diff --git a/charts/gitops-runtime/Chart.yaml b/charts/gitops-runtime/Chart.yaml index 50212b65..c9c77df9 100644 --- a/charts/gitops-runtime/Chart.yaml +++ b/charts/gitops-runtime/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: 0.1.72 description: A Helm chart for Codefresh gitops runtime name: gitops-runtime -version: 0.0.0 +version: 0.24.0 home: https://github.com/codefresh-io/gitops-runtime-helm icon: https://avatars1.githubusercontent.com/u/11412079?v=3 keywords: @@ -13,32 +13,125 @@ maintainers: url: https://codefresh-io.github.io/ annotations: artifacthub.io/alternativeName: "codefresh-gitops-runtime" + artifacthub.io/changes: |- + - kind: changed + description: 'chore[cf-argocd-extras]: bumps cf-argocd-extras to version e746a97 (#819)' + - kind: changed + description: 'fix: update app-proxy image tags to 1.3820.0 (#804)' + - kind: changed + description: 'fix: update app-proxy image tags to 1.3819.0 (#802)' + - kind: changed + description: 'feat: runtime helm: add timestamps to failure and warnings (#796)' + - kind: changed + description: bump app proxy version (#795) + - kind: changed + description: 'fix: improve error handling (#791)' + - kind: changed + description: 'feat: remove sources server (#789)' + - kind: changed + description: 'fix: align reconciler requeue and error handling logic, add failure and warning error properties (#780)' + - kind: changed + description: update READE.md (#792) + - kind: changed + description: 'fix: app-proxy cors (#790)' + - kind: changed + description: 'feat: add separate redis for event-reporters/argo-gateway and app-proxy (#751)' + - kind: changed + description: 'fix: security vulnerabilities in enrichment images (#788)' + - kind: changed + description: 'refactor(cf-argocd-extras): replace with argo-api-gateway, runtime and cluster event-reporters (#744)' + - kind: changed + description: 'feat: get commit author avatar url on getPromotionValues step (#778)' + - kind: changed + description: 'fix: promotion values can''t be empty (#772)' + - kind: changed + description: 'feat: add runWorkflow step handler (#785)' + - kind: changed + description: 'chore: move argo-cd auth values to global.integrations.argo-cd.server.auth (#768)' + - kind: changed + description: added runtime label to codefresh-cm (#763) + - kind: changed + description: bumps argo-cd helm chart for redis 8.2.1 upgrade (#765) + - kind: changed + description: bump app proxy version (#760) + - kind: changed + description: 'feat: add error messages for appStatus (#745)' + - kind: changed + description: '[gitops-operator]fix: promotions using pull requests do not resume after the pr has been merged (to main) (#752)' + - kind: changed + description: '[cf-argocd-extras]chore: add tests (#741)' + - kind: changed + description: update enrichment images tag (#746) + - kind: changed + description: 'feat: add promoteAppWithCommitHandler implementation [gitops-operator] (#738)' + - kind: changed + description: 'chore: disable component tests (#740)' + - kind: changed + description: 'chore: update cap-app-proxy image tags to 1.3772.0 (#737)' + - kind: changed + description: 'chore: security fixes for argo rollouts v1.7.2 (#730)' + - kind: changed + description: 'feat: add GetPromotionValuesHandler and VerifyAppHandler implementations (#736)' + - kind: changed + description: '[gitops-operator]fix: security vulnerability (#734)' + - kind: changed + description: 'feat: Add PromotionTaskReconciler (#677)' + - kind: changed + description: 'fix: service account for cleanup runtime resources (#726)' + - kind: changed + description: '[cf-argocd-extras]chore(CR-30961): security fix (#725)' + - kind: changed + description: updated sealed-secrets-controller (#723) + - kind: changed + description: 'chore: Fix security vulnerabilities for argo-workflows and argo-events (#716)' + - kind: changed + description: 'feat: update cap-app-proxy image tags to 1.3750.0' + - kind: changed + description: 'feat: bump evernt-reporter to 88898aa (#676)' + - kind: changed + description: 'feat: conditional registration of the rgs controller (#709)' + - kind: changed + description: 'feat: added