Release 0.2.14 (#61)

* fix private registry utility bug and switch to unprivileged nginx

* update argocd

* update argocd

* bump app-proxy (#59)

Co-authored-by: ilia-medvedev-codefresh <ilia.medvedev@codefresh.io>

* add enrichment images to chart

* fix lint

* change app-proxy container port

* update changes annotation

* bump app-proxy

* upd Chart.yaml

* helm-docs

* resolver values for internal-router

Signed-off-by: mikhail-klimko <mikhail.klimko@codefresh.io>

* add codeowners

---------

Signed-off-by: mikhail-klimko <mikhail.klimko@codefresh.io>
Co-authored-by: Daniel Maizel <daniel.maizel@codefresh.io>
Co-authored-by: mikhail-klimko <mikhail.klimko@codefresh.io>

Author: 3 people

CODEOWNERS

@@ -1 +1 @@
-* @codefresh-io/DevOps
+* @codefresh-io/DevOps daniel.maizel@codefresh.io noam.gal@codefresh.io

charts/gitops-runtime/Chart.yaml

@@ -1,8 +1,8 @@
 apiVersion: v2
-appVersion: 0.1.30
+appVersion: 0.1.32
 description: A Helm chart for Codefresh gitops runtime
 name: gitops-runtime
-version: 0.2.13-alpha.1
+version: 0.2.14
 home: https://github.com/codefresh-io/gitops-runtime-helm
 icon: https://avatars1.githubusercontent.com/u/11412079?v=3
 keywords:
@@ -13,18 +13,25 @@ maintainers:
     url: https://codefresh-io.github.io/
 annotations:
   artifacthub.io/alternativeName: "codefresh-gitops-runtime"
-  artifacthub.io/prerelease: "true"
   artifacthub.io/changes: |
-    - kind: fixed
-      description: csv generation for private registry utility
+    - kind: changed
+      description: Updated `app-proxy` to `1.2337.0`
+    - kind: changed
+      description: Update ArgoCD version to v2.7.0-cap-CR-18361-custom-instance-label
+    - kind: changed
+      description: Switch internal router to unprivileged (rootless) nginx
+    - kind: changed
+      description: Installer image now supports arm64 and amd64 platforms
     - kind: added
-      description: pdb for eventbus
+      description: Include enrichment images in the chart with possibility to override through values
     - kind: fixed
-      description: fix eventbusname
+      description: Private registry utility - the utility omitted repositories for images with short names (i.e natsio/prometheus-nats-exporter:0.8.0 was created as registry.example.com/prometheus-nats-exporter:0.8.0). In this version it works as expected.
+    - kind: changed
+      description: App-proxy container port changed to 8080
 dependencies:
 - name: argo-cd
   repository: https://codefresh-io.github.io/argo-helm
-  version: 5.29.2-cap-CR-18430
+  version: 5.38.1-1-cap-CR-18361
 - name: argo-events
   repository: https://codefresh-io.github.io/argo-helm
   version: 2.0.5-1-cf-init

charts/gitops-runtime/README.md

@@ -1,5 +1,5 @@
 ## Codefresh gitops runtime
-![Version: 0.2.13-alpha.1](https://img.shields.io/badge/Version-0.2.13--alpha.1-informational?style=flat-square) ![AppVersion: 0.1.30](https://img.shields.io/badge/AppVersion-0.1.30-informational?style=flat-square)
+![Version: 0.2.14](https://img.shields.io/badge/Version-0.2.14-informational?style=flat-square) ![AppVersion: 0.1.32](https://img.shields.io/badge/AppVersion-0.1.32-informational?style=flat-square)
 
