-%s" .Release.Name (index .Subcharts "cfapi" ).Chart.Name }} {{ $cfApiEndpointsPort := (index .Subcharts "cfapi" ).Values.service.main.ports.http.port }} -{{- if index .Values "cfapi-endpoints" "enabled" -}} - {{ $cfApiEndpointsSvc = printf "%s-%s" .Release.Name (index .Subcharts "cfapi-endpoints" ).Chart.Name }} - {{ $cfApiEndpointsPort = (index .Subcharts "cfapi-endpoints" ).Values.service.main.ports.http.port }} -{{- end -}} {{- $internalGatewayContext := (index .Subcharts "internal-gateway") }} diff --git a/charts/codefresh-gitops/templates/secrets/regsecret.yaml b/charts/codefresh-gitops/templates/secrets/regsecret.yaml index e919241ef2..b6a06162df 100644 --- a/charts/codefresh-gitops/templates/secrets/regsecret.yaml +++ b/charts/codefresh-gitops/templates/secrets/regsecret.yaml @@ -7,4 +7,4 @@ metadata: {{ include "codefresh-gitops.labels" . | nindent 4 }} type: kubernetes.io/dockerconfigjson data: - .dockerconfigjson: {{ include "codefresh.imagePullSecret" . }} + .dockerconfigjson: {{ include "codefresh-gitops.imagePullSecret" . }} diff --git a/charts/codefresh-gitops/templates/secrets/secret.yaml b/charts/codefresh-gitops/templates/secrets/secret.yaml index e1ad3c3921..5d239d686c 100644 --- a/charts/codefresh-gitops/templates/secrets/secret.yaml +++ b/charts/codefresh-gitops/templates/secrets/secret.yaml @@ -17,16 +17,15 @@ data: MONGODB_PROTOCOL: {{ coalesce .Values.global.mongodbProtocol | default "mongodb" | b64enc }} # legacy MONGODB_* secrets - MONGODB_ROOT_USER: {{ coalesce .Values.global.mongodbRootUser .Values.seed.mongoSeedJob.mongodbRootUser | b64enc }} - MONGODB_ROOT_PASSWORD: {{ urlquery (coalesce .Values.global.mongodbRootPassword .Values.seed.mongoSeedJob.mongodbRootPassword) | b64enc }} + MONGODB_ROOT_USER: {{ .Values.seed.mongoSeedJob.mongodbRootUser | b64enc }} + MONGODB_ROOT_PASSWORD: {{ urlquery (.Values.seed.mongoSeedJob.mongodbRootPassword) | b64enc }} MONGO_URI: {{ .Values.global.mongoURI | default "empty" | b64enc}} - MONGO_URI_RE_MANAGER: {{ include (printf "%s.classic.calculateMongoUri" $libTemplateName) (dict "dbName" "runtime-environment-manager" "mongoURI" .Values.global.mongoURI) | default "empty" | b64enc }} MONGODB_RE_DATABASE: {{ printf "%s" "runtime-environment-manager" | b64enc }} POSTGRES_USER: {{ coalesce .Values.global.postgresUser | b64enc }} POSTGRES_PASSWORD: {{ coalesce .Values.global.postgresPassword | b64enc }} - POSTGRES_SEED_USER: {{ (coalesce .Values.seed.postgresSeedJob.postgresUser .Values.global.postgresSeedJob.postgresUser) | default .Values.global.postgresUser | b64enc}} - POSTGRES_SEED_PASSWORD: {{ (coalesce .Values.seed.postgresSeedJob.postgresPassword .Values.global.postgresSeedJob.postgresPassword) | default .Values.global.postgresPassword | b64enc }} + POSTGRES_SEED_USER: {{ .Values.seed.postgresSeedJob.postgresUser | default .Values.global.postgresUser | b64enc}} + POSTGRES_SEED_PASSWORD: {{ .Values.seed.postgresSeedJob.postgresPassword | default .Values.global.postgresPassword | b64enc }} POSTGRES_HOSTNAME: {{ default (printf "%s-%s" .Release.Name .Values.global.postgresService) .Values.global.postgresHostname | b64enc }} POSTGRES_PORT: {{ printf "%v" .Values.global.postgresPort | b64enc }} POSTGRES_DATABASE: {{ .Values.global.postgresDatabase | default "codefresh" | b64enc }} diff --git a/charts/codefresh-gitops/templates/seed/mongo-seed-config.yaml b/charts/codefresh-gitops/templates/seed/mongo-seed-config.yaml index 3e9317fdad..dc71e1a5ad 100644 --- a/charts/codefresh-gitops/templates/seed/mongo-seed-config.yaml +++ b/charts/codefresh-gitops/templates/seed/mongo-seed-config.yaml @@ -8,9 +8,9 @@ metadata: {{ include "codefresh-gitops.labels" . | nindent 4 }} data: idps.json: | -{{ .Files.Get "files/assets/idps.json" | indent 4 }} +{{ .Files.Get "files/seed/idps.json" | indent 4 }} accounts.json: | -{{ .Files.Get "files/assets/accounts.json" | indent 4 }} +{{ .Files.Get "files/seed/accounts.json" | indent 4 }} users.json: | -{{ .Files.Get "files/assets/users.json" | indent 4 }} +{{ .Files.Get "files/seed/users.json" | indent 4 }} {{- end }} diff --git a/charts/codefresh-gitops/templates/seed/mongo-seed-job.yaml b/charts/codefresh-gitops/templates/seed/mongo-seed-job.yaml index d28ce7b8ca..f85fd714bb 100644 --- a/charts/codefresh-gitops/templates/seed/mongo-seed-job.yaml +++ b/charts/codefresh-gitops/templates/seed/mongo-seed-job.yaml @@ -41,22 +41,22 @@ spec: name: {{ include "codefresh-gitops.fullname" . }} env: - name: MONGODB_HOST - {{- include "codefresh.mongodb-host-env-var-value" . | indent 12 }} + {{- include "codefresh-gitops.mongodb-host-env-var-value" . | indent 12 }} - name: MONGODB_USER - {{- include "codefresh.mongodb-user-env-var-value" . | indent 12 }} + {{- include "codefresh-gitops.mongodb-user-env-var-value" . | indent 12 }} - name: MONGODB_PASSWORD - {{- include "codefresh.mongodb-password-env-var-value" . | indent 12 }} + {{- include "codefresh-gitops.mongodb-password-env-var-value" . | indent 12 }} - name: MONGO_URI - {{- include "codefresh.mongo-seed-uri-env-var-value" . | indent 12 }} + {{- include "codefresh-gitops.mongo-seed-uri-env-var-value" . | indent 12 }} - name: MONGODB_ROOT_USER - {{- include "codefresh.mongodb-root-user-env-var-value" . | indent 12 }} + {{- include "codefresh-gitops.mongodb-root-user-env-var-value" . | indent 12 }} - name: MONGODB_ROOT_PASSWORD - {{- include "codefresh.mongodb-root-password-env-var-value" . | indent 12 }} + {{- include "codefresh-gitops.mongodb-root-password-env-var-value" . | indent 12 }} command: - "/bin/bash" - "-exc" - | - {{ .Files.Get "files/mongoSeedJobScript.sh" | nindent 12 }} + {{ .Files.Get "files/seed/mongoSeedJobScript.sh" | nindent 12 }} resources: {{- toYaml .Values.seed.resources | nindent 10 }} volumeMounts: diff --git a/charts/codefresh-gitops/templates/seed/postgres-seed-job.yaml b/charts/codefresh-gitops/templates/seed/postgres-seed-job.yaml index cdec511ae7..42a583ad39 100644 --- a/charts/codefresh-gitops/templates/seed/postgres-seed-job.yaml +++ b/charts/codefresh-gitops/templates/seed/postgres-seed-job.yaml @@ -40,22 +40,22 @@ spec: name: {{ include "codefresh-gitops.fullname" . }} env: - name: POSTGRES_USER - {{- include "codefresh.postgres-user-env-var-value" . | indent 12 }} + {{- include "codefresh-gitops.postgres-user-env-var-value" . | indent 12 }} - name: POSTGRES_PASSWORD - {{- include "codefresh.postgres-password-env-var-value" . | indent 12 }} + {{- include "codefresh-gitops.postgres-password-env-var-value" . | indent 12 }} - name: POSTGRES_HOSTNAME - {{- include "codefresh.postgres-host-env-var-value" . | indent 