diff --git a/charts/truefoundry/Chart.lock b/charts/truefoundry/Chart.lock index 97701fb7..e5a0790e 100644 --- a/charts/truefoundry/Chart.lock +++ b/charts/truefoundry/Chart.lock @@ -10,6 +10,6 @@ dependencies: version: 15.2.2 - name: tfy-buildkitd-service repository: https://truefoundry.github.io/infra-charts/ - version: 0.2.0 -digest: sha256:568b049593765e6583cb046e218904cd5e04371283739d280da511dc2f4b6dd3 -generated: "2024-11-01T14:15:58.388967+05:30" + version: 0.2.1-rc.1 +digest: sha256:0f3eab55d9395afea9ba9382c532dd53c61acc58c7e1ea87adb85a5a51dd1c71 +generated: "2024-11-08T15:07:07.114652559+05:30" diff --git a/charts/truefoundry/Chart.yaml b/charts/truefoundry/Chart.yaml index fac300fb..a8b79b85 100644 --- a/charts/truefoundry/Chart.yaml +++ b/charts/truefoundry/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: truefoundry -version: 0.10.0 +version: 0.11.0 description: "TrueFoundry Control Plane Components" maintainers: - name: truefoundry @@ -20,4 +20,4 @@ dependencies: - condition: tfy-buildkitd-service.enabled name: tfy-buildkitd-service repository: https://truefoundry.github.io/infra-charts/ - version: 0.2.0 + version: 0.2.1-rc.1 diff --git a/charts/truefoundry/README.md b/charts/truefoundry/README.md index d24d3263..cda0829c 100644 --- a/charts/truefoundry/README.md +++ b/charts/truefoundry/README.md @@ -11,7 +11,7 @@ truefoundry is an applications that gets deployed on the kubernetes cluster to s | `global.truefoundryImagePullConfigJSON` | JSON config for image pull secret | `""` | | `global.tenantName` | Name of the tenant | `""` | | `global.controlPlaneURL` | URL of the control plane | `http://truefoundry-truefoundry-frontend-app.truefoundry.svc.cluster.local:5000` | -| `global.controlPlaneChartVersion` | Version of control-plane chart | `0.10.0` | +| `global.controlPlaneChartVersion` | Version of control-plane chart | `0.11.0` | | `global.existingTruefoundryCredsSecret` | Name of the existing truefoundry creds secret | `""` | | `global.database.host` | Control plane database hostname when dev mode is not enabled | `""` | | `global.database.name` | Control plane database name when dev mode is not enabled | `""` | @@ -23,19 +23,20 @@ truefoundry is an applications that gets deployed on the kubernetes cluster to s ### Truefoundry bootstrap values -| Name | Description | Value | -| ---------------------------------------- | ------------------------------------------------------- | ---------------------------------------- | -| `truefoundryBootstrap.enabled` | Bool to enable truefoundry bootstrap | `true` | -| `truefoundryBootstrap.image.repository` | Truefoundry bootstrap image repository | `tfy.jfrog.io/tfy-mirror/library/ubuntu` | -| `truefoundryBootstrap.image.tag` | Truefoundry bootstrap image tag | `latest` | -| `truefoundryBootstrap.natsConfigmapName` | Truefoundry nats configmap name | `nats-accounts` | -| `truefoundryBootstrap.extraEnvVars` | Extra environment variables for the bootstrap container | `[]` | -| `truefoundryBootstrap.extraVolumeMounts` | Extra volume mounts for the bootstrap container | `[]` | -| `truefoundryBootstrap.extraVolumes` | Extra volumes for the bootstrap container | `[]` | -| `truefoundryBootstrap.affinity` | Affinity for the bootstrap container | `{}` | -| `truefoundryBootstrap.nodeSelector` | Node selector for the bootstrap container | `{}` | -| `truefoundryBootstrap.tolerations` | Tolerations specific to the bootstrap container | `{}` | -| `truefoundryBootstrap.imagePullSecrets` | Image pull secrets for the bootstrap container | `[]` | +| Name | Description | Value | +| ----------------------------------------------------- | ------------------------------------------------------- | ---------------------------------------- | +| `truefoundryBootstrap.enabled` | Bool