From 4686e98ace5d0c8e7a385160570ca264e765d0b0 Mon Sep 17 00:00:00 2001 From: geekygulshan Date: Mon, 11 Nov 2024 13:37:24 +0000 Subject: [PATCH 1/2] [CI] Publish Truefoundry chart version --- charts/truefoundry/Chart.lock | 6 +- charts/truefoundry/Chart.yaml | 4 +- charts/truefoundry/README.md | 127 +++++++++--------- .../templates/bootstrap/configmap.yaml | 70 ++++++++++ .../truefoundry/templates/bootstrap/job.yaml | 2 + .../build-workflow-workflow-template.yaml | 9 ++ .../tfy-build-scripts/build-and-push.sh | 9 +- .../tfy-build-scripts/update-build.sh | 1 + charts/truefoundry/values.yaml | 20 ++- 9 files changed, 169 insertions(+), 79 deletions(-) diff --git a/charts/truefoundry/Chart.lock b/charts/truefoundry/Chart.lock index 97701fb7..e5a0790e 100644 --- a/charts/truefoundry/Chart.lock +++ b/charts/truefoundry/Chart.lock @@ -10,6 +10,6 @@ dependencies: version: 15.2.2 - name: tfy-buildkitd-service repository: https://truefoundry.github.io/infra-charts/ - version: 0.2.0 -digest: sha256:568b049593765e6583cb046e218904cd5e04371283739d280da511dc2f4b6dd3 -generated: "2024-11-01T14:15:58.388967+05:30" + version: 0.2.1-rc.1 +digest: sha256:0f3eab55d9395afea9ba9382c532dd53c61acc58c7e1ea87adb85a5a51dd1c71 +generated: "2024-11-08T15:07:07.114652559+05:30" diff --git a/charts/truefoundry/Chart.yaml b/charts/truefoundry/Chart.yaml index fac300fb..a8b79b85 100644 --- a/charts/truefoundry/Chart.yaml +++ b/charts/truefoundry/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: truefoundry -version: 0.10.0 +version: 0.11.0 description: "TrueFoundry Control Plane Components" maintainers: - name: truefoundry @@ -20,4 +20,4 @@ dependencies: - condition: tfy-buildkitd-service.enabled name: tfy-buildkitd-service repository: https://truefoundry.github.io/infra-charts/ - version: 0.2.0 + version: 0.2.1-rc.1 diff --git a/charts/truefoundry/README.md b/charts/truefoundry/README.md index d24d3263..4a7a90f4 100644 --- a/charts/truefoundry/README.md +++ b/charts/truefoundry/README.md @@ -11,7 +11,7 @@ truefoundry is an applications that gets deployed on the kubernetes cluster to s | `global.truefoundryImagePullConfigJSON` | JSON config for image pull secret | `""` | | `global.tenantName` | Name of the tenant | `""` | | `global.controlPlaneURL` | URL of the control plane | `http://truefoundry-truefoundry-frontend-app.truefoundry.svc.cluster.local:5000` | -| `global.controlPlaneChartVersion` | Version of control-plane chart | `0.10.0` | +| `global.controlPlaneChartVersion` | Version of control-plane chart | `0.6.2` | | `global.existingTruefoundryCredsSecret` | Name of the existing truefoundry creds secret | `""` | | `global.database.host` | Control plane database hostname when dev mode is not enabled | `""` | | `global.database.name` | Control plane database name when dev mode is not enabled | `""` | @@ -46,7 +46,7 @@ truefoundry is an applications that gets deployed on the kubernetes cluster to s | `truefoundryFrontendApp.replicaCount` | Number of replicas for the frontend app | `1` | | `truefoundryFrontendApp.global` | Global values for the frontend app | `{}` | | `truefoundryFrontendApp.image.repository` | Image repository for the frontend app | `tfy.jfrog.io/tfy-private-images/truefoundry-frontend-app` | -| `truefoundryFrontendApp.image.tag` | Image tag for the frontend app | `v0.9.0` | +| `truefoundryFrontendApp.image.tag` | Image tag for the frontend app | `v0.5.1` | | `truefoundryFrontendApp.envSecretName` | Secret name for the frontend app environment variables | `truefoundry-frontend-app-env-secret` | | `truefoundryFrontendApp.imagePullPolicy` | Image pull policy for the frontend app | `IfNotPresent` | | `truefoundryFrontendApp.nameOverride` | Override name for the frontend app | `""` | @@ -95,7 +95,7 @@ truefoundry is an applications that gets deployed on the kubernetes cluster to s | `mlfoundryServer.enabled` | Bool to enable the mlfoundry server | `true` | | `mlfoundryServer.tolerations` | Tolerations specific to the mlfoundry server | `{}` | | `mlfoundryServer.image.repository` | Image repository for the mlfoundry server | `tfy.jfrog.io/tfy-private-images/mlfoundry-server` | -| `mlfoundryServer.image.tag` | Image tag for the mlfoundry server | `v0.8.0` | +| `mlfoundryServer.image.tag` | Image tag for the mlfoundry server | `v0.4.0` | | `mlfoundryServer.replicaCount` | Number of replicas for the mlfoundry server | `1` | | `mlfoundryServer.environmentName` | Environment name for the mlfoundry server | `default` | | `mlfoundryServer.envSecretName` | Secret name for the mlfoundry server environment variables | `mlfoundry-server-env-secret` | @@ -132,7 +132,7 @@ truefoundry is an applications that gets deployed on the kubernetes cluster to s | `servicefoundryServer.replicaCount` | Number of replicas for the servicefoundry server | `1` | | `servicefoundryServer.global` | Global values for the servicefoundry server | `{}` | | `servicefoundryServer.image.repository` | Image repository for the servicefoundry server | `tfy.jfrog.io/tfy-private-images/servicefoundry-server` | -| `servicefoundryServer.image.tag` | Image tag for the servicefoundry server | `v0.10.0` | +| `servicefoundryServer.image.tag` | Image tag for the servicefoundry server | `v0.6.1` | | `servicefoundryServer.environmentName` | Environment name for the servicefoundry server | `default` | | `servicefoundryServer.envSecretName` | Secret name for the servicefoundry server environment variables | `servicefoundry-server-env-secret` | | `servicefoundryServer.imagePullPolicy` | Image pull policy for the servicefoundry server | `IfNotPresent` | @@ -160,9 +160,7 @@ truefoundry is an applications that gets deployed on the kubernetes cluster to s | `servicefoundryServer.imagePullSecrets` | Image pull credentials for servicefoundry server | `[]` | | `servicefoundryServer.rbac.enabled` | Enable RBAC for the servicefoundry server | `true` | | `servicefoundryServer.configs.cicdTemplates` | CICD Template for servicefoundry server | `{{ .Release.Name }}-cicd-templates-cm` | -| `servicefoundryServer.configs.workbenchImages` | Workbench Images for workbench deployments | `{{ .Release.Name }}-workbench-images-cm` | -| `servicefoundryServer.configs.imageMutationPolicy` | Image Mutations policy for workloads | `{{ .Release.Name }}-image-mutation-policy-cm` | -| `servicefoundryServer.configs.k8sManifestValidationPolicy` | K8s Manifest Validation policy for workloads | `{{ .Release.Name }}-k8s-manifest-validation-policy-cm` | +| `servicefoundryServer.configs.workbenchImages` | Workbench Images for servicefoundry server | `{{ .Release.Name }}-workbench-images-cm` | ### tfyK8sController Truefoundry tfy k8s controller values @@ -173,7 +171,7 @@ truefoundry is an applications that gets deployed on the kubernetes cluster to s | `tfyK8sController.replicaCount` | Number of replicas for the tfyK8sController | `1` | | `tfyK8sController.global` | Global values for the tfyK8sController | `{}` | | `tfyK8sController.image.repository` | Image repository for the tfyK8sController | `tfy.jfrog.io/tfy-private-images/tfy-k8s-controller` | -| `tfyK8sController.image.tag` | Image tag for the tfyK8sController | `v0.7.0` | +| `tfyK8sController.image.tag` | Image tag for the tfyK8sController | `v0.3.0` | | `tfyK8sController.environmentName` | Environment name for tfyK8sController | `default` | | `tfyK8sController.envSecretName` | Secret name for the tfyK8sController environment variables | `tfy-k8s-controller-env-secret` | | `tfyK8sController.imagePullPolicy` | Image pull policy for the tfyK8sController | `IfNotPresent` | @@ -208,7 +206,7 @@ truefoundry is an applications that gets deployed on the kubernetes cluster to s | `sfyManifestService.tolerations` | Tolerations specific to the sfy manifest service | `{}` | | `sfyManifestService.global` | Global values for the sfy manifest service | `{}` | | `sfyManifestService.image.repository` | Image repository for the sfy manifest service | `tfy.jfrog.io/tfy-private-images/sfy-manifest-service` | -| `sfyManifestService.image.tag` | Image tag for the sfy manifest service | `v0.7.0` | +| `sfyManifestService.image.tag` | Image tag for the sfy manifest service | `v0.3.0` | | `sfyManifestService.replicaCount` | Number of replicas for the sfy manifest service | `1` | | `sfyManifestService.environmentName` | Environment name for the sfy manifest service | `default` | | `sfyManifestService.envSecretName` | Secret name for the sfy manifest service environment variables | `sfy-manifest-service-env-secret` | @@ -285,66 +283,61 @@ truefoundry is an applications that gets deployed on the kubernetes cluster to s ### tfyBuild Truefoundry tfy build settings -| Name | Description | Value | -| ------------------------------------------------------------------------------- | ------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| `tfyBuild.enabled` | Bool to enable the tfyBuild server | `true` | -| `tfyBuild.global` | Global values for the tfyBuild server | `{}` | -| `tfyBuild.nameOverride` | Override name for the tfyBuild server | `""` | -| `tfyBuild.fullnameOverride` | Full name override for the tfyBuild server | `""` | -| `tfyBuild.serviceAccount.annotations` | Annotations for the tfyBuild server service account | `{}` | -| `tfyBuild.preemptibleDeployment.enabled` | Bool to enable preemptible deployment for the tfyBuild server | `false` | -| `tfyBuild.preemptibleDeployment.image.repository` | Repository for the preemptible deployment | `tfy.jfrog.io/tfy-mirror/alpine` | -| `tfyBuild.preemptibleDeployment.image.tag` | Tag for the preemptible deployment | `3.20` | -| `tfyBuild.preemptibleDeployment.imagePullSecrets` | Image pull secrets for the preemptible deployment | `[]` | -| `tfyBuild.preemptibleDeployment.affinity` | Affinity settings for the preemptible deployment | `{}` | -| `tfyBuild.preemptibleDeployment.nodeSelector` | Node selector for the preemptible deployment | `{}` | -| `tfyBuild.preemptibleDeployment.tolerations` | Tolerations for the preemptible deployment | `[]` | -| `tfyBuild.preemptibleDeployment.extraEnvs` | Extra environment variables for the tfyBuild server | `[]` | -| `tfyBuild.preemptibleDeployment.extraVolumeMounts` | Extra volume mounts for the tfyBuild server | `[]` | -| `tfyBuild.preemptibleDeployment.extraVolumes` | Extra volumes for the tfyBuild server | `[]` | -| `tfyBuild.truefoundryWorkflows.sfyBuilder.image.repository` | Repository for the sfyBuilder | `tfy.jfrog.io/tfy-images/sfy-builder` | -| `tfyBuild.truefoundryWorkflows.sfyBuilder.image.tag` | Tag for the sfyBuilder | `v0.8.2` | -| `tfyBuild.truefoundryWorkflows.sfyBuilder.imagePullSecrets` | Image pull secrets for the sfyBuilder | `[]` | -| `tfyBuild.truefoundryWorkflows.sfyBuilder.baseImagePullSecret` | baseImagePullSecret for the docker config | `""` | +| Name | Description | Value | +| ------------------------------------------------------------------------------- | ------------------------------------------------------------- | ---------------------------------------------------------------------------------------- | +| `tfyBuild.enabled` | Bool to enable the tfyBuild server | `true` | +| `tfyBuild.global` | Global values for the tfyBuild server | `{}` | +| `tfyBuild.nameOverride` | Override name for the tfyBuild server | `""` | +| `tfyBuild.fullnameOverride` | Full name override for the tfyBuild server | `""` | +| `tfyBuild.serviceAccount.annotations` | Annotations for the tfyBuild server service account | `{}` | +| `tfyBuild.preemptibleDeployment.enabled` | Bool to enable preemptible deployment for the tfyBuild server | `false` | +| `tfyBuild.preemptibleDeployment.image.repository` | Repository for the preemptible deployment | `tfy.jfrog.io/tfy-mirror/alpine` | +| `tfyBuild.preemptibleDeployment.image.tag` | Tag for the preemptible deployment | `3.20` | +| `tfyBuild.preemptibleDeployment.imagePullSecrets` | Image pull secrets for the preemptible deployment | `[]` | +| `tfyBuild.preemptibleDeployment.affinity` | Affinity settings for the preemptible deployment | `{}` | +| `tfyBuild.preemptibleDeployment.nodeSelector` | Node selector for the preemptible deployment | `{}` | +| `tfyBuild.preemptibleDeployment.tolerations` | Tolerations for the preemptible deployment | `[]` | +| `tfyBuild.preemptibleDeployment.extraEnvs` | Extra environment variables for the tfyBuild server | `[]` | +| `tfyBuild.preemptibleDeployment.extraVolumeMounts` | Extra volume mounts for the tfyBuild server | `[]` | +| `tfyBuild.preemptibleDeployment.extraVolumes` | Extra volumes for the tfyBuild server | `[]` | +| `tfyBuild.truefoundryWorkflows.sfyBuilder.image.repository` | Repository for the sfyBuilder | `tfy.jfrog.io/tfy-images/sfy-builder` | +| `tfyBuild.truefoundryWorkflows.sfyBuilder.image.tag` | Tag for the sfyBuilder | `v0.8.2` | +| `tfyBuild.truefoundryWorkflows.sfyBuilder.imagePullSecrets` | Image pull secrets for the sfyBuilder | `[]` | | `tfyBuild.truefoundryWorkflows.sfyBuilder.script` | script for the sfyBuilder to be executed | `download-code.sh registry-login.sh wait-for-builder.sh build-and-push.sh - -# This script will be executed only when all the above scripts are successfully executed. If any of the above scripts fail, this script will not be executed, and the build will be marked as failed. -update-build.sh '{"status":"SUCCEEDED"}' -` | -| `tfyBuild.truefoundryWorkflows.sfyBuilder.resources.limits.cpu` | CPU limit for the sfyBuilder | `1` | -| `tfyBuild.truefoundryWorkflows.sfyBuilder.resources.limits.ephemeral-storage` | Ephemeral storage limit for the sfyBuilder | `20Gi` | -| `tfyBuild.truefoundryWorkflows.sfyBuilder.resources.limits.memory` | Memory limit for the sfyBuilder | `2Gi` | -| `tfyBuild.truefoundryWorkflows.sfyBuilder.resources.requests.cpu` | CPU request for the sfyBuilder | `200m` | -| `tfyBuild.truefoundryWorkflows.sfyBuilder.resources.requests.ephemeral-storage` | Ephemeral storage request for the sfyBuilder | `10Gi` | -| `tfyBuild.truefoundryWorkflows.sfyBuilder.resources.requests.memory` | Memory request for the sfyBuilder | `500Mi` | -| `tfyBuild.truefoundryWorkflows.sfyBuilder.buildSecrets` | Build secrets for the sfyBuilder | `[]` | -| `tfyBuild.truefoundryWorkflows.extraEnvs` | Extra environment variables for the tfyBuild server | `[]` | -| `tfyBuild.truefoundryWorkflows.extraVolumeMounts` | Extra volume mounts for the tfyBuild server | `[]` | -| `tfyBuild.truefoundryWorkflows.extraVolumes` | Extra volumes for the tfyBuild server | `[]` | -| `tfyBuild.truefoundryWorkflows.affinity` | Affinity settings for the tfyBuild server | `{}` | -| `tfyBuild.truefoundryWorkflows.nodeSelector` | Node selector for the tfyBuild server | `{}` | -| `tfyBuild.truefoundryWorkflows.logMarkers.error` | Error