diff --git a/charts/gitops-runtime/Chart.yaml b/charts/gitops-runtime/Chart.yaml index 35dde3e05..0057da585 100644 --- a/charts/gitops-runtime/Chart.yaml +++ b/charts/gitops-runtime/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: 0.1.75 description: A Helm chart for Codefresh gitops runtime name: gitops-runtime -version: 0.23.0 +version: '0.23.4' home: https://github.com/codefresh-io/gitops-runtime-helm icon: https://avatars1.githubusercontent.com/u/11412079?v=3 keywords: @@ -15,32 +15,14 @@ annotations: artifacthub.io/alternativeName: "codefresh-gitops-runtime" artifacthub.io/changes: |- - kind: changed - description: "chore(app-proxy): update cap-app-proxy image tags to 1.3702.0 - allow concurrent reading of git repo file content (#585), update cf-git-providers to version ^0.15.2 (#590), return the pushed commit sha (#628), fix eventBusName when using jetstream (#636), use proxy env vars in git operations (#646)" + description: 'update cli-v2 in installer - fix token validation code (#696)' - kind: changed - description: "chore(gitops-operator): update codefresh-gitops-operator to 0.10.2 - stop attempting to resume a non-running workflow (#584), change look back time to 2 hours for git log (#586), Improve error handling and fix bugs from 0.22.0 release for Gitops Operator (#595), add 5 minute max time for curl to complete on action node (#624), update Workflows.Resume to not have a loop (#624), make maps using in multi-threaded contexts, thread safe (#624), Add requeue workaround for degraded rollout apps (#624), update workflow submission logic and improve error handling (#625), add leader election support to agent and remove from handler (#647), don't requeue on known release creation failures (#655), support failing release if app sync fails (#645)" - - kind: changed - description: "chore(argo-rollouts): update argo-rollotus sub-chart to 2.37.3-6-v1.7.2-cap-CR-29629 - solve out-of-sync crds in Argo CD v3 (#630)" - - kind: changed - description: "chore(argo-cd): update argo-cd sub-chart to 8.0.6-6-cap-v3.0.2-2025-07-06-e9fc72a9 - helm and go-git bump (#599), bump redis version (#631)" - - kind: changed - description: "fix(event-reporter): update cf-argocd-extras to 0.5.12 - dependencies not returned correctly (#616), event-reporter should handle applications from a specific argo-cd instance (#618)" - - kind: changed - description: "feat: add gitops-operator and argocd-extras templates (#591)" - - kind: changed - description: "fix: add retries to argo-event Sensors (#593)" - - kind: changed - description: "feat: jetstream eventbus (#589)" - - kind: changed - description: "fix: support bring-your-own Argo-CD <3.1 (#576)" - - kind: changed - description: "added global proxy variables (#573)" - - kind: changed - description: "fix(Readme): set correct minimal helm version (#569)" + description: 'chore(app-proxy): update cap-app-proxy image tags to 1.3727.0 (#692) - fix: remote-cluster application fails to sync due to its project' dependencies: - name: argo-cd repository: https://codefresh-io.github.io/argo-helm condition: argo-cd.enabled - version: 8.0.6-6-cap-v3.0.2-2025-07-06-e9fc72a9 + version: 8.0.6-8-cap-v3.0.2-2025-09-07-cdf75df5 - name: argo-events repository: https://codefresh-io.github.io/argo-helm version: 2.4.8-cap-CR-29689 diff --git a/charts/gitops-runtime/README.md b/charts/gitops-runtime/README.md index f73cbdd7c..a5678d955 100644 --- a/charts/gitops-runtime/README.md +++ b/charts/gitops-runtime/README.md @@ -1,5 +1,5 @@ ## Codefresh gitops runtime -![Version: 0.23.0](https://img.shields.io/badge/Version-0.23.0-informational?style=flat-square) ![AppVersion: 0.1.72](https://img.shields.io/badge/AppVersion-0.1.72-informational?style=flat-square) +![Version: 0.23.3](https://img.shields.io/badge/Version-0.23.3-informational?style=flat-square) ![AppVersion: 0.1.75](https://img.shields.io/badge/AppVersion-0.1.75-informational?style=flat-square) ## Prerequisites @@ -144,7 +144,7 @@ We have created a helper utility to resolve this issue: The utility is packaged in a container image. Below are instructions on executing the utility using Docker: ``` -docker run -v :/output quay.io/codefresh/gitops-runtime-private-registry-utils:0.23.0 +docker run -v :/output quay.io/codefresh/gitops-runtime-private-registry-utils:0.23.3 ``` `output_dir` - is a local directory where the utility will output files.
