onprem: 2.4.0-rc.3 (#1310)

mikhail-klimko · web-flow · commit b5c6505ceddc · 2024-06-21T14:49:19.000+03:00
diff --git a/codefresh/.ci/values/cfapi-roles-no-rbac.yaml b/codefresh/.ci/values/cfapi-roles-no-rbac.yaml
@@ -0,0 +1,56 @@
+cfapi: &cf-api
+  enabled: false
+  rbac:
+    namespaced: true
+
+cfapi-auth:
+  <<: *cf-api
+  enabled: true
+cfapi-internal:
+  <<: *cf-api
+  enabled: true
+cfapi-ws:
+  <<: *cf-api
+  enabled: true
+cfapi-admin:
+  <<: *cf-api
+  enabled: true
+cfapi-endpoints:
+  <<: *cf-api
+  enabled: true
+cfapi-terminators:
+  <<: *cf-api
+  enabled: true
+cfapi-sso-group-synchronizer:
+  <<: *cf-api
+  enabled: true
+cfapi-buildmanager:
+  <<: *cf-api
+  enabled: true
+cfapi-cacheevictmanager:
+  <<: *cf-api
+  enabled: true
+cfapi-eventsmanagersubscriptions:
+  <<: *cf-api
+  enabled: true
+cfapi-kubernetesresourcemonitor:
+  <<: *cf-api
+  enabled: true
+cfapi-environments:
+  <<: *cf-api
+  enabled: true
+cfapi-gitops-resource-receiver:
+  <<: *cf-api
+  enabled: true
+cfapi-downloadlogmanager:
+  <<: *cf-api
+  enabled: true
+cfapi-teams:
+  <<: *cf-api
+  enabled: true
+cfapi-kubernetes-endpoints:
+  <<: *cf-api
+  enabled: true
+cfapi-test-reporting:
+  <<: *cf-api
+  enabled: true
diff --git a/codefresh/.ci/values/values-upgrade.yaml b/codefresh/.ci/values/values-upgrade.yaml
@@ -0,0 +1,3 @@
+cfapi:
+  rbac:
+    namespaced: true
diff --git a/codefresh/Chart.yaml b/codefresh/Chart.yaml
@@ -1,7 +1,7 @@
 apiVersion: v2
 description: Helm Chart for Codefresh On-Prem
 name: codefresh
-version: 2.4.0-rc.2
+version: 2.4.0-rc.3
 keywords:
   - codefresh
 home: https://codefresh.io/
@@ -17,8 +17,8 @@ annotations:
   artifacthub.io/alternativeName: "codefresh-onprem"
   # artifacthub.io/containsSecurityUpdates: "true"
   artifacthub.io/changes: |
-    - kind: changed
-      description: Change default SYSTEM_TYPE for accounts to PROJECT_ONE
+    - kind: added
+      description: Update docs for 2.4.x upgrade
 dependencies:
   - name: cf-common
     repository: oci://quay.io/codefresh/charts
diff --git a/codefresh/README.md b/codefresh/README.md
@@ -1,6 +1,6 @@
 ## Codefresh On-Premises
 
-![Version: 2.4.0-rc.2](https://img.shields.io/badge/Version-2.4.0--rc.2-informational?style=flat-square) ![AppVersion: 2.4.0](https://img.shields.io/badge/AppVersion-2.4.0-informational?style=flat-square)
+![Version: 2.4.0-rc.3](https://img.shields.io/badge/Version-2.4.0--rc.3-informational?style=flat-square) ![AppVersion: 2.4.0](https://img.shields.io/badge/AppVersion-2.4.0-informational?style=flat-square)
 
 Helm chart for deploying [Codefresh On-Premises](https://codefresh.io/docs/docs/getting-started/intro-to-codefresh/) to Kubernetes.
 