log marker for the tfyBuild server | `\u001b[31m[Error]\u001b[0m` | -| `tfyBuild.truefoundryWorkflows.logMarkers.done` | Done log marker for the tfyBuild server | `\u001b[32m[Done]\u001b[0m` | -| `tfyBuild.truefoundryWorkflows.logMarkers.start` | Start log marker for the tfyBuild server | `\u001b[36m[Start]\u001b[0m` | -| `tfyBuild.truefoundryWorkflows.logMarkers.clientPrefix` | Client prefix for the tfyBuild server | `["TFY-CLIENT"]` | -| `tfyBuild.truefoundryWorkflows.logMarkers.supportSlack` | Slack support URL for the tfyBuild server | `https://join.slack.com/t/truefoundry/shared_invite/zt-11ht512jq-nDJq~HJMqc6wBw90JVlo7g` | -| `tfyBuild.truefoundryWorkflows.logMarkers.serviceFoundryUiUrl` | Service foundry UI URL | `https://app.truefoundry.com/workspace` | -| `tfyBuild.truefoundryWorkflows.sociIndexBuildAndPush.enabled` | Bool to enable SOCI index build and push | `false` | -| `tfyBuild.truefoundryWorkflows.sociIndexBuildAndPush.image.repository` | Repository for the SOCI index build and push | `tfy.jfrog.io/tfy-images/soci-index-builder` | -| `tfyBuild.truefoundryWorkflows.sociIndexBuildAndPush.image.tag` | Tag for the SOCI index build and push | `0.2.0` | -| `tfyBuild.truefoundryWorkflows.sociIndexBuildAndPush.imagePullSecrets` | Image pull secrets for the sociIndexBuildAndPush | `[]` | -| `tfyBuild.truefoundryWorkflows.sociIndexBuildAndPush.imageSizeThresholdBytes` | Image size threshold for the SOCI index build and push | `419430400` | -| `tfyBuild.truefoundryWorkflows.sociIndexBuildAndPush.extraEnvs` | Extra environment variables for the SOCI index build and push | `[]` | -| `tfyBuild.truefoundryWorkflows.sociIndexBuildAndPush.extraVolumeMounts` | Extra volume mounts for the SOCI index build and push | `[]` | -| `tfyBuild.truefoundryWorkflows.sociIndexBuildAndPush.extraVolumes` | | `[]` | -| `tfy-buildkitd-service.enabled` | Bool to enable the tfy-buildkitd service | `false` | -| `tfy-buildkitd-service.service.port` | port number for the tfy-buildkitd service | `1234` | -| `tfy-buildkitd-service.replicaCount` | Number of replicas Value kept for future use, kept 1 | `1` | -| `postgresql.auth.existingSecret` | Name of the existing secret for PostgreSQL authentication | `truefoundry-postgresql-auth-secret` | -| `postgresql.auth.database` | Name of the database for PostgreSQL | `truefoundry` | +` | +| `tfyBuild.truefoundryWorkflows.sfyBuilder.baseImagePullSecret` | Base image pull secret for the sfyBuilder | `""` | +| `tfyBuild.truefoundryWorkflows.sfyBuilder.resources.limits.cpu` | CPU limit for the sfyBuilder | `1` | +| `tfyBuild.truefoundryWorkflows.sfyBuilder.resources.limits.ephemeral-storage` | Ephemeral storage limit for the sfyBuilder | `20Gi` | +| `tfyBuild.truefoundryWorkflows.sfyBuilder.resources.limits.memory` | Memory limit for the sfyBuilder | `2Gi` | +| `tfyBuild.truefoundryWorkflows.sfyBuilder.resources.requests.cpu` | CPU request for the sfyBuilder | `200m` | +| `tfyBuild.truefoundryWorkflows.sfyBuilder.resources.requests.ephemeral-storage` | Ephemeral storage request for the sfyBuilder | `10Gi` | +| `tfyBuild.truefoundryWorkflows.sfyBuilder.resources.requests.memory` | Memory request for the sfyBuilder | `500Mi` | +| `tfyBuild.truefoundryWorkflows.sfyBuilder.buildSecrets` | Build secrets for the sfyBuilder | `[]` | +| `tfyBuild.truefoundryWorkflows.extraEnvs` | Extra environment variables for the tfyBuild server | `[]` | +| `tfyBuild.truefoundryWorkflows.extraVolumeMounts` | Extra volume mounts for the tfyBuild server | `[]` | +| `tfyBuild.truefoundryWorkflows.extraVolumes` | Extra volumes for the tfyBuild server | `[]` | +| `tfyBuild.truefoundryWorkflows.affinity` | Affinity settings for the tfyBuild server | `{}` | +| `tfyBuild.truefoundryWorkflows.nodeSelector` | Node selector for the tfyBuild server | `{}` | +| `tfyBuild.truefoundryWorkflows.logMarkers.error` | Error log marker for the tfyBuild server | `\u001b[31m[Error]\u001b[0m` | +| `tfyBuild.truefoundryWorkflows.logMarkers.done` | Done log marker for the tfyBuild server | `\u001b[32m[Done]\u001b[0m` | +| `tfyBuild.truefoundryWorkflows.logMarkers.start` | Start log marker for the tfyBuild server | `\u001b[36m[Start]\u001b[0m` | +| `tfyBuild.truefoundryWorkflows.logMarkers.clientPrefix` | Client prefix for the tfyBuild server | `["TFY-CLIENT"]` | +| `tfyBuild.truefoundryWorkflows.logMarkers.supportSlack` | Slack support URL for the tfyBuild server | `https://join.slack.com/t/truefoundry/shared_invite/zt-11ht512jq-nDJq~HJMqc6wBw90JVlo7g` | +| `tfyBuild.truefoundryWorkflows.logMarkers.serviceFoundryUiUrl` | Service foundry UI URL | `https://app.truefoundry.com/workspace` | +| `tfyBuild.truefoundryWorkflows.sociIndexBuildAndPush.enabled` | Bool to enable SOCI index build and push | `false` | +| `tfyBuild.truefoundryWorkflows.sociIndexBuildAndPush.image.repository` | Repository for the SOCI index build and push | `tfy.jfrog.io/tfy-images/soci-index-builder` | +| `tfyBuild.truefoundryWorkflows.sociIndexBuildAndPush.image.tag` | Tag for the SOCI index build and push | `0.2.0` | +| `tfyBuild.truefoundryWorkflows.sociIndexBuildAndPush.imagePullSecrets` | Image pull secrets for the sociIndexBuildAndPush | `[]` | +| `tfyBuild.truefoundryWorkflows.sociIndexBuildAndPush.imageSizeThresholdBytes` | Image size threshold for the SOCI index build and push | `419430400` | +| `tfyBuild.truefoundryWorkflows.sociIndexBuildAndPush.extraEnvs` | Extra environment variables for the SOCI index build and push | `[]` | +| `tfyBuild.truefoundryWorkflows.sociIndexBuildAndPush.extraVolumeMounts` | Extra volume mounts for the SOCI index build and push | `[]` | +| `tfyBuild.truefoundryWorkflows.sociIndexBuildAndPush.extraVolumes` | | `[]` | +| `tfy-buildkitd-service.enabled` | Bool to enable the tfy-buildkitd service | `false` | +| `postgresql.auth.existingSecret` | Name of the existing secret for PostgreSQL authentication | `truefoundry-postgresql-auth-secret` | +| `postgresql.auth.database` | Name of the database for PostgreSQL | `truefoundry` | ### tfyController Truefoundry tfy controller settings @@ -353,7 +346,7 @@ update-build.sh '{"status":"SUCCEEDED"}' | `tfyController.enabled` | Bool to enable the tfyController | `true` | | `tfyController.global` | Global values for the tfyController | `{}` | | `tfyController.image.repository` | Image repository for the tfyController | `tfy.jfrog.io/tfy-private-images/tfy-controller` | -| `tfyController.image.tag` | Image tag for the tfyController | `v0.5.0` | +| `tfyController.image.tag` | Image tag for the tfyController | `v0.2.0` | | `tfyController.environmentName` | Environment name for the tfyController | `default` | | `tfyController.envSecretName` | Secret name for the tfyController environment variables | `sfy-manifest-service-env-secret` | | `tfyController.imagePullPolicy` | Image pull policy for the tfyController | `IfNotPresent` | @@ -379,7 +372,7 @@ update-build.sh '{"status":"SUCCEEDED"}' | `tfyWorkflowAdmin.enabled` | Bool to enable the tfyWorkflowAdmin | `false` | | `tfyWorkflowAdmin.global` | Global values for the tfyWorkflowAdmin | `{}` | | `tfyWorkflowAdmin.image.repository` | Image repository for the tfyWorkflowAdmin | `tfy.jfrog.io/tfy-private-images/tfy-workflow-admin` | -| `tfyWorkflowAdmin.image.tag` | Image tag for the tfyWorkflowAdmin | `v0.5.0` | +| `tfyWorkflowAdmin.image.tag` | Image