sec advisory GHSA-786q-9hcg-v9ff bumped argocd to 8.0.6-9-cap-v… (#703)' + - kind: changed + description: updated cap-app-proxy with security fixes (#702) + - kind: changed + description: 'installer: updated cli-v2, kubectl (#697)' + - kind: changed + description: updated frpc (#693) + - kind: changed + description: update cli-v2 in installer - fix token validation code (#694) + - kind: changed + description: 'chore(app-proxy): update cap-app-proxy image tags to 1.3727.0 (#691)' + - kind: changed + description: updated prometheus-nats-exporter, nats-server-config-reloader for jetstream (#687) + - kind: changed + description: 'feat(conponent-tests): add release branches to pipeline trigger (#684)' dependencies: -- name: argo-cd - repository: https://codefresh-io.github.io/argo-helm - condition: argo-cd.enabled - version: 8.0.6-9-cap-v3.0.2-2025-09-08-9b30d922 -- name: argo-events - repository: https://codefresh-io.github.io/argo-helm - version: 2.4.9-cap-CR-30841 - condition: argo-events.enabled -- name: argo-workflows - repository: https://codefresh-io.github.io/argo-helm - version: 0.45.16-v3.6.7-cap-CR-30835 - condition: argo-workflows.enabled -- name: argo-rollouts - repository: https://codefresh-io.github.io/argo-helm - version: 2.37.3-7-v1.7.2-cap-OSS-697 - condition: argo-rollouts.enabled -- name: sealed-secrets - repository: https://bitnami-labs.github.io/sealed-secrets/ - version: 2.17.2 -- name: codefresh-tunnel-client - repository: oci://quay.io/codefresh/charts - version: 0.1.22 - alias: tunnel-client - condition: tunnel-client.enabled -- name: redis-ha - version: 4.33.4 - repository: https://dandydeveloper.github.io/charts/ - condition: redis-ha.enabled + - name: argo-cd + repository: https://codefresh-io.github.io/argo-helm + condition: argo-cd.enabled + version: 8.0.6-9-cap-v3.0.2-2025-09-08-9b30d922 + - name: argo-events + repository: https://codefresh-io.github.io/argo-helm + version: 2.4.9-cap-CR-30841 + condition: argo-events.enabled + - name: argo-workflows + repository: https://codefresh-io.github.io/argo-helm + version: 0.45.16-v3.6.7-cap-CR-30835 + condition: argo-workflows.enabled + - name: argo-rollouts + repository: https://codefresh-io.github.io/argo-helm + version: 2.37.3-7-v1.7.2-cap-OSS-697 + condition: argo-rollouts.enabled + - name: sealed-secrets + repository: https://bitnami-labs.github.io/sealed-secrets/ + version: 2.17.2 + - name: codefresh-tunnel-client + repository: oci://quay.io/codefresh/charts + version: 0.1.22 + alias: tunnel-client + condition: tunnel-client.enabled + - name: redis-ha + version: 4.33.4 + repository: https://dandydeveloper.github.io/charts/ + condition: redis-ha.enabled diff --git a/charts/gitops-runtime/README.md b/charts/gitops-runtime/README.md index 51679005..6c1ca553 100644 --- a/charts/gitops-runtime/README.md +++ b/charts/gitops-runtime/README.md @@ -1,5 +1,5 @@ ## Codefresh gitops runtime -![Version: 0.0.0](https://img.shields.io/badge/Version-0.0.0-informational?style=flat-square) ![AppVersion: 0.1.72](https://img.shields.io/badge/AppVersion-0.1.72-informational?style=flat-square) +![Version: 0.24.0](https://img.shields.io/badge/Version-0.24.0-informational?style=flat-square) ![AppVersion: 0.1.72](https://img.shields.io/badge/AppVersion-0.1.72-informational?style=flat-square) ## Table of Content @@ -160,7 +160,7 @@ We have created a helper utility to resolve this issue: The utility is packaged in a container image. Below are instructions on executing the utility using Docker: ``` -docker run -v :/output quay.io/codefresh/gitops-runtime-private-registry-utils:0.0.0 +docker run -v :/output quay.io/codefresh/gitops-runtime-private-registry-utils:0.24.0 ``` `output_dir` - is a local directory where the utility will output files.
