Merge branch 'main' into cj_workbench_images_0.3.5

.github/workflows/publish-app-catalogue.yaml

@@ -67,49 +67,49 @@ jobs:
           # Get the version of the truefoundry helm chart
           cp_chart_version=$(yq e '.spec.source.targetRevision' ./catalogues/tfy-k8s-aws-eks-inframold/templates/truefoundry.yaml)
           # Sync to S3
-          aws s3 sync ./catalogues/tfy-k8s-aws-eks-inframold s3://tfy-argo-application-catalogue/aws-eks --delete
+          aws s3 sync ./catalogues/tfy-k8s-aws-eks-inframold/templates s3://tfy-argo-application-catalogue/aws-eks/templates --delete
           # Sync to S3 chart version folder
-          aws s3 sync ./catalogues/tfy-k8s-aws-eks-inframold s3://tfy-argo-application-catalogue/aws-eks/$cp_chart_version --delete
+          aws s3 sync ./catalogues/tfy-k8s-aws-eks-inframold/templates s3://tfy-argo-application-catalogue/aws-eks/$cp_chart_version/templates --delete
           echo "Synced catalogue for aws-eks successfully"
       - run: |
           echo "Render GCP standard k8s manifests"
           helm template inframold -n argocd -f ./charts/tfy-k8s-gcp-gke-standard-inframold/values-helm.yaml -f ./charts/tfy-k8s-gcp-gke-standard-inframold/values-ocli.yaml ./charts/tfy-k8s-gcp-gke-standard-inframold --output-dir catalogues
           # Get the version of the truefoundry helm chart
           cp_chart_version=$(yq e '.spec.source.targetRevision' ./catalogues/tfy-k8s-gcp-gke-standard-inframold/templates/truefoundry.yaml)
           # Sync to S3
-          aws s3 sync ./catalogues/tfy-k8s-gcp-gke-standard-inframold s3://tfy-argo-application-catalogue/gcp-gke-standard --delete
+          aws s3 sync ./catalogues/tfy-k8s-gcp-gke-standard-inframold/templates s3://tfy-argo-application-catalogue/gcp-gke-standard/templates --delete
           # Sync to S3 chart version folder
-          aws s3 sync ./catalogues/tfy-k8s-gcp-gke-standard-inframold s3://tfy-argo-application-catalogue/gcp-gke-standard/$cp_chart_version --delete
+          aws s3 sync ./catalogues/tfy-k8s-gcp-gke-standard-inframold/templates s3://tfy-argo-application-catalogue/gcp-gke-standard/$cp_chart_version/templates --delete
           echo "Synced catalogue for gcp-standard successfully"
       - run: |
           echo "Render Azure-AKS manifests"
           helm template inframold -n argocd -f ./charts/tfy-k8s-azure-aks-inframold/values-helm.yaml -f ./charts/tfy-k8s-azure-aks-inframold/values-ocli.yaml ./charts/tfy-k8s-azure-aks-inframold --output-dir catalogues
           # Get the version of the truefoundry helm chart
           cp_chart_version=$(yq e '.spec.source.targetRevision' ./catalogues/tfy-k8s-azure-aks-inframold/templates/truefoundry.yaml)
           # Sync to S3
-          aws s3 sync ./catalogues/tfy-k8s-azure-aks-inframold s3://tfy-argo-application-catalogue/azure-aks --delete
+          aws s3 sync ./catalogues/tfy-k8s-azure-aks-inframold/templates s3://tfy-argo-application-catalogue/azure-aks/templates --delete
           # Sync to S3 chart version folder
-          aws s3 sync ./catalogues/tfy-k8s-azure-aks-inframold s3://tfy-argo-application-catalogue/azure-aks/$cp_chart_version --delete
+          aws s3 sync ./catalogues/tfy-k8s-azure-aks-inframold/templates s3://tfy-argo-application-catalogue/azure-aks/$cp_chart_version/templates --delete
           echo "Synced catalogue for azure-aks successfully"
       - run: |
           echo "Render Generic k8s manifests"
           helm template inframold -n argocd -f ./charts/tfy-k8s-generic-inframold/values-helm.yaml -f ./charts/tfy-k8s-generic-inframold/values-ocli.yaml ./charts/tfy-k8s-generic-inframold --output-dir catalogues
           # Get the version of the truefoundry helm chart
           cp_chart_version=$(yq e '.spec.source.targetRevision' ./catalogues/tfy-k8s-generic-inframold/templates/truefoundry.yaml)
           # Sync to S3
-          aws s3 sync ./catalogues/tfy-k8s-generic-inframold s3://tfy-argo-application-catalogue/generic --delete
+          aws s3 sync ./catalogues/tfy-k8s-generic-inframold/templates s3://tfy-argo-application-catalogue/generic/templates --delete
           # Sync to S3 chart version folder
-          aws s3 sync ./catalogues/tfy-k8s-generic-inframold s3://tfy-argo-application-catalogue/generic/$cp_chart_version --delete
+          aws s3 sync ./catalogues/tfy-k8s-generic-inframold/templates s3://tfy-argo-application-catalogue/generic/$cp_chart_version/templates --delete
           echo "Synced catalogue for generic k8s successfully"
       - run: |
           echo "Render Civo-Talos k8s manifests"
           helm template inframold -n argocd -f ./charts/tfy-k8s-civo-talos-inframold/values-helm.yaml -f ./charts/tfy-k8s-civo-talos-inframold/values-ocli.yaml ./charts/tfy-k8s-civo-talos-inframold --output-dir catalogues
           # Get the version of the truefoundry helm chart
           cp_chart_version=$(yq e '.spec.source.targetRevision' ./catalogues/tfy-k8s-civo-talos-inframold/templates/truefoundry.yaml)
           # Sync to S3
-          aws s3 sync ./catalogues/tfy-k8s-civo-talos-inframold s3://tfy-argo-application-catalogue/civo-talos --delete
+          aws s3 sync ./catalogues/tfy-k8s-civo-talos-inframold/templates s3://tfy-argo-application-catalogue/civo-talos/templates --delete
           # Sync to S3 chart version folder
-          aws s3 sync ./catalogues/tfy-k8s-civo-talos-inframold s3://tfy-argo-application-catalogue/civo-talos/$cp_chart_version --delete
+          aws s3 sync ./catalogues/tfy-k8s-civo-talos-inframold/templates s3://tfy-argo-application-catalogue/civo-talos/$cp_chart_version/templates --delete
           echo "Synced catalogue for civo-talos k8s successfully"
       - run: |
           # Invalidate cloudfront

