Test release 0.1.27 (#202)

* [BE]:Up version (#126)

* Up version

* Up version

* Up proxy version

* Wip

* Back version

* Wip

* add applications to app-proxy rbac (#124)

* add applications to app-proxy rbac

* bump

* remove version bump

* CR-15471-insecure-git-providers (#130)

* add initContainer to app-proxy

* move hosted to 2.4 (#129)

Co-authored-by: Daniel Maizel <daniel.maizel@codefresh.io>

* bumped app-proxy to 1.1982.0 (#132)

* fix appset (#133)

* fix appset

* fix hosted installation

* fix hybrid install

* argocd 2.4 install

* Debug

* Revert "Debug"

This reverts commit c02c9af.

Co-authored-by: danielm-codefresh <daniel.maizel@codefresh.io>

* bump app-proxy to 1.1991.1 (#138)

* bump app-proxy to 1.1991.1

* CR-14423 (#136)

app proxy update

* Revert hosted move to argocd 2.4 (#139)

* Revert "move hosted to 2.4 (#129)"

This reverts commit 22f5ef5.

* Revert "fix appset (#133)"

This reverts commit aeeeb3a.

* fix

* update app-proxy (#141)

* update app-proxy

* hybrid test

* Revert "hybrid test"

This reverts commit e656ba8.

* fix appProtocol for argocd-server to support Istio (#140)

* Cr 24 hosted (#142)

* Release 0.1.16 (#134)

releasing 0.1.16

* Revert "Revert hosted move to argocd 2.4 (#139)"

This reverts commit b63acd3

* hosted 2.4

* hosted 2.4

* runtime.yaml

* fix hybrid

* fix hybrid

* revert VERSION

Co-authored-by: Daniel Maizel <daniel.maizel@codefresh.io>

* upgrade argo-workflows to 3.4 (#144)

* =upgrade argo-workflows

* fix changed ns

* wip

* wip

* wip

* wip

* wip

* wip

* wip

* wip

* wip

* wip

* prepare for merge

* wip

* prepare for merge

* update tag to 3.4.4

* Cr 15967 bb enr rc (#147)

* mount argocd-token to app-proxy env
* bumped app-proxy to 1.2016.2

Co-authored-by: Noam Gal <noam.gal@codefresh.io>
Co-authored-by: andrii-codefresh <andrii@codefresh.io>

* CR-15900-argo-cd-version-update (#149)

argo-cd version update with rollback query

* Revert "upgrade argo-workflows to 3.4 (#144)"

This reverts commit ce2330b.

* upgrade argo-rollouts to 1.4.0 (#152)

* bump app-proxy (#155)

* Argo workflow 3.4 upgrade (#157)

* Revert "Revert "upgrade argo-workflows to 3.4 (#144)""
* add namespace override for argo-workflows

Co-authored-by: danielm-codefresh <daniel.maizel@codefresh.io>

* automatically merge release branch to main to avoid version drift (#158)

* automatically merge release branch to main

* add component version to release notes

* bump app-proxy (#160)

* bump app-proxy

* bump

* trigger

* trigger

* bump

* remove redundent bump

* bump app-proxy to 1.2056.0 (#162)

change back to argocd user/password instead of token

* Add permissions for app-proxy to read, list and patch deployments (#163)

* readme

* add permissions for app-proxy to read, list and patch deployments

* Cr visa sw (#164)

* new rollouts version

* update rollouts

* Add all release managers as code owners (#166)

add all release managers as code owners

* Update release.yaml

* Argocd 25 (#168)

* argocd 2.5

* argocd 2.5

* change version

* change version back

* Bump app-proxy to 1.2081.0 (#169)

* bumped app-proxy to 1.2081.0

* bump-app-proxy (#170)

* bumping argocd CR-16950-reporting-deadline (#174)

* bumping argocd CR-16950-reporting-deadline

* fix

* remove bootstrapRevision

* add additional env SKIP_TLS_VALIDATION (#175)

