0.1.23 (#180)

yaroslav-codefresh · PhilippPlotnikov · danielm-codefresh · web-flow · commit e62a741be2fb · 2023-02-14T14:42:23.000+02:00
* [BE]:Up version (#126) * Up version * Up version * Up proxy version * Wip * Back version * Wip * add applications to app-proxy rbac (#124) * add applications to app-proxy rbac * bump * remove version bump * CR-15471-insecure-git-providers (#130) * add initContainer to app-proxy * move hosted to 2.4 (#129) Co-authored-by: Daniel Maizel <daniel.maizel@codefresh.io> * bumped app-proxy to 1.1982.0 (#132) * fix appset (#133) * fix appset * fix hosted installation * fix hybrid install * argocd 2.4 install * Debug * Revert "Debug" This reverts commit c02c9af. Co-authored-by: danielm-codefresh <daniel.maizel@codefresh.io> * bump app-proxy to 1.1991.1 (#138) * bump app-proxy to 1.1991.1 * CR-14423 (#136) app proxy update * Revert hosted move to argocd 2.4 (#139) * Revert "move hosted to 2.4 (#129)" This reverts commit 22f5ef5. * Revert "fix appset (#133)" This reverts commit aeeeb3a. * fix * update app-proxy (#141) * update app-proxy * hybrid test * Revert "hybrid test" This reverts commit e656ba8. * fix appProtocol for argocd-server to support Istio (#140) * Cr 24 hosted (#142) * Release 0.1.16 (#134) releasing 0.1.16 * Revert "Revert hosted move to argocd 2.4 (#139)" This reverts commit b63acd3 * hosted 2.4 * hosted 2.4 * runtime.yaml * fix hybrid * fix hybrid * revert VERSION Co-authored-by: Daniel Maizel <daniel.maizel@codefresh.io> * upgrade argo-workflows to 3.4 (#144) * =upgrade argo-workflows * fix changed ns * wip * wip * wip * wip * wip * wip * wip * wip * wip * wip * prepare for merge * wip * prepare for merge * update tag to 3.4.4 * Cr 15967 bb enr rc (#147) * mount argocd-token to app-proxy env * bumped app-proxy to 1.2016.2 Co-authored-by: Noam Gal <noam.gal@codefresh.io> Co-authored-by: andrii-codefresh <andrii@codefresh.io> * CR-15900-argo-cd-version-update (#149) argo-cd version update with rollback query * Revert "upgrade argo-workflows to 3.4 (#144)" This reverts commit ce2330b. * upgrade argo-rollouts to 1.4.0 (#152) * bump app-proxy (#155) * Argo workflow 3.4 upgrade (#157) * Revert "Revert "upgrade argo-workflows to 3.4 (#144)"" * add namespace override for argo-workflows Co-authored-by: danielm-codefresh <daniel.maizel@codefresh.io> * automatically merge release branch to main to avoid version drift (#158) * automatically merge release branch to main * add component version to release notes * bump app-proxy (#160) * bump app-proxy * bump * trigger * trigger * bump * remove redundent bump * bump app-proxy to 1.2056.0 (#162) change back to argocd user/password instead of token * Add permissions for app-proxy to read, list and patch deployments (#163) * readme * add permissions for app-proxy to read, list and patch deployments * Cr visa sw (#164) * new rollouts version * update rollouts * Add all release managers as code owners (#166) add all release managers as code owners * Update release.yaml * Argocd 25 (#168) * argocd 2.5 * argocd 2.5 * change version * change version back * Bump app-proxy to 1.2081.0 (#169) * bumped app-proxy to 1.2081.0 * bump-app-proxy (#170) * bumping argocd CR-16950-reporting-deadline (#174) * bumping argocd CR-16950-reporting-deadline * fix * remove bootstrapRevision * add additional env SKIP_TLS_VALIDATION (#175) * add additional env SKIP_TLS_VALIDATION * change version * update add cluster job wip update dockerfile wip wip wip wip wip wip add comment wip * Cr 17082 (#177) * security patch * security patch * security patch * add SKIP_PERMISSIONS_VALIDATION to app-proxy deploy and bump (#176) * add SKIP_PERMISSIONS_VALIDATION to app-proxy deploy * test app-proxy image * bump app-proxy * bump app-proxy * bump to 0.1.23-rc-0 * CR-16741-config-fix (#179) fix job yaml * bump to 0.1.23 --------- Co-authored-by: Philipp Plotnikov <philipp.plotnikov@codefresh.io> Co-authored-by: Daniel Maizel <daniel.maizel@codefresh.io> Co-authored-by: Noam Gal <noam.gal@codefresh.io> Co-authored-by: pasha-codefresh <pavel@codefresh.io> Co-authored-by: Oleksandr Saulyak <oleksandr.saulyak@codefresh.io> Co-authored-by: Andrii Shaforostov <andrii@codefresh.io> Co-authored-by: Denis Melnik <denis@codefresh.io> Co-authored-by: kim-codefresh <kim.aharfi@codefresh.io> Co-authored-by: roi-codefresh <roi.kramer@codefresh.io> Co-authored-by: pysarenko-bohdan <bohdan.pisarenko@codefresh.io>
diff --git a/VERSION b/VERSION
@@ -1 +1 @@
-0.1.22
+0.1.23
diff --git a/add-cluster/Dockerfile b/add-cluster/Dockerfile
@@ -1,5 +1,11 @@
 FROM bitnami/kubectl:1.24
 
