From 4d36ae146d627853a9cc23acbeecc4f9a186b5ce Mon Sep 17 00:00:00 2001 From: Philip Kotliyakov Date: Mon, 25 Aug 2025 07:05:53 +0300 Subject: [PATCH 01/38] add parsing of the new single namespace var to cm and env var --- .../cap-app-proxy/_all_resources.yaml | 2 ++ .../_components/cap-app-proxy/_config.yaml | 1 + .../cap-app-proxy/argo-cd/_all.yaml | 3 ++ .../cap-app-proxy/argo-cd/_role.yaml | 28 +++++++++++++++++++ .../cap-app-proxy/argo-cd/_rolebinding.yaml | 20 +++++++++++++ .../_main-container.yaml | 7 +++++ .../_components/gitops-operator/_env.yaml | 1 + .../gitops-operator/crds/_all.yaml | 2 ++ .../gitops-operator/rbac/_all.yaml | 2 ++ .../templates/codefresh-cm.yaml | 1 + charts/gitops-runtime/values.yaml | 2 ++ 11 files changed, 69 insertions(+) create mode 100644 charts/gitops-runtime/templates/_components/cap-app-proxy/argo-cd/_all.yaml create mode 100644 charts/gitops-runtime/templates/_components/cap-app-proxy/argo-cd/_role.yaml create mode 100644 charts/gitops-runtime/templates/_components/cap-app-proxy/argo-cd/_rolebinding.yaml diff --git a/charts/gitops-runtime/templates/_components/cap-app-proxy/_all_resources.yaml b/charts/gitops-runtime/templates/_components/cap-app-proxy/_all_resources.yaml index 479914c47..ff455cf52 100644 --- a/charts/gitops-runtime/templates/_components/cap-app-proxy/_all_resources.yaml +++ b/charts/gitops-runtime/templates/_components/cap-app-proxy/_all_resources.yaml @@ -10,4 +10,6 @@ {{ include "cap-app-proxy.resources.service" . }} --- {{ include "cap-app-proxy.resources.sa" .}} +--- + {{ include "argo-cd.namespaced-rbac.all" . }} {{- end }} \ No newline at end of file diff --git a/charts/gitops-runtime/templates/_components/cap-app-proxy/_config.yaml b/charts/gitops-runtime/templates/_components/cap-app-proxy/_config.yaml index 7751eb84e..7160728f6 100644 --- a/charts/gitops-runtime/templates/_components/cap-app-proxy/_config.yaml +++ b/charts/gitops-runtime/templates/_components/cap-app-proxy/_config.yaml @@ -11,6 +11,7 @@ env: {{ .Values.config.env | quote}} isConfigurationRuntime: {{ .Values.global.runtime.isConfigurationRuntime | quote }} isExternalArgoCD: {{ .Values.global.runtime.isExternalArgoCD | quote }} runtimeName: {{ required "global.runtime.name is required" .Values.global.runtime.name | quote}} +runtimeSingleNamespace: {{ .Values.app-proxy.singleNamespace | quote }} skipGitPermissionValidation: {{ .Values.config.skipGitPermissionValidation | quote }} logLevel: {{ .Values.config.logLevel | quote }} {{- $enrichmentValues := get .Values "image-enrichment" }} diff --git a/charts/gitops-runtime/templates/_components/cap-app-proxy/argo-cd/_all.yaml b/charts/gitops-runtime/templates/_components/cap-app-proxy/argo-cd/_all.yaml new file mode 100644 index 000000000..1cc7a7024 --- /dev/null +++ b/charts/gitops-runtime/templates/_components/cap-app-proxy/argo-cd/_all.yaml @@ -0,0 +1,3 @@ +{{- include "argo-cd.namespaced-rbac.role" . }} +--- +{{- include "argo-cd.namespaced-rbac.rolebinding" . }} \ No newline at end of file diff --git a/charts/gitops-runtime/templates/_components/cap-app-proxy/argo-cd/_role.yaml b/charts/gitops-runtime/templates/_components/cap-app-proxy/argo-cd/_role.yaml new file mode 100644 index 000000000..7a7a97ef2 --- /dev/null +++ b/charts/gitops-runtime/templates/_components/cap-app-proxy/argo-cd/_role.yaml @@ -0,0 +1,28 @@ +{{- if .Values.app-proxy.singleNamespace }} +{{- define "argo-cd.namespaced-rbac.role" }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: argocd-namespaced-role + namespace: {{ .Release.Namespace }} + labels: + {{- include "codefresh-gitops-runtime.labels" . | nindent 4 }} + codefresh.io/component: argocd-namespaced-rbac +rules: +- apiGroups: [""] + resources: ["pods", "services", "endpoints", "persistentvolumeclaims", "events", "configmaps", "secrets", "serviceaccounts"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] +- apiGroups: ["apps"] + resources: ["deployments", "replicasets", "statefulsets", "daemonsets"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] +- apiGroups: ["batch"] + resources: ["jobs", "cronjobs"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] +- apiGroups: ["networking.k8s.io"] + resources: ["ingresses", "networkpolicies"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] +- apiGroups: ["rbac.authorization.k8s.io"] + resources: ["roles", "rolebindings"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/gitops-runtime/templates/_components/cap-app-proxy/argo-cd/_rolebinding.yaml b/charts/gitops-runtime/templates/_components/cap-app-proxy/argo-cd/_rolebinding.yaml new file mode 100644 index 000000000..32a593f91 --- /dev/null +++ b/charts/gitops-runtime/templates/_components/cap-app-proxy/argo-cd/_rolebinding.yaml @@ -0,0 +1,20 @@ +{{- if .Values.app-proxy.singleNamespace }} +{{- define "argo-cd.namespaced-rbac.rolebinding" }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: argocd-namespaced-rolebinding + namespace: {{ .Release.Namespace }} + labels: + {{- include "codefresh-gitops-runtime.labels" . | nindent 4 }} + codefresh.io/component: argocd-namespaced-rbac +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: argocd-namespaced-role +subjects: +- kind: ServiceAccount + name: default + namespace: {{ .Release.Namespace }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/gitops-runtime/templates/_components/cap-app-proxy/environment-variables/_main-container.yaml b/charts/gitops-runtime/templates/_components/cap-app-proxy/environment-variables/_main-container.yaml index f59f769ef..b00b6afb9 100644 --- a/charts/gitops-runtime/templates/_components/cap-app-proxy/environment-variables/_main-container.yaml +++ b/charts/gitops-runtime/templates/_components/cap-app-proxy/environment-variables/_main-container.yaml @@ -109,6 +109,12 @@ RUNTIME_NAME: configMapKeyRef: name: cap-app-proxy-cm key: runtimeName +RUNTIME_SINGLE_NAMESPACE: + valueFrom: + configMapKeyRef: + name: cap-app-proxy-cm + key: runtimeSingleNamespace + optional: true RUNTIME_TOKEN: valueFrom: secretKeyRef: @@ -210,6 +216,7 @@ IRW_JIRA_ENRICHMENT_TASK_IMAGE: name: cap-app-proxy-cm key: enrichmentJiraEnrichmentImage optional: true + NODE_EXTRA_CA_CERTS: /app/config/all/all.cer {{- if gt (int .Values.replicaCount) 1 }} LEADER_ID: diff --git a/charts/gitops-runtime/templates/_components/gitops-operator/_env.yaml b/charts/gitops-runtime/templates/_components/gitops-operator/_env.yaml index f2e10f745..113062c01 100644 --- a/charts/gitops-runtime/templates/_components/gitops-operator/_env.yaml +++ b/charts/gitops-runtime/templates/_components/gitops-operator/_env.yaml @@ -15,6 +15,7 @@ COMMIT_STATUS_POLLING_INTERVAL: {{ .Values.config.commitStatusPollingInterval }} WORKFLOW_MONITOR_POLLING_INTERVAL: {{ .Values.config.workflowMonitorPollingInterval }} MAX_CONCURRENT_RELEASES: {{ .Values.config.maxConcurrentReleases }} PROMOTION_WRAPPER_TEMPLATE: {{ .Values.config.promotionWrapperTemplate | quote }} +RUNTIME_SINGLE_NAMESPACE: {{ .Values.app-proxy.singleNamespace }} {{- end }} {{- define "gitops-operator.resources.environment-variables.defaults" -}} diff --git a/charts/gitops-runtime/templates/_components/gitops-operator/crds/_all.yaml b/charts/gitops-runtime/templates/_components/gitops-operator/crds/_all.yaml index 956c1b6fc..22474c18a 100644 --- a/charts/gitops-runtime/templates/_components/gitops-operator/crds/_all.yaml +++ b/charts/gitops-runtime/templates/_components/gitops-operator/crds/_all.yaml @@ -14,7 +14,9 @@ --- {{- include "gitops-operator.crds.product" $context }} --- + {{- if not .Values.app-proxy.singleNamespace }} {{- include "gitops-operator.crds.restricted-gitsource" $context }} + {{- end }} --- {{- include "gitops-operator.crds.promotion-policy" $context }} {{- end }} diff --git a/charts/gitops-runtime/templates/_components/gitops-operator/rbac/_all.yaml b/charts/gitops-runtime/templates/_components/gitops-operator/rbac/_all.yaml index 8760f4220..f0054a81b 100644 --- a/charts/gitops-runtime/templates/_components/gitops-operator/rbac/_all.yaml +++ b/charts/gitops-runtime/templates/_components/gitops-operator/rbac/_all.yaml @@ -13,7 +13,9 @@ --- {{- include "gitops-operator.resources.leader-election-rbac" $context }} --- + {{- if not .Values.app-proxy.singleNamespace }} {{- include "gitops-operator.resources.restricted-git-source-rbac" $context }} + {{- end }} --- {{- include "gitops-operator.resources.rbac-operator" $context }} {{- end }} diff --git a/charts/gitops-runtime/templates/codefresh-cm.yaml b/charts/gitops-runtime/templates/codefresh-cm.yaml index d070c4d67..17ecd2771 100644 --- a/charts/gitops-runtime/templates/codefresh-cm.yaml +++ b/charts/gitops-runtime/templates/codefresh-cm.yaml @@ -15,4 +15,5 @@ data: ingressController: {{ .Values.global.runtime.ingress.className | default "" | quote }} ingressHost: {{ include "codefresh-gitops-runtime.ingress-url" . }} isConfigurationRuntime: {{ .Values.global.runtime.isConfigurationRuntime | quote }} + singleNamespace: {{ .Values.app-proxy.singleNamespace | quote }} version: {{ .Chart.AppVersion }} \ No newline at end of file diff --git a/charts/gitops-runtime/values.yaml b/charts/gitops-runtime/values.yaml index f4ce382c1..225ae8487 100644 --- a/charts/gitops-runtime/values.yaml +++ b/charts/gitops-runtime/values.yaml @@ -518,6 +518,8 @@ tunnel-client: #----------------------------------------------------------------------------------------------------------------------- app-proxy: replicaCount: 1 + # -- Runtime single namespace mode. When true, runtime operates in single namespace scope. + singleNamespace: false # -- Image enrichment process configuration image-enrichment: # -- Enable or disable enrichment process. Please note that for enrichemnt, argo-workflows has to be enabled as well. From 6ba02be184540df4d8d67be60ccf5676fa5b1645 Mon Sep 17 00:00:00 2001 From: Philip Kotliyakov Date: Mon, 25 Aug 2025 07:25:28 +0300 Subject: [PATCH 02/38] fixed parsing --- .../templates/_components/cap-app-proxy/_config.yaml | 2 +- .../templates/_components/cap-app-proxy/argo-cd/_role.yaml | 2 +- .../_components/cap-app-proxy/argo-cd/_rolebinding.yaml | 2 +- .../templates/_components/gitops-operator/_env.yaml | 2 +- .../templates/_components/gitops-operator/rbac/_all.yaml | 2 +- charts/gitops-runtime/templates/codefresh-cm.yaml | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/charts/gitops-runtime/templates/_components/cap-app-proxy/_config.yaml b/charts/gitops-runtime/templates/_components/cap-app-proxy/_config.yaml index 7160728f6..5937d907a 100644 --- a/charts/gitops-runtime/templates/_components/cap-app-proxy/_config.yaml +++ b/charts/gitops-runtime/templates/_components/cap-app-proxy/_config.yaml @@ -11,7 +11,7 @@ env: {{ .Values.config.env | quote}} isConfigurationRuntime: {{ .Values.global.runtime.isConfigurationRuntime | quote }} isExternalArgoCD: {{ .Values.global.runtime.isExternalArgoCD | quote }} runtimeName: {{ required "global.runtime.name is required" .Values.global.runtime.name | quote}} -runtimeSingleNamespace: {{ .Values.app-proxy.singleNamespace | quote }} +runtimeSingleNamespace: {{ (get .Values "app-proxy").singleNamespace | quote }} skipGitPermissionValidation: {{ .Values.config.skipGitPermissionValidation | quote }} logLevel: {{ .Values.config.logLevel | quote }} {{- $enrichmentValues := get .Values "image-enrichment" }} diff --git a/charts/gitops-runtime/templates/_components/cap-app-proxy/argo-cd/_role.yaml b/charts/gitops-runtime/templates/_components/cap-app-proxy/argo-cd/_role.yaml index 7a7a97ef2..4249910a9 100644 --- a/charts/gitops-runtime/templates/_components/cap-app-proxy/argo-cd/_role.yaml +++ b/charts/gitops-runtime/templates/_components/cap-app-proxy/argo-cd/_role.yaml @@ -1,4 +1,4 @@ -{{- if .Values.app-proxy.singleNamespace }} +{{- if (get .Values "app-proxy").singleNamespace }} {{- define "argo-cd.namespaced-rbac.role" }} apiVersion: rbac.authorization.k8s.io/v1 kind: Role diff --git a/charts/gitops-runtime/templates/_components/cap-app-proxy/argo-cd/_rolebinding.yaml b/charts/gitops-runtime/templates/_components/cap-app-proxy/argo-cd/_rolebinding.yaml index 32a593f91..9e505deaf 100644 --- a/charts/gitops-runtime/templates/_components/cap-app-proxy/argo-cd/_rolebinding.yaml +++ b/charts/gitops-runtime/templates/_components/cap-app-proxy/argo-cd/_rolebinding.yaml @@ -1,4 +1,4 @@ -{{- if .Values.app-proxy.singleNamespace }} +{{- if (get .Values "app-proxy").singleNamespace }} {{- define "argo-cd.namespaced-rbac.rolebinding" }} apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding diff --git a/charts/gitops-runtime/templates/_components/gitops-operator/_env.yaml b/charts/gitops-runtime/templates/_components/gitops-operator/_env.yaml index 113062c01..1321e06c5 100644 --- a/charts/gitops-runtime/templates/_components/gitops-operator/_env.yaml +++ b/charts/gitops-runtime/templates/_components/gitops-operator/_env.yaml @@ -15,7 +15,7 @@ COMMIT_STATUS_POLLING_INTERVAL: {{ .Values.config.commitStatusPollingInterval }} WORKFLOW_MONITOR_POLLING_INTERVAL: {{ .Values.config.workflowMonitorPollingInterval }} MAX_CONCURRENT_RELEASES: {{ .Values.config.maxConcurrentReleases }} PROMOTION_WRAPPER_TEMPLATE: {{ .Values.config.promotionWrapperTemplate | quote }} -RUNTIME_SINGLE_NAMESPACE: {{ .Values.app-proxy.singleNamespace }} +RUNTIME_SINGLE_NAMESPACE: {{ (get .Values "app-proxy").singleNamespace }} {{- end }} {{- define "gitops-operator.resources.environment-variables.defaults" -}} diff --git a/charts/gitops-runtime/templates/_components/gitops-operator/rbac/_all.yaml b/charts/gitops-runtime/templates/_components/gitops-operator/rbac/_all.yaml index f0054a81b..db0a7c7ae 100644 --- a/charts/gitops-runtime/templates/_components/gitops-operator/rbac/_all.yaml +++ b/charts/gitops-runtime/templates/_components/gitops-operator/rbac/_all.yaml @@ -13,7 +13,7 @@ --- {{- include "gitops-operator.resources.leader-election-rbac" $context }} --- - {{- if not .Values.app-proxy.singleNamespace }} + {{- if not (get .Values "app-proxy").singleNamespace }} {{- include "gitops-operator.resources.restricted-git-source-rbac" $context }} {{- end }} --- diff --git a/charts/gitops-runtime/templates/codefresh-cm.yaml b/charts/gitops-runtime/templates/codefresh-cm.yaml index 17ecd2771..3fba68b95 100644 --- a/charts/gitops-runtime/templates/codefresh-cm.yaml +++ b/charts/gitops-runtime/templates/codefresh-cm.yaml @@ -15,5 +15,5 @@ data: ingressController: {{ .Values.global.runtime.ingress.className | default "" | quote }} ingressHost: {{ include "codefresh-gitops-runtime.ingress-url" . }} isConfigurationRuntime: {{ .Values.global.runtime.isConfigurationRuntime | quote }} - singleNamespace: {{ .Values.app-proxy.singleNamespace | quote }} + singleNamespace: {{ (get .Values "app-proxy").singleNamespace | quote }} version: {{ .Chart.AppVersion }} \ No newline at end of file From f9298b42c105f18b956e9d3abdf9e435936cd620 Mon Sep 17 00:00:00 2001 From: Philip Kotliyakov Date: Mon, 25 Aug 2025 07:29:50 +0300 Subject: [PATCH 03/38] minor parsing fix --- .../templates/_components/gitops-operator/crds/_all.