* add additional env SKIP_TLS_VALIDATION

* change version

* update add cluster job

wip

update dockerfile

wip

wip

wip

wip

wip

wip

add comment

wip

* Cr 17082 (#177)

* security patch

* security patch

* security patch

* add SKIP_PERMISSIONS_VALIDATION to app-proxy deploy and bump (#176)

* add SKIP_PERMISSIONS_VALIDATION to app-proxy deploy

* test app-proxy image

* bump app-proxy

* bump app-proxy

* CR-16741-config-fix (#179)

fix job yaml

* update argo workflows to fix empty page issue (#182)

* fixed role resource name (#183)

* Cr argocd 26 (#184)

* argocd 2.6

* change version

* change version

* new argo version (#187)

* Revert "update argo workflows to fix empty page issue (#182)"

This reverts commit 3e239a8.

* argo workflows exit handler fix (#188)

* Update kustomization.yaml

* Update kustomization.yaml

* Cr argocd26 appset (#190)

* change version

* change version

* change version

* custom hybrid argocd version

* custom hybrid argocd version

* Bump app-proxy to 1.2133.0 (#192)

* bump app-proxy to `1.2140.0` (#193)

bump app-proxy to 1.2140.0

* CR-17122 (#191)

* Update kustomization.yaml

* Update runtime.yaml

* Update runtime.yaml

* Update runtime.yaml

* Update kustomization.yaml

* Update runtime.yaml

* Update runtime.yaml

* Update runtime.yaml

* Update runtime.yaml

* Update runtime.yaml

* Update runtime.yaml

* wip

* bump app-proxy 1.2143.0

* updated role (#194)

* updated role

* added a list of missing env vars, injected from cm (#197)

all of those env vars are optional, and the current `cap-app-proxy-cm` do not contain values for them. that means the pod will run like it used to run before, by using default values in the code. there should be no risk.

* Add-cluster-insecure (#198)

* added --insecure-skip-tls-verify flag to script
* updated add-cluster version to 0.7.0
* fixed initCerts to handle multiple files

* bump app-proxy to a version that includes the option to decouple runt… (#196)

* bump app-proxy to a version that includes the option to decouple runtime name and namespace

---------

Co-authored-by: Noam Gal <noam.gal@codefresh.io>

* bump app-proxy and argo-cd (#201)

* bump prerelease

* update argo-cd for hybrid

* fix

* update app-proxy

* fix app-proxy

* bump prerelease

* bump prerelease

* add label selector to app-proxy service

* bump prerelease

* bump app-proxy

* bump prerelease

* bump app-proxy

* remove pre-release postfix

---------

Co-authored-by: Philipp Plotnikov <philipp.plotnikov@codefresh.io>
Co-authored-by: Noam Gal <noam.gal@codefresh.io>
Co-authored-by: pasha-codefresh <pavel@codefresh.io>
Co-authored-by: Oleksandr Saulyak <oleksandr.saulyak@codefresh.io>
Co-authored-by: Andrii Shaforostov <andrii@codefresh.io>
Co-authored-by: Denis Melnik <denis@codefresh.io>
Co-authored-by: kim-codefresh <kim.aharfi@codefresh.io>
Co-authored-by: roi-codefresh <roi.kramer@codefresh.io>
Co-authored-by: pysarenko-bohdan <bohdan.pisarenko@codefresh.io>
Co-authored-by: vadim-kharin-codefresh <vadim.kharin@codefresh.io>
Co-authored-by: Eti Zaguri <eti.zaguri@codefresh.io>