charts/tfy-agent/Chart.yaml

@@ -15,7 +15,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.2.39
+version: 0.2.42
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

charts/tfy-agent/README.md

@@ -33,6 +33,56 @@ This application has two parts.
 * If the list of allowed namespaces is empty. We set up [cluster-wide access](https://github.com/truefoundry/infra-charts/blob/main/charts/tfy-agent/templates/tfy-agent-proxy-clusterrolebinding-ns.yaml) for these namespaced resources.
 
 
+## Trobleshoot
+
+### Using self-signed certificate in control plane URL
+If your control plane URL is using self-signed CA certificate, follow these steps:
+1. Update CA bundle in the container by mounting your CA bundle. This can be done in two ways:
+    1. using volume mounts
+        - create a config map using your `ca-certificate.crt` file
+
+            `kubectl create configmap tfy-ca-cert -n tfy-agent --from-file=ca-certificate.crt`
+
+        - add following volume and volume mounts in both tfyAgent and tfyAgentProxy
+            ```
+            tfyAgent:
+                extraVolumes:
+                - name: ca-certificates-volume
+                  configMap:
+                    name: tfy-ca-cert 
+                    items:
+                    - key: ca-certificates.crt
+                      path: ca-certificates.crt
+                extraVolumeMounts:
+                    - name: ca-certificates-volume
+                      mountPath: /etc/ssl/certs/ca-certificates.crt
+                      subPath: ca-certificates.crt
+                      readOnly: true
+            tfyAgentProxy:
+                extraVolumes:
+                - name: ca-certificates-volume
+                  configMap:
+                    name: tfy-ca-cert 
+                    items:
+                    - key: ca-certificates.crt
+                      path: ca-certificates.crt
+                extraVolumeMounts:
+                    - name: ca-certificates-volume
+                      mountPath: /etc/ssl/certs/ca-certificates.crt
+                      subPath: ca-certificates.crt
+                      readOnly: true
+            ```
+    2. using jspolicy - [link](https://artifacthub.io/packages/helm/truefoundry/tfy-jspolicy-config)
+
+2. Add extraEnv in tfyAgent to allow insecure connection
+    ```
+    tfyAgent:
+        extraEnvVars:
+            - name: NODE_TLS_REJECT_UNAUTHORIZED
+              value: '0'
+    ```
+
+
 ## Parameters
 