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/gitops-runtime/templates/_components/gitops-operator/crds/_all.yaml b/charts/gitops-runtime/templates/_components/gitops-operator/crds/_all.yaml index 22474c18a..d7d598f9b 100644 --- a/charts/gitops-runtime/templates/_components/gitops-operator/crds/_all.yaml +++ b/charts/gitops-runtime/templates/_components/gitops-operator/crds/_all.yaml @@ -14,7 +14,7 @@ --- {{- include "gitops-operator.crds.product" $context }} --- - {{- if not .Values.app-proxy.singleNamespace }} + {{- if not (get .Values "app-proxy").singleNamespace }} {{- include "gitops-operator.crds.restricted-gitsource" $context }} {{- end }} --- From 8f6ee5ae57fe6e32d142c7ab62d6480aa71b2fef Mon Sep 17 00:00:00 2001 From: Philip Kotliyakov Date: Mon, 25 Aug 2025 07:37:36 +0300 Subject: [PATCH 04/38] fixed conditional including of role and role binding --- .../templates/_components/cap-app-proxy/argo-cd/_all.yaml | 4 +++- .../templates/_components/cap-app-proxy/argo-cd/_role.yaml | 2 -- .../_components/cap-app-proxy/argo-cd/_rolebinding.yaml | 2 -- 3 files changed, 3 insertions(+), 5 deletions(-) diff --git a/charts/gitops-runtime/templates/_components/cap-app-proxy/argo-cd/_all.yaml b/charts/gitops-runtime/templates/_components/cap-app-proxy/argo-cd/_all.yaml index 1cc7a7024..1506617b6 100644 --- a/charts/gitops-runtime/templates/_components/cap-app-proxy/argo-cd/_all.yaml +++ b/charts/gitops-runtime/templates/_components/cap-app-proxy/argo-cd/_all.yaml @@ -1,3 +1,5 @@ +{{- if (get .Values "app-proxy").singleNamespace }} {{- include "argo-cd.namespaced-rbac.role" . }} --- -{{- include "argo-cd.namespaced-rbac.rolebinding" . }} \ No newline at end of file +{{- include "argo-cd.namespaced-rbac.rolebinding" . }} +{{- end }} \ No newline at end of file diff --git a/charts/gitops-runtime/templates/_components/cap-app-proxy/argo-cd/_role.yaml b/charts/gitops-runtime/templates/_components/cap-app-proxy/argo-cd/_role.yaml index 4249910a9..9d1389646 100644 --- a/charts/gitops-runtime/templates/_components/cap-app-proxy/argo-cd/_role.yaml +++ b/charts/gitops-runtime/templates/_components/cap-app-proxy/argo-cd/_role.yaml @@ -1,4 +1,3 @@ -{{- if (get .Values "app-proxy").singleNamespace }} {{- define "argo-cd.namespaced-rbac.role" }} apiVersion: rbac.authorization.k8s.io/v1 kind: Role @@ -24,5 +23,4 @@ rules: - apiGroups: ["rbac.authorization.k8s.io"] resources: ["roles", "rolebindings"] verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] -{{- end }} {{- end }} \ No newline at end of file diff --git a/charts/gitops-runtime/templates/_components/cap-app-proxy/argo-cd/_rolebinding.yaml b/charts/gitops-runtime/templates/_components/cap-app-proxy/argo-cd/_rolebinding.yaml index 9e505deaf..7d320d7ac 100644 --- a/charts/gitops-runtime/templates/_components/cap-app-proxy/argo-cd/_rolebinding.yaml +++ b/charts/gitops-runtime/templates/_components/cap-app-proxy/argo-cd/_rolebinding.yaml @@ -1,4 +1,3 @@ -{{- if (get .Values "app-proxy").singleNamespace }} {{- define "argo-cd.namespaced-rbac.rolebinding" }} apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding @@ -16,5 +15,4 @@ subjects: - kind: ServiceAccount name: default namespace: {{ .Release.Namespace }} -{{- end }} {{- end }} \ No newline at end of file From 42316ee36a4b71380cb36366e71c343ecc888956 Mon Sep 17 00:00:00 2001 From: Philip Kotliyakov Date: Mon, 25 Aug 2025 07:42:05 +0300 Subject: [PATCH 05/38] added app-proxy context --- charts/gitops-runtime/templates/gitops-operator/deployment.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/charts/gitops-runtime/templates/gitops-operator/deployment.yaml b/charts/gitops-runtime/templates/gitops-operator/deployment.yaml index 81b566099..6038cbbca 100644 --- a/charts/gitops-runtime/templates/gitops-operator/deployment.yaml +++ b/charts/gitops-runtime/templates/gitops-operator/deployment.yaml @@ -5,6 +5,7 @@ {{- $_ := set $context "Values" $vals }} {{- $_ := set $context.Values "global" (deepCopy (get .Values "global")) }} +{{- $_ := set $context.Values "app-proxy" (deepCopy (get .Values "app-proxy")) }} {{- if and (not (index .Values "argo-cd" "enabled")) }} {{- if and (eq (index .Values "global" "external-argo-cd" "auth" "type") "token") }} From 15cf3b9f3d23bfa26f224ee03b7113049a389331 Mon Sep 17 00:00:00 2001 From: Philip Kotliyakov Date: Mon, 25 Aug 2025 07:50:52 +0300 Subject: [PATCH 06/38] fixed something --- .../templates/_components/cap-app-proxy/_config.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/gitops-runtime/templates/_components/cap-app-proxy/_config.yaml b/charts/gitops-runtime/templates/_components/cap-app-proxy/_config.yaml index 5937d907a..e615c50d1 100644 --- a/charts/gitops-runtime/templates/_components/cap-app-proxy/_config.yaml +++ b/charts/gitops-runtime/templates/_components/cap-app-proxy/_config.yaml @@ -11,7 +11,7 @@ env: {{ .Values.config.env | quote}} isConfigurationRuntime: {{ .Values.global.runtime.isConfigurationRuntime | quote }} isExternalArgoCD: {{ .Values.global.runtime.isExternalArgoCD | quote }} runtimeName: {{ required "global.runtime.name is required" .Values.global.runtime.name | quote}} -runtimeSingleNamespace: {{ (get .Values "app-proxy").singleNamespace | quote }} +runtimeSingleNamespace: {{ .Values.singleNamespace | quote }} skipGitPermissionValidation: {{ .Values.config.skipGitPermissionValidation | quote }} logLevel: {{ .Values.config.logLevel | quote }} {{- $enrichmentValues := get .Values "image-enrichment" }} From cc4e909a3a60b118c03889955b5e9f0492ea7fed Mon Sep 17 00:00:00 2001 From: Philip Kotliyakov Date: Mon, 25 Aug 2025 09:12:37 +0300 Subject: [PATCH 07/38] added argocd-manager service account --- .../_components/cap-app-proxy/argo-cd/_all.yaml | 2 ++ .../cap-app-proxy/argo-cd/_rolebinding.yaml | 2 +- .../cap-app-proxy/argo-cd/_serviceaccount.yaml | 10 ++++++++++ 3 files changed, 13 insertions(+), 1 deletion(-) create mode 100644 charts/gitops-runtime/templates/_components/cap-app-proxy/argo-cd/_serviceaccount.yaml diff --git a/charts/gitops-runtime/templates/_components/cap-app-proxy/argo-cd/_all.yaml b/charts/gitops-runtime/templates/_components/cap-app-proxy/argo-cd/_all.yaml index 1506617b6..d731eadeb 100644 --- a/charts/gitops-runtime/templates/_components/cap-app-proxy/argo-cd/_all.yaml +++ b/charts/gitops-runtime/templates/_components/cap-app-proxy/argo-cd/_all.yaml @@ -1,4 +1,6 @@ {{- if (get .Values "app-proxy").singleNamespace }} +{{- include "argo-cd.namespaced-rbac.serviceaccount" . }} +--- {{- include "argo-cd.namespaced-rbac.role" . }} --- {{- include "argo-cd.namespaced-rbac.rolebinding" . }} diff --git a/charts/gitops-runtime/templates/_components/cap-app-proxy/argo-cd/_rolebinding.yaml b/charts/gitops-runtime/templates/_components/cap-app-proxy/argo-cd/_rolebinding.yaml index 7d320d7ac..28c529499 100644 --- a/charts/gitops-runtime/templates/_components/cap-app-proxy/argo-cd/_rolebinding.yaml +++ b/charts/gitops-runtime/templates/_components/cap-app-proxy/argo-cd/_rolebinding.yaml @@ -13,6 +13,6 @@ roleRef: name: argocd-namespaced-role subjects: - kind: ServiceAccount - name: default + name: argocd-manager namespace: {{ .Release.Namespace }} {{- end }} \ No newline at end of file diff --git a/charts/gitops-runtime/templates/_components/cap-app-proxy/argo-cd/_serviceaccount.yaml b/charts/gitops-runtime/templates/_components/cap-app-proxy/argo-cd/_serviceaccount.yaml new file mode 100644 index 000000000..1f94e491e --- /dev/null +++ b/charts/gitops-runtime/templates/_components/cap-app-proxy/argo-cd/_serviceaccount.yaml @@ -0,0 +1,10 @@ +{{- define "argo-cd.namespaced-rbac.serviceaccount" }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: argocd-manager + namespace: {{ .Release.Namespace }} + labels: + {{- include "codefresh-gitops-runtime.labels" . | nindent 4 }} + codefresh.io/component: argocd-namespaced-rbac +{{- end }} From 2992e7b870ce76d0932046d74c68e384f6675a4d Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Fri, 25 Jul 2025 11:04:57 +0300 Subject: [PATCH 08/38] feat: multi runtime install From 986923e9d14311eef00b730e85db9afc86d4f3d1 Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Fri, 25 Jul 2025 17:26:20 +0300 Subject: [PATCH 09/38] feat: multi runtime install --- charts/gitops-runtime/Chart.yaml | 1 + .../cf-argocd-extras/event-reporter/_rbac.yaml | 12 ++++++++++++ .../_components/gitops-operator/_default_values.tpl | 3 +++ .../gitops-operator/promotion-template/_rbac.yaml | 6 +++--- .../gitops-operator/rbac/_auth_proxy_rbac.yaml | 6 +++--- .../gitops-operator/rbac/_rbac_operator.yaml | 12 +++++++----- .../rbac/_restricted_git_source.rbac.yaml | 2 ++ charts/gitops-runtime/templates/_helpers.tpl | 7 +++++-- .../templates/app-proxy/workflows-crb.yaml | 4 ++-- charts/gitops-runtime/values.yaml | 5 ++++- 10 files changed, 42 insertions(+), 16 deletions(-) diff --git a/charts/gitops-runtime/Chart.yaml b/charts/gitops-runtime/Chart.yaml index 87f386914..63f3be20d 100644 --- a/charts/gitops-runtime/Chart.yaml +++ b/charts/gitops-runtime/Chart.yaml @@ -37,6 +37,7 @@ dependencies: - name: sealed-secrets repository: https://bitnami-labs.github.io/sealed-secrets/ version: 2.17.2 + condition: sealed-secrets.enabled - name: codefresh-tunnel-client repository: oci://quay.io/codefresh/charts version: 0.1.21 diff --git a/charts/gitops-runtime/templates/_components/cf-argocd-extras/event-reporter/_rbac.yaml b/charts/gitops-runtime/templates/_components/cf-argocd-extras/event-reporter/_rbac.yaml index 64cd6d27e..6049e633f 100644 --- a/charts/gitops-runtime/templates/_components/cf-argocd-extras/event-reporter/_rbac.yaml +++ b/charts/gitops-runtime/templates/_components/cf-argocd-extras/event-reporter/_rbac.yaml @@ -11,6 +11,18 @@ {{/* Workaround to NOT change label selectors from previous runtime release when event-reporter was part of cf-argocd-extras Subchart */}} {{- $_ := set $context.Values "nameOverride" "cf-argocd-extras" }} +{{/* Remove nonResourceURLs when RBAC is namespaced */}} +{{- $rules := $context.Values.rbac.rules }} +{{- if $context.Values.rbac.namespaced }} + {{- $rules = list }} + {{- range $context.Values.rbac.rules }} + {{- if not .nonResourceURLs }} + {{- $rules = append $rules . }} + {{- end }} + {{- end }} +{{- end }} +{{- $_ := set $context.Values.rbac "rules" $rules }} + {{- $templateName := printf "cf-common-%s.rbac" (index .Subcharts "cf-common").Chart.Version }} {{- include $templateName $context }} diff --git a/charts/gitops-runtime/templates/_components/gitops-operator/_default_values.tpl b/charts/gitops-runtime/templates/_components/gitops-operator/_default_values.tpl index dd552eb82..58ece9658 100644 --- a/charts/gitops-runtime/templates/_components/gitops-operator/_default_values.tpl +++ b/charts/gitops-runtime/templates/_components/gitops-operator/_default_values.tpl @@ -14,6 +14,9 @@ global: replicaCount: 1 +# -- Restrict the gitops operator to a single namespace (by the namespace of Helm release) +singleNamespace: false + # -- Codefresh gitops operator crds crds: # -- Whether or not to install CRDs diff --git a/charts/gitops-runtime/templates/_components/gitops-operator/promotion-template/_rbac.yaml b/charts/gitops-runtime/templates/_components/gitops-operator/promotion-template/_rbac.yaml index 0f2d1f3e3..812ae1dd5 100644 --- a/charts/gitops-runtime/templates/_components/gitops-operator/promotion-template/_rbac.yaml +++ b/charts/gitops-runtime/templates/_components/gitops-operator/promotion-template/_rbac.yaml @@ -1,7 +1,7 @@ {{- define "gitops-operator.resources.promotion-template-rbac" }} apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole +kind: {{ .Values.singleNamespace | ternary "Role" "ClusterRole" }} metadata: labels: {{- include "gitops-operator.selectorLabels" . | nindent 4 }} @@ -45,14 +45,14 @@ rules: --- apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding +kind: {{ .Values.singleNamespace | ternary "RoleBinding" "ClusterRoleBinding" }} metadata: labels: {{- include "gitops-operator.selectorLabels" . | nindent 4 }} name: promotion-template roleRef: apiGroup: rbac.authorization.k8s.io - kind: ClusterRole + kind: {{ .Values.singleNamespace | ternary "Role" "ClusterRole" }} name: promotion-template subjects: - kind: ServiceAccount diff --git a/charts/gitops-runtime/templates/_components/gitops-operator/rbac/_auth_proxy_rbac.yaml b/charts/gitops-runtime/templates/_components/gitops-operator/rbac/_auth_proxy_rbac.yaml index 4ec54d311..96f470301 100644 --- a/charts/gitops-runtime/templates/_components/gitops-operator/rbac/_auth_proxy_rbac.yaml +++ b/charts/gitops-runtime/templates/_components/gitops-operator/rbac/_auth_proxy_rbac.yaml @@ -1,7 +1,7 @@ {{- define "gitops-operator.resources.auth-proxy-rbac" }} apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole +kind: {{ .Values.singleNamespace | ternary "Role" "ClusterRole" }} metadata: labels: {{- include "gitops-operator.selectorLabels" . | nindent 4 }} @@ -22,14 +22,14 @@ rules: --- apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding +kind: {{ .Values.singleNamespace | ternary "RoleBinding" "ClusterRoleBinding" }} metadata: labels: {{- include "gitops-operator.selectorLabels" . | nindent 4 }} name: codefresh-gitops-operator-proxy roleRef: apiGroup: rbac.authorization.k8s.io - kind: ClusterRole + kind: {{ .Values.singleNamespace | ternary "Role" "ClusterRole" }} name: codefresh-gitops-operator-proxy subjects: - kind: ServiceAccount diff --git a/charts/gitops-runtime/templates/_components/gitops-operator/rbac/_rbac_operator.yaml b/charts/gitops-runtime/templates/_components/gitops-operator/rbac/_rbac_operator.yaml index 38df174ba..268326004 100644 --- a/charts/gitops-runtime/templates/_components/gitops-operator/rbac/_rbac_operator.yaml +++ b/charts/gitops-runtime/templates/_components/gitops-operator/rbac/_rbac_operator.yaml @@ -1,7 +1,7 @@ {{- define "gitops-operator.resources.rbac-operator" }} apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole +kind: {{ .Values.singleNamespace | ternary "Role" "ClusterRole" }} metadata: labels: {{- include "gitops-operator.selectorLabels" . | nindent 4 }} @@ -26,6 +26,7 @@ rules: - patch - update - watch +{{- if not .Values.singleNamespace }} - apiGroups: - codefresh.io resources: @@ -52,6 +53,7 @@ rules: - get - patch - update +{{- end }} - apiGroups: - "" resources: @@ -72,14 +74,14 @@ rules: --- apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding +kind: {{ .Values.singleNamespace | ternary "RoleBinding" "ClusterRoleBinding" }} metadata: labels: {{- include "gitops-operator.selectorLabels" . | nindent 4 }} name: codefresh-gitops-operator roleRef: apiGroup: rbac.authorization.k8s.io - kind: ClusterRole + kind: {{ .Values.singleNamespace | ternary "Role" "ClusterRole" }} name: codefresh-gitops-operator subjects: - kind: ServiceAccount @@ -87,14 +89,14 @@ subjects: namespace: {{ .Release.Namespace }} --- apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding +kind: {{ .Values.singleNamespace | ternary "RoleBinding" "ClusterRoleBinding" }} metadata: labels: {{- include "gitops-operator.selectorLabels" . | nindent 4 }} name: codefresh-gitops-operator-workflows roleRef: apiGroup: rbac.authorization.k8s.io - kind: ClusterRole + kind: {{ .Values.singleNamespace | ternary "Role" "ClusterRole" }} name: argo-edit subjects: - kind: ServiceAccount diff --git a/charts/gitops-runtime/templates/_components/gitops-operator/rbac/_restricted_git_source.rbac.yaml b/charts/gitops-runtime/templates/_components/gitops-operator/rbac/_restricted_git_source.rbac.yaml index be27879ce..913d131d3 100644 --- a/charts/gitops-runtime/templates/_components/gitops-operator/rbac/_restricted_git_source.rbac.yaml +++ b/charts/gitops-runtime/templates/_components/gitops-operator/rbac/_restricted_git_source.rbac.yaml @@ -1,5 +1,6 @@ {{- define "gitops-operator.resources.restricted-git-source-rbac" }} + {{- if not .Values.singleNamespace }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -80,4 +81,5 @@ subjects: - kind: ServiceAccount name: {{ include "gitops-operator.serviceAccountName" . }} namespace: {{ .Release.Namespace }} + {{- end }} {{- end }} diff --git a/charts/gitops-runtime/templates/_helpers.tpl b/charts/gitops-runtime/templates/_helpers.tpl index 1b66f7107..9f4b88af0 100644 --- a/charts/gitops-runtime/templates/_helpers.tpl +++ b/charts/gitops-runtime/templates/_helpers.tpl @@ -431,11 +431,14 @@ Output comma separated list of installed