`local_registry` - is your local registry where you want to mirror the images to @@ -173,7 +173,7 @@ The utility will output 4 files into the folder: For usage with external ArgoCD run the utility with `EXTERNAL_ARGOCD` environment variable set to `true`. ``` -docker run -e EXTERNAL_ARGOCD=true -v :/output quay.io/codefresh/gitops-runtime-private-registry-utils:0.0.0 +docker run -e EXTERNAL_ARGOCD=true -v :/output quay.io/codefresh/gitops-runtime-private-registry-utils:0.24.0 ``` ## Openshift @@ -430,14 +430,14 @@ argo-gateway: | app-proxy.image-enrichment.serviceAccount.name | string | `"codefresh-image-enrichment-sa"` | Name of the service account to create or the name of the existing one to use | | app-proxy.image.pullPolicy | string | `"IfNotPresent"` | | | app-proxy.image.repository | string | `"quay.io/codefresh/cap-app-proxy"` | | -| app-proxy.image.tag | string | `"1.3806.0"` | | +| app-proxy.image.tag | string | `"1.3820.0"` | | | app-proxy.imagePullSecrets | list | `[]` | | | app-proxy.initContainer.command[0] | string | `"./init.sh"` | | | app-proxy.initContainer.env | object | `{}` | | | app-proxy.initContainer.extraVolumeMounts | list | `[]` | Extra volume mounts for init container | | app-proxy.initContainer.image.pullPolicy | string | `"IfNotPresent"` | | | app-proxy.initContainer.image.repository | string | `"quay.io/codefresh/cap-app-proxy-init"` | | -| app-proxy.initContainer.image.tag | string | `"1.3806.0"` | | +| app-proxy.initContainer.image.tag | string | `"1.3820.0"` | | | app-proxy.initContainer.resources.limits | object | `{}` | | | app-proxy.initContainer.resources.requests.cpu | string | `"0.2"` | | | app-proxy.initContainer.resources.requests.memory | string | `"256Mi"` | | @@ -516,7 +516,7 @@ argo-gateway: | argo-events.crds.install | bool | `false` | | | argo-events.enabled | bool | `false` | | | argo-events.fullnameOverride | string | `"argo-events"` | | -| argo-gateway | object | `{"affinity":{},"hpa":{"enabled":true,"maxReplicas":10,"minReplicas":1,"targetCPUUtilizationPercentage":70},"image":{"registry":"quay.io","repository":"codefresh/cf-argocd-extras","tag":"695977c"},"livenessProbe":{"failureThreshold":3,"initialDelaySeconds":10,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":10},"nodeSelector":{},"pdb":{"enabled":true,"maxUnavailable":"","minAvailable":"50%"},"readinessProbe":{"failureThreshold":3,"initialDelaySeconds":10,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":10},"resources":{"requests":{"cpu":"100m","memory":"128Mi"}},"service":{"type":"ClusterIP"},"serviceAccount":{"create":true},"serviceMonitor":{"enabled":false,"interval":"30s","labels":{},"scrapeTimeout":"10s"},"tolerations":[]}` | Argo Gateway Argo Gateway is used to perform operations on ArgoCD from Codefresh platform | +| argo-gateway | object | `{"affinity":{},"hpa":{"enabled":true,"maxReplicas":10,"minReplicas":1,"targetCPUUtilizationPercentage":70},"image":{"registry":"quay.io","repository":"codefresh/cf-argocd-extras","tag":"e746a97"},"livenessProbe":{"failureThreshold":3,"initialDelaySeconds":10,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":10},"nodeSelector":{},"pdb":{"enabled":true,"maxUnavailable":"","minAvailable":"50%"},"readinessProbe":{"failureThreshold":3,"initialDelaySeconds":10,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":10},"resources":{"requests":{"cpu":"100m","memory":"128Mi"}},"service":{"type":"ClusterIP"},"serviceAccount":{"create":true},"serviceMonitor":{"enabled":false,"interval":"30s","labels":{},"scrapeTimeout":"10s"},"tolerations":[]}` | Argo Gateway Argo Gateway is used to perform operations on ArgoCD from Codefresh platform | | argo-rollouts.controller.replicas | int | `1` | | | argo-rollouts.enabled | bool | `true` | | | argo-rollouts.fullnameOverride | string | `"argo-rollouts"` | | @@ -534,6 +534,7 @@ argo-gateway: | gitops-operator.affinity | object | `{}` | | | gitops-operator.config.commitStatusPollingInterval | string | `"10s"` | Commit status polling interval | | gitops-operator.config.maxConcurrentReleases | int | `100` | Maximum number of concurrent releases being processed by the operator (this will not affect the number of releases being processed by the gitops runtime) | +| gitops-operator.config.maxReconcileRetries | int | `10` | Maximum number of reconcile retries on promotion-related resources before failing a promotion task | | gitops-operator.config.promotionWrapperTemplate | string | `""` | An optional template for the promotion wrapper (empty