CR-18557 - move createRuntime to main container (#43)

* moved all env vars from initContainer to main
* inject platform cert to uninstall hook
* bumped app-proxy to `1.2255.0`
* updated version to `0.2.4-alpha`

Author: ATGardner

charts/gitops-runtime/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: 0.1.29
 description: A Helm chart for Codefresh gitops runtime
 name: gitops-runtime
-version: 0.2.3-alpha
+version: 0.2.4-alpha
 home: https://github.com/codefresh-io/gitops-runtime-helm
 icon: https://codefresh.io/docs/assets/brand/codefresh_purple_dark_logo.png
 keywords:
@@ -16,7 +16,7 @@ annotations:
   artifacthub.io/prerelease: "true"
   artifacthub.io/changes: |
     - kind: fixed
-      description: Remove duplicate labels from app-proxy service and serviceaccount
+      description: Moved runtime creation from `cap-app-proxy` initContainer into main container
 dependencies:
 - name: argo-cd
   repository: https://codefresh-io.github.io/argo-helm

charts/gitops-runtime/README.md

@@ -1,6 +1,6 @@
 # gitops-runtime
 
-![Version: 0.2.3-alpha](https://img.shields.io/badge/Version-0.2.3--alpha-informational?style=flat-square) ![AppVersion: 0.1.29](https://img.shields.io/badge/AppVersion-0.1.29-informational?style=flat-square)
+![Version: 0.2.4-alpha](https://img.shields.io/badge/Version-0.2.4--alpha-informational?style=flat-square) ![AppVersion: 0.1.29](https://img.shields.io/badge/AppVersion-0.1.29-informational?style=flat-square)
 
 A Helm chart for Codefresh gitops runtime
 
@@ -54,14 +54,14 @@ A Helm chart for Codefresh gitops runtime
 | app-proxy.image-enrichment.serviceAccount.name | string | `"codefresh-image-enrichment-sa"` | Name of the service account to create or the name of the existing one to use |
 | app-proxy.image.pullPolicy | string | `"IfNotPresent"` |  |
 | app-proxy.image.repository | string | `"quay.io/codefresh/cap-app-proxy"` |  |
-| app-proxy.image.tag | string | `"1.2245.0"` |  |
+| app-proxy.image.tag | string | `"1.2255.0"` |  |
 | app-proxy.imagePullSecrets | list | `[]` |  |
 | app-proxy.initContainer.command[0] | string | `"./init.sh"` |  |
 | app-proxy.initContainer.env | object | `{}` |  |
 | app-proxy.initContainer.extraVolumeMounts | list | `[]` | Extra volume mounts for init container |
 | app-proxy.initContainer.image.pullPolicy | string | `"IfNotPresent"` |  |
 | app-proxy.initContainer.image.repository | string | `"quay.io/codefresh/cap-app-proxy-init"` |  |
-| app-proxy.initContainer.image.tag | string | `"1.2245.0"` |  |
+| app-proxy.initContainer.image.tag | string | `"1.2255.0"` |  |
 | app-proxy.initContainer.resources.limits.cpu | string | `"1"` |  |
 | app-proxy.initContainer.resources.limits.memory | string | `"512Mi"` |  |
 | app-proxy.initContainer.resources.requests.cpu | string | `"0.2"` |  |
@@ -153,7 +153,7 @@ A Helm chart for Codefresh gitops runtime
 | global.runtime.ingress.hosts | list | `[]` | Hosts for runtime ingress. Note that Codefresh platform will always use the first host in the list to access the runtime. |
 | global.runtime.ingress.protocol | string | `"https"` | The protocol that Codefresh platform will use to access the runtime ingress. Can be http or https. |
 | global.runtime.ingressUrl | string | `""` | Explicit url for runtime ingress. Provide this value only if you don't want the chart to create and ingress (global.runtime.ingress.enabled=false) and tunnel-client is not used (tunnel-client.enabled=false) |
-| global.runtime.name | string | `nil` | Runtime name. Must be identical to the namepsace in which it is intalled and must be unique per platform account. |
+| global.runtime.name | string | `nil` | Runtime name. Must be unique per platform account. |
 | installer | object | `{"image":{"pullPolicy":"IfNotPresent","repository":"quay.io/codefresh/gitops-runtime-installer","tag":""}}` | Runtime installer used for running hooks and checks on the release |
 | internal-router.affinity | object | `{}` |  |
 | internal-router.env | object | `{}` | Environment variables - see values.yaml inside the chart for usage |

