Switch gitops operator to library mode and set ArgoCD image and workflows url from runtime chart values (#219)

Author: ilia-medvedev-codefresh

charts/gitops-runtime/Chart.yaml

@@ -15,15 +15,11 @@ annotations:
   artifacthub.io/alternativeName: "codefresh-gitops-runtime"
   artifacthub.io/changes: |
     - kind: changed
-      description: "update codefresh-gitops-operator chart to 1.0.19"
+      description: "removed promotion-related notifications from argocd-notifications-controller"
+    - kind: changed
+      description: "update gitops operator and switch gitops operator to library mode - set ArgoCD image for notifications controller to match other ArgoCD components and set correct workflows url from chart values"
     - kind: changed
       description: "updated cap-app-proxy to 1.2875.0, including skipping PAT scopes permissions validations for git providers: BitBucket, BitBucket Server and GitLab; new query promotablePropertiesPreview"
-    - kind: added
-      description: garage as optional dependency for Argo workflows artifact and log storage
-    - kind: fixed
-      description: multiarch image for installer image used in hooks
-    - kind: fixed
-      description: multiarch frpc (codefresh-tunnel-client) image
 dependencies:
 - name: argo-cd
   repository: https://codefresh-io.github.io/argo-helm
@@ -49,7 +45,7 @@ dependencies:
   condition: tunnel-client.enabled
 - name: codefresh-gitops-operator
   repository: oci://quay.io/codefresh/charts
-  version: 1.0.19
+  version: 1.0.21
   alias: gitops-operator
   condition: gitops-operator.enabled
 - name: garage

charts/gitops-runtime/README.md

@@ -231,6 +231,10 @@ sealed-secrets:
 | garage-workflows-artifact-storage.persistence.meta.storageClass | string | `""` | When empty value empty the default storage class for the cluster will be used |
 | garage-workflows-artifact-storage.resources | object | `{}` | Resources for garage pods. For smaller deployments at least 100m CPU and 1024Mi memory is reccommended. For larger deployments double this size. |
 | gitops-operator.affinity | object | `{}` |  |
+| gitops-operator.argoCdNotifications | object | `{"image":{},"imageOverride":false,"resources":{}}` | Builtin notifications controller used by gitops-operator for promotion related notifications |
+| gitops-operator.argoCdNotifications.image | object | `{}` | Set image.repository and image.tag notifications image used by the gitops operator. Ignored unless imageOverride is set to true. |
+| gitops-operator.argoCdNotifications.imageOverride | bool | `false` | If set to true allows to override notifications image used by the gitops operator. When set to false the version of ArgoCD will be set to the version used for all other ArgoCD components. |
+| gitops-operator.argoCdNotifications.resources | object | `{}` | Resources for notifications controller used by gitops-operator. |
 | gitops-operator.crds | object | `{"additionalLabels":{},"annotations":{},"install":true,"keep":false}` | Codefresh gitops operator crds |
 | gitops-operator.crds.additionalLabels | object | `{}` | Additional labels for gitops operator CRDs |
 | gitops-operator.crds.annotations | object | `{}` | Annotations on gitops operator CRDs |
@@ -248,6 +252,7 @@ sealed-secrets:
 | gitops-operator.kube-rbac-proxy.resources.requests.memory | string | `"64Mi"` |  |
 | gitops-operator.kube-rbac-proxy.securityContext.allowPrivilegeEscalation | bool | `false` |  |
 | gitops-operator.kube-rbac-proxy.securityContext.capabilities.drop[0] | string | `"ALL"` |  |
+| gitops-operator.libraryMode | bool | `true` | Do not change unless instructed otherwise by Codefresh support |
 | gitops-operator.nameOverride | string | `""` |  |
 | gitops-operator.nodeSelector | object | `{}` |  |
 | gitops-operator.podAnnotations | object | `{}` |  |

charts/gitops-runtime/templates/_helpers.tpl

@@ -80,6 +80,22 @@ Determine argocd server service name. Must be called with chart root context
 {{- template "argo-cd.server.fullname" (dict "Values" (get .Values "argo-cd")) }}
 {{- end }}
 