to enable truefoundry bootstrap | `true` | +| `truefoundryBootstrap.image.repository` | Truefoundry bootstrap image repository | `tfy.jfrog.io/tfy-mirror/library/ubuntu` | +| `truefoundryBootstrap.image.tag` | Truefoundry bootstrap image tag | `latest` | +| `truefoundryBootstrap.natsConfigmapName` | Truefoundry nats configmap name | `nats-accounts` | +| `truefoundryBootstrap.extraEnvVars` | Extra environment variables for the bootstrap container | `[]` | +| `truefoundryBootstrap.extraVolumeMounts` | Extra volume mounts for the bootstrap container | `[]` | +| `truefoundryBootstrap.extraVolumes` | Extra volumes for the bootstrap container | `[]` | +| `truefoundryBootstrap.affinity` | Affinity for the bootstrap container | `{}` | +| `truefoundryBootstrap.nodeSelector` | Node selector for the bootstrap container | `{}` | +| `truefoundryBootstrap.tolerations` | Tolerations specific to the bootstrap container | `{}` | +| `truefoundryBootstrap.imagePullSecrets` | Image pull secrets for the bootstrap container | `[]` | +| `truefoundryBootstrap.createdBuildkitServiceTlsCerts` | Bool to install TLS certificates | `false` | ### Truefoundry Frontend App values @@ -46,7 +47,7 @@ truefoundry is an applications that gets deployed on the kubernetes cluster to s | `truefoundryFrontendApp.replicaCount` | Number of replicas for the frontend app | `1` | | `truefoundryFrontendApp.global` | Global values for the frontend app | `{}` | | `truefoundryFrontendApp.image.repository` | Image repository for the frontend app | `tfy.jfrog.io/tfy-private-images/truefoundry-frontend-app` | -| `truefoundryFrontendApp.image.tag` | Image tag for the frontend app | `v0.9.0` | +| `truefoundryFrontendApp.image.tag` | Image tag for the frontend app | `v0.10.0` | | `truefoundryFrontendApp.envSecretName` | Secret name for the frontend app environment variables | `truefoundry-frontend-app-env-secret` | | `truefoundryFrontendApp.imagePullPolicy` | Image pull policy for the frontend app | `IfNotPresent` | | `truefoundryFrontendApp.nameOverride` | Override name for the frontend app | `""` | @@ -132,7 +133,7 @@ truefoundry is an applications that gets deployed on the kubernetes cluster to s | `servicefoundryServer.replicaCount` | Number of replicas for the servicefoundry server | `1` | | `servicefoundryServer.global` | Global values for the servicefoundry server | `{}` | | `servicefoundryServer.image.repository` | Image repository for the servicefoundry server | `tfy.jfrog.io/tfy-private-images/servicefoundry-server` | -| `servicefoundryServer.image.tag` | Image tag for the servicefoundry server | `v0.10.0` | +| `servicefoundryServer.image.tag` | Image tag for the servicefoundry server | `v0.11.0` | | `servicefoundryServer.environmentName` | Environment name for the servicefoundry server | `default` | | `servicefoundryServer.envSecretName` | Secret name for the servicefoundry server environment variables | `servicefoundry-server-env-secret` | | `servicefoundryServer.imagePullPolicy` | Image pull policy for the servicefoundry server | `IfNotPresent` | @@ -173,7 +174,7 @@ truefoundry is an applications that gets deployed on the kubernetes cluster to s | `tfyK8sController.replicaCount` | Number of replicas for the tfyK8sController | `1` | | `tfyK8sController.global` | Global values for the tfyK8sController | `{}` | | `tfyK8sController.image.repository` | Image repository for the tfyK8sController | `tfy.jfrog.io/tfy-private-images/tfy-k8s-controller` | -| `tfyK8sController.image.tag` | Image tag for the tfyK8sController | `v0.7.0` | +| `tfyK8sController.image.tag` | Image tag for the tfyK8sController | `v0.8.0` | | `tfyK8sController.environmentName` | Environment name for tfyK8sController | `default` | | `tfyK8sController.envSecretName` | Secret name for the