Author: 12 people

VERSION

@@ -1 +1 @@
-0.1.26
+0.1.27

add-cluster/add-cluster.sh

@@ -50,11 +50,12 @@ BEARER_TOKEN=$(kubectl get secret ${SECRET_NAME} -n ${NAMESPACE} -o jsonpath='{.
 CLUSTER_NAME=$(echo ${SERVER} | sed s/'http[s]\?:\/\/'//)
 if [[ $SKIP_TLS_VALIDATION == 'true' ]]
 then
-  kubectl config set-cluster "${CLUSTER_NAME}" --server="${SERVER}" || exit 1
+  kubectl config set-cluster "${CLUSTER_NAME}" --server="${SERVER}" --insecure-skip-tls-verify=true || exit 1
 else
   # Reference the internal certificate authority (CA)
   kubectl config set-cluster "${CLUSTER_NAME}" --server="${SERVER}" --certificate-authority="${SERVICEACCOUNT}/ca.crt" || exit 1
 fi
+
 kubectl config set-credentials "${SERVICE_ACCOUNT_NAME}" --token "${BEARER_TOKEN}" || exit 1
 kubectl config set-context "${CONTEXT_NAME}" --cluster="${CLUSTER_NAME}" --user="${SERVICE_ACCOUNT_NAME}" || exit 1
 
@@ -84,4 +85,4 @@ if [[ $STATUS_CODE -ge 300 ]]; then
 fi
 
 echo "deleting token secret ${CSDP_TOKEN_SECRET}"
-kubectl delete secret ${CSDP_TOKEN_SECRET} -n ${NAMESPACE} || echo "warning: failed deleting secret ${CSDP_TOKEN_SECRET}. you can safely delete this secret manually later with: kubectl delete secret ${CSDP_TOKEN_SECRET} -n ${NAMESPACE}"
+kubectl delete secret ${CSDP_TOKEN_SECRET} -n ${NAMESPACE} || echo "warning: failed deleting secret ${CSDP_TOKEN_SECRET}. you can safely delete this secret manually later with: kubectl delete secret ${CSDP_TOKEN_SECRET} -n ${NAMESPACE}"

add-cluster/helm/Chart.yaml

@@ -6,4 +6,4 @@ type: application
 
 version: 0.2.0
 
-appVersion: 0.6.0
+appVersion: 0.7.0

add-cluster/kustomize/kustomization.yaml

@@ -4,7 +4,7 @@ namespace: kube-system
 
 images:
   - name: quay.io/codefresh/csdp-add-cluster
-    newTag: 0.6.0
+    newTag: 0.7.0
 
 resources:
   - configmap.yaml

csdp/base_components/README.yaml

@@ -1,3 +1,4 @@
+
 All resources are defined using Kustomize components in this folder in the following structure:
 
 base_components:
@@ -10,4 +11,4 @@ base_components:
                 this allows us to create configuration bundles - for example HA and non HA configurations.
                 Try to keep resources and patches out of the bundle kustomization, it should contain only the composition
                 of components.
-  bootstrap: This is the bootstrap component
+  bootstrap: This is the bootstrap component

csdp/base_components/apps/app-proxy/_components/codefresh-base/app-proxy.cm.yaml

@@ -1,6 +1,8 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
+  labels:
+    app.kubernetes.io/part-of: cap-app-proxy
   name: cap-app-proxy-cm
 data:
   argoCdUsername: admin

csdp/base_components/apps/app-proxy/_components/codefresh-base/app-proxy.crb.yaml

@@ -1,6 +1,8 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
+  labels:
+    app: cap-app-proxy
   name: cap-app-proxy-binding
 roleRef:
   apiGroup: rbac.authorization.k8s.io

csdp/base_components/apps/app-proxy/_components/codefresh-base/app-proxy.deploy.yaml