 ### Configuration parameters
@@ -77,7 +127,7 @@ This application has two parts.
 | `tfyAgent.service.type`                         | Type for tfyAgent Service                                                                                             | `ClusterIP`                                |
 | `tfyAgent.image.repository`                     | tfyAgent repository                                                                                                   | `tfy.jfrog.io/tfy-images/tfy-agent`        |
 | `tfyAgent.image.pullPolicy`                     | Pull policy for tfyAgent                                                                                              | `IfNotPresent`                             |
-| `tfyAgent.image.tag`                            | Overrides the image tag whose default is the chart appVersion.                                                        | `29b288e0b59ba09cdd4bf51ef97c86bfdcf1e626` |
+| `tfyAgent.image.tag`                            | Overrides the image tag whose default is the chart appVersion.                                                        | `abdd060d96379a09bed4d6c2ab7516a11e154bfa` |
 | `tfyAgent.resources.limits.cpu`                 | CPU resource limits for tfyAgent container. Advised to only increase the limits and not decrease it                   | `500m`                                     |
 | `tfyAgent.resources.limits.memory`              | Memory Resource limits for tfyAgent container. Advised to only increase the limits and not decrease it                | `512Mi`                                    |
 | `tfyAgent.resources.limits.ephemeral-storage`   | Ephemeral storage Resource limits for tfyAgent container. Advised to only increase the limits and not decrease it     | `256Mi`                                    |
@@ -117,7 +167,7 @@ This application has two parts.
 | `tfyAgentProxy.annotations`                                         | Add annotations to tfyAgentProxy pods                                                                                      | `{}`                                       |
 | `tfyAgentProxy.image.repository`                                    | tfyAgentProxy repository                                                                                                   | `tfy.jfrog.io/tfy-images/tfy-agent-proxy`  |
 | `tfyAgentProxy.image.pullPolicy`                                    | Pull policy for tfyAgentProxy                                                                                              | `IfNotPresent`                             |
-| `tfyAgentProxy.image.tag`                                           | Image tag whose default is the chart appVersion.                                                                           | `0823e317799add6beaaa4037b81068f6c25f3bf7` |
+| `tfyAgentProxy.image.tag`                                           | Image tag whose default is the chart appVersion.                                                                           | `fcfb8e398eb01f05fb72cd9115b9ec69a89b9cce` |
 | `tfyAgentProxy.extraEnvVars`                                        | Additional envrionment variables for tfyAgentPRoxy                                                                         | `[]`                                       |
 | `tfyAgentProxy.resources.limits.cpu`                                | CPU resource limits for tfyAgentProxy container. Advised to only increase the limits and not decrease it                   | `500m`                                     |
 | `tfyAgentProxy.resources.limits.memory`                             | Memory Resource limits for tfyAgentProxy container. Advised to only increase the limits and not decrease it                | `512Mi`                                    |
@@ -133,6 +183,8 @@ This application has two parts.
 | `tfyAgentProxy.serviceAccount.create`                               | Bool to enable serviceAccount creation                                                                                     | `true`                                     |
 | `tfyAgentProxy.serviceAccount.annotations`                          | Annotations to add to the serviceAccount                                                                                   | `{}`                                       |
 | `tfyAgentProxy.serviceAccount.name`                                 | Name of the serviceAccount to use. If not set and create is true, a name is generated using the fullname template          | `""`                                       |
+| `tfyAgentProxy.extraVolumes`                                        | Extra volume for tfyAgentProxy container                                                                                   | `[]`                                       |
+| `tfyAgentProxy.extraVolumeMounts`                                   | Extra volume mount for tfyAgentProxy container                                                                             | `[]`                                       |
 | `tfyAgentProxy.clusterRole.enable`                                  | Create cluster role.                                                                                                       | `true`                                     |
 | `tfyAgentProxy.clusterRole.strictMode`                              | Only add required authz rules.                                                                                             | `false`                                    |
 | `tfyAgentProxy.clusterRole.clusterScopedAdditionalClusterRoleRules` | Additional rules to add to the cluster role for cluster-scoped resources.                                                  | `[]`                                       |