charts/gitops-runtime/templates/_components/_common_helpers.yaml

@@ -4,24 +4,28 @@
       {{ fail "ERROR: env block must be a map"}}
     {{- end -}}
   {{- end -}}
+  {{- if empty . -}}
+env: []
+  {{- else -}}
 env:
-  {{- range $name, $val := . }}
-    {{- if kindIs "string" $val}}
+    {{- range $name, $val := . }}
+      {{- if kindIs "string" $val}}
 - name: {{ $name }}
   value: {{ $val }}
-    {{- else if kindIs "map" $val}}
-      {{- if hasKey $val "valueFrom" }}
-        {{- if or (hasKey $val.valueFrom "secretKeyRef") (hasKey $val.valueFrom "configMapKeyRef") (hasKey $val.valueFrom "fieldRef") }}
+      {{- else if kindIs "map" $val}}
+        {{- if hasKey $val "valueFrom" }}
+          {{- if or (hasKey $val.valueFrom "secretKeyRef") (hasKey $val.valueFrom "configMapKeyRef") (hasKey $val.valueFrom "fieldRef") }}
 - name: {{ $name }}
 {{- $val | toYaml | nindent 2}}        
-        {{- else}}
-          {{ fail "ERROR: Only secretKeyRef/configMapKeyRef/fieldRef are supported for valueFrom block for environment variables" }}
-        {{- end}}
+          {{- else}}
+            {{ fail "ERROR: Only secretKeyRef/configMapKeyRef/fieldRef are supported for valueFrom block for environment variables" }}
+          {{- end}}
+        {{- else }}
+          {{ fail "ERROR: Cannot generate environment variables only strings and valueFrom are supported"}}
+        {{- end }}
       {{- else }}
-        {{ fail "ERROR: Cannot generate environment variables only strings and valueFrom are supported"}}
+        {{ fail "ERROR: Only maps and string are supported for environment variables"}}
       {{- end }}
-    {{- else }}
-      {{ fail "ERROR: Only maps and string are supported for environment variables"}}
     {{- end }}
   {{- end }}
 {{- end -}}

charts/gitops-runtime/templates/_components/cap-app-proxy/environment-variables/_init-container.yaml

@@ -1,55 +1,6 @@
-{{- define "cap-app-proxy.environment-variables.init-container-defaults" -}}
-CHART_VERSION: {{ .Chart.Version }}
-CF_HOST:
-  valueFrom:
-    configMapKeyRef:
-      name: codefresh-cm
-      key: base-url
-CLUSTER: https://kubernetes.default.svc
-INGRESS_CLASS_NAME: 
-  valueFrom:
-    configMapKeyRef:
-      name: codefresh-cm
-      key: ingressClassName
-INGRESS_CONTROLLER: 
-  valueFrom:
-    configMapKeyRef:
-      name: codefresh-cm
-      key: ingressController
-INGRESS_HOST: 
-  valueFrom:
-    configMapKeyRef:
-      name: codefresh-cm
-      key: ingressHost
-INSTALLATION_TYPE: HELM
-NAMESPACE: 
-  valueFrom:
-    fieldRef:
-      fieldPath: metadata.namespace
-RUNTIME_NAME: 
-  valueFrom:
-    configMapKeyRef:
-      name: cap-app-proxy-cm
-      key: runtimeName
-RUNTIME_TOKEN: 
-  valueFrom:
-    secretKeyRef:
-      name: codefresh-token
-      key: token
-      optional: true
-RUNTIME_VERSION:
-  valueFrom:
-    configMapKeyRef:
-      name: codefresh-cm
-      key: version
-{{- end -}}
-
 {{/*
 Read defaults from the template above and merge with the values provided in values file
 */}}
 {{- define "cap-app-proxy.environment-variables.init-container" -}}
-{{- $defaults := (include "cap-app-proxy.environment-variables.init-container-defaults" . | fromYaml ) -}}
-{{- $overrides := .Values.initContainer.env -}}
-{{- $mergedValues := mergeOverwrite $defaults $overrides -}}
-{{- include "codefresh-gitops-runtime.components.common_helpers.container-templates.env-vars" $mergedValues -}}
+{{- include "codefresh-gitops-runtime.components.common_helpers.container-templates.env-vars" .Values.initContainer.env -}}
 {{- end -}}

charts/gitops-runtime/templates/_components/cap-app-proxy/environment-variables/_main-container.yaml