`local_registry` - is your local registry where you want to mirror the images to @@ -157,7 +157,7 @@ The utility will output 4 files into the folder: For usage with external ArgoCD run the utility with `EXTERNAL_ARGOCD` environment variable set to `true`. ``` -docker run -e EXTERNAL_ARGOCD=true -v :/output quay.io/codefresh/gitops-runtime-private-registry-utils:0.23.0 +docker run -e EXTERNAL_ARGOCD=true -v :/output quay.io/codefresh/gitops-runtime-private-registry-utils:0.23.3 ``` ## Openshift @@ -191,6 +191,20 @@ sealed-secrets: ## Upgrading +### To >=0.23.3 + +#### Manual fix in the ISC repository + +If the ISC repository already contains the resources/app-projects/cf-runtime-app-project.yaml file it should be manually updated: +```yaml +... +spec: + destinations: + - namespace: '*' + server: "*" # <-- replace 'https://kubernetes.default.svc' with "*" here +... +``` + ### To 0.23.x #### Affected values @@ -230,13 +244,13 @@ gitops-operator: | app-proxy.extraVolumeMounts | list | `[]` | Extra volume mounts for main container | | app-proxy.extraVolumes | list | `[]` | extra volumes | | app-proxy.fullnameOverride | string | `"cap-app-proxy"` | | -| app-proxy.image-enrichment | object | `{"config":{"clientHeartbeatIntervalInSeconds":5,"concurrencyCmKey":"imageReportExecutor","concurrencyCmName":"workflow-synchronization-semaphores","images":{"gitEnrichment":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-image-enricher-git-info","tag":"1.1.14-main"},"jiraEnrichment":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-image-enricher-jira-info","tag":"1.1.14-main"},"reportImage":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-report-image-info","tag":"1.1.14-main"}},"podGcStrategy":"OnWorkflowCompletion","ttlActiveInSeconds":900,"ttlAfterCompletionInSeconds":86400},"enabled":true,"serviceAccount":{"annotations":null,"create":true,"name":"codefresh-image-enrichment-sa"}}` | Image enrichment process configuration | -| app-proxy.image-enrichment.config | object | `{"clientHeartbeatIntervalInSeconds":5,"concurrencyCmKey":"imageReportExecutor","concurrencyCmName":"workflow-synchronization-semaphores","images":{"gitEnrichment":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-image-enricher-git-info","tag":"1.1.14-main"},"jiraEnrichment":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-image-enricher-jira-info","tag":"1.1.14-main"},"reportImage":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-report-image-info","tag":"1.1.14-main"}},"podGcStrategy":"OnWorkflowCompletion","ttlActiveInSeconds":900,"ttlAfterCompletionInSeconds":86400}` | Configurations for image enrichment workflow | +| app-proxy.image-enrichment | object | `{"config":{"clientHeartbeatIntervalInSeconds":5,"concurrencyCmKey":"imageReportExecutor","concurrencyCmName":"workflow-synchronization-semaphores","images":{"gitEnrichment":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-image-enricher-git-info","tag":"1.1.15-main"},"jiraEnrichment":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-image-enricher-jira-info","tag":"1.1.15-main"},"reportImage":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-report-image-info","tag":"1.1.15-main"}},"podGcStrategy":"OnWorkflowCompletion","ttlActiveInSeconds":900,"ttlAfterCompletionInSeconds":86400},"enabled":true,"serviceAccount":{"annotations":null,"create":true,"name":"codefresh-image-enrichment-sa"}}` | Image enrichment process configuration | +| app-proxy.image-enrichment.config | object | `{"clientHeartbeatIntervalInSeconds":5,"concurrencyCmKey":"imageReportExecutor","concurrencyCmName":"workflow-synchronization-semaphores","images":{"gitEnrichment":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-image-enricher-git-info","tag":"1.1.15-main"},"jiraEnrichment":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-image-enricher-jira-info","tag":"1.1.15-main"},"reportImage":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-report-image-info","tag":"1.1.15-main"}},"podGcStrategy":"OnWorkflowCompletion","ttlActiveInSeconds":900,"ttlAfterCompletionInSeconds":86400}` | Configurations for image enrichment workflow | | app-proxy.image-enrichment.config.clientHeartbeatIntervalInSeconds | int | `5` | Client heartbeat interval in seconds for image enrichemnt workflow | | app-proxy.image-enrichment.config.concurrencyCmKey | string | `"imageReportExecutor"` | The name of the key in the configmap to use as synchronization semaphore | | app-proxy.image-enrichment.config.concurrencyCmName | string | `"workflow-synchronization-semaphores"` | The name of the configmap to use as synchronization semaphore, see https://argoproj.github.io/argo-workflows/synchronization/ | -| app-proxy.image-enrichment.config.images | object | `{"gitEnrichment":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-image-enricher-git-info","tag":"1.1.14-main"},"jiraEnrichment":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-image-enricher-jira-info","tag":"1.1.14-main"},"reportImage":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-report-image-info","tag":"1.1.14-main"}}` | Enrichemnt images | -| app-proxy.image-enrichment.config.images.reportImage | object | `{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-report-image-info","tag":"1.1.14-main"}` | Report image enrichment task image | +| app-proxy.image-enrichment.config.images | object | `{"gitEnrichment":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-image-enricher-git-info","tag":"1.1.15-main"},"jiraEnrichment":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-image-enricher-jira-info","tag":"1.1.15-main"},"reportImage":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-report-image-info","tag":"1.1.15-main"}}` | Enrichemnt images | +| app-proxy.image-enrichment.config.images.reportImage | object | `{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-report-image-info","tag":"1.1.15-main"}` | Report image enrichment task image | | app-proxy.image-enrichment.config.podGcStrategy | string | `"OnWorkflowCompletion"` | Pod grabage collection strategy. By default all pods will be deleted when the enrichment workflow completes. | | app-proxy.image-enrichment.config.ttlActiveInSeconds | int | `900` | Maximum allowed runtime for the enrichment workflow | | app-proxy.image-enrichment.config.ttlAfterCompletionInSeconds | int | `86400` | Number of seconds to live after completion | @@ -247,14 +261,14 @@ gitops-operator: | app-proxy.image-enrichment.serviceAccount.name | string | `"codefresh-image-enrichment-sa"` | Name of the service account to create or the name of the existing one to use | | app-proxy.image.pullPolicy | string | `"IfNotPresent"` | | | app-proxy.image.repository | string | `"quay.io/codefresh/cap-app-proxy"` | | -| app-proxy.image.tag | string | `"1.3702.0"` | | +| app-proxy.image.tag | string | `"1.3727.0"` | | | app-proxy.imagePullSecrets | list | `[]` | | | app-proxy.initContainer.command[0] | string | `"./init.sh"` | | | app-proxy.initContainer.env | object | `{}` | | | app-proxy.initContainer.extraVolumeMounts | list | `[]` | Extra volume mounts for init container | | app-proxy.initContainer.image.pullPolicy | string | `"IfNotPresent"` | | | app-proxy.initContainer.image.repository | string | `"quay.io/codefresh/cap-app-proxy-init"` | | -| app-proxy.initContainer.image.tag | string | `"1.3702.0"` | | +| app-proxy.initContainer.image.tag | string | `"1.3727.0"` | | | app-proxy.initContainer.resources.limits | object | `{}` | | | app-proxy.initContainer.resources.requests.cpu | string | `"0.2"` | | | app-proxy.initContainer.resources.requests.memory | string | `"256Mi"` | | @@ -311,19 +325,42 @@ gitops-operator: | app-proxy.serviceMonitor.labels | object | `{}` | | | app-proxy.serviceMonitor.name | string | `""` | | | app-proxy.tolerations | list | `[]` | | -| argo-cd | object | `{"applicationVersioning":{"enabled":true,"useApplicationConfiguration":true},"configs":{"cm":{"accounts.admin":"apiKey,login","application.resourceTrackingMethod":"annotation+label","resource.customizations.actions.argoproj.io_Rollout":"mergeBuiltinActions: true\ndiscovery.lua: |\n actions = {}\n local fullyPromoted = obj.status.currentPodHash == obj.status.stableRS\n actions[\"pause\"] = {[\"disabled\"] = fullyPromoted or obj.spec.paused == true}\n actions[\"skip-current-step\"] = {[\"disabled\"] = obj.spec.strategy.canary == nil or obj.spec.strategy.canary.steps == nil or obj.status.currentStepIndex == table.getn(obj.spec.strategy.canary.steps)}\n return actions\ndefinitions:\n- name: pause\n action.lua: |\n obj.spec.paused = true\n return obj\n- name: skip-current-step\n action.lua: |\n if obj.status ~= nil then\n if obj.spec.strategy.canary ~= nil and obj.spec.strategy.canary.steps ~= nil and obj.status.currentStepIndex < table.getn(obj.spec.strategy.canary.steps) then\n if obj.status.pauseConditions ~= nil and table.getn(obj.status.pauseConditions) > 0 then\n obj.status.pauseConditions = nil\n end\n obj.status.currentStepIndex = obj.status.currentStepIndex + 1\n end\n end\n return obj\n","timeout.reconciliation":"20s"},"params":{"application.namespaces":"cf-*","server.insecure":true}},"crds":{"install":true},"enabled":true,"fullnameOverride":"argo-cd"}` | ------------------------------------------------------------------------------------------------------------------- | | argo-cd.applicationVersioning.enabled | bool | `true` | Enable application versioning | | argo-cd.applicationVersioning.useApplicationConfiguration | bool | `true` | Extract application version based on ApplicationConfiguration CRD | -| argo-events | object | `{"configs":{"jetstream":{"versions":[{"configReloaderImage":"natsio/nats-server-config-reloader:0.18.2","metricsExporterImage":"natsio/prometheus-nats-exporter:0.16.0","natsImage":"nats:2.11.4","startCommand":"/nats-server","version":"latest"}]},"nats":{"versions":[{"metricsExporterImage":"natsio/prometheus-nats-exporter:0.16.0","natsStreamingImage":"nats-streaming:0.25.6","version":"0.22.1"}]}},"crds":{"install":false},"fullnameOverride":"argo-events"}` | ------------------------------------------------------------------------------------------------------------------- | -| argo-rollouts | object | `{"controller":{"replicas":1},"enabled":true,"fullnameOverride":"argo-rollouts","installCRDs":true}` | ------------------------------------------------------------------------------------------------------------------- | -| argo-workflows | object | `{"crds":{"install":true},"enabled":true,"executor":{"resources":{"requests":{"ephemeral-storage":"10Mi"}}},"fullnameOverride":"argo","mainContainer":{"resources":{"requests":{"ephemeral-storage":"10Mi"}}},"server":{"authModes":["client"],"baseHref":"/workflows/"}}` | ------------------------------------------------------------------------------------------------------------------- | +| argo-cd.configs.cm."accounts.admin" | string | `"apiKey,login"` | | +| argo-cd.configs.cm."application.resourceTrackingMethod" | string | `"annotation+label"` | | +| argo-cd.configs.cm."resource.customizations.actions.argoproj.io_Rollout" | string | `"mergeBuiltinActions: true\ndiscovery.lua: |\n actions = {}\n local fullyPromoted = obj.status.currentPodHash == obj.status.stableRS\n actions[\"pause\"] = {[\"disabled\"] = fullyPromoted or obj.spec.paused == true}\n actions[\"skip-current-step\"] = {[\"disabled\"] = obj.spec.strategy.canary == nil or obj.spec.strategy.canary.steps == nil or obj.status.currentStepIndex == table.getn(obj.spec.strategy.canary.steps)}\n return actions\ndefinitions:\n- name: pause\n action.lua: |\n obj.spec.paused = true\n return obj\n- name: skip-current-step\n action.lua: |\n if obj.status ~= nil then\n if obj.spec.strategy.canary ~= nil and obj.spec.strategy.canary.steps ~= nil and obj.status.currentStepIndex < table.getn(obj.spec.strategy.canary.steps) then\n if obj.status.pauseConditions ~= nil and table.getn(obj.status.pauseConditions) > 0 then\n