runtime components */}} {{- define "codefresh-gitops-runtime.component-list"}} {{- $argoEvents := dict "name" "argo-events" "version" (get .Subcharts "argo-events").Chart.AppVersion }} - {{- $sealedSecrets := dict "name" "sealed-secrets" "version" (get .Subcharts "sealed-secrets").Chart.AppVersion }} {{- $internalRouter := dict "name" "internal-router" "version" .Chart.AppVersion }} {{- $appProxy := dict "name" "app-proxy" "version" (index (get .Values "app-proxy") "image" "tag") }} {{- $sourcesServer := dict "name" "sources-server" "version" (get .Values "cf-argocd-extras").sourcesServer.container.image.tag }} - {{- $comptList := list $argoEvents $appProxy $sealedSecrets $internalRouter $sourcesServer }} + {{- $comptList := list $argoEvents $appProxy $internalRouter $sourcesServer }} +{{- if and (index .Values "sealed-secrets" "enabled") }} + {{- $sealedSecrets := dict "name" "sealed-secrets" "version" (get .Subcharts "sealed-secrets").Chart.AppVersion }} + {{- $comptList = append $comptList $sealedSecrets }} +{{- end }} {{- if and (index .Values "argo-cd" "enabled") }} {{- $argoCD := dict "name" "argocd" "version" (get .Subcharts "argo-cd").Chart.AppVersion }} {{- $comptList = append $comptList $argoCD }} diff --git a/charts/gitops-runtime/templates/app-proxy/workflows-crb.yaml b/charts/gitops-runtime/templates/app-proxy/workflows-crb.yaml index d3a0b4e2b..35010bf00 100644 --- a/charts/gitops-runtime/templates/app-proxy/workflows-crb.yaml +++ b/charts/gitops-runtime/templates/app-proxy/workflows-crb.yaml @@ -4,12 +4,12 @@ {{- $_ := set $appProxyContext "Values" (deepCopy (get .Values "app-proxy")) }} {{- $_ := set $appProxyContext.Values "global" (deepCopy (get .Values "global")) }} apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding +kind: {{ $appProxyContext.Values.singleNamespace | ternary "RoleBinding" "ClusterRoleBinding" }} metadata: name: cap-app-proxy-argo-workflows roleRef: apiGroup: rbac.authorization.k8s.io - kind: ClusterRole + kind: {{ $appProxyContext.Values.singleNamespace | ternary "Role" "ClusterRole" }} name: {{ include "codefresh-gitops-runtime.argo-workflows.server.name" . }} subjects: - kind: ServiceAccount diff --git a/charts/gitops-runtime/values.yaml b/charts/gitops-runtime/values.yaml index 225ae8487..c1854942b 100644 --- a/charts/gitops-runtime/values.yaml +++ b/charts/gitops-runtime/values.yaml @@ -712,6 +712,9 @@ gitops-operator: annotations: {} # -- Additional labels for gitops operator CRDs additionalLabels: {} + # -- Restrict the gitops operator to a single namespace (by the namespace of Helm release) + singleNamespace: false + # -- GitOps operator configuration config: # -- Task polling interval taskPollingInterval: 10s @@ -723,8 +726,8 @@ gitops-operator: maxConcurrentReleases: 100 # -- An optional template for the promotion wrapper (empty default will use the embedded one) promotionWrapperTemplate: '' + # -- GitOps operator image image: - # -- defaults registry: quay.io repository: codefresh/codefresh-gitops-operator tag: v0.10.2 From c60fadba78f464081cd99e2e9d91465495c7e3fd Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Fri, 25 Jul 2025 17:47:53 +0300 Subject: [PATCH 10/38] feat: multi runtime install --- charts/gitops-runtime/templates/gitops-operator/crds.yaml | 4 +++- .../gitops-runtime/templates/gitops-operator/deployment.yaml | 2 ++ .../templates/gitops-operator/promotion-operator.yaml | 4 +++- charts/gitops-runtime/templates/gitops-operator/rbac.yaml | 4 +++- .../templates/gitops-operator/serviceaccount.yaml | 4 ++++ 5 files changed, 15 insertions(+), 3 deletions(-) diff --git a/charts/gitops-runtime/templates/gitops-operator/crds.yaml b/charts/gitops-runtime/templates/gitops-operator/crds.yaml index e78bb7003..171bf6f0d 100644 --- a/charts/gitops-runtime/templates/gitops-operator/crds.yaml +++ b/charts/gitops-runtime/templates/gitops-operator/crds.yaml @@ -1 +1,3 @@ -{{- include "gitops-operator.crds" . }} +{{- if and (index .Values "gitops-operator" "enabled") }} + {{- include "gitops-operator.crds" . }} +{{- end }} diff --git a/charts/gitops-runtime/templates/gitops-operator/deployment.yaml b/charts/gitops-runtime/templates/gitops-operator/deployment.yaml index 6038cbbca..1124f1099 100644 --- a/charts/gitops-runtime/templates/gitops-operator/deployment.yaml +++ b/charts/gitops-runtime/templates/gitops-operator/deployment.yaml @@ -1,3 +1,4 @@ +{{- if and (index .Values "gitops-operator" "enabled") }} {{- $context := deepCopy . }} {{- $defaultVals := include "gitops-operator.default-values" . | fromYaml }} @@ -45,3 +46,4 @@ {{- end }} {{- include "gitops-operator.resources.deployment" $context }} +{{- end }} diff --git a/charts/gitops-runtime/templates/gitops-operator/promotion-operator.yaml b/charts/gitops-runtime/templates/gitops-operator/promotion-operator.yaml index 5eb7884c2..789562452 100644 --- a/charts/gitops-runtime/templates/gitops-operator/promotion-operator.yaml +++ b/charts/gitops-runtime/templates/gitops-operator/promotion-operator.yaml @@ -1 +1,3 @@ -{{- include "gitops-operator.resources.promotion-template" . }} +{{- if and (index .Values "gitops-operator" "enabled") }} + {{- include "gitops-operator.resources.promotion-template" . }} +{{- end }} diff --git a/charts/gitops-runtime/templates/gitops-operator/rbac.yaml b/charts/gitops-runtime/templates/gitops-operator/rbac.yaml index 41df10f04..96489708f 100644 --- a/charts/gitops-runtime/templates/gitops-operator/rbac.yaml +++ b/charts/gitops-runtime/templates/gitops-operator/rbac.yaml @@ -1 +1,3 @@ -{{- include "gitops-operator.resources.rbac" . }} +{{- if and (index .Values "gitops-operator" "enabled") }} + {{- include "gitops-operator.resources.rbac" . }} +{{- end }} diff --git a/charts/gitops-runtime/templates/gitops-operator/serviceaccount.yaml b/charts/gitops-runtime/templates/gitops-operator/serviceaccount.yaml index 022cf4317..87517d1db 100644 --- a/charts/gitops-runtime/templates/gitops-operator/serviceaccount.yaml +++ b/charts/gitops-runtime/templates/gitops-operator/serviceaccount.yaml @@ -1,3 +1,5 @@ +{{- if and (index .Values "gitops-operator" "enabled") }} + {{- $context := deepCopy . }} {{- $defaultVals := include "gitops-operator.default-values" . | fromYaml }} @@ -7,3 +9,5 @@ {{- $_ := set $context.Values "global" (deepCopy (get .Values "global")) }} {{- include "gitops-operator.resources.sa" $context }} + +{{- end }} From c783538472b845ac126772770f8455a1687e1367 Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Wed, 30 Jul 2025 11:10:27 +0300 Subject: [PATCH 11/38] feat: multi runtime install --- .../promotion-template/_rbac.yaml | 12 ++++++------ .../gitops-operator/rbac/_auth_proxy_rbac.yaml | 12 ++++++------ .../gitops-operator/rbac/_rbac_operator.yaml | 18 +++++++++--------- 3 files changed, 21 insertions(+), 21 deletions(-) diff --git a/charts/gitops-runtime/templates/_components/gitops-operator/promotion-template/_rbac.yaml b/charts/gitops-runtime/templates/_components/gitops-operator/promotion-template/_rbac.yaml index 812ae1dd5..92d712d39 100644 --- a/charts/gitops-runtime/templates/_components/gitops-operator/promotion-template/_rbac.yaml +++ b/charts/gitops-runtime/templates/_components/gitops-operator/promotion-template/_rbac.yaml @@ -1,11 +1,11 @@ {{- define "gitops-operator.resources.promotion-template-rbac" }} apiVersion: rbac.authorization.k8s.io/v1 -kind: {{ .Values.singleNamespace | ternary "Role" "ClusterRole" }} +kind: ClusterRole metadata: labels: {{- include "gitops-operator.selectorLabels" . | nindent 4 }} - name: promotion-template + name: {{ .Values.singleNamespace | ternary (printf "promotion-template-%s" .Release.Namespace) "promotion-template" }} rules: - apiGroups: - "" @@ -45,15 +45,15 @@ rules: --- apiVersion: rbac.authorization.k8s.io/v1 -kind: {{ .Values.singleNamespace | ternary "RoleBinding" "ClusterRoleBinding" }} +kind: ClusterRoleBinding metadata: labels: {{- include "gitops-operator.selectorLabels" . | nindent 4 }} - name: promotion-template + name: {{ .Values.singleNamespace | ternary (printf "promotion-template-%s" .Release.Namespace) "promotion-template" }} roleRef: apiGroup: rbac.authorization.k8s.io - kind: {{ .Values.singleNamespace | ternary "Role" "ClusterRole" }} - name: promotion-template + kind: ClusterRole + name: {{ .Values.singleNamespace | ternary (printf "promotion-template-%s" .Release.Namespace) "promotion-template" }} subjects: - kind: ServiceAccount name: {{ include "gitops-operator.promotionTemplate.serviceAccountName" . }} diff --git a/charts/gitops-runtime/templates/_components/gitops-operator/rbac/_auth_proxy_rbac.yaml b/charts/gitops-runtime/templates/_components/gitops-operator/rbac/_auth_proxy_rbac.yaml index 96f470301..9338fbdee 100644 --- a/charts/gitops-runtime/templates/_components/gitops-operator/rbac/_auth_proxy_rbac.yaml +++ b/charts/gitops-runtime/templates/_components/gitops-operator/rbac/_auth_proxy_rbac.yaml @@ -1,11 +1,11 @@ {{- define "gitops-operator.resources.auth-proxy-rbac" }} apiVersion: rbac.authorization.k8s.io/v1 -kind: {{ .Values.singleNamespace | ternary "Role" "ClusterRole" }} +kind: ClusterRole metadata: labels: {{- include "gitops-operator.selectorLabels" . | nindent 4 }} - name: codefresh-gitops-operator-proxy + name: {{ .Values.singleNamespace | ternary (printf "codefresh-gitops-operator-proxy-%s" .Release.Namespace) "codefresh-gitops-operator-proxy" }} rules: - apiGroups: - authentication.k8s.io @@ -22,15 +22,15 @@ rules: --- apiVersion: rbac.authorization.k8s.io/v1 -kind: {{ .Values.singleNamespace | ternary "RoleBinding" "ClusterRoleBinding" }} +kind: ClusterRoleBinding metadata: labels: {{- include "gitops-operator.selectorLabels" . | nindent 4 }} - name: codefresh-gitops-operator-proxy + name: {{ .Values.singleNamespace | ternary (printf "codefresh-gitops-operator-proxy-%s" .Release.Namespace) "codefresh-gitops-operator-proxy" }} roleRef: apiGroup: rbac.authorization.k8s.io - kind: {{ .Values.singleNamespace | ternary "Role" "ClusterRole" }} - name: codefresh-gitops-operator-proxy + kind: ClusterRole + name: {{ .Values.singleNamespace | ternary (printf "codefresh-gitops-operator-proxy-%s" .Release.Namespace) "codefresh-gitops-operator-proxy" }} subjects: - kind: ServiceAccount name: {{ include "gitops-operator.serviceAccountName" . }} diff --git a/charts/gitops-runtime/templates/_components/gitops-operator/rbac/_rbac_operator.yaml b/charts/gitops-runtime/templates/_components/gitops-operator/rbac/_rbac_operator.yaml index 268326004..aee5c759a 100644 --- a/charts/gitops-runtime/templates/_components/gitops-operator/rbac/_rbac_operator.yaml +++ b/charts/gitops-runtime/templates/_components/gitops-operator/rbac/_rbac_operator.yaml @@ -1,11 +1,11 @@ {{- define "gitops-operator.resources.rbac-operator" }} apiVersion: rbac.authorization.k8s.io/v1 -kind: {{ .Values.singleNamespace | ternary "Role" "ClusterRole" }} +kind: ClusterRole metadata: labels: {{- include "gitops-operator.selectorLabels" . | nindent 4 }} - name: codefresh-gitops-operator + name: {{ .Values.singleNamespace | ternary (printf "codefresh-gitops-operator-%s" .Release.Namespace) "codefresh-gitops-operator" }} rules: - apiGroups: - "" @@ -74,29 +74,29 @@ rules: --- apiVersion: rbac.authorization.k8s.io/v1 -kind: {{ .Values.singleNamespace | ternary "RoleBinding" "ClusterRoleBinding" }} +kind: ClusterRoleBinding metadata: labels: {{- include "gitops-operator.selectorLabels" . | nindent 4 }} - name: codefresh-gitops-operator + name: {{ .Values.singleNamespace | ternary (printf "codefresh-gitops-operator-%s" .Release.Namespace) "codefresh-gitops-operator" }} roleRef: apiGroup: rbac.authorization.k8s.io - kind: {{ .Values.singleNamespace | ternary "Role" "ClusterRole" }} - name: codefresh-gitops-operator + kind: ClusterRole + name: {{ .Values.singleNamespace | ternary (printf "codefresh-gitops-operator-%s" .Release.Namespace) "codefresh-gitops-operator" }} subjects: - kind: ServiceAccount name: {{ include "gitops-operator.serviceAccountName" . }} namespace: {{ .Release.Namespace }} --- apiVersion: rbac.authorization.k8s.io/v1 -kind: {{ .Values.singleNamespace | ternary "RoleBinding" "ClusterRoleBinding" }} +kind: ClusterRoleBinding metadata: labels: {{- include "gitops-operator.selectorLabels" . | nindent 4 }} - name: codefresh-gitops-operator-workflows + name: {{ .Values.singleNamespace | ternary (printf "codefresh-gitops-operator-workflows-%s" .Release.Namespace) "codefresh-gitops-operator-workflows" }} roleRef: apiGroup: rbac.authorization.k8s.io - kind: {{ .Values.singleNamespace | ternary "Role" "ClusterRole" }} + kind: ClusterRole name: argo-edit subjects: - kind: ServiceAccount From 8664b57de2bb26a232de0dd9a62e7a0fec443f32 Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Wed, 30 Jul 2025 11:40:41 +0300 Subject: [PATCH 12/38] wip: Wed Jul 30 11:40:41 +03 2025 --- .../_components/gitops-operator/rbac/_rbac_operator.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/gitops-runtime/templates/_components/gitops-operator/rbac/_rbac_operator.yaml b/charts/gitops-runtime/templates/_components/gitops-operator/rbac/_rbac_operator.yaml index aee5c759a..ffefcf581 100644 --- a/charts/gitops-runtime/templates/_components/gitops-operator/rbac/_rbac_operator.yaml +++ b/charts/gitops-runtime/templates/_components/gitops-operator/rbac/_rbac_operator.yaml @@ -89,15 +89,15 @@ subjects: namespace: {{ .Release.Namespace }} --- apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding +kind: {{ .Values.singleNamespace | ternary "RoleBinding" "ClusterRoleBinding" }} metadata: labels: {{- include "gitops-operator.selectorLabels" . | nindent 4 }} name: {{ .Values.singleNamespace | ternary (printf "codefresh-gitops-operator-workflows-%s" .Release.Namespace) "codefresh-gitops-operator-workflows" }} roleRef: apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: argo-edit + kind: {{ .Values.singleNamespace | ternary "Role" "ClusterRole" }} + name: {{ .Values.singleNamespace | ternary "argo-workflow-controller" "argo-edit" }} subjects: - kind: ServiceAccount name: {{ include "gitops-operator.serviceAccountName" . }} From e111ee50822b5d79046a03d949b28655ba3e40dd Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Wed, 30 Jul 2025 12:19:46 +0300 Subject: [PATCH 13/38] wip: Wed Jul 30 12:19:46 +03 2025 --- .../gitops-operator/rbac/_rbac_operator.yaml | 122 +++++++++++++++++- 1 file changed, 121 insertions(+), 1 deletion(-) diff --git a/charts/gitops-runtime/templates/_components/gitops-operator/rbac/_rbac_operator.yaml b/charts/gitops-runtime/templates/_components/gitops-operator/rbac/_rbac_operator.yaml index ffefcf581..753108148 100644 --- a/charts/gitops-runtime/templates/_components/gitops-operator/rbac/_rbac_operator.yaml +++ b/charts/gitops-runtime/templates/_components/gitops-operator/rbac/_rbac_operator.yaml @@ -71,6 +71,126 @@ rules: - get - list - watch +--- +{{- if .Values.singleNamespace }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: argo-role +rules: +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - get + - update +- apiGroups: + - "" + resources: + - pods + - pods/exec + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - watch + - list +- apiGroups: + - "" + resources: + - persistentvolumeclaims + - persistentvolumeclaims/finalizers + verbs: + - create + - update + - delete + - get +- apiGroups: + - argoproj.io + resources: + - workflows + - workflows/finalizers + - workflowtasksets + - workflowtasksets/finalizers + - workflowartifactgctasks + verbs: + - get + - list + - watch + - update + - patch + - delete + - create +- apiGroups: + - argoproj.io + resources: + - workflowtemplates + - workflowtemplates/finalizers + verbs: + - get + - list + - watch +- apiGroups: + - argoproj.io + resources: + - workflowtaskresults + verbs: + - list + - watch + - deletecollection +- apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - get + - list +- apiGroups: + - "" + resources: + - secrets + verbs: + - get +- apiGroups: + - argoproj.io + resources: + - cronworkflows + - cronworkflows/finalizers + verbs: + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - create + - get + - delete +{{- end }} --- apiVersion: rbac.authorization.k8s.io/v1 @@ -97,7 +217,7 @@ metadata: roleRef: apiGroup: rbac.authorization.k8s.io kind: {{ .Values.singleNamespace | ternary "Role" "ClusterRole" }} - name: {{ .Values.singleNamespace | ternary "argo-workflow-controller" "argo-edit" }} + name: {{ .Values.singleNamespace | ternary "argo-role" "argo-edit" }} subjects: - kind: ServiceAccount name: {{ include "gitops-operator.serviceAccountName" . }} From a3c393f08201d5c7d5abb67707edff8321bc3634 Mon Sep 17 00:00:00 2001 From: shirtabachii Date: Wed, 20 Aug 2025 13:38:03 +0300 Subject: [PATCH 14/38] feat: multi runtime install --- .../gitops-operator/promotion-template/_rbac.yaml | 12 ++++++------ .../gitops-operator/rbac/_auth_proxy_rbac.yaml | 12 ++++++------ .../gitops-operator/rbac/_rbac_operator.yaml | 14 +++++++------- 3 files changed, 19 insertions(+), 19 deletions(-) diff --git a/charts/gitops-runtime/templates/_components/gitops-operator/promotion-template/_rbac.yaml b/charts/gitops-runtime/templates/_components/gitops-operator/promotion-template/_rbac.yaml index 92d712d39..812ae1dd5 100644 --- a/charts/gitops-runtime/templates/_components/gitops-operator/promotion-template/_rbac.yaml +++ b/charts/gitops-runtime/templates/_components/gitops-operator/promotion-template/_rbac.yaml @@ -1,11 +1,11 @@ {{- define "gitops-operator.resources.promotion-template-rbac" }} apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole +kind: {{ .Values.singleNamespace | ternary "Role" "ClusterRole" }} metadata: labels: {{- include "gitops-operator.selectorLabels" . | nindent 4 }} - name: {{ .Values.singleNamespace | ternary (printf "promotion-template-%s" .Release.Namespace) "promotion-template" }} + name: promotion-template rules: - apiGroups: - "" @@ -45,15 +45,15 @@ rules: --- apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding +kind: {{ .Values.singleNamespace | ternary "RoleBinding" "ClusterRoleBinding" }} metadata: labels: {{- include "gitops-operator.selectorLabels" . | nindent 4 }} - name: {{ .Values.singleNamespace | ternary (printf "promotion-template-%s" .Release.Namespace) "promotion-template" }} + name: promotion-template roleRef: apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ .Values.singleNamespace | ternary (printf "promotion-template-%s" .Release.Namespace) "promotion-template" }} + kind: {{ .Values.singleNamespace | ternary "Role" "ClusterRole" }} + name: promotion-template subjects: - kind: ServiceAccount name: {{ include "gitops-operator.promotionTemplate.serviceAccountName" . }} diff --git a/charts/gitops-runtime/templates/_components/gitops-operator/rbac/_auth_proxy_rbac.yaml b/charts/gitops-runtime/templates/_components/gitops-operator/rbac/_auth_proxy_rbac.yaml index 9338fbdee..96f470301 100644 --- a/charts/gitops-runtime/templates/_components/gitops-operator/rbac/_auth_proxy_rbac.yaml +++ b/charts/gitops-runtime/templates/_components/gitops-operator/rbac/_auth_proxy_rbac.yaml @@ -1,11 +1,11 @@ {{- define "gitops-operator.resources.auth-proxy-rbac" }} apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole +kind: {{ .Values.singleNamespace | ternary "Role" "ClusterRole" }} metadata: labels: {{- include "gitops-operator.selectorLabels" . | nindent 4 }} - name: {{ .Values.singleNamespace | ternary (printf "codefresh-gitops-operator-proxy-%s" .Release.Namespace) "codefresh-gitops-operator-proxy" }} + name: codefresh-gitops-operator-proxy rules: - apiGroups: - authentication.k8s.io @@ -22,15 +22,15 @@ rules: --- apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding +kind: {{ .Values.singleNamespace | ternary "RoleBinding" "ClusterRoleBinding" }} metadata: labels: {{- include "gitops-operator.selectorLabels" . | nindent 4 }} - name: {{ .Values.singleNamespace | ternary (printf "codefresh-gitops-operator-proxy-%s" .Release.Namespace) "codefresh-gitops-operator-proxy" }} + name: codefresh-gitops-operator-proxy roleRef: apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ .Values.singleNamespace | ternary (printf "codefresh-gitops-operator-proxy-%s" .Release.Namespace) "codefresh-gitops-operator-proxy" }} + kind: {{ .Values.singleNamespace | ternary "Role" "ClusterRole" }} + name: codefresh-gitops-operator-proxy subjects: - kind: ServiceAccount name: {{ include "gitops-operator.serviceAccountName" . }} diff --git a/charts/gitops-runtime/templates/_components/gitops-operator/rbac/_rbac_operator.yaml b/charts/gitops-runtime/templates/_components/gitops-operator/rbac/_rbac_operator.yaml index 753108148..317b55a7b 100644 --- a/charts/gitops-runtime/templates/_components/gitops-operator/rbac/_rbac_operator.yaml +++ b/charts/gitops-runtime/templates/_components/gitops-operator/rbac/_rbac_operator.yaml @@ -1,11 +1,11 @@ {{- define "gitops-operator.resources.rbac-operator" }} apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole +kind: {{ .Values.singleNamespace | ternary "Role" "ClusterRole" }} metadata: labels: {{- include "gitops-operator.selectorLabels" . | nindent 4 }} - name: {{ .Values.singleNamespace | ternary (printf "codefresh-gitops-operator-%s" .Release.Namespace) "codefresh-gitops-operator" }} + name: codefresh-gitops-operator rules: - apiGroups: - "" @@ -194,15 +194,15 @@ rules: --- apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding +kind: {{ .Values.singleNamespace | ternary "RoleBinding" "ClusterRoleBinding" }} metadata: labels: {{- include "gitops-operator.selectorLabels" . | nindent 4 }} - name: {{ .Values.singleNamespace | ternary (printf "codefresh-gitops-operator-%s" .Release.Namespace) "codefresh-gitops-operator" }} + name: codefresh-gitops-operator roleRef: apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ .Values.singleNamespace | ternary (printf "codefresh-gitops-operator-%s" .Release.Namespace) "codefresh-gitops-operator" }} + kind: {{ .Values.singleNamespace | ternary "Role" "ClusterRole" }} + name: codefresh-gitops-operator subjects: - kind: ServiceAccount name: {{ include "gitops-operator.serviceAccountName" . }} @@ -213,7 +213,7 @@ kind: {{ .Values.singleNamespace | ternary "RoleBinding" "ClusterRoleBinding" }} metadata: labels: {{- include "gitops-operator.selectorLabels" . | nindent 4 }} - name: {{ .Values.singleNamespace | ternary (printf "codefresh-gitops-operator-workflows-%s" .Release.Namespace) "codefresh-gitops-operator-workflows" }} + name: codefresh-gitops-operator-workflows roleRef: apiGroup: rbac.authorization.k8s.io kind: {{ .Values.singleNamespace | ternary "Role" "ClusterRole" }} From d08a15c0c5ee368956b04134544e5a1709622c94 Mon Sep 17 00:00:00 2001 From: shirtabachii Date: Mon, 25 Aug 2025 14:51:24 +0300 Subject: [PATCH 15/38] wip --- .../cap-app-proxy/_all_resources.yaml | 2 +- .../_components/cap-app-proxy/_config.yaml | 4 ++-- .../_components/cap-app-proxy/argo-cd/_all.yaml | 6 ++++-- .../_components/gitops-operator/_env.yaml | 4 ++-- .../_components/gitops-operator/crds/_all.yaml | 2 +- .../promotion-template/_rbac.yaml | 6 +++--- .../_components/gitops-operator/rbac/_all.yaml | 2 +- .../gitops-operator/rbac/_auth_proxy_rbac.yaml | 6 +++--- .../gitops-operator/rbac/_rbac_operator.yaml | 16 ++++++++-------- .../rbac/_restricted_git_source.rbac.yaml | 2 +- .../templates/app-proxy/workflows-crb.yaml | 4 ++-- .../gitops-runtime/templates/codefresh-cm.yaml | 6 +++--- charts/gitops-runtime/values.yaml | 6 ++---- 13 files changed, 33 insertions(+), 33 deletions(-) diff --git a/charts/gitops-runtime/templates/_components/cap-app-proxy/_all_resources.yaml b/charts/gitops-runtime/templates/_components/cap-app-proxy/_all_resources.yaml index ff455cf52..d60f456bd 100644 --- a/charts/gitops-runtime/templates/_components/cap-app-proxy/_all_resources.yaml +++ b/charts/gitops-runtime/templates/_components/cap-app-proxy/_all_resources.yaml @@ -12,4 +12,4 @@ {{ include "cap-app-proxy.resources.sa" .}} --- {{ include "argo-cd.namespaced-rbac.all" . }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/gitops-runtime/templates/_components/cap-app-proxy/_config.yaml b/charts/gitops-runtime/templates/_components/cap-app-proxy/_config.yaml index e615c50d1..0dd1059d3 100644 --- a/charts/gitops-runtime/templates/_components/cap-app-proxy/_config.yaml +++ b/charts/gitops-runtime/templates/_components/cap-app-proxy/_config.yaml @@ -4,14 +4,14 @@ argoCdUsername: {{ .Values.config.argoCdUsername }} argoWorkflowsInsecure: {{ .Values.config.argoWorkflowsInsecure | quote }} argoWorkflowsUrl: {{ default "" .Values.config.argoWorkflowsUrl }} cors: {{ .Values.global.codefresh.url }} - {{- with .Values.config.clusterChunkSize }} + {{- with .Values.config.clusterChunkSize }} clusterChunkSize: {{ . | quote }} {{- end }} env: {{ .Values.config.env | quote}} isConfigurationRuntime: {{ .Values.global.runtime.isConfigurationRuntime | quote }} isExternalArgoCD: {{ .Values.global.runtime.isExternalArgoCD | quote }} runtimeName: {{ required "global.runtime.name is required" .Values.global.runtime.name | quote}} -runtimeSingleNamespace: {{ .Values.singleNamespace | quote }} +runtimeSingleNamespace: {{ .Values.global.runtime.singleNamespace | quote }} skipGitPermissionValidation: {{ .Values.config.skipGitPermissionValidation | quote }} logLevel: {{ .Values.config.logLevel | quote }} {{- $enrichmentValues := get .Values "image-enrichment" }} diff --git a/charts/gitops-runtime/templates/_components/cap-app-proxy/argo-cd/_all.yaml b/charts/gitops-runtime/templates/_components/cap-app-proxy/argo-cd/_all.yaml index d731eadeb..75c737ad0 100644 --- a/charts/gitops-runtime/templates/_components/cap-app-proxy/argo-cd/_all.yaml +++ b/charts/gitops-runtime/templates/_components/cap-app-proxy/argo-cd/_all.yaml @@ -1,7 +1,9 @@ -{{- if (get .Values "app-proxy").singleNamespace }} +{{- define "argo-cd.namespaced-rbac.all" }} +{{- if (index .Values "global" "runtime").singleNamespace }} {{- include "argo-cd.namespaced-rbac.serviceaccount" . }} --- {{- include "argo-cd.namespaced-rbac.role" . }} --- {{- include "argo-cd.namespaced-rbac.rolebinding" . }} -{{- end }} \ No newline at end of file +{{- end }} +{{- end }} diff --git a/charts/gitops-runtime/templates/_components/gitops-operator/_env.yaml b/charts/gitops-runtime/templates/_components/gitops-operator/_env.yaml index 1321e06c5..93b22042b 100644 --- a/charts/gitops-runtime/templates/_components/gitops-operator/_env.yaml +++ b/charts/gitops-runtime/templates/_components/gitops-operator/_env.yaml @@ -15,7 +15,7 @@ COMMIT_STATUS_POLLING_INTERVAL: {{ .Values.config.commitStatusPollingInterval }} WORKFLOW_MONITOR_POLLING_INTERVAL: {{ .Values.config.workflowMonitorPollingInterval }} MAX_CONCURRENT_RELEASES: {{ .Values.config.maxConcurrentReleases }} PROMOTION_WRAPPER_TEMPLATE: {{ .Values.config.promotionWrapperTemplate | quote }} -RUNTIME_SINGLE_NAMESPACE: {{ (get .Values "app-proxy").singleNamespace }} +RUNTIME_SINGLE_NAMESPACE: {{ .Values.global.runtime.singleNamespace }} {{- end }} {{- define "gitops-operator.resources.environment-variables.defaults" -}} @@ -37,7 +37,7 @@ NAMESPACE: valueFrom: fieldRef: fieldPath: metadata.namespace -RUNTIME_VERSION: +RUNTIME_VERSION: valueFrom: configMapKeyRef: name: codefresh-cm diff --git a/charts/gitops-runtime/templates/_components/gitops-operator/crds/_all.yaml b/charts/gitops-runtime/templates/_components/gitops-operator/crds/_all.yaml index d7d598f9b..9aabfeef7 100644 --- a/charts/gitops-runtime/templates/_components/gitops-operator/crds/_all.yaml +++ b/charts/gitops-runtime/templates/_components/gitops-operator/crds/_all.yaml @@ -14,7 +14,7 @@ --- {{- include "gitops-operator.crds.product" $context }} --- - {{- if not (get .Values "app-proxy").singleNamespace }} + {{- if not (get .Values.global "runtime").singleNamespace }} {{- include "gitops-operator.crds.restricted-gitsource" $context }} {{- end }} --- diff --git a/charts/gitops-runtime/templates/_components/gitops-operator/promotion-template/_rbac.yaml b/charts/gitops-runtime/templates/_components/gitops-operator/promotion-template/_rbac.yaml index 812ae1dd5..f41bc088b 100644 --- a/charts/gitops-runtime/templates/_components/gitops-operator/promotion-template/_rbac.yaml +++ b/charts/gitops-runtime/templates/_components/gitops-operator/promotion-template/_rbac.yaml @@ -1,7 +1,7 @@ {{- define "gitops-operator.resources.promotion-template-rbac" }} apiVersion: rbac.authorization.k8s.io/v1 -kind: {{ .Values.singleNamespace | ternary "Role" "ClusterRole" }} +kind: {{ .Values.global.runtime.singleNamespace | ternary "Role" "ClusterRole" }} metadata: labels: {{- include "gitops-operator.selectorLabels" . | nindent 4 }} @@ -45,14 +45,14 @@ rules: --- apiVersion: rbac.authorization.k8s.io/v1 -kind: {{ .Values.singleNamespace | ternary "RoleBinding" "ClusterRoleBinding" }} +kind: {{ .Values.global.runtime.singleNamespace | ternary "RoleBinding" "ClusterRoleBinding" }} metadata: labels: {{- include "gitops-operator.selectorLabels" . | nindent 4 }} name: promotion-template roleRef: apiGroup: rbac.authorization.k8s.io - kind: {{ .Values.singleNamespace | ternary "Role" "ClusterRole" }} + kind: {{ .Values.global.runtime.singleNamespace | ternary "Role" "ClusterRole" }} name: promotion-template subjects: - kind: ServiceAccount diff --git a/charts/gitops-runtime/templates/_components/gitops-operator/rbac/_all.yaml b/charts/gitops-runtime/templates/_components/gitops-operator/rbac/_all.yaml index db0a7c7ae..0a0d6f33e 100644 --- a/charts/gitops-runtime/templates/_components/gitops-operator/rbac/_all.yaml +++ b/charts/gitops-runtime/templates/_components/gitops-operator/rbac/_all.yaml @@ -13,7 +13,7 @@ --- {{- include "gitops-operator.resources.leader-election-rbac" $context }} --- - {{- if not (get .Values "app-proxy").singleNamespace }} + {{- if not (get .Values.global "runtime").singleNamespace }} {{- include "gitops-operator.resources.restricted-git-source-rbac" $context }} {{- end }} --- diff --git a/charts/gitops-runtime/templates/_components/gitops-operator/rbac/_auth_proxy_rbac.yaml b/charts/gitops-runtime/templates/_components/gitops-operator/rbac/_auth_proxy_rbac.yaml index 96f470301..f9d687eb0 100644 --- a/charts/gitops-runtime/templates/_components/gitops-operator/rbac/_auth_proxy_rbac.yaml +++ b/charts/gitops-runtime/templates/_components/gitops-operator/rbac/_auth_proxy_rbac.yaml @@ -1,7 +1,7 @@ {{- define "gitops-operator.resources.auth-proxy-rbac" }} apiVersion: rbac.authorization.k8s.io/v1 -kind: {{ .Values.singleNamespace | ternary "Role" "ClusterRole" }} +kind: {{ .Values.global.runtime.singleNamespace | ternary "Role" "ClusterRole" }} metadata: labels: {{- include "gitops-operator.selectorLabels" . | nindent 4 }} @@ -22,14 +22,14 @@ rules: --- apiVersion: rbac.authorization.k8s.io/v1 -kind: {{ .Values.singleNamespace | ternary "RoleBinding" "ClusterRoleBinding" }} +kind: {{ .Values.global.runtime.singleNamespace | ternary "RoleBinding" "ClusterRoleBinding" }} metadata: labels: {{- include "gitops-operator.selectorLabels" . | nindent 4 }} name: codefresh-gitops-operator-proxy roleRef: apiGroup: rbac.authorization.k8s.io - kind: {{ .Values.singleNamespace | ternary "Role" "ClusterRole" }} + kind: {{ .Values.global.runtime.singleNamespace | ternary "Role" "ClusterRole" }} name: codefresh-gitops-operator-proxy subjects: - kind: ServiceAccount diff --git a/charts/gitops-runtime/templates/_components/gitops-operator/rbac/_rbac_operator.yaml