12 }} + {{- include "codefresh-gitops.postgres-host-env-var-value" . | indent 12 }} - name: POSTGRES_SEED_USER - {{- include "codefresh.postgres-seed-user-env-var-value" . | indent 12 }} + {{- include "codefresh-gitops.postgres-seed-user-env-var-value" . | indent 12 }} - name: POSTGRES_SEED_PASSWORD - {{- include "codefresh.postgres-seed-password-env-var-value" . | indent 12 }} + {{- include "codefresh-gitops.postgres-seed-password-env-var-value" . | indent 12 }} resources: {{- toYaml .Values.seed.resources | nindent 10 }} command: - "/bin/bash" - "-exc" - | - {{ .Files.Get "files/postgresSeedJobScript.sh" | nindent 12 }} + {{ .Files.Get "files/seed/postgresSeedJobScript.sh" | nindent 12 }} {{- with $allNodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/charts/codefresh-gitops/values.yaml b/charts/codefresh-gitops/values.yaml index f3a2f16c92..e748e87bc1 100644 --- a/charts/codefresh-gitops/values.yaml +++ b/charts/codefresh-gitops/values.yaml @@ -30,7 +30,7 @@ seed: # key: mongodb-root-user # -- Root password in plain text (required ONLY for seed job!). - mongodbRootPassword: "XT9nmM8dZD" + mongodbRootPassword: "password" # -- Root password from existing secret mongodbRootPasswordSecretKeyRef: {} # E.g. @@ -152,6 +152,9 @@ global: #-------- # MongoDB #-------- + # -- Legacy MongoDB connection string. Keep empty! + mongoURI: "" + # -- Set mongodb protocol (`mongodb` / `mongodb+srv`) mongodbProtocol: mongodb # -- Set mongodb user in plain text @@ -200,7 +203,7 @@ global: # key: postgres-user # -- Set postgres password in plain text - postgresPassword: eC9arYka4ZbH + postgresPassword: postgres # -- Set postgres password from existing secret postgresPasswordSecretKeyRef: {} # E.g. @@ -209,7 +212,7 @@ global: # key: postgres-password # -- Set postgres service address in plain text. Takes precedence over `global.postgresService`! - postgresHostname: "" + postgresHostname: "postgresql" # -- Set postgres service from existing secret postgresHostnameSecretKeyRef: {} # E.g. @@ -239,7 +242,7 @@ global: # key: rabbitmq-username # -- Set rabbitmq password in plain text - rabbitmqPassword: cVz9ZdJKYm7u + rabbitmqPassword: rabbitmq # -- Set rabbitmq password from existing secret rabbitmqPasswordSecretKeyRef: {} # E.g. @@ -248,7 +251,7 @@ global: # key: rabbitmq-password # -- Set rabbitmq service address in plain text. Takes precedence over `global.rabbitService`! - rabbitmqHostname: "" + rabbitmqHostname: "rabbitmq:5672" # -- Set rabbitmq service address from existing secret. rabbitmqHostnameSecretKeyRef: {} # E.g. @@ -263,7 +266,7 @@ global: # Redis #------ # -- Set redis password in plain text - redisPassword: hoC9szf7NtrU + redisPassword: redis # -- Set redis service port redisPort: 6379 # -- Set redis password from existing secret @@ -274,7 +277,7 @@ global: # key: redis-password # -- Set redis hostname in plain text. Takes precedence over `global.redisService`! - redisUrl: "" + redisUrl: "redis-master" # -- Set redis hostname from existing secret. redisUrlSecretKeyRef: {} # E.g. @@ -340,9 +343,13 @@ cfapi: &cf-api # -- Image image: # -- Registry prefix - registry: us-docker.pkg.dev/codefresh-enterprise/gcr.io + registry: us-docker.pkg.dev/codefresh-inc/gcr.io # -- Repository - repository: codefresh/cf-api + repository: codefresh/dev/cf-api + # -- Tag + tag: 21.283.0-test-gitops-system-type + # -- Digest + digest: "" # -- Env vars # @default -- See below env: @@ -350,6 +357,10 @@ cfapi: &cf-api LOGGER_LEVEL: debug ON_PREMISE: true DEFAULT_SYSTEM_TYPE: GITOPS + API_URI: cfapi + PIPELINE_MANAGER_URI: pipeline-manager # temorary, need to remove + PLATFORM_ANALYTICS_URI: platform-analytics + RUNTIME_ENVIRONMENT_MANAGER_URI: runtime-environment-manager # temporary, need to remove # -- Resource requests and limits resources: requests: @@ -416,7 +427,7 @@ internal-gateway: # -- etl-starter # @default -- See below cf-platform-analytics-etlstarter: - fllnameOverride: etl-starter + fullnameOverride: etl-starter mongodbDatabase: "platform-analytics-postgres" redis: # -- Disable redis subchart @@ -428,6 +439,7 @@ cf-platform-analytics-etlstarter: # -- Only postgres ETL should be running in onprem system-etl-postgres: enabled: true + fullnameOverride: system-etl-postgres controller: cronjob: ttlSecondsAfterFinished: 300 @@ -464,8 +476,7 @@ cf-platform-analytics-platform: registry: us-docker.pkg.dev/codefresh-enterprise/gcr.io repository: codefresh/cf-platform-analytics redis: - enabled: true - nameOverride: redis-platform-analytics + enabled: false resources: requests: cpu: 100m @@ -537,6 +548,9 @@ runtime-environment-manager: nodeSelector: {} podSecurityContext: {} tolerations: [] + volumes: + runtime-environments: + nameOverride: runtime-environments # -- mongodb # @default -- See below @@ -556,7 +570,6 @@ mongodb: - user - user - user - - user passwords: - password - password @@ -564,9 +577,10 @@ mongodb: - password - password - password - - password databases: + - archive - codefresh + - runtime-environment-manager # temporary, need to remove - read-models - audit - platform-analytics-postgres @@ -626,6 +640,7 @@ redis: # Ref: https://github.com/bitnami/charts/blob/main/bitnami/rabbitmq/values.yaml rabbitmq: enabled: true + fullnameOverride: rabbitmq image: tag: "4.0" replicaCount: 1 @@ -640,6 +655,7 @@ rabbitmq: # -- argo-hub-platform # @default -- See below argo-hub-platform: + fullnameOverride: argo-hub-platform controller: deployment: replicas: 1 @@ -723,12 +739,12 @@ argo-platform: # -- Secrets # @default -- See below secrets: - argo-hub-host: http://{{ .Release.Name }}-argo-hub-platform + argo-hub-host: http://argo-hub-platform cache-host: *cache-host cache-password: *cache-password cache-port: *cache-port - v1-host: http://{{ .Release.Name }}-{{ .Values.global.cfapiEndpointsService }} - v1-internal-host: http://{{ .Release.Name }}-{{ .Values.global.cfapiService }}:{{ .Values.global.cfapiInternalPort }} + v1-host: http://{{ .Values.global.cfapiEndpointsService }} + v1-internal-host: http://{{ .Values.global.cfapiService }}:{{ .Values.global.cfapiInternalPort }} mongodb-protocol: *mongodb-protocol mongodb-options: *mongodb-options mongodb-host: *mongodb-host @@ -1063,6 +1079,8 @@ argo-platform: MONGODB_READMODELS_URI: '{{ include "argo-patform-libs.env-vars.mongodb-readmodels-uri-env-var-value" . }}' RABBITMQ_URLS: $(RABBITMQ_PROTOCOL)://$(RABBITMQ_USER):$(RABBITMQ_PASSWORD)@$(RABBITMQ_HOST) secrets: + v1-host: http://{{ .Values.global.cfapiEndpointsService }} + v1-internal-host: http://{{ .Values.global.cfapiService }}:{{ .Values.global.cfapiInternalPort }} mongodb-protocol: *mongodb-protocol mongodb-options: *mongodb-options mongodb-host: *mongodb-host From e6ebf6a563d3aa46161b95e380dcd97fc3863c84 Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Fri, 13 Jun 2025 11:48:22 +0300 Subject: [PATCH 04/19] feat: gitops-onprem --- .../templates/configmaps/version-info-cm.yaml | 3 +-- charts/codefresh-gitops/values.yaml | 6 ++++++ 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/charts/codefresh-gitops/templates/configmaps/version-info-cm.yaml b/charts/codefresh-gitops/templates/configmaps/version-info-cm.yaml index 33f5a00c20..588eb09e29 100644 --- a/charts/codefresh-gitops/templates/configmaps/version-info-cm.yaml +++ b/charts/codefresh-gitops/templates/configmaps/version-info-cm.yaml @@ -1,8 +1,7 @@ -{{ $name := printf "%v-%v" (include "codefresh-gitops.fullname" .) "version-info" }} apiVersion: v1 kind: ConfigMap metadata: - name: {{ $name }} + name: codefresh-gitops-version-info labels: {{ include "codefresh-gitops.labels" . | nindent 4 }} data: diff --git a/charts/codefresh-gitops/values.yaml b/charts/codefresh-gitops/values.yaml index e748e87bc1..5759006b2b 100644 --- a/charts/codefresh-gitops/values.yaml +++ b/charts/codefresh-gitops/values.yaml @@ -509,6 +509,12 @@ cfui: repository: codefresh/cf-ui env: ON_PREMISE: true + ONPREM_VERSION: + valueFrom: + configMapKeyRef: + name: codefresh-gitops-version-info + key: app + optional: true resources: requests: cpu: 100m From 497b91434e72b08d46e47cb3764a9930868a07bf Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Fri, 13 Jun 2025 13:07:57 +0300 Subject: [PATCH 05/19] feat: gitops-onprem --- charts/codefresh-gitops/.ci/helm-docs.sh | 18 +++ charts/codefresh-gitops/README.md | 189 +++++++++++++++++++++++ 2 files changed, 207 insertions(+) create mode 100755 charts/codefresh-gitops/.ci/helm-docs.sh create mode 100644 charts/codefresh-gitops/README.md diff --git a/charts/codefresh-gitops/.ci/helm-docs.sh b/charts/codefresh-gitops/.ci/helm-docs.sh new file mode 100755 index 0000000000..f93f7172ed --- /dev/null +++ b/charts/codefresh-gitops/.ci/helm-docs.sh @@ -0,0 +1,18 @@ +#!/bin/bash +## Reference: https://github.com/norwoodj/helm-docs +set -eux +REPO_ROOT="$(cd "$(dirname "$0")/.." && pwd)" +echo "$REPO_ROOT" + +echo "Running Helm-Docs" +docker run \ + -v "$REPO_ROOT:/helm-docs" \ + -u $(id -u) \ + --rm \ + --entrypoint /bin/sh \ + jnorwood/helm-docs:v1.11.0 \ + -c \ + helm-docs \ + --chart-search-root=codefresh-gitops \ + --template-files=./_templates.gotmpl \ + --template-files=README.md.gotmpl \ diff --git a/charts/codefresh-gitops/README.md b/charts/codefresh-gitops/README.md new file mode 100644 index 0000000000..5aa1422cd7 --- /dev/null +++ b/charts/codefresh-gitops/README.md @@ -0,0 +1,189 @@ +# codefresh-gitops + +![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![AppVersion: 0.1.0](https://img.shields.io/badge/AppVersion-0.1.0-informational?style=flat-square) + +Helm Chart for Codefresh GitOps On-Prem + +**Homepage:** + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| codefresh | | | + +## Source Code + +* + +## Requirements + +| Repository | Name | Version | +|------------|------|---------| +| https://charts.bitnami.com/bitnami | mongodb | 15.6.26 | +| https://charts.bitnami.com/bitnami | postgresql | 16.7.4 | +| https://charts.bitnami.com/bitnami | rabbitmq | 15.5.3 | +| https://charts.bitnami.com/bitnami | redis | 20.13.4 | +| oci://quay.io/codefresh/charts | argo-hub-platform | * | +| oci://quay.io/codefresh/charts | argo-platform | * | +| oci://quay.io/codefresh/charts | cf-common | 0.27.0 | +| oci://quay.io/codefresh/charts | cf-platform-analytics-platform(cf-platform-analytics) | * | +| oci://quay.io/codefresh/charts | cf-platform-analytics-etlstarter(cf-platform-analytics) | * | +| oci://quay.io/codefresh/charts | cfapi(cfapi) | * | +| oci://quay.io/codefresh/charts | cfui | * | +| oci://quay.io/codefresh/charts | internal-gateway | 0.10.4 | +| oci://quay.io/codefresh/charts | runtime-environment-manager | * | + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| argo-hub-platform | object | See below | argo-hub-platform | +| argo-platform | object | See below | argo-platform | +| argo-platform.abac | object | See below | abac | +| argo-platform.analytics-reporter | object | See below | analytics-reporter | +| argo-platform.anchors | object | See below | Anchors | +| argo-platform.api-events | object | See below | api-events | +| argo-platform.api-graphql | object | See below | api-graphql All other services under `.Values.argo-platform` follows the same values structure. | +| argo-platform.api-graphql.affinity | object | `{}` | Set pod's affinity | +| argo-platform.api-graphql.env | object | See below | Env vars | +| argo-platform.api-graphql.hpa | object | `{"enabled":false}` | HPA | +| argo-platform.api-graphql.hpa.enabled | bool | `false` | Enable autoscaler | +| argo-platform.api-graphql.image | object | `{"registry":"us-docker.pkg.dev/codefresh-enterprise/gcr.io","repository":"codefresh-io/argo-platform-api-graphql"}` | Image | +| argo-platform.api-graphql.image.registry | string | `"us-docker.pkg.dev/codefresh-enterprise/gcr.io"` | Registry | +| argo-platform.api-graphql.image.repository | string | `"codefresh-io/argo-platform-api-graphql"` | Repository | +| argo-platform.api-graphql.kind | string | `"Deployment"` | Controller kind. Currently, only `Deployment` is supported | +| argo-platform.api-graphql.pdb | object | `{"enabled":false}` | PDB | +| argo-platform.api-graphql.pdb.enabled | bool | `false` | Enable pod disruption budget | +| argo-platform.api-graphql.podAnnotations | object | `{"checksum/secret":"{{ include (print $.Template.BasePath \"/api-graphql/secret.yaml\") . | sha256sum }}"}` | Set pod's annotations | +| argo-platform.api-graphql.resources | object | See below | Resource limits and requests | +| argo-platform.api-graphql.secrets | object | See below | Secrets | +| argo-platform.api-graphql.tolerations | list | `[]` | Set pod's tolerations | +| argo-platform.argocd-hooks | object | See below | argocd-hooks Don't enable! Not used in onprem! | +| argo-platform.audit | object | See below | audit | +| argo-platform.broadcaster | object | See below | broadcaster | +| argo-platform.cron-executor | object | See below | cron-executor | +| argo-platform.event-handler | object | See below | event-handler | +| argo-platform.promotion-orchestrator | object | See below | promotion-orchestrator | +| argo-platform.runtime-manager | object | See below | runtime-manager Don't enable! Not used in onprem! | +| argo-platform.runtime-monitor | object | See below | runtime-monitor Don't enable! Not used in onprem! | +| argo-platform.ui | object | See below | ui | +| argo-platform.useExternalSecret | bool | `false` | Use regular k8s secret object. Keep `false`! | +| cf-platform-analytics-etlstarter | object | See below | etl-starter | +| cf-platform-analytics-etlstarter.redis.enabled | bool | `false` | Disable redis subchart | +| cf-platform-analytics-etlstarter.system-etl-postgres | object | `{"container":{"env":{"BLUE_GREEN_ENABLED":true}},"controller":{"cronjob":{"ttlSecondsAfterFinished":300}},"enabled":true,"fullnameOverride":"system-etl-postgres"}` | Only postgres ETL should be running in onprem | +| cf-platform-analytics-platform | object | See below | platform-analytics | +| cfapi | object | `{"affinity":{},"container":{"env":{"API_URI":"cfapi","AUDIT_AUTO_CREATE_DB":true,"DEFAULT_SYSTEM_TYPE":"GITOPS","LOGGER_LEVEL":"debug","ON_PREMISE":true,"PIPELINE_MANAGER_URI":"pipeline-manager","PLATFORM_ANALYTICS_URI":"platform-analytics","RUNTIME_ENVIRONMENT_MANAGER_URI":"runtime-environment-manager"},"image":{"digest":"","registry":"us-docker.pkg.dev/codefresh-inc/gcr.io","repository":"codefresh/dev/cf-api","tag":"21.283.0-test-gitops-system-type"}},"controller":{"replicas":2},"enabled":true,"fullnameOverride":"cfapi","hpa":{"enabled":false,"maxReplicas":10,"minReplicas":2,"targetCPUUtilizationPercentage":70},"imagePullSecrets":[],"nodeSelector":{},"pdb":{"enabled":false,"minAvailable":"50%"},"podSecurityContext":{},"resources":{"limits":{},"requests":{"cpu":"200m","memory":"256Mi"}},"tolerations":[]}` | cf-api | +| cfapi.affinity | object | `{}` | Affinity configuration | +| cfapi.container | object | `{"env":{"API_URI":"cfapi","AUDIT_AUTO_CREATE_DB":true,"DEFAULT_SYSTEM_TYPE":"GITOPS","LOGGER_LEVEL":"debug","ON_PREMISE":true,"PIPELINE_MANAGER_URI":"pipeline-manager","PLATFORM_ANALYTICS_URI":"platform-analytics","RUNTIME_ENVIRONMENT_MANAGER_URI":"runtime-environment-manager"},"image":{"digest":"","registry":"us-docker.pkg.dev/codefresh-inc/gcr.io","repository":"codefresh/dev/cf-api","tag":"21.283.0-test-gitops-system-type"}}` | Container configuration | +| cfapi.container.env | object | See below | Env vars | +| cfapi.container.image | object | `{"digest":"","registry":"us-docker.pkg.dev/codefresh-inc/gcr.io","repository":"codefresh/dev/cf-api","tag":"21.283.0-test-gitops-system-type"}` | Image | +| cfapi.container.image.digest | string | `""` | Digest | +| cfapi.container.image.registry | string | `"us-docker.pkg.dev/codefresh-inc/gcr.io"` | Registry prefix | +| cfapi.container.image.repository | string | `"codefresh/dev/cf-api"` | Repository | +| cfapi.container.image.tag | string | `"21.283.0-test-gitops-system-type"` | Tag | +| cfapi.controller | object | `{"replicas":2}` | Controller configuration | +| cfapi.controller.replicas | int | `2` | Replicas number | +| cfapi.enabled | bool | `true` | Enable cf-api | +| cfapi.fullnameOverride | string | `"cfapi"` | Override name | +| cfapi.hpa | object | `{"enabled":false,"maxReplicas":10,"minReplicas":2,"targetCPUUtilizationPercentage":70}` | Autoscaler configuration | +| cfapi.hpa.enabled | bool | `false` | Enable HPA | +| cfapi.hpa.maxReplicas | int | `10` | Maximum number of replicas | +| cfapi.hpa.minReplicas | int | `2` | Minimum number of replicas | +| cfapi.hpa.targetCPUUtilizationPercentage | int | `70` | Average CPU utilization percentage | +| cfapi.imagePullSecrets | list | `[]` | Image pull secrets | +| cfapi.nodeSelector | object | `{}` | Node selector configuration | +| cfapi.pdb | object | `{"enabled":false,"minAvailable":"50%"}` | Pod disruption budget configuration | +| cfapi.pdb.enabled | bool | `false` | Enable PDB | +| cfapi.pdb.minAvailable | string | `"50%"` | Minimum number of replicas in percentage | +| cfapi.podSecurityContext | object | `{}` | Pod security context configuration | +| cfapi.resources | object | `{"limits":{},"requests":{"cpu":"200m","memory":"256Mi"}}` | Resource requests and limits | +| cfapi.tolerations | list | `[]` | Tolerations configuration | +| cfui | object | See below | cf-ui | +| global | object | See below | Global parameters | +| global.affinity | object | `{}` | Global affinity constraints Apply affinity to all Codefresh subcharts. Will not be applied on Bitnami subcharts. | +| global.appProtocol | string | `"https"` | Application protocol. | +| global.appUrl | string | `"onprem.codefresh.local"` | Application root url. Will be used in Ingress objects as hostname | +| global.cfapiEndpointsService | string | `"cfapi"` | Default API endpoints service name | +| global.cfapiInternalPort | int | `3000` | Default API service port. | +| global.cfapiService | string | `"cfapi"` | Default API service name. | +| global.dnsService | string | `"kube-dns"` | Definitions for internal-gateway nginx resolver | +| global.env | object | `{}` | Global Env vars | +| global.imagePullSecrets | list | `["codefresh-registry"]` | Global Docker registry secret names as array | +| global.imageRegistry | string | `""` | Global Docker image registry | +| global.mongoURI | string | `""` | Legacy MongoDB connection string. Keep empty! | +| global.mongodbDatabase | string | `"codefresh"` | Default MongoDB database name. Don't change! | +| global.mongodbHost | string | `"mongodb"` | Set mongodb host in plain text | +| global.mongodbHostSecretKeyRef | object | `{}` | Set mongodb host from existing secret | +| global.mongodbOptions | string | `"retryWrites=true"` | Set mongodb connection string options Ref: https://www.mongodb.com/docs/manual/reference/connection-string/#connection-string-options | +| global.mongodbPassword | string | `"password"` | Set mongodb password in plain text | +| global.mongodbPasswordSecretKeyRef | object | `{}` | Set mongodb password from existing secret | +| global.mongodbProtocol | string | `"mongodb"` | Set mongodb protocol (`mongodb` / `mongodb+srv`) | +| global.mongodbUser | string | `"user"` | Set mongodb user in plain text | +| global.mongodbUserSecretKeyRef | object | `{}` | Set mongodb user from existing secret | +| global.newrelicLicenseKey | string | `""` | New Relic Key | +| global.nodeSelector | object | `{}` | Global nodeSelector constraints Apply nodeSelector to all Codefresh subcharts. Will not be applied on Bitnami subcharts. | +| global.platformAnalyticsPort | int | `80` | Default platform-analytics service port. | +| global.platformAnalyticsService | string | `"platform-analytics"` | Default platform-analytics service name. | +| global.postgresDatabase | string | `"codefresh"` | Set postgres database name | +| global.postgresHostname | string | `"postgresql"` | Set postgres service address in plain text. Takes precedence over `global.postgresService`! | +| global.postgresHostnameSecretKeyRef | object | `{}` | Set postgres service from existing secret | +| global.postgresPassword | string | `"postgres"` | Set postgres password in plain text | +| global.postgresPasswordSecretKeyRef | object | `{}` | Set postgres password from existing secret | +| global.postgresPort | int | `5432` | Set postgres port number | +| global.postgresService | string | `"postgresql"` | Default internal postgresql service address from bitnami/postgresql subchart | +| global.postgresUser | string | `"postgres"` | Set postgres user in plain text | +| global.postgresUserSecretKeyRef | object | `{}` | Set postgres user from existing secret | +| global.rabbitService | string | `"rabbitmq:5672"` | Default internal rabbitmq service address from bitnami/rabbitmq subchart. | +| global.rabbitmqHostname | string | `"rabbitmq:5672"` | Set rabbitmq service address in plain text. Takes precedence over `global.rabbitService`! | +| global.rabbitmqHostnameSecretKeyRef | object | `{}` | Set rabbitmq service address from existing secret. | +| global.rabbitmqPassword | string | `"rabbitmq"` | Set rabbitmq password in plain text | +| global.rabbitmqPasswordSecretKeyRef | object | `{}` | Set rabbitmq password from existing secret | +| global.rabbitmqProtocol | string | `"amqp"` | Set rabbitmq protocol (`amqp/amqps`) | +| global.rabbitmqUsername | string | `"user"` | Set rabbitmq username in plain text | +| global.rabbitmqUsernameSecretKeyRef | object | `{}` | Set rabbitmq username from existing secret | +| global.redisPassword | string | `"redis"` | Set redis password in plain text | +| global.redisPasswordSecretKeyRef | object | `{}` | Set redis password from existing secret | +| global.redisPort | int | `6379` | Set redis service port | +| global.redisService | string | `"redis-master"` | Default internal redis service address from bitnami/redis subchart | +| global.redisUrl | string | `"redis-master"` | Set redis hostname in plain text. Takes precedence over `global.redisService`! | +| global.redisUrlSecretKeyRef | object | `{}` | Set redis hostname from existing secret. | +| global.security | object | `{"allowInsecureImages":true}` | Bitnami | +| global.storageClass | string | `""` | Global StorageClass for Persistent Volume(s) | +| global.tolerations | list | `[]` | Global tolerations constraints Apply toleratons to all Codefresh subcharts. Will not be applied on Bitnami subcharts. | +| hooks | object | See below | Pre/post-upgrade Job hooks. | +| hooks.mongodb | object | `{"affinity":{},"enabled":true,"image":{"registry":"us-docker.pkg.dev/codefresh-inc/public-gcr-io","repository":"codefresh/mongosh","tag":"2.5.0"},"nodeSelector":{},"podSecurityContext":{},"resources":{},"tolerations":[]}` | Sets feature compatibility version | +| imageCredentials | object | `{}` | Credentials for Image Pull Secret object | +| ingress | object | `{"annotations":{"nginx.ingress.kubernetes.io/service-upstream":"true","nginx.ingress.kubernetes.io/ssl-redirect":"false","nginx.org/redirect-to-https":"false"},"enabled":true,"ingressClassName":"","labels":{},"nameOverride":"","services":{"internal-gateway":["/"]},"tls":{"cert":"","enabled":false,"existingSecret":"","key":"","secretName":"star.codefresh.io"}}` | Ingress | +| ingress.annotations | object | See below | Set annotations for ingress. | +| ingress.enabled | bool | `true` | Enable the Ingress | +| ingress.ingressClassName | string | `""` | Set the ingressClass that is used for the ingress. Default `nginx-codefresh` is created from `ingress-nginx` controller subchart | +| ingress.labels | object | `{}` | Set labels for ingress | +| ingress.nameOverride | string | `""` | Override Ingress resource name | +| ingress.services | object | See below | Default services and corresponding paths | +| ingress.tls.cert | string | `""` | Certificate (base64 encoded) | +| ingress.tls.enabled | bool | `false` | Enable TLS | +| ingress.tls.existingSecret | string | `""` | Existing `kubernetes.io/tls` type secret with TLS certificates (keys: `tls.crt`, `tls.key`) | +| ingress.tls.key | string | `""` | Private key (base64 encoded) | +| ingress.tls.secretName | string | `"star.codefresh.io"` | Default secret name to be created with provided `cert` and `key` below | +| internal-gateway | object | See below | internal-gateway | +| mongodb | object | See below | mongodb Ref: https://github.com/bitnami/charts/blob/main/bitnami/mongodb/values.yaml | +| postgresql | object | See below | postgresql Ref: https://github.com/bitnami/charts/blob/main/bitnami/postgresql/values.yaml | +| rabbitmq | object | See below | rabbitmq Ref: https://github.com/bitnami/charts/blob/main/bitnami/rabbitmq/values.yaml | +| redis | object | See below | redis Ref: https://github.com/bitnami/charts/blob/main/bitnami/redis/values.yaml | +| runtime-environment-manager | object | See below | runtime-environment-manager | +| seed | object | See below | Seed jobs | +| seed.enabled | bool | `true` | Enable all seed jobs | +| seed.mongoSeedJob | object | See below | Mongo Seed Job. Required at first install. Seeds the required data (default idp/user/account), creates cfuser and required databases. | +| seed.mongoSeedJob.mongodbRootPassword | string | `"password"` | Root password in plain text (required ONLY for seed job!). | +| seed.mongoSeedJob.mongodbRootPasswordSecretKeyRef | object | `{}` | Root password from existing secret | +| seed.mongoSeedJob.mongodbRootUser | string | `"root"` | Root user in plain text (required ONLY for seed job!). | +| seed.mongoSeedJob.mongodbRootUserSecretKeyRef | object | `{}` | Root user from existing secret | +| seed.postgresSeedJob | object | See below | Postgres Seed Job. Required at first install. Creates required user and databases. | +| seed.postgresSeedJob.postgresPassword | optional | `""` | Password for "postgres" admin user (required ONLY for seed job!) | +| seed.postgresSeedJob.postgresPasswordSecretKeyRef | optional | `{}` | Password for "postgres" admin user from existing secret | +| seed.postgresSeedJob.postgresUser | optional | `""` | "postgres" admin user in plain text (required ONLY for seed job!) Must be a privileged user allowed to create databases and grant roles. If omitted, username and password from `.Values.global.postgresUser/postgresPassword` will be used. | +| seed.postgresSeedJob.postgresUserSecretKeyRef | optional | `{}` | "postgres" admin user from exising secret | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) From a310d440e06169b1a3cea780992084b54a75c984 Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Fri, 13 Jun 2025 13:11:35 +0300 Subject: [PATCH 06/19] feat: gitops-onprem --- charts/codefresh-gitops/Chart.