tag for the tfyWorkflowAdmin | `v0.3.0` | | `tfyWorkflowAdmin.environmentName` | Environment name for the tfyWorkflowAdmin | `default` | | `tfyWorkflowAdmin.envSecretName` | Secret name for the tfyWorkflowAdmin environment variables | `tfy-workflow-admin-env-secret` | | `tfyWorkflowAdmin.imagePullPolicy` | Image pull policy for the tfyWorkflowAdmin | `IfNotPresent` | diff --git a/charts/truefoundry/templates/bootstrap/configmap.yaml b/charts/truefoundry/templates/bootstrap/configmap.yaml index 077de292..999da082 100644 --- a/charts/truefoundry/templates/bootstrap/configmap.yaml +++ b/charts/truefoundry/templates/bootstrap/configmap.yaml @@ -38,6 +38,75 @@ data: && mv kubectl /usr/bin/ } + create_tfy_buildkit_tls_certificates_and_secrets(){ + ( + set -eu + if [[ "$INSTALL_TLS_CERTIFICATES" != "true" ]]; then + print_yellow "Skipping TLS certificate generation" + return 0 + fi + PRODUCT=tfy-buildkit + DIR=./.certs + EXPIRATION_DAYS=36500 # 100 years expiration + if kubectl get secret ${PRODUCT}-daemon-certs -n "$TRUEFOUNDRY_NAMESPACE" &> /dev/null && kubectl get secret ${PRODUCT}-client-certs -n "$TRUEFOUNDRY_NAMESPACE" &> /dev/null; then + print_green "Secrets already exist. Exiting..." + return 0 + fi + + if [[ "$#" -lt 1 ]]; then + echo "Usage: $0 SAN [SAN...]" + echo + echo "Example: $0 buildkitd.default.svc " + echo + echo "The following files will be created under ${DIR}" + echo "- daemon/{ca.pem,cert.pem,key.pem}" + echo "- client/{ca.pem,cert.pem,key.pem}" + echo "- ${PRODUCT}-daemon-certs.yaml" + echo "- ${PRODUCT}-client-certs.yaml" + echo "- SAN" + exit 1 + fi + + if ! command -v openssl >/dev/null; then + echo "Missing OpenSSL" + exit 1 + fi + + SAN1=$1 + SAN2=$2 + SAN_CLIENT=client + + mkdir -p $DIR ${DIR}/daemon ${DIR}/client + + openssl genrsa -out ${DIR}/key.pem 4096 + openssl req -x509 -nodes -new -sha256 -days $EXPIRATION_DAYS -keyout ${DIR}/key.pem -out ${DIR}/rootCA.pem -subj "/C=US/ST=CA/L=San-Francisco/O=TrueFoundry/CN=Root CA" + + + # Generate a server private key and certificate using the root CA + openssl genrsa -out ${DIR}/daemon/key.pem 4096 + openssl req -new -key ${DIR}/daemon/key.pem -out ${DIR}/daemon/csr.pem -subj "/C=US/ST=CA/L=San-Francisco/O=TrueFoundry/CN=server" + openssl x509 -req -in ${DIR}/daemon/csr.pem -CA ${DIR}/rootCA.pem -CAkey ${DIR}/key.pem -CAcreateserial -out ${DIR}/daemon/cert.pem -days $EXPIRATION_DAYS -extfile <(printf "subjectAltName=DNS:%s, DNS:%s,IP:0.0.0.0" "$SAN1" "$SAN2") + + # Generate a client private key and certificate using the root CA + openssl genrsa -out ${DIR}/client/key.pem 4096 + openssl req -new -key ${DIR}/client/key.pem -out ${DIR}/client/csr.pem -subj "/C=US/ST=CA/L=San-Francisco/O=TrueFoundry/CN=$SAN_CLIENT" + openssl x509 -req -in ${DIR}/client/csr.pem -CA ${DIR}/rootCA.pem -CAkey ${DIR}/key.pem -CAcreateserial -out ${DIR}/client/cert.pem -days $EXPIRATION_DAYS + + # Copy the root CA certificates + cp -f ${DIR}/rootCA.pem ${DIR}/daemon/ca.pem + cp -f ${DIR}/rootCA.pem ${DIR}/client/ca.pem + rm -f ${DIR}/daemon/csr.pem ${DIR}/client/csr.pem + rm -f ${DIR}/rootCA.pem ${DIR}/key.pem + + # Create Kubernetes secrets + kubectl create secret generic ${PRODUCT}-daemon-certs -n truefoundry --dry-run=client -o yaml --from-file=${DIR}/daemon > $DIR/${PRODUCT}-daemon-certs.yaml + kubectl create secret generic ${PRODUCT}-client-certs -n truefoundry --dry-run=client -o yaml --from-file=${DIR}/client > $DIR/${PRODUCT}-client-certs.yaml + + kubectl apply -f $DIR/${PRODUCT}-daemon-certs.yaml + kubectl apply -f $DIR/${PRODUCT}-client-certs.yaml + ) + } + migrate_nats_seed_to_dedicated_secret() { # Get the value of NATS_CONTROLPLANE_ACCOUNT_SEED from the secret NATS_SEED=$(kubectl -n $TRUEFOUNDRY_NAMESPACE get secret servicefoundry-server-env-secret -o jsonpath='{.data.NATS_CONTROLPLANE_ACCOUNT_SEED}' | base64 --decode) @@ -82,6 +151,7 @@ data: fi install_binaries + create_tfy_buildkit_tls_certificates_and_secrets *.{{ include "tfy-buildkitd.buildkitdServiceName" . }}.$TRUEFOUNDRY_NAMESPACE.svc.cluster.local *.$TRUEFOUNDRY_NAMESPACE.svc.cluster.local kubectl -n $TRUEFOUNDRY_NAMESPACE get cm $TRUEFOUNDRY_NATS_CONFIGMAP if [ $? -eq 0 ]; then diff --git a/charts/truefoundry/templates/bootstrap/job.yaml b/charts/truefoundry/templates/bootstrap/job.yaml index d3f3932a..69252905 100644 --- a/charts/truefoundry/templates/bootstrap/job.yaml +++ b/charts/truefoundry/templates/bootstrap/job.yaml @@ -25,6 +25,8 @@ spec: value: "{{ .Values.truefoundryBootstrap.natsConfigmapName }}" - name: TRUEFOUNDRY_NAMESPACE value: "{{ .Release.Namespace }}" + - name: INSTALL_TLS_CERTIFICATES + value: "{{ .Values.truefoundryBootstrap.createdBuildkitServiceTlsCerts }}" {{- range $val := .Values.truefoundryBootstrap.extraEnvVars }} - name: {{ $val.name }} value: {{ $val.value }} diff --git a/charts/truefoundry/templates/tfy-build/build-workflow-workflow-template.yaml b/charts/truefoundry/templates/tfy-build/build-workflow-workflow-template.yaml index 0111dab2..e1ec29bd 100644 --- a/charts/truefoundry/templates/tfy-build/build-workflow-workflow-template.yaml +++ b/charts/truefoundry/templates/tfy-build/build-workflow-workflow-template.yaml @@ -422,6 +422,11 @@ spec: - key: .dockerconfigjson path: base_config.json secretName: {{ .Values.tfyBuild.truefoundryWorkflows.sfyBuilder.baseImagePullSecret }} + {{- end }} + {{- if index .Values "tfy-buildkitd-service" "tls" "enabled" }} + - name: buildkit-client-cert + secret: + secretName: {{ index .Values "tfy-buildkitd-service" "tls" "buildkitClientCertsSecretName" }} {{- end }} - name: scripts projected: @@ -482,6 +487,10 @@ spec: - name: truefoundry-docker-config mountPath: /root/.truefoundry/.docker/ {{- end }} + {{- if index .Values "tfy-buildkitd-service" "tls" "enabled" }} + - name: buildkit-client-cert + mountPath: "/etc/buildkit/certs/" + {{- end }} {{- range $value := .Values.tfyBuild.truefoundryWorkflows.sfyBuilder.buildSecrets }} - name: {{ $value.id | replace "." "-" }} mountPath: "/truefoundry-build-secrets/" diff --git a/charts/truefoundry/tfy-build-scripts/build-and-push.sh b/charts/truefoundry/tfy-build-scripts/build-and-push.sh index dfd13787..708eeac8 100644 --- a/charts/truefoundry/tfy-build-scripts/build-and-push.sh +++ b/charts/truefoundry/tfy-build-scripts/build-and-push.sh @@ -11,10 +11,17 @@ printf "\033[36m[Start]\033[0m Building and pushing the docker container. Please IMAGE="$DOCKER_REGISTRY_URL/$DOCKER_REPO" TAG=$DOCKER_TAG +BUILDKIT_CERTS_PATH="/etc/buildkit/certs" printf "\033[36m[==== Docker logs start ====]\033[0m\n" -docker buildx create --name remote-kubernetes --driver remote tcp://"$BUILDKIT_SERVICE_URL" +BUILDX_CREATE_ARGS="--name remote-kubernetes --driver remote tcp://${BUILDKIT_SERVICE_URL}" + +if [[ -d "$BUILDKIT_CERTS_PATH" ]]; then + BUILDX_CREATE_ARGS="${BUILDX_CREATE_ARGS} --driver-opt key=${BUILDKIT_CERTS_PATH}/key.pem,cert=${BUILDKIT_CERTS_PATH}/cert.pem,cacert=${BUILDKIT_CERTS_PATH}/ca.pem" +fi + +docker buildx create ${BUILDX_CREATE_ARGS} if [ -d "$SOURCE_CODE_DOWNLOAD_PATH" ]; then cd "$SOURCE_CODE_DOWNLOAD_PATH" diff --git a/charts/truefoundry/tfy-build-scripts/update-build.sh b/charts/truefoundry/tfy-build-scripts/update-build.sh index 63df7b20..eb84640a 100755 --- a/charts/truefoundry/tfy-build-scripts/update-build.sh +++ b/charts/truefoundry/tfy-build-scripts/update-build.sh @@ -53,6 +53,7 @@ if [[ "$status" != "null" ]]; then echo "Updating build status to $status" fi +echo "Final payload: $FINAL_PAYLOAD" curl --no-progress-meter --show-error -X "PATCH" \ -H "Content-Type: application/json" \ -d "$FINAL_PAYLOAD" \ diff --git a/charts/truefoundry/values.yaml b/charts/truefoundry/values.yaml index 9cb465f4..8c6b0b02 100644 --- a/charts/truefoundry/values.yaml +++ b/charts/truefoundry/values.yaml @@ -15,7 +15,7 @@ global: ## @param global.controlPlaneURL URL of the control plane controlPlaneURL: "http://truefoundry-truefoundry-frontend-app.truefoundry.svc.cluster.local:5000" ## @param global.controlPlaneChartVersion Version of control-plane chart - controlPlaneChartVersion: 0.10.0 + controlPlaneChartVersion: 0.11.0 # If you have an existing truefoundry-creds secret, provide the name here. # This will ignore `.global.database` and `.global.tfyApiKey` values. ## @param global.existingTruefoundryCredsSecret Name of the existing truefoundry creds secret @@ -83,6 +83,8 @@ truefoundryBootstrap: ## @param truefoundryBootstrap.imagePullSecrets Image pull secrets for the bootstrap container ## imagePullSecrets: [] + ## @param truefoundryBootstrap.createdBuildkitServiceTlsCerts Bool to install TLS certificates + createdBuildkitServiceTlsCerts: "false" ################################################################################################################### ####################################### Truefoundry Frontend App ################################################## ################################################################################################################### @@ -101,7 +103,7 @@ truefoundryFrontendApp: ## @param truefoundryFrontendApp.image.repository Image repository for the frontend app repository: "tfy.jfrog.io/tfy-private-images/truefoundry-frontend-app" ## @param truefoundryFrontendApp.image.tag Image tag for the frontend app - tag: "v0.9.0" + tag: "v0.10.0" ## @param truefoundryFrontendApp.envSecretName Secret name for the frontend app environment variables envSecretName: truefoundry-frontend-app-env-secret ## @param truefoundryFrontendApp.imagePullPolicy Image pull policy for the frontend app @@ -388,7 +390,7 @@ servicefoundryServer: ## @param servicefoundryServer.image.repository Image repository for the servicefoundry server repository: "tfy.jfrog.io/tfy-private-images/servicefoundry-server" ## @param servicefoundryServer.image.tag Image tag for the servicefoundry server - tag: "v0.10.0" + tag: "v0.11.0" ## @param servicefoundryServer.environmentName Environment name for the servicefoundry server environmentName: default ## @param servicefoundryServer.envSecretName Secret name for the servicefoundry server environment variables @@ -476,6 +478,7 @@ servicefoundryServer: TFY_BUILD_LOGS_URL: "{{ .Values.global.controlPlaneURL }}/api/svc" TFY_BUILD_WS_URL: "{{ .Values.global.controlPlaneURL }}" AUTH_SERVER_URL: https://auth.truefoundry.com + CONTROL_PLANE_VERSION: "{{ .Values.global.controlPlaneChartVersion }}" TENANT_NAME: "{{ .Values.global.tenantName }}" MANIFEST_SERVICE_URL: http://{{ .Release.Name }}-sfy-manifest-service.{{ .Release.Namespace }}.svc.cluster.local:8080 MLFOUNDRY_SERVER_URL: http://{{ .Release.Name }}-mlfoundry-server.{{ .Release.Namespace }}.svc.cluster.local:5000 @@ -538,7 +541,7 @@ tfyK8sController: ## @param tfyK8sController.image.repository Image repository for the tfyK8sController repository: "tfy.jfrog.io/tfy-private-images/tfy-k8s-controller" ## @param tfyK8sController.image.tag Image tag for the tfyK8sController - tag: "v0.7.0" + tag: "v0.8.0" ## @param tfyK8sController.environmentName Environment name for tfyK8sController environmentName: default ## @param tfyK8sController.envSecretName Secret name for the tfyK8sController environment variables @@ -630,7 +633,7 @@ sfyManifestService: ## @param sfyManifestService.image.repository Image repository for the sfy manifest service repository: "tfy.jfrog.io/tfy-private-images/sfy-manifest-service" ## @param sfyManifestService.image.tag Image tag for the sfy manifest service - tag: "v0.7.0" + tag: "v0.8.0" ## @param sfyManifestService.replicaCount Number of replicas for the sfy manifest service replicaCount: 1 ## @param sfyManifestService.environmentName Environment name for the sfy manifest service @@ -1035,6 +1038,11 @@ tfy-buildkitd-service: port: 1234 ## @param tfy-buildkitd-service.replicaCount Number of replicas Value kept for future use, kept 1 replicaCount: 1 + tls: + ## @param tfy-buildkitd-service.tls.enabled Enable TLS for the tfy-buildkitd service + enabled: false + ## @param tfy-buildkitd-service.tls.buildkitClientCertsSecretName Name of the secret containing the TLS certificate + buildkitClientCertsSecretName: "tfy-buildkit-client-certs" # To further configure the local postgres installation use the following section. # During cleanup, make sure to remove any stray pvc that might be created. ## postgresql Settings corresponding to the postgresql database @@ -1076,7 +1084,7 @@ tfyController: ## @param tfyController.image.repository Image repository for the tfyController repository: tfy.jfrog.io/tfy-private-images/tfy-controller ## @param tfyController.image.tag Image tag for the tfyController - tag: v0.5.0 + tag: v0.6.0 ## @param tfyController.environmentName Environment name for the tfyController environmentName: default ## @param tfyController.envSecretName Secret name for the tfyController environment variables From 61cb40450216b0bb2fe9fddd58bd7bcc4690184f Mon Sep 17 00:00:00 2001 From: innoavator Date: Mon, 11 Nov 2024 13:37:42 +0000 Subject: [PATCH 2/2] Update README.md with readme-generator-for-helm Signed-off-by: innoavator --- charts/truefoundry/README.md | 156 +++++++++++++++++++---------------- 1 file changed, 83 insertions(+), 73 deletions(-) diff --git a/charts/truefoundry/README.md b/charts/truefoundry/README.md index 4a7a90f4..cda0829c 100644 --- a/charts/truefoundry/README.md +++ b/charts/truefoundry/README.md @@ -11,7 +11,7 @@ truefoundry is an applications that gets deployed on the kubernetes cluster to s | `global.truefoundryImagePullConfigJSON` | JSON config for image pull secret | `""` | | `global.tenantName` | Name of the tenant | `""` | | `global.controlPlaneURL` | URL of the control plane | `http://truefoundry-truefoundry-frontend-app.truefoundry.svc.cluster.local:5000` | -| `global.controlPlaneChartVersion` | Version of control-plane chart | `0.6.2` | +| `global.controlPlaneChartVersion` | Version of control-plane chart | `0.11.0` | | `global.existingTruefoundryCredsSecret` | Name of the existing truefoundry creds secret | `""` | | `global.database.host` | Control plane database hostname when dev mode is not enabled | `""` | | `global.database.name` | Control plane database name when dev mode is not enabled | `""` | @@ -23,19 +23,20 @@ truefoundry is an applications that gets deployed on the kubernetes cluster to s ### Truefoundry bootstrap values -| Name | Description | Value | -| ---------------------------------------- | ------------------------------------------------------- | ---------------------------------------- | -| `truefoundryBootstrap.enabled` | Bool to enable truefoundry bootstrap | `true` | -| `truefoundryBootstrap.image.repository` | Truefoundry bootstrap image repository | `tfy.jfrog.io/tfy-mirror/library/ubuntu` | -| `truefoundryBootstrap.image.tag` | Truefoundry