+# curl was removed in the latest patches of bitnami/kubectl. Needs install it again.
+USER root
+RUN apt-get update && apt-get install -y curl 
+
+# set back user used in bitnami/kubectl
+USER 1001
 WORKDIR /src
 
 COPY add-cluster.sh .
diff --git a/add-cluster/add-cluster.sh b/add-cluster/add-cluster.sh
@@ -7,6 +7,7 @@
 # LABELS (cm - optional)
 # ANNOTATIONS (cm - optional)
 # CSDP_TOKEN_SECRET
+# SKIP_TLS_VALIDATION (cm - optional)
 
 SECRET_NAME=""
 
@@ -40,20 +41,20 @@ echo "Server: ${SERVER}"
 
 # Path to ServiceAccount token
 SERVICEACCOUNT=/var/run/secrets/kubernetes.io/serviceaccount
-
 # Read this Pod's namespace
 NAMESPACE=$(cat ${SERVICEACCOUNT}/namespace)
-
-# Reference the internal certificate authority (CA)
-CACERT=${SERVICEACCOUNT}/ca.crt
-
 # get ServiceAccount token
 get_service_account_secret_name || exit 1
 BEARER_TOKEN=$(kubectl get secret ${SECRET_NAME} -n ${NAMESPACE} -o jsonpath='{.data.token}' | base64 -d)
-
 # write KUBE_COPNFIG_DATA to local file
 CLUSTER_NAME=$(echo ${SERVER} | sed s/'http[s]\?:\/\/'//)
-kubectl config set-cluster "${CLUSTER_NAME}" --server="${SERVER}" --certificate-authority="${CACERT}" || exit 1
+if [[ $SKIP_TLS_VALIDATION == 'true' ]]
+then
+  kubectl config set-cluster "${CLUSTER_NAME}" --server="${SERVER}" || exit 1
+else
+  # Reference the internal certificate authority (CA)
+  kubectl config set-cluster "${CLUSTER_NAME}" --server="${SERVER}" --certificate-authority="${SERVICEACCOUNT}/ca.crt" || exit 1
+fi
 kubectl config set-credentials "${SERVICE_ACCOUNT_NAME}" --token "${BEARER_TOKEN}" || exit 1
 kubectl config set-context "${CONTEXT_NAME}" --cluster="${CLUSTER_NAME}" --user="${SERVICE_ACCOUNT_NAME}" || exit 1
 