default will use the embedded one) | | gitops-operator.config.taskPollingInterval | string | `"10s"` | Task polling interval | | gitops-operator.config.workflowMonitorPollingInterval | string | `"10s"` | Workflow monitor polling interval | @@ -547,7 +548,7 @@ argo-gateway: | gitops-operator.fullnameOverride | string | `""` | | | gitops-operator.image.registry | string | `"quay.io"` | defaults | | gitops-operator.image.repository | string | `"codefresh/codefresh-gitops-operator"` | | -| gitops-operator.image.tag | string | `"a1316ff"` | | +| gitops-operator.image.tag | string | `"6881890"` | | | gitops-operator.imagePullSecrets | list | `[]` | | | gitops-operator.nameOverride | string | `""` | | | gitops-operator.nodeSelector | object | `{}` | | @@ -577,7 +578,7 @@ argo-gateway: | global.codefresh.userToken | object | `{"secretKeyRef":{},"token":""}` | User token. Used for runtime registration against the patform. One of token (for plain text value) or secretKeyRef must be provided. | | global.codefresh.userToken.secretKeyRef | object | `{}` | User token that references an existing secret containing the token. | | global.codefresh.userToken.token | string | `""` | User token in plain text. The chart creates and manages the secret for this token. | -| global.event-reporters | object | `{"affinity":{},"config":{},"image":{"registry":"quay.io","repository":"codefresh/cf-argocd-extras","tag":"695977c"},"livenessProbe":{"failureThreshold":3,"initialDelaySeconds":10,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":10},"nodeSelector":{},"pdb":{"enabled":true,"maxUnavailable":"","minAvailable":"50%"},"readinessProbe":{"failureThreshold":3,"initialDelaySeconds":10,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":10},"replicaCount":2,"resources":{"requests":{"cpu":"100m","memory":"128Mi"}},"service":{"ports":{"http":{"port":8088,"targetPort":8088},"metrics":{"port":8087,"targetPort":8087}},"type":"ClusterIP"},"serviceAccount":{"create":true},"serviceMonitor":{"enabled":false,"interval":"30s","labels":{},"scrapeTimeout":"10s"},"tolerations":[]}` | Global settings for event reporters Event reporters are used for reporting runtime and cluster resources to Codefresh platform | +| global.event-reporters | object | `{"affinity":{},"config":{},"image":{"registry":"quay.io","repository":"codefresh/cf-argocd-extras","tag":"e746a97"},"livenessProbe":{"failureThreshold":3,"initialDelaySeconds":10,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":10},"nodeSelector":{},"pdb":{"enabled":true,"maxUnavailable":"","minAvailable":"50%"},"readinessProbe":{"failureThreshold":3,"initialDelaySeconds":10,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":10},"replicaCount":2,"resources":{"requests":{"cpu":"100m","memory":"128Mi"}},"service":{"ports":{"http":{"port":8088,"targetPort":8088},"metrics":{"port":8087,"targetPort":8087}},"type":"ClusterIP"},"serviceAccount":{"create":true},"serviceMonitor":{"enabled":false,"interval":"30s","labels":{},"scrapeTimeout":"10s"},"tolerations":[]}` | Global settings for event reporters Event reporters are used for reporting runtime and cluster resources to Codefresh platform | | global.external-argo-cd | object | `{"repoServer":{"port":8081,"svc":"argocd-repo-server"},"server":{"port":80,"rootpath":"","svc":"argocd-server"}}` | Configuration for external ArgoCD Should be used when `argo-cd.enabled` is set to false | | global.external-argo-cd.repoServer.port | int | `8081` | Port of the ArgoCD repo server | | global.external-argo-cd.repoServer.svc | string | `"argocd-repo-server"` | Service name of the ArgoCD repo server | @@ -679,7 +680,7 @@ argo-gateway: | redis-ha.redis.config.save | string | `'""'` | Will save the DB if both the given number of seconds and the given number of write operations against the DB occurred. `""` is disabled | | redis-ha.redis.masterGroupName | string | `"gitops-runtime"` | Redis convention for naming the cluster group: must match `^[\\w-\\.]