tfyK8sController environment variables | `tfy-k8s-controller-env-secret` | | `tfyK8sController.imagePullPolicy` | Image pull policy for the tfyK8sController | `IfNotPresent` | @@ -208,7 +209,7 @@ truefoundry is an applications that gets deployed on the kubernetes cluster to s | `sfyManifestService.tolerations` | Tolerations specific to the sfy manifest service | `{}` | | `sfyManifestService.global` | Global values for the sfy manifest service | `{}` | | `sfyManifestService.image.repository` | Image repository for the sfy manifest service | `tfy.jfrog.io/tfy-private-images/sfy-manifest-service` | -| `sfyManifestService.image.tag` | Image tag for the sfy manifest service | `v0.7.0` | +| `sfyManifestService.image.tag` | Image tag for the sfy manifest service | `v0.8.0` | | `sfyManifestService.replicaCount` | Number of replicas for the sfy manifest service | `1` | | `sfyManifestService.environmentName` | Environment name for the sfy manifest service | `default` | | `sfyManifestService.envSecretName` | Secret name for the sfy manifest service environment variables | `sfy-manifest-service-env-secret` | @@ -343,6 +344,8 @@ update-build.sh '{"status":"SUCCEEDED"}' | `tfy-buildkitd-service.enabled` | Bool to enable the tfy-buildkitd service | `false` | | `tfy-buildkitd-service.service.port` | port number for the tfy-buildkitd service | `1234` | | `tfy-buildkitd-service.replicaCount` | Number of replicas Value kept for future use, kept 1 | `1` | +| `tfy-buildkitd-service.tls.enabled` | Enable TLS for the tfy-buildkitd service | `false` | +| `tfy-buildkitd-service.tls.buildkitClientCertsSecretName` | Name of the secret containing the TLS certificate | `tfy-buildkit-client-certs` | | `postgresql.auth.existingSecret` | Name of the existing secret for PostgreSQL authentication | `truefoundry-postgresql-auth-secret` | | `postgresql.auth.database` | Name of the database for PostgreSQL | `truefoundry` | @@ -353,7 +356,7 @@ update-build.sh '{"status":"SUCCEEDED"}' | `tfyController.enabled` | Bool to enable the tfyController | `true` | | `tfyController.global` | Global values for the tfyController | `{}` | | `tfyController.image.repository` | Image repository for the tfyController | `tfy.jfrog.io/tfy-private-images/tfy-controller` | -| `tfyController.image.tag` | Image tag for the tfyController | `v0.5.0` | +| `tfyController.image.tag` | Image tag for the tfyController | `v0.6.0` | | `tfyController.environmentName` | Environment name for the tfyController | `default` | | `tfyController.envSecretName` | Secret name for the tfyController environment variables | `sfy-manifest-service-env-secret` | | `tfyController.imagePullPolicy` | Image pull policy for the tfyController | `IfNotPresent` | diff --git a/charts/truefoundry/templates/bootstrap/configmap.yaml b/charts/truefoundry/templates/bootstrap/configmap.yaml index 077de292..999da082 100644 --- a/charts/truefoundry/templates/bootstrap/configmap.yaml +++ b/charts/truefoundry/templates/bootstrap/configmap.yaml @@ -38,6 +38,75 @@ data: && mv kubectl /usr/bin/ } + create_tfy_buildkit_tls_certificates_and_secrets(){ + ( + set -eu + if [[ "$INSTALL_TLS_CERTIFICATES" != "true" ]]; then + print_yellow "Skipping TLS certificate generation" + return 0 + fi + PRODUCT=tfy-buildkit + DIR=./.certs + EXPIRATION_DAYS=36500 # 100 years expiration + if kubectl get secret ${PRODUCT}-daemon-certs -n "$TRUEFOUNDRY_NAMESPACE" &> /dev/null && kubectl get secret ${PRODUCT}-client-certs -n "$TRUEFOUNDRY_NAMESPACE" &> /dev/null; then + print_green "Secrets already exist. Exiting..." + return 0 + fi + + if [[ "$#" -lt 1 ]]; then + echo "Usage: $0 SAN [SAN...]" + echo + echo "Example: $0 buildkitd.default.svc " + echo + echo "The following files will be created under ${DIR}" + echo "- daemon/{ca.pem,cert.pem,key.pem}" + echo "- client/{ca.pem,cert.pem,key.pem}" + echo "- ${PRODUCT}-daemon-certs.yaml" + echo "- ${PRODUCT}-client-certs.yaml" + echo "- SAN" + exit 1 + fi + + if ! command -v openssl >/dev/null; then + echo "Missing OpenSSL" + exit 1 + fi + + SAN1=$1 + SAN2=$2 + SAN_CLIENT=client + + mkdir -p $DIR ${DIR}/daemon ${DIR}/client + + openssl genrsa -out ${DIR}/key.pem 4096 + openssl req -x509 -nodes -new -sha256 -days $EXPIRATION_DAYS -keyout ${DIR}/key.pem -out ${DIR}/rootCA.pem -subj "/C=US/ST=CA/L=San-Francisco/O=TrueFoundry/CN=Root CA" + + + # Generate a server private key and certificate using the root CA + openssl genrsa -out ${DIR}/daemon/key.pem 4096 + openssl req -new -key ${DIR}/daemon/key.pem -out ${DIR}/daemon/csr.pem -subj "/C=US/ST=CA/L=San-Francisco/O=TrueFoundry/CN=server" + openssl x509 -req -in ${DIR}/daemon/csr.pem -CA ${DIR}/rootCA.pem -CAkey ${DIR}/key.pem -CAcreateserial -out ${DIR}/daemon/cert.pem -days $EXPIRATION_DAYS -extfile <(printf "subjectAltName=DNS:%s, DNS:%s,IP:0.0.0.0" "$SAN1" "$SAN2") + + # Generate a client private key and certificate using the root CA + openssl genrsa -out ${DIR}/client/key.pem 4096 + openssl req -new -key ${DIR}/client/key.pem -out ${DIR}/client/csr.pem -subj "/C=US/ST=CA/L=San-Francisco/O=TrueFoundry/CN=$SAN_CLIENT" + openssl x509 -req -in ${DIR}/client/csr.pem -CA ${DIR}/rootCA.pem -CAkey ${DIR}/key.pem -CAcreateserial -out ${DIR}/client/cert.pem -days $EXPIRATION_DAYS + + # Copy the root CA certificates + cp -f ${DIR}/rootCA.pem ${DIR}/daemon/ca.pem + cp -f ${DIR}/rootCA.pem ${DIR}/client/ca.pem + rm -f ${DIR}/daemon/csr.pem ${DIR}/client/csr.pem + rm -f ${DIR}/rootCA.pem ${DIR}/key.pem + + # Create Kubernetes secrets + kubectl create secret generic ${PRODUCT}-daemon-certs -n truefoundry --dry-run=client -o yaml --from-file=${DIR}/daemon > $DIR/${PRODUCT}-daemon-certs.yaml + kubectl create secret generic ${PRODUCT}-client-certs -n truefoundry --dry-run=client -o yaml --from-file=${DIR}/client > $DIR/${PRODUCT}-client-certs.yaml + + kubectl apply -f $DIR/${PRODUCT}-daemon-certs.yaml + kubectl apply -f $DIR/${PRODUCT}-client-certs.yaml + ) + } + migrate_nats_seed_to_dedicated_secret() { # Get the value of NATS_CONTROLPLANE_ACCOUNT_SEED from the secret NATS_SEED=$(kubectl -n $TRUEFOUNDRY_NAMESPACE get secret servicefoundry-server-env-secret -o jsonpath='{.data.NATS_CONTROLPLANE_ACCOUNT_SEED}' | base64 --decode) @@ -82,6 +151,7 @@ data: fi install_binaries + create_tfy_buildkit_tls_certificates_and_secrets *.{{ include "tfy-buildkitd.buildkitdServiceName" . }}.$TRUEFOUNDRY_NAMESPACE.svc.cluster.local *.$TRUEFOUNDRY_NAMESPACE.svc.cluster.local kubectl -n $TRUEFOUNDRY_NAMESPACE get cm $TRUEFOUNDRY_NATS_CONFIGMAP if [ $? -eq 0 ]; then diff --git a/charts/truefoundry/templates/bootstrap/job.yaml b/charts/truefoundry/templates/bootstrap/job.yaml index d3f3932a..69252905 100644 --- a/charts/truefoundry/templates/bootstrap/job.yaml +++ b/charts/truefoundry/templates/bootstrap/job.yaml @@ -25,6 +25,8 @@ spec: value: "{{ .Values.truefoundryBootstrap.natsConfigmapName }}" - name: TRUEFOUNDRY_NAMESPACE value: "{{ .Release.Namespace }}" + - name: INSTALL_TLS_CERTIFICATES + value: "{{ .Values.truefoundryBootstrap.createdBuildkitServiceTlsCerts }}" {{- range $val := .Values.truefoundryBootstrap.extraEnvVars }} - name: {{ $val.name }} value: {{ $val.value }} diff --git a/charts/truefoundry/templates/tfy-build/build-workflow-workflow-template.yaml b/charts/truefoundry/templates/tfy-build/build-workflow-workflow-template.yaml index 0111dab2..e1ec29bd 100644 --- a/charts/truefoundry/templates/tfy-build/build-workflow-workflow-template.yaml +++ b/charts/truefoundry/templates/tfy-build/build-workflow-workflow-template.yaml @@ -422,6 +422,11 @@ spec: - key: .dockerconfigjson path: base_config.json secretName: {{ .Values.tfyBuild.truefoundryWorkflows.sfyBuilder.baseImagePullSecret }} + {{- end }} + {{- if index .Values "tfy-buildkitd-service" "tls" "enabled" }} + - name: buildkit-client-cert + secret: + secretName: {{ index .Values "tfy-buildkitd-service" "tls" "buildkitClientCertsSecretName" }} {{- end }} - name: scripts projected: @@ -482,6 +487,10 @@ spec: - name: truefoundry-docker-config mountPath: /root/.truefoundry/.docker/ {{- end }} + {{- if index .Values "tfy-buildkitd-service" "tls" "enabled" }} + - name: buildkit-client-cert + mountPath: "/etc/buildkit/certs/" + {{- end }} {{- range $value := .Values.tfyBuild.truefoundryWorkflows.sfyBuilder.buildSecrets }} - name: {{ $value.id | replace "." "-" }} mountPath: "/truefoundry-build-secrets/" diff --git a/charts/truefoundry/tfy-build-scripts/build-and-push.sh b/charts/truefoundry/tfy-build-scripts/build-and-push.sh index dfd13787..708eeac8 100644 --- a/charts/truefoundry/tfy-build-scripts/build-and-push.sh +++ b/charts/truefoundry/tfy-build-scripts/build-and-push.sh @@ -11,10 +11,17 @@ printf "\033[36m[Start]\033[0m Building and pushing the docker container. Please IMAGE="$DOCKER_REGISTRY_URL/$DOCKER_REPO" TAG=$DOCKER_TAG +BUILDKIT_CERTS_PATH="/etc/buildkit/certs" printf "\033[36m[==== Docker logs start ====]\033[0m\n" -docker buildx create --name remote-kubernetes --driver remote tcp://"$BUILDKIT_SERVICE_URL" +BUILDX_CREATE_ARGS="--name remote-kubernetes --driver remote tcp://${BUILDKIT_SERVICE_URL}" + +if [[ -d "$BUILDKIT_CERTS_PATH" ]]; then + BUILDX_CREATE_ARGS="${BUILDX_CREATE_ARGS} --driver-opt key=${BUILDKIT_CERTS_PATH}/key.pem,cert=${BUILDKIT_CERTS_PATH}/cert.pem,cacert=${BUILDKIT_CERTS_PATH}/ca.pem" +fi + +docker buildx create ${BUILDX_CREATE_ARGS} if [ -d "$SOURCE_CODE_DOWNLOAD_PATH" ]; then cd "$SOURCE_CODE_DOWNLOAD_PATH" diff --git a/charts/truefoundry/tfy-build-scripts/update-build.sh b/charts/truefoundry/tfy-build-scripts/update-build.sh index 63df7b20..eb84640a 100755 --- a/charts/truefoundry/tfy-build-scripts/update-build.sh +++ b/charts/truefoundry/tfy-build-scripts/update-build.sh @@ -53,6 +53,7 @@ if [[ "$status" != "null" ]]; then echo "Updating build status to $status" fi +echo "Final payload: $FINAL_PAYLOAD" curl --no-progress-meter --show-error -X "PATCH" \ -H "Content-Type: application/json" \ -d "$FINAL_PAYLOAD" \ diff --git a/charts/truefoundry/values.yaml b/charts/truefoundry/values.yaml index 9cb465f4..8c6b0b02 100644 --- a/charts/truefoundry/values.yaml +++ b/charts/truefoundry/values.yaml @@ -15,7 +15,7 @@ global: ## @param global.controlPlaneURL URL of the control plane controlPlaneURL: "http://truefoundry-truefoundry-frontend-app.truefoundry.svc.cluster.local:5000" ## @param global.controlPlaneChartVersion Version of control-plane chart - controlPlaneChartVersion: 0.10.0 + controlPlaneChartVersion: 0.11.0 # If you have an existing truefoundry-creds secret, provide the name here. # This will ignore `.global.database` and `.global.tfyApiKey` values. ## @param global.existingTruefoundryCredsSecret Name of the existing truefoundry creds secret @@ -83,6 +83,8 @@ truefoundryBootstrap: ## @param truefoundryBootstrap.imagePullSecrets Image pull secrets for the bootstrap container ## imagePullSecrets: [] + ## @param truefoundryBootstrap.createdBuildkitServiceTlsCerts Bool to install TLS certificates + createdBuildkitServiceTlsCerts: "false" ################################################################################################################### ####################################### Truefoundry Frontend App ################################################## ################################################################################################################### @@ -101,7 +103,7 @@ truefoundryFrontendApp: ## @param truefoundryFrontendApp.image.repository Image repository for the frontend app repository: "tfy.jfrog.io/tfy-private-images/truefoundry-frontend-app" ## @param truefoundryFrontendApp.image.tag Image tag for the frontend app - tag: "v0.9.0" + tag: "v0.10.0" ## @param truefoundryFrontendApp.envSecretName Secret name for the frontend app environment variables envSecretName: truefoundry-frontend-app-env-secret ## @param truefoundryFrontendApp.imagePullPolicy Image pull policy for the frontend app @@ -388,7 +390,7 @@ servicefoundryServer: ## @param servicefoundryServer.image.repository Image repository for the servicefoundry server repository: "tfy.jfrog.io/tfy-private-images/servicefoundry-server" ## @param servicefoundryServer.image.tag Image tag for the servicefoundry server - tag: "v0.10.0" + tag: "v0.11.0" ## @param servicefoundryServer.environmentName Environment name for the servicefoundry server environmentName: default ## @param servicefoundryServer.envSecretName Secret name for the servicefoundry server environment variables @@ -476,6 +478,7 @@ servicefoundryServer: TFY_BUILD_LOGS_URL: "{{ .Values.global.controlPlaneURL }}/api/svc" TFY_BUILD_WS_URL: "{{ .Values.global.controlPlaneURL }}" AUTH_SERVER_URL: https://auth.truefoundry.com + CONTROL_PLANE_VERSION: "{{ .Values.global.controlPlaneChartVersion }}" TENANT_NAME: "{{ .Values.global.tenantName }}" MANIFEST_SERVICE_URL: http://{{ .Release.Name }}-sfy-manifest-service.{{ .Release.Namespace }}.svc.cluster.local:8080 MLFOUNDRY_SERVER_URL: http://{{ .Release.Name }}-mlfoundry-server.{{ .Release.Namespace }}.svc.cluster.local:5000 @@ -538,7 +541,7 @@ tfyK8sController: ## @param tfyK8sController.image.repository Image repository for the tfyK8sController repository: "tfy.jfrog.io/tfy-private-images/tfy-k8s-controller" ## @param tfyK8sController.image.tag Image tag for the tfyK8sController - tag: "v0.7.0" + tag: "v0.8.0" ## @param tfyK8sController.environmentName Environment name for tfyK8sController environmentName: default ## @param tfyK8sController.envSecretName Secret name for the tfyK8sController environment variables @@ -630,7 +633,7 @@ sfyManifestService: ## @param sfyManifestService.image.repository Image repository for the sfy manifest service repository: "tfy.jfrog.io/tfy-private-images/sfy-manifest-service" ## @param sfyManifestService.image.tag Image tag for the sfy manifest service - tag: "v0.7.0" + tag: "v0.8.0" ## @param sfyManifestService.replicaCount Number of replicas for the sfy manifest service replicaCount: 1 ## @param sfyManifestService.environmentName Environment name for the sfy manifest service @@ -1035,6 +1038,11 @@ tfy-buildkitd-service: port: 1234 ## @param tfy-buildkitd-service.replicaCount Number of replicas Value kept for future use, kept 1 replicaCount: 1 + tls: + ## @param tfy-buildkitd-service.tls.enabled Enable TLS for the tfy-buildkitd service + enabled: false + ## @param tfy-buildkitd-service.tls.buildkitClientCertsSecretName Name of the secret containing the TLS certificate + buildkitClientCertsSecretName: "tfy-buildkit-client-certs" # To further configure the local postgres installation use the following section. # During cleanup, make sure to remove any stray pvc that might be created. ## postgresql Settings corresponding to the postgresql database @@ -1076,7 +1084,7 @@ tfyController: ## @param tfyController.image.repository Image repository for the tfyController repository: tfy.jfrog.io/tfy-private-images/tfy-controller ## @param tfyController.image.tag Image tag for the tfyController - tag: v0.5.0 + tag: v0.6.0 ## @param tfyController.environmentName Environment name for the tfyController environmentName: default ## @param tfyController.envSecretName Secret name for the tfyController environment variables