diff --git a/VERSION b/VERSION index 7db26729..a2e1aa9d 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -0.1.26 +0.1.27 diff --git a/add-cluster/add-cluster.sh b/add-cluster/add-cluster.sh index d8342269..7332b02b 100755 --- a/add-cluster/add-cluster.sh +++ b/add-cluster/add-cluster.sh @@ -50,11 +50,12 @@ BEARER_TOKEN=$(kubectl get secret ${SECRET_NAME} -n ${NAMESPACE} -o jsonpath='{. CLUSTER_NAME=$(echo ${SERVER} | sed s/'http[s]\?:\/\/'//) if [[ $SKIP_TLS_VALIDATION == 'true' ]] then - kubectl config set-cluster "${CLUSTER_NAME}" --server="${SERVER}" || exit 1 + kubectl config set-cluster "${CLUSTER_NAME}" --server="${SERVER}" --insecure-skip-tls-verify=true || exit 1 else # Reference the internal certificate authority (CA) kubectl config set-cluster "${CLUSTER_NAME}" --server="${SERVER}" --certificate-authority="${SERVICEACCOUNT}/ca.crt" || exit 1 fi + kubectl config set-credentials "${SERVICE_ACCOUNT_NAME}" --token "${BEARER_TOKEN}" || exit 1 kubectl config set-context "${CONTEXT_NAME}" --cluster="${CLUSTER_NAME}" --user="${SERVICE_ACCOUNT_NAME}" || exit 1 @@ -84,4 +85,4 @@ if [[ $STATUS_CODE -ge 300 ]]; then fi echo "deleting token secret ${CSDP_TOKEN_SECRET}" -kubectl delete secret ${CSDP_TOKEN_SECRET} -n ${NAMESPACE} || echo "warning: failed deleting secret ${CSDP_TOKEN_SECRET}. you can safely delete this secret manually later with: kubectl delete secret ${CSDP_TOKEN_SECRET} -n ${NAMESPACE}" \ No newline at end of file +kubectl delete secret ${CSDP_TOKEN_SECRET} -n ${NAMESPACE} || echo "warning: failed deleting secret ${CSDP_TOKEN_SECRET}. you can safely delete this secret manually later with: kubectl delete secret ${CSDP_TOKEN_SECRET} -n ${NAMESPACE}" diff --git a/add-cluster/helm/Chart.yaml b/add-cluster/helm/Chart.yaml index ffdd86b6..e3fb5625 100644 --- a/add-cluster/helm/Chart.yaml +++ b/add-cluster/helm/Chart.yaml @@ -6,4 +6,4 @@ type: application version: 0.2.0 -appVersion: 0.6.0 +appVersion: 0.7.0 diff --git a/add-cluster/kustomize/kustomization.yaml b/add-cluster/kustomize/kustomization.yaml index b16c9651..02ad22e7 100644 --- a/add-cluster/kustomize/kustomization.yaml +++ b/add-cluster/kustomize/kustomization.yaml @@ -4,7 +4,7 @@ namespace: kube-system images: - name: quay.io/codefresh/csdp-add-cluster - newTag: 0.6.0 + newTag: 0.7.0 resources: - configmap.yaml diff --git a/csdp/base_components/README.yaml b/csdp/base_components/README.yaml index 0546fb4a..9d6cda3c 100644 --- a/csdp/base_components/README.yaml +++ b/csdp/base_components/README.yaml @@ -1,3 +1,4 @@ + All resources are defined using Kustomize components in this folder in the following structure: base_components: @@ -10,4 +11,4 @@ base_components: this allows us to create configuration bundles - for example HA and non HA configurations. Try to keep resources and patches out of the bundle kustomization, it should contain only the composition of components. - bootstrap: This is the bootstrap component \ No newline at end of file + bootstrap: This is the bootstrap component diff --git a/csdp/base_components/apps/app-proxy/_components/codefresh-base/app-proxy.cm.yaml b/csdp/base_components/apps/app-proxy/_components/codefresh-base/app-proxy.cm.yaml index 97429cd5..6932e07c 100644 --- a/csdp/base_components/apps/app-proxy/_components/codefresh-base/app-proxy.cm.yaml +++ b/csdp/base_components/apps/app-proxy/_components/codefresh-base/app-proxy.cm.yaml @@ -1,6 +1,8 @@ apiVersion: v1 kind: ConfigMap metadata: + labels: + app.kubernetes.io/part-of: cap-app-proxy name: cap-app-proxy-cm data: argoCdUsername: admin diff --git a/csdp/base_components/apps/app-proxy/_components/codefresh-base/app-proxy.crb.yaml b/csdp/base_components/apps/app-proxy/_components/codefresh-base/app-proxy.crb.yaml index 91d5d357..47fcb38b 100644 --- a/csdp/base_components/apps/app-proxy/_components/codefresh-base/app-proxy.crb.yaml +++ b/csdp/base_components/apps/app-proxy/_components/codefresh-base/app-proxy.crb.yaml @@ -1,6 +1,8 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: + labels: + app: cap-app-proxy name: cap-app-proxy-binding roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/csdp/base_components/apps/app-proxy/_components/codefresh-base/app-proxy.deploy.yaml b/csdp/base_components/apps/app-proxy/_components/codefresh-base/app-proxy.deploy.yaml index d79e8627..2ce49d1a 100644 --- a/csdp/base_components/apps/app-proxy/_components/codefresh-base/app-proxy.deploy.yaml +++ b/csdp/base_components/apps/app-proxy/_components/codefresh-base/app-proxy.deploy.yaml @@ -1,10 +1,9 @@ apiVersion: apps/v1 kind: Deployment metadata: - labels: - app: cap-app-proxy name: cap-app-proxy spec: + replicas: 1 selector: matchLabels: app: cap-app-proxy @@ -23,7 +22,7 @@ spec: - -c - | /bin/sh <<'EOF' - if [ $(ls /app/config/tls) ]; then + if [ "$(ls /app/config/tls)" ]; then echo "concatenating certs into /app/config/all/all.cer" cat /app/config/tls/* >> /app/config/all/all.cer else @@ -45,6 +44,12 @@ spec: cpu: '0.2' containers: - env: + - name: ARGO_CD_INSECURE + valueFrom: + configMapKeyRef: + name: cap-app-proxy-cm + key: argoCdInsecure + optional: true - name: ARGO_CD_URL valueFrom: configMapKeyRef: @@ -92,6 +97,54 @@ spec: name: cap-app-proxy-cm key: env optional: true + - name: ISC_ENSURED_EVENT_EMIT_DELAY + valueFrom: + configMapKeyRef: + name: cap-app-proxy-cm + key: iscEnsuredEventEmitDelay + optional: true + - name: IRW_CONCURRENCY_CM_KEY + valueFrom: + configMapKeyRef: + name: cap-app-proxy-cm + key: irwConcurrencyCmKey + optional: true + - name: IRW_CONCURRENCY_CM_NAME + valueFrom: + configMapKeyRef: + name: cap-app-proxy-cm + key: irwConcurrentyCmName + optional: true + - name: IRW_HEARTBEAT_INTERVAL_IN_SECONDS + valueFrom: + configMapKeyRef: + name: cap-app-proxy-cm + key: irwHeartbeatIntervalInSeconds + optional: true + - name: IRW_POD_GC_STRATEGY + valueFrom: + configMapKeyRef: + name: cap-app-proxy-cm + key: irwPodGcStrategy + optional: true + - name: IRW_SERVICE_ACCOUNT + valueFrom: + configMapKeyRef: + name: cap-app-proxy-cm + key: irwServiceAccount + optional: true + - name: IRW_TTL_ACTIVE_IN_SECONDS + valueFrom: + configMapKeyRef: + name: cap-app-proxy-cm + key: irwTtlActiveInSeconds + optional: true + - name: IRW_TTL_AFTER_COMPLETION_IN_SECONDS + valueFrom: + configMapKeyRef: + name: cap-app-proxy-cm + key: irwTtlAfterCompletionInSeconds + optional: true - name: GRAPHQL_DEBUG valueFrom: configMapKeyRef: @@ -104,6 +157,12 @@ spec: name: cap-app-proxy-cm key: graphqlPlayground optional: true + - name: LOG_LEVEL + valueFrom: + configMapKeyRef: + name: cap-app-proxy-cm + key: logLevel + optional: true - name: NAMESPACE valueFrom: fieldRef: @@ -114,6 +173,18 @@ spec: name: cap-app-proxy-cm key: port optional: true + - name: GIT_INTEGRATION_APIURL + valueFrom: + configMapKeyRef: + name: cap-app-proxy-cm + key: gitIntegrationApiUrl + optional: true + - name: GIT_INTEGRATION_PROVIDER + valueFrom: + configMapKeyRef: + name: cap-app-proxy-cm + key: gitIntegrationProvider + optional: true - name: GIT_USERNAME valueFrom: secretKeyRef: @@ -126,6 +197,20 @@ spec: name: autopilot-secret key: git_token optional: true + - name: NODE_EXTRA_CA_CERTS + value: /app/config/all/all.cer + - name: REPO_CREDS_SECRET_NAME + valueFrom: + configMapKeyRef: + name: cap-app-proxy-cm + key: repoCredsSecretName + optional: true + - name: REPO_LOCK_TIMEOUT + valueFrom: + configMapKeyRef: + name: cap-app-proxy-cm + key: repoLockTimeout + optional: true - name: REPOS_DIR valueFrom: configMapKeyRef: @@ -149,6 +234,18 @@ spec: name: codefresh-token key: encryptionIV optional: true + - name: SEND_HEARTBEAT_INTERVAL + valueFrom: + configMapKeyRef: + name: cap-app-proxy-cm + key: sendHeartbeatInterval + optional: true + - name: SKIP_PERMISSIONS_VALIDATION + valueFrom: + configMapKeyRef: + name: cap-app-proxy-cm + key: skipPermissionsValidation + optional: true - name: STORE_BACKEND valueFrom: configMapKeyRef: @@ -161,14 +258,18 @@ spec: name: cap-app-proxy-cm key: stripPrefix optional: true - - name: SKIP_PERMISSIONS_VALIDATION + - name: USER_CACHE_TTL valueFrom: configMapKeyRef: name: cap-app-proxy-cm - key: skipPermissionsValidation + key: userCacheTtl + optional: true + - name: USER_TOKEN + valueFrom: + secretKeyRef: + name: codefresh-user-token + key: token optional: true - - name: NODE_EXTRA_CA_CERTS - value: /app/config/all/all.cer image: quay.io/codefresh/cap-app-proxy imagePullPolicy: Always name: cap-app-proxy diff --git a/csdp/base_components/apps/app-proxy/_components/codefresh-base/kustomization.yaml b/csdp/base_components/apps/app-proxy/_components/codefresh-base/kustomization.yaml index 9ab70d8a..b3ecf984 100644 --- a/csdp/base_components/apps/app-proxy/_components/codefresh-base/kustomization.yaml +++ b/csdp/base_components/apps/app-proxy/_components/codefresh-base/kustomization.yaml @@ -3,7 +3,7 @@ kind: Component images: - name: quay.io/codefresh/cap-app-proxy newName: quay.io/codefresh/cap-app-proxy - newTag: 1.2143.0 + newTag: 1.2167.0 resources: - app-proxy.deploy.yaml - app-proxy.svc.yaml diff --git a/csdp/base_components/apps/app-proxy/_components/ha-manifests/kustomization.yaml b/csdp/base_components/apps/app-proxy/_components/ha-manifests/kustomization.yaml index 2e3b8eca..3f29a91b 100644 --- a/csdp/base_components/apps/app-proxy/_components/ha-manifests/kustomization.yaml +++ b/csdp/base_components/apps/app-proxy/_components/ha-manifests/kustomization.yaml @@ -2,53 +2,53 @@ apiVersion: kustomize.config.k8s.io/v1alpha1 kind: Component resources: - - pdb.yaml +- pdb.yaml patches: - # increase replicas - - target: - group: apps - version: v1 - kind: Deployment - name: cap-app-proxy - patch: |- - - op: add - path: /spec/replicas - value: 2 - # Add leader election sidecar - - target: - group: apps - version: v1 - kind: Deployment - name: cap-app-proxy - path: leader-election.deployment.patch.yaml - # Add leader election role - - target: - kind: Role - name: cap-app-proxy - patch: |- - - op: add - path: /rules/- - value: - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - - op: add - path: /rules/- - value: - apiGroups: - - "" - resources: - - events - verbs: - - create - - patch +# increase replicas +- target: + group: apps + version: v1 + kind: Deployment + name: cap-app-proxy + patch: |- + - op: replace + path: /spec/replicas + value: 2 +# Add leader election sidecar +- target: + group: apps + version: v1 + kind: Deployment + name: cap-app-proxy + path: leader-election.deployment.patch.yaml +# Add leader election role +- target: + kind: Role + name: cap-app-proxy + patch: |- + - op: add + path: /rules/- + value: + apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - op: add + path: /rules/- + value: + apiGroups: + - "" + resources: + - events + verbs: + - create + - patch diff --git a/csdp/base_components/apps/app-proxy/_components/ha-manifests/pdb.yaml b/csdp/base_components/apps/app-proxy/_components/ha-manifests/pdb.yaml index cc7b82c2..2279c2ff 100644 --- a/csdp/base_components/apps/app-proxy/_components/ha-manifests/pdb.yaml +++ b/csdp/base_components/apps/app-proxy/_components/ha-manifests/pdb.yaml @@ -6,4 +6,4 @@ spec: minAvailable: 1 selector: matchLabels: - app: cap-app-proxy + app.kubernetes.io/part-of: cap-app-proxy diff --git a/csdp/base_components/bootstrap/kustomization.yaml b/csdp/base_components/bootstrap/kustomization.yaml index d2504f41..43e50832 100644 --- a/csdp/base_components/bootstrap/kustomization.yaml +++ b/csdp/base_components/bootstrap/kustomization.yaml @@ -9,8 +9,8 @@ configMapGenerator: - name: codefresh-cm behavior: create literals: # order matters - DO NOT change - - version=0.1.26 # Runtime version - - bootstrapRevision=0.1.26 # Tag to use for bootstrap (change this to the name of your branch if you want to test changes) + - version=0.1.27 # Runtime version + - bootstrapRevision=0.1.27 # Tag to use for bootstrap (change this to the name of your branch if you want to test changes) - appsetRequeueTime=15 replacements: # template the version from the configmap into the applicationset generators diff --git a/csdp/hybrid/_components/apps/argo-cd/codefresh-hybrid/kustomization.yaml b/csdp/hybrid/_components/apps/argo-cd/codefresh-hybrid/kustomization.yaml index 9f92c537..f9b2ba7b 100644 --- a/csdp/hybrid/_components/apps/argo-cd/codefresh-hybrid/kustomization.yaml +++ b/csdp/hybrid/_components/apps/argo-cd/codefresh-hybrid/kustomization.yaml @@ -2,4 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1alpha1 kind: Component images: - name: quay.io/codefresh/argocd - newTag: v2.6.0-cap-CR-appset-update \ No newline at end of file + newTag: v2.6.0-cap-CR-17237 diff --git a/csdp/hybrid/basic/runtime.yaml b/csdp/hybrid/basic/runtime.yaml index 0496e146..b6ae2eea 100644 --- a/csdp/hybrid/basic/runtime.yaml +++ b/csdp/hybrid/basic/runtime.yaml @@ -5,7 +5,7 @@ metadata: namespace: "{{ namespace }}" spec: requiredCLIVersion: ^0.1.0 - version: 0.1.26 + version: 0.1.27 bootstrapSpecifier: github.com/codefresh-io/csdp-official/csdp/hybrid/basic/apps/argo-cd components: - name: events