+$` and can be templated | | redis-ha.tolerations | list | `[]` | [Tolerations] for use with node taints for Redis pods. | -| redis-ha.topologySpreadConstraints | object | `{"enabled":false,"maxSkew":"","topologyKey":"","whenUnsatisfiable":""}` | Assign custom [TopologySpreadConstraints] rules to the Redis pods. | +| redis-ha.topologySpreadConstraints | object | `{"enabled":false,"maxSkew":"","topologyKey":"","whenUnsatisfiable":""}` | Assign custom [TopologySpreadConstraints] rules to the Redis pods. # https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ | | redis-ha.topologySpreadConstraints.enabled | bool | `false` | Enable Redis HA topology spread constraints | | redis-ha.topologySpreadConstraints.maxSkew | string | `""` (defaults to `1`) | Max skew of pods tolerated | | redis-ha.topologySpreadConstraints.topologyKey | string | `""` (defaults to `topology.kubernetes.io/zone`) | Topology key for spread | @@ -692,7 +693,19 @@ argo-gateway: | redis.readinessProbe | object | `{"enabled":true,"failureThreshold":5,"initialDelaySeconds":30,"periodSeconds":15,"successThreshold":1,"timeoutSeconds":15}` | Probes configuration | | redis.service | object | `{"annotations":{},"labels":{},"ports":{"metrics":{"port":9121,"targetPort":9121},"redis":{"port":6379,"targetPort":6379}},"type":"ClusterIP"}` | Service configuration | | redis.serviceAccount | object | `{"annotations":{},"create":true,"name":""}` | Create ServiceAccount for redis | -| sealed-secrets | object | `{"fullnameOverride":"sealed-secrets-controller","image":{"registry":"quay.io","repository":"codefresh/sealed-secrets-controller","tag":"0.32.0"},"keyrenewperiod":"720h","resources":{"limits":{"cpu":"500m","memory":"1Gi"},"requests":{"cpu":"200m","memory":"512Mi"}}}` | --------------------------------------------------------------------------------------------------------------------- | -| tunnel-client | object | `{"affinity":{},"enabled":true,"libraryMode":true,"nodeSelector":{},"tolerations":[],"tunnelServer":{"host":"register-tunnels.cf-cd.com","subdomainHost":"tunnels.cf-cd.com"}}` | Tunnel based runtime. Not supported for on-prem platform. In on-prem use ingress based runtimes. | +| sealed-secrets.fullnameOverride | string | `"sealed-secrets-controller"` | | +| sealed-secrets.image.registry | string | `"quay.io"` | | +| sealed-secrets.image.repository | string | `"codefresh/sealed-secrets-controller"` | | +| sealed-secrets.image.tag | string | `"0.32.0"` | | +| sealed-secrets.keyrenewperiod | string | `"720h"` | | +| sealed-secrets.resources.limits.cpu | string | `"500m"` | | +| sealed-secrets.resources.limits.memory | string | `"1Gi"` | | +| sealed-secrets.resources.requests.cpu | string | `"200m"` | | +| sealed-secrets.resources.requests.memory | string | `"512Mi"` | | +| tunnel-client.affinity | object | `{}` | | | tunnel-client.enabled | bool | `true` | Will only be used if global.runtime.ingress.enabled = false | | tunnel-client.libraryMode | bool | `true` | Do not change this value! Breaks chart logic | +| tunnel-client.nodeSelector | object | `{}` | | +| tunnel-client.tolerations | list | `[]` | | +| tunnel-client.tunnelServer.host | string | `"register-tunnels.cf-cd.com"` | | +| tunnel-client.tunnelServer.subdomainHost | string | `"tunnels.cf-cd.com"` | | diff --git a/charts/gitops-runtime/values.yaml b/charts/gitops-runtime/values.yaml index 63a07799..cb96b598 100644 --- a/charts/gitops-runtime/values.yaml +++ b/charts/gitops-runtime/values.yaml @@ -208,9 +208,9 @@ installer: nodeSelector: {} tolerations: [] affinity: {} -# ----------------------------------------------------------------------------------------------------------------------- -# Sealed secrets -# ----------------------------------------------------------------------------------------------------------------------- +# ********************************************************************************************************************* +# DOCS: https://artifacthub.io/packages/helm/bitnami-labs/sealed-secrets/2.17.2?modal=values +# ********************************************************************************************************************* sealed-secrets: fullnameOverride: sealed-secrets-controller keyrenewperiod: "720h" @@ -225,9 +225,9 @@ sealed-secrets: requests: cpu: 200m memory: 512Mi -#----------------------------------------------------------------------------------------------------------------------- -# ArgoCD -#----------------------------------------------------------------------------------------------------------------------- +# ********************************************************************************************************************* +# DOCS: https://github.com/codefresh-io/argo-helm/blob/argo-cd-8.0.6-9-cap-v3.0.2-2025-09-08-9b30d922/charts/argo-cd +# ********************************************************************************************************************* argo-cd: enabled: true fullnameOverride: argo-cd @@ -270,9 +270,9 @@ argo-cd: enabled: true # -- Extract application version based on ApplicationConfiguration CRD useApplicationConfiguration: true -#----------------------------------------------------------------------------------------------------------------------- -# Argo Events -#----------------------------------------------------------------------------------------------------------------------- +# ********************************************************************************************************************* +# DOCS: https://github.com/codefresh-io/argo-helm/blob/argo-events-2.4.9-cap-CR-30841/charts/argo-events +# ********************************************************************************************************************* argo-events: enabled: false fullnameOverride: argo-events @@ -291,9 +291,9 @@ argo-events: metricsExporterImage: natsio/prometheus-nats-exporter:0.17.3 configReloaderImage: natsio/nats-server-config-reloader:0.19.1 startCommand: /nats-server -#----------------------------------------------------------------------------------------------------------------------- -# Argo Workflows -#----------------------------------------------------------------------------------------------------------------------- +# ********************************************************************************************************************* +# DOCS: https://github.com/codefresh-io/argo-helm/blob/argo-workflows-0.45.16-v3.6.7-cap-CR-30835/charts/argo-workflows +# ********************************************************************************************************************* argo-workflows: fullnameOverride: argo enabled: true @@ -321,9 +321,9 @@ codefreshWorkflowLogStoreCM: enabled: true endpoint: gitops-workflow-logs.codefresh.io insecure: false -#----------------------------------------------------------------------------------------------------------------------- -# Argo rollouts -#----------------------------------------------------------------------------------------------------------------------- +# ********************************************************************************************************************* +# DOCS: https://github.com/codefresh-io/argo-helm/blob/argo-rollouts-2.37.3-7-v1.7.2-cap-OSS-697/charts/argo-rollouts +# ********************************************************************************************************************* argo-rollouts: enabled: true fullnameOverride: argo-rollouts @@ -405,10 +405,9 @@ internal-router: minAvailable: 1 # -- Set number of pods that are unavailable after eviction as number or percentage maxUnavailable: "" -#----------------------------------------------------------------------------------------------------------------------- -# tunnel client -#----------------------------------------------------------------------------------------------------------------------- -# -- Tunnel based runtime. Not supported for on-prem platform. In on-prem use ingress based runtimes. +# ********************************************************************************************************************* +# DOCS: https://github.com/codefresh-io/codefresh-tunnel-charts/blob/codefresh-tunnel-client-0.1.22-helm/codefresh-tunnel-client/values.yaml +# ********************************************************************************************************************* tunnel-client: # -- Will only be used if global.runtime.ingress.enabled = false enabled: true