bootstrap image tag | `latest` | -| `truefoundryBootstrap.natsConfigmapName` | Truefoundry nats configmap name | `nats-accounts` | -| `truefoundryBootstrap.extraEnvVars` | Extra environment variables for the bootstrap container | `[]` | -| `truefoundryBootstrap.extraVolumeMounts` | Extra volume mounts for the bootstrap container | `[]` | -| `truefoundryBootstrap.extraVolumes` | Extra volumes for the bootstrap container | `[]` | -| `truefoundryBootstrap.affinity` | Affinity for the bootstrap container | `{}` | -| `truefoundryBootstrap.nodeSelector` | Node selector for the bootstrap container | `{}` | -| `truefoundryBootstrap.tolerations` | Tolerations specific to the bootstrap container | `{}` | -| `truefoundryBootstrap.imagePullSecrets` | Image pull secrets for the bootstrap container | `[]` | +| Name | Description | Value | +| ----------------------------------------------------- | ------------------------------------------------------- | ---------------------------------------- | +| `truefoundryBootstrap.enabled` | Bool to enable truefoundry bootstrap | `true` | +| `truefoundryBootstrap.image.repository` | Truefoundry bootstrap image repository | `tfy.jfrog.io/tfy-mirror/library/ubuntu` | +| `truefoundryBootstrap.image.tag` | Truefoundry bootstrap image tag | `latest` | +| `truefoundryBootstrap.natsConfigmapName` | Truefoundry nats configmap name | `nats-accounts` | +| `truefoundryBootstrap.extraEnvVars` | Extra environment variables for the bootstrap container | `[]` | +| `truefoundryBootstrap.extraVolumeMounts` | Extra volume mounts for the bootstrap container | `[]` | +| `truefoundryBootstrap.extraVolumes` | Extra volumes for the bootstrap container | `[]` | +| `truefoundryBootstrap.affinity` | Affinity for the bootstrap container | `{}` | +| `truefoundryBootstrap.nodeSelector` | Node selector for the bootstrap container | `{}` | +| `truefoundryBootstrap.tolerations` | Tolerations specific to the bootstrap container | `{}` | +| `truefoundryBootstrap.imagePullSecrets` | Image pull secrets for the bootstrap container | `[]` | +| `truefoundryBootstrap.createdBuildkitServiceTlsCerts` | Bool to install TLS certificates | `false` | ### Truefoundry Frontend App values @@ -46,7 +47,7 @@ truefoundry is an applications that gets deployed on the kubernetes cluster to s | `truefoundryFrontendApp.replicaCount` | Number of replicas for the frontend app | `1` | | `truefoundryFrontendApp.global` | Global values for the frontend app | `{}` | | `truefoundryFrontendApp.image.repository` | Image repository for the frontend app | `tfy.jfrog.io/tfy-private-images/truefoundry-frontend-app` | -| `truefoundryFrontendApp.image.tag` | Image tag for the frontend app | `v0.5.1` | +| `truefoundryFrontendApp.image.tag` | Image tag for the frontend app | `v0.10.0` | | `truefoundryFrontendApp.envSecretName` | Secret name for the frontend app environment variables | `truefoundry-frontend-app-env-secret` | | `truefoundryFrontendApp.imagePullPolicy` | Image pull policy for the frontend app | `IfNotPresent` | | `truefoundryFrontendApp.nameOverride` | Override name for the frontend app | `""` | @@ -95,7 +96,7 @@ truefoundry is an applications that gets deployed on the kubernetes cluster to s | `mlfoundryServer.enabled` | Bool to enable the mlfoundry server | `true` | | `mlfoundryServer.tolerations` | Tolerations specific to the mlfoundry server | `{}` | | `mlfoundryServer.image.repository` | Image repository for the mlfoundry server | `tfy.jfrog.io/tfy-private-images/mlfoundry-server` | -| `mlfoundryServer.image.tag` | Image tag for the mlfoundry server | `v0.4.0` | +| `mlfoundryServer.image.tag` | Image tag for the mlfoundry server | `v0.8.0` | | `mlfoundryServer.replicaCount` | Number of replicas for the mlfoundry server | `1` | | `mlfoundryServer.environmentName` | Environment name for the mlfoundry server | `default` | | `mlfoundryServer.envSecretName` | Secret name for the mlfoundry server environment variables | `mlfoundry-server-env-secret` | @@ -132,7 +133,7 @@ truefoundry is an applications that gets deployed on the kubernetes cluster to s | `servicefoundryServer.replicaCount` | Number of replicas for the servicefoundry server | `1` | | `servicefoundryServer.global` | Global values for the servicefoundry server | `{}` | | `servicefoundryServer.image.repository` | Image repository for the servicefoundry server | `tfy.jfrog.io/tfy-private-images/servicefoundry-server` | -| `servicefoundryServer.image.tag` | Image tag for the servicefoundry server | `v0.6.1` | +| `servicefoundryServer.image.tag` | Image tag for the servicefoundry server | `v0.11.0` | | `servicefoundryServer.environmentName` | Environment name for the servicefoundry server | `default` | | `servicefoundryServer.envSecretName` | Secret name for the servicefoundry server environment variables | `servicefoundry-server-env-secret` | | `servicefoundryServer.imagePullPolicy` | Image pull policy for the servicefoundry server | `IfNotPresent` | @@ -160,7 +161,9 @@ truefoundry is an applications that gets deployed on the kubernetes cluster to s | `servicefoundryServer.imagePullSecrets` | Image pull credentials for servicefoundry server | `[]` | | `servicefoundryServer.rbac.enabled` | Enable RBAC for the servicefoundry server | `true` | | `servicefoundryServer.configs.cicdTemplates` | CICD Template for servicefoundry server | `{{ .Release.Name }}-cicd-templates-cm` | -| `servicefoundryServer.configs.workbenchImages` | Workbench Images for servicefoundry server | `{{ .Release.Name }}-workbench-images-cm` | +| `servicefoundryServer.configs.workbenchImages` | Workbench Images for workbench deployments | `{{ .Release.Name }}-workbench-images-cm` | +| `servicefoundryServer.configs.imageMutationPolicy` | Image Mutations policy for workloads | `{{ .Release.Name }}-image-mutation-policy-cm` | +| `servicefoundryServer.configs.k8sManifestValidationPolicy` | K8s Manifest Validation policy for workloads | `{{ .Release.Name }}-k8s-manifest-validation-policy-cm` | ### tfyK8sController Truefoundry tfy k8s controller values @@ -171,7 +174,7 @@ truefoundry is an applications that gets deployed on the kubernetes cluster to s | `tfyK8sController.replicaCount` | Number of replicas for the tfyK8sController | `1` | | `tfyK8sController.global` | Global values for the tfyK8sController | `{}` | | `tfyK8sController.image.repository` | Image repository for the tfyK8sController | `tfy.jfrog.io/tfy-private-images/tfy-k8s-controller` | -| `tfyK8sController.image.tag` | Image tag for the tfyK8sController | `v0.3.0` | +| `tfyK8sController.image.tag` | Image tag for the tfyK8sController | `v0.8.0` | | `tfyK8sController.environmentName` | Environment name for tfyK8sController | `default` | | `tfyK8sController.envSecretName` | Secret name for the tfyK8sController environment variables | `tfy-k8s-controller-env-secret` | | `tfyK8sController.imagePullPolicy` | Image pull policy for the tfyK8sController | `IfNotPresent` | @@ -206,7 +209,7 @@ truefoundry is an applications that gets deployed on the kubernetes cluster to s | `sfyManifestService.tolerations` | Tolerations specific to the sfy manifest service | `{}` | | `sfyManifestService.global` | Global values for the sfy manifest service | `{}` | | `sfyManifestService.image.repository` | Image repository for the sfy manifest