+{{/*
+Determine argocd repo server service name. Must be called with chart root context
+*/}}
+{{- define "codefresh-gitops-runtime.argocd.reposerver.servicename" -}}
+{{/* For now use template from ArgoCD chart until better approach */}}
+{{- template "argo-cd.repoServer.fullname" (dict "Values" (get .Values "argo-cd")) }}
+{{- end }}
+
+{{/*
+Determine argocd argocd repo server port
+*/}}
+{{- define "codefresh-gitops-runtime.argocd.reposerver.serviceport" -}}
+{{/* For now use template from ArgoCD chart until better approach */}}
+  {{- index .Values "argo-cd" "repoServer" "service" "port" }}
+{{- end }}
+
 {{/*
 Determine argocd servicename. Must be called with chart root context
 */}}
@@ -283,4 +299,4 @@ valueFrom:
     key: {{ include "codefresh-gitops-runtime.runtime-gitcreds.password.secretkey" . }}
     optional: true
 {{- end }}
-# ------------------------------------------------------------------------------------------------------------
+# ------------------------------------------------------------------------------------------------------------

charts/gitops-runtime/templates/gitops-operator.yaml

@@ -0,0 +1,30 @@
+{{- if index (get .Values "gitops-operator") "libraryMode" }}
+  {{- $gitopsOperatorContext := (index .Subcharts "gitops-operator")}}
+  {{- $argoCDImageDict := index .Subcharts "argo-cd" "Values" "global" "image" }}
+  {{- if not $argoCDImageDict.tag }}
+    {{- $_ := set $argoCDImageDict "tag" (get .Subcharts "argo-cd").Chart.AppVersion }}
+  {{- end }}
+
+
+  {{/* Set ArgoCD image */}}
+  {{- if not (index .Values "gitops-operator" "argoCdNotifications.imageOverride") }}
+    {{- $_ := set $gitopsOperatorContext.Values.argoCdNotifications.image "repository" $argoCDImageDict.repository }}
+    {{- $_ := set $gitopsOperatorContext.Values.argoCdNotifications.image "tag" $argoCDImageDict.tag }}
+  {{- end }}
+
+  {{/* Set repo server service and port */}}
+  {{- $_ := set $gitopsOperatorContext.Values.argoCdNotifications.argocd.repoServer "fullname" (include "codefresh-gitops-runtime.argocd.reposerver.servicename" . ) }}
+  {{- $_ := set $gitopsOperatorContext.Values.argoCdNotifications.argocd.repoServer "port" (include "codefresh-gitops-runtime.argocd.reposerver.serviceport" . ) }}
+
+
+  {{/* Set workflows url */}}
+  {{- if index .Values "argo-workflows" "enabled" }}
+    {{- if not $gitopsOperatorContext.Values.env.ARGO_WF_URL }}
+      {{- $argoWorkflowsUrl := include "codefresh-gitops-runtime.argo-workflows.server.url" . }}
+      {{- $_ := set $gitopsOperatorContext.Values.env "ARGO_WF_URL" $argoWorkflowsUrl }}
+    {{- end }}
+  {{- end}}
+
+  {{- include "gitops-operator.resources" $gitopsOperatorContext}}
+
+{{- end }}

charts/gitops-runtime/tests/app-proxy-image-enrichemnt_test.yaml

@@ -15,7 +15,7 @@ tests:
     app-proxy.image-enrichment.enabled: true
   asserts:
   - failedTemplate:
-      errorMessage: 'app-proxy.image-enrichment is enabled but argo-workflows is disabled. This is not suppurted. Either disable erichment or enable workflows'
+      errorMessage: 'ERROR: app-proxy.image-enrichment is enabled but argo-workflows is disabled. This is not suppurted. Either disable erichment or enable workflows'
 
 - it: Set correct values in app-proxy configmap
   template: 'app-proxy/config.yaml'
@@ -31,7 +31,7 @@ tests:
     app-proxy.image-enrichment.config.clientHeartbeatIntervalInSeconds: 1
     app-proxy.image-enrichment.serviceAccount.name: test
     app-proxy.image-enrichment.config.images:
-      reportImage: 
+      reportImage:
         registry: registry.example
         repository: codefresh/report-image
         tag: 1-test-report
@@ -61,19 +61,19 @@ tests:
   - equal:
       path: data.enrichmentTtlActiveInSeconds
       value: "1"
-  - equal: 
+  - equal:
       path: data.enrichmentClientHeartbeatIntervalInSeconds
       value: "1"
-  - equal: 
+  - equal:
       path: data.enrichmentServiceAccountName
       value: test
-  - equal: 
+  - equal:
       path: data.enrichmentImageReportingImage
       value: registry.example/codefresh/report-image:1-test-report
-  - equal: 
+  - equal:
       path: data.enrichmentGitEnrichmentImage
       value: reg.ex/codefresh/git-enrich:1-test-git
-  - equal: 
+  - equal:
       path: data.enrichmentJiraEnrichmentImage
       value: my.reg/codefresh/jira-enrich:1-test-jira
 