@@ -28,12 +28,14 @@ ARGO_WORKFLOWS_URL:
       name: cap-app-proxy-cm
       key: argoWorkflowsUrl
       optional: true
+CHART_VERSION: {{ .Chart.Version }}
 CF_HOST:
   valueFrom:
     configMapKeyRef:
       name: codefresh-cm
       key: base-url
       optional: true
+CLUSTER: https://kubernetes.default.svc
 CORS:
   valueFrom:
     configMapKeyRef:
@@ -59,6 +61,23 @@ GRAPHQL_PLAYGROUND:
       name: cap-app-proxy-cm
       key: graphqlPlayground
       optional: true
+INGRESS_CLASS_NAME: 
+  valueFrom:
+    configMapKeyRef:
+      name: codefresh-cm
+      key: ingressClassName
+INGRESS_CONTROLLER: 
+  valueFrom:
+    configMapKeyRef:
+      name: codefresh-cm
+      key: ingressController
+INGRESS_HOST: 
+  valueFrom:
+    configMapKeyRef:
+      name: codefresh-cm
+      key: ingressHost
+INSTALLATION_TYPE: HELM
+MANAGED: '"false"'
 NAMESPACE:
   valueFrom:
     fieldRef:
@@ -93,6 +112,11 @@ RUNTIME_STORE_IV:
       name: codefresh-token
       key: encryptionIV
       optional: true
+RUNTIME_VERSION:
+  valueFrom:
+    configMapKeyRef:
+      name: codefresh-cm
+      key: version
 STORE_BACKEND:
   valueFrom:
     configMapKeyRef:

charts/gitops-runtime/templates/app-proxy/_app-proxy-env.yaml

@@ -14,13 +14,3 @@ GIT_PASSWORD:
   {{- end }}
 WORKFLOW_PIPELINES_WEBHOOKS_TLS_SECRET: codefresh-workflow-pipelines-tls
 {{- end }}
-
-{{- define "codefresh-gitops-runtime.app-proxy.init-container.calculated-env-vars"}}
-  {{- if or .Values.global.codefresh.tls.caCerts.secret.create .Values.global.codefresh.tls.caCerts.secretKeyRef }}
-{{- $name := .Values.global.codefresh.tls.caCerts.secret.create | ternary "codefresh-tls-certs" .Values.global.codefresh.tls.caCerts.secretKeyRef.name }}
-{{- $key := .Values.global.codefresh.tls.caCerts.secret.create | ternary (default "ca-bundle.crt" .Values.global.codefresh.tls.caCerts.secret.key) .Values.global.codefresh.tls.caCerts.secretKeyRef.key }}
-SSL_CERT_FILE: /app/config/{{ $name }}/{{ $key }}
-  {{- end }}
-USER_TOKEN:
-  {{- include "codefresh-gitops-runtime.installation-token-env-var-value" . | nindent 2 }}
-{{- end }}

charts/gitops-runtime/templates/app-proxy/deployment.yaml

@@ -3,9 +3,7 @@
 {{- $_ := set $appProxyContext.Values "global" (get .Values "global") }}
 
 {{/* Merge environment variables with the ones in _app-proxy-env.yaml */}}
-{{- $initContainerMergedValues := mergeOverwrite $appProxyContext.Values.initContainer.env (include "codefresh-gitops-runtime.app-proxy.init-container.calculated-env-vars" . | fromYaml) }}
 {{- $mainContainerMergedValues := mergeOverwrite $appProxyContext.Values.env (include "codefresh-gitops-runtime.app-proxy.calculated-env-vars" . | fromYaml) }}
-{{- $_ := set $appProxyContext.Values.initContainer "env" $initContainerMergedValues }}
 {{- $_ := set $appProxyContext.Values "env" $mainContainerMergedValues }}
 
 {{/* Add extra volumes (used for cutom tls) */}}

charts/gitops-runtime/templates/hooks/pre-uninstall/delete-runtime-from-platform.yaml

@@ -19,7 +19,13 @@ spec:
         - name: PLATFORM_URL
           value: {{ .Values.global.codefresh.url }}
         - name: USER_TOKEN
-          {{ include "codefresh-gitops-runtime.installation-token-env-var-value" . | nindent 10 }}
+          {{- include "codefresh-gitops-runtime.installation-token-env-var-value" . | nindent 10 }}
+{{- if or .Values.global.codefresh.tls.caCerts.secret.create .Values.global.codefresh.tls.caCerts.secretKeyRef }}
+  {{- $name := .Values.global.codefresh.tls.caCerts.secret.create | ternary "codefresh-tls-certs" .Values.global.codefresh.tls.caCerts.secretKeyRef.name }}
+  {{- $key := .Values.global.codefresh.tls.caCerts.secret.create | ternary (default "ca-bundle.crt" .Values.global.codefresh.tls.caCerts.secret.key) .Values.global.codefresh.tls.caCerts.secretKeyRef.key }}
+        - name: SSL_CERT_FILE
+          value: /app/config/{{ $name }}/{{ $key }}
+{{- end }}
         imagePullPolicy: {{ .Values.installer.image.pullPolicy }}
         command: ["sh", "-c"]
         args: 