@@ -42,6 +42,7 @@ Helm chart for deploying [Codefresh On-Premises](https://codefresh.io/docs/docs/
   - [To 2.1.7](#to-2-1-7)
   - [To 2.2.0](#to-2-2-0)
   - [To 2.3.0](#to-2-3-0)
+  - [To 2.4.0](#to-2-4-0)
 - [Rollback](#rollback)
 - [Troubleshooting](#troubleshooting)
 - [Values](#values)
@@ -722,53 +723,56 @@ cfapi: &cf-api
   hpa:
     enabled: true
 # Enable cf-api roles
+cfapi-auth:
+  <<: *cf-api
+  enabled: true
 cfapi-internal:
-  !!merge <<: *cf-api
+  <<: *cf-api
   enabled: true
 cfapi-ws:
-  !!merge <<: *cf-api
+  <<: *cf-api
   enabled: true
 cfapi-admin:
-  !!merge <<: *cf-api
+  <<: *cf-api
   enabled: true
 cfapi-endpoints:
-  !!merge <<: *cf-api
+  <<: *cf-api
   enabled: true
 cfapi-terminators:
-  !!merge <<: *cf-api
+  <<: *cf-api
   enabled: true
 cfapi-sso-group-synchronizer:
-  !!merge <<: *cf-api
+  <<: *cf-api
   enabled: true
 cfapi-buildmanager:
-  !!merge <<: *cf-api
+  <<: *cf-api
   enabled: true
 cfapi-cacheevictmanager:
-  !!merge <<: *cf-api
+  <<: *cf-api
   enabled: true
 cfapi-eventsmanagersubscriptions:
-  !!merge <<: *cf-api
+  <<: *cf-api
   enabled: true
 cfapi-kubernetesresourcemonitor:
-  !!merge <<: *cf-api
+  <<: *cf-api
   enabled: true
 cfapi-environments:
-  !!merge <<: *cf-api
+  <<: *cf-api
   enabled: true
 cfapi-gitops-resource-receiver:
-  !!merge <<: *cf-api
+  <<: *cf-api
   enabled: true
 cfapi-downloadlogmanager:
-  !!merge <<: *cf-api
+  <<: *cf-api
   enabled: true
 cfapi-teams:
-  !!merge <<: *cf-api
+  <<: *cf-api
   enabled: true
 cfapi-kubernetes-endpoints:
-  !!merge <<: *cf-api
+  <<: *cf-api
   enabled: true
 cfapi-test-reporting:
-  !!merge <<: *cf-api
+  <<: *cf-api
   enabled: true
 ```
 
@@ -1885,6 +1889,35 @@ helm rollback $RELEASE_NAME $RELEASE_NUMBER \
     --wait
 ```
 
+### To 2.4.0
+
+### [What's new in 2.4.x](https://codefresh.io/docs/docs/whats-new/on-prem-release-notes/#on-premises-version-24)
+
+#### New cfapi-auth role
+
+New `cfapi-auth` role is introduced in 2.4.x.
+
+If you run onprem with [multi-role cfapi configuration](#configuration-with-multi-role-cf-api), make sure to **enable** `cfapi-auth` role:
+
+```yaml
+cfapi-auth:
+  <<: *cf-api
+  enabled: true
+```
+
+#### Default SYSTEM_TYPE for acccounts
+
+Since 2.4.x, `SYSTEM_TYPE` is changed to `PROJECT_ONE` by default.
+
+If you want to preserve original `CLASSIC` values, update cfapi environment variables:
+
+```yaml
+cfapi:
+  container:
+    env:
+      DEFAULT_SYSTEM_TYPE: CLASSIC
+```
+
 ## Troubleshooting
 