@@ -1,10 +1,9 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  labels:
-    app: cap-app-proxy
   name: cap-app-proxy
 spec:
+  replicas: 1
   selector:
     matchLabels:
       app: cap-app-proxy
@@ -23,7 +22,7 @@ spec:
             - -c
             - |
               /bin/sh <<'EOF'
-              if [ $(ls /app/config/tls) ]; then
+              if [ "$(ls /app/config/tls)" ]; then
                 echo "concatenating certs into /app/config/all/all.cer"
                 cat /app/config/tls/* >> /app/config/all/all.cer
               else
@@ -45,6 +44,12 @@ spec:
               cpu: '0.2'
       containers:
         - env:
+            - name: ARGO_CD_INSECURE
+              valueFrom:
+                configMapKeyRef:
+                  name: cap-app-proxy-cm
+                  key: argoCdInsecure
+                  optional: true
             - name: ARGO_CD_URL
               valueFrom:
                 configMapKeyRef:
@@ -92,6 +97,54 @@ spec:
                   name: cap-app-proxy-cm
                   key: env
                   optional: true
+            - name: ISC_ENSURED_EVENT_EMIT_DELAY
+              valueFrom:
+                configMapKeyRef:
+                  name: cap-app-proxy-cm
+                  key: iscEnsuredEventEmitDelay
+                  optional: true
+            - name: IRW_CONCURRENCY_CM_KEY
+              valueFrom:
+                configMapKeyRef:
+                  name: cap-app-proxy-cm
+                  key: irwConcurrencyCmKey
+                  optional: true
+            - name: IRW_CONCURRENCY_CM_NAME
+              valueFrom:
+                configMapKeyRef:
+                  name: cap-app-proxy-cm
+                  key: irwConcurrentyCmName
+                  optional: true
+            - name: IRW_HEARTBEAT_INTERVAL_IN_SECONDS
+              valueFrom:
+                configMapKeyRef:
+                  name: cap-app-proxy-cm
+                  key: irwHeartbeatIntervalInSeconds
+                  optional: true
+            - name: IRW_POD_GC_STRATEGY
+              valueFrom:
+                configMapKeyRef:
+                  name: cap-app-proxy-cm
+                  key: irwPodGcStrategy
+                  optional: true
+            - name: IRW_SERVICE_ACCOUNT
+              valueFrom:
+                configMapKeyRef:
+                  name: cap-app-proxy-cm
+                  key: irwServiceAccount
+                  optional: true
+            - name: IRW_TTL_ACTIVE_IN_SECONDS
+              valueFrom:
+                configMapKeyRef:
+                  name: cap-app-proxy-cm
+                  key: irwTtlActiveInSeconds
+                  optional: true
+            - name: IRW_TTL_AFTER_COMPLETION_IN_SECONDS
+              valueFrom:
+                configMapKeyRef:
+                  name: cap-app-proxy-cm
+                  key: irwTtlAfterCompletionInSeconds
+                  optional: true
             - name: GRAPHQL_DEBUG
               valueFrom:
                 configMapKeyRef:
@@ -104,6 +157,12 @@ spec:
                   name: cap-app-proxy-cm
                   key: graphqlPlayground
                   optional: true
+            - name: LOG_LEVEL
+              valueFrom:
+                configMapKeyRef:
+                  name: cap-app-proxy-cm
+                  key: logLevel
+                  optional: true
             - name: NAMESPACE
               valueFrom:
                 fieldRef:
@@ -114,6 +173,18 @@ spec:
                   name: cap-app-proxy-cm
                   key: port
                   optional: true
+            - name: GIT_INTEGRATION_APIURL
+              valueFrom:
+                configMapKeyRef:
+                  name: cap-app-proxy-cm
+                  key: gitIntegrationApiUrl
+                  optional: true
+            - name: GIT_INTEGRATION_PROVIDER
+              valueFrom:
+                configMapKeyRef:
+                  name: cap-app-proxy-cm
+                  key: gitIntegrationProvider
+                  optional: true
             - name: GIT_USERNAME
               valueFrom:
                 secretKeyRef:
@@ -126,6 +197,20 @@ spec:
                   name: autopilot-secret
                   key: git_token
                   optional: true
+            - name: NODE_EXTRA_CA_CERTS
+              value: /app/config/all/all.cer
+            - name: REPO_CREDS_SECRET_NAME
+              valueFrom:
+                configMapKeyRef:
+                  name: cap-app-proxy-cm
+                  key: repoCredsSecretName
+                  optional: true
+            - name: REPO_LOCK_TIMEOUT
+              valueFrom:
+                configMapKeyRef:
+                  name: cap-app-proxy-cm
+                  key: repoLockTimeout
+                  optional: true
             - name: REPOS_DIR
               valueFrom:
                 configMapKeyRef:
@@ -149,6 +234,18 @@ spec:
                   name: codefresh-token
                   key: encryptionIV
                   optional: true
+            - name: SEND_HEARTBEAT_INTERVAL
+              valueFrom:
+                configMapKeyRef:
+                  name: cap-app-proxy-cm
+                  key: sendHeartbeatInterval
+                  optional: true
+            - name: SKIP_PERMISSIONS_VALIDATION
+              valueFrom:
+                configMapKeyRef:
+                  name: cap-app-proxy-cm
+                  key: skipPermissionsValidation
+                  optional: true
             - name: STORE_BACKEND
               valueFrom:
                 configMapKeyRef:
@@ -161,14 +258,18 @@ spec:
                   name: cap-app-proxy-cm
                   key: stripPrefix
                   optional: true
-            - name: SKIP_PERMISSIONS_VALIDATION
+            - name: USER_CACHE_TTL
               valueFrom:
                 configMapKeyRef:
                   name: cap-app-proxy-cm
-                  key: skipPermissionsValidation
+                  key: userCacheTtl
+                  optional: true
+            - name: USER_TOKEN
+              valueFrom:
+                secretKeyRef:
+                  name: codefresh-user-token
+                  key: token
                   optional: true
-            - name: NODE_EXTRA_CA_CERTS
-              value: /app/config/all/all.cer
           image: quay.io/codefresh/cap-app-proxy
           imagePullPolicy: Always
           name: cap-app-proxy