 ## Codefresh official documentation:
 Prior to running the installation please see the official documentation at: https://codefresh.io/docs/docs/installation/gitops/hybrid-gitops-helm-installation/
@@ -15,7 +15,7 @@ We have created a helper utility to resolve this issue:
 The utility is packaged in a container image. Below are instructions on executing the utility using Docker:
 
 ```
-docker run -v <output_dir>:/output quay.io/codefresh/gitops-runtime-private-registry-utils:0.2.13-alpha.1 <local_registry>
+docker run -v <output_dir>:/output quay.io/codefresh/gitops-runtime-private-registry-utils:0.2.14 <local_registry>
 ```
 `output_dir` - is a local directory where the utility will output files. <br>
 `local_registry` - is your local registry where you want to mirror the images to
@@ -42,11 +42,13 @@ The utility will output 4 files into the folder:
 | app-proxy.extraVolumeMounts | list | `[]` | Extra volume mounts for main container |
 | app-proxy.extraVolumes | list | `[]` | extra volumes |
 | app-proxy.fullnameOverride | string | `"cap-app-proxy"` |  |
-| app-proxy.image-enrichment | object | `{"config":{"clientHeartbeatIntervalInSeconds":5,"concurrencyCmKey":"imageReportExecutor","concurrencyCmName":"workflow-synchronization-semaphores","podGcStrategy":"OnWorkflowCompletion","ttlActiveInSeconds":900,"ttlAfterCompletionInSeconds":86400},"enabled":true,"serviceAccount":{"annotations":null,"create":true,"name":"codefresh-image-enrichment-sa"}}` | Image enrichment process configuration |
-| app-proxy.image-enrichment.config | object | `{"clientHeartbeatIntervalInSeconds":5,"concurrencyCmKey":"imageReportExecutor","concurrencyCmName":"workflow-synchronization-semaphores","podGcStrategy":"OnWorkflowCompletion","ttlActiveInSeconds":900,"ttlAfterCompletionInSeconds":86400}` | Configurations for image enrichment workflow |
+| app-proxy.image-enrichment | object | `{"config":{"clientHeartbeatIntervalInSeconds":5,"concurrencyCmKey":"imageReportExecutor","concurrencyCmName":"workflow-synchronization-semaphores","images":{"gitEnrichment":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-image-enricher-git-info","tag":"1.1.10-main"},"jiraEnrichment":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-image-enricher-jira-info","tag":"1.1.10-main"},"reportImage":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-report-image-info","tag":"1.1.10-main"}},"podGcStrategy":"OnWorkflowCompletion","ttlActiveInSeconds":900,"ttlAfterCompletionInSeconds":86400},"enabled":true,"serviceAccount":{"annotations":null,"create":true,"name":"codefresh-image-enrichment-sa"}}` | Image enrichment process configuration |
+| app-proxy.image-enrichment.config | object | `{"clientHeartbeatIntervalInSeconds":5,"concurrencyCmKey":"imageReportExecutor","concurrencyCmName":"workflow-synchronization-semaphores","images":{"gitEnrichment":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-image-enricher-git-info","tag":"1.1.10-main"},"jiraEnrichment":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-image-enricher-jira-info","tag":"1.1.10-main"},"reportImage":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-report-image-info","tag":"1.1.10-main"}},"podGcStrategy":"OnWorkflowCompletion","ttlActiveInSeconds":900,"ttlAfterCompletionInSeconds":86400}` | Configurations for image enrichment workflow |
 | app-proxy.image-enrichment.config.clientHeartbeatIntervalInSeconds | int | `5` | Client heartbeat interval in seconds for image enrichemnt workflow |
 | app-proxy.image-enrichment.config.concurrencyCmKey | string | `"imageReportExecutor"` | The name of the key in the configmap to use as synchronization semaphore |
 | app-proxy.image-enrichment.config.concurrencyCmName | string | `"workflow-synchronization-semaphores"` | The name of the configmap to use as synchronization semaphore, see https://argoproj.github.io/argo-workflows/synchronization/ |