b/charts/gitops-runtime/templates/_components/gitops-operator/rbac/_rbac_operator.yaml index 317b55a7b..ed0234c4c 100644 --- a/charts/gitops-runtime/templates/_components/gitops-operator/rbac/_rbac_operator.yaml +++ b/charts/gitops-runtime/templates/_components/gitops-operator/rbac/_rbac_operator.yaml @@ -1,7 +1,7 @@ {{- define "gitops-operator.resources.rbac-operator" }} apiVersion: rbac.authorization.k8s.io/v1 -kind: {{ .Values.singleNamespace | ternary "Role" "ClusterRole" }} +kind: {{ .Values.global.runtime.singleNamespace | ternary "Role" "ClusterRole" }} metadata: labels: {{- include "gitops-operator.selectorLabels" . | nindent 4 }} @@ -26,7 +26,7 @@ rules: - patch - update - watch -{{- if not .Values.singleNamespace }} +{{- if not .Values.global.runtime.singleNamespace }} - apiGroups: - codefresh.io resources: @@ -72,7 +72,7 @@ rules: - list - watch --- -{{- if .Values.singleNamespace }} +{{- if .Values.global.runtime.singleNamespace }} apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: @@ -194,14 +194,14 @@ rules: --- apiVersion: rbac.authorization.k8s.io/v1 -kind: {{ .Values.singleNamespace | ternary "RoleBinding" "ClusterRoleBinding" }} +kind: {{ .Values.global.runtime.singleNamespace | ternary "RoleBinding" "ClusterRoleBinding" }} metadata: labels: {{- include "gitops-operator.selectorLabels" . | nindent 4 }} name: codefresh-gitops-operator roleRef: apiGroup: rbac.authorization.k8s.io - kind: {{ .Values.singleNamespace | ternary "Role" "ClusterRole" }} + kind: {{ .Values.global.runtime.singleNamespace | ternary "Role" "ClusterRole" }} name: codefresh-gitops-operator subjects: - kind: ServiceAccount @@ -209,15 +209,15 @@ subjects: namespace: {{ .Release.Namespace }} --- apiVersion: rbac.authorization.k8s.io/v1 -kind: {{ .Values.singleNamespace | ternary "RoleBinding" "ClusterRoleBinding" }} +kind: {{ .Values.global.runtime.singleNamespace | ternary "RoleBinding" "ClusterRoleBinding" }} metadata: labels: {{- include "gitops-operator.selectorLabels" . | nindent 4 }} name: codefresh-gitops-operator-workflows roleRef: apiGroup: rbac.authorization.k8s.io - kind: {{ .Values.singleNamespace | ternary "Role" "ClusterRole" }} - name: {{ .Values.singleNamespace | ternary "argo-role" "argo-edit" }} + kind: {{ .Values.global.runtime.singleNamespace | ternary "Role" "ClusterRole" }} + name: {{ .Values.global.runtime.singleNamespace | ternary "argo-role" "argo-edit" }} subjects: - kind: ServiceAccount name: {{ include "gitops-operator.serviceAccountName" . }} diff --git a/charts/gitops-runtime/templates/_components/gitops-operator/rbac/_restricted_git_source.rbac.yaml b/charts/gitops-runtime/templates/_components/gitops-operator/rbac/_restricted_git_source.rbac.yaml index 913d131d3..34c130298 100644 --- a/charts/gitops-runtime/templates/_components/gitops-operator/rbac/_restricted_git_source.rbac.yaml +++ b/charts/gitops-runtime/templates/_components/gitops-operator/rbac/_restricted_git_source.rbac.yaml @@ -1,6 +1,6 @@ {{- define "gitops-operator.resources.restricted-git-source-rbac" }} - {{- if not .Values.singleNamespace }} + {{- if not .Values.global.runtime.singleNamespace }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: diff --git a/charts/gitops-runtime/templates/app-proxy/workflows-crb.yaml b/charts/gitops-runtime/templates/app-proxy/workflows-crb.yaml index 35010bf00..02b8dc3dc 100644 --- a/charts/gitops-runtime/templates/app-proxy/workflows-crb.yaml +++ b/charts/gitops-runtime/templates/app-proxy/workflows-crb.yaml @@ -4,12 +4,12 @@ {{- $_ := set $appProxyContext "Values" (deepCopy (get .Values "app-proxy")) }} {{- $_ := set $appProxyContext.Values "global" (deepCopy (get .Values "global")) }} apiVersion: rbac.authorization.k8s.io/v1 -kind: {{ $appProxyContext.Values.singleNamespace | ternary "RoleBinding" "ClusterRoleBinding" }} +kind: {{ $appProxyContext.Values.global.runtime.singleNamespace | ternary "RoleBinding" "ClusterRoleBinding" }} metadata: name: cap-app-proxy-argo-workflows roleRef: apiGroup: rbac.authorization.k8s.io - kind: {{ $appProxyContext.Values.singleNamespace | ternary "Role" "ClusterRole" }} + kind: {{ $appProxyContext.Values.global.runtime.singleNamespace | ternary "Role" "ClusterRole" }} name: {{ include "codefresh-gitops-runtime.argo-workflows.server.name" . }} subjects: - kind: ServiceAccount diff --git a/charts/gitops-runtime/templates/codefresh-cm.yaml b/charts/gitops-runtime/templates/codefresh-cm.yaml index 3fba68b95..40fef25ee 100644 --- a/charts/gitops-runtime/templates/codefresh-cm.yaml +++ b/charts/gitops-runtime/templates/codefresh-cm.yaml @@ -14,6 +14,6 @@ data: ingressClassName: {{ .Values.global.runtime.ingress.className | default "" | quote }} ingressController: {{ .Values.global.runtime.ingress.className | default "" | quote }} ingressHost: {{ include "codefresh-gitops-runtime.ingress-url" . }} - isConfigurationRuntime: {{ .Values.global.runtime.isConfigurationRuntime | quote }} - singleNamespace: {{ (get .Values "app-proxy").singleNamespace | quote }} - version: {{ .Chart.AppVersion }} \ No newline at end of file + isConfigurationRuntime: {{ .Values.global.runtime.isConfigurationRuntime | quote }} + singleNamespace: {{ .Values.global.runtime.singleNamespace | quote }} + version: {{ .Chart.AppVersion }} diff --git a/charts/gitops-runtime/values.yaml b/charts/gitops-runtime/values.yaml index c1854942b..59d996a6e 100644 --- a/charts/gitops-runtime/values.yaml +++ b/charts/gitops-runtime/values.yaml @@ -49,6 +49,8 @@ global: cluster: https://kubernetes.default.svc # -- Defines whether this is a Codefresh hosted runtime. Should not be changed. codefreshHosted: false + # -- Runtime single namespace mode. When true, runtime operates in single namespace scope. + singleNamespace: true # -- Ingress settings ingress: # -- if set to true, the pre-install hook will validate the existance of appropriate values, but *will not* attempt to make a web request to the ingress host @@ -518,8 +520,6 @@ tunnel-client: #----------------------------------------------------------------------------------------------------------------------- app-proxy: replicaCount: 1 - # -- Runtime single namespace mode. When true, runtime operates in single namespace scope. - singleNamespace: false # -- Image enrichment process configuration image-enrichment: # -- Enable or disable enrichment process. Please note that for enrichemnt, argo-workflows has to be enabled as well. @@ -712,8 +712,6 @@ gitops-operator: annotations: {} # -- Additional labels for gitops operator CRDs additionalLabels: {} - # -- Restrict the gitops operator to a single namespace (by the namespace of Helm release) - singleNamespace: false # -- GitOps operator configuration config: # -- Task polling interval From fa97244e8ca7478c163771aa4ab73cb6c99a25c9 Mon Sep 17 00:00:00 2001 From: shirtabachii Date: Mon, 25 Aug 2025 14:51:53 +0300 Subject: [PATCH 16/38] wip --- .../templates/app-proxy/argocd-namespaced-rbac.yaml | 1 + 1 file changed, 1 insertion(+) create mode 100644 charts/gitops-runtime/templates/app-proxy/argocd-namespaced-rbac.yaml diff --git a/charts/gitops-runtime/templates/app-proxy/argocd-namespaced-rbac.yaml b/charts/gitops-runtime/templates/app-proxy/argocd-namespaced-rbac.yaml new file mode 100644 index 000000000..401556a0d --- /dev/null +++ b/charts/gitops-runtime/templates/app-proxy/argocd-namespaced-rbac.yaml @@ -0,0 +1 @@ +{{- include "argo-cd.namespaced-rbac.all" . }} From 19a61856a4b8a000bc9778967a4c4a1ac2551754 Mon Sep 17 00:00:00 2001 From: shirtabachii Date: Mon, 25 Aug 2025 14:57:10 +0300 Subject: [PATCH 17/38] wip --- charts/gitops-runtime/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/gitops-runtime/values.yaml b/charts/gitops-runtime/values.yaml index 59d996a6e..04f243a0a 100644 --- a/charts/gitops-runtime/values.yaml +++ b/charts/gitops-runtime/values.yaml @@ -50,7 +50,7 @@ global: # -- Defines whether this is a Codefresh hosted runtime. Should not be changed. codefreshHosted: false # -- Runtime single namespace mode. When true, runtime operates in single namespace scope. - singleNamespace: true + singleNamespace: false # -- Ingress settings ingress: # -- if set to true, the pre-install hook will validate the existance of appropriate values, but *will not* attempt to make a web request to the ingress host From 65b45224441896842aa5c1ad59c9092f47ba1844 Mon Sep 17 00:00:00 2001 From: shirtabachii Date: Mon, 25 Aug 2025 18:29:03 +0300 Subject: [PATCH 18/38] wip --- .../cap-app-proxy/argo-cd/_role.yaml | 23 ++++++------------- 1 file changed, 7 insertions(+), 16 deletions(-) diff --git a/charts/gitops-runtime/templates/_components/cap-app-proxy/argo-cd/_role.yaml b/charts/gitops-runtime/templates/_components/cap-app-proxy/argo-cd/_role.yaml index 9d1389646..9656aa3b3 100644 --- a/charts/gitops-runtime/templates/_components/cap-app-proxy/argo-cd/_role.yaml +++ b/charts/gitops-runtime/templates/_components/cap-app-proxy/argo-cd/_role.yaml @@ -8,19 +8,10 @@ metadata: {{- include "codefresh-gitops-runtime.labels" . | nindent 4 }} codefresh.io/component: argocd-namespaced-rbac rules: -- apiGroups: [""] - resources: ["pods", "services", "endpoints", "persistentvolumeclaims", "events", "configmaps", "secrets", "serviceaccounts"] - verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] -- apiGroups: ["apps"] - resources: ["deployments", "replicasets", "statefulsets", "daemonsets"] - verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] -- apiGroups: ["batch"] - resources: ["jobs", "cronjobs"] - verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] -- apiGroups: ["networking.k8s.io"] - resources: ["ingresses", "networkpolicies"] - verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] -- apiGroups: ["rbac.authorization.k8s.io"] - resources: ["roles", "rolebindings"] - verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] -{{- end }} \ No newline at end of file +- apiGroups: + - '*' + resources: + - '*' + verbs: + - '*' +{{- end }} From 7328bd89df7a3f101a9e1748932bc0c9924f434f Mon Sep 17 00:00:00 2001 From: Noam Gal Date: Tue, 26 Aug 2025 09:54:33 +0300 Subject: [PATCH 19/38] added argocd-manager SA secret --- .../_components/cap-app-proxy/argo-cd/_all.yaml | 2 ++ .../_components/cap-app-proxy/argo-cd/_secret.yaml | 9 +++++++++ 2 files changed, 11 insertions(+) create mode 100644 charts/gitops-runtime/templates/_components/cap-app-proxy/argo-cd/_secret.yaml diff --git a/charts/gitops-runtime/templates/_components/cap-app-proxy/argo-cd/_all.yaml b/charts/gitops-runtime/templates/_components/cap-app-proxy/argo-cd/_all.yaml index 75c737ad0..cf8716c78 100644 --- a/charts/gitops-runtime/templates/_components/cap-app-proxy/argo-cd/_all.yaml +++ b/charts/gitops-runtime/templates/_components/cap-app-proxy/argo-cd/_all.yaml @@ -2,6 +2,8 @@ {{- if (index .Values "global" "runtime").singleNamespace }} {{- include "argo-cd.namespaced-rbac.serviceaccount" . }} --- +{{- include "argo-cd.namespaced-rbac.secret" . }} +--- {{- include "argo-cd.namespaced-rbac.role" . }} --- {{- include "argo-cd.namespaced-rbac.rolebinding" . }} diff --git a/charts/gitops-runtime/templates/_components/cap-app-proxy/argo-cd/_secret.yaml b/charts/gitops-runtime/templates/_components/cap-app-proxy/argo-cd/_secret.yaml new file mode 100644 index 000000000..63100462d --- /dev/null +++ b/charts/gitops-runtime/templates/_components/cap-app-proxy/argo-cd/_secret.yaml @@ -0,0 +1,9 @@ +{{- define "argo-cd.namespaced-rbac.secret" }} +apiVersion: v1 +kind: Secret +metadata: + name: argocd-manager-long-lived-token + annotations: + kubernetes.io/service-account.name: argocd-manager +type: kubernetes.io/service-account-token +{{- end }} From e72b9bf43f0ff65cc73e68fefb410599718cfe15 Mon Sep 17 00:00:00 2001 From: Philip Kotliyakov Date: Tue, 26 Aug 2025 18:23:03 +0300 Subject: [PATCH 20/38] removed duplicated include --- .../templates/_components/cap-app-proxy/_all_resources.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/charts/gitops-runtime/templates/_components/cap-app-proxy/_all_resources.yaml b/charts/gitops-runtime/templates/_components/cap-app-proxy/_all_resources.yaml index d60f456bd..3941e62cc 100644 --- a/charts/gitops-runtime/templates/_components/cap-app-proxy/_all_resources.yaml +++ b/charts/gitops-runtime/templates/_components/cap-app-proxy/_all_resources.yaml @@ -11,5 +11,4 @@ --- {{ include "cap-app-proxy.resources.sa" .}} --- - {{ include "argo-cd.namespaced-rbac.all" . }} {{- end }} From 438b753fda8b06a524dde0a374585e1c9c2f4f59 Mon Sep 17 00:00:00 2001 From: shirtabachii Date: Wed, 27 Aug 2025 15:18:51 +0300 Subject: [PATCH 21/38] wip --- charts/gitops-runtime/README.md.gotmpl | 58 +++++++++++++++++++ .../event-reporter/_rbac.yaml | 1 + .../sources-server/_rbac.yaml | 1 + 3 files changed, 60 insertions(+) diff --git a/charts/gitops-runtime/README.md.gotmpl b/charts/gitops-runtime/README.md.gotmpl index 1dd14fdf9..917fde5c7 100644 --- a/charts/gitops-runtime/README.md.gotmpl +++ b/charts/gitops-runtime/README.md.gotmpl @@ -15,6 +15,64 @@ See [Use OCI-based registries](https://helm.sh/docs/topics/registries/) ## Codefresh official documentation: Prior to running the installation please see the official documentation at: https://codefresh.io/docs/docs/installation/gitops/hybrid-gitops-helm-installation/ +To achieve this, configure your Runtimes to run in namespaced mode, which uses Roles instead of ClusterRoles. See the values.yaml example below: + +## Multi Runtime Installation +You can install multiple Codefresh GitOps Runtimes in the same cluster, as long as each Runtime is deployed in its own namespace and manages only the applications in that namespace. +To achieve this, configure your Runtimes to run in namespaced mode by setting `global.runtime.singleNamespace=true`. See the values.yaml example below: +```yaml +global: + runtime: + singleNamespace: true +sealed-secrets: + enabled: false +argo-cd: + createClusterRoles: false + crds: + install: false + configs: + params: + application.namespaces: '' +argo-events: + controller: + rbac: + namespaced: true +argo-workflows: + crds: + install: false + singleNamespace: true + createAggregateRoles: false + controller: + clusterWorkflowTemplates: + enabled: false + server: + clusterWorkflowTemplates: + enabled: false +argo-rollouts: + enabled: false +tunnel-client: + enabled: false +``` + +Note that for the first runtime in the cluster, you have to configure it to install the CRDs, with setting these values: +```yaml +global: + runtime: + isConfigurationRuntime: true +argo-cd: + crds: + install: true +argo-workflows: + crds: + install: true +argo-rollouts: + installCRDs: true +gitops-operator: + crds: + install: true +``` + + ## Argo-workflows artifact and log storage Codefresh provides a SaaS object storage based solution for Argo workflows logs storage. The chart deploys a configmap named `codefresh-workflows-log-store` with the repository configuration. If you want to utilize the Codefresh SaaS solution for log storage for all workflows in the runtime please set the following values: diff --git a/charts/gitops-runtime/templates/_components/cf-argocd-extras/event-reporter/_rbac.yaml b/charts/gitops-runtime/templates/_components/cf-argocd-extras/event-reporter/_rbac.yaml index 6049e633f..fbd34e3cd 100644 --- a/charts/gitops-runtime/templates/_components/cf-argocd-extras/event-reporter/_rbac.yaml +++ b/charts/gitops-runtime/templates/_components/cf-argocd-extras/event-reporter/_rbac.yaml @@ -13,6 +13,7 @@ {{/* Remove nonResourceURLs when RBAC is namespaced */}} {{- $rules := $context.Values.rbac.rules }} +{{- $_ := set $context.Values.rbac "namespaced" (get .Values.global.runtime "singleNamespace") }} {{- if $context.Values.rbac.namespaced }} {{- $rules = list }} {{- range $context.Values.rbac.rules }} diff --git