obj.status.pauseConditions = nil\n end\n obj.status.currentStepIndex = obj.status.currentStepIndex + 1\n end\n end\n return obj\n"` | | +| argo-cd.configs.cm."timeout.reconciliation" | string | `"20s"` | | +| argo-cd.configs.params."application.namespaces" | string | `"cf-*"` | | +| argo-cd.configs.params."server.insecure" | bool | `true` | | +| argo-cd.crds.install | bool | `true` | | +| argo-cd.enabled | bool | `true` | | +| argo-cd.fullnameOverride | string | `"argo-cd"` | | +| argo-events.configs.jetstream.versions[0].configReloaderImage | string | `"natsio/nats-server-config-reloader:0.18.2"` | | +| argo-events.configs.jetstream.versions[0].metricsExporterImage | string | `"natsio/prometheus-nats-exporter:0.16.0"` | | +| argo-events.configs.jetstream.versions[0].natsImage | string | `"nats:2.11.4"` | | +| argo-events.configs.jetstream.versions[0].startCommand | string | `"/nats-server"` | | +| argo-events.configs.jetstream.versions[0].version | string | `"latest"` | | +| argo-events.configs.nats.versions[0].metricsExporterImage | string | `"natsio/prometheus-nats-exporter:0.16.0"` | | +| argo-events.configs.nats.versions[0].natsStreamingImage | string | `"nats-streaming:0.25.6"` | | +| argo-events.configs.nats.versions[0].version | string | `"0.22.1"` | | +| argo-events.crds.install | bool | `false` | | +| argo-events.fullnameOverride | string | `"argo-events"` | | +| argo-rollouts.controller.replicas | int | `1` | | +| argo-rollouts.enabled | bool | `true` | | +| argo-rollouts.fullnameOverride | string | `"argo-rollouts"` | | +| argo-rollouts.installCRDs | bool | `true` | | | argo-workflows.crds.install | bool | `true` | Install and upgrade CRDs | +| argo-workflows.enabled | bool | `true` | | +| argo-workflows.executor.resources.requests.ephemeral-storage | string | `"10Mi"` | | +| argo-workflows.fullnameOverride | string | `"argo"` | | +| argo-workflows.mainContainer.resources.requests.ephemeral-storage | string | `"10Mi"` | | | argo-workflows.server.authModes | list | `["client"]` | auth-mode needs to be set to client to be able to see workflow logs from Codefresh UI | | argo-workflows.server.baseHref | string | `"/workflows/"` | Do not change. Workflows UI is only accessed through internal router, changing this values will break routing to workflows native UI from Codefresh. | -| cf-argocd-extras | object | `{"eventReporter":{"affinity":{},"container":{"image":{"registry":"quay.io","repository":"codefresh/cf-argocd-extras","tag":"v0.5.12"}},"enabled":true,"nodeSelector":{},"pdb":{"enabled":false,"maxUnavailable":"","minAvailable":"50%"},"resources":{"requests":{"cpu":"100m","memory":"128Mi"}},"serviceMonitor":{"main":{"enabled":false}},"tolerations":[]},"sourcesServer":{"affinity":{},"container":{"image":{"registry":"quay.io","repository":"codefresh/cf-argocd-extras","tag":"v0.5.12"}},"enabled":true,"hpa":{"enabled":false,"maxReplicas":10,"minReplicas":1,"targetCPUUtilizationPercentage":70},"nodeSelector":{},"pdb":{"enabled":false,"maxUnavailable":"","minAvailable":"50%"},"resources":{"requests":{"cpu":"100m","memory":"128Mi"}},"tolerations":[]}}` | Codefresh extra services for ArgoCD | +| cf-argocd-extras | object | `{"eventReporter":{"affinity":{},"container":{"image":{"registry":"quay.io","repository":"codefresh/cf-argocd-extras","tag":"v0.5.14"}},"enabled":true,"nodeSelector":{},"pdb":{"enabled":false,"maxUnavailable":"","minAvailable":"50%"},"resources":{"requests":{"cpu":"100m","memory":"128Mi"}},"serviceMonitor":{"main":{"enabled":false}},"tolerations":[]},"sourcesServer":{"affinity":{},"container":{"image":{"registry":"quay.io","repository":"codefresh/cf-argocd-extras","tag":"v0.5.14"}},"enabled":true,"hpa":{"enabled":false,"maxReplicas":10,"minReplicas":1,"targetCPUUtilizationPercentage":70},"nodeSelector":{},"pdb":{"enabled":false,"maxUnavailable":"","minAvailable":"50%"},"resources":{"requests":{"cpu":"100m","memory":"128Mi"}},"tolerations":[]}}` | Codefresh extra services for ArgoCD | | cf-argocd-extras.eventReporter.pdb.enabled | bool | `false` | Enable PDB for event-reporter | | cf-argocd-extras.eventReporter.serviceMonitor.main.enabled | bool | `false` | Enable ServiceMonitor for event reporter | -| cf-argocd-extras.sourcesServer | object | `{"affinity":{},"container":{"image":{"registry":"quay.io","repository":"codefresh/cf-argocd-extras","tag":"v0.5.12"}},"enabled":true,"hpa":{"enabled":false,"maxReplicas":10,"minReplicas":1,"targetCPUUtilizationPercentage":70},"nodeSelector":{},"pdb":{"enabled":false,"maxUnavailable":"","minAvailable":"50%"},"resources":{"requests":{"cpu":"100m","memory":"128Mi"}},"tolerations":[]}` | Sources server configuration | +| cf-argocd-extras.sourcesServer | object | `{"affinity":{},"container":{"image":{"registry":"quay.io","repository":"codefresh/cf-argocd-extras","tag":"v0.5.14"}},"enabled":true,"hpa":{"enabled":false,"maxReplicas":10,"minReplicas":1,"targetCPUUtilizationPercentage":70},"nodeSelector":{},"pdb":{"enabled":false,"maxUnavailable":"","minAvailable":"50%"},"resources":{"requests":{"cpu":"100m","memory":"128Mi"}},"tolerations":[]}` | Sources server configuration | | cf-argocd-extras.sourcesServer.hpa.enabled | bool | `false` | Enable HPA for sources server | | cf-argocd-extras.sourcesServer.pdb.enabled | bool | `false` | Enable PDB for sources server | | codefreshWorkflowLogStoreCM | object | `{"enabled":true,"endpoint":"gitops-workflow-logs.codefresh.io","insecure":false}` | Argo workflows logs storage on Codefresh platform settings. Don't change unless instructed by Codefresh support. | @@ -478,7 +515,7 @@ gitops-operator: | internal-router.fullnameOverride | string | `"internal-router"` | | | internal-router.image.pullPolicy | string | `"IfNotPresent"` | | | internal-router.image.repository | string | `"docker.io/nginxinc/nginx-unprivileged"` | | -| internal-router.image.tag | string | `"1.28-alpine3.21"` | | +| internal-router.image.tag | string | `"1.29-alpine3.22"` | | | internal-router.imagePullSecrets | list | `[]` | | | internal-router.ipv6 | object | `{"enabled":false}` | For ipv6 enabled clusters switch ipv6 enabled to true | | internal-router.nameOverride | string | `""` | | @@ -502,7 +539,19 @@ gitops-operator: | internal-router.serviceAccount.create | bool | `true` | | | internal-router.serviceAccount.name | string | `""` | | | internal-router.tolerations | list | `[]` | | -| sealed-secrets | object | `{"fullnameOverride":"sealed-secrets-controller","image":{"registry":"quay.io","repository":"codefresh/sealed-secrets-controller","tag":"0.29.0"},"keyrenewperiod":"720h","resources":{"limits":{"cpu":"500m","memory":"1Gi"},"requests":{"cpu":"200m","memory":"512Mi"}}}` | ------------------------------------------------------------------------------------------------------------------- | -| tunnel-client | object | `{"affinity":{},"enabled":true,"libraryMode":true,"nodeSelector":{},"tolerations":[],"tunnelServer":{"host":"register-tunnels.cf-cd.com","subdomainHost":"tunnels.cf-cd.com"}}` | ------------------------------------------------------------------------------------------------------------------- | +| sealed-secrets.fullnameOverride | string | `"sealed-secrets-controller"` | | +| sealed-secrets.image.registry | string | `"quay.io"` | | +| sealed-secrets.image.repository | string | `"codefresh/sealed-secrets-controller"` | | +| sealed-secrets.image.tag | string | `"0.29.0"` | | +| sealed-secrets.keyrenewperiod | string | `"720h"` | | +| sealed-secrets.resources.limits.cpu | string | `"500m"` | | +| sealed-secrets.resources.limits.memory | string | `"1Gi"` | | +| sealed-secrets.resources.requests.cpu | string | `"200m"` | | +| sealed-secrets.resources.requests.memory | string | `"512Mi"` | | +| tunnel-client.affinity | object | `{}` | | | tunnel-client.enabled | bool | `true` | Will only be used if global.runtime.ingress.enabled = false | | tunnel-client.libraryMode | bool | `true` | Do not change this value! Breaks chart logic | +| tunnel-client.nodeSelector | object | `{}` | | +| tunnel-client.tolerations | list | `[]` | | +| tunnel-client.tunnelServer.host | string | `"register-tunnels.cf-cd.com"` | | +| tunnel-client.tunnelServer.subdomainHost | string | `"tunnels.cf-cd.com"` | | diff --git a/charts/gitops-runtime/README.md.gotmpl b/charts/gitops-runtime/README.md.gotmpl index e4339f199..1dd14fdf9 100644 --- a/charts/gitops-runtime/README.md.gotmpl +++ b/charts/gitops-runtime/README.md.gotmpl @@ -195,6 +195,20 @@ sealed-secrets: ## Upgrading +### To >=0.23.3 + +#### Manual fix in the ISC repository + +If the ISC repository already contains the resources/app-projects/cf-runtime-app-project.yaml file it should be manually updated: +```yaml +... +spec: + destinations: + - namespace: '*' + server: "*" # <-- replace 'https://kubernetes.default.svc' with "*" here +... +``` + ### To 0.23.x #### Affected values diff --git a/charts/gitops-runtime/values.yaml b/charts/gitops-runtime/values.yaml index 4d8379a4f..f4ce382c1 100644 --- a/charts/gitops-runtime/values.yaml +++ b/charts/gitops-runtime/values.yaml @@ -215,9 +215,9 @@ installer: nodeSelector: {} tolerations: [] affinity: {} -# --------------------------------------------------------------------------------------------------------------------- +# ********************************************************************************************************************* # DOCS: https://artifacthub.io/packages/helm/bitnami-labs/sealed-secrets/2.17.2?modal=values -# --------------------------------------------------------------------------------------------------------------------- +# ********************************************************************************************************************* sealed-secrets: fullnameOverride: sealed-secrets-controller keyrenewperiod: "720h" @@ -232,9 +232,9 @@ sealed-secrets: requests: cpu: 200m memory: 512Mi -# --------------------------------------------------------------------------------------------------------------------- +# ********************************************************************************************************************* # DOCS: https://github.com/codefresh-io/argo-helm/blob/argo-cd-8.0.6-6-cap-v3.0.2-2025-07-06-e9fc72a9/charts/argo-cd -# --------------------------------------------------------------------------------------------------------------------- +# ********************************************************************************************************************* argo-cd: enabled: true fullnameOverride: argo-cd @@ -277,10 +277,9 @@ argo-cd: enabled: true # -- Extract application version based on ApplicationConfiguration CRD useApplicationConfiguration: true - -# --------------------------------------------------------------------------------------------------------------------- +# ********************************************************************************************************************* # DOCS: https://github.com/codefresh-io/argo-helm/blob/argo-events-2.4.8-cap-CR-29689/charts/argo-events -# --------------------------------------------------------------------------------------------------------------------- +# ********************************************************************************************************************* argo-events: fullnameOverride: argo-events crds: @@ -298,9 +297,9 @@ argo-events: metricsExporterImage: natsio/prometheus-nats-exporter:0.16.0 configReloaderImage: natsio/nats-server-config-reloader:0.18.2 startCommand: /nats-server -# --------------------------------------------------------------------------------------------------------------------- +# ********************************************************************************************************************* # DOCS: https://github.com/codefresh-io/argo-helm/blob/argo-workflows-0.45.15-v3.6.7-cap-CR-28355/charts/argo-workflows -# --------------------------------------------------------------------------------------------------------------------- +# ********************************************************************************************************************* argo-workflows: fullnameOverride: argo enabled: true @@ -328,9 +327,9 @@ codefreshWorkflowLogStoreCM: enabled: true endpoint: gitops-workflow-logs.codefresh.io insecure: false -# --------------------------------------------------------------------------------------------------------------------- +# ********************************************************************************************************************* # DOCS: https://github.com/codefresh-io/argo-helm/blob/argo-rollouts-2.37.3-6-v1.7.2-cap-CR-29629/charts/argo-rollouts -# --------------------------------------------------------------------------------------------------------------------- +# ********************************************************************************************************************* argo-rollouts: enabled: true fullnameOverride: argo-rollouts @@ -433,7 +432,7 @@ internal-router: image: repository: docker.io/nginxinc/nginx-unprivileged pullPolicy: IfNotPresent - tag: 1.28-alpine3.21 + tag: 1.29-alpine3.22 imagePullSecrets: [] nameOverride: "" fullnameOverride: "internal-router" @@ -500,9 +499,9 @@ internal-router: minAvailable: 1 # -- Set number of pods that are unavailable after eviction as number or percentage maxUnavailable: "" -# --------------------------------------------------------------------------------------------------------------------- +# ********************************************************************************************************************* # DOCS: https://github.com/codefresh-io/codefresh-tunnel-charts/blob/codefresh-tunnel-client-0.1.21-helm/codefresh-tunnel-client/values.yaml -# --------------------------------------------------------------------------------------------------------------------- +# ********************************************************************************************************************* tunnel-client: # -- Will only be used if global.runtime.ingress.enabled = false enabled: true @@ -551,27 +550,27 @@ app-proxy: reportImage: registry: quay.io repository: codefreshplugins/argo-hub-codefresh-csdp-report-image-info - tag: 1.1.14-main + tag: 1.1.15-main # Git enrichment task image gitEnrichment: registry: quay.io repository: codefreshplugins/argo-hub-codefresh-csdp-image-enricher-git-info - tag: 1.1.14-main + tag: 1.1.15-main # Jira enrichment task image jiraEnrichment: registry: quay.io repository: codefreshplugins/argo-hub-codefresh-csdp-image-enricher-jira-info - tag: 1.1.14-main + tag: 1.1.15-main image: repository: quay.io/codefresh/cap-app-proxy - tag: 1.3702.0 + tag: 1.3727.0 pullPolicy: IfNotPresent # -- Extra volume mounts for main container extraVolumeMounts: [] initContainer: image: repository: quay.io/codefresh/cap-app-proxy-init - tag: 1.3702.0 + tag: 1.3727.0 pullPolicy: IfNotPresent command: - ./init.sh @@ -759,7 +758,7 @@ cf-argocd-extras: image: registry: quay.io repository: codefresh/cf-argocd-extras - tag: v0.5.12 + tag: v0.5.14 nodeSelector: {} tolerations: [] affinity: {} @@ -783,7 +782,7 @@ cf-argocd-extras: image: registry: quay.io repository: codefresh/cf-argocd-extras - tag: v0.5.12 + tag: v0.5.14 nodeSelector: {} tolerations: [] affinity: {} diff --git a/installer-image/Dockerfile b/installer-image/Dockerfile index 4bd86ff70..ab5e2dffa 100644 --- a/installer-image/Dockerfile +++ b/installer-image/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.24.2 AS go-build +FROM golang:1.24.6 AS go-build RUN go install github.com/davidrjonas/semver-cli@latest \ && cp $GOPATH/bin/semver-cli /usr/local/bin/ @@ -8,13 +8,14 @@ FROM debian:12.11-slim RUN echo 'debconf debconf/frontend select Noninteractive' | debconf-set-selections -ARG CF_CLI_VERSION=v0.2.9 +ARG CF_CLI_VERSION=v0.2.11 ARG TARGETARCH RUN apt-get update && apt-get install curl jq -y RUN curl -L --output - https://github.com/codefresh-io/cli-v2/releases/download/${CF_CLI_VERSION}/cf-linux-${TARGETARCH}.tar.gz | tar zx && mv ./cf-linux-${TARGETARCH} /usr/local/bin/cf COPY --from=go-build /usr/local/bin/semver-cli /usr/local/bin/semver-cli -COPY --from=bitnami/kubectl:1.33.1 /opt/bitnami/kubectl/bin/kubectl /usr/local/bin/ + +COPY --from=bitnamilegacy/kubectl:1.33.3 /opt/bitnami/kubectl/bin/kubectl /usr/local/bin/ RUN adduser --shell /bin/bash codefresh USER codefresh