+| app-proxy.image-enrichment.config.images | object | `{"gitEnrichment":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-image-enricher-git-info","tag":"1.1.10-main"},"jiraEnrichment":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-image-enricher-jira-info","tag":"1.1.10-main"},"reportImage":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-report-image-info","tag":"1.1.10-main"}}` | Enrichemnt images |
+| app-proxy.image-enrichment.config.images.reportImage | object | `{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-report-image-info","tag":"1.1.10-main"}` | Report image enrichment task image |
 | app-proxy.image-enrichment.config.podGcStrategy | string | `"OnWorkflowCompletion"` | Pod grabage collection strategy. By default all pods will be deleted when the enrichment workflow completes. |
 | app-proxy.image-enrichment.config.ttlActiveInSeconds | int | `900` | Maximum allowed runtime for the enrichment workflow |
 | app-proxy.image-enrichment.config.ttlAfterCompletionInSeconds | int | `86400` | Number of seconds to live after completion |
@@ -57,14 +59,14 @@ The utility will output 4 files into the folder:
 | app-proxy.image-enrichment.serviceAccount.name | string | `"codefresh-image-enrichment-sa"` | Name of the service account to create or the name of the existing one to use |
 | app-proxy.image.pullPolicy | string | `"IfNotPresent"` |  |
 | app-proxy.image.repository | string | `"quay.io/codefresh/cap-app-proxy"` |  |
-| app-proxy.image.tag | string | `"1.2268.0"` |  |
+| app-proxy.image.tag | string | `"1.2337.0"` |  |
 | app-proxy.imagePullSecrets | list | `[]` |  |
 | app-proxy.initContainer.command[0] | string | `"./init.sh"` |  |
 | app-proxy.initContainer.env | object | `{}` |  |
 | app-proxy.initContainer.extraVolumeMounts | list | `[]` | Extra volume mounts for init container |
 | app-proxy.initContainer.image.pullPolicy | string | `"IfNotPresent"` |  |
 | app-proxy.initContainer.image.repository | string | `"quay.io/codefresh/cap-app-proxy-init"` |  |
-| app-proxy.initContainer.image.tag | string | `"1.2268.0"` |  |
+| app-proxy.initContainer.image.tag | string | `"1.2337.0"` |  |
 | app-proxy.initContainer.resources.limits.cpu | string | `"1"` |  |
 | app-proxy.initContainer.resources.limits.memory | string | `"512Mi"` |  |
 | app-proxy.initContainer.resources.requests.cpu | string | `"0.2"` |  |
@@ -103,6 +105,7 @@ The utility will output 4 files into the folder:
 | argo-cd.configs.params."server.insecure" | bool | `true` |  |
 | argo-cd.crds.install | bool | `true` |  |
 | argo-cd.fullnameOverride | string | `"argo-cd"` |  |
+| argo-cd.notifications.bots.slack | string | `nil` |  |
 | argo-events.crds.install | bool | `false` |  |
 | argo-events.fullnameOverride | string | `"argo-events"` |  |
 | argo-rollouts.controller.replicas | int | `1` |  |
@@ -161,11 +164,14 @@ The utility will output 4 files into the folder:
 | installer | object | `{"image":{"pullPolicy":"IfNotPresent","repository":"quay.io/codefresh/gitops-runtime-installer","tag":""},"skipValidation":false}` | Runtime installer used for running hooks and checks on the release |
 | installer.skipValidation | bool | `false` | if set to true, pre-install hook will *not* run |
 | internal-router.affinity | object | `{}` |  |
+| internal-router.clusterDomain | string | `"cluster.local"` |  |
+| internal-router.dnsNamespace | string | `"kube-system"` |  |
+| internal-router.dnsService | string | `"kube-dns"` |  |
 | internal-router.env | object | `{}` | Environment variables - see values.yaml inside the chart for usage |
 | internal-router.fullnameOverride | string | `"internal-router"` |  |
 | internal-router.image.pullPolicy | string | `"IfNotPresent"` |  |
-| internal-router.image.repository | string | `"nginx"` |  |
-| internal-router.image.tag | string | `"1.22-bullseye"` |  |
+| internal-router.image.repository | string | `"nginxinc/nginx-unprivileged"` |  |
+| internal-router.image.tag | string | `"1.23-alpine"` |  |
 | internal-router.imagePullSecrets | list | `[]` |  |
 | internal-router.nameOverride | string | `""` |  |
 | internal-router.nodeSelector | object | `{}` |  |