@@ -147,7 +147,7 @@ tests:
             name: cap-app-proxy-cm
             key: enrichmentServiceAccountName
             optional: true
-  - contains: 
+  - contains:
       path: spec.template.spec.containers[0].env
       content:
         name: IRW_REPORT_IMAGE_TASK_IMAGE
@@ -156,7 +156,7 @@ tests:
             name: cap-app-proxy-cm
             key: enrichmentImageReportingImage
             optional: true
-  - contains: 
+  - contains:
       path: spec.template.spec.containers[0].env
       content:
         name: IRW_GIT_ENRICHMENT_TASK_IMAGE
@@ -165,7 +165,7 @@ tests:
             name: cap-app-proxy-cm
             key: enrichmentGitEnrichmentImage
             optional: true
-  - contains: 
+  - contains:
       path: spec.template.spec.containers[0].env
       content:
         name: IRW_JIRA_ENRICHMENT_TASK_IMAGE
@@ -202,8 +202,3 @@ tests:
   - equal:
       path: roleRef.name
       value: cap-app-proxy-enrichment
-        
-  
-
-
-  

charts/gitops-runtime/tests/argo-projects-templates-integration_test.yaml

@@ -1,4 +1,4 @@
-# Test components that depend on templates from Argo projects. 
+# Test components that depend on templates from Argo projects.
 # This is extremely important since currently templates are used that may change between versions of Argo charts.
 suite: Test integration of outputs from Argo Project templates with components that use them in the runtime chart
 templates:
@@ -8,9 +8,9 @@ templates:
   - internal-router/config.yaml
   - event-reporters/events-reporter/eventsource.yaml
   - event-reporters/rollout-reporter/clusterrolebinding.yaml
-tests: 
+tests:
 # ------------------------------------------------------------------------
-# ArgoCD 
+# ArgoCD
 # Affected templates: app-proxy configmap and events-reporter eventsource
 # ------------------------------------------------------------------------
 - it: test app proxy argocd url - http
@@ -61,7 +61,7 @@ tests:
       path: spec.generic.events.url
       value: argo-cd-test-server:443
 # ------------------------------------------------------------------------------------------
-# Argo Workflows 
+# Argo Workflows
 # Affected templates: app-proxy ClusterRoleBinding to argo-server role, intenal-url config
 # ------------------------------------------------------------------------------------------
 - it: test app proxy ClusterRoleBinding to argo workflows role
@@ -87,7 +87,7 @@ tests:
     argo-workflows.server.secure: true
   asserts:
   - matchRegex:
-      path: data.default\.conf\.template
+      path: data["default.conf.template"]
       pattern: .proxy_pass https://argo-test-server:2746+
 
 - it: check worklfow route users argo-workflows server name and protocol http
@@ -101,7 +101,7 @@ tests:
     argo-workflows.server.secure: false
   asserts:
   - matchRegex:
-      path: data.default\.conf\.template
+      path: data["default.conf.template"]
       pattern: .proxy_pass http://argo-test-server:2746+
 
 - it: test app proxy argocd workflows url - http
@@ -130,7 +130,7 @@ tests:
       path: data.argoWorkflowsUrl
       value: https://argo-test-server:2746
 # ------------------------------------------------------------------------------------------
-# Argo rollouts 
+# Argo rollouts
 # Affected templates - rollouts reporter clusterrolebinding
 # ------------------------------------------------------------------------------------------
 - it: test rollout reporter ClusterRoleBinding to argo rollouts role
@@ -143,4 +143,4 @@ tests:
   asserts:
   - equal:
       path: roleRef.name
-      value: rollouts-test
+      value: rollouts-test

charts/gitops-runtime/tests/custom-ca_test.yaml

@@ -379,25 +379,24 @@ tests:
   values:
   - ./values/mandatory-values.yaml
   asserts:
-  - isEmpty:
+  - notExists:
       path: spec.triggers[0].template.http.tls
 
 - it: rollout reporter sensor - no tls
   template: event-reporters/rollout-reporter/sensor.yaml
   values:
   - ./values/mandatory-values.yaml
   asserts:
-  - isEmpty:
+  - notExists:
       path: spec.triggers[0].template.http.tls
 
 - it: workflow reporter sensor - no tls
   template: event-reporters/workflow-reporter/sensor.yaml
   values:
   - ./values/mandatory-values.yaml
   asserts:
-  - isEmpty:
+  - notExists:
       path: spec.triggers[0].template.http.tls
-
 # --------------------------------------------------------
 # workflowPipelinesGitWebhooks
 # --------------------------------------------------------