a/charts/gitops-runtime/templates/_components/cf-argocd-extras/sources-server/_rbac.yaml b/charts/gitops-runtime/templates/_components/cf-argocd-extras/sources-server/_rbac.yaml index 2afcec029..906e68bdc 100644 --- a/charts/gitops-runtime/templates/_components/cf-argocd-extras/sources-server/_rbac.yaml +++ b/charts/gitops-runtime/templates/_components/cf-argocd-extras/sources-server/_rbac.yaml @@ -10,6 +10,7 @@ {{/* Workaround to NOT change label selectors from previous runtime release when sources-server was part of cf-argocd-extras Subchart */}} {{- $_ := set $context.Values "nameOverride" "cf-argocd-extras" }} +{{- $_ := set $context.Values.rbac "namespaced" (get .Values.global.runtime "singleNamespace") }} {{- $templateName := printf "cf-common-%s.rbac" (index .Subcharts "cf-common").Chart.Version }} {{- include $templateName $context }} From ca4313358979e801084158ece9557efc0361e423 Mon Sep 17 00:00:00 2001 From: shirtabachii Date: Wed, 27 Aug 2025 15:19:35 +0300 Subject: [PATCH 22/38] wip --- charts/gitops-runtime/README.md.gotmpl | 2 -- 1 file changed, 2 deletions(-) diff --git a/charts/gitops-runtime/README.md.gotmpl b/charts/gitops-runtime/README.md.gotmpl index 917fde5c7..550e9f0e3 100644 --- a/charts/gitops-runtime/README.md.gotmpl +++ b/charts/gitops-runtime/README.md.gotmpl @@ -15,8 +15,6 @@ See [Use OCI-based registries](https://helm.sh/docs/topics/registries/) ## Codefresh official documentation: Prior to running the installation please see the official documentation at: https://codefresh.io/docs/docs/installation/gitops/hybrid-gitops-helm-installation/ -To achieve this, configure your Runtimes to run in namespaced mode, which uses Roles instead of ClusterRoles. See the values.yaml example below: - ## Multi Runtime Installation You can install multiple Codefresh GitOps Runtimes in the same cluster, as long as each Runtime is deployed in its own namespace and manages only the applications in that namespace. To achieve this, configure your Runtimes to run in namespaced mode by setting `global.runtime.singleNamespace=true`. See the values.yaml example below: From bc57f875229dbdfba2c3752e6d5f4e2d4d9b25a0 Mon Sep 17 00:00:00 2001 From: shirtabachii Date: Wed, 27 Aug 2025 15:44:49 +0300 Subject: [PATCH 23/38] wip --- charts/gitops-runtime/README.md.gotmpl | 3 ++ .../values-multi-runtimes-first.yaml | 15 ++++++++ .../gitops-runtime/values-multi-runtimes.yaml | 34 +++++++++++++++++++ 3 files changed, 52 insertions(+) create mode 100644 charts/gitops-runtime/values-multi-runtimes-first.yaml create mode 100644 charts/gitops-runtime/values-multi-runtimes.yaml diff --git a/charts/gitops-runtime/README.md.gotmpl b/charts/gitops-runtime/README.md.gotmpl index 550e9f0e3..baf253dfe 100644 --- a/charts/gitops-runtime/README.md.gotmpl +++ b/charts/gitops-runtime/README.md.gotmpl @@ -50,6 +50,9 @@ argo-rollouts: enabled: false tunnel-client: enabled: false +gitops-operator: + crds: + install: false ``` Note that for the first runtime in the cluster, you have to configure it to install the CRDs, with setting these values: diff --git a/charts/gitops-runtime/values-multi-runtimes-first.yaml b/charts/gitops-runtime/values-multi-runtimes-first.yaml new file mode 100644 index 000000000..8fcdc2dc9 --- /dev/null +++ b/charts/gitops-runtime/values-multi-runtimes-first.yaml @@ -0,0 +1,15 @@ +## Values for the first runtime in a multi-runtime cluster (installing CRDs on the cluster) +global: + runtime: + isConfigurationRuntime: true +argo-cd: + crds: + install: true +argo-workflows: + crds: + install: true +argo-rollouts: + installCRDs: true +gitops-operator: + crds: + install: true diff --git a/charts/gitops-runtime/values-multi-runtimes.yaml b/charts/gitops-runtime/values-multi-runtimes.yaml new file mode 100644 index 000000000..8f5faad8d --- /dev/null +++ b/charts/gitops-runtime/values-multi-runtimes.yaml @@ -0,0 +1,34 @@ +global: + runtime: + singleNamespace: true +sealed-secrets: + enabled: false +argo-cd: + createClusterRoles: false + crds: + install: false + configs: + params: + application.namespaces: '' +argo-events: + controller: + rbac: + namespaced: true +argo-workflows: + crds: + install: false + singleNamespace: true + createAggregateRoles: false + controller: + clusterWorkflowTemplates: + enabled: false + server: + clusterWorkflowTemplates: + enabled: false +argo-rollouts: + enabled: false +tunnel-client: + enabled: false +gitops-operator: + crds: + install: false From f6acfe3682f571e671e078145e7dce088307f3ad Mon Sep 17 00:00:00 2001 From: shirtabachii Date: Thu, 28 Aug 2025 11:54:03 +0300 Subject: [PATCH 24/38] wip --- charts/gitops-runtime/README.md | 70 ++++++++++++++++++++++++-- charts/gitops-runtime/README.md.gotmpl | 4 ++ 2 files changed, 70 insertions(+), 4 deletions(-) diff --git a/charts/gitops-runtime/README.md b/charts/gitops-runtime/README.md index a5678d955..9c9b2147e 100644 --- a/charts/gitops-runtime/README.md +++ b/charts/gitops-runtime/README.md @@ -15,6 +15,68 @@ See [Use OCI-based registries](https://helm.sh/docs/topics/registries/) ## Codefresh official documentation: Prior to running the installation please see the official documentation at: https://codefresh.io/docs/docs/installation/gitops/hybrid-gitops-helm-installation/ +## Multi Runtime Installation +You can install multiple Codefresh GitOps Runtimes in the same cluster, as long as each Runtime is deployed in its own namespace and manages only the applications in that namespace. +To achieve this, configure your Runtimes to run in namespaced mode by setting `global.runtime.singleNamespace=true`. See the values.yaml example below: +```yaml +global: + runtime: + singleNamespace: true +sealed-secrets: + enabled: false +argo-cd: + createClusterRoles: false + crds: + install: false + configs: + params: + application.namespaces: '' +argo-events: + controller: + rbac: + namespaced: true +argo-workflows: + crds: + install: false + singleNamespace: true + createAggregateRoles: false + controller: + clusterWorkflowTemplates: + enabled: false + server: + clusterWorkflowTemplates: + enabled: false +argo-rollouts: + enabled: false +tunnel-client: + enabled: false +gitops-operator: + crds: + install: false +``` + +Note that for the first runtime in the cluster, you have to configure it to install the CRDs, with setting these values: +```yaml +global: + runtime: + isConfigurationRuntime: true +argo-cd: + crds: + install: true +argo-workflows: + crds: + install: true +argo-rollouts: + installCRDs: true +gitops-operator: + crds: + install: true +``` + +> [!WARNING] +> If you want more than one runtime in your cluster, make sure that all of the runtimes in your cluster are configured with `global.runtime.singleNamespace=true`. +> If you already have a runtime installed in the cluster without this setting, multi runtime installation is not supported. + ## Argo-workflows artifact and log storage Codefresh provides a SaaS object storage based solution for Argo workflows logs storage. The chart deploys a configmap named `codefresh-workflows-log-store` with the repository configuration. If you want to utilize the Codefresh SaaS solution for log storage for all workflows in the runtime please set the following values: @@ -415,6 +477,7 @@ gitops-operator: | event-reporters.workflow.sensor.tolerations | list | `[]` | | | event-reporters.workflow.serviceAccount.create | bool | `true` | | | gitops-operator.affinity | object | `{}` | | +| gitops-operator.config | object | `{"commitStatusPollingInterval":"10s","maxConcurrentReleases":100,"promotionWrapperTemplate":"","taskPollingInterval":"10s","workflowMonitorPollingInterval":"10s"}` | GitOps operator configuration | | gitops-operator.config.commitStatusPollingInterval | string | `"10s"` | Commit status polling interval | | gitops-operator.config.maxConcurrentReleases | int | `100` | Maximum number of concurrent releases being processed by the operator (this will not affect the number of releases being processed by the gitops runtime) | | gitops-operator.config.promotionWrapperTemplate | string | `""` | An optional template for the promotion wrapper (empty default will use the embedded one) | @@ -427,9 +490,7 @@ gitops-operator: | gitops-operator.crds.keep | bool | `false` | Keep CRDs if gitops runtime release is uninstalled | | gitops-operator.enabled | bool | `true` | | | gitops-operator.fullnameOverride | string | `""` | | -| gitops-operator.image.registry | string | `"quay.io"` | defaults | -| gitops-operator.image.repository | string | `"codefresh/codefresh-gitops-operator"` | | -| gitops-operator.image.tag | string | `"v0.10.2"` | | +| gitops-operator.image | object | `{"registry":"quay.io","repository":"codefresh/codefresh-gitops-operator","tag":"v0.10.2"}` | GitOps operator image | | gitops-operator.imagePullSecrets | list | `[]` | | | gitops-operator.nameOverride | string | `""` | | | gitops-operator.nodeSelector | object | `{}` | | @@ -482,7 +543,7 @@ gitops-operator: | global.httpsProxy | string | `""` | global HTTPS_PROXY for all components | | global.noProxy | string | `""` | global NO_PROXY for all components | | global.nodeSelector | object | `{}` | Global nodeSelector for all components | -| global.runtime | object | `{"cluster":"https://kubernetes.default.svc","codefreshHosted":false,"eventBus":{"annotations":{},"jetstream":{"affinity":{},"containerTemplate":{"resources":{"limits":{"cpu":"500m","ephemeral-storage":"2Gi","memory":"4Gi"},"requests":{"cpu":"200m","ephemeral-storage":"2Gi","memory":"1Gi"}}},"maxPayload":"4MB","metadata":{"labels":{"app.kubernetes.io/name":"codefresh-eventbus"}},"nodeSelector":{},"replicas":3,"tolerations":[],"version":"latest"},"name":"","nats":{"native":{"affinity":{},"auth":"token","containerTemplate":{"resources":{"limits":{"cpu":"500m","ephemeral-storage":"2Gi","memory":"4Gi"},"requests":{"cpu":"200m","ephemeral-storage":"2Gi","memory":"1Gi"}}},"maxPayload":"4MB","metadata":{"labels":{"app.kubernetes.io/name":"codefresh-eventbus"}},"nodeSelector":{},"replicas":3,"tolerations":[]}},"pdb":{"enabled":true,"minAvailable":2},"type":"nats"},"gitCredentials":{"password":{"secretKeyRef":{},"value":null},"username":"username"},"ingress":{"annotations":{},"className":"nginx","enabled":false,"hosts":[],"labels":{},"protocol":"https","skipValidation":false,"tls":[]},"ingressUrl":"","isConfigurationRuntime":false,"name":null}` | Runtime level settings | +| global.runtime | object | `{"cluster":"https://kubernetes.default.svc","codefreshHosted":false,"eventBus":{"annotations":{},"jetstream":{"affinity":{},"containerTemplate":{"resources":{"limits":{"cpu":"500m","ephemeral-storage":"2Gi","memory":"4Gi"},"requests":{"cpu":"200m","ephemeral-storage":"2Gi","memory":"1Gi"}}},"maxPayload":"4MB","metadata":{"labels":{"app.kubernetes.io/name":"codefresh-eventbus"}},"nodeSelector":{},"replicas":3,"tolerations":[],"version":"latest"},"name":"","nats":{"native":{"affinity":{},"auth":"token","containerTemplate":{"resources":{"limits":{"cpu":"500m","ephemeral-storage":"2Gi","memory":"4Gi"},"requests":{"cpu":"200m","ephemeral-storage":"2Gi","memory":"1Gi"}}},"maxPayload":"4MB","metadata":{"labels":{"app.kubernetes.io/name":"codefresh-eventbus"}},"nodeSelector":{},"replicas":3,"tolerations":[]}},"pdb":{"enabled":true,"minAvailable":2},"type":"nats"},"gitCredentials":{"password":{"secretKeyRef":{},"value":null},"username":"username"},"ingress":{"annotations":{},"className":"nginx","enabled":false,"hosts":[],"labels":{},"protocol":"https","skipValidation":false,"tls":[]},"ingressUrl":"","isConfigurationRuntime":false,"name":null,"singleNamespace":false}` | Runtime level settings | | global.runtime.cluster | string | `"https://kubernetes.default.svc"` | Runtime cluster. Should not be changed. | | global.runtime.codefreshHosted | bool | `false` | Defines whether this is a Codefresh hosted runtime. Should not be changed. | | global.runtime.eventBus | object | `{"annotations":{},"jetstream":{"affinity":{},"containerTemplate":{"resources":{"limits":{"cpu":"500m","ephemeral-storage":"2Gi","memory":"4Gi"},"requests":{"cpu":"200m","ephemeral-storage":"2Gi","memory":"1Gi"}}},"maxPayload":"4MB","metadata":{"labels":{"app.kubernetes.io/name":"codefresh-eventbus"}},"nodeSelector":{},"replicas":3,"tolerations":[],"version":"latest"},"name":"","nats":{"native":{"affinity":{},"auth":"token","containerTemplate":{"resources":{"limits":{"cpu":"500m","ephemeral-storage":"2Gi","memory":"4Gi"},"requests":{"cpu":"200m","ephemeral-storage":"2Gi","memory":"1Gi"}}},"maxPayload":"4MB","metadata":{"labels":{"app.kubernetes.io/name":"codefresh-eventbus"}},"nodeSelector":{},"replicas":3,"tolerations":[]}},"pdb":{"enabled":true,"minAvailable":2},"type":"nats"}` | Runtime eventbus | @@ -503,6 +564,7 @@ gitops-operator: | global.runtime.ingressUrl | string | `""` | Explicit url for runtime ingress. Provide this value only if you don't want the chart to create and ingress (global.runtime.ingress.enabled=false) and tunnel-client is not used (tunnel-client.enabled=false) | | global.runtime.isConfigurationRuntime | bool | `false` | is the runtime set as a "configuration runtime". | | global.runtime.name | string | `nil` | Runtime name. Must be unique per platform account. | +| global.runtime.singleNamespace | bool | `false` | Runtime single namespace mode. When true, runtime operates in single namespace scope. | | global.tolerations | list | `[]` | Global tolerations for all components | | installer | object | `{"affinity":{},"argoCdVersionCheck":{"argoServerLabels":{"app.kubernetes.io/component":"server","app.kubernetes.io/part-of":"argocd"}},"image":{"pullPolicy":"IfNotPresent","repository":"quay.io/codefresh/gitops-runtime-installer","tag":""},"nodeSelector":{},"skipUsageValidation":false,"skipValidation":false,"tolerations":[]}` | Runtime installer used for running hooks and checks on the release | | installer.skipUsageValidation | bool | `false` | if set to true, pre-install hook will *not* run | diff --git a/charts/gitops-runtime/README.md.gotmpl b/charts/gitops-runtime/README.md.gotmpl index baf253dfe..49da3087a 100644 --- a/charts/gitops-runtime/README.md.gotmpl +++ b/charts/gitops-runtime/README.md.gotmpl @@ -73,6 +73,10 @@ gitops-operator: install: true ``` +> [!WARNING] +> If you want more than one runtime in your cluster, make sure that all of the runtimes in your cluster are configured with `global.runtime.singleNamespace=true`. +> If you already have a runtime installed in the cluster without this setting, multi runtime installation is not supported. + ## Argo-workflows artifact and log storage Codefresh provides a SaaS object storage based solution for Argo workflows logs storage. The chart deploys a configmap named `codefresh-workflows-log-store` with the repository configuration. From eac9c8619a42a3dc802734d6dd126e0e8991c857 Mon Sep 17 00:00:00 2001 From: shirtabachii Date: Thu, 28 Aug 2025 15:02:28 +0300 Subject: [PATCH 25/38] wip --- .../argo-events/argoproj.io_eventbus.yaml | 80 +++++++++---------- .../argo-events/argoproj.io_eventsources.yaml | 80 +++++++++---------- .../crds/argo-events/argoproj.io_sensors.yaml | 80 +++++++++---------- .../_components/argo-events/crds/_all.yaml | 16 ++++ .../crds/argoproj.io_eventbus.yaml | 44 ++++++++++ .../crds/argoproj.io_eventsources.yaml | 44 ++++++++++ .../argo-events/crds/argoproj.io_sensors.yaml | 44 ++++++++++ .../templates/argo-events/crds.yaml | 3 + .../gitops-runtime/values-multi-runtimes.yaml | 2 + 9 files changed, 273 insertions(+), 120 deletions(-) create mode 100644 charts/gitops-runtime/templates/_components/argo-events/crds/_all.yaml create mode 100644 charts/gitops-runtime/templates/_components/argo-events/crds/argoproj.io_eventbus.yaml create mode 100644 