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/codefresh-gitops/Chart.lock b/charts/codefresh-gitops/Chart.lock index 4e9ff9234b..0ea7550809 100644 --- a/charts/codefresh-gitops/Chart.lock +++ b/charts/codefresh-gitops/Chart.lock @@ -34,9 +34,9 @@ dependencies: version: 0.50.2 - name: argo-platform repository: oci://quay.io/codefresh/charts - version: 1.3570.0 + version: 1.3571.0 - name: argo-hub-platform repository: oci://quay.io/codefresh/charts version: 0.1.24 -digest: sha256:37cbd8cc05247116c6592e97f1ac2a694bd18356c56450a01bc834cc5cc0ad55 -generated: "2025-06-12T16:36:27.827516+03:00" +digest: sha256:500deaa56ebb1da2aff4b1806088bd9f0997da809839ce00c357d7bd4fdf2d96 +generated: "2025-06-13T13:10:52.723538+03:00" From 4da095dde682ca146520d8e69f950bfce1e21be2 Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Fri, 13 Jun 2025 14:23:54 +0300 Subject: [PATCH 07/19] feat: gitops-onprem --- .../.ci/values/defaults-hpa.yaml | 69 +++++++++++++++++++ .../codefresh-gitops/.ci/values/registry.yaml | 4 ++ 2 files changed, 73 insertions(+) create mode 100644 charts/codefresh-gitops/.ci/values/defaults-hpa.yaml create mode 100644 charts/codefresh-gitops/.ci/values/registry.yaml diff --git a/charts/codefresh-gitops/.ci/values/defaults-hpa.yaml b/charts/codefresh-gitops/.ci/values/defaults-hpa.yaml new file mode 100644 index 0000000000..9c8b161cfd --- /dev/null +++ b/charts/codefresh-gitops/.ci/values/defaults-hpa.yaml @@ -0,0 +1,69 @@ +global: + appUrl: "" # placeholder + imagePullSecrets: + - codefresh-registry + - dockerhub-creds + +ingress: + enabled: true + ingressClassName: nginx-internal + tls: + enabled: false + +cfapi: + rbac: + namespaced: false + hpa: + enabled: true + container: + env: + DEFAULT_SYSTEM_TYPE: GITOPS + +cfui: + hpa: + enabled: true + +internal-gateway: + hpa: + enabled: true + +cf-platform-analytics-platform: + hpa: + enabled: true + +argo-platform: + analytics-reporter: + hpa: + enabled: true + + api-events: + hpa: + enabled: true + + api-graphql: + hpa: + enabled: true + + cron-executor: + hpa: + enabled: true + + event-handler: + hpa: + enabled: true + + ui: + hpa: + enabled: true + + audit: + hpa: + enabled: true + + abac: + hpa: + enabled: true + + promotion-orchestrator: + hpa: + enabled: true diff --git a/charts/codefresh-gitops/.ci/values/registry.yaml b/charts/codefresh-gitops/.ci/values/registry.yaml new file mode 100644 index 0000000000..179c164abc --- /dev/null +++ b/charts/codefresh-gitops/.ci/values/registry.yaml @@ -0,0 +1,4 @@ +imageCredentials: + registry: us-docker.pkg.dev + username: _json_key + password: "" # placeholder for ${GCR_SA_KEY} From 96bf2be6c657e1608d7e30363d1cc04deb326074 Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Fri, 13 Jun 2025 14:37:40 +0300 Subject: [PATCH 08/19] feat: gitops-onprem --- .../.ci/values/{defaults-hpa.yaml => defaults.yaml} | 5 +++++ charts/codefresh-gitops/.ci/values/registry.yaml | 4 ---- 2 files changed, 5 insertions(+), 4 deletions(-) rename charts/codefresh-gitops/.ci/values/{defaults-hpa.yaml => defaults.yaml} (87%) delete mode 100644 charts/codefresh-gitops/.ci/values/registry.yaml diff --git a/charts/codefresh-gitops/.ci/values/defaults-hpa.yaml b/charts/codefresh-gitops/.ci/values/defaults.yaml similarity index 87% rename from charts/codefresh-gitops/.ci/values/defaults-hpa.yaml rename to charts/codefresh-gitops/.ci/values/defaults.yaml index 9c8b161cfd..856a70793a 100644 --- a/charts/codefresh-gitops/.ci/values/defaults-hpa.yaml +++ b/charts/codefresh-gitops/.ci/values/defaults.yaml @@ -1,3 +1,8 @@ +imageCredentials: + registry: us-docker.pkg.dev + username: _json_key + password: "" # placeholder for ${GCR_SA_KEY} + global: appUrl: "" # placeholder imagePullSecrets: diff --git a/charts/codefresh-gitops/.ci/values/registry.yaml b/charts/codefresh-gitops/.ci/values/registry.yaml deleted file mode 100644 index 179c164abc..0000000000 --- a/charts/codefresh-gitops/.ci/values/registry.yaml +++ /dev/null @@ -1,4 +0,0 @@ -imageCredentials: - registry: us-docker.pkg.dev - username: _json_key - password: "" # placeholder for ${GCR_SA_KEY} From 275a3772da30a8c64aef18fe5cf21aaa34d79b77 Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Fri, 13 Jun 2025 15:22:59 +0300 Subject: [PATCH 09/19] feat: gitops-onprem --- charts/codefresh-gitops/.ci/values/defaults.yaml | 6 ------ 1 file changed, 6 deletions(-) diff --git a/charts/codefresh-gitops/.ci/values/defaults.yaml b/charts/codefresh-gitops/.ci/values/defaults.yaml index 856a70793a..917d9576f1 100644 --- a/charts/codefresh-gitops/.ci/values/defaults.yaml +++ b/charts/codefresh-gitops/.ci/values/defaults.yaml @@ -1,12 +1,6 @@ -imageCredentials: - registry: us-docker.pkg.dev - username: _json_key - password: "" # placeholder for ${GCR_SA_KEY} - global: appUrl: "" # placeholder imagePullSecrets: - - codefresh-registry - dockerhub-creds ingress: From 7385482cab9f2db8828c34da5a5c5593ec845f13 Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Fri, 13 Jun 2025 15:58:47 +0300 Subject: [PATCH 10/19] feat: gitops-onprem --- charts/codefresh-gitops/.ci/values/e2e.yaml | 2 + .../hooks/post-upgrade/e2e-seed-job.yaml | 42 +++++++++++++++++++ charts/codefresh-gitops/values.yaml | 6 +++ 3 files changed, 50 insertions(+) create mode 100644 charts/codefresh-gitops/.ci/values/e2e.yaml create mode 100644 charts/codefresh-gitops/templates/hooks/post-upgrade/e2e-seed-job.yaml diff --git a/charts/codefresh-gitops/.ci/values/e2e.yaml b/charts/codefresh-gitops/.ci/values/e2e.yaml new file mode 100644 index 0000000000..b4e39c3f85 --- /dev/null +++ b/charts/codefresh-gitops/.ci/values/e2e.yaml @@ -0,0 +1,2 @@ +e2e: + enabled: true diff --git a/charts/codefresh-gitops/templates/hooks/post-upgrade/e2e-seed-job.yaml b/charts/codefresh-gitops/templates/hooks/post-upgrade/e2e-seed-job.yaml new file mode 100644 index 0000000000..f20c14f1fa --- /dev/null +++ b/charts/codefresh-gitops/templates/hooks/post-upgrade/e2e-seed-job.yaml @@ -0,0 +1,42 @@ + +{{- if .Values.e2e.enabled }} +apiVersion: batch/v1 +kind: Job +metadata: + name: e2e-seed + labels: + {{- include "codefresh-gitops.labels" . | nindent 4 }} + annotations: + helm.sh/hook: post-upgrade,post-install + helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded + helm.sh/hook-weight: "0" +spec: + template: + metadata: + labels: + {{- include "codefresh-gitops.labels" . | nindent 