service | `tfy.jfrog.io/tfy-private-images/sfy-manifest-service` | -| `sfyManifestService.image.tag` | Image tag for the sfy manifest service | `v0.3.0` | +| `sfyManifestService.image.tag` | Image tag for the sfy manifest service | `v0.8.0` | | `sfyManifestService.replicaCount` | Number of replicas for the sfy manifest service | `1` | | `sfyManifestService.environmentName` | Environment name for the sfy manifest service | `default` | | `sfyManifestService.envSecretName` | Secret name for the sfy manifest service environment variables | `sfy-manifest-service-env-secret` | @@ -283,61 +286,68 @@ truefoundry is an applications that gets deployed on the kubernetes cluster to s ### tfyBuild Truefoundry tfy build settings -| Name | Description | Value | -| ------------------------------------------------------------------------------- | ------------------------------------------------------------- | ---------------------------------------------------------------------------------------- | -| `tfyBuild.enabled` | Bool to enable the tfyBuild server | `true` | -| `tfyBuild.global` | Global values for the tfyBuild server | `{}` | -| `tfyBuild.nameOverride` | Override name for the tfyBuild server | `""` | -| `tfyBuild.fullnameOverride` | Full name override for the tfyBuild server | `""` | -| `tfyBuild.serviceAccount.annotations` | Annotations for the tfyBuild server service account | `{}` | -| `tfyBuild.preemptibleDeployment.enabled` | Bool to enable preemptible deployment for the tfyBuild server | `false` | -| `tfyBuild.preemptibleDeployment.image.repository` | Repository for the preemptible deployment | `tfy.jfrog.io/tfy-mirror/alpine` | -| `tfyBuild.preemptibleDeployment.image.tag` | Tag for the preemptible deployment | `3.20` | -| `tfyBuild.preemptibleDeployment.imagePullSecrets` | Image pull secrets for the preemptible deployment | `[]` | -| `tfyBuild.preemptibleDeployment.affinity` | Affinity settings for the preemptible deployment | `{}` | -| `tfyBuild.preemptibleDeployment.nodeSelector` | Node selector for the preemptible deployment | `{}` | -| `tfyBuild.preemptibleDeployment.tolerations` | Tolerations for the preemptible deployment | `[]` | -| `tfyBuild.preemptibleDeployment.extraEnvs` | Extra environment variables for the tfyBuild server | `[]` | -| `tfyBuild.preemptibleDeployment.extraVolumeMounts` | Extra volume mounts for the tfyBuild server | `[]` | -| `tfyBuild.preemptibleDeployment.extraVolumes` | Extra volumes for the tfyBuild server | `[]` | -| `tfyBuild.truefoundryWorkflows.sfyBuilder.image.repository` | Repository for the sfyBuilder | `tfy.jfrog.io/tfy-images/sfy-builder` | -| `tfyBuild.truefoundryWorkflows.sfyBuilder.image.tag` | Tag for the sfyBuilder | `v0.8.2` | -| `tfyBuild.truefoundryWorkflows.sfyBuilder.imagePullSecrets` | Image pull secrets for the sfyBuilder | `[]` | +| Name | Description | Value | +| ------------------------------------------------------------------------------- | ------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| `tfyBuild.enabled` | Bool to enable the tfyBuild server | `true` | +| `tfyBuild.global` | Global values for the tfyBuild server | `{}` | +| `tfyBuild.nameOverride` | Override name for the tfyBuild server | `""` | +| `tfyBuild.fullnameOverride` | Full name override for the tfyBuild server | `""` | +| `tfyBuild.serviceAccount.annotations` | Annotations for the tfyBuild server service account | `{}` | +| `tfyBuild.preemptibleDeployment.enabled` | Bool to enable preemptible deployment for the tfyBuild server | `false` | +| `tfyBuild.preemptibleDeployment.image.repository` | Repository for the preemptible deployment | `tfy.jfrog.io/tfy-mirror/alpine` | +| `tfyBuild.preemptibleDeployment.image.tag` | Tag for the preemptible deployment | `3.20` | +| `tfyBuild.preemptibleDeployment.imagePullSecrets` | Image pull secrets for the preemptible deployment | `[]` | +| `tfyBuild.preemptibleDeployment.affinity` | Affinity settings for the preemptible deployment | `{}` | +| `tfyBuild.preemptibleDeployment.nodeSelector` | Node selector for the preemptible deployment | `{}` | +| `tfyBuild.preemptibleDeployment.tolerations` | Tolerations for the preemptible deployment | `[]` | +| `tfyBuild.preemptibleDeployment.extraEnvs` | Extra environment variables for the tfyBuild server | `[]` | +| `tfyBuild.preemptibleDeployment.extraVolumeMounts` | Extra volume mounts for the tfyBuild server | `[]` | +| `tfyBuild.preemptibleDeployment.extraVolumes` | Extra volumes for the tfyBuild server | `[]` | +| `tfyBuild.truefoundryWorkflows.sfyBuilder.image.repository` | Repository for the sfyBuilder | `tfy.jfrog.io/tfy-images/sfy-builder` | +| `tfyBuild.truefoundryWorkflows.sfyBuilder.image.tag` | Tag for the sfyBuilder | `v0.8.2` | +| `tfyBuild.truefoundryWorkflows.sfyBuilder.imagePullSecrets` | Image pull secrets for the sfyBuilder | `[]` | +| `tfyBuild.truefoundryWorkflows.sfyBuilder.baseImagePullSecret` | baseImagePullSecret for the docker config | `""` | | `tfyBuild.truefoundryWorkflows.sfyBuilder.script` | script for the sfyBuilder to be executed | `download-code.sh registry-login.sh wait-for-builder.sh build-and-push.sh -` | -| `tfyBuild.truefoundryWorkflows.sfyBuilder.baseImagePullSecret` | Base image pull secret for the sfyBuilder | `""` | -| `tfyBuild.truefoundryWorkflows.sfyBuilder.resources.limits.cpu` | CPU limit for the sfyBuilder | `1` | -| `tfyBuild.truefoundryWorkflows.sfyBuilder.resources.limits.ephemeral-storage` | Ephemeral storage limit for the sfyBuilder | `20Gi` | -| `tfyBuild.truefoundryWorkflows.sfyBuilder.resources.limits.memory` | Memory limit for the sfyBuilder | `2Gi` | -| `tfyBuild.truefoundryWorkflows.sfyBuilder.resources.requests.cpu` | CPU request for the sfyBuilder | `200m` | -| `tfyBuild.truefoundryWorkflows.sfyBuilder.resources.requests.ephemeral-storage` | Ephemeral storage request for the sfyBuilder | `10Gi` | -| `tfyBuild.truefoundryWorkflows.sfyBuilder.resources.requests.memory` | Memory request for the sfyBuilder | `500Mi` | -| `tfyBuild.truefoundryWorkflows.sfyBuilder.buildSecrets` | Build secrets for the sfyBuilder | `[]` | -| `tfyBuild.truefoundryWorkflows.extraEnvs` | Extra environment variables for the tfyBuild server | `[]` | -| `tfyBuild.truefoundryWorkflows.extraVolumeMounts` | Extra volume mounts for the tfyBuild server | `[]` | -| `tfyBuild.truefoundryWorkflows.extraVolumes` | Extra volumes for the tfyBuild server | `[]` | -| `tfyBuild.truefoundryWorkflows.affinity` | Affinity settings for the tfyBuild server | `{}` | -| `tfyBuild.truefoundryWorkflows.nodeSelector` | Node selector for the tfyBuild server | `{}` | -| `tfyBuild.truefoundryWorkflows.logMarkers.error` | Error log marker for the tfyBuild server | `\u001b[31m[Error]\u001b[0m` | -| `tfyBuild.truefoundryWorkflows.logMarkers.done` | Done log marker for the tfyBuild server | `\u001b[32m[Done]\u001b[0m` | -| `tfyBuild.truefoundryWorkflows.logMarkers.start` | Start log marker for the tfyBuild server | `\u001b[36m[Start]\u001b[0m` | -| `tfyBuild.truefoundryWorkflows.logMarkers.clientPrefix` | Client prefix for the tfyBuild server | `["TFY-CLIENT"]` | -| `tfyBuild.truefoundryWorkflows.logMarkers.supportSlack` | Slack support URL for the tfyBuild server | `https://join.slack.com/t/truefoundry/shared_invite/zt-11ht512jq-nDJq~HJMqc6wBw90JVlo7g` | -| `tfyBuild.truefoundryWorkflows.logMarkers.serviceFoundryUiUrl` | Service