diff --git a/charts/gitops-runtime/Chart.yaml b/charts/gitops-runtime/Chart.yaml index ac511f3f0..0057da585 100644 --- a/charts/gitops-runtime/Chart.yaml +++ b/charts/gitops-runtime/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: 0.1.75 description: A Helm chart for Codefresh gitops runtime name: gitops-runtime -version: 0.23.2 +version: '0.23.4' home: https://github.com/codefresh-io/gitops-runtime-helm icon: https://avatars1.githubusercontent.com/u/11412079?v=3 keywords: @@ -15,20 +15,14 @@ annotations: artifacthub.io/alternativeName: "codefresh-gitops-runtime" artifacthub.io/changes: |- - kind: changed - description: 'bumped app-proxy to 1.3718.0 - fix Argo-CD log issue' + description: 'update cli-v2 in installer - fix token validation code (#696)' - kind: changed - description: 'updated image enricher tags to 1.1.15-main - fix security vulnerabilities' - - kind: changed - description: 'updated event-reporter and sources-server images to v0.5.14 - fix security vulnerabilities' - - kind: changed - description: 'updated cli-v2, kubectl in runtime-installer image - fix security vulnerabilities' - - kind: changed - description: 'updated nginx image to 1.29-alpine3.22 - fix security vulnerabilities' + description: 'chore(app-proxy): update cap-app-proxy image tags to 1.3727.0 (#692) - fix: remote-cluster application fails to sync due to its project' dependencies: - name: argo-cd repository: https://codefresh-io.github.io/argo-helm condition: argo-cd.enabled - version: 8.0.6-6-cap-v3.0.2-2025-07-06-e9fc72a9 + version: 8.0.6-8-cap-v3.0.2-2025-09-07-cdf75df5 - name: argo-events repository: https://codefresh-io.github.io/argo-helm version: 2.4.8-cap-CR-29689 diff --git a/charts/gitops-runtime/README.md b/charts/gitops-runtime/README.md index ca4e50034..a5678d955 100644 --- a/charts/gitops-runtime/README.md +++ b/charts/gitops-runtime/README.md @@ -1,5 +1,5 @@ ## Codefresh gitops runtime -![Version: 0.23.2](https://img.shields.io/badge/Version-0.23.2-informational?style=flat-square) ![AppVersion: 0.1.75](https://img.shields.io/badge/AppVersion-0.1.75-informational?style=flat-square) +![Version: 0.23.3](https://img.shields.io/badge/Version-0.23.3-informational?style=flat-square) ![AppVersion: 0.1.75](https://img.shields.io/badge/AppVersion-0.1.75-informational?style=flat-square) ## Prerequisites @@ -144,7 +144,7 @@ We have created a helper utility to resolve this issue: The utility is packaged in a container image. Below are instructions on executing the utility using Docker: ``` -docker run -v :/output quay.io/codefresh/gitops-runtime-private-registry-utils:0.23.2 +docker run -v :/output quay.io/codefresh/gitops-runtime-private-registry-utils:0.23.3 ``` `output_dir` - is a local directory where the utility will output files.
`local_registry` - is your local registry where you want to mirror the images to @@ -157,7 +157,7 @@ The utility will output 4 files into the folder: For usage with external ArgoCD run the utility with `EXTERNAL_ARGOCD` environment variable set to `true`. ``` -docker run -e EXTERNAL_ARGOCD=true -v :/output quay.io/codefresh/gitops-runtime-private-registry-utils:0.23.2 +docker run -e EXTERNAL_ARGOCD=true -v :/output quay.io/codefresh/gitops-runtime-private-registry-utils:0.23.3 ``` ## Openshift @@ -191,6 +191,20 @@ sealed-secrets: ## Upgrading +### To >=0.23.3 + +#### Manual fix in the ISC repository + +If the ISC repository already contains the resources/app-projects/cf-runtime-app-project.yaml file it should be manually updated: +```yaml +... +spec: + destinations: + - namespace: '*' + server: "*" # <-- replace 'https://kubernetes.default.svc' with "*" here +... +``` + ### To 0.23.x #### Affected values @@ -247,14 +261,14 @@ gitops-operator: | app-proxy.image-enrichment.serviceAccount.name | string | `"codefresh-image-enrichment-sa"` | Name of the service account to create or the name of the existing one to use | | app-proxy.image.pullPolicy | string | `"IfNotPresent"` | | | app-proxy.image.repository | string | `"quay.io/codefresh/cap-app-proxy"` | | -| app-proxy.image.tag | string | `"1.3718.0"` | | +| app-proxy.image.tag | string | `"1.3727.0"` | | | app-proxy.imagePullSecrets | list | `[]` | | | app-proxy.initContainer.command[0] | string | `"./init.sh"` | | | app-proxy.initContainer.env | object | `{}` | | | app-proxy.initContainer.extraVolumeMounts | list | `[]` | Extra volume mounts for init container | | app-proxy.initContainer.image.pullPolicy | string | `"IfNotPresent"` | | | app-proxy.initContainer.image.repository | string | `"quay.io/codefresh/cap-app-proxy-init"` | | -| app-proxy.initContainer.image.tag | string | `"1.3718.0"` | | +| app-proxy.initContainer.image.tag | string | `"1.3727.0"` | | | app-proxy.initContainer.resources.limits | object | `{}` | | | app-proxy.initContainer.resources.requests.cpu | string | `"0.2"` | | | app-proxy.initContainer.resources.requests.memory | string | `"256Mi"` | | @@ -311,13 +325,36 @@ gitops-operator: | app-proxy.serviceMonitor.labels | object | `{}` | | | app-proxy.serviceMonitor.name | string | `""` | | | app-proxy.tolerations | list | `[]` | | -| argo-cd | object | `{"applicationVersioning":{"enabled":true,"useApplicationConfiguration":true},"configs":{"cm":{"accounts.admin":"apiKey,login","application.resourceTrackingMethod":"annotation+label","resource.customizations.actions.argoproj.io_Rollout":"mergeBuiltinActions: true\ndiscovery.lua: |\n actions = {}\n local fullyPromoted = obj.status.currentPodHash == obj.status.stableRS\n actions[\"pause\"] = {[\"disabled\"] = fullyPromoted or obj.spec.paused == true}\n actions[\"skip-current-step\"] = {[\"disabled\"] = obj.spec.strategy.canary == nil or obj.spec.strategy.canary.steps == nil or obj.status.currentStepIndex == table.getn(obj.spec.strategy.canary.steps)}\n return actions\ndefinitions:\n- name: pause\n action.lua: |\n obj.spec.paused = true\n return obj\n- name: skip-current-step\n action.lua: |\n if obj.status ~= nil then\n if obj.spec.strategy.canary ~= nil and obj.spec.strategy.canary.steps ~= nil and obj.status.currentStepIndex < table.getn(obj.spec.strategy.canary.steps) then\n if obj.status.pauseConditions ~= nil and table.getn(obj.status.pauseConditions) > 0 then\n obj.status.pauseConditions = nil\n end\n obj.status.currentStepIndex = obj.status.currentStepIndex + 1\n end\n end\n return obj\n","timeout.reconciliation":"20s"},"params":{"application.namespaces":"cf-*","server.insecure":true}},"crds":{"install":true},"enabled":true,"fullnameOverride":"argo-cd"}` | ------------------------------------------------------------------------------------------------------------------- | | argo-cd.applicationVersioning.enabled | bool | `true` | Enable application versioning | | argo-cd.applicationVersioning.useApplicationConfiguration | bool | `true` | Extract application version based on ApplicationConfiguration CRD | -| argo-events | object | `{"configs":{"jetstream":{"versions":[{"configReloaderImage":"natsio/nats-server-config-reloader:0.18.2","metricsExporterImage":"natsio/prometheus-nats-exporter:0.16.0","natsImage":"nats:2.11.4","startCommand":"/nats-server","version":"latest"}]},"nats":{"versions":[{"metricsExporterImage":"natsio/prometheus-nats-exporter:0.16.0","natsStreamingImage":"nats-streaming:0.25.6","version":"0.22.1"}]}},"crds":{"install":false},"fullnameOverride":"argo-events"}` | ------------------------------------------------------------------------------------------------------------------- | -| argo-rollouts | object | `{"controller":{"replicas":1},"enabled":true,"fullnameOverride":"argo-rollouts","installCRDs":true}` | ------------------------------------------------------------------------------------------------------------------- | -| argo-workflows | object | `{"crds":{"install":true},"enabled":true,"executor":{"resources":{"requests":{"ephemeral-storage":"10Mi"}}},"fullnameOverride":"argo","mainContainer":{"resources":{"requests":{"ephemeral-storage":"10Mi"}}},"server":{"authModes":["client"],"baseHref":"/workflows/"}}` | ------------------------------------------------------------------------------------------------------------------- | +| argo-cd.configs.cm."accounts.admin" | string | `"apiKey,login"` | | +| argo-cd.configs.cm."application.resourceTrackingMethod" | string | `"annotation+label"` | | +| argo-cd.configs.cm."resource.customizations.actions.argoproj.io_Rollout" | string | `"mergeBuiltinActions: true\ndiscovery.lua: |\n actions = {}\n local fullyPromoted = obj.status.currentPodHash == obj.status.stableRS\n actions[\"pause\"] = {[\"disabled\"] = fullyPromoted or obj.spec.paused == true}\n actions[\"skip-current-step\"] = {[\"disabled\"] = obj.spec.strategy.canary == nil or obj.spec.strategy.canary.steps == nil or obj.status.currentStepIndex == table.getn(obj.spec.strategy.canary.steps)}\n return actions\ndefinitions:\n- name: pause\n action.lua: |\n obj.spec.paused = true\n return obj\n- name: skip-current-step\n action.lua: |\n if obj.status ~= nil then\n if obj.spec.strategy.canary ~= nil and obj.spec.strategy.canary.steps ~= nil and obj.status.currentStepIndex < table.getn(obj.spec.strategy.canary.steps) then\n if obj.status.pauseConditions ~= nil and table.getn(obj.status.pauseConditions) > 0 then\n obj.status.pauseConditions = nil\n end\n obj.status.currentStepIndex = obj.status.currentStepIndex + 1\n end\n end\n return obj\n"` | | +| argo-cd.configs.cm."timeout.reconciliation" | string | `"20s"` | | +| argo-cd.configs.params."application.namespaces" | string | `"cf-*"` | | +| argo-cd.configs.params."server.insecure" | bool | `true` | | +| argo-cd.crds.install | bool | `true` | | +| argo-cd.enabled | bool | `true` | | +| argo-cd.fullnameOverride | string | `"argo-cd"` | | +| argo-events.configs.jetstream.versions[0].configReloaderImage | string | `"natsio/nats-server-config-reloader:0.18.2"` | | +| argo-events.configs.jetstream.versions[0].metricsExporterImage | string | `"natsio/prometheus-nats-exporter:0.16.0"` | | +| argo-events.configs.jetstream.versions[0].natsImage | string | `"nats:2.11.4"` | | +| argo-events.configs.jetstream.versions[0].startCommand | string | `"/nats-server"` | | +| argo-events.configs.jetstream.versions[0].version | string | `"latest"` | | +| argo-events.configs.nats.versions[0].metricsExporterImage | string | `"natsio/prometheus-nats-exporter:0.16.0"` | | +| argo-events.configs.nats.versions[0].natsStreamingImage | string | `"nats-streaming:0.25.6"` | | +| argo-events.configs.nats.versions[0].version | string | `"0.22.1"` | | +| argo-events.crds.install | bool | `false` | | +| argo-events.fullnameOverride | string | `"argo-events"` | | +| argo-rollouts.controller.replicas | int | `1` | | +| argo-rollouts.enabled | bool | `true` | | +| argo-rollouts.fullnameOverride | string | `"argo-rollouts"` | | +| argo-rollouts.installCRDs | bool | `true` | | | argo-workflows.crds.install | bool | `true` | Install and upgrade CRDs | +| argo-workflows.enabled | bool | `true` | | +| argo-workflows.executor.resources.requests.ephemeral-storage | string | `"10Mi"` | | +| argo-workflows.fullnameOverride | string | `"argo"` | | +| argo-workflows.mainContainer.resources.requests.ephemeral-storage | string | `"10Mi"` | | | argo-workflows.server.authModes | list | `["client"]` | auth-mode needs to be set to client to be able to see workflow logs from Codefresh UI | | argo-workflows.server.baseHref | string | `"/workflows/"` | Do not change. Workflows UI is only accessed through internal router, changing this values will break routing to workflows native UI from Codefresh. | | cf-argocd-extras | object | `{"eventReporter":{"affinity":{},"container":{"image":{"registry":"quay.io","repository":"codefresh/cf-argocd-extras","tag":"v0.5.14"}},"enabled":true,"nodeSelector":{},"pdb":{"enabled":false,"maxUnavailable":"","minAvailable":"50%"},"resources":{"requests":{"cpu":"100m","memory":"128Mi"}},"serviceMonitor":{"main":{"enabled":false}},"tolerations":[]},"sourcesServer":{"affinity":{},"container":{"image":{"registry":"quay.io","repository":"codefresh/cf-argocd-extras","tag":"v0.5.14"}},"enabled":true,"hpa":{"enabled":false,"maxReplicas":10,"minReplicas":1,"targetCPUUtilizationPercentage":70},"nodeSelector":{},"pdb":{"enabled":false,"maxUnavailable":"","minAvailable":"50%"},"resources":{"requests":{"cpu":"100m","memory":"128Mi"}},"tolerations":[]}}` | Codefresh extra services for ArgoCD | @@ -502,7 +539,19 @@ gitops-operator: | internal-router.serviceAccount.create | bool | `true` | | | internal-router.serviceAccount.name | string | `""` | | | internal-router.tolerations | list | `[]` | | -| sealed-secrets | object | `{"fullnameOverride":"sealed-secrets-controller","image":{"registry":"quay.io","repository":"codefresh/sealed-secrets-controller","tag":"0.29.0"},"keyrenewperiod":"720h","resources":{"limits":{"cpu":"500m","memory":"1Gi"},"requests":{"cpu":"200m","memory":"512Mi"}}}` | ------------------------------------------------------------------------------------------------------------------- | -| tunnel-client | object | `{"affinity":{},"enabled":true,"libraryMode":true,"nodeSelector":{},"tolerations":[],"tunnelServer":{"host":"register-tunnels.cf-cd.com","subdomainHost":"tunnels.cf-cd.com"}}` | ------------------------------------------------------------------------------------------------------------------- | +| sealed-secrets.fullnameOverride | string | `"sealed-secrets-controller"` | | +| sealed-secrets.image.registry | string | `"quay.io"` | | +| sealed-secrets.image.repository | string | `"codefresh/sealed-secrets-controller"` | | +| sealed-secrets.image.tag | string | `"0.29.0"` | | +| sealed-secrets.keyrenewperiod | string | `"720h"` | | +| sealed-secrets.resources.limits.cpu | string | `"500m"` | | +| sealed-secrets.resources.limits.memory | string | `"1Gi"` | | +| sealed-secrets.resources.requests.cpu | string | `"200m"` | | +| sealed-secrets.resources.requests.memory | string | `"512Mi"` | | +| tunnel-client.affinity | object | `{}` | | | tunnel-client.enabled | bool | `true` | Will only be used if global.runtime.ingress.enabled = false | | tunnel-client.libraryMode | bool | `true` | Do not change this value! Breaks chart logic | +| tunnel-client.nodeSelector | object | `{}` | | +| tunnel-client.tolerations | list | `[]` | | +| tunnel-client.tunnelServer.host | string | `"register-tunnels.cf-cd.com"` | | +| tunnel-client.tunnelServer.subdomainHost | string | `"tunnels.cf-cd.com"` | | diff --git a/charts/gitops-runtime/README.md.gotmpl b/charts/gitops-runtime/README.md.gotmpl index e4339f199..1dd14fdf9 100644 --- a/charts/gitops-runtime/README.md.gotmpl +++ b/charts/gitops-runtime/README.md.gotmpl @@ -195,6 +195,20 @@ sealed-secrets: ## Upgrading +### To >=0.23.3 + +#### Manual fix in the ISC repository + +If the ISC repository already contains the resources/app-projects/cf-runtime-app-project.yaml file it should be manually updated: +```yaml +... +spec: + destinations: + - namespace: '*' + server: "*" # <-- replace 'https://kubernetes.default.svc' with "*" here +... +``` + ### To 0.23.x #### Affected values diff --git a/charts/gitops-runtime/values.yaml b/charts/gitops-runtime/values.yaml index eeee34b16..f4ce382c1 100644 --- a/charts/gitops-runtime/values.yaml +++ b/charts/gitops-runtime/values.yaml @@ -215,9 +215,9 @@ installer: nodeSelector: {} tolerations: [] affinity: {} -# --------------------------------------------------------------------------------------------------------------------- +# ********************************************************************************************************************* # DOCS: https://artifacthub.io/packages/helm/bitnami-labs/sealed-secrets/2.17.2?modal=values -# --------------------------------------------------------------------------------------------------------------------- +# ********************************************************************************************************************* sealed-secrets: fullnameOverride: sealed-secrets-controller keyrenewperiod: "720h" @@ -232,9 +232,9 @@ sealed-secrets: requests: cpu: 200m memory: 512Mi -# --------------------------------------------------------------------------------------------------------------------- +# ********************************************************************************************************************* # DOCS: https://github.com/codefresh-io/argo-helm/blob/argo-cd-8.0.6-6-cap-v3.0.2-2025-07-06-e9fc72a9/charts/argo-cd -# --------------------------------------------------------------------------------------------------------------------- +# ********************************************************************************************************************* argo-cd: enabled: true fullnameOverride: argo-cd @@ -277,10 +277,9 @@ argo-cd: enabled: true # -- Extract application version based on ApplicationConfiguration CRD useApplicationConfiguration: true - -# --------------------------------------------------------------------------------------------------------------------- +# ********************************************************************************************************************* # DOCS: https://github.com/codefresh-io/argo-helm/blob/argo-events-2.4.8-cap-CR-29689/charts/argo-events -# --------------------------------------------------------------------------------------------------------------------- +# ********************************************************************************************************************* argo-events: fullnameOverride: argo-events crds: @@ -298,9 +297,9 @@ argo-events: metricsExporterImage: natsio/prometheus-nats-exporter:0.16.0 configReloaderImage: natsio/nats-server-config-reloader:0.18.2 startCommand: /nats-server -# --------------------------------------------------------------------------------------------------------------------- +# ********************************************************************************************************************* # DOCS: https://github.com/codefresh-io/argo-helm/blob/argo-workflows-0.45.15-v3.6.7-cap-CR-28355/charts/argo-workflows -# --------------------------------------------------------------------------------------------------------------------- +# ********************************************************************************************************************* argo-workflows: fullnameOverride: argo enabled: true @@ -328,9 +327,9 @@ codefreshWorkflowLogStoreCM: enabled: true endpoint: gitops-workflow-logs.codefresh.io insecure: false -# --------------------------------------------------------------------------------------------------------------------- +# ********************************************************************************************************************* # DOCS: https://github.com/codefresh-io/argo-helm/blob/argo-rollouts-2.37.3-6-v1.7.2-cap-CR-29629/charts/argo-rollouts -# --------------------------------------------------------------------------------------------------------------------- +# ********************************************************************************************************************* argo-rollouts: enabled: true fullnameOverride: argo-rollouts @@ -500,9 +499,9 @@ internal-router: minAvailable: 1 # -- Set number of pods that are unavailable after eviction as number or percentage maxUnavailable: "" -# --------------------------------------------------------------------------------------------------------------------- +# ********************************************************************************************************************* # DOCS: https://github.com/codefresh-io/codefresh-tunnel-charts/blob/codefresh-tunnel-client-0.1.21-helm/codefresh-tunnel-client/values.yaml -# --------------------------------------------------------------------------------------------------------------------- +# ********************************************************************************************************************* tunnel-client: # -- Will only be used if global.runtime.ingress.enabled = false enabled: true @@ -564,14 +563,14 @@ app-proxy: tag: 1.1.15-main image: repository: quay.io/codefresh/cap-app-proxy - tag: 1.3718.0 + tag: 1.3727.0 pullPolicy: IfNotPresent # -- Extra volume mounts for main container extraVolumeMounts: [] initContainer: image: repository: quay.io/codefresh/cap-app-proxy-init - tag: 1.3718.0 + tag: 1.3727.0 pullPolicy: IfNotPresent command: - ./init.sh diff --git a/installer-image/Dockerfile b/installer-image/Dockerfile index 07f1eb452..ab5e2dffa 100644 --- a/installer-image/Dockerfile +++ b/installer-image/Dockerfile @@ -8,7 +8,7 @@ FROM debian:12.11-slim RUN echo 'debconf debconf/frontend select Noninteractive' | debconf-set-selections -ARG CF_CLI_VERSION=v0.2.10 +ARG CF_CLI_VERSION=v0.2.11 ARG TARGETARCH RUN apt-get update && apt-get install curl jq -y