charts/gitops-runtime/templates/_components/argo-events/crds/argoproj.io_eventsources.yaml create mode 100644 charts/gitops-runtime/templates/_components/argo-events/crds/argoproj.io_sensors.yaml create mode 100644 charts/gitops-runtime/templates/argo-events/crds.yaml diff --git a/charts/gitops-runtime/crds/argo-events/argoproj.io_eventbus.yaml b/charts/gitops-runtime/crds/argo-events/argoproj.io_eventbus.yaml index c9d797374..ffdec2f97 100644 --- a/charts/gitops-runtime/crds/argo-events/argoproj.io_eventbus.yaml +++ b/charts/gitops-runtime/crds/argo-events/argoproj.io_eventbus.yaml @@ -1,40 +1,40 @@ -# This is an auto-generated file. DO NOT EDIT -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: eventbus.argoproj.io -spec: - group: argoproj.io - names: - kind: EventBus - listKind: EventBusList - plural: eventbus - shortNames: - - eb - singular: eventbus - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - type: object - x-kubernetes-preserve-unknown-fields: true - status: - type: object - x-kubernetes-preserve-unknown-fields: true - required: - - metadata - - spec - type: object - served: true - storage: true - subresources: - status: {} +# # This is an auto-generated file. DO NOT EDIT +# apiVersion: apiextensions.k8s.io/v1 +# kind: CustomResourceDefinition +# metadata: +# name: eventbus.argoproj.io +# spec: +# group: argoproj.io +# names: +# kind: EventBus +# listKind: EventBusList +# plural: eventbus +# shortNames: +# - eb +# singular: eventbus +# scope: Namespaced +# versions: +# - name: v1alpha1 +# schema: +# openAPIV3Schema: +# properties: +# apiVersion: +# type: string +# kind: +# type: string +# metadata: +# type: object +# spec: +# type: object +# x-kubernetes-preserve-unknown-fields: true +# status: +# type: object +# x-kubernetes-preserve-unknown-fields: true +# required: +# - metadata +# - spec +# type: object +# served: true +# storage: true +# subresources: +# status: {} diff --git a/charts/gitops-runtime/crds/argo-events/argoproj.io_eventsources.yaml b/charts/gitops-runtime/crds/argo-events/argoproj.io_eventsources.yaml index 320aec42c..93ce34f40 100644 --- a/charts/gitops-runtime/crds/argo-events/argoproj.io_eventsources.yaml +++ b/charts/gitops-runtime/crds/argo-events/argoproj.io_eventsources.yaml @@ -1,40 +1,40 @@ -# This is an auto-generated file. DO NOT EDIT -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: eventsources.argoproj.io -spec: - group: argoproj.io - names: - kind: EventSource - listKind: EventSourceList - plural: eventsources - shortNames: - - es - singular: eventsource - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - type: object - x-kubernetes-preserve-unknown-fields: true - status: - type: object - x-kubernetes-preserve-unknown-fields: true - required: - - metadata - - spec - type: object - served: true - storage: true - subresources: - status: {} +# # This is an auto-generated file. DO NOT EDIT +# apiVersion: apiextensions.k8s.io/v1 +# kind: CustomResourceDefinition +# metadata: +# name: eventsources.argoproj.io +# spec: +# group: argoproj.io +# names: +# kind: EventSource +# listKind: EventSourceList +# plural: eventsources +# shortNames: +# - es +# singular: eventsource +# scope: Namespaced +# versions: +# - name: v1alpha1 +# schema: +# openAPIV3Schema: +# properties: +# apiVersion: +# type: string +# kind: +# type: string +# metadata: +# type: object +# spec: +# type: object +# x-kubernetes-preserve-unknown-fields: true +# status: +# type: object +# x-kubernetes-preserve-unknown-fields: true +# required: +# - metadata +# - spec +# type: object +# served: true +# storage: true +# subresources: +# status: {} diff --git a/charts/gitops-runtime/crds/argo-events/argoproj.io_sensors.yaml b/charts/gitops-runtime/crds/argo-events/argoproj.io_sensors.yaml index 473fe87e5..023837809 100644 --- a/charts/gitops-runtime/crds/argo-events/argoproj.io_sensors.yaml +++ b/charts/gitops-runtime/crds/argo-events/argoproj.io_sensors.yaml @@ -1,40 +1,40 @@ -# This is an auto-generated file. DO NOT EDIT -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: sensors.argoproj.io -spec: - group: argoproj.io - names: - kind: Sensor - listKind: SensorList - plural: sensors - shortNames: - - sn - singular: sensor - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - type: object - x-kubernetes-preserve-unknown-fields: true - status: - type: object - x-kubernetes-preserve-unknown-fields: true - required: - - metadata - - spec - type: object - served: true - storage: true - subresources: - status: {} +# # This is an auto-generated file. DO NOT EDIT +# apiVersion: apiextensions.k8s.io/v1 +# kind: CustomResourceDefinition +# metadata: +# name: sensors.argoproj.io +# spec: +# group: argoproj.io +# names: +# kind: Sensor +# listKind: SensorList +# plural: sensors +# shortNames: +# - sn +# singular: sensor +# scope: Namespaced +# versions: +# - name: v1alpha1 +# schema: +# openAPIV3Schema: +# properties: +# apiVersion: +# type: string +# kind: +# type: string +# metadata: +# type: object +# spec: +# type: object +# x-kubernetes-preserve-unknown-fields: true +# status: +# type: object +# x-kubernetes-preserve-unknown-fields: true +# required: +# - metadata +# - spec +# type: object +# served: true +# storage: true +# subresources: +# status: {} diff --git a/charts/gitops-runtime/templates/_components/argo-events/crds/_all.yaml b/charts/gitops-runtime/templates/_components/argo-events/crds/_all.yaml new file mode 100644 index 000000000..ddcde06ba --- /dev/null +++ b/charts/gitops-runtime/templates/_components/argo-events/crds/_all.yaml @@ -0,0 +1,16 @@ +{{- define "argo-events.crds" }} + +{{- $context := deepCopy . }} + +{{- $defaultVals := include "argo-events.default-values" . | fromYaml }} +{{- $vals := mergeOverwrite $defaultVals (get .Values "argo-events") }} + +{{- $_ := set $context "Values" $vals }} +{{- $_ := set $context.Values "global" (deepCopy (get .Values "global")) }} + + {{- include "argo-events.crds.event-bus" $context }} +--- + {{- include "argo-events.crds.event-source" $context }} +--- + {{- include "argo-events.crds.sensor" $context }} +{{- end }} diff --git a/charts/gitops-runtime/templates/_components/argo-events/crds/argoproj.io_eventbus.yaml b/charts/gitops-runtime/templates/_components/argo-events/crds/argoproj.io_eventbus.yaml new file mode 100644 index 000000000..34a64819f --- /dev/null +++ b/charts/gitops-runtime/templates/_components/argo-events/crds/argoproj.io_eventbus.yaml @@ -0,0 +1,44 @@ +# This is an auto-generated file. DO NOT EDIT +{{- define "argo-events.crds.event-bus" }} + {{- if .Values.crds.install }} +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: eventbus.argoproj.io +spec: + group: argoproj.io + names: + kind: EventBus + listKind: EventBusList + plural: eventbus + shortNames: + - eb + singular: eventbus + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + type: object + x-kubernetes-preserve-unknown-fields: true + status: + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - metadata + - spec + type: object + served: true + storage: true + subresources: + status: {} + {{- end }} +{{- end }} diff --git a/charts/gitops-runtime/templates/_components/argo-events/crds/argoproj.io_eventsources.yaml b/charts/gitops-runtime/templates/_components/argo-events/crds/argoproj.io_eventsources.yaml new file mode 100644 index 000000000..d7bffb9a0 --- /dev/null +++ b/charts/gitops-runtime/templates/_components/argo-events/crds/argoproj.io_eventsources.yaml @@ -0,0 +1,44 @@ +# This is an auto-generated file. DO NOT EDIT +{{- define "argo-events.crds.event-source" }} + {{- if .Values.crds.install }} +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: eventsources.argoproj.io +spec: + group: argoproj.io + names: + kind: EventSource + listKind: EventSourceList + plural: eventsources + shortNames: + - es + singular: eventsource + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + type: object + x-kubernetes-preserve-unknown-fields: true + status: + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - metadata + - spec + type: object + served: true + storage: true + subresources: + status: {} + {{- end }} +{{- end }} diff --git a/charts/gitops-runtime/templates/_components/argo-events/crds/argoproj.io_sensors.yaml b/charts/gitops-runtime/templates/_components/argo-events/crds/argoproj.io_sensors.yaml new file mode 100644 index 000000000..79737f52a --- /dev/null +++ b/charts/gitops-runtime/templates/_components/argo-events/crds/argoproj.io_sensors.yaml @@ -0,0 +1,44 @@ +# This is an auto-generated file. DO NOT EDIT +{{- define "argo-events.crds.sensor" }} + {{- if .Values.crds.install }} +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: sensors.argoproj.io +spec: + group: argoproj.io + names: + kind: Sensor + listKind: SensorList + plural: sensors + shortNames: + - sn + singular: sensor + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + type: object + x-kubernetes-preserve-unknown-fields: true + status: + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - metadata + - spec + type: object + served: true + storage: true + subresources: + status: {} + {{- end }} +{{- end }} diff --git a/charts/gitops-runtime/templates/argo-events/crds.yaml b/charts/gitops-runtime/templates/argo-events/crds.yaml new file mode 100644 index 000000000..27ce27106 --- /dev/null +++ b/charts/gitops-runtime/templates/argo-events/crds.yaml @@ -0,0 +1,3 @@ +{{- if and (index .Values "argo-events" "enabled") }} + {{- include "argo-events.crds" . }} +{{- end }} diff --git a/charts/gitops-runtime/values-multi-runtimes.yaml b/charts/gitops-runtime/values-multi-runtimes.yaml index 8f5faad8d..40724dc54 100644 --- a/charts/gitops-runtime/values-multi-runtimes.yaml +++ b/charts/gitops-runtime/values-multi-runtimes.yaml @@ -14,6 +14,8 @@ argo-events: controller: rbac: namespaced: true + crds: + install: false argo-workflows: crds: install: false From acf9207838982a4b422bdcc0bf7616edd9b07b66 Mon Sep 17 00:00:00 2001 From: shirtabachii Date: Thu, 28 Aug 2025 15:06:05 +0300 Subject: [PATCH 26/38] wip --- .../argo-events/argoproj.io_eventbus.yaml | 40 ------------------- .../argo-events/argoproj.io_eventsources.yaml | 40 ------------------- .../crds/argo-events/argoproj.io_sensors.yaml | 40 ------------------- 3 files changed, 120 deletions(-) delete mode 100644 charts/gitops-runtime/crds/argo-events/argoproj.io_eventbus.yaml delete mode 100644 charts/gitops-runtime/crds/argo-events/argoproj.io_eventsources.yaml delete mode 100644 charts/gitops-runtime/crds/argo-events/argoproj.io_sensors.yaml diff --git a/charts/gitops-runtime/crds/argo-events/argoproj.io_eventbus.yaml b/charts/gitops-runtime/crds/argo-events/argoproj.io_eventbus.yaml deleted file mode 100644 index ffdec2f97..000000000 --- a/charts/gitops-runtime/crds/argo-events/argoproj.io_eventbus.yaml +++ /dev/null @@ -1,40 +0,0 @@ -# # This is an auto-generated file. DO NOT EDIT -# apiVersion: apiextensions.k8s.io/v1 -# kind: CustomResourceDefinition -# metadata: -# name: eventbus.argoproj.io -# spec: -# group: argoproj.io -# names: -# kind: EventBus -# listKind: EventBusList -# plural: eventbus -# shortNames: -# - eb -# singular: eventbus -# scope: Namespaced -# versions: -# - name: v1alpha1 -# schema: -# openAPIV3Schema: -# properties: -# apiVersion: -# type: string -# kind: -# type: string -# metadata: -# type: object -# spec: -# type: object -# x-kubernetes-preserve-unknown-fields: true -# status: -# type: object -# x-kubernetes-preserve-unknown-fields: true -# required: -# - metadata -# - spec -# type: object -# served: true -# storage: true -# subresources: -# status: {} diff --git a/charts/gitops-runtime/crds/argo-events/argoproj.io_eventsources.yaml b/charts/gitops-runtime/crds/argo-events/argoproj.io_eventsources.yaml deleted file mode 100644 index 93ce34f40..000000000 --- a/charts/gitops-runtime/crds/argo-events/argoproj.io_eventsources.yaml +++ /dev/null @@ -1,40 +0,0 @@ -# # This is an auto-generated file. DO NOT EDIT -# apiVersion: apiextensions.k8s.io/v1 -# kind: CustomResourceDefinition -# metadata: -# name: eventsources.argoproj.io -# spec: -# group: argoproj.io -# names: -# kind: EventSource -# listKind: EventSourceList -# plural: eventsources -# shortNames: -# - es -# singular: eventsource -# scope: Namespaced -# versions: -# - name: v1alpha1 -# schema: -# openAPIV3Schema: -# properties: -# apiVersion: -# type: string -# kind: -# type: string -# metadata: -# type: object -# spec: -# type: object -# x-kubernetes-preserve-unknown-fields: true -# status: -# type: object -# x-kubernetes-preserve-unknown-fields: true -# required: -# - metadata -# - spec -# type: object -# served: true -# storage: true -# subresources: -# status: {} diff --git a/charts/gitops-runtime/crds/argo-events/argoproj.io_sensors.yaml b/charts/gitops-runtime/crds/argo-events/argoproj.io_sensors.yaml deleted file mode 100644 index 023837809..000000000 --- a/charts/gitops-runtime/crds/argo-events/argoproj.io_sensors.yaml +++ /dev/null @@ -1,40 +0,0 @@ -# # This is an auto-generated file. DO NOT EDIT -# apiVersion: apiextensions.k8s.io/v1 -# kind: CustomResourceDefinition -# metadata: -# name: sensors.argoproj.io -# spec: -# group: argoproj.io -# names: -# kind: Sensor -# listKind: SensorList -# plural: sensors -# shortNames: -# - sn -# singular: sensor -# scope: Namespaced -# versions: -# - name: v1alpha1 -# schema: -# openAPIV3Schema: -# properties: -# apiVersion: -# type: string -# kind: -# type: string -# metadata: -# type: object -# spec: -# type: object -# x-kubernetes-preserve-unknown-fields: true -# status: -# type: object -# x-kubernetes-preserve-unknown-fields: true -# required: -# - metadata -# - spec -# type: object -# served: true -# storage: true -# subresources: -# status: {} From 12bb97418714fb3020d0da95d9e070962366fe2e Mon Sep 17 00:00:00 2001 From: shirtabachii Date: Thu, 28 Aug 2025 15:17:26 +0300 Subject: [PATCH 27/38] wip --- .../argo-events}/argoproj.io_eventbus.yaml | 4 ---- .../argo-events}/argoproj.io_eventsources.yaml | 4 ---- .../argo-events}/argoproj.io_sensors.yaml | 4 ---- .../_components/argo-events/crds/_all.yaml | 16 ---------------- .../templates/argo-events/crds.yaml | 3 --- charts/gitops-runtime/values-multi-runtimes.yaml | 2 -- 6 files changed, 33 deletions(-) rename charts/gitops-runtime/{templates/_components/argo-events/crds => crds/argo-events}/argoproj.io_eventbus.yaml (89%) rename charts/gitops-runtime/{templates/_components/argo-events/crds => crds/argo-events}/argoproj.io_eventsources.yaml (89%) rename charts/gitops-runtime/{templates/_components/argo-events/crds => crds/argo-events}/argoproj.io_sensors.yaml (89%) delete mode 100644 charts/gitops-runtime/templates/_components/argo-events/crds/_all.yaml delete mode 100644 charts/gitops-runtime/templates/argo-events/crds.yaml diff --git a/charts/gitops-runtime/templates/_components/argo-events/crds/argoproj.io_eventbus.yaml b/charts/gitops-runtime/crds/argo-events/argoproj.io_eventbus.yaml similarity index 89% rename from charts/gitops-runtime/templates/_components/argo-events/crds/argoproj.io_eventbus.yaml rename to charts/gitops-runtime/crds/argo-events/argoproj.io_eventbus.yaml index 34a64819f..c9d797374 100644 --- a/charts/gitops-runtime/templates/_components/argo-events/crds/argoproj.io_eventbus.yaml +++ b/charts/gitops-runtime/crds/argo-events/argoproj.io_eventbus.yaml @@ -1,6 +1,4 @@ # This is an auto-generated file. DO NOT EDIT -{{- define "argo-events.crds.event-bus" }} - {{- if .Values.crds.install }} apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -40,5 +38,3 @@ spec: storage: true subresources: status: {} - {{- end }} -{{- end }} diff --git a/charts/gitops-runtime/templates/_components/argo-events/crds/argoproj.io_eventsources.yaml b/charts/gitops-runtime/crds/argo-events/argoproj.io_eventsources.yaml similarity index 89% rename from charts/gitops-runtime/templates/_components/argo-events/crds/argoproj.io_eventsources.yaml rename to charts/gitops-runtime/crds/argo-events/argoproj.io_eventsources.yaml index d7bffb9a0..320aec42c 100644 --- a/charts/gitops-runtime/templates/_components/argo-events/crds/argoproj.io_eventsources.yaml +++ b/charts/gitops-runtime/crds/argo-events/argoproj.io_eventsources.yaml @@ -1,6 +1,4 @@ # This is an auto-generated file. DO NOT EDIT -{{- define "argo-events.crds.event-source" }} - {{- if .Values.crds.install }} apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -40,5 +38,3 @@ spec: storage: true subresources: status: {} - {{- end }} -{{- end }} diff --git a/charts/gitops-runtime/templates/_components/argo-events/crds/argoproj.io_sensors.yaml b/charts/gitops-runtime/crds/argo-events/argoproj.io_sensors.yaml similarity index 89% rename from charts/gitops-runtime/templates/_components/argo-events/crds/argoproj.io_sensors.yaml rename to charts/gitops-runtime/crds/argo-events/argoproj.io_sensors.yaml index 79737f52a..473fe87e5 100644 --- a/charts/gitops-runtime/templates/_components/argo-events/crds/argoproj.io_sensors.yaml +++ b/charts/gitops-runtime/crds/argo-events/argoproj.io_sensors.yaml @@ -1,6 +1,4 @@ # This is an auto-generated file. DO NOT EDIT -{{- define "argo-events.crds.sensor" }} - {{- if .Values.crds.install }} apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -40,5 +38,3 @@ spec: storage: true subresources: status: {} - {{- end }} -{{- end }} diff --git a/charts/gitops-runtime/templates/_components/argo-events/crds/_all.yaml b/charts/gitops-runtime/templates/_components/argo-events/crds/_all.yaml deleted file mode 100644 index ddcde06ba..000000000 --- a/charts/gitops-runtime/templates/_components/argo-events/crds/_all.