charts/gitops-runtime/templates/_components/cap-app-proxy/_config.yaml

@@ -17,6 +17,9 @@ enrichmentPodGcStrategy: {{ $enrichmentValues.config.podGcStrategy | quote}}
 enrichmentTtlAfterCompletionInSeconds: {{ $enrichmentValues.config.ttlAfterCompletionInSeconds | quote }}
 enrichmentTtlActiveInSeconds: {{ $enrichmentValues.config.ttlActiveInSeconds | quote }}
 enrichmentClientHeartbeatIntervalInSeconds: {{ $enrichmentValues.config.clientHeartbeatIntervalInSeconds | quote }}
+enrichmentImageReportingImage: {{ printf "%s/%s:%s" $enrichmentValues.config.images.reportImage.registry $enrichmentValues.config.images.reportImage.repository $enrichmentValues.config.images.reportImage.tag | quote }}
+enrichmentGitEnrichmentImage: {{ printf "%s/%s:%s" $enrichmentValues.config.images.gitEnrichment.registry $enrichmentValues.config.images.gitEnrichment.repository $enrichmentValues.config.images.gitEnrichment.tag | quote }}
+enrichmentJiraEnrichmentImage: {{ printf "%s/%s:%s" $enrichmentValues.config.images.jiraEnrichment.registry $enrichmentValues.config.images.jiraEnrichment.repository $enrichmentValues.config.images.jiraEnrichment.tag | quote }}
   {{- end }}
 {{- end }}
 

charts/gitops-runtime/templates/_components/cap-app-proxy/_deployment.yaml

@@ -56,7 +56,7 @@ spec:
         imagePullPolicy: {{ .Values.image.pullPolicy }}
         ports:
         - name: http
-          containerPort: 80
+          containerPort: 8080
         readinessProbe:
           initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
           periodSeconds: {{ .Values.readinessProbe.periodSeconds }}

charts/gitops-runtime/templates/_components/cap-app-proxy/environment-variables/_main-container.yaml

@@ -183,6 +183,24 @@ IRW_HEARTBEAT_INTERVAL_IN_SECONDS:
       name: cap-app-proxy-cm
       key: enrichmentClientHeartbeatIntervalInSeconds
       optional: true
+IRW_REPORT_IMAGE_TASK_IMAGE:
+  valueFrom:
+    configMapKeyRef:
+      name: cap-app-proxy-cm
+      key: enrichmentImageReportingImage
+      optional: true
+IRW_GIT_ENRICHMENT_TASK_IMAGE:
+  valueFrom:
+    configMapKeyRef:
+      name: cap-app-proxy-cm
+      key: enrichmentGitEnrichmentImage
+      optional: true
+IRW_JIRA_ENRICHMENT_TASK_IMAGE:
+  valueFrom:
+    configMapKeyRef:
+      name: cap-app-proxy-cm
+      key: enrichmentJiraEnrichmentImage
+      optional: true
 NODE_EXTRA_CA_CERTS: /app/config/all/all.cer
 {{- end -}}
 

charts/gitops-runtime/templates/_components/internal-router/_configmap.yaml

@@ -6,19 +6,23 @@ metadata:
 data:
   default.conf.template: |
     server {
-      listen 80 default_server;
-      root /usr/local/app;
+      listen 8080;
       access_log /dev/stdout main;
       error_log /dev/stdout;
-    
-    
+
+      {{- if .Values.resolver }}
+      resolver {{ .Values.resolver }} valid=10s;
+      {{- else }}
+      resolver {{ .Values.dnsService }}.{{ .Values.dnsNamespace }}.svc.{{ .Values.clusterDomain }} valid=10s;
+      {{- end }}
+
       location /app-proxy {
         # WebSocket support
         proxy_http_version 1.1;
         proxy_set_header Upgrade $http_upgrade;
         proxy_set_header Connection "upgrade";
         chunked_transfer_encoding off;
-    
+
         proxy_pass {{ index (get .Values.routing "app-proxy") "internalUrl" }};
       }
 