charts/gitops-runtime/tests/custom-ca_test.yaml

@@ -1,12 +1,13 @@
 # Test custom CA - affects app-proxy and event reporters
-suite: Tes custom CA
+suite: Test custom CA
 templates:
   - tls-custom-ca/codefresh-tls-certs.yaml
   - tls-custom-ca/workflow-pipelines-git-webhooks.yaml
   - app-proxy/deployment.yaml
   - event-reporters/workflow-reporter/sensor.yaml
   - event-reporters/events-reporter/sensor.yaml
   - event-reporters/rollout-reporter/sensor.yaml
+  - hooks/pre-uninstall/delete-runtime-from-platform.yaml
 tests:
 
 - it: test chart created secret contents - default secret key
@@ -121,22 +122,22 @@ tests:
         name: codefresh-tls-certs
         readOnly: true
 
-- it: environment variable in app-proxy init container - secret ref
-  template: 'app-proxy/deployment.yaml'
+- it: environment variable in pre-delete hook - secret ref
+  template: 'hooks/pre-uninstall/delete-runtime-from-platform.yaml'
   values:
   - ./values/mandatory-values.yaml
   set:
     global.codefresh.tls.caCerts.secretKeyRef.name: my-secret
     global.codefresh.tls.caCerts.secretKeyRef.key: my-key
   asserts:
   - contains:
-      path: spec.template.spec.initContainers[0].env
+      path: spec.template.spec.containers[0].env
       content:
         name: SSL_CERT_FILE
         value:  /app/config/my-secret/my-key
 
-- it: environment variable in app-proxy init container - chart created secret
-  template: 'app-proxy/deployment.yaml'
+- it: environment variable in pre-delete hook - chart created secret
+  template: 'hooks/pre-uninstall/delete-runtime-from-platform.yaml'
   values:
   - ./values/mandatory-values.yaml
   set:
@@ -147,12 +148,11 @@ tests:
       -----END CERTIFICATE-----
   asserts:
   - contains:
-      path: spec.template.spec.initContainers[0].env
+      path: spec.template.spec.containers[0].env
       content:
         name: SSL_CERT_FILE
         value:  /app/config/codefresh-tls-certs/ca-bundle.crt
 
-
 - it: events reporter sensor - check chart created secret with default key
   template: event-reporters/events-reporter/sensor.yaml
   values:

charts/gitops-runtime/tests/installation-token_test.yaml

@@ -11,15 +11,6 @@ tests:
   set:
     global.codefresh.userToken.token: dummy
   asserts:
-  - contains:
-      path: spec.template.spec.initContainers[0].env
-      content:
-        name: USER_TOKEN
-        valueFrom:
-          secretKeyRef:
-            name: codefresh-user-token
-            key: token
-            optional: true
   - contains:
       path: spec.template.spec.containers[0].env
       content:
@@ -46,11 +37,3 @@ tests:
           secretKeyRef:
             name: mysecret
             key: mykey
-  - contains:
-      path: spec.template.spec.initContainers[0].env
-      content:
-        name: USER_TOKEN
-        valueFrom:
-          secretKeyRef:
-            name: mysecret
-            key: mykey

charts/gitops-runtime/values.yaml

@@ -46,7 +46,7 @@ global:
 
   # -- Runtime level settings
   runtime:
-    # -- Runtime name. Must be identical to the namepsace in which it is intalled and must be unique per platform account.
+    # -- Runtime name. Must be unique per platform account.
     name:
     # -- Runtime cluster. Should not be changed.
     cluster: https://kubernetes.default.svc
@@ -305,16 +305,15 @@ app-proxy:
 
   image:
     repository: quay.io/codefresh/cap-app-proxy
-    tag: 1.2245.0
+    tag: 1.2255.0
     pullPolicy: IfNotPresent
   # -- Extra volume mounts for main container
   extraVolumeMounts: []
 
   initContainer:
     image:
       repository: quay.io/codefresh/cap-app-proxy-init
-      # Overrides the image tag whose default is the chart appVersion.
-      tag: 1.2245.0
+      tag: 1.2255.0
       pullPolicy: IfNotPresent
     command:
       - ./init.sh