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- define "argo-events.crds" }} - -{{- $context := deepCopy . }} - -{{- $defaultVals := include "argo-events.default-values" . | fromYaml }} -{{- $vals := mergeOverwrite $defaultVals (get .Values "argo-events") }} - -{{- $_ := set $context "Values" $vals }} -{{- $_ := set $context.Values "global" (deepCopy (get .Values "global")) }} - - {{- include "argo-events.crds.event-bus" $context }} ---- - {{- include "argo-events.crds.event-source" $context }} ---- - {{- include "argo-events.crds.sensor" $context }} -{{- end }} diff --git a/charts/gitops-runtime/templates/argo-events/crds.yaml b/charts/gitops-runtime/templates/argo-events/crds.yaml deleted file mode 100644 index 27ce27106..000000000 --- a/charts/gitops-runtime/templates/argo-events/crds.yaml +++ /dev/null @@ -1,3 +0,0 @@ -{{- if and (index .Values "argo-events" "enabled") }} - {{- include "argo-events.crds" . }} -{{- end }} diff --git a/charts/gitops-runtime/values-multi-runtimes.yaml b/charts/gitops-runtime/values-multi-runtimes.yaml index 40724dc54..8f5faad8d 100644 --- a/charts/gitops-runtime/values-multi-runtimes.yaml +++ b/charts/gitops-runtime/values-multi-runtimes.yaml @@ -14,8 +14,6 @@ argo-events: controller: rbac: namespaced: true - crds: - install: false argo-workflows: crds: install: false From 420bcfcbff48fdcaea2a9a06cecf5b0c15bc5787 Mon Sep 17 00:00:00 2001 From: Philip Kotliyakov Date: Thu, 4 Sep 2025 10:35:16 +0300 Subject: [PATCH 28/38] naming --- .../templates/_components/cap-app-proxy/_config.yaml | 2 +- .../environment-variables/_main-container.yaml | 6 ++++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/charts/gitops-runtime/templates/_components/cap-app-proxy/_config.yaml b/charts/gitops-runtime/templates/_components/cap-app-proxy/_config.yaml index 0dd1059d3..15798be85 100644 --- a/charts/gitops-runtime/templates/_components/cap-app-proxy/_config.yaml +++ b/charts/gitops-runtime/templates/_components/cap-app-proxy/_config.yaml @@ -11,7 +11,7 @@ env: {{ .Values.config.env | quote}} isConfigurationRuntime: {{ .Values.global.runtime.isConfigurationRuntime | quote }} isExternalArgoCD: {{ .Values.global.runtime.isExternalArgoCD | quote }} runtimeName: {{ required "global.runtime.name is required" .Values.global.runtime.name | quote}} -runtimeSingleNamespace: {{ .Values.global.runtime.singleNamespace | quote }} +isNamespacedRuntime: {{ .Values.global.runtime.singleNamespace | quote }} skipGitPermissionValidation: {{ .Values.config.skipGitPermissionValidation | quote }} logLevel: {{ .Values.config.logLevel | quote }} {{- $enrichmentValues := get .Values "image-enrichment" }} diff --git a/charts/gitops-runtime/templates/_components/cap-app-proxy/environment-variables/_main-container.yaml b/charts/gitops-runtime/templates/_components/cap-app-proxy/environment-variables/_main-container.yaml index b00b6afb9..95444b3f8 100644 --- a/charts/gitops-runtime/templates/_components/cap-app-proxy/environment-variables/_main-container.yaml +++ b/charts/gitops-runtime/templates/_components/cap-app-proxy/environment-variables/_main-container.yaml @@ -86,6 +86,12 @@ IS_EXTERNAL_ARGOCD: name: cap-app-proxy-cm key: isExternalArgoCD optional: true +IS_NAMESPACED_RUNTIME: + valueFrom: + configMapKeyRef: + name: cap-app-proxy-cm + key: isNamespacedRuntime + optional: true MANAGED: false NAMESPACE: valueFrom: From fd88e26fe254ec19ddc371343b49e98061fef6e7 Mon Sep 17 00:00:00 2001 From: cf-ci-bot-v2 Date: Thu, 4 Sep 2025 07:38:51 +0000 Subject: [PATCH 29/38] CI Automatic commit - align Chart version --- charts/gitops-runtime/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/gitops-runtime/Chart.yaml b/charts/gitops-runtime/Chart.yaml index 63f3be20d..cf3e1f6f1 100644 --- a/charts/gitops-runtime/Chart.yaml +++ b/charts/gitops-runtime/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: 0.1.75 description: A Helm chart for Codefresh gitops runtime name: gitops-runtime -version: '0.23.3' +version: '0.23.4' home: https://github.com/codefresh-io/gitops-runtime-helm icon: https://avatars1.githubusercontent.com/u/11412079?v=3 keywords: From 511f7e8efe3e0d4cf6b0d300eb21a00151c09c3b Mon Sep 17 00:00:00 2001 From: Philip Kotliyakov Date: Thu, 4 Sep 2025 10:48:04 +0300 Subject: [PATCH 30/38] removed old value --- .../environment-variables/_main-container.yaml | 6 ------ 1 file changed, 6 deletions(-) diff --git a/charts/gitops-runtime/templates/_components/cap-app-proxy/environment-variables/_main-container.yaml b/charts/gitops-runtime/templates/_components/cap-app-proxy/environment-variables/_main-container.yaml index 95444b3f8..87a1d8367 100644 --- a/charts/gitops-runtime/templates/_components/cap-app-proxy/environment-variables/_main-container.yaml +++ b/charts/gitops-runtime/templates/_components/cap-app-proxy/environment-variables/_main-container.yaml @@ -115,12 +115,6 @@ RUNTIME_NAME: configMapKeyRef: name: cap-app-proxy-cm key: runtimeName -RUNTIME_SINGLE_NAMESPACE: - valueFrom: - configMapKeyRef: - name: cap-app-proxy-cm - key: runtimeSingleNamespace - optional: true RUNTIME_TOKEN: valueFrom: secretKeyRef: From 4c4027ddd67e7254940a94a1d1bc1ca6384c02b8 Mon Sep 17 00:00:00 2001 From: Noam Gal Date: Thu, 4 Sep 2025 15:40:16 +0300 Subject: [PATCH 31/38] update to dev images of app-proxy and gitops-operator --- charts/gitops-runtime/values.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/gitops-runtime/values.yaml b/charts/gitops-runtime/values.yaml index 04f243a0a..1876c5ff8 100644 --- a/charts/gitops-runtime/values.yaml +++ b/charts/gitops-runtime/values.yaml @@ -564,8 +564,8 @@ app-proxy: repository: codefreshplugins/argo-hub-codefresh-csdp-image-enricher-jira-info tag: 1.1.15-main image: - repository: quay.io/codefresh/cap-app-proxy - tag: 1.3727.0 + repository: quay.io/codefresh/dev/cap-app-proxy + tag: 1.3730.0-cr-29616-add-singlenamespace-to-runtime-entity-514d763 pullPolicy: IfNotPresent # -- Extra volume mounts for main container extraVolumeMounts: [] @@ -727,8 +727,8 @@ gitops-operator: # -- GitOps operator image image: registry: quay.io - repository: codefresh/codefresh-gitops-operator - tag: v0.10.2 + repository: codefresh/dev/codefresh-gitops-operator + tag: cr-29615-support-single-namespace-installation-29d8658 serviceAccount: create: true annotations: {} From 786f2139b3bd3a635f48b8f39a25c9143fe65788 Mon Sep 17 00:00:00 2001 From: Noam Gal Date: Thu, 4 Sep 2025 16:31:08 +0300 Subject: [PATCH 32/38] fix: rename RUNTIME_SINGLE_NAMESPACE to IS_NAMESPACED_RUNTIME, updated gitops-operator image tag --- .../templates/_components/gitops-operator/_env.yaml | 2 +- charts/gitops-runtime/values.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/gitops-runtime/templates/_components/gitops-operator/_env.yaml b/charts/gitops-runtime/templates/_components/gitops-operator/_env.yaml index 93b22042b..9f51e8d09 100644 --- a/charts/gitops-runtime/templates/_components/gitops-operator/_env.yaml +++ b/charts/gitops-runtime/templates/_components/gitops-operator/_env.yaml @@ -15,7 +15,7 @@ COMMIT_STATUS_POLLING_INTERVAL: {{ .Values.config.commitStatusPollingInterval }} WORKFLOW_MONITOR_POLLING_INTERVAL: {{ .Values.config.workflowMonitorPollingInterval }} MAX_CONCURRENT_RELEASES: {{ .Values.config.maxConcurrentReleases }} PROMOTION_WRAPPER_TEMPLATE: {{ .Values.config.promotionWrapperTemplate | quote }} -RUNTIME_SINGLE_NAMESPACE: {{ .Values.global.runtime.singleNamespace }} +IS_NAMESPACED_RUNTIME: {{ .Values.global.runtime.singleNamespace }} {{- end }} {{- define "gitops-operator.resources.environment-variables.defaults" -}} diff --git a/charts/gitops-runtime/values.yaml b/charts/gitops-runtime/values.yaml index 1876c5ff8..8ec1a469e 100644 --- a/charts/gitops-runtime/values.yaml +++ b/charts/gitops-runtime/values.yaml @@ -728,7 +728,7 @@ gitops-operator: image: registry: quay.io repository: codefresh/dev/codefresh-gitops-operator - tag: cr-29615-support-single-namespace-installation-29d8658 + tag: cr-29615-support-single-namespace-installation-9823710 serviceAccount: create: true annotations: {} From 9bfb812dde353b8cf6a6c58cf385fb787c16a2a7 Mon Sep 17 00:00:00 2001 From: Noam Gal Date: Thu, 4 Sep 2025 17:58:41 +0300 Subject: [PATCH 33/38] update gitops-operator tag to released version --- charts/gitops-runtime/values.yaml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/charts/gitops-runtime/values.yaml b/charts/gitops-runtime/values.yaml index 8ec1a469e..dc0e25c51 100644 --- a/charts/gitops-runtime/values.yaml +++ b/charts/gitops-runtime/values.yaml @@ -727,8 +727,10 @@ gitops-operator: # -- GitOps operator image image: registry: quay.io - repository: codefresh/dev/codefresh-gitops-operator - tag: cr-29615-support-single-namespace-installation-9823710 + repository: codefresh/codefresh-gitops-operator + tag: 58625b8 + env: + GITOPS_OPERATOR_VERSION: 0.10.1 # hacky workaround, since our tags are no longer semver compliant serviceAccount: create: true annotations: {} From d888cb752b81efcec60651fb2a1fbf86cabae3d0 Mon Sep 17 00:00:00 2001 From: cf-ci-bot-v2 Date: Thu, 4 Sep 2025 15:00:35 +0000 Subject: [PATCH 34/38] CI Automatic commit - align Chart version --- charts/gitops-runtime/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/gitops-runtime/Chart.yaml b/charts/gitops-runtime/Chart.yaml index cf3e1f6f1..79cbfe588 100644 --- a/charts/gitops-runtime/Chart.yaml +++ b/charts/gitops-runtime/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: 0.1.75 description: A Helm chart for Codefresh gitops runtime name: gitops-runtime -version: '0.23.4' +version: '0.24.0' home: https://github.com/codefresh-io/gitops-runtime-helm icon: https://avatars1.githubusercontent.com/u/11412079?v=3 keywords: From 6f53cf102ddda7c3bd7771b777f8341e4526b550 Mon Sep 17 00:00:00 2001 From: Philip Kotliyakov Date: Thu, 4 Sep 2025 20:11:39 +0300 Subject: [PATCH 35/38] updated version --- charts/gitops-runtime/values.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/gitops-runtime/values.yaml b/charts/gitops-runtime/values.yaml index dc0e25c51..60b3ad77f 100644 --- a/charts/gitops-runtime/values.yaml +++ b/charts/gitops-runtime/values.yaml @@ -564,15 +564,15 @@ app-proxy: repository: codefreshplugins/argo-hub-codefresh-csdp-image-enricher-jira-info tag: 1.1.15-main image: - repository: quay.io/codefresh/dev/cap-app-proxy - tag: 1.3730.0-cr-29616-add-singlenamespace-to-runtime-entity-514d763 + repository: quay.io/codefresh/cap-app-proxy + tag: 1.3736.0 pullPolicy: IfNotPresent # -- Extra volume mounts for main container extraVolumeMounts: [] initContainer: image: repository: quay.io/codefresh/cap-app-proxy-init - tag: 1.3727.0 + tag: 1.3736.0 pullPolicy: IfNotPresent command: - ./init.sh From 539e4f9a7ffbf312ed62458b07799f3cac0acfc5 Mon Sep 17 00:00:00 2001 From: ilia-medvedev-codefresh Date: Tue, 26 Aug 2025 18:32:42 +0300 Subject: [PATCH 36/38] feat(conponent-tests): add release branches to pipeline trigger (#684) --- .github/workflows/component-test.yaml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/.github/workflows/component-test.yaml b/.github/workflows/component-test.yaml index 3df1f97d8..f09e4c4fe 100644 --- a/.github/workflows/component-test.yaml +++ b/.github/workflows/component-test.yaml @@ -8,12 +8,16 @@ on: paths-ignore: - "*.md" - charts/** + - 'stable/*' + - 'monthly/*' pull_request: branches: - main paths-ignore: - "*.md" - charts/** + - 'stable/*' + - 'monthly/*' jobs: component-test: @@ -68,7 +72,7 @@ jobs: helm repo add gitea-charts https://dl.gitea.com/charts/ helm repo add mockserver https://www.mock-server.com - + - name: Run KUTTL tests run: | - cd tests/component-tests && ./../../bin/kuttl test --parallel 1 --start-kind=false --namespace e2e-test --config startup.yaml \ No newline at end of file + cd tests/component-tests && ./../../bin/kuttl test --parallel 1 --start-kind=false --namespace e2e-test --config startup.yaml From 0dba8135636a2e7d96444b8d17ab94dbd1d7eb7f Mon Sep 17 00:00:00 2001 From: Noam Gal Date: Thu, 4 Sep 2025 21:42:45 +0300 Subject: [PATCH 37/38] fixed cherry-pick merge mistake --- .github/workflows/component-test.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/component-test.yaml b/.github/workflows/component-test.yaml index f09e4c4fe..8aefc326c 100644 --- a/.github/workflows/component-test.yaml +++ b/.github/workflows/component-test.yaml @@ -5,19 +5,19 @@ on: push: branches: - main + - 'stable/*' + - 'monthly/*' paths-ignore: - "*.md" - charts/** - - 'stable/*' - - 'monthly/*' pull_request: branches: - main + - 'stable/*' + - 'monthly/*' paths-ignore: - "*.md" - charts/** - - 'stable/*' - - 'monthly/*' jobs: component-test: From 7fe6794a02446221585529f7f6bf1c192be6b05c Mon Sep 17 00:00:00 2001 From: Noam Gal Date: Sun, 7 Sep 2025 09:10:33 +0300 Subject: [PATCH 38/38] added missing field in platform-mocks `me` query --- tests/component-tests/setup/mocks/platform-mocks.json | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/tests/component-tests/setup/mocks/platform-mocks.json b/tests/component-tests/setup/mocks/platform-mocks.json index 26b4da51c..24b306ac9 100644 --- a/tests/component-tests/setup/mocks/platform-mocks.json +++ b/tests/component-tests/setup/mocks/platform-mocks.json @@ -177,7 +177,7 @@ "method": "POST", "path": "/2.0/api/graphql", "body": { - "query": "\n query me {\n me {\n runtimeName\n activeAccount {\n id\n name\n gitProvider\n gitApiUrl\n sharedConfigRepo\n }\n }\n }\n" + "query": "\n query me {\n me {\n runtimeName\n activeAccount {\n id\n name\n gitProvider\n gitApiUrl\n sharedConfigRepo\n csdpValidated\n }\n }\n }\n" } }, "httpResponse": { @@ -191,7 +191,8 @@ "name": "local", "gitProvider": "GITHUB", "gitApiUrl": "http://mockserver.mockserver:1080", - "sharedConfigRepo": "http://gitea-http.gitea:3000/test-owner/codefresh-isc" + "sharedConfigRepo": "http://gitea-http.gitea:3000/test-owner/codefresh-isc", + "csdpValidated": true } } }