csdp/base_components/apps/app-proxy/_components/codefresh-base/kustomization.yaml

@@ -3,7 +3,7 @@ kind: Component
 images:
 - name: quay.io/codefresh/cap-app-proxy
   newName: quay.io/codefresh/cap-app-proxy
-  newTag: 1.2143.0
+  newTag: 1.2167.0
 resources:
 - app-proxy.deploy.yaml
 - app-proxy.svc.yaml

csdp/base_components/apps/app-proxy/_components/ha-manifests/kustomization.yaml

@@ -2,53 +2,53 @@ apiVersion: kustomize.config.k8s.io/v1alpha1
 kind: Component
 
 resources:
-  - pdb.yaml
+- pdb.yaml
 
 patches:
-  # increase replicas
-  - target:
-      group: apps
-      version: v1
-      kind: Deployment
-      name: cap-app-proxy
-    patch: |-
-      - op: add
-        path: /spec/replicas
-        value: 2
-  # Add leader election sidecar
-  - target:
-      group: apps
-      version: v1
-      kind: Deployment
-      name: cap-app-proxy
-    path: leader-election.deployment.patch.yaml
-  # Add leader election role
-  - target:
-      kind: Role
-      name: cap-app-proxy
-    patch: |-
-      - op: add
-        path: /rules/-
-        value:
-          apiGroups:
-          - coordination.k8s.io
-          resources:
-          - leases
-          verbs:
-          - get
-          - list
-          - watch
-          - create
-          - update
-          - patch
-          - delete
-      - op: add
-        path: /rules/-
-        value:
-          apiGroups:
-          - ""
-          resources:
-          - events
-          verbs:
-          - create
-          - patch
+# increase replicas
+- target:
+    group: apps
+    version: v1
+    kind: Deployment
+    name: cap-app-proxy
+  patch: |-
+    - op: replace
+      path: /spec/replicas
+      value: 2
+# Add leader election sidecar
+- target:
+    group: apps
+    version: v1
+    kind: Deployment
+    name: cap-app-proxy
+  path: leader-election.deployment.patch.yaml
+# Add leader election role
+- target:
+    kind: Role
+    name: cap-app-proxy
+  patch: |-
+    - op: add
+      path: /rules/-
+      value:
+        apiGroups:
+        - coordination.k8s.io
+        resources:
+        - leases
+        verbs:
+        - get
+        - list
+        - watch
+        - create
+        - update
+        - patch
+        - delete
+    - op: add
+      path: /rules/-
+      value:
+        apiGroups:
+        - ""
+        resources:
+        - events
+        verbs:
+        - create
+        - patch