diff --git a/add-cluster/kustomize/job.yaml b/add-cluster/kustomize/job.yaml
@@ -44,6 +44,12 @@ spec:
                 configMapKeyRef:
                   name: csdp-add-cluster-cm
                   key: server
+            - name: SKIP_TLS_VALIDATION
+              valueFrom:
+                configMapKeyRef:
+                  name: csdp-add-cluster-cm
+                  key: skipTLSValidation 
+                  optional: true                 
             - name: CSDP_TOKEN_SECRET
               value: $(CSDP_ADD_CLUSTER_SECRET)
           volumeMounts:
diff --git a/csdp/base_components/apps/app-proxy/_components/codefresh-base/app-proxy.deploy.yaml b/csdp/base_components/apps/app-proxy/_components/codefresh-base/app-proxy.deploy.yaml
@@ -161,6 +161,12 @@ spec:
                   name: cap-app-proxy-cm
                   key: stripPrefix
                   optional: true
+            - name: SKIP_PERMISSIONS_VALIDATION
+              valueFrom:
+                configMapKeyRef:
+                  name: cap-app-proxy-cm
+                  key: skipPermissionsValidation
+                  optional: true
             - name: NODE_EXTRA_CA_CERTS
               value: /app/config/all/all.cer
           image: quay.io/codefresh/cap-app-proxy
diff --git a/csdp/base_components/apps/app-proxy/_components/codefresh-base/kustomization.yaml b/csdp/base_components/apps/app-proxy/_components/codefresh-base/kustomization.yaml
@@ -3,7 +3,7 @@ kind: Component
 images:
   - name: quay.io/codefresh/cap-app-proxy
     newName: quay.io/codefresh/cap-app-proxy
-    newTag: 1.2084.2
+    newTag: 1.2098.1
 resources:
   - app-proxy.deploy.yaml
   - app-proxy.svc.yaml
diff --git a/csdp/base_components/apps/argo-cd/_components/codefresh-base/kustomization.yaml b/csdp/base_components/apps/argo-cd/_components/codefresh-base/kustomization.yaml
@@ -5,7 +5,7 @@ resources:
 
 images:
   - name: quay.io/codefresh/argocd
-    newTag: v2.5.5-cap-CR-fix-kustomize-v3
+    newTag: v2.5.5-cap-CR-verify-aud-claim
   - name: quay.io/codefresh/applicationset
     newTag: v0.4.2-CR-13254-remove-private-logs
 
diff --git a/csdp/base_components/bootstrap/kustomization.yaml b/csdp/base_components/bootstrap/kustomization.yaml
@@ -9,8 +9,8 @@ configMapGenerator:
   - name: codefresh-cm
     behavior: create
     literals: # order matters - DO NOT change
-      - version=0.1.22 # Runtime version
-      - bootstrapRevision=0.1.22 # Tag to use for bootstrap (change this to the name of your branch if you want to test changes)
+      - version=0.1.23 # Runtime version
+      - bootstrapRevision=0.1.23 # Tag to use for bootstrap (change this to the name of your branch if you want to test changes)
       - appsetRequeueTime=15
 replacements:
   # template the version from the configmap into the applicationset generators
diff --git a/csdp/hybrid/basic/runtime.yaml b/csdp/hybrid/basic/runtime.yaml
@@ -5,7 +5,7 @@ metadata:
   namespace: "{{ namespace }}"
 spec:
   requiredCLIVersion: ^0.1.0
-  version: 0.1.22
+  version: 0.1.23
   bootstrapSpecifier: github.com/codefresh-io/csdp-official/csdp/hybrid/basic/apps/argo-cd
   components:
     - name: events
diff --git a/csdp/hybrid/kustomization.yaml b/csdp/hybrid/kustomization.yaml
@@ -1,4 +1,4 @@
-# For backward compatibility - After change in csdp-managed-runtimes needs to be removed
+# For backward compatibility - After change in csdp-managed-runtimes needs to be removed 
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-# For backward compatibility - After change in csdp-managed-runtimes needs to be removed`
	`1`	`+# For backward compatibility - After change in csdp-managed-runtimes needs to be removed`
`2`	`2`	`apiVersion: kustomize.config.k8s.io/v1beta1`
`3`	`3`	`kind: Kustomization`
`4`	`4`