charts/tfy-agent/templates/tfy-agent-proxy-deployment.yaml

@@ -51,6 +51,8 @@ spec:
           imagePullPolicy: {{ .Values.tfyAgentProxy.image.pullPolicy }}
           resources:
             {{- toYaml .Values.tfyAgentProxy.resources | nindent 12 }}
+          volumeMounts:
+            {{- toYaml .Values.tfyAgentProxy.extraVolumeMounts | nindent 12 }}
       {{- with .Values.tfyAgentProxy.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}
@@ -66,4 +68,6 @@ spec:
       {{- with .Values.tfyAgentProxy.priorityClassName }}
       priorityClassName: {{ . | quote }}
       {{- end }}
+      volumes:
+        {{- toYaml .Values.tfyAgentProxy.extraVolumes | nindent 8 }}
 {{- end }}       

charts/tfy-agent/values.yaml

@@ -25,8 +25,7 @@ config:
   ## @param config.controlPlaneClusterIP ClusterIP of the control plane to connect agent (format: `http://`)
   ##
   controlPlaneClusterIP: "http://truefoundry-truefoundry-frontend-app.truefoundry.svc.cluster.local:5000"
-
-   ## @param config.controlPlaneControllerClusterIP ClusterIP of the control plane controller to connect proxy (format: `http://`)
+  ## @param config.controlPlaneControllerClusterIP ClusterIP of the control plane controller to connect proxy (format: `http://`)
   ##
   controlPlaneControllerClusterIP: "http://truefoundry-tfy-controller.truefoundry.svc.cluster.local:8123"
 
@@ -73,8 +72,8 @@ config:
   #   - default
   #   - namespace-1
 
-## @param imagePullSecrets Secrets to pull images
-##
+  ## @param imagePullSecrets Secrets to pull images
+  ##
 imagePullSecrets: []
 
 ## @param nameOverride String to override partial name passed in helm install command
@@ -141,7 +140,7 @@ tfyAgent:
     ## @param tfyAgent.service.port Port for tfyAgent service
     ##
     port: 3000
-    
+
     ## @param tfyAgent.service.nodePort Port to expose on each node. Only used if service.type is 'NodePort'
     ##
     nodePort: ""
@@ -170,7 +169,7 @@ tfyAgent:
     ##
     pullPolicy: IfNotPresent
     ## @param tfyAgent.image.tag Overrides the image tag whose default is the chart appVersion.
-    tag: "29b288e0b59ba09cdd4bf51ef97c86bfdcf1e626"
+    tag: "abdd060d96379a09bed4d6c2ab7516a11e154bfa"
 
   ## Define resources requests and limits for single Pods.
   ## ref: https://kubernetes.io/docs/user-guide/compute-resources/
@@ -322,7 +321,7 @@ tfyAgentProxy:
     pullPolicy: IfNotPresent
     ## @param tfyAgentProxy.image.tag Image tag whose default is the chart appVersion.
     ##
-    tag: "0823e317799add6beaaa4037b81068f6c25f3bf7"
+    tag: "fcfb8e398eb01f05fb72cd9115b9ec69a89b9cce"
 
   ## @param tfyAgentProxy.extraEnvVars Additional envrionment variables for tfyAgentPRoxy
   ##
@@ -420,6 +419,13 @@ tfyAgentProxy:
     ## @param tfyAgentProxy.serviceAccount.name Name of the serviceAccount to use. If not set and create is true, a name is generated using the fullname template
     ## 
     name: ""
+
+  ## @param tfyAgentProxy.extraVolumes Extra volume for tfyAgentProxy container
+  ##
+  extraVolumes: []
+  ## @param tfyAgentProxy.extraVolumeMounts Extra volume mount for tfyAgentProxy container
+  ##
+  extraVolumeMounts: []
 
   clusterRole:
     ## @param tfyAgentProxy.clusterRole.enable Create cluster role.
@@ -440,8 +446,8 @@ tfyAgentProxy:
     #   resources: ["namespaces"]
     #   verbs: ["create"]
 
-## @section resourceQuota Add a ResourceQuota to enable priority class in a namspace.
-##
+    ## @section resourceQuota Add a ResourceQuota to enable priority class in a namspace.
+    ##
 resourceQuota:
   ## @param resourceQuota.enabled Create the ResourceQuota.
   enabled: true

charts/tfy-buildkitd-service/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 name: tfy-buildkitd-service
 description: Buildkitd service chart
 type: application
-version: 0.2.1-rc.1
+version: 0.2.1
 appVersion: "0.16.0"
 maintainers:
   - name: truefoundry