foundry UI URL | `https://app.truefoundry.com/workspace` | -| `tfyBuild.truefoundryWorkflows.sociIndexBuildAndPush.enabled` | Bool to enable SOCI index build and push | `false` | -| `tfyBuild.truefoundryWorkflows.sociIndexBuildAndPush.image.repository` | Repository for the SOCI index build and push | `tfy.jfrog.io/tfy-images/soci-index-builder` | -| `tfyBuild.truefoundryWorkflows.sociIndexBuildAndPush.image.tag` | Tag for the SOCI index build and push | `0.2.0` | -| `tfyBuild.truefoundryWorkflows.sociIndexBuildAndPush.imagePullSecrets` | Image pull secrets for the sociIndexBuildAndPush | `[]` | -| `tfyBuild.truefoundryWorkflows.sociIndexBuildAndPush.imageSizeThresholdBytes` | Image size threshold for the SOCI index build and push | `419430400` | -| `tfyBuild.truefoundryWorkflows.sociIndexBuildAndPush.extraEnvs` | Extra environment variables for the SOCI index build and push | `[]` | -| `tfyBuild.truefoundryWorkflows.sociIndexBuildAndPush.extraVolumeMounts` | Extra volume mounts for the SOCI index build and push | `[]` | -| `tfyBuild.truefoundryWorkflows.sociIndexBuildAndPush.extraVolumes` | | `[]` | -| `tfy-buildkitd-service.enabled` | Bool to enable the tfy-buildkitd service | `false` | -| `postgresql.auth.existingSecret` | Name of the existing secret for PostgreSQL authentication | `truefoundry-postgresql-auth-secret` | -| `postgresql.auth.database` | Name of the database for PostgreSQL | `truefoundry` | + +# This script will be executed only when all the above scripts are successfully executed. If any of the above scripts fail, this script will not be executed, and the build will be marked as failed. +update-build.sh '{"status":"SUCCEEDED"}' +` | +| `tfyBuild.truefoundryWorkflows.sfyBuilder.resources.limits.cpu` | CPU limit for the sfyBuilder | `1` | +| `tfyBuild.truefoundryWorkflows.sfyBuilder.resources.limits.ephemeral-storage` | Ephemeral storage limit for the sfyBuilder | `20Gi` | +| `tfyBuild.truefoundryWorkflows.sfyBuilder.resources.limits.memory` | Memory limit for the sfyBuilder | `2Gi` | +| `tfyBuild.truefoundryWorkflows.sfyBuilder.resources.requests.cpu` | CPU request for the sfyBuilder | `200m` | +| `tfyBuild.truefoundryWorkflows.sfyBuilder.resources.requests.ephemeral-storage` | Ephemeral storage request for the sfyBuilder | `10Gi` | +| `tfyBuild.truefoundryWorkflows.sfyBuilder.resources.requests.memory` | Memory request for the sfyBuilder | `500Mi` | +| `tfyBuild.truefoundryWorkflows.sfyBuilder.buildSecrets` | Build secrets for the sfyBuilder | `[]` | +| `tfyBuild.truefoundryWorkflows.extraEnvs` | Extra environment variables for the tfyBuild server | `[]` | +| `tfyBuild.truefoundryWorkflows.extraVolumeMounts` | Extra volume mounts for the tfyBuild server | `[]` | +| `tfyBuild.truefoundryWorkflows.extraVolumes` | Extra volumes for the tfyBuild server | `[]` | +| `tfyBuild.truefoundryWorkflows.affinity` | Affinity settings for the tfyBuild server | `{}` | +| `tfyBuild.truefoundryWorkflows.nodeSelector` | Node selector for the tfyBuild server | `{}` | +| `tfyBuild.truefoundryWorkflows.logMarkers.error` | Error log marker for the tfyBuild server | `\u001b[31m[Error]\u001b[0m` | +| `tfyBuild.truefoundryWorkflows.logMarkers.done` | Done log marker for the tfyBuild server | `\u001b[32m[Done]\u001b[0m` | +| `tfyBuild.truefoundryWorkflows.logMarkers.start` | Start log marker for the tfyBuild server | `\u001b[36m[Start]\u001b[0m` | +| `tfyBuild.truefoundryWorkflows.logMarkers.clientPrefix` | Client prefix for the tfyBuild server | `["TFY-CLIENT"]` | +| `tfyBuild.truefoundryWorkflows.logMarkers.supportSlack` | Slack support URL for the tfyBuild server | `https://join.slack.com/t/truefoundry/shared_invite/zt-11ht512jq-nDJq~HJMqc6wBw90JVlo7g` | +| `tfyBuild.truefoundryWorkflows.logMarkers.serviceFoundryUiUrl` | Service foundry UI URL | `https://app.truefoundry.com/workspace` | +| `tfyBuild.truefoundryWorkflows.sociIndexBuildAndPush.enabled` | Bool to enable SOCI index build and push | `false` | +| `tfyBuild.truefoundryWorkflows.sociIndexBuildAndPush.image.repository` | Repository for the SOCI index build and push | `tfy.jfrog.io/tfy-images/soci-index-builder` | +| `tfyBuild.truefoundryWorkflows.sociIndexBuildAndPush.image.tag` | Tag for the SOCI index build and push | `0.2.0` | +| `tfyBuild.truefoundryWorkflows.sociIndexBuildAndPush.imagePullSecrets` | Image pull secrets for the sociIndexBuildAndPush | `[]` | +| `tfyBuild.truefoundryWorkflows.sociIndexBuildAndPush.imageSizeThresholdBytes` | Image size threshold for the SOCI index build and push | `419430400` | +| `tfyBuild.truefoundryWorkflows.sociIndexBuildAndPush.extraEnvs` | Extra environment variables for the SOCI index build and push | `[]` | +| `tfyBuild.truefoundryWorkflows.sociIndexBuildAndPush.extraVolumeMounts` | Extra volume mounts for the SOCI index build and push | `[]` | +| `tfyBuild.truefoundryWorkflows.sociIndexBuildAndPush.extraVolumes` | | `[]` | +| `tfy-buildkitd-service.enabled` | Bool to enable the tfy-buildkitd service | `false` | +| `tfy-buildkitd-service.service.port` | port number for the tfy-buildkitd service | `1234` | +| `tfy-buildkitd-service.replicaCount` | Number of replicas Value kept for future use, kept 1 | `1` | +| `tfy-buildkitd-service.tls.enabled` | Enable TLS for the tfy-buildkitd service | `false` | +| `tfy-buildkitd-service.tls.buildkitClientCertsSecretName` | Name of the secret containing the TLS certificate | `tfy-buildkit-client-certs` | +| `postgresql.auth.existingSecret` | Name of the existing secret for PostgreSQL authentication | `truefoundry-postgresql-auth-secret` | +| `postgresql.auth.database` | Name of the database for PostgreSQL | `truefoundry` | ### tfyController Truefoundry tfy controller settings @@ -346,7 +356,7 @@ build-and-push.sh | `tfyController.enabled` | Bool to enable the tfyController | `true` | | `tfyController.global` | Global values for the tfyController | `{}` | | `tfyController.image.repository` | Image repository for the tfyController | `tfy.jfrog.io/tfy-private-images/tfy-controller` | -| `tfyController.image.tag` | Image tag for the tfyController | `v0.2.0` | +| `tfyController.image.tag` | Image tag for the tfyController | `v0.6.0` | | `tfyController.environmentName` | Environment name for the tfyController | `default` | | `tfyController.envSecretName` | Secret name for the tfyController environment variables | `sfy-manifest-service-env-secret` | | `tfyController.imagePullPolicy` | Image pull policy for the tfyController | `IfNotPresent` | @@ -372,7 +382,7 @@ build-and-push.sh | `tfyWorkflowAdmin.enabled` | Bool to enable the tfyWorkflowAdmin | `false` | | `tfyWorkflowAdmin.global` | Global values for the tfyWorkflowAdmin | `{}` | | `tfyWorkflowAdmin.image.repository` | Image repository for the tfyWorkflowAdmin | `tfy.jfrog.io/tfy-private-images/tfy-workflow-admin` | -| `tfyWorkflowAdmin.image.tag` | Image tag for the tfyWorkflowAdmin | `v0.3.0` | +| `tfyWorkflowAdmin.image.tag` | Image tag for the tfyWorkflowAdmin | `v0.5.0` | | `tfyWorkflowAdmin.environmentName` | Environment name for the tfyWorkflowAdmin | `default` | | `tfyWorkflowAdmin.envSecretName` | Secret name for the tfyWorkflowAdmin environment variables | `tfy-workflow-admin-env-secret` | | `tfyWorkflowAdmin.imagePullPolicy` | Image pull policy for the tfyWorkflowAdmin | `IfNotPresent` |