@@ -28,20 +32,19 @@ data:
         proxy_set_header Connection '';
         proxy_http_version 1.1;
         chunked_transfer_encoding off;
-    
+
         proxy_pass {{ .Values.routing.workflows.internalUrl }};
       }
       {{- end }}
-    
+
       location ~ /webhooks/([^/]+)/([^/]+) {
-        resolver kube-dns.kube-system.svc.cluster.local valid=10s;
         proxy_pass http://$2-eventsource-svc.$1.svc.cluster.local;
       }
-    
+
       location /readyz {
         return 200 'ok';
       }
-    
+
       location /healthz {
         return 200 'ok';
       }

charts/gitops-runtime/templates/_components/internal-router/_deployment.yaml

@@ -38,20 +38,20 @@ spec:
           imagePullPolicy: {{ .Values.image.pullPolicy }}
           ports:
             - name: http
-              containerPort: 80
+              containerPort: 8080
               protocol: TCP
           readinessProbe:
             initialDelaySeconds: 10
             timeoutSeconds: 10
             httpGet:
-              port: 80
+              port: http
               path: /readyz
           livenessProbe:
             initialDelaySeconds: 10
             timeoutSeconds: 10
             failureThreshold: 10
             httpGet:
-              port: 80
+              port: http
               path: /healthz
           resources:
             {{- toYaml .Values.resources | nindent 12 }}

charts/gitops-runtime/tests/app-proxy-image-enrichemnt_test.yaml

@@ -30,6 +30,21 @@ tests:
     app-proxy.image-enrichment.config.ttlActiveInSeconds: 1
     app-proxy.image-enrichment.config.clientHeartbeatIntervalInSeconds: 1
     app-proxy.image-enrichment.serviceAccount.name: test
+    app-proxy.image-enrichment.config.images:
+      reportImage: 
+        registry: registry.example
+        repository: codefresh/report-image
+        tag: 1-test-report
+        # Git enrichment task image
+      gitEnrichment:
+        registry: reg.ex
+        repository: codefresh/git-enrich
+        tag: 1-test-git
+        # Jira enrichment task image
+      jiraEnrichment:
+        registry: my.reg
+        repository: codefresh/jira-enrich
+        tag: 1-test-jira
   asserts:
   - equal:
       path: data.enrichmentConcurrencyCmName
@@ -52,6 +67,15 @@ tests:
   - equal: 
       path: data.enrichmentServiceAccountName
       value: test
+  - equal: 
+      path: data.enrichmentImageReportingImage
+      value: registry.example/codefresh/report-image:1-test-report
+  - equal: 
+      path: data.enrichmentGitEnrichmentImage
+      value: reg.ex/codefresh/git-enrich:1-test-git
+  - equal: 
+      path: data.enrichmentJiraEnrichmentImage
+      value: my.reg/codefresh/jira-enrich:1-test-jira
 
 - it: app proxy environment variables set for enrichemnt and match the values in the configmap
   template: 'app-proxy/deployment.yaml'
@@ -123,6 +147,33 @@ tests:
             name: cap-app-proxy-cm
             key: enrichmentServiceAccountName
             optional: true
+  - contains: 
+      path: spec.template.spec.containers[0].env
+      content:
+        name: IRW_REPORT_IMAGE_TASK_IMAGE
+        valueFrom:
+          configMapKeyRef:
+            name: cap-app-proxy-cm
+            key: enrichmentImageReportingImage
+            optional: true
+  - contains: 
+      path: spec.template.spec.containers[0].env
+      content:
+        name: IRW_GIT_ENRICHMENT_TASK_IMAGE
+        valueFrom:
+          configMapKeyRef:
+            name: cap-app-proxy-cm
+            key: enrichmentGitEnrichmentImage
+            optional: true
+  - contains: 
+      path: spec.template.spec.containers[0].env
+      content:
+        name: IRW_JIRA_ENRICHMENT_TASK_IMAGE
+        valueFrom:
+          configMapKeyRef:
+            name: cap-app-proxy-cm
+            key: enrichmentJiraEnrichmentImage
+            optional: true
 
 - it: Verify correct name of serviceAccount
   template: 'app-proxy/enrichment/sa.yaml'