 ### Error: Failed to validate connection to Docker daemon; caused by Error: certificate has expired
@@ -2175,4 +2208,4 @@ kubectl -n $NAMESPACE delete secret codefresh-certs-server
 | seed.postgresSeedJob.postgresUser | optional | `""` | "postgres" admin user in plain text (required ONLY for seed job!) Must be a privileged user allowed to create databases and grant roles. If omitted, username and password from `.Values.global.postgresUser/postgresPassword` will be used. |
 | seed.postgresSeedJob.postgresUserSecretKeyRef | optional | `{}` | "postgres" admin user from exising secret |
 | tasker-kubernetes | object | `{"affinity":{},"container":{"image":{"registry":"us-docker.pkg.dev/codefresh-enterprise/gcr.io","repository":"codefresh/tasker-kubernetes"}},"enabled":true,"hpa":{"enabled":false},"nodeSelector":{},"pdb":{"enabled":false},"podSecurityContext":{},"resources":{"limits":{},"requests":{"cpu":"100m","memory":"128Mi"}},"tolerations":[]}` | tasker-kubernetes |
-| webTLS | object | `{"cert":"","enabled":false,"key":"","secretName":"star.codefresh.io"}` | DEPRECATED - Use `.Values.ingress.tls` instead TLS secret for Ingress |
+| webTLS | object | `{"cert":"","enabled":false,"key":"","secretName":"star.codefresh.io"}` | DEPRECATED - Use `.Values.ingress.tls` instead TLS secret for Ingress |
diff --git a/codefresh/README.md.gotmpl b/codefresh/README.md.gotmpl
@@ -42,6 +42,7 @@ Helm chart for deploying [Codefresh On-Premises](https://codefresh.io/docs/docs/
   - [To 2.1.7](#to-2-1-7)
   - [To 2.2.0](#to-2-2-0)
   - [To 2.3.0](#to-2-3-0)
+  - [To 2.4.0](#to-2-4-0)
 - [Rollback](#rollback)
 - [Troubleshooting](#troubleshooting)
 - [Values](#values)
@@ -725,53 +726,56 @@ cfapi: &cf-api
   hpa:
     enabled: true
 # Enable cf-api roles
+cfapi-auth:
+  <<: *cf-api
+  enabled: true
 cfapi-internal:
-  !!merge <<: *cf-api
+  <<: *cf-api
   enabled: true
 cfapi-ws:
-  !!merge <<: *cf-api
+  <<: *cf-api
   enabled: true
 cfapi-admin:
-  !!merge <<: *cf-api
+  <<: *cf-api
   enabled: true
 cfapi-endpoints:
-  !!merge <<: *cf-api
+  <<: *cf-api
   enabled: true
 cfapi-terminators:
-  !!merge <<: *cf-api
+  <<: *cf-api
   enabled: true
 cfapi-sso-group-synchronizer:
-  !!merge <<: *cf-api
+  <<: *cf-api
   enabled: true
 cfapi-buildmanager:
-  !!merge <<: *cf-api
+  <<: *cf-api
   enabled: true
 cfapi-cacheevictmanager:
-  !!merge <<: *cf-api
+  <<: *cf-api
   enabled: true
 cfapi-eventsmanagersubscriptions:
-  !!merge <<: *cf-api
+  <<: *cf-api
   enabled: true
 cfapi-kubernetesresourcemonitor:
-  !!merge <<: *cf-api
+  <<: *cf-api
   enabled: true
 cfapi-environments:
-  !!merge <<: *cf-api
+  <<: *cf-api
   enabled: true
 cfapi-gitops-resource-receiver:
-  !!merge <<: *cf-api
+  <<: *cf-api
   enabled: true
 cfapi-downloadlogmanager:
-  !!merge <<: *cf-api
+  <<: *cf-api
   enabled: true
 cfapi-teams:
-  !!merge <<: *cf-api
+  <<: *cf-api
   enabled: true
 cfapi-kubernetes-endpoints:
-  !!merge <<: *cf-api
+  <<: *cf-api
   enabled: true
 cfapi-test-reporting:
-  !!merge <<: *cf-api
+  <<: *cf-api
   enabled: true
 ```
 
@@ -1893,6 +1897,35 @@ helm rollback $RELEASE_NAME $RELEASE_NUMBER \
     --wait
 ```
 
+### To 2.4.0
+
+### [What's new in 2.4.x](https://codefresh.io/docs/docs/whats-new/on-prem-release-notes/#on-premises-version-24)
+
+#### New cfapi-auth role
+
+New `cfapi-auth` role is introduced in 2.4.x.
+
+If you run onprem with [multi-role cfapi configuration](#configuration-with-multi-role-cf-api), make sure to **enable** `cfapi-auth` role:
+
+```yaml
+cfapi-auth:
+  <<: *cf-api
+  enabled: true
+```
+
+#### Default SYSTEM_TYPE for acccounts
+
+Since 2.4.x, `SYSTEM_TYPE` is changed to `PROJECT_ONE` by default.
+
+If you want to preserve original `CLASSIC` values, update cfapi environment variables:
+
+```yaml
+cfapi:
+  container:
+    env:
+      DEFAULT_SYSTEM_TYPE: CLASSIC
+```
+
 ## Troubleshooting
 
 ### Error: Failed to validate connection to Docker daemon; caused by Error: certificate has expired
@@ -1954,4 +1987,4 @@ kubectl -n $NAMESPACE delete secret codefresh-certs-server
 ./configure-dind-certs.sh -n $RUNTIME_NAMESPACE https://$CODEFRESH_HOST $CODEFRESH_API_TOKEN
 ```
 
-{{ template "chart.valuesSection" . }}
+{{ template "chart.valuesSection" . }}

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+cfapi:`
	`2`	`+ rbac:`
	`3`	`+ namespaced: true`