8 }} + spec: + serviceAccountName: default + automountServiceAccountToken: true + dnsPolicy: ClusterFirst + containers: + - name: e2e-seed + image: us-docker.pkg.dev/codefresh-inc/gcr.io/codefresh-io/dev/argo-platform-e2e:{{ index .Values "argo-platform" "version" }} + imagePullPolicy: Always + command: + - /bin/bash + - -c + - | + yarn build --outDir . + yarn run e2e:init + env: + - name: ANALYTICS_POSTGRES_URI + value: "postgres://postgres:postgres@postgresql:5432/analytics" + - name: V1_MONGO_URI + value: "mongodb://user:password@mongodb:27017/codefresh" + - name: V1_PAYMENTS_MONGO_URI + value: "mongodb://user:password@mongodb:27017/payments" + - name: V2_MONGO_URI + value: "mongodb://user:password@mongodb:27017/read-models" + restartPolicy: Never +{{- end }} diff --git a/charts/codefresh-gitops/values.yaml b/charts/codefresh-gitops/values.yaml index 5759006b2b..fb54b479d9 100644 --- a/charts/codefresh-gitops/values.yaml +++ b/charts/codefresh-gitops/values.yaml @@ -1159,3 +1159,9 @@ argo-platform: classic-event-bridge: enabled: false + +# -- E2E tests +# @default -- See below +e2e: + # -- Enable E2E tests + enabled: false From 5e0accb8a23276efb0c4ef94bbb14e800dd84bb0 Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Fri, 13 Jun 2025 16:01:15 +0300 Subject: [PATCH 11/19] feat: gitops-onprem --- charts/codefresh-gitops/README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/charts/codefresh-gitops/README.md b/charts/codefresh-gitops/README.md index 5aa1422cd7..ed3921ff2c 100644 --- a/charts/codefresh-gitops/README.md +++ b/charts/codefresh-gitops/README.md @@ -100,6 +100,8 @@ Helm Chart for Codefresh GitOps On-Prem | cfapi.resources | object | `{"limits":{},"requests":{"cpu":"200m","memory":"256Mi"}}` | Resource requests and limits | | cfapi.tolerations | list | `[]` | Tolerations configuration | | cfui | object | See below | cf-ui | +| e2e | object | See below | E2E tests | +| e2e.enabled | bool | `false` | Enable E2E tests | | global | object | See below | Global parameters | | global.affinity | object | `{}` | Global affinity constraints Apply affinity to all Codefresh subcharts. Will not be applied on Bitnami subcharts. | | global.appProtocol | string | `"https"` | Application protocol. | From 95b93f8b8a2dfe2bbe789329dd7e32c40b5cfd28 Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Fri, 13 Jun 2025 16:11:43 +0300 Subject: [PATCH 12/19] feat: gitops-onprem --- .../templates/hooks/post-upgrade/e2e-seed-job.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/charts/codefresh-gitops/templates/hooks/post-upgrade/e2e-seed-job.yaml b/charts/codefresh-gitops/templates/hooks/post-upgrade/e2e-seed-job.yaml index f20c14f1fa..971d83e25e 100644 --- a/charts/codefresh-gitops/templates/hooks/post-upgrade/e2e-seed-job.yaml +++ b/charts/codefresh-gitops/templates/hooks/post-upgrade/e2e-seed-job.yaml @@ -1,5 +1,6 @@ {{- if .Values.e2e.enabled }} +{{- $libTemplateName := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }} apiVersion: batch/v1 kind: Job metadata: @@ -16,6 +17,7 @@ spec: labels: {{- include "codefresh-gitops.labels" . | nindent 8 }} spec: + {{- include (printf "%s.image.pullSecrets" $libTemplateName ) . | nindent 6 }} serviceAccountName: default automountServiceAccountToken: true dnsPolicy: ClusterFirst From 4a17a61bab9e6cf0619e823df331c90d7fa2237d Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Fri, 13 Jun 2025 16:13:14 +0300 Subject: [PATCH 13/19] feat: gitops-onprem --- .../codefresh-gitops/.ci/values/defaults.yaml | 51 ------------------- 1 file changed, 51 deletions(-) diff --git a/charts/codefresh-gitops/.ci/values/defaults.yaml b/charts/codefresh-gitops/.ci/values/defaults.yaml index 917d9576f1..b1a5c82bdd 100644 --- a/charts/codefresh-gitops/.ci/values/defaults.yaml +++ b/charts/codefresh-gitops/.ci/values/defaults.yaml @@ -12,57 +12,6 @@ ingress: cfapi: rbac: namespaced: false - hpa: - enabled: true container: env: DEFAULT_SYSTEM_TYPE: GITOPS - -cfui: - hpa: - enabled: true - -internal-gateway: - hpa: - enabled: true - -cf-platform-analytics-platform: - hpa: - enabled: true - -argo-platform: - analytics-reporter: - hpa: - enabled: true - - api-events: - hpa: - enabled: true - - api-graphql: - hpa: - enabled: true - - cron-executor: - hpa: - enabled: true - - event-handler: - hpa: - enabled: true - - ui: - hpa: - enabled: true - - audit: - hpa: - enabled: true - - abac: - hpa: - enabled: true - - promotion-orchestrator: - hpa: - enabled: true From 8fe1f5894477122ec9a7b09d14a7d7db0252074f Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Fri, 13 Jun 2025 16:21:28 +0300 Subject: [PATCH 14/19] feat: gitops-onprem --- charts/codefresh-gitops/.ci/values/defaults.yaml | 2 +- .../templates/hooks/post-upgrade/e2e-seed-job.yaml | 2 +- charts/codefresh-gitops/values.yaml | 4 ++++ 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/charts/codefresh-gitops/.ci/values/defaults.yaml b/charts/codefresh-gitops/.ci/values/defaults.yaml index b1a5c82bdd..0fc7e5a561 100644 --- a/charts/codefresh-gitops/.ci/values/defaults.yaml +++ b/charts/codefresh-gitops/.ci/values/defaults.yaml @@ -5,7 +5,7 @@ global: ingress: enabled: true - ingressClassName: nginx-internal + ingressClassName: nginx tls: enabled: false diff --git a/charts/codefresh-gitops/templates/hooks/post-upgrade/e2e-seed-job.yaml b/charts/codefresh-gitops/templates/hooks/post-upgrade/e2e-seed-job.yaml index 971d83e25e..dab7e323d7 100644 --- a/charts/codefresh-gitops/templates/hooks/post-upgrade/e2e-seed-job.yaml +++ b/charts/codefresh-gitops/templates/hooks/post-upgrade/e2e-seed-job.yaml @@ -23,7 +23,7 @@ spec: dnsPolicy: ClusterFirst containers: - name: e2e-seed - image: us-docker.pkg.dev/codefresh-inc/gcr.io/codefresh-io/dev/argo-platform-e2e:{{ index .Values "argo-platform" "version" }} + image: {{ include (printf "%s.image.name" $libTemplateName) (dict "image" .Values.e2e.image "context" .) }} imagePullPolicy: Always command: - /bin/bash diff --git a/charts/codefresh-gitops/values.yaml b/charts/codefresh-gitops/values.yaml index fb54b479d9..2e5ce36f6f 100644 --- a/charts/codefresh-gitops/values.yaml +++ b/charts/codefresh-gitops/values.yaml @@ -1165,3 +1165,7 @@ argo-platform: e2e: # -- Enable E2E tests enabled: false + image: + registry: us-docker.pkg.dev/codefresh-inc/gcr.io + repository: codefresh-io/argo-platform-e2e + tag: '{{ index .Values "argo-platform" "version" }}' From 90223d4268c262d2c73ca90ae56494c24c5f91ad Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Fri, 13 Jun 2025 16:28:59 +0300 Subject: [PATCH 15/19] feat: gitops-onprem --- .../templates/hooks/post-upgrade/e2e-seed-job.yaml | 2 +- charts/codefresh-gitops/values.yaml | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/charts/codefresh-gitops/templates/hooks/post-upgrade/e2e-seed-job.yaml b/charts/codefresh-gitops/templates/hooks/post-upgrade/e2e-seed-job.yaml index dab7e323d7..8a56ca8260 100644 --- a/charts/codefresh-gitops/templates/hooks/post-upgrade/e2e-seed-job.yaml +++ b/charts/codefresh-gitops/templates/hooks/post-upgrade/e2e-seed-job.yaml @@ -23,7 +23,7 @@ spec: dnsPolicy: ClusterFirst containers: - name: e2e-seed - image: {{ include (printf "%s.image.name" $libTemplateName) (dict "image" .Values.e2e.image "context" .) }} + image: {{ printf "%s/%s:%s" .Values.e2e.image.registry .Values.e2e.image.repository (index .Values "argo-platform" "version") | quote }} imagePullPolicy: Always command: - /bin/bash diff --git a/charts/codefresh-gitops/values.yaml b/charts/codefresh-gitops/values.yaml index 2e5ce36f6f..9d0e60bb7c 100644 --- a/charts/codefresh-gitops/values.yaml +++ b/charts/codefresh-gitops/values.yaml @@ -1168,4 +1168,3 @@ e2e: image: registry: us-docker.pkg.dev/codefresh-inc/gcr.io repository: codefresh-io/argo-platform-e2e - tag: '{{ index .Values "argo-platform" "version" }}' From cae00f93ca66047032a179bf82aca685ae0329bd Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Fri, 13 Jun 2025 16:42:05 +0300 Subject: [PATCH 16/19] feat: gitops-onprem --- charts/codefresh-gitops/values.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/charts/codefresh-gitops/values.yaml b/charts/codefresh-gitops/values.yaml index 9d0e60bb7c..a0f42c0c30 100644 --- a/charts/codefresh-gitops/values.yaml +++ b/charts/codefresh-gitops/values.yaml @@ -576,6 +576,7 @@ mongodb: - user - user - user + - user passwords: - password - password @@ -583,6 +584,7 @@ mongodb: - password - password - password + - password databases: - archive - codefresh @@ -590,6 +592,7 @@ mongodb: - read-models - audit - platform-analytics-postgres + - payments # temporary, need to remove resources: requests: cpu: 200m From 1d18ee4c676b007c2403ba42df47fb3711623e30 Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Fri, 13 Jun 2025 19:05:18 +0300 Subject: [PATCH 17/19] feat: gitops-onprem --- charts/codefresh-gitops/Chart.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/codefresh-gitops/Chart.lock b/charts/codefresh-gitops/Chart.lock index 0ea7550809..8f725d416f 100644 --- a/charts/codefresh-gitops/Chart.lock +++ b/charts/codefresh-gitops/Chart.lock @@ -34,9 +34,9 @@ dependencies: version: 0.50.2 - name: argo-platform repository: oci://quay.io/codefresh/charts - version: 1.3571.0 + version: 1.3572.0 - name: argo-hub-platform repository: oci://quay.io/codefresh/charts version: 0.1.24 -digest: sha256:500deaa56ebb1da2aff4b1806088bd9f0997da809839ce00c357d7bd4fdf2d96 -generated: "2025-06-13T13:10:52.723538+03:00" +digest: sha256:b56f7da08872d82f1537ef08977d02d58bb1576ce5fbd0ca0d2e196e45c80115 +generated: "2025-06-13T19:04:26.344602+03:00" From 24d1dc162713f629f1f45dd5a873e296c92fb335 Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Mon, 16 Jun 2025 10:37:55 +0300 Subject: [PATCH 18/19] feat: gitops-onprem --- .../hooks/post-upgrade/e2e-seed-job.yaml | 44 ------------------- charts/codefresh-gitops/values.yaml | 9 ---- 2 files changed, 53 deletions(-) delete mode 100644 charts/codefresh-gitops/templates/hooks/post-upgrade/e2e-seed-job.yaml diff --git a/charts/codefresh-gitops/templates/hooks/post-upgrade/e2e-seed-job.yaml b/charts/codefresh-gitops/templates/hooks/post-upgrade/e2e-seed-job.yaml deleted file mode 100644 index 8a56ca8260..0000000000 --- a/charts/codefresh-gitops/templates/hooks/post-upgrade/e2e-seed-job.yaml +++ /dev/null @@ -1,44 +0,0 @@ - -{{- if .Values.e2e.enabled }} -{{- $libTemplateName := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }} -apiVersion: batch/v1 -kind: Job -metadata: - name: e2e-seed - labels: - {{- include "codefresh-gitops.labels" . | nindent 4 }} - annotations: - helm.sh/hook: post-upgrade,post-install - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded - helm.sh/hook-weight: "0" -spec: - template: - metadata: - labels: - {{- include "codefresh-gitops.labels" . | nindent 8 }} - spec: - {{- include (printf "%s.image.pullSecrets" $libTemplateName ) . | nindent 6 }} - serviceAccountName: default - automountServiceAccountToken: true - dnsPolicy: ClusterFirst - containers: - - name: e2e-seed - image: {{ printf "%s/%s:%s" .Values.e2e.image.registry .Values.e2e.image.repository (index .Values "argo-platform" "version") | quote }} - imagePullPolicy: Always - command: - - /bin/bash - - -c - - | - yarn build --outDir . - yarn run e2e:init - env: - - name: ANALYTICS_POSTGRES_URI - value: "postgres://postgres:postgres@postgresql:5432/analytics" - - name: V1_MONGO_URI - value: "mongodb://user:password@mongodb:27017/codefresh" - - name: V1_PAYMENTS_MONGO_URI - value: "mongodb://user:password@mongodb:27017/payments" - - name: V2_MONGO_URI - value: "mongodb://user:password@mongodb:27017/read-models" - restartPolicy: Never -{{- end }} diff --git a/charts/codefresh-gitops/values.yaml b/charts/codefresh-gitops/values.yaml index a0f42c0c30..5d8d08f30d 100644 --- a/charts/codefresh-gitops/values.yaml +++ b/charts/codefresh-gitops/values.yaml @@ -1162,12 +1162,3 @@ argo-platform: classic-event-bridge: enabled: false - -# -- E2E tests -# @default -- See below -e2e: - # -- Enable E2E tests - enabled: false - image: - registry: us-docker.pkg.dev/codefresh-inc/gcr.io - repository: codefresh-io/argo-platform-e2e From 5bda419cb5bcd291557c66e718e3140b84232f14 Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Mon, 16 Jun 2025 10:40:57 +0300 Subject: [PATCH 19/19] feat: gitops-onprem --- charts/codefresh-gitops/README.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/charts/codefresh-gitops/README.md b/charts/codefresh-gitops/README.md index ed3921ff2c..5aa1422cd7 100644 --- a/charts/codefresh-gitops/README.md +++ b/charts/codefresh-gitops/README.md @@ -100,8 +100,6 @@ Helm Chart for Codefresh GitOps On-Prem | cfapi.resources | object | `{"limits":{},"requests":{"cpu":"200m","memory":"256Mi"}}` | Resource requests and limits | | cfapi.tolerations | list | `[]` | Tolerations configuration | | cfui | object | See below | cf-ui | -| e2e | object | See below | E2E tests | -| e2e.enabled | bool | `false` | Enable E2E tests | | global | object | See below | Global parameters | | global.affinity | object | `{}` | Global affinity constraints Apply affinity to all Codefresh subcharts. Will not be applied on Bitnami subcharts. | | global.appProtocol | string | `"https"` | Application protocol. |